InformAction Forums

Hi,
the last time I was shopping on amazon.de is a few months ago. Now NS makes severe problems. I made no changes in the NS settings regarding amazon.
When I click on payment button in shopping cart I get the login screen and cannot proceed. The login screen returns permanently. The same happens when I want to look at my orders.
Amazon.de is allowed temporarily (general setting for second level domains) and images-na.ssl-images-amazon.com is on the whitelist. No other domains are shown in the NS menu. There are no ABE rules regarding amazon.
Allowing all scripts does not solve the problem. After deactivating NS the amazon.de site works without a problem.

How can I make amazon.de work correctly with NS acitvated?

NS version 2.6.8.11

Anything in the Browser Console (Ctrl+Shift+J)?

Thrawn wrote:Anything in the Browser Console (Ctrl+Shift+J)?

Hi Thrawn,
yes, among others there were plenty of these entries:
[NoScript HTTPS] FORCED SECURE on https://www.amazon.de: ...

That made me look into the settings for secure cookie management. And, indeed, there I had an entry for amazon.de which I made long ago.
After removing this the amazon.de site seems to work correctly again.
What may have changed that the secure cookie management worked for a long time and now it corrupts the site?

bege wrote: What may have changed that the secure cookie management worked for a long time and now it corrupts the site?

The site has probably changed. It's unfortunate that they've changed in a way that doesn't allow proper security, but there's not much to do except work around it. You could email their webmaster, but I wouldn't count on them fixing it...

By the way, was it actually related to secure cookies (Options-Advanced-HTTPS-Cookies), or was it forcing HTTPS on the site (Options-Advanced-HTTPS-Behavior)?

I saw this post and just wanted to comment that when I set amazon.com to force https and secure cookie I had the same problem. This was about 2 years ago.

Thrawn wrote:

bege wrote: What may have changed that the secure cookie management worked for a long time and now it corrupts the site?

The site has probably changed. It's unfortunate that they've changed in a way that doesn't allow proper security, but there's not much to do except work around it. You could email their webmaster, but I wouldn't count on them fixing it...

By the way, was it actually related to secure cookies (Options-Advanced-HTTPS-Cookies), or was it forcing HTTPS on the site (Options-Advanced-HTTPS-Behavior)?

I had an "amazon.de" entry only in the secure cookies tab. That worked fine for several years until recently.
I wrote to the customer service and will report here if there is an answer.

Thrawn, unfortunately your assumption was correct that there is no help by amazon:
"There may have been changes to our site ... no information about these changes. Please, ask for help at support for your browser."

Well, it's unfortunate that they can't handle secure cookies, but c'est la vie.

You could try forcing the whole site to use HTTPS; either that will fix the problem and secure everything, or the site won't handle HTTPS and it will break.

Thrawn wrote: You could try forcing the whole site to use HTTPS; either that will fix the problem and secure everything, or the site won't handle HTTPS and it will break.

Forcing HTTPS works without problem, as soon as I add amazon.de to secure cookie handling the function of the site is broken.

Well, if you can force the whole site to use HTTPS, then that's better than securing just the cookies .

But are you saying that even with HTTPS forced, you still can't force secure cookies without breaking it? That would be weird.

Thrawn wrote: But are you saying that even with HTTPS forced, you still can't force secure cookies without breaking it? That would be weird.

Yes, isn't it? HTTPS forced or not without secure cookies works. Secure cookies with or without HTTPS forced breaks it.

Can you identify the exact domain that the cookies are set for (by examining the cookies), and the exact domain where you're forcing HTTPS? Maybe there are different subdomains involved.

The domains are ".amazon.de" (several cookies, permissions mixed: part of them is HTTP only, others are for any connection) and "www.amazon.de" (one cookie, permission for any connection).
I use "*.amazon.de" in the secure cookies settings.

After I added ignore insecure cookies on "www.amazon.de" the site seems to work.
I am far from understanding what that means.

OK, that's progress .

What is the exact domain where you are forcing HTTPS connections?

Thrawn wrote:OK, that's progress .

What is the exact domain where you are forcing HTTPS connections?

Same as for secure cookies: "*.amazon.de".