wujj123456 wrote:I've found it to be an Amazon service, which should be categorized under the broad cloudfront.net. Might be better to treat it same as appspot.com. Thanks.
Tom T. wrote:wujj123456 wrote:I've found it to be an Amazon service, which should be categorized under the broad cloudfront.net. Might be better to treat it same as appspot.com. Thanks.
Not sure what you mean by "treat is same as appspot", or "categorized under the broad cloudfront.net". Its scripting should show in the NoScript menu, just as its competitor Akamai's does. You may also consider RequestPolicy add-on to detect cross-site requests even if they don't include the executable content that NS focuses on blocking.
This article provides a reasonably clear and fair (I think) description of what Amazon is trying to do. Akamai has been doing this for years, and kept up a good reputation. If cloudfront does evil, we'd surely like to know. I haven't encountered it much yet, at least, not as being necessary to a page.
Guest wrote:For these well-known services that use subdomain as identifiers, I think it's safer to put a subdomain into whitelist, than allowing the domain name.
Guest wrote:aaa.blogspot.com and bbb.blogspot.com are both hosted on Google, but usually managed by two different people/groups. It's possible that aaa.blogspot.com is legitimate, but bbb.blogspot.com tries to do something nasty or is compromised. For now, NoScript can either put blogspot.com into whitelist, which is dangerous, or I have to temporarily enable it for each blogspot.com website.
Guest wrote:From Amazon's FAQ (http://aws.amazon.com/cloudfront/):
"In Amazon CloudFront, your objects are organized into distributions. A distribution specifies the location of the original version of your objects. A distribution has a unique CloudFront.net domain name (e.g. abc123.cloudfront.net) that you can use to reference your objects through the network of edge locations."
Guest wrote:PS: Yesterday when I was browsing a website, I saw "Allow xxx.appspot.com" in settings. That's why I used appspot.com as an example, and I thought NoScript categorized certain websites by subdomain names.
Guest wrote: Maybe I remembered wrong because I didn't find that entry in my whitelist today... I guess my post is either a feature request, or I omitted some existing functionality in NoScript that can achieve what I want.
Users browsing this forum: No registered users and 4 guests