If I trust trusteddomain.com for HTTP, it will also be trusted for HTTPS, which is exactly what I expect. There is the padlock to switch between trusting a domain for HTTPS only (green padlock) or for both protocols (red padlock).
But if I set untrusteddomain.com to UNTRUSTED for HTTPS, the domain untrusteddomain.com will still be set to DEFAULT for HTTP. That is, I have to set a domain to UNTRUSTED for HTTP, if I want the setting to be applied for both protocols. Unfortunately, there is no padlock to do that, which is what I prefer to do, if HTTPS is the current protocol.
Does that work as intended? If it does, what's the reason? I'd expect the UNTRUSTED preset to work the other way round than the TRUSTED preset. If I don't trust untrusteddomain.com for the protocol HTTPS, I won't trust it for HTTP either.
Question concerning the TRUSTED and UNTRUSTED presets and their application to HTTP and HTTPS requests
Question concerning the TRUSTED and UNTRUSTED presets and their application to HTTP and HTTPS requests
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Question concerning the TRUSTED and UNTRUSTED presets and their application to HTTP and HTTPS requests
Yes, it's been an implementation overlook.
The right thing to do, IMHO, is setting the whole domain (no matter the protocol) as UNTRUSTED (as the UI would suggest), and let advanced users fine tune if they wish in the "NoScript Options>Per-site permissions" tab.
Putting this in my TODO list, thanks.
The right thing to do, IMHO, is setting the whole domain (no matter the protocol) as UNTRUSTED (as the UI would suggest), and let advanced users fine tune if they wish in the "NoScript Options>Per-site permissions" tab.
Putting this in my TODO list, thanks.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Re: Question concerning the TRUSTED and UNTRUSTED presets and their application to HTTP and HTTPS requests
This commit: https://github.com/hackademix/noscript/ ... 982bc6abf8
Thank you, I am going to test this as soon as 11.0.12rc1 is available.
Thank you, I am going to test this as soon as 11.0.12rc1 is available.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Re: Question concerning the TRUSTED and UNTRUSTED presets and their application to HTTP and HTTPS requests
Everything set to UNTRUSTED in NoScript 11.0.11rc2 for HTTPS only is set to UNTRUSTED for HTTP and HTTPS after updating to 11.0.12rc1. Setting a domain (HTTPS) to UNTRUSTED in 11.0.12rc1 sets the domain to UNTRUSTED for both protocols, too.
The new behavior is very welcome. Thank you!
The new behavior is very welcome. Thank you!
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0