-
-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request] Trust/Allow script(s) to run on a single site/domain only, instead of globally #345
Comments
How does this differ (if it does) from Contextual Policies? |
It doesn't, that's exactly what I was asking for, I just hadn't noticed it 👍 |
I noticed there's a problem with contextual policies - it can only be set for a single domain, so if a common script such as ajax.googleapis.com is custom set to be 'allowed' on a single domain and then I 'temporarily allow' it on another domain - the contextual policy is reset and it's no longer automatically allowed on the original set domain. |
Reason: Certain scripts can be used to serve either benign or malicious code, depending on the domain owners intentions.
I find myself stuck in the position where I don't want to trust certain scripts globally, because they could potentially be used to serve malicious code, but then always having to 'temporarily allow' said scripts on trusted websites that I frequent.
Being able to 'trust' a script to always run on a certain website only, instead of globally on all websites would be useful.
The text was updated successfully, but these errors were encountered: