Noscript interferes with ESET web console

[PF4Public]

Noscript breaks ESET web console. There are following errors in browser console:

SyncMessage.js:259 [Deprecation] Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
browser.runtime.sendSyncMessage @ SyncMessage.js:259
SyncMessage.js:263 syncMessage error in https://%MY-HOST%/era/webconsole/#id=CLIENTS: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'https://sync-messages.invalid/chrome-extension://doojmbjmlfjjnbmnoijecmcbfeoakpjm/?id=6ec3dfd305.002%2Chttps%3A%2F%2F%MY-HOST%%2Fera%2Fwebconsole%2F%23id%3DCLIENTS&url=https%3A%2F%2F%MY-HOST%%2Fera%2Fwebconsole%2F%23id%3DCLIENTS&top=true&msg=%7B%22id%22%3A%22fetchPolicy%22%2C%22url%22%3A%22https%3A%2F%2F%MY-HOST%%2Fera%2Fwebconsole%2F%23id%3DCLIENTS%22%2C%22contextUrl%22%3A%22https%3A%2F%2F%MY-HOST%%2Fera%2Fwebconsole%2F%23id%3DCLIENTS%22%7D'. (response )
browser.runtime.sendSyncMessage @ SyncMessage.js:263
/era/webconsole/#id=CLIENTS:1 Refused to load the script 'https://%MY-HOST%/era/webconsole/webconsole.nocache.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

/era/webconsole/#id=CLIENTS:1 Refused to load the script 'https://%MY-HOST%/era/webconsole/static/js/main.37953d5d.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

/era/webconsole/#id=CLIENTS:1 Refused to load the script 'https://%MY-HOST%/era/webconsole/js/libs.20191024.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

manifest.txt:1 Manifest: Line: 1, column: 1, Syntax error.

I have %MY-HOST% in trusted, but this doesn't help. I have tried to disable limits for this tab — no difference. I have tried disabling limits globally — no difference.

Only after I have disabled noscript itself, these scripts could be loaded and ESET webconsole worked.

[hackademix]

Which version of NoScript are you using and on what browser type / version? Does disabling all the other extensions change anything? Thanks!

[PF4Public]

I think it is 11.0.6. The browser is Vivaldi, which is Chromium-like. And the Chromium version as about 78-something.

I've tried disabling other extensions, like you suggest, but this didn't change anything. Only disabling Noscript helps.

Could there be some bug with URL/hostname (or whatever) detection? This error looks weird to me: Failed to load 'https://sync-messages.invalid/chrome-extension:

Thank you too!

[hackademix]

Please try upgrading to 11.0.8. And yes, that error message should not be issued unless some other extension is blocking the request. Hence it might be a Vivaldi-specific bug: if 11.0.8 keeps failing, could you please check whether Chrome works instead? Thanks!

[PF4Public]

I have upgraded Noscript in Vivaldi up to Version 11.0.9, but the issue still persists. I have tried the same in Chromium (Version 78.0.3904.108 (Official Build) (64-Bit)) with Noscript 11.0.9 and the result is the same as with Vivaldi. Should I disable Noscript, everything works fine in both browsers.

And by the way :) I've tested Chromium on Linux and Vivaldi on Windows, so it is platform-independent.