Script execution allowed (from icon shown) but login fails

[MarkR]

When I try to login to Sophos Community via the Sophos ID (Okta) authentication (https://id.sophos.com/) I have to first allow 'sophos.com' and then 'oktacdn.com'. After that, the icon shows no problems however the form will still fail with the message 'We found some errors. Please review the form and make corrections.' (which implies the email and/or password is wrong).

The icon, at this stage, shows no problems (no alert). If I zoom the browser smaller (Ctrl + -) once the icon then refreshes to show a no entry symbol and hence I am then alerted that I need to further allow 'okta.com'. Once I do that I can log in without any error. Note: The NoScript menu always shows the requirement to allow 'okta.com', it's just the icon doesn't alert this is required and hence it initially looks like the username and password are wrong and not that NoScript is blocking without alerting to that fact.

Since the icon does not show accurately until the browser is zoomed smaller, is this accepted as a bug?

[Thrawn]

Hmm. It looks like the page doesn't make any attempt to contact okta.com until you try to log in, and then it never actually reloads. Which would be why the icon doesn't change.

Technically I guess this can be considered a bug. When NoScript blocks the dynamic call to okta.com, it could update the icon. Up to Giorgio.