Page 2 of 2
Re: Nocript prevents Lastpass Vault menu from functioning
Posted: Mon Nov 16, 2015 1:34 am
by pcguy
Thrawn wrote:Hmm. That would certainly explain why lastpass.com is not showing up on the menu.
I would certainly recommend disabling cascaded permissions if you can. They should never be *necessary*, only convenient in some cases. However, if enabling cascade actually breaks the vault when it would otherwise work, then that does sound like a bug.
Perhaps cascading doesn't work properly when the top-level domain is a privileged protocol (like chrome:)? Giorgio would be better placed to answer that.
Can you try going to Options-Whitelist and manually adding
https://lastpass.com to the whitelist?
The Account Settings worked as I mentioned in my Nov 12th post once I disabled Cascase Top Document's... but to test this I did the following:
lastpass.com was already in the whitelist but I went ahead deleted it anyways. I then enabled Full Addresses. I then added
https://lastpass.com to the whitelist. Account settings in LastPass vault still worked. I enabled the Cascade Top Document's ... and the Account Settings menu did not work. So the issue was caused by Cascade Top Document's.. setting being abled.
Re: Nocript prevents Lastpass Vault menu from functioning
Posted: Mon Nov 16, 2015 2:01 am
by Thrawn
OK, I can reproduce this, and it definitely seems like a bug. It's up to Giorgio.
In the meantime, I recommend against using Cascade Permissions. It's convenient, but less secure.
Re: Nocript prevents Lastpass Vault menu from functioning
Posted: Mon Dec 07, 2015 3:23 pm
by pcguy
I found out why I enabled the Cascade option. If you go to
http://www.dslreports.com/speedtest with NoScript enabled that is what their popup tells you to do in order to run the speedtest:
Adblock, or NOSCRIPT - is blocking access to remote IPs (not scripts).
The test needs to download from several IPs
Set NOSCRIPT>Options>Advanced>Trusted>Cascade top document..
Re: Nocript prevents Lastpass Vault menu from functioning
Posted: Mon Dec 07, 2015 10:06 pm
by Thrawn
That's not necessary. I'd recommend against taking a site's advice about how to configure NoScript for viewing the site; they'll always emphasise ease and compatibility, not necessarily security.
I've run a successful speed test allowing only:
dslreports.com (this is the one that has lots of subdomains)
dslr.net (actually
https://i.dslr.net)
cdnjs.cloudflare.com
Re: Nocript prevents Lastpass Vault menu from functioning
Posted: Mon Dec 07, 2015 10:28 pm
by pcguy
Well I have the following whitelisted:
dslreports.com
dslr.net
cloudflare.com
and I still can not get the speedtest to work. I still see their pop up showing up. I can not whitelist the subdomains you indicated since the main domains are already whitelists
Re: Nocript prevents Lastpass Vault menu from functioning
Posted: Tue Dec 08, 2015 12:54 am
by therube
In addition to the domains you've listed, as the test goes through its motions, there were a lot of "numbered" IP addresses that turned up.
They don't show until it gets going.
Allow Globally worked just fine, as I imagine Cascade would too.