Page 1 of 2

ajax.googleapis.com surrogate does not work on this site

Posted: Sun Dec 06, 2015 3:46 pm
by baptx
Hello,

I have been using using a local replacement to ajax.googleapis.com for the jQuery library, like explained here viewtopic.php?f=10&t=19598
My surrogate scripts worked great with jQuery 1.7.1 on sites like https://stackoverflow.com/ but today I tried to replace jQuery 2.1.4 on this page https://act.greenpeace.org/ea-action/action?ea.client.id=1845&ea.campaign.id=44982
It is not working and the site also fails to load a Bootstrap script because it says it depends on jQuery.

Here are my Firefox about:config rules:
noscript.surrogate.jquery214.sources: "ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"
noscript.surrogate.jquery214.replacement: "file:///home/bapt/noscript/jquery-2.1.4.min.js"

I also tried to add "https://" to the beginning of .sources value because it's an HTTPS request but jQuery still fails to load and it results in missing placeholders in the website form.
Maybe you know where the problem comes from.
Thanks.

Re: ajax.googleapis.com surrogate does not work on this site

Posted: Sun Dec 06, 2015 5:51 pm
by barbaz
What are the actual error(s) in the Web Console (Ctrl-Shift-K) when the problem occurs?
Does allowing the real (googleapis) script make the site work?

Re: ajax.googleapis.com surrogate does not work on this site

Posted: Sun Dec 06, 2015 7:56 pm
by baptx
You can see the logs here: http://pastebin.com/dWwjr9hD (HTTP_request_stream errors come from moz-rewrite addon and can be ignored)
The real script is working when it is allowed, I can see the placeholders in the form and "$" / "jQuery" functions are defined in the console.
I am using Firefox 42 with NoScript 2.7 on Xubuntu 14.04 LTS.
ajax.googleapis.com is also allowed in my RequestPolicy addon.

Re: ajax.googleapis.com surrogate does not work on this site

Posted: Sun Dec 06, 2015 11:03 pm
by Thrawn
In the 'sources' setting, I'm not sure whether you can use a full URL path without also specifying the protocol.

What does your sources/replacement configuration for jQuery 1.7.1 look like?

Re: ajax.googleapis.com surrogate does not work on this site

Posted: Mon Dec 07, 2015 2:25 am
by barbaz
What if you make .sources a regex?

Code: Select all

^https?://ajax\.googleapis\.com/.*jquery[^0-9A-Za-z].*2\.1\.4.+


If this doesn't work it may be a problem with your local jquery 2.1.4 file, can you verify that that's working?

Re: ajax.googleapis.com surrogate does not work on this site

Posted: Mon Dec 07, 2015 10:59 am
by baptx
@Thrawn I have used jQuery 1.7.1 surrogate on HTTPS website StackOverflow without specifying the protocol and it worked.
@barbaz this regex does not work better and my jquery file should have no problem, the MD5 hash is 4a356126b9573eb7bd1e9a7494737410 (http://minime.stephan-brumme.com/jquery/2.1.4/), the file name is jquery-2.1.4.min.js, it is located in a folder /home/bapt/noscript/ and I have read/write access to the file.

Can you reproduce the problem on the link I shared with jQuery 2.1.4?

Re: ajax.googleapis.com surrogate does not work on this site

Posted: Mon Dec 07, 2015 9:57 pm
by Thrawn
When I view the source of that page, at line 132, I can see a dynamic load of jQuery 1.7.1:

Code: Select all

<script type='text/javascript'>google.load('jquery', '1.7.1');</script>


This fails because 'google' isn't defined. Presumably because the real googleapis is blocked.
The errors are coming from typeahead.js, which is loaded a few lines later, and further scripts after it.

jQuery 2.1.4, meanwhile, isn't loaded until line 490. Which is too late to save typeahead et al.

Perhaps the best approach is to add an extra surrogate specifically targeting this site. You can reference jQuery 2.1.4 using the same file URL, but for the sources value, try:

Code: Select all

@act.greenpeace.org

Re: ajax.googleapis.com surrogate does not work on this site

Posted: Mon Dec 07, 2015 11:38 pm
by barbaz
Why not make a surroagte for the google object, something like this?

Code: Select all

if (typeof google === 'undefined'){google={}};google.load=function(lib,v){if (lib == 'jquery'){var e=document.createElement('script');e.src='https://ajax.googleapis.com/ajax/libs/jquery/'+v+'/jquery.min.js';document.head.appendChild(e);}}

Note that that code is not tested, and I don't know what sources value it'd need...

Re: ajax.googleapis.com surrogate does not work on this site

Posted: Tue Dec 08, 2015 7:54 pm
by baptx
Thanks for you help, I was also blocking google.com scripts.
I created a surrogate for the google object:

noscript.surrogate.google.sources: "www.google.com/jsapi"
noscript.surrogate.google.replacement: "file:///home/bapt/noscript/jsapi.js"

I don't need jQuery 2.1.4 anymore Thrawn, the web page is working using jQuery 1.7.1 surrogate.
The JavaScript code surrogate also works great barbaz. I think it is faster than loading the whole local file like I do. Will I get the same functionalities of the original google object with your code?
If it does its job, the surrogate could be added in the next version of NoScript.

