Please correct me if I am wrong, but it seems that that STS introduces an additional site-pref like or cookie like store, that is neither viewable, editable nor clearable from NS ui. Nor, it seems, is it possible to disable STS.
So in light of the above, a couple of requests:
Option to disable STS. It should be possible to disable any feature that allows sites to store any kind of state (cache, cookies, offline storage, history can all be individually disabled)
UI for viewing, editing and clearing the STS store
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
al_9x wrote:
Option to disable STS. It should be possible to disable any feature that allows sites to store any kind of state (cache, cookies, offline storage, history can all be individually disabled)
You've got noscript.STS.enabled in about:config.
Furthermore, Private Browsing suspends any persistence for STS, while purging session history erases the STS database as well.
al_9x wrote:
UI for viewing, editing and clearing the STS store
Maybe in future. In the meanwhile, the store is easily editable by hand, being a simple text file in your profile named NoScript-STS.db.
Giorgio Maone wrote:purging session history erases the STS database as well
I'm unsure which setting covers that. In Options > Privacy > Settings for Clearing History, do I need to check Browsing History or Site Preferences or something else? Same question regarding Tools > Clear Recent History > Details.
Could you clarify?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
BTW, I don't feel that happy with this "erase on browser history erasure" all-or-nothing feature, especially if you erase it automatically after each session, but on the other hand:
If you cleanup for privacy/shame reasons, you'd better use "Private Browsing", which works just fine with STS and has no downsides.
If you do it for some other policy reason but you have no objection to persist data about certain sites you want to protect by forcing HTTPS, you can still use NoScript Options|Advanced|HTTPS|Behavior.
