Page 1 of 1
Allow trusted sites to be added based on domain name
Posted: Wed Mar 20, 2019 3:41 am
by espressobeanies
I'd like to see trusted sites be added to NoScript's allow list based on domain name because Cloudflare domains are popping up a lot of times from the general sites I visit with URLs containing insanely unique URL UUIDs as their sub-domains. It would make more sense to whitelist the entire domain if you trust content from them.
Re: Allow trusted sites to be added based on domain name
Posted: Wed Mar 20, 2019 11:19 am
by therube
Would simply adding "cloudflare.com" (or is it cloudflare.net or is it cloudfront.com, .net, or...) work?
Even though you may want to "trust" a particular site in cloud*.*, I'd think it unsafe to blanket trust cloud*.*.
Re: Allow trusted sites to be added based on domain name
Posted: Wed Mar 20, 2019 12:22 pm
by barbaz
They probably mean Cloudfront.
This is by design. Each cloudfront.net subdomain is controlled by whichever site owns it. Any site can get a cloudfront.net subdomain. Allowing all of cloudfront.net is much like allowing *.com. It's safer to allow only the specific subdomain(s) you need.
Re: Allow trusted sites to be added based on domain name
Posted: Wed Mar 20, 2019 4:40 pm
by musonius
There are cloudfront domains which are mostly harmless and there are cloudfront domains which are mostly harmful. Allowing all cloudfront domains is more or less like allowing the whole internet. The default white list may need an update indeed (I for one would be perfectly fine with an empty white list), but allowing all cloudfront domains really should not be an option.