Page 1 of 1

Full NS addon disable for website login

Posted: Fri Sep 18, 2015 2:21 pm
by jamest
Greetings.

This is a report of an issue involving the website http://www.wix.com. For login the website uses a combination of visual overlay / popup but the overlay is the only element that registers even when global scripting is allowed through the NoScript toolbar buttons. I have done a on/off addon check and a full disable of the NS addon appears to solve this issue.
That said I do not know if an advanced option in NS is in conflict with this particular website's script(s) or perhaps there is a inter-addon issue happening on my end. :oops:

Firefox 40.0.3

List of running addons;
Adblock Plus
Copy Plain Text 2
DuckDuckGo Plus
Ghostery
Hard Refresh
LastPass
NoScript
Reddit Enhancement Suite
ReloadEvery
Thumbnail Zoom Plus

Happy to supply logs or other info as needed. :)

I've done a preliminary search for this issue but either I've overlooked a result or I am not knowledge enough about NoScript to recognize the larger issue. Apologies in advance if this has been covered elsewhere.

Re: Full NS addon disable for website login

Posted: Fri Sep 18, 2015 2:48 pm
by therube
(A start, & not that I know what it means ...)

Code: Select all

[NoScript] Blocking cross-site Javascript served from http://static.parastorage.com/services/wix-users/2.564.0/login-dialog/locale/messages_en.jsonp with wrong type info application/octet-stream and included by http://www.wix.com/

Code: Select all

[NoScript HTTPS] AUTOMATIC SECURE on https://sslusers.wix.com: userType=ANONYMOUS; domain=.wix.com; path=/; Secure

Code: Select all

[NoScript HTTPS] AUTOMATIC SECURE on https://apis.google.com: NID=71=KdfkjefkWvM-EVER5df-N8V4rJ5eYDC6xYCpMANk5uZonelhOmosKBtodpns0fZsOP08RYHk15Ycs4_7w6xW-HxFrMOv6tmfJJGgUEKreiQ9oGJb-XqJJvouXcYGjVEd; domain=.google.com; path=/; HttpOnly; Secure

Re: Full NS addon disable for website login

Posted: Fri Sep 18, 2015 3:52 pm
by barbaz
jamest wrote:perhaps there is a inter-addon issue happening on my end
Have you tested this by disabling all addons other than NS and checking it in that configuration?

If so, it's probably the first message posted by therube, contact the relevant webmasters to get this fixed. It looks to NoScript like a binary file is being attempted to run as JavaScript, either the MIME type needs to be fixed or the file copied & hosted elsewhere (& served with the correct MIME type).

Re: Full NS addon disable for website login

Posted: Sun Sep 20, 2015 10:22 pm
by Thrawn
It is possible to add an exception to the cross-site inclusion filter, noscript.inclusionTypeChecking.exceptions

Re: Full NS addon disable for website login

Posted: Fri Oct 16, 2015 11:39 am
by xtct
XSS exception has no influence on this, and also turning off ABE. The only thing that "works" so far is to disable noscript and restart firefox

Re: Full NS addon disable for website login

Posted: Fri Oct 16, 2015 4:35 pm
by barbaz
xtct wrote:XSS exception has no influence on this, and also turning off ABE.
Yes, bcause neither is involved here, it's most likely the cross-site inclusion MIME type checker. Please see above