Question concerning the TRUSTED and UNTRUSTED presets and their application to HTTP and HTTPS requests

Ask for help about NoScript, no registration needed to post
musonius
Senior Member
Posts: 109
Joined: Sun Jul 08, 2018 5:38 pm

Question concerning the TRUSTED and UNTRUSTED presets and their application to HTTP and HTTPS requests

Post by musonius » Sat Jun 15, 2019 10:19 pm

If I trust trusteddomain.com for HTTP, it will also be trusted for HTTPS, which is exactly what I expect. There is the padlock to switch between trusting a domain for HTTPS only (green padlock) or for both protocols (red padlock).

But if I set untrusteddomain.com to UNTRUSTED for HTTPS, the domain untrusteddomain.com will still be set to DEFAULT for HTTP. That is, I have to set a domain to UNTRUSTED for HTTP, if I want the setting to be applied for both protocols. Unfortunately, there is no padlock to do that, which is what I prefer to do, if HTTPS is the current protocol.

Does that work as intended? If it does, what's the reason? I'd expect the UNTRUSTED preset to work the other way round than the TRUSTED preset. If I don't trust untrusteddomain.com for the protocol HTTPS, I won't trust it for HTTP either.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0

User avatar
Giorgio Maone
Site Admin
Posts: 8732
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Question concerning the TRUSTED and UNTRUSTED presets and their application to HTTP and HTTPS requests

Post by Giorgio Maone » Sun Jun 16, 2019 7:54 am

Yes, it's been an implementation overlook.
The right thing to do, IMHO, is setting the whole domain (no matter the protocol) as UNTRUSTED (as the UI would suggest), and let advanced users fine tune if they wish in the "NoScript Options>Per-site permissions" tab.
Putting this in my TODO list, thanks.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0

Post Reply