InformAction Forums

I can't seem to figure out what is causing the Humble Bundle site, specifically their store section and after logging in my library section, to work properly. This site has always been so helpful and patient providing troubleshooting help that I was hoping someone might be able to figure out some potential causes.

Unless someone has an account with them and some purchased games, the best way to probably walk one through what is happening for me is to start at https://www.humblebundle.com/store.

I have figured out that their store section will not load properly unless one has allowed dom storage. I have tested the site on a couple of different computers and it works fine on one but not the other even though they appear to be setup the same (I have played around with any settings I could find different but I still can not get the site to work on one computer).

Once making sure the dom.storage.enabled setting is set to true and allowing the humblebundle and humblebundle-a.akamaihd.net scripts the store and account library sections work as they should on one computer but not the other. Originally, I noticed that the computer that wouldn't load the site listed the noscript.surrogate.ga.replacement as user set in about:config, even though it wouldn't have been so perhaps an updated NS release failed to overwrite a previous one?. It was set to..

noscript.surrogate.ga.replacement;(function(){var _0=function()_0,_u=function(){};_0.__noSuchMethod__=_0;('ga'in window)||(ga=_u);with(window)urchinTracker=_u,_gaq={__noSuchMethod__:_0,push:function(f){if(typeof f=='function')f();else if(f&&f.shift&&f[0]in this)this[f.shift()].apply(this,f)},_link:function(h){if(h)location.href=h},_linkByPost:function(f){if(f&&f.submit)f.submit();return true},_getLinkerUrl:function(u){return u},_trackEvent:_0},_gat={__noSuchMethod__:function(){return _gaq}}})()

but I clicked on reset for it which said it was then the default setting of

noscript.surrogate.ga.replacement;(function(){var _0=function()_0,_u=function(){};_0.__noSuchMethod__=_0;('ga'in window)||(ga=_u);with(window)urchinTracker=_u,_gaq={__noSuchMethod__:_0,push:function(f){if(typeof f=='function')f();else if(f&&f.shift&&f[0]in this)this[f.shift()].apply(this,f)},_set:function(a,b){if(typeof b=='function')b()},_link:function(h){if(h)location.href=h},_linkByPost:function(f){if(f&&f.submit)f.submit();return true},_getLinkerUrl:function(u){return u},_trackEvent:_0},_gat={__noSuchMethod__:function(){return _gaq}}})()

That didn't seem to help though but I left it to the one that said default (the second one).

The NoScript settings between the two computers, one that will load the site and one that won't, were basicaly identical other than forbid iframe and apply to whitelisted sites checked on the one that wouldn't load the site but I played around with those settings and it didn't help to load the site so I am guessing it is unrelated to that. There are a couple differences between some whitelisted sites and some marked untrusted but none that appear related to the site in question. No other differences as far as I can tell with other extensions or about:config settings as I played around with them to make sure they appeared the same to me.

From what little I can possibly tell as clues to any cause. The one that isn't loading seems to list some things in the web and browser consoles that suggest that perhaps the dom storage is still not working correctly even though it is set the same on both (enabled). They both state can not create legacy dom storage when it is disabled but the one that won't load still says that even after it is enabled (even tried closing browser and restarting).

The couple web and browser consoles lines that seem like a cuplrit state..

SecurityError: The operation is insecure. with no other information (this occurs after I have logged in and try to view my library which instead just loads an empty library instead of all my purchased games as it does on the other computer).

and then once in awhile humblebundle-a.akamaihd.net : server does not support RFC 5746, see CVE-2009-3555 (this occurs after I have logged in and try to view my library which instead just loads an empty library instead of all my purchased games as it does on the other computer).

Warning: attempting to write 6008 bytes to preference untrusted. This is bad for general performance and memory usage. Such an amount of data should rather be written to an external file. (Not sure when this was listed in the log but I saw it once or twice)

Both computers list JavaScript 1.6's for-each-in loops are deprecated; consider using ES6 for-of instead ScriptSurrogate.js a lot but it does that on the computer that loads the site also so that might be nothing.

It isn't a big deal if it is too difficult to figure out the cause (it took me forever to learn the humble bundle site would no longer work when dom.storage.enabled was set to false as I have never encountered that before). I was just hoping it was a simple setting lke that I could fix that I overlooked somehow.

Thanks.

