InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

+ Built-in force HTTPS list, seeded with www.youtube.com

https://forums.informaction.com/viewtopic.php?t=20343

Page 1 of 1

+ Built-in force HTTPS list, seeded with www.youtube.com

Posted: Sat Dec 06, 2014 3:57 pm
by Thencent
v 2.6.9.6 introduces:
+ Built-in force HTTPS list, seeded with www.youtube.com

I found this item interesting and have a few questions ...

- do you plan to expand upon the built-in list such that NoScript would be closer to covering the functionality of HTTPS Everywhere?
- why is youtube.com the first domain added to this list?
- is there a way for users to disable the built-in list, if it's functionality is redundant to addons like HTTPS Everywhere?

Re: + Built-in force HTTPS list, seeded with www.youtube.com

Posted: Sat Dec 06, 2014 10:54 pm
by Giorgio Maone
Thencent wrote: - do you plan to expand upon the built-in list such that NoScript would be closer to covering the functionality of HTTPS Everywhere?
No, I don't. I'm gonna use it to fix blatant incompatibilities.
Even more so since the major websites are pushing HSTS, which makes client-side forcing for security reasons progressively redundant.
Thencent wrote: - why is youtube.com the first domain added to this list?
Because doing so fixed an embedding activation compatibility problem.
Thencent wrote: - is there a way for users to disable the built-in list, if it's functionality is redundant to addons like HTTPS Everywhere?
You can just edit it like any other about:config preference: once you set it to a value different than its default (e.g. an empty string), NoScript updates won't change it (until you eventually reset it).
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited