[RESOLVED] NOScript causing page reloads on OneDrive

[Guest]

With noscript_security_suite-2.6.8.27 (offered on May 21, 2014)

Further correction :
noscript_security_suite-2.6.8.27 (offered on June 3, 2014)

[barbaz]

Thank you for the detailed information!

For reference - first "bad" stable version:
https://noscript.net/changelog#2.6.8.27
https://addons.mozilla.org/addon/noscri ... 7.1-signed

Seems pretty consistent with the workaround, doesn't it?

Now someone please check those rc versions and post the last working rc? (I'm thinking that 2.6.8.27rc1 will work, but not 100% sure. The big question is whether the issue is introduced in rc2 or rc3.)

Also can someone please run a traffic monitor (such as HTTPFox) on OneDrive both with a working NoScript and a non-working NoScript, and if the two logs are different please post them here?

[Guest]

Now someone please check those rc versions and post the last working rc? (I'm thinking that 2.6.8.27rc1 will work, but not 100% sure. The big question is whether the issue is introduced in rc2 or rc3.)

Also can someone please run a traffic monitor (such as HTTPFox) on OneDrive both with a working NoScript and a non-working NoScript, and if the two logs are different please post them here?

Answer to question one:
2.6.8.27rc1 works still well
2.6.8.27rc2 fails

https://addons.mozilla.org/de/firefox/a ... .6.8.27rc2
Veröffentlicht am May 31, 2014 533.4 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer
v 2.6.8.27rc2
=========================================================================
+ [Surrogate] External script surrogates are now triggered whenever a matching script fails to load, no matter the reason, e.g. NoScript permissions, ABE, ABP or RequestPolicy ...

Answer to question two:
Sorry, I'm afraid of posting a HTTPFox-log - I saw HTTPFox logging my live.com-identity and I don't know if it logs my password too in any way (maybe encrypted, I'm doubtful) - feeling too risky

[barbaz]

Thanks for confirming.

Answer to question two:
Sorry, I'm afraid of posting a HTTPFox-log - I saw HTTPFox logging my live.com-identity and I don't know if it logs my password too in any way (maybe encrypted, I'm doubtful) - feeling too risky

I can understand that, feel free to dummy out any parts of the URLs you're afraid of posting.

Or one of the registered users here can PM the logs to Giorgio and/or a Mod (me, GµårÐïåñ, therube, or Thrawn).

[victor50]

Is there any idea when this will be fixed? Somehow feels as if it takes longer then usual.

[barbaz]

@victor50

Giorgio is the only developer of NoScript and I have no idea when he can get to this. atm he's pretty busy trying to design & implement WebExtensions API...

[JLJ]

I've been tearing random strangers' hair out over this one for a while now -- running FF 45.0.2 w/ NS 2.9.0.11 -- OneDrive has been unusable since whatever happened happened. I tried all the other suggestions I stumbled on (disabling tracking protection, allowing scripts globally, letting the cat out, paying the cable bill) and one of my own intuiting based on the last time barbaz helped me (removing references to onedrive/live from the noscript.default pref) and nothing worked until barbaz rode to the rescue again with the "surrogates" pref business. GOLD, JERRY, GOLD! Whoever you are, sir or madam, or the cat, I thank you again.

So what's best if you're lazy like me: leave that pref set to false until a fix is implemented to NS or revert to the 2.8x version of NS?

[barbaz]

GOLD, JERRY, GOLD! Whoever you are, sir or madam, or the cat, I thank you again.

You're welcome.

So what's best if you're lazy like me: leave that pref set to false until a fix is implemented to NS

This. Almost every NoScript rc fixes at least one bug, and many have compatibility fixes for Gecko updates... your life will be a lot easier keeping track of just one workaround, than dealing with myriad old bugs with no support.

[sandrock]

Hello, new guy here.

Some days after the bug started (3/30/2016), I filled a feedback to Microsoft explaining what I could about the bug.
I later discovered this thread with no resolution.
Yesterday I received confirmation that they will escalate my bug report to the OneDrive web devs.

Hello,

I am able to repro this issue. I've filed a bug against our web devs to look into this.

Thanks for bringing this issue to our attention!

Carl Hirschman

Hopefully, a fix is coming

[victor50]

@sandrock. How extraordinary! I have never succeeded in getting M$ to admit that some of the many "anomalies" is their fault and they should do something about it.

[barbaz]

@sandrock: Thank you for bringing this to Microsoft's attention! I like that reply
Although it is still a NoScript bug, so if they get to this before Giorgio, explanations as to what about the site revealed this bug in NoScript - and how they work around it - would be very helpful and much appreciated.

[Zitrus]

Because of this:

Thanks for confirming.

Answer to question two:
Sorry, I'm afraid of posting a HTTPFox-log - I saw HTTPFox logging my live.com-identity and I don't know if it logs my password too in any way (maybe encrypted, I'm doubtful) - feeling too risky

I can understand that, feel free to dummy out any parts of the URLs you're afraid of posting.

Or one of the registered users here can PM the logs to Giorgio and/or a Mod (me, GµårÐïåñ, therube, or Thrawn).

and this:

@sandrock: Thank you for bringing this to Microsoft's attention! I like that reply
Although it is still a NoScript bug, so if they get to this before Giorgio, explanations as to what about the site revealed this bug in NoScript - and how they work around it - would be very helpful and much appreciated.

I decided to register for an account on InformAction Forums (former guest mutated to Zitrus now ) and to send two HTTPFox-Logs per PM to You. Here a short explanation:
Browser: Firefox 24.5.0 ESR (portable)
1.) I logged in at live.com with option staying logged-in
2.) Installed noscript 2.6.8.27rc1
3.) Started onedrive.live.com with HTTPFox-Logging and stopped logging at successful onedrive
4.) Installed noscript 2.6.8.27rc2 and restarted browser
5.) Started onedrive.live.com with HTTPFox-Logging and stopped logging at the end of the second fail/reload of onedrive
Now I will send You two logs per PM:
OneDrive-Opens-good-with-NoScript-2.6.8.27rc1.log
OneDrive-Opens-not-with-NoScript-2.6.8.27rc2.log
(For security I dummied out my live.com-ID in the logs and changed live.com-password afterwards)

[victor50]

@zitrus Nice AVA

[sandrock]

Although it is still a NoScript bug, so if they get to this before Giorgio, explanations as to what about the site revealed this bug in NoScript - and how they work around it - would be very helpful and much appreciated.

Yep. Something changed in OneDrive's code at some point. Using the date of first report of this bug, I'm sure thay can find the commits that did it. Maybe they are using a JS "hack" that NoScript does not like. Removing/fixing this hack on their side will fix the bug AND help debug NoScript.

In my communication I wrote about his thread. Devs there might already be looking here for debug info.

@sandrock. How extraordinary! I have never succeeded in getting M$ to admit that some of the many "anomalies" is their fault and they should do something about it.

People at MS are humans too. If you write a nice email, with constructive info plus debug info then stuff happens (hopefully).

[Zitrus]

Microsoft must have been changed things for the better for onedrive Oh wow! Can't hardly believe it
Currently OneDrive is workin flawlessly again with NoScript - both with "noscript.surrogate.enabled" & "noscript.fakeScriptLoadEvents.enabled" set to true (=default)