InformAction Forums

• GREAT JOB! I don't want public webservers to be able to post to internal ones!! Thanks for that! I DO want it to happen in this particular case though...
• Sometimes it DOES work... I think it's a bug somewhere. Not particularly often, but like 3 out of 50 tries. How should I proceed to pinpoint this?
• It would have saved me like 2 hours of debugging had NoScript given an indication that it was blocking the request. All I got was "error", without any explanation... Consider this a feature request.

$.ajax({
	type: 'POST',
	url: 'http://dns.that.resolves.to.internal.ip/test.php',
	crossDomain: true,
	data: {
		'some': 'data'
	},
	success: function(msg) {
		console.log(msg);
	},
	error: function(jqXHR, textStatus, errorThrown){
		console.log(textStatus);
		console.log(errorThrown);
	}
});

niobos wrote: GREAT JOB! I don't want public webservers to be able to post to internal ones!! Thanks for that! I DO want it to happen in this particular case though...

Site dns.that.resolves.to.internal.ip
Accept from dns.that.resolves.to.external.ip

# built-in rule
Site LOCAL
Accept from LOCAL
Deny

Sometimes it DOES work... I think it's a bug somewhere. Not particularly often, but like 3 out of 50 tries. How should I proceed to pinpoint this?

It would have saved me like 2 hours of debugging had NoScript given an indication that it was blocking the request. All I got was "error", without any explanation... Consider this a feature request.

Thrawn wrote:

niobos wrote: GREAT JOB! I don't want public webservers to be able to post to internal ones!! Thanks for that! I DO want it to happen in this particular case though...

Would you like help writing an exception rule? It would need to go in your SYSTEM ruleset, above the existing rule, and it would look something like:

Thrawn wrote: Well, you would have been spamming the Messages tab of the Error Console (Ctrl+Shift+J)...

ABE will give you an alert if it blocks the top-level page that you're loading, but not always if it blocks a third-party site.

niobos wrote:

Thrawn wrote: Would you like help writing an exception rule? It would need to go in your SYSTEM ruleset, above the existing rule, and it would look something like:

Thanks for the offer, but not at this point. My main complaint was that it took me longer than it should have to figure out NoScript was responsible for blocking my request (whether this was the expected behavior or not is less relevant for this point)

Thrawn wrote: Well, you would have been spamming the Messages tab of the Error Console (Ctrl+Shift+J)...

ABE will give you an alert if it blocks the top-level page that you're loading, but not always if it blocks a third-party site.

OK, I see your point...
What about returning a error which is a little more descriptive in the XHR-object? (Although I'm not sure that a plugin can do that)
Right nog I only get "error" without any pointers as to why. I have been reading up on CORS for hours, and couldn't find anything wrong with my response-headers. Until I figured out with tcpdump that the request wasn't even made...

Thrawn wrote:I wonder whether it would be worth having a 'noisy' option (or keyword?) for ABE, to make its notifications more intrusive? They certainly are easy to miss; you shouldn't have to routinely check the Error Console, especially not the Messages tab, without some other indication that something is wrong.