InformAction Forums

Firefox 58.0.2 (64-bit)
Mac OS X 10.13.3 (17D102)

I am experiencing a weird error with just ATT.COM. everything else works as expected, and consistently, but when I go to att.com, nothing happens at all. No reply, no warnings, no messages, just a completely blank page. It like it's completely blocked somehow. After searching through NoScript, LittleSnitch, Intego's "NetBarrier" settings, I've found that what I have to do is "turn off" NoScript's "Sanitize cross-site suspicious requests" function, then load the site.

I haven't figured out "why" this works (I don't get the typical popup window for cross-script warnings), but it's very reproducible. If I open a NoScript settings window and try to load ATT.COM in another tab, it fails. If i simply uncheck the "Sanitize" option in the NoScript tab, the ATT site will load just fine.

I've whitelisted att.com and att.net in both http and https forms, but that doesn't seem to help with the cross-scripting setting (as expected). Does anybody have any ideas how to "whitelist" att.com from a cross-scripting perspective?

Thanks in advance for any thoughts, suggestions or outright fixes to this problem.

Steve

Not seeing that here. Page works fine for me with default NoScript settings.

If I set att.com to Trusted, I do get a XSS warning - But I don't need to allow this.

Thanks for the reply. You talked me into doing a lot more testing with caches (clearing), and the way the three tools work together.

Summary: The problem is resolved.

Resolution: I wasn't patient enough... If I clear everything, and remove all traces of ATT from my noscript rules, then reconnect the browser to ATT.com, it does eventually launch, but takes about 30-60 seconds for whatever it's doing in the background to "time out" before starting to display anything on the page. If I had just patient and waited a while, I wouldn't have reported this as a problem. Once it comes up and I whitelist the att.com connections, things seem to start connecting MUCH faster in the future.

Thanks again for the feedback!

barbaz wrote:Not seeing that here. Page works fine for me with default NoScript settings.

If I set att.com to Trusted, I do get a XSS warning -

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from https://6100125.fls.doubleclick.net to https://adservice.google.com.

Suspicious data:

(URL) https://adservice.google.com/ddm/fls/i/src=6100125;type=ecomm0;cat=ecomm00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=oXkVyX9Q4PqxdHgO43Ub0h2uzlLsOqK2!-697604489;_dc_1=1;~oref=https://www.att.com/

But I don't need to allow this.

Thank you for reporting back, glad you got it resolved.