The option is in NoScript’s preferences, under
Options > Advanced > HTTPS > Permissions. As long as the global block is on (which it is by default), I found that setting the drop-down menu, “Forbid active web content unless it comes from a secure HTTPS connection” actually works best when set to “Never”—or if you’re a frequent Tor user, to “When using a proxy”. ((This setting is pretty counter-intuitive to me, but if it is set to “Always” I experienced some funny interactions with manual permission changes.)) Then the checkbox below, “Allow HTTPS scripts globally on HTTPS documents”, should be checked.