So what makes you think this is a NoScript related issue?

Guest wrote:I can't seem to figure out what is causing the Humble Bundle site, specifically their store section and after logging in my library section, to work properly.

You have one working setup so why bother? Just completely shut down Firefox on both your machines then copy the entire profile folder from the working machine into a profile in the broken machine, deleting anything that's in the destination profile folder first. Problem solved..... right?

Guest wrote:This site has always been so helpful and patient providing troubleshooting help

Thanks for the kind words but this really isn't a generic Firefox help site.
If you need help with Firefox, may I suggest you try mozillaZine?
The people giving user support there (one of whom is our moderator therube) are really helpful.
Even if you post what you think isn't a NoScript issue in mozillaZine but as it turns out it is a NoScript issue, I don't think anyone will mind if you repost the issue here with a link to the mozillaZine thread. (Plus I'm a member of mozillaZine as well, but I generally hang out in the SeaMonkey and MozillaZine sections.. but if I happen upon a Firefox help request thread there that could be a NoScript related issue I might pitch in...)

barbaz wrote:So what makes you think this is a NoScript related issue?

More specifically - have you tried disabling NoScript entirely and seeing whether that makes a difference?

More specifically - have you tried disabling NoScript entirely and seeing whether that makes a difference?

I was thinking the next time I take some time to play around with it I would try resetting NoScript in case it is some setting issue. That would eliminate it being a NoScript issue, such as something related to any custom trusted/untrusted sites, but immediately allow me to put back my exact desired configuration as soon as I am done testing that correct?

Since the issue is such a minor one, only impacts my using one site, I rather avoid visiting a site like Humble Bundle, which seems to use a ton of third party type of sites, without NoScript running entirely. I know I could use the Humble Bundle site as recently as a month or two ago as long as I set dom.storage.enabled to true and allowed the humblebundle and humblebundle-a.akamaihd.net (at least the store and account sections, as I haven't been able to place an order in a really long time as it requires some third party content that always seems to get blocked for me know matter what I have tried, short of running without NoScript which isn't something I care to do) .

barbaz is correct in that I probably shouldn't have asked for help here until I was confident it was NoScript. I guess I was thinking along those lines due to my about:config listing a surrogate as a user set value that I know I didn't set so at that point I started thinking that it was either related to that or perhaps some other setting. But, I did reset that value to default just before posting and that didn't make a difference so my mind should have broadened to think of other non-NoScript settings when it didn't.

If one doesn't mind, could my noscript.surrogate.ga.replacement shown a user set value instead of the default one because I installed NoScript but then imported my settings? If my imported settings were from a previous release but that noscript.surrogate.ga.replacement was updated on the release I installed then I would have accidentally overwritten the new noscript.surrogate.ga.replacement value with an old one when I imported my settings thus showing I was using a user set value for it?

One other NoScript question if it is okay. I have a capability.policy.maonoscript.javascript.enabled with the user set value of AllAccess. What is that and should I reset that vale to default?

Guest wrote:One other NoScript question if it is okay. I have a capability.policy.maonoscript.javascript.enabled with the user set value of AllAccess. What is that and should I reset that vale to default?

That is part of the CAPS machinery that NoScript used to use, don't know if it still means something... if it's not set in a new profile with your same browser you _might_ be able to reset it..

if you don't care to experiment, suggest leave it alone

Guest wrote: I was thinking the next time I take some time to play around with it I would try resetting NoScript in case it is some setting issue. That would eliminate it being a NoScript issue, such as something related to any custom trusted/untrusted sites, but immediately allow me to put back my exact desired configuration as soon as I am done testing that correct?

It's simpler and safer to just disable NoScript from the addons menu (Tools-Addons or about:addons) and see whether that helps. If so, then you can investigate further options.

Before resetting entirely, I would first try:
- allowing scripts globally;
- backing up your whitelist (using the Export button on the Whitelist tab - not to be confused with the Export button at the bottom of the whole dialog) and resetting just the whitelist;
- if you do reset everything, make sure you back it up first (with the Export button at the bottom of the dialog).