In order to have the web page working, I have to allow google.com and ajax.googleapis.com domains in RequestPolicy addon, is it normal?
From the topic "Local Replacement for ajax.googleapis.com (feature request)" (link on my original question):
Giorgio Maone wrote:
Giorgio Maone wrote:At any rate, do not block anything you need Surrogate to be triggered by with RequestPolicy

Not true anymore, I hope. Didn't test yet, but now external scripts surrogates should be triggered by any loading failure of a matching script source, no matter the reason, including RequestPolicy or adverse network accidents :)

If we don't want third-party HTTP requests, it would be safer to block requests using RequestPolicy since other resources than jQuery or google object could be loaded from these domains, for which we don't have surrogates.

Thank you.

Re: ajax.googleapis.com surrogate does not work on this site

Posted: Tue Dec 08, 2015 8:08 pm
by barbaz
You're welcome.

baptx wrote:Will I get the same functionalities of the original google object with your code?

Nope, it was a quick hack to get just the functionality you indicated you'd need, that isn't by any means a replacement for the entire google object. Probably the reason it's faster than loading the entire file is because it's got a LOT less functionality actually.

baptx wrote:If it does its job, the surrogate could be added in the next version of NoScript.

I think this sort of thing isn't really suitable for a default surrogate.

baptx wrote:In order to have the web page working, I have to allow google.com and ajax.googleapis.com domains in RequestPolicy addon, is it normal?

The surrogates should load regardless what's allowed in RP, but for scripts you aren't making surrogates of, it's normal. I would find it odd if it's required to be allowed in RP but can be forbidden in NS...
You might sniff the network traffic with HTTPFox and see what actually is loading, maybe that will show why?

Re: ajax.googleapis.com surrogate does not work on this site

Posted: Tue Dec 08, 2015 11:10 pm
by Thrawn
baptx wrote:I created a surrogate for the google object:

Makes sense, while you're using local files for surrogates anyway.

I don't need jQuery 2.1.4 anymore Thrawn, the web page is working using jQuery 1.7.1 surrogate.

You could reverse that and use just 2.x, actually :). jQuery 2.x is just like 1.x, except only compatible with modern browsers, thus smaller.

Re: ajax.googleapis.com surrogate does not work on this site

Posted: Mon Dec 14, 2015 10:37 pm
by baptx
@barbaz does HTTPFox show additional requests compared to Firefox developer tools or Firebug? (I know that Firefox dev tools don't show m3u8 files loaded when streaming a video through Flash plugin, then I use Wireshark)
I have tried the addon and there is nothing else that is loaded from ajax.googleapis.com and google.com domains. I confirm that my surrogates are not working if original domains are not allowed in RequestPolicy. Maybe someone else can confirm the problem?
@Thrawn I remember some websites didn't work when I created a surrogate with a greater version of jQuery.

Re: ajax.googleapis.com surrogate does not work on this site

Posted: Mon Dec 14, 2015 10:58 pm
by Thrawn
baptx wrote:@Thrawn I remember some websites didn't work when I created a surrogate with a greater version of jQuery.

Ah. That's probably because jQuery 2.0 is the equivalent of jQuery 1.9, so if sites are using features that were removed in 1.9, they'll break. Similarly, the latest 2.1.4 is the equivalent of the latest 1.11.3.

So if that causes problems, feel free to use the version specified by the site.

Re: ajax.googleapis.com surrogate does not work on this site

Posted: Mon Dec 14, 2015 11:25 pm
by barbaz
baptx wrote:@barbaz does HTTPFox show additional requests compared to Firefox developer tools or Firebug? (I know that Firefox dev tools don't show m3u8 files loaded when streaming a video through Flash plugin, then I use Wireshark)
I have tried the addon and there is nothing else that is loaded from ajax.googleapis.com and google.com domains. I confirm that my surrogates are not working if original domains are not allowed in RequestPolicy. Maybe someone else can confirm the problem?

It should show *all* requests made by the browser, Fx dev tools & Firebug I think only show request of the current page?
The m3u8 files may be made via Flash internals, if that's the case Fx can't see those and thus neither can the add-ons.

Do you have another request blocking addon with which you could block ajax.googleapis.com as a test (allow the domain in RP) to see if it's a RP quirk causing that oddity?

Re: ajax.googleapis.com surrogate does not work on this site

Posted: Tue Dec 15, 2015 2:51 pm
by baptx
Indeed, Firefox dev tools and Firebug only show requests of the current page.
I don't have another request blocking addon. I am currently using RequestPolicy Continued which is still under development, so I tried the original RequestPolicy and it didn't have the problem.
The original RequestPolicy addon doesn't show any entry for ajax.googleapis.com and google.com domains if the content is already blocked with NoScript.
What I don't understand is that on websites like http://stackoverflow.com/, I didn't need to allow ajax.googleapis.com with RequestPolicy Continued to use the NoScript surrogate.
So I don't think the problem comes from NoScript. I will share this to RP GitHub.
Thanks for your help.

PS: Maybe you can have a quick look at a bug on another topic that I have recently updated viewtopic.php?p=76564#p76564