[RESOLVED] "Skipping cross-site checks for OCSP request"?

kukla · Post by **kukla** » Thu Jul 23, 2009 3:45 am

I'm wondering why I've just started seeing these entries, which I've never seen before in Console (Mac).

[NoScript] Skipping cross-site checks for OCSP request http://ocsp.verisign.com/

Just updated to 1.9.6.9. Is that related? Is this "expected behavior?"

Post by **GµårÐïåñ** » Thu Jul 23, 2009 7:03 am

I believe this is a performance optimization since its a legitimate built-in function of Fx, generating errors on it would be redundant and unnecessary. But maybe Giorgio can explain it better.

Post by **Giorgio Maone** » Thu Jul 23, 2009 11:22 am

GµårÐïåñ is correct.
Log spam removed in latest development builds when not in console-verbose mode.

kukla · Post by **kukla** » Thu Jul 23, 2009 11:27 am

Thanks Giorgio. Basically, you are saying that Fx (3.5.1) is checking for cross site forgeries on its own, so NS is skipping this because it's already being done now?

Post by **Giorgio Maone** » Thu Jul 23, 2009 11:45 am

kukla wrote:Basically, you are saying that Fx (3.5.1) is checking for cross site forgeries on its own, so NS is skipping this because it's already being done now?

Not at all, Fx 3.5.1 doesn't check any CSRF, otherwise why would I have lost my sleep on ABE?

What's happening here is that some browser-internal requests do not need to be checked, e.g. those sent in background to validate SSL certificates (OCSP).

kukla · Post by **kukla** » Thu Jul 23, 2009 11:59 am

Thanks. Just shows how little I know about this stuff. Basically glad to know NS is doing its job

InformAction Forums

[RESOLVED] "Skipping cross-site checks for OCSP request"?

[RESOLVED] "Skipping cross-site checks for OCSP request"?

Re: "Skipping cross-site checks for OCSP request"?

Re: "Skipping cross-site checks for OCSP request"?

Re: "Skipping cross-site checks for OCSP request"?

Re: "Skipping cross-site checks for OCSP request"?

Re: "Skipping cross-site checks for OCSP request"?