Hopefully the developer and support team can help solving this.
Noscript 10.2.1, more specifically RequestQuard.js (17.8 KB) is preventing Amazon's Wish list feature from opening.
Tested it in Firefox by using the Load Temporary Add-on feature.
Copied RequestQuard.js (17.2 KB) from noscript version 10.2.0 to noscript_security_suite-10.2.1-fx\bg\Requestquard.js
After the file had been copied, the Assistant's Wish list opened again. These domains already had been whitelisted in Noscript:
Canada + USA: amazon.ca, amazon.com, d2sy71lka14dqw.cloudfront.net
Europe + India: amazon.de, amazon.co.uk, amazon.es, amazon.fr, amazon.it, amazon.in, d22r6og5gp6fgc.cloudfront.net
Japan: amazon.co.jp, d1oyjnop5htyha.cloudfront.net
China: amazon.cn, s3.cn-north-1.amazonaws.com.cn
All the above locations require: s3.amazonaws.com, ssl-images-amazon.com
Below the lines of code from RequestQuard.js Noscript 10.2.0 and Noscript 10.2.1
RequestQuard.js - Noscript 10.2.0
Between lines 311-325
Code: Select all
pending.headersProcessed = true;
let {url, documentUrl, statusCode, tabId, responseHeaders, type} = request;
let isMainFrame = type === "main_frame";
try {
let capabilities;
if (ns.isEnforced(tabId)) {
let policy = ns.policy;
let perms = policy.get(url, documentUrl).perms;
if (policy.autoAllowTop && isMainFrame && perms === policy.DEFAULT) {
policy.set(Sites.optimalKey(url), perms = policy.TRUSTED.tempTwin);
await ChildPolicies.update(policy);
}
capabilities = perms.capabilities;
RequestQuard.js - Noscript 10.2.1
Between lines 311 -340
Code: Select all
pending.headersProcessed = true;
let {url, documentUrl, frameAncestors, statusCode, tabId,
responseHeaders, type} = request;
let isMainFrame = type === "main_frame";
try {
let capabilities;
if (ns.isEnforced(tabId)) {
let policy = ns.policy;
let perms = policy.get(url, documentUrl).perms;
if (isMainFrame) {
if (policy.autoAllowTop && perms === policy.DEFAULT) {
policy.set(Sites.optimalKey(url), perms = policy.TRUSTED.tempTwin);
await ChildPolicies.update(policy);
}
capabilities = perms.capabilities;
} else {
capabilities = perms.capabilities;
if (frameAncestors.length > 0) {
// cascade top document's restrictions to subframes
let topUrl = frameAncestors.pop().url;
let topPerms = policy.get(topUrl, topUrl).perms;
if (topPerms !== perms) {
let topCaps = topPerms.capabilities;
// intersect capabilities
capabilities = new Set([...capabilities].filter(c => topCaps.has(c)));
}
}
}
With RequestQuard.js from Noscript 10.2.1, the browser console shows a lot of Warnings (Cross-Origin Request Blocked messages) and several errors about Content Security Policy:"The page's settings blocked the loading of a resource at inline ("script-src").
XHR and Request status codes (POST and GET) are Ok.
@developer and support team:
Would it be possible to change RequestQuard.js in such a way that the assistant's Wish List feature is allowed to open/load again instead of disabling restrictions globally?
Best Regards!
Hopefully the developer and support team can help solving this.
Noscript 10.2.1, more specifically RequestQuard.js (17.8 KB) is preventing Amazon's Wish list feature from opening.
Tested it in Firefox by using the Load Temporary Add-on feature.
Copied RequestQuard.js (17.2 KB) from noscript version 10.2.0 to noscript_security_suite-10.2.1-fx\bg\Requestquard.js
After the file had been copied, the Assistant's Wish list opened again. These domains already had been whitelisted in Noscript:
Canada + USA: amazon.ca, amazon.com, d2sy71lka14dqw.cloudfront.net
Europe + India: amazon.de, amazon.co.uk, amazon.es, amazon.fr, amazon.it, amazon.in, d22r6og5gp6fgc.cloudfront.net
Japan: amazon.co.jp, d1oyjnop5htyha.cloudfront.net
China: amazon.cn, s3.cn-north-1.amazonaws.com.cn
All the above locations require: s3.amazonaws.com, ssl-images-amazon.com
Below the lines of code from RequestQuard.js Noscript 10.2.0 and Noscript 10.2.1
RequestQuard.js - Noscript 10.2.0
Between lines 311-325
[code]pending.headersProcessed = true;
let {url, documentUrl, statusCode, tabId, responseHeaders, type} = request;
let isMainFrame = type === "main_frame";
try {
let capabilities;
if (ns.isEnforced(tabId)) {
let policy = ns.policy;
let perms = policy.get(url, documentUrl).perms;
if (policy.autoAllowTop && isMainFrame && perms === policy.DEFAULT) {
policy.set(Sites.optimalKey(url), perms = policy.TRUSTED.tempTwin);
await ChildPolicies.update(policy);
}
capabilities = perms.capabilities;[/code]
RequestQuard.js - Noscript 10.2.1
Between lines 311 -340
[code] pending.headersProcessed = true;
let {url, documentUrl, frameAncestors, statusCode, tabId,
responseHeaders, type} = request;
let isMainFrame = type === "main_frame";
try {
let capabilities;
if (ns.isEnforced(tabId)) {
let policy = ns.policy;
let perms = policy.get(url, documentUrl).perms;
if (isMainFrame) {
if (policy.autoAllowTop && perms === policy.DEFAULT) {
policy.set(Sites.optimalKey(url), perms = policy.TRUSTED.tempTwin);
await ChildPolicies.update(policy);
}
capabilities = perms.capabilities;
} else {
capabilities = perms.capabilities;
if (frameAncestors.length > 0) {
// cascade top document's restrictions to subframes
let topUrl = frameAncestors.pop().url;
let topPerms = policy.get(topUrl, topUrl).perms;
if (topPerms !== perms) {
let topCaps = topPerms.capabilities;
// intersect capabilities
capabilities = new Set([...capabilities].filter(c => topCaps.has(c)));
}
}
}[/code]
With RequestQuard.js from Noscript 10.2.1, the browser console shows a lot of Warnings (Cross-Origin Request Blocked messages) and several errors about Content Security Policy:"The page's settings blocked the loading of a resource at inline ("script-src").
XHR and Request status codes (POST and GET) are Ok.
@developer and support team:
Would it be possible to change RequestQuard.js in such a way that the assistant's Wish List feature is allowed to open/load again instead of disabling restrictions globally?
Best Regards!