Payment gateway now broken since latest up date

[Raymondo]

Since the latest up date I have found that payments from our website to the Nochex payment gate way are being broken. The console message is....

[NoScript XSS] Sanitised suspicious upload to [https://secure.nochex.com/] from [https://www.ekmsecure10.co.uk/ekmps/pay ... rtpage.asp? (I have removed the rest for security reasons).

I am certain that this will be effecting many many sites, but they may not know about it yet.
The net result is that our customers are unable to pay by credit card using Nochex.

Raymondo

[Giorgio Maone]

There's nothing in the new update changing the previous behavior, it's a known anti-CSRF protection and it's always been there.

The failing request will work fine if either ekmsecure10.co.uk is in user's whitelist or nochex.com is not whitelisted.
At any rate, using Options|Unsafe Reload from the notification bar will work as well, not duplicating the POST request (since no POST happened yet).

[Raymondo4IZHPGAD]

Thanks for the reply Giorgio,

I have tried it on several of our machines and the result is the same.The problem happens if Nochex is white listed or not.
I have no control over the settings my customers white list so that does not help.

All I can say is that used to work fine and now all of a sudden it does not. Connection to Nochex works fine when NoScript is disabled.

Is it possible that an error has crept in with the update?

Raymondo

[Giorgio Maone]

The problem happens if Nochex is white listed or not.

That's very strange. The code path generating that message should never be traversed for untrusted destinations.
Could you please PM the whole log line?