I'm using 10.1.6.3rc5 and FF 57.0.4.
When I visit a website and click the NS icon, I get a list of websites and they all have a Default status. I pick one of the sites and click Trusted, and then change the red lock to a green one, and then click the Reload icon. I am expecting to see that my change has accepted, but NS still displays the Default status. If I do NOT change the red lock to a green lock, the change is accepted. Is this peculiar to the site that I picked?
The site I picked to change is http://www.toyotanation.com.
Changing Red Lock to Green Lock Is Not Accepted
Changing Red Lock to Green Lock Is Not Accepted
* HP Pavilion Desktop 510-p114
* Windows 10 Home 22H2 19045.3208
* Firefox 115.0.2 Thunderbird 112.13.0
* Windows 10 Home 22H2 19045.3208
* Firefox 115.0.2 Thunderbird 112.13.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Re: Changing Red Lock to Green Lock Is Not Accepted
Changing the lock to green is not accepted because the connection is http, The red color of toyotanation in the NoScript menu tells you also that if you trust the domain, it ll have to be red lock.
Bo
Bo
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0
Re: Changing Red Lock to Green Lock Is Not Accepted
Now I'm thoroughly confused. I thought that if I trusted a domain, it should have a green lock so it could run scripts. And if I didn't completely trust a domain, I should change the lock to red so that it couldn't run scripts.bo elam wrote:Changing the lock to green is not accepted because the connection is http, The red color of toyotanation in the NoScript menu tells you also that if you trust the domain, it ll have to be red lock.
Bo
Going farther, I then navigated to www.toyota.com. NS shows that site (...toyota.com) as Default, so I clicked the Trusted icon. Then NS showed it with a green lock.
I don't understand why NS gives a green lock to some http sites site when I select Trusted, but doesn't allow the green lock on other http sites.
* HP Pavilion Desktop 510-p114
* Windows 10 Home 22H2 19045.3208
* Firefox 115.0.2 Thunderbird 112.13.0
* Windows 10 Home 22H2 19045.3208
* Firefox 115.0.2 Thunderbird 112.13.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Re: Changing Red Lock to Green Lock Is Not Accepted
See Giorgio's documentation at https://hackademix.net/2017/12/04/noscr ... utshell-2/ where he writes:Skeezix wrote:Now I'm thoroughly confused. I thought that if I trusted a domain, it should have a green lock so it could run scripts. And if I didn't completely trust a domain, I should change the lock to red so that it couldn't run scripts.bo elam wrote:Changing the lock to green is not accepted because the connection is http, The red color of toyotanation in the NoScript menu tells you also that if you trust the domain, it ll have to be red lock.
What about the "Match HTTPS only" green/red lock toggle? If green (locked), the toggle makes base domain entries (e.g. "..google.com") match themselves and all their subdomains, but only if their protocol is HTTPS (and therefore the traffic encrypted and not easily tampered with). Otherwise, if red and unlocked, both HTTP and HTTPS match: this has bad security implications especially on "hostile" networks where injecting malicious scripts directly in the unencrypted traffic is relatively easy, but is unfortunately needed for some sites to work. NoScript tries to gives you the "smartest" default for each site, i.e. green if the page is already served on HTTPS, red otherwise.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Re: Changing Red Lock to Green Lock Is Not Accepted
Hi Skeezlx. toyota.com is https, you can see it is in the NoScript menu. Thats why when you allow it, goes green and stays green.Skeezix wrote: Going farther, I then navigated to www.toyota.com. NS shows that site (...toyota.com) as Default, so I clicked the Trusted icon. Then NS showed it with a green lock.
I don't understand why NS gives a green lock to some http sites site when I select Trusted, but doesn't allow the green lock on other http sites.
Bo
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0
Re: Changing Red Lock to Green Lock Is Not Accepted
I'm sorry to be such a thick-head, please bear with me so I can better understand.
>>bo elam wrote:
Changing the lock to green is not accepted because the connection is http, The red color of toyotanation in the NoScript menu tells you also that if you trust the domain, it ll have to be red lock.<<
But the red lock means: "Otherwise, if red and unlocked, both HTTP and HTTPS match: this has bad security implications especially on "hostile" networks where injecting malicious scripts directly in the unencrypted traffic is relatively easy..."
Also, it sure seems like I could change a green lock (more secure) to a red lock (less secure) (and vice versa) at will on some sites. So if a red lock on a trusted site cannot be changed to a green lock, then why does NS let you do so for some sites, only to change it back to a red lock?
The more I get into this red lock - green lock business, the more don't understand. I guess I'll just have to futz around with each site until I stumble upon a configuration that works for me, and it that requires a red lock (less secure) to make the site usable, then I'll have to decide if it's worth it to me to have the red lock for the site I'm currently dealing with.
>>bo elam wrote:
Changing the lock to green is not accepted because the connection is http, The red color of toyotanation in the NoScript menu tells you also that if you trust the domain, it ll have to be red lock.<<
But the red lock means: "Otherwise, if red and unlocked, both HTTP and HTTPS match: this has bad security implications especially on "hostile" networks where injecting malicious scripts directly in the unencrypted traffic is relatively easy..."
Also, it sure seems like I could change a green lock (more secure) to a red lock (less secure) (and vice versa) at will on some sites. So if a red lock on a trusted site cannot be changed to a green lock, then why does NS let you do so for some sites, only to change it back to a red lock?
