11.4.23rc1 changelog contradicts NoScript Options

[barbaz]

NoScript changelog for 11.4.23rc1 includes -

v 11.4.23rc1
============================================================
x [TabGuard] Introduce prompt granularity options (default:
prompt only on POST requests)

So IOW, the Cross-tab identity leak protection can now be configured to only check cross-tab POST requests, and this is the new default. Sounds good, I thought, let's update & take a look - if Giorgio thinks this is sufficient default security for this feature, sure would reduce the number of warnings & false positives, making this feature much nicer to use. Sweet.

But after updating, NoScript Options words this new option like -

• Never prompt before anonymization
• Prompt before anonymizing POST submissions
• Prompt before anonymizing any request

So IOW, the new setting makes Cross-tab identity leak protection silently anonymize requests...and the default is to do this for all non-POST cross-tab requests? Not good, this would introduce serious usability issues

So which is it?
Could whichever wording is wrong please be fixed?

And if the current wording of NoScript Options is the correct one, could the aforementioned issues with this please be addressed before this gets to NoScript stable channel? Otherwise it's just asking for a deluge of difficult support requests, if many people use Cross-tab identity leak protection.

Thanks for any clarification or action.

[Giorgio Maone]

And if the current wording of NoScript Options is the correct one, could the aforementioned issues with this please be addressed before this gets to NoScript stable channel? Otherwise it's just asking for a deluge of difficult support requests, if many people use Cross-tab identity leak protection.

That's the plan, indeed, see "next steps" here.

[barbaz]

Thanks Giorgio, it's clear now that NoScript Options wording is the correct one.

In that case, maybe the changelog would be better worded more like

Code: Select all

+ [TabGuard] Add option to load some requests anonymously without prompting
where an explicit user decision has not been made (default: prompt only on POST requests)

I'm not clear whether the "next steps" will fully address the specific issues raised? Quoting myself from the linked thread -

1) Currently the dialog is the only way to make cross-tab identity leak protection decisions for individual site pairs. Probably NoScript Options would need to get a UI for view/add/edit/delete the individual cross-tab identity leak protection decisions.

This is necessary to make troubleshooting "why did NoScript ignore my prompting preference" type issues accessible to users. And if it allows adding/editing choices, it would also greatly ease making permanent exceptions to a global automatic decision. Is such UI planned?

On the subject of Cross-tab identity leak protection decisions for individual site pairs, would adding "Always prompt" type option(s) now be useful? e.g. "Always prompt for this site pair" or "Always prompt when one of the sites is example.com & the site pair has no explicit decision"

2) viewtopic.php?p=105923#p105923
Having that happen automatically would be bad in several ways, especially if happened without any notice that cross-tab identity leak protection took action. The Containers idea proposed in the linked thread would address these concerns too.

The linked discussion points out that loading anonymously can cause existing cookies to get overwritten, causing unintended total logout, and suggests using Containers to avoid this. Does the plan for a "Reload with cookies/credentials" option include using Containers to isolate anonymous loads away from the rest of the browser session, so that original credentials are preserved & can be used for such reload?