Since the issue is such a minor one, only impacts my using one site, I rather avoid visiting a site like Humble Bundle, which seems to use a ton of third party type of sites, without NoScript running entirely. I know I could use the Humble Bundle site as recently as a month or two ago as long as I set dom.storage.enabled to true and allowed the humblebundle and humblebundle-a.akamaihd.net (at least the store and account sections, as I haven't been able to place an order in a really long time as it requires some third party content that always seems to get blocked for me know matter what I have tried, short of running without NoScript which isn't something I care to do) .

So...have you confirmed that the site does work with NoScript disabled?

barbaz is correct in that I probably shouldn't have asked for help here until I was confident it was NoScript.

No, feel free to ask, but you may well get answers along the lines of "first thing to do is check whether it's related to NoScript"

If one doesn't mind, could my noscript.surrogate.ga.replacement shown a user set value instead of the default one because I installed NoScript but then imported my settings?

That could very well happen, yes, and I'm not sure it was a good idea. Just how old was this older version of NoScript?

NoScript tends to be very good at upgrading older preferences when you upgrade the addon, but I'm not sure it will always gracefully handle a situation where you overwrite newer preferences with older ones...

You might be best off exporting your whitelist (which *will* transfer gracefully between versions), resetting NoScript, and re-importing the whitelist, in case something weird has happened with the mismatched preference versions.

Thrawn wrote:

barbaz is correct in that I probably shouldn't have asked for help here until I was confident it was NoScript.

No, feel free to ask,

But if you do ask, please try what we suggest, or, if you resolve the issue some other way, let us know how you did it... otherwise you're just wasting everyone's time and Giorgio's server space.
Please re-read my first post in this thread. So how did the profile transfer work out.. or why is that not a viable option for you?

Just how old was this older version of NoScript?

It would have just been one release as NS must have updated in between my exporting and then importing them back.

Please re-read my first post in this thread. So how did the profile transfer work out.. or why is that not a viable option for you?

Copying over a different profile from someone elses computer in order to troubleshoot was much more involved than I would have wanted to do given the issue (I would have just then started changing the copied profile to mimic mine by altering settings and such which would have defeated the point since I had confirmed it was a specific computer issue rather than an unknown one). I was attempting to troubleshoot by comparing settings that I thought were different that might have impacted my issue. Going the profile route, or entirely disabling NS, was something I wanted to avoid given that this wasn't a major concern and something I figured was some setting somewhere (well, after you all get me in the right track of thinking outside my NS settings).

Apologies for assuming NS originally and not being immediate in attempting the more invasive troubleshooting tips offered. It was something I wanted to explore other ideas before doing so and taking the time to go through those before responding to them in greater detail took a bit (though I tried them sooner than I otherwise would have because of your help and time).

To update, I just figured it out a few minutes ago. The Humble Bundle store and account library download links will not function for me due to the setting of cookies set to ask me every time. If set to keep until close or until they expire then it works as it used to. I had changed that setting in between the last time I recall those sections working a month or two ago and these latest attempts to download purchased games or browse their store. I have no idea why ask me every time causes that but as long as I now know, doesn't concern me.

Thanks again for everyones time. barbaz and Thrawn. I appreciate your patience and willingness to help. Sorry that I started off on the wrong track. Entirely my error but the noscript.surrogate.ga.replacement setting showing as user set started me off thinking a NS setting originally.

That is part of the CAPS machinery that NoScript used to use, don't know if it still means something... if it's not set in a new profile with your same browser you _might_ be able to reset it..

if you don't care to experiment, suggest leave it alone

On a new profile, I don't see an capability.policy.maonoscript.javascript.enabled AllAccess entry but I do see a non-NoScript one called capability.policy.default.SOAPCall.invokeVerifySourceHeader;allAccess. I don't know if the later replaces the former as this is far above my understanding level. I'll just leave capability.policy.maonoscript.javascript.enabled AllAccess alone unless someone says it is safe to delete/reset.

Thank you again barbaz and Thrawn. Much appreciated.

Thanks for posting the solution and glad you got it working!

Guest wrote:Copying over a different profile from someone elses computer

Sorry, I hadn't understood that it wasn't your computer where you had it working. Had I known that I wouldn't have suggested a full profile transfer

Guest wrote:The Humble Bundle store and account library download links will not function for me due to the setting of cookies set to ask me every time. If set to keep until close or until they expire then it works as it used to.

Interesting. My personal favorite approach to managing cookies is the Self Destructing cookies addon. It monitors your cookies in the background and deletes them once you've closed the tabs associated with them.