[RESOLVED] Allow IFRAME vom specifc site on other site?
[RESOLVED] Allow IFRAME vom specifc site on other site?
If I try to add a cover picture for an music album on musicbrainz.org with this url
and then choose a local saved *.jpg and type 'Front' and finally click on the button 'Enter Edit' to upload the picture, I always get a placeholder symbol for the IFRAME.
Whatever I try to setup in the ABE -> USER -> Rules, like
# CoverArt-Archiv allow rule
Site .musicbrainz.org
# the above is shortcut for *.musicbrainz.org
Accept ALL from .archive.org
Deny
I can't get it working on the first try. If I click on the placeholder-symbol and enter the informations a second time, the cover will be added without problems.
Could please someone tell me, how the ABE rule must be defined to allow the IFRAME from *.archive.org for the musicbrainz.org website only?
and then choose a local saved *.jpg and type 'Front' and finally click on the button 'Enter Edit' to upload the picture, I always get a placeholder symbol for the IFRAME.
Whatever I try to setup in the ABE -> USER -> Rules, like
# CoverArt-Archiv allow rule
Site .musicbrainz.org
# the above is shortcut for *.musicbrainz.org
Accept ALL from .archive.org
Deny
I can't get it working on the first try. If I click on the placeholder-symbol and enter the informations a second time, the cover will be added without problems.
Could please someone tell me, how the ABE rule must be defined to allow the IFRAME from *.archive.org for the musicbrainz.org website only?
Last edited by Giorgio Maone on Thu Feb 28, 2013 11:48 am, edited 2 times in total.
Reason: Fixed truncated link
Reason: Fixed truncated link
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Re: Allow IFRAME vom specifc site on other site?
Nice try, and good on you for tackling ABE. As often happens, the rule that you are trying to use is backward.
ABE is request-oriented, not resource-oriented. 'Allow from example.com' does not mean 'allow resources from example.com to load', it means 'allow requests originating from example.com'. So, your rule should look like this:
Ie 'requests sent to archive.org (and subdomains) will be allowed only if they come from musicbrainz.org (and subdomains)'
Well done for using the leading dot wildcard, though. Many people overlook it and use an asterisk instead, which isn't quite the same.
ABE is request-oriented, not resource-oriented. 'Allow from example.com' does not mean 'allow resources from example.com to load', it means 'allow requests originating from example.com'. So, your rule should look like this:
Code: Select all
Site .archive.org
Accept from .musicbrainz.org
Deny
Well done for using the leading dot wildcard, though. Many people overlook it and use an asterisk instead, which isn't quite the same.
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0
Re: Allow IFRAME vom specifc site on other site?
Thank you very much for the fast answer!
Unfortunately, there must be something else stopping me to be successfull at the first try to upload a cover picture.
The IFRAME placeholder appears with your suggestion too.
What could that be?
Unfortunately, there must be something else stopping me to be successfull at the first try to upload a cover picture.
The IFRAME placeholder appears with your suggestion too.
What could that be?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Re: Allow IFRAME vom specifc site on other site?
Have you allowed musicbrainz.org and archive.org on the regular NoScript menu?
Which sites are still blocked?
Which sites are still blocked?
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0
Re: Allow IFRAME vom specifc site on other site?
I have doublechecked my Whitelist ("Positivliste"). Both 'archive.org' and 'musicbrainz.org' are included.
(-> If I type the adresses in the URL-field, the button "Allow" change its status to disabled)
If I hoover over the placeholder, I get:
What should I do?
(-> If I type the adresses in the URL-field, the button "Allow" change its status to disabled)
If I hoover over the placeholder, I get:
The only thing changing is the number between mbid- and s3.us.archive.org.<IFRAME>, unknown@http://mbid-8cbac5aa-4211-44d0-8c75-0d380b8f7ca5.s3.us.archive.org/
What should I do?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Re: Allow IFRAME vom specifc site on other site?
Under Options-Embeddings, have you enabled 'Apply these restrictions to whitelisted sites too'?
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0
Re: Allow IFRAME vom specifc site on other site?
Yes, "Diese Einschränkungen auch auf vertrauenswürdige Websites anwenden" is enabled.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Re: Allow IFRAME vom specifc site on other site?
That's your trouble, then. You've told NoScript to give you a placeholder even on whitelisted sites, so naturally you will get a placeholder.
You can either:
You can either:
- uncheck this box, so trusted sites won't have placeholders; or
- exclude IFRAME from this by unchecking the IFRAME box in Options-Embeddings; or
- edit noscript.allowedMimeRegExp in about:config to allow IFRAME only at musicbrainz.org. If you don't understand how to do this one, then don't try...
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0
Re: Allow IFRAME vom specifc site on other site?
