InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Fx Nightly 50.0a cannot login to plain http site

https://forums.informaction.com/viewtopic.php?t=22052

Page 1 of 1

Fx Nightly 50.0a cannot login to plain http site

Posted: Mon Aug 01, 2016 12:53 pm
by hssg
Firefox 50.0a in private browser mode fails to log into http://bato.to, site redirects to https and than login dumped.

Posted: Mon Aug 01, 2016 4:54 pm
by barbaz
Off-topic to viewtopic.php?f=7&t=21952 , splitting.

Does disabling NoScript (Tools > Add-ons Manager > NoScript > Disable > Yes, remove ALL protections) get it working?
If so, when this issue occurs, do you see anything related in the Browser Console? (Ctrl-Shift-J)
(if you don't know what's related, turn off CSS warnings and post everything else you see)

Re:

Posted: Mon Aug 01, 2016 6:47 pm
by hssg
barbaz wrote:Off-topic to viewtopic.php?f=7&t=21952 , splitting.

Does disabling NoScript (Tools > Add-ons Manager > NoScript > Disable > Yes, remove ALL protections) get it working?
If so, when this issue occurs, do you see anything related in the Browser Console? (Ctrl-Shift-J)
(if you don't know what's related, turn off CSS warnings and post everything else you see)

It's cannot login because Automatic Secure Cookies management is enabled,

Code: Select all

[NoScript HTTPS] AUTOMATIC SECURE on https://bato.to: session_id=a26afdbbe9e36e3c846c9a8b197c5725; domain=.bato.to; path=/; HttpOnly; Secure
[NoScript HTTPS] AUTOMATIC SECURE on https://bato.to: member_id=324235; domain=.bato.to; path=/; HttpOnly; Secure
[NoScript HTTPS] AUTOMATIC SECURE on https://bato.to: pass_hash=fbbc59edf42c9a739c7b5560c90ffdc9; domain=.bato.to; path=/; HttpOnly; Secure
[NoScript HTTPS] AUTOMATIC SECURE on https://bato.to: ipsconnect_d8874f8d538b1279c8106e636bf7afe9=1; domain=.bato.to; path=/; Secure
[NoScript HTTPS] AUTOMATIC SECURE on https://bato.to: coppa=0; domain=.bato.to; path=/; Secure
[NoScript HTTPS] AUTOMATIC SECURE on https://bato.to: session_id=a26afdbbe9e36e3c846c9a8b197c5725; domain=.bato.to; path=/; HttpOnly; Secure
Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.[Learn More]bato.to
But bato.to is not forced to https by me. it's doing on it's own.

I can solve this problem by adding url to "Ignore unsafe cookies" field though.
And these messages not show up with it.

Re: Fx Nightly 50.0a cannot login to plain http site

Posted: Mon Aug 01, 2016 7:02 pm
by barbaz
hssg wrote:I can solve this problem by adding url to "Ignore unsafe cookies" field though.
Great! That's the answer Image

Re: Fx Nightly 50.0a cannot login to plain http site

Posted: Mon Aug 01, 2016 10:59 pm
by Thrawn
And then complain to the website owner, because they are using quite unsafe practices; it's possible for someone to eavesdrop on your connection and hijack your logged-in session.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited