I like to set the default Brave shields to be very strict, and then grant more permissions to specific websites based on trust level and need. However, when I modify shield settings for a specific site, the exception uses the exact domain name of the page. This is a problem for websites that use different low-level domain labels for different parts of the site, or worse, dynamically generate one of their domain labels for security reasons, because the modified permissions don’t get propagated to other pages of the site.
Conveniently, modified permissions apply to all subdomains of a listed exception, but this is only useful on sites that have a page without that level of subdomain. For example, I loaded
brave.com and modified the shield settings to allow scripts. This created a Saved Site Exception under Block Scripts: “
https://brave.com: off”. I then loaded
community.brave.com shows that scripts are being blocked).
What this means is that if I can configure an exception for “
example.com”, I can propagate site-specific permissions to every subdomain of
example.com. The problem is, if every page on
example.com has one or more labels preceding the label “example”, I don’t know of any way to configure that exception. At some point, I think a UI option to specify how many labels should be included in an exception should become part of the “about:preferences#shields” page, but in the meantime, is there a file I can edit?
Edit: For the moment, it seems this isn’t such a great solution after all. While it’s true that I got scripts working in
community.brave.com with a
brave.com exception, the cookies permission didn’t seem to propagate successfully. I guess I’ll submit a feature request and just lower my global security settings for the time being.