Page 1 of 1
Re: Credit card stripe.com on Humblebundle blocked
Posted: Thu Nov 07, 2013 11:24 pm
by therube
Without knowing, I'd try, or start with, this set:?
Code: Select all
+youtube.com
+gstatic.com
+ytimg.com
+pubnub.a.ssl.fastly.net
+googleusercontent.com
+akamaihd.net
+pubnub.com
+stripe.com
+google.com
+humblebundle.com
Re: Credit card stripe.com on Humblebundle blocked
Posted: Fri Nov 08, 2013 3:00 am
by Thrawn
And does anything appear in the Browser Console (Ctrl+Shift+J) when you do this?
Re: Credit card stripe.com on Humblebundle blocked
Posted: Fri Nov 08, 2013 9:47 am
by ableeker
@therube That's a good start indeed, but that didn't work.
@Thrawn The console shows one interesting error:
Code: Select all
[Exception... "'NoScript aborted redirection to https://js.stripe.com/v1/' when calling method: [nsIChannelEventSink::asyncOnChannelRedirect]" nsresult: "0x8057001e (NS_ERROR_XPC_JS_THREW_STRING)" location: "native frame :: <unknown filename> :: <TOP_LEVEL> :: line 0" data: no]
And after that I get a lot of these:
Code: Select all
https://humble.pubnub.com/subscribe/6b5eeae3-796b-11df-8b2d-ef048cc31d2e/humblewarnerbrothers%5Fbundle/0/13839017431273532?uuid=0e5fe0eb ... &pnsdk=PubNub-JS-Web%2F3%2E5%2E4 [HTTP/1.1 200 OK 4110ms]
It just keeps doing that, and the process keeps spinning.
Re: Credit card stripe.com on Humblebundle blocked
Posted: Fri Nov 08, 2013 10:38 am
by Giorgio Maone
Are you double sure stripe.com is whitelisted?
[Edit]
I could reproduce it, and seems a side effect of the way the stripe.com script is included, which causes the XSS filter trigger for a reflected script inclusion.
Investigating and looking for a work-around.
Re: Credit card stripe.com on Humblebundle blocked
Posted: Fri Nov 08, 2013 11:01 am
by Giorgio Maone
Please check
latest development build 2.6.8.5rc2, thank you.
Re: Credit card stripe.com on Humblebundle blocked
Posted: Fri Nov 08, 2013 6:43 pm
by ableeker
Thanks man, that worked beautifully!
Re: [FIXED] Credit card stripe.com on Humblebundle blocked
Posted: Sat Nov 09, 2013 9:38 am
by Thrawn
Giorgio, should something be said to the webmaster about their script inclusion methods, or were they simply unusual?
Re: [FIXED] Credit card stripe.com on Humblebundle blocked
Posted: Sat Nov 09, 2013 11:11 am
by Giorgio Maone
Thrawn wrote:Giorgio, should something be said to the webmaster about their script inclusion methods, or were they simply unusual?
Cruel and unusual.
Re: [FIXED] Credit card stripe.com on Humblebundle blocked
Posted: Fri Dec 06, 2013 4:03 pm
by Guest
I am having trouble getting the Humble Bundle site to work properly also. I experimented allowing all scripts it shows on their page except twitter and facebook but it still doesn't work as it should. I can't select a custom amount, clicking the game images won't open their trailers and additional info, etc.
I have tried emailing them about it a couple of times but I am apparently not explaining my issue properly as they only say they will pass the info along.
Is this an issue on my end, though I have it on multiple computers (with NS and ABP on both so I figure it has something to do with one of them)? Any help is appreciated.
Their site used to work fine for me but they changed something a few months back and I have had issues ever since.