InformAction Forums

Is there a way to allow scripts to run on all subdomains of a site but only when sent over https? In other words is there a way to whitelist https://*.google.com ?

The "Forbid active web content unless it comes from a secure (HTTPS) connection" option is not what I am looking for because I still want to allow other http sites to run scripts.

The "Force the following sites to use secure (HTTPS) connections" option is also not what I am looking for because I still want http://*.google.com to be allowed to load but not allowed to run scripts. This option can also break OCSP when https://www.google.com is loaded OCSP queries http://clients1.google.com/ocsp which NoScript converts to https causing another OCSP query resulting in an infinite loop.

Thanks in advance for any suggestions.

google.com in whitelist
(On a sample viewtopic.php?p=77597#p77597)

@fatboy: When a site is forbidden in NoScript, it's not just JS that's blocked. The "OBJ, FONT, XHR, MEDIA" in the sample is there to emulate *all* of NoScript's active content blocking. (see NoScript Options > Embeddings, and noscript.forbidXHR)

@fatboy I have tried modifying the ABE rules as you have suggested, but it seems that scripts (and other active content) are still able to run on the http versions.

Unlocking.

t9k, please upgrade NoScript to latest development build 2.9.5.3rc2 and then retry fatboy's suggestion.