Skip to content
This repository has been archived by the owner on Nov 15, 2017. It is now read-only.

Whitelist all by default for a site you trust

Raymond Hill edited this page Dec 25, 2013 · 14 revisions

There is a web site you trust completely and you just want to whitelist all by default on this web site, rather than hunting exactly for what should be whitelisted to make it work smoothly. "Whitelisting by default" means all current and future requests will be allowed (a feature many NoScript users wish they had: "Why must I "Temporarily allow all this page" REPEATEDLY?")

I will use an example to demonstrate how to proceed to whitelist all by default for a site you trust (like, say, your bank).

Suppose I totally trust https://vimeo.com/ (it's just an example...), and I want to whitelist all by default for that site, that is, current web requests and whatever future web requests the site might make. So here it is:

This is what you would see normally using out-of-the-box permissions (aka rules) of HTTP Switchboard ("HTTPSB"):

Step 1

Now click the scope button and select the site-level scope in order to create permissions specific to this web site (that would be the top-left button):

Step 2

While in site-level scope, all rules created from now on while on this web site will apply only to this web site (https://vimeo.com in our example).

Step 3

Now click the "all" cell in the matrix (the top-left one) to turn it dark green, which means "whitelist all" by default. All the cells in the matrix which do not have explicit permissions (whether allow or block) will toggle state according to the all cell. Don't forget to lock the matrix state by clicking on the padlock tool at the top.

Step 4

Now leave the pop-up menu and let the page reload. Reopen the pop-up menu and see that new web requests made by the page were not blocked. The only requests which are still blocked are the ones explicitly blacklisted.

Note the same can be done without going into site-level scope, but then this broad whitelisting would apply globally, i.e. to every page, not just the one you trust, hence the usefulness of the site-level scope feature in this case.

Keep in mind that when default is all being whitelisted, this means you need to blacklist selectively (as opposed to default blacklist-all/whitelist-selectively), so if after whitelisting all there is something you don't like in the matrix, you will have to selectively blacklist it. Example:

Step 5

Clone this wiki locally