twitter oddities

[ede]

So i installed NoScript another time, now in my recently used temporary profile. Had been using it since the days when it was just a simple menu hanging down from the button, Firefox was in its 30s i think.
Of course I've set everything I could find in the settings to "Block" and check the menu when I open a new site, just to set everything there to "Block" instead of "Default". No, i don't want "Default" to block everything, that's why the "Block" preset is there. I just want to block all settings by default.
Same for twitter. Blocked everything and then i allowed scripting on twitter.com and checked what it wants and needs. Some new subdomains, some scripting, fetch, frame, font, css, …. And there are some things stealing my time and making using it really hard.

1. The items marked differ. Like sometimes script in some subdomain, then I reload, then it isn't anymore. I looked into the Network Tab, scripts in api.* were not loaded but also not marked. Checked the box, reloaded, worked.
2. Images appear behind the text instead of in front of it. So far i have no solution than to allow everything or reload the page every time. Because then it appears as it should. Only <ESC> doesn't work anymore to close the image/gallery.
3. I can't figure out how to use the buttons on the right. Clicked #2 (the rectangle) yesterday, so in fact telling it to take a break. But now it didn't fix the problem so i wanted to use #3, I just can't say if it does something or not. All I see is the cursor is a hand when hovering either of the buttons. Didn't happen on #3 before, whatever this means.

I really prefer to have individual settings, mostly i care about scripts and autoplay videos – they're a no-go. I don't care changing everything until it works, but this is something i want to do a single time and then it should just load whatever it needs. I'm about to reset everything... again... and restart by blocking everything first and just select whatever the addon tells me the page tries to load.

[ede]

I'm getting nearer to just uninstalling NoScript. http://fritz.box doesn't work at all, no matter what i select in the settings page and the hanging things. Not even with the DANGEROUS thing and everything allowed everywhere (why is there even ...fritz.box), no matter if the locks are red or green.
The only way to access the router is in a private window. But then if i have to do this all the time (finding out what's actually needed ­­– for twitter it changes all the time, see above – takes more time than actual reading the page contents) to access everything that doesn't work w/o scripting then just blocking everything outside of private windows would be the better solution.


PS: And now I have to find out if i can get the scripting here to work without allowing everything another time, can't preview and not even save this post…

PPS: The solution you provided was incorrect – just above the input field for the username. I bet this means something, but no idea what.

PPPS: Oh, a reCaptcha appeared after allowing something Google. May be related.

[ede]

And it continues.
Started firefox, twitter only displayed the "static" content, but no messages. Again only Shift+Click was able to load the page correctly. The reason may be there's only the first script from abs.twitter.com loading correctly, all the other ones report NS_ERROR_INTERCEPTION_FAILED. there's https://bugzilla.mozilla.org/show_bug.cgi?id=1699047 and a lot of more hits on google. No idea what they're talking about. Opening the failing scripts in a new tab works, but even then they won't load in the page. Only solution: allowing everything on abs.twitter.com.
Then after a restart there finally was api.twitter.com again in the list, which was missing before. And at least for the moment images open in front of the stream instead of in the background. Same for the comment box and its helpers (icons etc).

And what I've just noticed, most scripts don't show a filesize in the Network tab, but "Service Worker". Including the single one loading under "normal" circumstances, so this can't really be the reason.

[redwolfe_98]

to solve your problems with using noscript, first, restore the default settings for noscript. then, when using noscript, "allow" scripting for particular URL's as necessary.

do not change the default settings. do not set URL's to "block." URL's are already "blocked" which is why you have to "allow" scripting for particular URL's where scripting needs to be allowed, because, otherwise, they are blocked.

[therube]

twitter oddities

URL?

[redwolfe_98]

twitter oddities

URL?

https://twitter.com/

apparently they are finding that, for "twitter.com" to function properly, scripting for "abs.twimg.com" needs to be allowed, but apparently they do not want to allow scripting for "abs.twimg.com."

so, they have a choice, either to not use "twitter.com" or to allow scripting for "abs.twimg.com."

there is nothing "odd" about it. sometimes, scripting needs to be "allow-ed."

the only thing that is "odd" is their tweaking noscript's default settings and their "block-ing" URL's.

[therube]

(Oh. I'd didn't pick that part up. Once I had the URL, I was then going to ask just what the issue was.)

[Mad_Man_Moon]

Can you not use the new custom options to affect this?

[redwolfe_98]

Can you not use the new custom options to affect this?

yes, you can use custom settings, but, if you do that, and the result is that you then find that noscript is unusable, then you need to stick with using the default settings.

noscript is designed to be easy to use. using the default settings is the easy way to use noscript.

[Mad_Man_Moon]

I'm not really sure what you're saying here, sorry.

I'm not speaking technically, here, but there's an option that is easy to use (when I select 'CUSTOM' instead of DEFAULT/TRUSTED/UNTRUSTED) where I can ensure that the twitter domains can only run twitter code on twitter sites (kinda).

-----------

So ... let's ignore the 'CUSTOM' option for difficulty's sakes, which I kinda understand.

Using the normal noscript functionality then surely just allowing the domains makes Twitter work, no?

Code: Select all

twitter.com t.co twimg.com twttr.com pscp.tv

Just make sure that your 'DEFAULT' permissions match your 'UNTRUSTED' permissions and you'll be good?

So (FTR) my noscript set up is:

DEFAULT permissions:

Code: Select all

TRUSTED permissions:

Code: Select all

object  media frame
font    webgl fetch
unrestricted CSS

BLOCKED permissions:

Code: Select all

All of which means that the DEFAULT action for all sites is the same as UNTRUSTED. Meaning that by default nothing can do anything until you whitelist it.

With that setup, and the above domains as TRUSTED, then Twitter works fine ... and I run some pretty crazed userContent.css and violentmonkey modifications, too!

All this is to say that whilst not site specific (denying twitter code on *other* sites) you can definitely ensure that it works fine just using the base/old functionality and none of the 'CUSTOM' usages.

---

Also ... if it helps, then this was my old ABE rule from the olden days:

Code: Select all

Site twitter.com t.co twimg.com twttr.com pscp.tv
Accept from .twitter.com t.co twimg.com twttr.com .vine.co .pscp.tv twitter.com
# Accept GET from LOCAL
Deny INCLUSION

Still unsure what I was doing with that LOCAL thing, but there is *something* that Twitter needs that meant I had to allow LOCAL. Need to look at that.

yes, you can use custom settings, but, if you do that, and the result is that you then find that noscript is unusable, then you need to stick with using the default settings.

noscript is designed to be easy to use. using the default settings is the easy way to use noscript.

[barbaz]

I'm not really sure what you're saying here, sorry.

Yes, the problem description is hard to follow, but redwolfe_98 already cut through it and got to the point -

apparently they are finding that, for "twitter.com" to function properly, scripting for "abs.twimg.com" needs to be allowed, but apparently they do not want to allow scripting for "abs.twimg.com."

so, they have a choice, either to not use "twitter.com" or to allow scripting for "abs.twimg.com."

This is the answer. What the OP is seeking is way outside the scope of NoScript.

OP has not come back since redwolfe_98's post and there is nothing else constructive to say here, locking. Thanks redwolfe_98 for delivering clarity to this thread.