I don't understand force https option
Posted: Thu Jun 18, 2009 2:36 pm
Source NoScript Faq:
"...In order to mitigate these issues, NoScript can be configured to honor your whitelist only if the current page is served through HTTPS, and therefore cannot be spoofed...."
Where is this whitelist?
Can someone explain me this option?
Thanks
"...In order to mitigate these issues, NoScript can be configured to honor your whitelist only if the current page is served through HTTPS, and therefore cannot be spoofed...."
Where is this whitelist?
If I set Always and then I go to this site firefox warn me about unencrypted information. But Should NoScript block the unencrypted content?Q: How can I tell NoScript to allow only the sites of my whitelist which are served through HTTPS?
A: Open NoScript Options|Advanced|HTTPS|Behavior, click under Forbid active web content unless it comes from a secure (HTTPS) connection and choose one among:
1. Never - every site matching your whitelist gets allowed to run active content.
2. When using a proxy (recommended with Tor) - only whitelisted sites which are being served through HTTPS are allowed when coming through a proxy. This way, even if an evil node in your proxy chain manages to spoof a site in your whitelist, it won't be allowed to run active content anyway.
3. Always - no page loaded by a plain HTTP or FTP connection is allowed.
Can someone explain me this option?
Thanks