Page 1 of 1
XSS from brightcove?
Posted: Thu Mar 17, 2016 10:20 pm
by Lucas Malor
Code: Select all
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://brightcove01.brightcove.com/24/1328010481001/201603/1915/4805143332001/1328010481001_4805143332001_s-41.ts?pubId=1328010481001&videoId=4805138839001. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Re: XSS from brightcove?
Posted: Thu Mar 17, 2016 11:58 pm
by barbaz
If you're using NoScript 2.9.0.5, there have been many threads here about XSS filter issues resulting since that update...
Does downgrading NoScript to 2.9.0.5rc2 make it work? (If so, this is a NoScript bug; I would recommend to downgrade to NoScript 2.9.0.4 until Giorgio fixes whatever bug(s) happened)
Re: XSS from brightcove?
Posted: Fri Mar 18, 2016 6:18 pm
by barbaz
Does NoScript 2.9.0.6 works again?
Re: XSS from brightcove?
Posted: Fri Mar 18, 2016 7:27 pm
by Lucas Malor
No more messages, but videos from the site Il Fatto Quotidiano does not work if NoScript is enabled:
http://tv.ilfattoquotidiano.it/2016/03/ ... ta/495784/
Re: XSS from brightcove?
Posted: Fri Mar 18, 2016 7:47 pm
by Lucas Malor
Excuse me, errata corrige: error log is printed in JS console, but no XSS dialog is displayed.
Re: XSS from brightcove?
Posted: Fri Mar 18, 2016 11:18 pm
by Giorgio Maone
I need to enable many things (mostly brightcove-related stuff), but it works for me on 2.6.0.9.
Re: XSS from brightcove?
Posted: Sat Mar 19, 2016 9:55 am
by Lucas Malor
DO you mean 2.9.0.6?
Re: XSS from brightcove?
Posted: Sat Mar 19, 2016 10:25 am
by Giorgio Maone
Lucas Malor wrote:DO you mean 2.9.0.6?
Yep