Thank you for the options!
My attempts (according toordon't work.
This onewould allow what I want, just a little bit to wide "open" with the asterix.
How do I have to restrict the expression for IFRAME (or application/x-unknown or both)?
Could you please help me with the matching regular expression?Thrawn wrote:
- edit noscript.allowedMimeRegExp in about:config to allow IFRAME only at musicbrainz.org.
My attempts (according to
with:If you want to match any frame (IFRAMEs or FRAMEs) independently of its actual MIME content type, you can use the FRAME pseudo content type. For any web font, instead, you can use the FONT pseudo content type. For example, setting the noscript.allowedMimeRegExp preference value to "FRAME@https?://somesite\.com FONT@https?://some-other-site\.com" will permanently allow any FRAME/IFRAME load from somesite.com and any web font load from some-other-site.com
Code: Select all
FRAME@https?://archive\.org
Code: Select all
FRAME@http://archive.org
This one
Code: Select all
*@http://archive.org
How do I have to restrict the expression for IFRAME (or application/x-unknown or both)?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Re: Allow IFRAME vom specifc site on other site?
Please try
or
The final wildcard may or may not be necessary.
If IFRAME doesn't work, substitute FRAME, but I seem to remember once having created an effective rule with IFRAME as the pseudo-MIME type.
Code: Select all
application/x-unknown <IFRAME> / http://*.s3.us.archive.org
Code: Select all
application/x-unknown <IFRAME>@http://*\.s3\.us\.archive\.org/*
If IFRAME doesn't work, substitute FRAME, but I seem to remember once having created an effective rule with IFRAME as the pseudo-MIME type.
Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0
Re: Allow IFRAME vom specifc site on other site?
Both suggestions works fine.
Thank you very much for your help, problem is solved!
Thank you very much for your help, problem is solved!
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Re: [RESOLVED] Allow IFRAME vom specifc site on other site?
Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0
Re: [RESOLVED] Allow IFRAME vom specifc site on other site?
Sorry to bring up this old thread again, but the allowedMimeRegExp suggestions given here are dangerous & not what is expected, & given viewtopic.php?f=7&t=21206 I feel the need to clarify what they are really doing.
1) embeddings with a MIME type "application/x-unknown" on *all* sites,
2) embeddings with a MIME type "<IFRAME>" on *all* sites,
3) (I think) embeddings with a MIME type "/" (or is it an implicit */* ? I don't think so but not totally sure) on *all* sites, and
4) embeddings with a MIME type "http://*.s3.us.archive.org" on *all* sites.
Even despite the fact that "<IFRAME"> isn't a valid MIME type nor is it a pseudo-type usable in allowedMimeRegExp, in practice the <IFRAME> portion of this suggestion would not Allow anything on any site, because out of a URL like http://example.net/test/foo, only the "http://example.net" (called the "site") part is matched against, and as no domain starts with a . the pattern thus cannot match a valid site.
Here's a better link to the screenshot, as the link landing page isn't working for me:
The following suggestion for allowedMimeRegExp will probably work in this case & is not counter-intuitive in any way:
Bye
This one is Allowing:Tom T. wrote:Code: Select all
application/x-unknown <IFRAME> / http://*.s3.us.archive.org
1) embeddings with a MIME type "application/x-unknown" on *all* sites,
2) embeddings with a MIME type "<IFRAME>" on *all* sites,
3) (I think) embeddings with a MIME type "/" (or is it an implicit */* ? I don't think so but not totally sure) on *all* sites, and
4) embeddings with a MIME type "http://*.s3.us.archive.org" on *all* sites.
Here again is Allowing same as (1) above, but additionally is Allowing all embeddings with MIME type "<IFRAME>" from all sites that match the regex "http://*\.s3\.us\.archive\.org/*" - i.e. http:/ followed by 0 or more / followed by ".s3.us.archive.org" followed by 0 or more /Tom T. wrote:Code: Select all
application/x-unknown <IFRAME>@http://*\.s3\.us\.archive\.org/*
Even despite the fact that "<IFRAME"> isn't a valid MIME type nor is it a pseudo-type usable in allowedMimeRegExp, in practice the <IFRAME> portion of this suggestion would not Allow anything on any site, because out of a URL like http://example.net/test/foo, only the "http://example.net" (called the "site") part is matched against, and as no domain starts with a . the pattern thus cannot match a valid site.
Here's a better link to the screenshot, as the link landing page isn't working for me:
Code: Select all
http://imagizer.imageshack.us/v2/900x600q90/16/noscriptmbiframe.png
Code: Select all
FRAME@https?://mbid-[0-9a-f-]+\.s3\.us\.archive\.org
Bye
*Always* check the changelogs BEFORE updating that important software!
-