InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Why are HTTPS sites red instead of black?

https://forums.informaction.com/viewtopic.php?t=24171

Page 1 of 1

Why are HTTPS sites red instead of black?

Posted: Tue Dec 12, 2017 4:09 pm
by FranL
When I visit pages at https://stackoverflow.com/, I see this in the NoScript popup:

Image

I (perhaps incorrectly) expected the ...stackoverflow.com to be black. It changes to black when I lock the Match HTTPS content only, which makes sense. Does a red domain name marked TRUSTED mean NoScript allows both HTTP and HTTPS accesses to that domain — so the red color is kind of a warning that both secure and insecure accesses are allowed?

If so, should I always lock the HTTPS lock in this case, given that the page only uses HTTPS to access ...stackoverflow.com?

Re: Why are HTTPS sites red instead of black?

Posted: Tue Dec 12, 2017 4:20 pm
by barbaz
Not seeing this in a clean profile. Most likely you simply already had those permissions set for over both HTTP and HTTPS.

Re: Why are HTTPS sites red instead of black?

Posted: Tue Dec 12, 2017 4:31 pm
by FranL
I toggled the domain to UNTRUSTED, reloaded the page, then set it back to TRUSTED, and reloaded again — it looks correct now:

Image

NoScript also seems to default to the green lock on TRUSTED domains accessed via HTTPS, which is nice. Thanks, barbaz.

Re: Why are HTTPS sites red instead of black?

Posted: Wed Dec 13, 2017 6:32 am
by darby
Been toggling the sites having this issue as well. Works most of the time.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited