[RESOLVED] issue with login page @ Capital One

ginahoy · Post by **ginahoy** » Fri Mar 25, 2016 9:17 pm

I can login with NS disabled, but when I enable NS, the Continue button won't work. My whitelist includes capitalone.com and capitalone360.com, and I "allowed" all scripts on the page: https://secure.capitalone360.com/myacco ... g/login.vm

Post by **barbaz** » Fri Mar 25, 2016 9:19 pm

When this issue occurs, do you see anything related in the Browser Console? (Ctrl-Shift-J)
(if you don't know what's related, turn off CSS warnings and post everything else you see)

ginahoy · Post by **ginahoy** » Fri Mar 25, 2016 10:23 pm

Below is what I think you're looking for from the console. Interesting that doubleclick.com is in my forbidden list, but it doesn't show up in the script list for this page. I specifically allow google-analytics and ensighten (temporary for this page) and they show up in the NS menu "Forbid google-analytics.com" and "Forbid ensighten.com. Why would those scripts be denied?

Code: Select all

[ABE] <LOCAL> Deny on {GET https://www.google-analytics.com/analytics.js <<< https://secure.capitalone360.com/myaccount/banking/login.vm - 2}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
[ABE] <LOCAL> Deny on {GET https://nexus.ensighten.com/capitalone/Bootstrap.js <<< https://secure.capitalone360.com/myaccount/banking/login.vm - 2}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
[ABE] <LOCAL> Deny on {GET https://fls.doubleclick.net/activityi;src=806653;type=gener917;cat=flood725;ord=7714144721534?;ord=7714144721534? <<< https://secure.capitalone360.com/myaccount/banking/login.vm - 7}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny

Post by **barbaz** » Fri Mar 25, 2016 11:06 pm

1) If allowing google-analytics gets it working, that is a NoScript bug.

2) Those domains are definitely not LOCAL. Have you got a custom HOSTS file or the like set up to block them?
Please post here a DNS lookup of one of those ABE-blocked domains. (use nslookup from Command Prompt - e.g. for google-analytics, type this: )

Code: Select all

nslookup www.google-analytics.com

3) No idea if any of this is helpful, viewtopic.php?f=7&t=21630

Post by **therube** » Fri Mar 25, 2016 11:38 pm

(Without using a valid UN/PW, I'm able to enter both UN & PW, with the Continue button working for each.)

ginahoy · Post by **ginahoy** » Sat Mar 26, 2016 12:16 am

@barbaz, I do have a HOSTS file (from mvp.org), and it does include an entry for google-analytics. However, after reviewing the thread you linked, I upgraded to the latest NS version and it fixed the problem without me having to remove the entry in the HOSTS file. Therefore I didn't bother with nslookup. BTW, I had previously searched this forum for capitalone, so I missed that thread since it had a space between the two words

What I don't understand is why the login page now works with google-analytics blocked by the local HOSTS file. Does 'allowing' a site in NS override the local HOSTS entry?

Anyway, thanks for the assist!

Post by **barbaz** » Sat Mar 26, 2016 12:24 am

surrogate script run regardless of how the script is blocked

InformAction Forums

[RESOLVED] issue with login page @ Capital One

[RESOLVED] issue with login page @ Capital One

Re: issue with login page @ Capital One

Re: issue with login page @ Capital One

Re: issue with login page @ Capital One

Re: issue with login page @ Capital One

Re: issue with login page @ Capital One

Re: issue with login page @ Capital One