Page 1 of 1
Granularity of Temporarily set top-level sites to TRUSTED
Posted: Wed Mar 28, 2018 3:52 am
by tancrackers
I have checked off: Temporarily set top-level sites to TRUSTED
This should allow the top-level domains, which it does, but I noticed some sites here and there suffer from a bug. Some sites have two domains with the same name, but not both are honored by the Trusted permission.
If we have a site www.example.com we might have:
...example.com
and
http://www.example.com
One of these will be Trusted by NoScript, but the other will not. To me, both should be Trusted by NoScript since they're the same site IMO.
Example site:
http://www.city-data.com/
Temp trusted: http://www.city-data.com
Set to Default: …city-data.com
I have encountered a bunch of sites where this happens. I will supply a list if you want.
Here are my specs:
NoScript Version: 10.1.7.5
Firefox: 59.0.2 x64 on Windows 10
Re: Top-level domains not working properly
Posted: Wed Mar 28, 2018 3:59 am
by barbaz
That's expected behavior. http://www.city-data.com is a subset of ...city-data.com, trusting the former should *not* automatically trust the latter.
Re: Top-level domains not working properly
Posted: Wed Mar 28, 2018 4:02 am
by tancrackers
barbaz wrote:That's expected behavior. http://www.city-data.com is a subset of ...city-data.com, trusting the former should *not* automatically trust the latter.
Is there a way to trust *.example.com then?
Re: Top-level domains not working properly
Posted: Wed Mar 28, 2018 6:55 am
by barbaz
"...example.com" trusts both "example.com" and *.example.com
Re: Top-level domains not working properly
Posted: Wed Mar 28, 2018 2:02 pm
by tancrackers
barbaz wrote:"...example.com" trusts both "example.com" and *.example.com
That's the way I wanted the feature to work. I never had a problem with NoScript before Firefox 57 with this.
Re: Top-level domains not working properly
Posted: Wed Mar 28, 2018 3:49 pm
by barbaz
tancrackers wrote:barbaz wrote:"...example.com" trusts both "example.com" and *.example.com
That's the way I wanted the feature to work. I never had a problem with NoScript before Firefox 57 with this.
So to be clear, does it work that way for you or not?
Re: Top-level domains not working properly
Posted: Wed Mar 28, 2018 4:47 pm
by Giorgio Maone
Notice also that if the lock icon is closed and green, only the HTTPS (secure) version of the site(s) will be trusted, so
https://www.city-data.com will work but
http://www.city-data.com won't.
For ...citydata.com to match
http://www.city-data.com you'll net to set the lock icon to open/red.
Re: Top-level domains not working properly
Posted: Wed Mar 28, 2018 5:35 pm
by tancrackers
barbaz wrote:tancrackers wrote:barbaz wrote:"...example.com" trusts both "example.com" and *.example.com
That's the way I wanted the feature to work. I never had a problem with NoScript before Firefox 57 with this.
So to be clear, does it work that way for you or not?
It does not currently work the way that I was expecting.
In my settings, they are both red.
Forgive me if I misinterpreted the setting, but my thought was that the setting was that *.city-data.com would be matched as the top-level domain. Therefore, I wouldn't have to worry about whitelisting virtually every site that I would visit, the setting would just temporarily whitelist it automatically. In NoScript before Quantum, this is how it behaved for me. Now, this is not the case?
Essentially, one can look at ScriptSafe on Chrome. Their option: "Allow the same domain and subdomains" is more what I was looking for.
Re: Top-level domains not working properly
Posted: Wed Mar 28, 2018 11:06 pm
by barbaz
I am sorry, I totally misunderstood the problem! Let me try to summarise it.
Current state: NoScript Options > General > "Temporarily set top-level sites to TRUSTED" sets full addresses to TRUSTED.
What you want: Ability to make that setting act on base 2nd-level domains instead of full addresses. i.e. a proper equivalent of NoScript Classic's "Temporarily allow top-level sites by default", where the granularity was configurable.
Do I have it right this time?
Re: Top-level domains not working properly
Posted: Thu Mar 29, 2018 8:47 pm
by tancrackers
barbaz wrote:I am sorry, I totally misunderstood the problem! Let me try to summarise it.
Current state: NoScript Options > General > "Temporarily set top-level sites to TRUSTED" sets full addresses to TRUSTED.
What you want: Ability to make that setting act on base 2nd-level domains instead of full addresses. i.e. a proper equivalent of NoScript Classic's "Temporarily allow top-level sites by default", where the granularity was configurable.
Do I have it right this time?
Yes! Exactly.
Re: Granularity of Temporarily set top-level sites to TRUSTE
Posted: Fri Mar 30, 2018 1:40 am
by barbaz
Thanks for confirming. I've changed the thread title to better reflect the issue at hand.
Re: Granularity of Temporarily set top-level sites to TRUSTE
Posted: Fri May 04, 2018 6:58 am
by tancrackers
Is this a legitimate feature that would be considered for a future release?