Page 1 of 1
Payment gateway now broken since latest up date
Posted: Tue Mar 31, 2009 4:15 pm
by Raymondo
Since the latest up date I have found that payments from our website to the Nochex payment gate way are being broken. The console message is....
[NoScript XSS] Sanitised suspicious upload to [
https://secure.nochex.com/] from [
https://www.ekmsecure10.co.uk/ekmps/pay ... rtpage.asp? (I have removed the rest for security reasons).
I am certain that this will be effecting many many sites, but they may not know about it yet.
The net result is that our customers are unable to pay by credit card using Nochex.
Raymondo
Re: Payment gateway now broken since latest up date
Posted: Tue Mar 31, 2009 4:30 pm
by Giorgio Maone
There's nothing in the new update changing the previous behavior, it's a known anti-CSRF protection and it's always been there.
The failing request will work fine if either ekmsecure10.co.uk is in user's whitelist or nochex.com is not whitelisted.
At any rate, using Options|Unsafe Reload from the notification bar will work as well, not duplicating the POST request (since no POST happened yet).
Re: Payment gateway now broken since latest up date
Posted: Tue Mar 31, 2009 6:27 pm
by Raymondo4IZHPGAD
Thanks for the reply Giorgio,
I have tried it on several of our machines and the result is the same.The problem happens if Nochex is white listed or not.
I have no control over the settings my customers white list so that does not help.
All I can say is that used to work fine and now all of a sudden it does not. Connection to Nochex works fine when NoScript is disabled.
Is it possible that an error has crept in with the update?
Raymondo
Re: Payment gateway now broken since latest up date
Posted: Tue Mar 31, 2009 7:03 pm
by Giorgio Maone
Raymondo4IZHPGAD wrote:The problem happens if Nochex is white listed or not.
That's very strange. The code path generating that message should never be traversed for untrusted destinations.
Could you please PM the whole log line?