InformAction Forums

About the settings.

Win 7 SP1, Fx 115.14.0esr, NS 11.4.34, new clean profile.
If you check the General -> Temporarily set top-level sites to TRUSTED checkbox and restart (or close and start) the browser,
then the temporary permissions are not canceled.

fatboy wrote: ↑Tue Aug 20, 2024 12:45 pm If you check the General -> Temporarily set top-level sites to TRUSTED checkbox and restart (or close and start) the browser,
then the temporary permissions are not canceled.

I cannot reproduce, sorry. Could you provide step-by-step instructions, included how the temporary permissions were added, if before or after enabling the setting, how did you check the permissions were still there, were they marked as temporary or not and so on? Thanks!

STR:
Open the "General" tab in the settings, check the box "Temporarily set top-level sites to TRUSTED".
Open the site http://example.com/ (or any other if TRUSTED is not selected for it in the "Per site Permissions" tab).
Click on the NS icon in the panel — the "Temp TRUSTED" preset is selected for example.com.
Close the browser.
Launch the browser.
Open the site http://example.com/, click on the NS icon — example.com is still "Temp TRUSTED".
Open the "General" tab in the settings — "Temporarily set top-level sites to TRUSTED" is still checked.

If this behavior is observed only by me, then there is no need to look for the reason, I do not use this setting.

fatboy wrote: ↑Tue Aug 20, 2024 5:26 pm STR:
Open the "General" tab in the settings, check the box "Temporarily set top-level sites to TRUSTED".
Open the site http://example.com/ (or any other if TRUSTED is not selected for it in the "Per site Permissions" tab).
Click on the NS icon in the panel — the "Temp TRUSTED" preset is selected for example.com.
Close the browser.
Launch the browser.
Open the site http://example.com/, click on the NS icon — example.com is still "Temp TRUSTED".
Open the "General" tab in the settings — "Temporarily set top-level sites to TRUSTED" is still checked.

Umm...that's completely expected behavior. The temporary permission is being re-created the second time you visit example.com, exactly as specified by the setting.

barbaz wrote: ↑Tue Aug 20, 2024 5:42 pm

fatboy wrote: ↑Tue Aug 20, 2024 5:26 pm Open the "General" tab in the settings — "Temporarily set top-level sites to TRUSTED" is still checked.

Umm...that's completely expected behavior. The temporary permission is being re-created the second time you visit example.com, exactly as specified by the setting.

Yes it is.
But I understand how the way the setting is labeled may generate confusion: maybe it should be changed to "Automatically set top-level sites to Temp. TRUSTED"?

"Temp TRUSTED" should be canceled when the browser restarts.Isn't it?
If the preservation of the checkbox marked is the expected behavior, maybe then it can be called "Automatically set top-level sites to TRUSTED"?

fatboy wrote: ↑Tue Aug 20, 2024 7:20 pm "Temp TRUSTED" should be canceled when the browser restarts.Isn't it?

It is.
If you open NoScript Options>Per Site Permissions at browser start, before you visit any site, you'll see the site(s) which were set to Temp TRUSTED in the previous session are gone away (except for session restored ones).
Also, if they're included as 3rd party resources they won't be set back to Temp TRUSTED.
But if you do visit them as top level documents, they will be set back to Temp TRUSTED, as implied by the setting.

Temp TRUSTED in classic NS had limited capabilities compared to TRUSTED.
What is "Temp" now expressed in if the permission is actually issued forever?

fatboy wrote: ↑Tue Aug 20, 2024 7:57 pm Temp TRUSTED in classic NS had limited capabilities compared to TRUSTED.
What is "Temp" now expressed in if the permission is actually issued forever?

That's no "classic" vs "now". This option (which I personally don't like, but was requested by many users) has always worked this way, and been intended as "if I explicitly navigate to a website, I automatically trust it for this session" - but I don't necessarily trust any "hidden" 3rd party script.

> …"if I explicitly navigate to a website, I automatically trust it for this session"
And for all subsequent ones, even if it is not a session restore.
OK. Sorry for taking up so much of your time.

fatboy wrote: ↑Tue Aug 20, 2024 8:29 pm > …"if I explicitly navigate to a website, I automatically trust it for this session"
And for all subsequent ones, even if it is not a session restore.

No: not until you actually navigate it back as a top level site.

Isn't

NoScript 11.4, Temporarily set top-level sites to TRUSTED
going to be exactly the same as
NoScript 5.1, Temporarily allow top-level sites by default

both of which are blanket trusts (for the "top-level" site), set in a global fashion, & are expected to persist a browser restart.
So in that regard, there is no issue here.

This is not a <set|allow> top-level sites, per session, it's global & always, unless & until you deselect the setting.

maybe it should be changed to "Automatically set top-level sites to Temp. TRUSTED"?

To me, that would make it sound like it is "Temp." trusted, as in since it is "Temp", at some point, like with a browser restart, one would then expect that since it was "Temp", it would reset, but that is not the case.

It is always trusted, unless the setting is deselected.

"Temp TRUSTED" should be canceled when the browser restarts.Isn't it?

"Temp. TRUSTED", when you "Temp. TRUSTED" a site using the NoScript dropdown icon is cancelled on a browser restart (as the setting was only, temporary).

"Temporarily set top-level sites to TRUSTED", in the NoScript Options page, is not a temporary setting, is not affected by a browser restart.


Oh.

NoScript 11.4, Temporarily set top-level sites to TRUSTED
NoScript 5.1, Temporarily allow top-level sites by default

"Temporarily".

Temporarily should be removed.
As it is not temporary, it either is or is not.

So,

NoScript 11.4, Set top-level sites to TRUSTED
NoScript 5.1, Allow top-level sites by default

Now, in the NoScript Options page,
"Disable restrictions globally (dangerous)" has a corresponding (option to) "Restore restrictions on browser restart"
& that would then reset a "Disable restrictions globally" - on a browser restart.

But the,
"Temporarily set top-level sites to TRUSTED" does not have that option (yet ?).

If it did, then on a browser restart, that setting to would be reset.