Obvious Caveat: NoScript Classic / ABE Is Not Supported
It requires all three rules, and where there is an ellipsis that indicates many more URLs that aren't worth listing or might trigger forum filters

Goes without saying that any improvements to this are gratefully received!
20220422160200 - Updated from fatboy's great advice to cleaner (and safer) regexes.
Rule 1 - Recaptcha ONLY Locations
Code: Select all
#recaptcha
Site .recaptcha.com .recaptcha.net .google.com/recaptcha/* .gstatic.com/recaptcha/* https://www.google.com/recaptcha/api2/
Accept from https://greasyfork.org/* .stackoverflow.com ...
Sandbox from .itch.io
Anonymize from .yahoo.com .fightcade.com
#pron
Accept from pornhub.com .phncdn.com
Deny INC
Code: Select all
## This rule allows Google scripts objects and frames to be included only
## from Google pages and apps
Site ^\Qhttps://\E(?:[^\/:]+\.)?google\.com((?!recaptcha).)*$ .google.co.uk ...
Accept from .google.com .gstatic.com .google.co.uk ...
# pron
Anonymize from .pornhub.com .phncdn.com
Deny INC
Rule 3 - Google Static
If you already have a gstatic rule, just change the Site to this.
Code: Select all
# google static
# gstatic is used for a lot of stuff everywhere other than recaptcha
Site ^\Qhttps://\E(?:[^\/:]+\.)?gstatic\.(?:net|com)((?!recaptcha).)*$
Accept from .google.com .google.co.uk ...
# Pron
Anonymize from .pornhub.com .phncdn.com
Deny
---
Some thoughts:
Anonymize Rules
Where possible I prefer to use anonymize, and at the time of addition those that are in the anonymize sections work from there. Otherwise it appears it can be picky about knowing where the requests are coming from and rarely connects to the recaptcha service unless it's in a full accept path.
REGEX Tidying
I am ridiculously new to regex and I think that I've immediately identified one change that I need to make in tidying up, as there are two different versions of regexxy stuff before domains:
Code: Select all
^(.*)gstatic\.com
Code: Select all
^[^\/]+:\/\/[^\/]*?\.?(gstatic\.com\/)

Rules Tidying
I think I could include another simple fix / tidy by replacing all the obstensibly same domains with:
Code: Select all
SELF++
Methods Tidying
This is all still a foreign language to me, and I've no doubt that the whole thing could be locked down even further to purely allow the type of content required for recaptcha, but ... yeah ... methods.

Even down to my (probably not quite right) usage of the Deny INC that flits and flitters between rules.Old Abe PDF wrote:1.2. Methods
The <method> component of a <predicate> can be any HTTP method (GET, POST, HEAD, PUT, DELETE, TRACE, OPTIONS) with the addition of 3 “pseudo” methods:
- ALL – the <action> of this <predicate> must be enforced independently from the HTTP method of the requests (i.e. for all methods)
- SUB – the <action> of this <predicate> must be enforced only if this is a subdocument request, i.e. if the requested resource is going to be shown in a frame or iframe
- INCLUSION (alias INC) – the <action> of this <predicate> must be enforced only if this is an inclusion sub-request (i.e. not a top-level load). The inclusion type(s) to match can be listed as optional comma-separated arguments inside parentheses, e.g. INCLUSION(SCRIPT, OBJ).
If no type is specified, this pseudo-method matches any sub-request.
Valid types are SCRIPT, CSS, IMAGE, OBJ (plugin objects and sub-requests from plugin objects), OBJSUB (just sub-request from plugin objects), MEDIA, FONT, SUBDOC (subdocuments, i.e. documents loaded in frames and iframes), XBL, PING, XHR (***ObfuscateForFilter*** and Fetch loads), DTD, OTHER and UNKNOWN. Starting with NoScript version 5.0.8 all the “external” types defined in Mozilla’s nsIContentPolicy.TYPE_* constants are dynamically supported: the name of the ABE type is the same as the constant’s, but without the TYPE_ prefix. UNKNOWN matches any request not mapped yet to a specific nsIContentPolicy.TYPE_ (like TYPE_OTHER), while OTHER, for historical/compatibility reasons, matches the same requests as UNKNOWN plus any TYPE_* (like TYPE_WEBSOCKET or TYPE_CSP_REPORT) not matched by the original “static” ABE types.
I'd have hidden many of these paragraphs, but I'm dumb in that I can't find the 'hide'/'spoiler' function. Anyway ... that's about it!