1. On the Cookies tab of this section, there is a checkbox to "enable automatic secure cookies management". Exactly what does it allow to make the browser more secure? When the box is checked, does it override the sections below it?
2. If I do not check the box, then, alternatively, am I supposed to make settings in the lower section manually, or are they also made when it is checked as an additional procedure?
3. What exactly is an unsafe cookie, such as what is referenced in the lower section, and what would be the consequences of ignoring them?
HTTPS on Advanced tab
HTTPS on Advanced tab
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Re: HTTPS on Advanced tab
Please read section 6.4 of the FAQ.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (Linux; U; Android 2.2.1; en-gb; GT-S5570 Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Re: HTTPS on Advanced tab
Okay, thanks for the link as that helps clarify quite a bit of it. In the information from that link, it includes this statement:
"...if a navigation from an encrypted to a non-encrypted part of the same site (i.e. sharing the same cookies) happens in the same tab, NoScript removes its ";Secure" patch to ensure compatibility. When it happens, this event is logged to the Error Console, along with a recommendation to try forcing HTTPS by listing this site in the HTTPS|Behavior|Force section."
I would like to see an example of such recommendation occurring because I cannot recall a single instance of having seen one. Is this recommendation something I would have to go looking for, or would it appear like an alert noticeably obvious to me in the browser?
I think something has been change recently in Firefox configuration capabilities, at least for the Windows version 23.0, because there used to be a setting in one of the Options dialogue boxes relating to cookies handling on sites (e.g., which site was allowed to put them), but I cannot see any such setting in the latest version. What is going on with that now?
Another FF change that appears to me, which would seem also to relate to the settings in NoScript's Advanced tab, concerns the terminology Trusted site versus Untrusted site. I do not see in Firefox any more setting where I would label a site one way or another. This makes it rather difficult to know to which site a setting would apply, would it not? Thanks.
"...if a navigation from an encrypted to a non-encrypted part of the same site (i.e. sharing the same cookies) happens in the same tab, NoScript removes its ";Secure" patch to ensure compatibility. When it happens, this event is logged to the Error Console, along with a recommendation to try forcing HTTPS by listing this site in the HTTPS|Behavior|Force section."
I would like to see an example of such recommendation occurring because I cannot recall a single instance of having seen one. Is this recommendation something I would have to go looking for, or would it appear like an alert noticeably obvious to me in the browser?
I think something has been change recently in Firefox configuration capabilities, at least for the Windows version 23.0, because there used to be a setting in one of the Options dialogue boxes relating to cookies handling on sites (e.g., which site was allowed to put them), but I cannot see any such setting in the latest version. What is going on with that now?
Another FF change that appears to me, which would seem also to relate to the settings in NoScript's Advanced tab, concerns the terminology Trusted site versus Untrusted site. I do not see in Firefox any more setting where I would label a site one way or another. This makes it rather difficult to know to which site a setting would apply, would it not? Thanks.
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Re: HTTPS on Advanced tab
It would appear in the Error Console (Ctrl+Shift+J). No, it doesn't pop up any obvious alert. NoScript generally tries to be less obtrusive than that. I suppose it might be nice to have a setting that would make NoScript 'noisy', giving alert boxes when doing something like this.antipop wrote:Okay, thanks for the link as that helps clarify quite a bit of it. In the information from that link, it includes this statement:
"...if a navigation from an encrypted to a non-encrypted part of the same site (i.e. sharing the same cookies) happens in the same tab, NoScript removes its ";Secure" patch to ensure compatibility. When it happens, this event is logged to the Error Console, along with a recommendation to try forcing HTTPS by listing this site in the HTTPS|Behavior|Force section."
I would like to see an example of such recommendation occurring because I cannot recall a single instance of having seen one. Is this recommendation something I would have to go looking for, or would it appear like an alert noticeably obvious to me in the browser?
Options - Privacy - Exceptions.I think something has been change recently in Firefox configuration capabilities, at least for the Windows version 23.0, because there used to be a setting in one of the Options dialogue boxes relating to cookies handling on sites (e.g., which site was allowed to put them), but I cannot see any such setting in the latest version. What is going on with that now?
Firefox does not have a concept of Trusted and Untrusted sites (which is a pity, really; even Internet Explorer has that feature). These options are referring to sites that NoScript trusts (or not). When you allow scripting on a site, the Trusted tab determines what extra privileges it has; if you haven't allowed scripting, then the Untrusted tab allows you to define extra restrictions.Another FF change that appears to me, which would seem also to relate to the settings in NoScript's Advanced tab, concerns the terminology Trusted site versus Untrusted site. I do not see in Firefox any more setting where I would label a site one way or another. This makes it rather difficult to know to which site a setting would apply, would it not? Thanks.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:22.0) Gecko/20100101 Firefox/22.0
Re: HTTPS on Advanced tab
> "...there used to be a setting in one of the Options dialogue boxes relating to cookies handling on sites (e.g., which site was allowed to put them), but I cannot see any such setting in the latest version."
>>" Options - Privacy - Exceptions."
that section changes according to what the user has chosen in the dropdown box for History. In mine I decided to leave it at the default value it had when I updated a couple of days ago, i.e., "Firefox will: Never remember history". In doing so, that section remained bare. If you change it to something else, then additional control buttons appear there, where a user can make additional decisions for cookies and such. I did not see the change because I left it as I saw it, thinking this would be good to try for a while. However, I can see now that it was maybe not a good choice for me if I also want to control cookies, etc..
My intention in doing so (i.e., Never remember history) was related to this conversation about HTTPS and NoScript. I want to feel confident that I can go from one site to another without disclosing to one of them the cookies I might have gotten elsewhere. If I change my dropdown box so that "Firefox will: Use custom settings for history", while simultaneously setting it to "Always use private browsing mode", this permits me also to have cookies, which I do need to accept from time to time for proper functionality. Now if I can simultaneously keep them obfuscated by using a setting in NoScript, then I should be good-to-go at this point.
I do not need to retain any of these cookies in Firefox from one session to the next. Indeed, even when I leave a site, I want its cookies, if any, to be discarded for the rest of that session and beyond, until I happen to visit again, at which point I can just accept new cookies if need be. Yet, I do not want to have to be making deliberate clicks and choices all the time about deleting cookies as I move from one site to another in any given session. If I can make use of NoScript to manage this issue, as I believe I can if I figure it out sufficiently, then I should have it working as I hope.
>>" Options - Privacy - Exceptions."
that section changes according to what the user has chosen in the dropdown box for History. In mine I decided to leave it at the default value it had when I updated a couple of days ago, i.e., "Firefox will: Never remember history". In doing so, that section remained bare. If you change it to something else, then additional control buttons appear there, where a user can make additional decisions for cookies and such. I did not see the change because I left it as I saw it, thinking this would be good to try for a while. However, I can see now that it was maybe not a good choice for me if I also want to control cookies, etc..
My intention in doing so (i.e., Never remember history) was related to this conversation about HTTPS and NoScript. I want to feel confident that I can go from one site to another without disclosing to one of them the cookies I might have gotten elsewhere. If I change my dropdown box so that "Firefox will: Use custom settings for history", while simultaneously setting it to "Always use private browsing mode", this permits me also to have cookies, which I do need to accept from time to time for proper functionality. Now if I can simultaneously keep them obfuscated by using a setting in NoScript, then I should be good-to-go at this point.
I do not need to retain any of these cookies in Firefox from one session to the next. Indeed, even when I leave a site, I want its cookies, if any, to be discarded for the rest of that session and beyond, until I happen to visit again, at which point I can just accept new cookies if need be. Yet, I do not want to have to be making deliberate clicks and choices all the time about deleting cookies as I move from one site to another in any given session. If I can make use of NoScript to manage this issue, as I believe I can if I figure it out sufficiently, then I should have it working as I hope.
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Re: HTTPS on Advanced tab
You want the Self Destructing Cookies addon.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (Linux; U; Android 2.2.1; en-gb; GT-S5570 Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1