InformAction Forums

Is it possible to allow scripts from all sub-domains of a site only if they are served over https? I can allow all sub-domains or I can specify https for a particular sub-domain but I can't specify https for all sub-domains. To phrase it another way if the whitelist supported an asterisk wildcard it would be specified as https://*.example.com

I'm not looking for a global setting to block all non-https scripts like nor am I trying to prevent all non-https loads from *.example.com with just non-https scripts from *.example.com.

Any help would be appreciated. If this is not currently possible please consider this a feature request.

allow example.com, then
noscript options > advanced > abe > user does that work?

barbaz wrote:allow example.com, then
noscript options > advanced > abe > user

Code: Select all

Site ^https?://(?:[^/:]+\.)?example\.com/.*
Accept
Site .example.com
Deny INC(SCRIPT, OBJ, XHR, FONT, MEDIA)
Sandbox

does that work?

Thanks for your suggestion but this still allows active content from non-https versions of example.com

Did you mean I'm going to spend some time studying the ABE documentation tomorrow.

idegrt wrote:Did you mean

Code: Select all

Site ^https://(?:[^/:]+\.)?example\.com/.*

Yes, thanks for spotting that