Allow trusted sites to be added based on domain name

[espressobeanies]

I'd like to see trusted sites be added to NoScript's allow list based on domain name because Cloudflare domains are popping up a lot of times from the general sites I visit with URLs containing insanely unique URL UUIDs as their sub-domains. It would make more sense to whitelist the entire domain if you trust content from them.

[therube]

Would simply adding "cloudflare.com" (or is it cloudflare.net or is it cloudfront.com, .net, or...) work?

Even though you may want to "trust" a particular site in cloud*.*, I'd think it unsafe to blanket trust cloud*.*.

[barbaz]

They probably mean Cloudfront.

This is by design. Each cloudfront.net subdomain is controlled by whichever site owns it. Any site can get a cloudfront.net subdomain. Allowing all of cloudfront.net is much like allowing *.com. It's safer to allow only the specific subdomain(s) you need.

[musonius]

There are cloudfront domains which are mostly harmless and there are cloudfront domains which are mostly harmful. Allowing all cloudfront domains is more or less like allowing the whole internet. The default white list may need an update indeed (I for one would be perfectly fine with an empty white list), but allowing all cloudfront domains really should not be an option.