[BUG] temp permission bug when both HTTP and HTTPS exist

Bug reports and enhancement requests
Post Reply
supercoolman
Posts: 3
Joined: Sun Jun 03, 2012 4:52 am

[BUG] temp permission bug when both HTTP and HTTPS exist

Post by supercoolman »

an example website is https://www.doctorofcredit.com/

in Firefox Private mode, if I set both insecure and secured domain of netdna-ssl.com to temporary allowed (don't have any NoScript rule for the domain), I see 2 problems

1. only one of the two permissions sticks after page reload. I have to set permission on the other and do another reload to get permission to stick
2. when permissions of both are set to temp allowed, secured domain disappeared. not sure if this is due to NoScript, Firefox or the website itself
Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: [BUG] temp permission bug when both HTTP and HTTPS exist

Post by Giorgio Maone »

Thanks for your report.
As far as I can see, that's the expected behavior, although it might not be always intuitive: if you set the preset for netdna-ssl.com and keep the lock red/open (insecure), it applies to both http: and https:.
In other words, the green/closed lock limits the permission to secure connections only, which is the default if the domain is already seen over HTTPS when the page loads, otherwise any connection to the domain and subdomain is matched by the rule.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Post Reply