How to enable https://*domain.com/

[Kim]

How do I enable scripts only for https on an entire domain?

Using courser.org as an example I'd like to permit all of these
https://accounts.coursera.org
https://class.coursera.org
https://eventing.coursera.org
https://www.coursera.org
without having to enable each one individually, and without having to add a new host coursera which I may have not encountered before.

I've tried adding https://.*courser.org to the whitelist but it doesn't work.

Ideally this would be listed in the noscript allow button, something like:
Allow https://www.courser.org <-- existing option which only works for one site
Allow www.courser.org <-- also permits non secure sites which I don't want to do
Allow coursera.org <-- also permits non secure sites which I don't want to do
Allow https://*.courser.org <-- new option I'd like to see

[barbaz]

Can't you force HTTPS on those sites so that they just never load as plain HTTP?

[Kim]

Forcing https is an option which I hadn't considered, and testing shows it works.

It does have the problem that the block has to be created in 2 separate locations. As well as being more tedious, if you get one of them wrong it is easy to accidentally permit scripts from the entire domain on insecure http.

[Thrawn]

As well as being more tedious, if you get one of them wrong it is easy to accidentally permit scripts from the entire domain on insecure http.

ABE can help there.

Code: Select all

Site ^http://.*\.coursera\.org
Deny

[Kim]

As well as being more tedious, if you get one of them wrong it is easy to accidentally permit scripts from the entire domain on insecure http.

ABE can help there.

Code: Select all

Site ^http://.*\.coursera\.org
Deny

Thanks for the reply Thrawn. Why is ABE more helpful than forcing https? My understanding is that I still have to perform a global permit for the entire domain, and then deny ABE (or force https) in a different settings box. If these two don't match then I can accidentally permit insecure scripts from a domain.

Note that I used coursera.org as a example - there are plenty of other sites I'd like to permit https for multiple sites in the domain. As I browse I find more of them. This question is not how to do it once (I now have several solutions), but how to do it quickly and easily for a new domain when I find it.

[Thrawn]

Why is ABE more helpful than forcing https?

You can do both . Either one will be sufficient to ensure that you don't access the HTTP version.

Note that I used coursera.org as a example - there are plenty of other sites I'd like to permit https for multiple sites in the domain. As I browse I find more of them. This question is not how to do it once (I now have several solutions), but how to do it quickly and easily for a new domain when I find it.

Unfortunately matching by protocol and partial domain is not a built-in feature. I'd like to use it myself at times, but c'est la vie. You can get a similar effect by using 'Force HTTPS' and/or ABE to block the plaintext version, but currently there is not a way to whitelist using that pattern.

My usual approach is to simply whitelist the individual HTTPS domains. It takes more time, but it works.

[barbaz]

If these two don't match

Right-clicking on an entry in the NoScript menu copies it (the domain/site) to the clipboard, so you can paste it in with Ctrl+V and maybe reduce the potential for typos...

Likewise, right-clicking the whitelist view in NoScript Options > Whitelist or typing Ctrl+C copies the selected entry/entries to the clipboard.

Don't know if that helps you or not.