Page 1 of 1
Allow Java on selected sites
Posted: Sun Mar 17, 2013 9:44 am
by Guest
Hi. I have Forbid java etc. + "Apply these restrictions to whitelisted sites too". Any time I want to see full functionality on a site I simply do Temporarily allow. But I play chess on pogo.com every day, and to save myself some time I decided to add ABE for it:
Site .pogo.com
Accept
The problem is this doesn't work. I still have to Temporarily allow
www.pogo.com under Blocked objects submenu on every browser session. It seems that Forbid java etc. + "Apply these restrictions to whitelisted sites too" takes priority over ABE and it cannot overrule that. As soon as I uncheck that pogo.com works with no further actions needed, together with sites I DON'T want Flash etc. to work on.
Re: Allow Java on selected sites
Posted: Sun Mar 17, 2013 10:22 pm
by Thrawn
What you probably want is the
noscript.allowedMimeRegExp setting in about:config.
Guest wrote:It seems that Forbid java etc. + "Apply these restrictions to whitelisted sites too" takes priority over ABE and it cannot overrule that.
Actually, object blocking and ABE are totally separate features, and they work independently. So yes, object blocking will continue to apply regardless of what you write in ABE.
What you
can do, however, is write ABE rules to describe exactly the protection you want, and then disable the other NoScript feature(s) involved. So, if you wrote an ABE rule exactly describing which Flash objects are allowed where, then you could switch off the Forbid Java checkbox.
As soon as I uncheck that pogo.com works with no further actions needed, together with sites I DON'T want Flash etc. to work on.
Indeed. You can investigate the allowedMimeRegExp setting (search the forum for instructions about it), or you can delve into the wonderful world of ABE rules. Probably allowedMimeRegExp is simpler.
Re: Allow Java on selected sites
Posted: Mon Mar 18, 2013 1:00 pm
by rihad1980
Thrawn wrote:What you probably want is the noscript.allowedMimeRegExp setting in about:config.
Thanks a lot, this did the trick:
application/x-java-vm@https?://(?:www\.|game\d+\.)?pogo\.com
I didn't need to fiddle with Forbid java + "Apply these restrictions to whitelisted sites too".
The said MIME type disappeared from Blocked objects as could be expected.
A bit unexpectedly, this ABE rule wasn't required either, so I could comment it:
Site .pogo.com
Accept
although pogo.com definitely has some scripty feel to it.
Re: Allow Java on selected sites
Posted: Mon Mar 18, 2013 2:55 pm
by rihad1980
rihad1980 wrote:Thrawn wrote:What you probably want is the noscript.allowedMimeRegExp setting in about:config.
Thanks a lot, this did the trick:
application/x-java-vm@https?://(?:www\.|game\d+\.)?pogo\.com
I didn't need to fiddle with Forbid java + "Apply these restrictions to whitelisted sites too".
The said MIME type disappeared from Blocked objects as could be expected.
A bit unexpectedly, this ABE rule wasn't required either, so I could comment it:
Site .pogo.com
Accept
although pogo.com definitely has some scripty feel to it.
Re: Allow Java on selected sites
Posted: Mon Mar 18, 2013 2:57 pm
by Guest
False alarm, I had "Temporarily allow top-level sites by default (Full Addresses)" checkbox ticked.
Re: Allow Java on selected sites
Posted: Tue Mar 19, 2013 1:43 am
by Thrawn
rihad1980 wrote:
A bit unexpectedly, this ABE rule wasn't required either
No, that's very much to be expected. ABE doesn't allow anything that something else is blocking. It just imposes restrictions of its own. No ABE rule = no ABE restrictions.
You can't use ABE to override the Blocked Objects menu. What you
can do is switch off object-blocking and use ABE to manage objects instead. But the way you've done it is much simpler.
Re: Allow Java on selected sites
Posted: Tue Mar 19, 2013 5:42 am
by rihad1980
Thrawn wrote:
ABE doesn't allow anything that something else is blocking.
This is indeed the take-home message here!
Thanks!
Re: Allow Java on selected sites
Posted: Tue Mar 19, 2013 5:50 am
by rihad1980
BTW, how and when would Accept in ABE be useful? Or is Accept pretty much useless in the current NoScript implementation?
I'd guess it could be used to build up a restrictive firewall within ABE itself, i.e. except this site and that (which is Accept), forbid everything else (Deny), first match wins. One of those few cases where "except" sounds and means same as "accept"
Re: Allow Java on selected sites
Posted: Tue Mar 19, 2013 11:15 am
by Thrawn
rihad1980 wrote:BTW, how and when would Accept in ABE be useful? Or is Accept pretty much useless in the current NoScript implementation?
I'd guess it could be used to build up a restrictive firewall within ABE itself, i.e. except this site and that (which is Accept), forbid everything else (Deny), first match wins. One of those few cases where "except" sounds and means same as "accept"
Pretty much, yes. Take a look at the built-in SYSTEM rule as an example. Requests for local resources are permitted only if they come from local sites, so if, for example, a random website tries to open 192.168.0.1 (which is probably your router) in an IFRAME, then ABE will block it. That's the kind of thing that ABE is primarily designed for: protecting valuable-but-vulnerable sites from fraudulent cross-site requests.