Page 1 of 1
How can I add this URI to the whitelist?
Posted: Mon Aug 03, 2015 2:52 pm
by tarjk
When I visit Google Drive, there is a URI I want to allow with Full Domain restriction, except it is constantly changing its subdomain. Here are some examples:
Code: Select all
https://1.client-channel.google.com
https://2.client-channel.google.com
https://3.client-channel.google.com
https://4.client-channel.google.com
https://5.client-channel.google.com
Is it possible to create a rule in ABE or add a value to about:config that will allow me to whitelist this as a Full Domain? If so, do you recommend hacking ABE or about:config?
How would the rule look? Something like this?
Code: Select all
Site https://[1-9][0-9]\.client-channel\.google\.com
Accept from https://\.client-channel\.google\.com
Deny
Re: How can I add this URI to the whitelist?
Posted: Mon Aug 03, 2015 6:19 pm
by barbaz
Yep, you have to allow the full domain (client-channel.google.com) in the script blocking and restrict it with ABE.
The rule would look like this (taken directly from my ABE rules and change the domains to match what you want):
Code: Select all
# restrict client-channel.google.com active content to https and [0,1,2,...] subdomains only
# (needed for google drive)
Site ^https://\d\d?\.client-channel\.google\.com[/:]
Accept
Site .client-channel.google.com
Deny INC(SCRIPT, OBJ, FONT, XHR, MEDIA)
Sandbox
Re: How can I add this URI to the whitelist?
Posted: Mon Aug 03, 2015 6:41 pm
by tarjk
barbaz wrote:Yep, you have to allow the full domain (client-channel.google.com) in the script blocking and restrict it with ABE.
The rule would look like this (taken directly from my ABE rules and change the domains to match what you want):
Code: Select all
# restrict client-channel.google.com active content to https and [0,1,2,...] subdomains only
# (needed for google drive)
Site ^https://\d\d?\.client-channel\.google\.com[/:]
Accept
Site .client-channel.google.com
Deny INC(SCRIPT, OBJ, FONT, XHR, MEDIA)
Sandbox
Whoa. Thanks!
In the regex, "d" is used for number?
How could I have figured out that I need to use "Sandbox" instead of "Deny"?
How did you figure out that you needed to INClusive script, obj, font, xhr, media? Trial and error?
Re: How can I add this URI to the whitelist?
Posted: Mon Aug 03, 2015 7:08 pm
by barbaz
tarjk wrote:In the regex, "d" is used for number?
Not just "d" but "\d". You can also write "[0-9]" if you prefer.
tarjk wrote:How could I have figured out that I need to use "Sandbox" instead of "Deny"?
How did you figure out that you needed to INClusive script, obj, font, xhr, media? Trial and error?
^ This is a trickier point than you might think. I'm assuming you want to emulate NS script-blocking as much as possible, not just restrict the site (where you would just use Deny INC and get on with your life
).
Sandbox will prevent the target of the request from running active content, however it will not block the target of the request if it is itself active content to be run by another page (or treated as such by NS script blocking), meaning script files and Forbidden objects etc are ignored by Sandbox. That's why you need the two lines.
Re: How can I add this URI to the whitelist?
Posted: Mon Aug 03, 2015 7:12 pm
by tarjk
Can't get your config to work for .docs.google.com. Any idea why? I switched out .client-channel for .docs but left everything else the same.
Re: How can I add this URI to the whitelist?
Posted: Mon Aug 03, 2015 7:19 pm
by barbaz
tarjk wrote:Can't get your config to work for .docs.google.com. Any idea why?
No, because I'm not clear what you're trying to do with docs.google.com. Restrict it how? Allow all but certain subdomains to run active content? Allow it on per-site basis?
tarjk wrote:I switched out .client-channel for .docs but left everything else the same.
So what exactly are you trying to do with https://1.docs.google.com https://2.docs.google.com etc?
Re: How can I add this URI to the whitelist?
Posted: Mon Aug 03, 2015 8:19 pm
by tarjk
barbaz wrote:tarjk wrote:Can't get your config to work for .docs.google.com. Any idea why?
No, because I'm not clear what you're trying to do with docs.google.com. Restrict it how? Allow all but certain subdomains to run active content? Allow it on per-site basis?
tarjk wrote:I switched out .client-channel for .docs but left everything else the same.
So what exactly are you trying to do with https://1.docs.google.com https://2.docs.google.com etc?
Yes. Instead of having 30 entries of https://1-30.docs.google.com, I would have one entry that allows https://*.docs.google.com
Re: How can I add this URI to the whitelist?
Posted: Mon Aug 03, 2015 9:16 pm
by barbaz
Well then it should work...
Code: Select all
# restrict docs.google.com active content to https and [0,1,2,...] subdomains only
Site ^https://\d\d?\.docs\.google\.com[/:]
Accept
Site .docs.google.com
Deny INC(SCRIPT, OBJ, FONT, XHR, MEDIA)
Sandbox
If that's what your ruleset looks like, try moving it to its own ruleset to avoid possible conflicts with other rules you might have:
close NoScript Options if it's open
about:config > right-click > new > string
name: noscript.ABE.rulesets.GOOGLESCRIPT
value: #
then the new ruleset should be accessible in NoScript Options > Advanced > ABE for you to edit its rules normally.
Re: How can I add this URI to the whitelist?
Posted: Mon Aug 03, 2015 9:56 pm
by tarjk
barbaz wrote:Well then it should work...
Code: Select all
# restrict docs.google.com active content to https and [0,1,2,...] subdomains only
Site ^https://\d\d?\.docs\.google\.com[/:]
Accept
Site .docs.google.com
Deny INC(SCRIPT, OBJ, FONT, XHR, MEDIA)
Sandbox
If that's what your ruleset looks like, try moving it to its own ruleset to avoid possible conflicts with other rules you might have:
close NoScript Options if it's open
about:config > right-click > new > string
name: noscript.ABE.rulesets.GOOGLESCRIPT
value: #
then the new ruleset should be accessible in NoScript Options > Advanced > ABE for you to edit its rules normally.
I did what you suggest before posting a reply. What is yours doing when you try it? When I try it my Noscript menu shows these type of entries:
But I do not get this with the client-channel one.
Re: How can I add this URI to the whitelist?
Posted: Mon Aug 03, 2015 11:04 pm
by barbaz
tarjk wrote:When I try it my Noscript menu shows these type of entries:
oh
Try this
Code: Select all
# restrict docs.google.com active content to https and [0,1,2,...] subdomains only
Site ^https://(?:\d\d?\.)?docs\.google\.com[/:]
Accept
Site .docs.google.com
Deny INC(SCRIPT, OBJ, FONT, XHR, MEDIA)
Sandbox
Re: How can I add this URI to the whitelist?
Posted: Mon Aug 03, 2015 11:34 pm
by Thrawn
Another case for
this RFE