InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Setting top-level domain trust level

https://forums.informaction.com/viewtopic.php?t=25323

Page 1 of 1

Setting top-level domain trust level

Posted: Tue Dec 04, 2018 3:57 am
by ronks
Jeaye's excellent guide says about top-level domain configuration that
> NoScript 10 allows you to modify the trust level of the specific domain used (such as blog.jeaye.com), as well as the entire top-level domain (such as ...jeaye.com)

But I don't see how. My settings show several pairs like
...d1z2jf7jlzjs58.cloudfront.net
https://d1z2jf7jlzjs58.cloudfront.net

with only that first string varied.
I would like to trust all ...cloudfront.net variations
and some other top levels domains like it.
How does one do that?

Re: Setting top-level domain trust level

Posted: Tue Dec 04, 2018 3:11 pm
by barbaz
You can only allow up to second-level domains from the UI.

Allowing *.cloudfront.net is comparable to allowing *.com, or any other TLD. Anyone can get a cloudfront.net subdomain and put their content there. It's a lot safer to only whitelist the specific cloudfront.net subdomains you need.

Re: Setting top-level domain trust level

Posted: Tue Dec 04, 2018 5:18 pm
by ronks
Thanks! It's just that cloudfront and some other sites have an awful lot of those URLs; it becomes a sort of scripting whack-a-mole.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited