Hi,
Maybe it's a dumb question, but is there a way to have all first party sites automatically allowed ? Allowing JS globally is a little overkill for me, but I have to have a Firefox profile around for non technical people.
Thanks!
Allow first party scripts by default
-
Zanen
Allow first party scripts by default
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
Re: Allow first party scripts by default
Not quite, the closest you can get is
NoScript Options > General > Temporarily allow top-level sites by default
but that Temp-Allows those top-level sites *everywhere*, so their scripts will run even as 3rd-party scripts.
The most dangerous part of turning that option on is if there's a redirect through some random site, then that site will seem to Temp-Allow itself... I've seen at least two different threads here about that (one of which was quite extensive)
NoScript Options > General > Temporarily allow top-level sites by default
but that Temp-Allows those top-level sites *everywhere*, so their scripts will run even as 3rd-party scripts.
The most dangerous part of turning that option on is if there's a redirect through some random site, then that site will seem to Temp-Allow itself... I've seen at least two different threads here about that (one of which was quite extensive)
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (compatible; Konqueror/4.4; Linux 2.6.32-22-generic; X11; en_US) KHTML/4.4.3 (like Gecko) Kubuntu
Re: Allow first party scripts by default
You might also want to run that profile in a sandbox or VM.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0
-
Zanen
Re: Allow first party scripts by default
Thank you both for the suggestions 
I'm already using Sandboxie, but even so blocking 3rd party JS is still good for CPU load and battery life.
The auto-temp allow thing will indeed become problematic but it's an improvement over allowing globally, so I'll take that for now.
Could "allow first party JS" be worth proposing as a feature suggestion ?
I'm already using Sandboxie, but even so blocking 3rd party JS is still good for CPU load and battery life.
The auto-temp allow thing will indeed become problematic but it's an improvement over allowing globally, so I'll take that for now.
Could "allow first party JS" be worth proposing as a feature suggestion ?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
Re: Allow first party scripts by default
You're welcome.
(Example: YouTube - *if you use their HTML5 player* - requires s.ytimg.com and an entire type of video objects from googlevideo.com Allowed in NS in order to watch video)
If you would like to make that RFE you can either just post it at the end of this thread; or, if you register first, post it at the end of this thread under your registered account and I'll change the topic title to 'RFE: Easy option to auto temp-allow only first party scripts' and move the whole thread to NoScript Development as an RFE, so it's more likely to be spotted, if you like.
Bear in mind that Giorgio has a lot on his plate NS-wise so it may be a while before he gets to this
I think so, although I wouldn't use it; however, bear in mind that it's possible a site will work without any JS but not work at all if 1st-party JS is enabled but it has a CDN (e.g. some Akamai or cloudfront domain or some domain that looks similar to that of the site but has something like 'img' or 'static' or 'cdn' in it) or 3rd-party dependency that is script-blocked...Zanen wrote:Could "allow first party JS" be worth proposing as a feature suggestion ?
(Example: YouTube - *if you use their HTML5 player* - requires s.ytimg.com and an entire type of video objects from googlevideo.com Allowed in NS in order to watch video)
If you would like to make that RFE you can either just post it at the end of this thread; or, if you register first, post it at the end of this thread under your registered account and I'll change the topic title to 'RFE: Easy option to auto temp-allow only first party scripts' and move the whole thread to NoScript Development as an RFE, so it's more likely to be spotted, if you like.
Bear in mind that Giorgio has a lot on his plate NS-wise so it may be a while before he gets to this
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; NetBSD amd64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36
Re: Allow first party scripts by default
Well, it's already possible using ABE, but then you would only be able to make exceptions using ABE...Zanen wrote:Could "allow first party JS" be worth proposing as a feature suggestion ?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0