hello,
i'm trying to whitelist a https url. i have whitelisted the entire domain (it is listed without schema in the whitelist pane), but when i access the https://domainnamehere.com/ url, the noscript icon shows with a crossed red circle anyway, and the context menu only lists the complete https://domainnamehere.com/ url, does not offer to whitelist the domain only (without schema); the problem is that i have to whitelist it every time i visit the page, for some reason noscript does not remember this whitelisting. it does not add the absolute url to the whitelist, my guess is that's because the plain domain name is already there; it doesn't allow me to manually enter the absolute https:// url either.
i have tried to search the forum for "https whitelist", but it helpfully replied, that both of these words are too common to search for.
any suggestions will be appreciated.
whitelisting a https url
whitelisting a https url
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: whitelisting a https url
mm, could you try forbidding the base domain and then reallowing it?
At that point, https://domain.com should be allowed as well.
At that point, https://domain.com should be allowed as well.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)
Re: whitelisting a https url
ok, that worked. but why didn't the whitelist for the entire domain work?
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: whitelisting a https url
Because of a CAPS (the internal Mozilla script management technology) parser implementation glitch, if you allow a domain with just one dot inside, you need to explicitly allow also the full addresses containing the same domain verbatim, otherwise they're not considered allowed. Subdomains, though, are automatically implied.
NoScript hides this implementation detail by adding http:// and https:// addresses behind the curtains as you add the base domain.
So what likely happened is that at a certain point https://domain.com got forbidden explicitly.
NoScript hides this implementation detail by adding http:// and https:// addresses behind the curtains as you add the base domain.
So what likely happened is that at a certain point https://domain.com got forbidden explicitly.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)