The more I get into this red lock - green lock business, the more don't understand. I guess I'll just have to futz around with each site until I stumble upon a configuration that works for me, and it that requires a red lock (less secure) to make the site usable, then I'll have to decide if it's worth it to me to have the red lock for the site I'm currently dealing with.
* HP Pavilion Desktop 510-p114
* Windows 10 Home 22H2 19045.3208
* Firefox 115.0.2 Thunderbird 112.13.0
* Windows 10 Home 22H2 19045.3208
* Firefox 115.0.2 Thunderbird 112.13.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Re: Changing Red Lock to Green Lock Is Not Accepted
There are two major protocols on the web.Skeezix wrote:I'm sorry to be such a thick-head, please bear with me so I can better understand.
>>bo elam wrote:
Changing the lock to green is not accepted because the connection is http, The red color of toyotanation in the NoScript menu tells you also that if you trust the domain, it ll have to be red lock.<<
But the red lock means: "Otherwise, if red and unlocked, both HTTP and HTTPS match: this has bad security implications especially on "hostile" networks where injecting malicious scripts directly in the unencrypted traffic is relatively easy..."
Also, it sure seems like I could change a green lock (more secure) to a red lock (less secure) (and vice versa) at will on some sites. So if a red lock on a trusted site cannot be changed to a green lock, then why does NS let you do so for some sites, only to change it back to a red lock?
The more I get into this red lock - green lock business, the more don't understand. I guess I'll just have to futz around with each site until I stumble upon a configuration that works for me, and it that requires a red lock (less secure) to make the site usable, then I'll have to decide if it's worth it to me to have the red lock for the site I'm currently dealing with.
Http and HttpS, Traffic to and from https sites is encrypted, traffic to and from http sites is not.
Some websites send information over both.
If you want to visit a site that only serves an http website, changing the rule to a greenlock creates a rule, but not for the content you wanted. It is a rule that applies to the https variant of that site, regardless of whether it exists or not.
Which is why on reload, it looks like no rules was created, because you are still visiting the http site, for which you did not make a rule.
This is a topic to read about outside of noscript, too.
any website you visit that starts with https is encrypted (and firefox shows this with a green lock in the address bar). which means that "normally" nobody between you and the site can "look inside your exchange".
Over http basically every one between you and them can read what you send and received, and even catch it and send something different on.
The function of no script is to block scripts. Which it does by default (although some active content is allowed), and you unblock it by changing a site from "default" to trusted or custom.
The colour of the lock is "proposed" automatically, depending on where the script is coming from. If it comes from an HTTP source it will show red (meaning you will allow this http traffic, and https also), if the source is an https source, it will by default only allow that https source.
The lock is basically a toggle that helps you to not fall for a spoof site or accidentally run scripts when you visit the http copy of a website when you didn't want to. (like your bank).
The lock is not the basic "allows script" button.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Re: Changing Red Lock to Green Lock Is Not Accepted
It sounds to me, when I read it, that I when I change a red lock to a green lock, I am making a rule. But according to your last sentence, I did NOT make a rule??Pansa wrote: If you want to visit a site that only serves an http website, changing the rule to a greenlock creates a rule, but not for the content you wanted. It is a rule that applies to the https variant of that site, regardless of whether it exists or not.
Which is why on reload, it looks like no rules was created, because you are still visiting the http site, for which you did not make a rule.
I'll have to chew on this for awhile...
* HP Pavilion Desktop 510-p114
* Windows 10 Home 22H2 19045.3208
* Firefox 115.0.2 Thunderbird 112.13.0
* Windows 10 Home 22H2 19045.3208
* Firefox 115.0.2 Thunderbird 112.13.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Re: Changing Red Lock to Green Lock Is Not Accepted
Yes, you are making a rule that says "Only trust this when it's served over HTTPS".Skeezix wrote:It sounds to me, when I read it, that I when I change a red lock to a green lock, I am making a rule.
... for the plain HTTP site. i.e. it's NOT served over HTTPS, so your rule does not apply to it.Skeezix wrote: But according to your last sentence, I did NOT make a rule...
Make sense now?
*Always* check the changelogs BEFORE updating that important software!
-
Re: Changing Red Lock to Green Lock Is Not Accepted
You made A rule, but not THE rule you wanted.Skeezix wrote:It sounds to me, when I read it, that I when I change a red lock to a green lock, I am making a rule. But according to your last sentence, I did NOT make a rule??Pansa wrote: If you want to visit a site that only serves an http website, changing the rule to a greenlock creates a rule, but not for the content you wanted. It is a rule that applies to the https variant of that site, regardless of whether it exists or not.
Which is why on reload, it looks like no rules was created, because you are still visiting the http site, for which you did not make a rule.
I'll have to chew on this for awhile...
When you click temp trusted, trusted or custom, you already make the rule.
It is the rule that applies to whatever the lock is set to at that point.
You don't need to click the lock at all to make a rule.
If you click the lock, it changes the rule, and what it applies to. If you clicked on trusted, and it made a redlock rule (because it is an http site), that is a rule that applies to http and https.
If you then click the lock to change it to green, it means that rule only applies to that website when it uses https.
On reloading the http site, no script again checks if there is a rule for it.
And since you changed the rule to only apply to https (green lock), there is no rule for the http version anymore. That is what you did by changing it to the green lock. You said "I don't want this rule for http", and thus there isn't one when no script checks.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0