Page 1 of 1
How to enable https://*domain.com/
Posted: Wed Feb 18, 2015 12:30 am
by Kim
How do I enable scripts only for https on an entire domain?
Using courser.org as an example I'd like to permit all of these
https://accounts.coursera.org
https://class.coursera.org
https://eventing.coursera.org
https://www.coursera.org
without having to enable each one individually, and without having to add a new host coursera which I may have not encountered before.
I've tried adding https://.*courser.org to the whitelist but it doesn't work.
Ideally this would be listed in the noscript allow button, something like:
Allow
https://www.courser.org <-- existing option which only works for one site
Allow
www.courser.org <-- also permits non secure sites which I don't want to do
Allow coursera.org <-- also permits non secure sites which I don't want to do
Allow https://*.courser.org <-- new option I'd like to see
Re: How to enable https://*domain.com/
Posted: Wed Feb 18, 2015 3:11 am
by barbaz
Can't you force HTTPS on those sites so that they just never load as plain HTTP?
Re: How to enable https://*domain.com/
Posted: Wed Feb 18, 2015 6:29 am
by Kim
Forcing https is an option which I hadn't considered, and testing shows it works.
It does have the problem that the block has to be created in 2 separate locations. As well as being more tedious, if you get one of them wrong it is easy to accidentally permit scripts from the entire domain on insecure http.
Re: How to enable https://*domain.com/
Posted: Thu Feb 19, 2015 3:40 am
by Thrawn
Kim wrote:As well as being more tedious, if you get one of them wrong it is easy to accidentally permit scripts from the entire domain on insecure http.
ABE can help there.
Code: Select all
Site ^http://.*\.coursera\.org
Deny
Re: How to enable https://*domain.com/
Posted: Sun Feb 22, 2015 10:01 pm
by Kim
Thrawn wrote:Kim wrote:As well as being more tedious, if you get one of them wrong it is easy to accidentally permit scripts from the entire domain on insecure http.
ABE can help there.
Code: Select all
Site ^http://.*\.coursera\.org
Deny
Thanks for the reply Thrawn. Why is ABE more helpful than forcing https? My understanding is that I still have to perform a global permit for the entire domain, and then deny ABE (or force https) in a different settings box. If these two don't match then I can accidentally permit insecure scripts from a domain.
Note that I used coursera.org as a example - there are plenty of other sites I'd like to permit https for multiple sites in the domain. As I browse I find more of them. This question is not how to do it once (I now have several solutions), but how to do it quickly and easily for a new domain when I find it.
Re: How to enable https://*domain.com/
Posted: Tue Feb 24, 2015 5:00 am
by Thrawn
Kim wrote:Why is ABE more helpful than forcing https?
You can do both
. Either one will be sufficient to ensure that you don't access the HTTP version.
Note that I used coursera.org as a example - there are plenty of other sites I'd like to permit https for multiple sites in the domain. As I browse I find more of them. This question is not how to do it once (I now have several solutions), but how to do it quickly and easily for a new domain when I find it.
Unfortunately matching by protocol and partial domain is not a built-in feature. I'd like to use it myself at times, but c'est la vie. You can get a similar effect by using 'Force HTTPS' and/or ABE to block the plaintext version, but currently there is not a way to whitelist using that pattern.
My usual approach is to simply whitelist the individual HTTPS domains. It takes more time, but it works.
Re: How to enable https://*domain.com/
Posted: Tue Feb 24, 2015 5:52 am
by barbaz
Kim wrote:If these two don't match
Right-clicking on an entry in the NoScript menu copies it (the domain/site) to the clipboard, so you can paste it in with Ctrl+V and maybe reduce the potential for typos...
Likewise, right-clicking the whitelist view in NoScript Options > Whitelist or typing Ctrl+C copies the selected entry/entries to the clipboard.
Don't know if that helps you or not.