Since the latest up date I have found that payments from our website to the Nochex payment gate way are being broken. The console message is....
[NoScript XSS] Sanitised suspicious upload to [https://secure.nochex.com/] from [https://www.ekmsecure10.co.uk/ekmps/pay ... rtpage.asp? (I have removed the rest for security reasons).
I am certain that this will be effecting many many sites, but they may not know about it yet.
The net result is that our customers are unable to pay by credit card using Nochex.
Raymondo
Payment gateway now broken since latest up date
Payment gateway now broken since latest up date
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Payment gateway now broken since latest up date
There's nothing in the new update changing the previous behavior, it's a known anti-CSRF protection and it's always been there.
The failing request will work fine if either ekmsecure10.co.uk is in user's whitelist or nochex.com is not whitelisted.
At any rate, using Options|Unsafe Reload from the notification bar will work as well, not duplicating the POST request (since no POST happened yet).
The failing request will work fine if either ekmsecure10.co.uk is in user's whitelist or nochex.com is not whitelisted.
At any rate, using Options|Unsafe Reload from the notification bar will work as well, not duplicating the POST request (since no POST happened yet).
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
Re: Payment gateway now broken since latest up date
Thanks for the reply Giorgio,
I have tried it on several of our machines and the result is the same.The problem happens if Nochex is white listed or not.
I have no control over the settings my customers white list so that does not help.
All I can say is that used to work fine and now all of a sudden it does not. Connection to Nochex works fine when NoScript is disabled.
Is it possible that an error has crept in with the update?
Raymondo
I have tried it on several of our machines and the result is the same.The problem happens if Nochex is white listed or not.
I have no control over the settings my customers white list so that does not help.
All I can say is that used to work fine and now all of a sudden it does not. Connection to Nochex works fine when NoScript is disabled.
Is it possible that an error has crept in with the update?
Raymondo
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Payment gateway now broken since latest up date
That's very strange. The code path generating that message should never be traversed for untrusted destinations.Raymondo4IZHPGAD wrote:The problem happens if Nochex is white listed or not.
Could you please PM the whole log line?
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)