hackademix / noscript

The popular NoScript Security Suite browser extension.
https://noscript.net/
GNU General Public License v3.0
852 stars 91 forks source link

NS blocking identification on LeBonCoin french site in Firefox ESR 128? #384

Open user0022 opened 1 month ago

user0022 commented 1 month ago

Hello! I am under Lubuntu 22.04 OS, and NoScript seems to cause a problem in Firefox ESR 128.

The problem.

As a french user, I am registered on Leboncoin.fr, which is the main french classifieds site (a french eBay one could say). I don't remember very well, but I think that maybe 2 or 3 years, or a few months ago, I could log on this site normally. "Today", after long time not using it, I saw I couldn't. A LBC page shows a warning saying "Please enable JS and disable any ad blocker". So I allow temporarily 1 or 2 scripts in NoScript, and this warning disappears. So I click on "Se connecter" (means "Connexion"), but then site tells me things like "you have been blocked". It can tell it right away, or after having given me a CAPTCHA...

My small tests and understanding.

So I have done several small tests (as I have a low computing level).

I also have 1 or 2 other privacy/security addons, uBlock Origin and LocalCDN in ESR, they don't seem to cause a problem, uBO can be used to replace NS I've heard, but I did'nt find yet how to achieve this. (On Snap version, I have uBO with different lists and 2 or 3 different privacy/security addons.) I put the settings in about:preferences#privacy at rather high choice too.

Conclusion for what I will do to use this site though.

So what I see for now, is that the simple fact to have NS enabled (even allowing every script of the site where there is a problem) prevents me from login on LBC in ESR. (And it possibly blocks things on other sites I jsut didn't come across I imagine.) I feel that I am maybe a very rare case, and the problem could be there because I have inherited of certain ancient NS settings or features, that could come from years ago, as I have migrated my /home directory between 2 or more OS, an ancient one being even in 32 bits.

My personnal choice could be simply to use the Snap FF, but my current session, with all the tabs I am interested in, is in the ESR, and I don't have enough RAM to open these 2 browsers at the same time. But yet maybe I will, use the Snap FF. I don't really want either to migrate my ESR session to the Snap version. Or continue using the ESR, and disabling NS when I am on LBC, but I wouldn't really like it. I could hope a fix for this but I don't have a big hope it will happen. I could also try to learn how to use uBO like NS.

Thank you!...

user0022 commented 1 month ago

Hello again. The problem seems to have disappeared! I don't know how it happened, but when this week (after weeks or months of failure) I discovered I could enter again in my account by disabling NS, I did, and then the following time I wanted to, 2 or 3 days later, instead of disabling it I simply allowed (first) 1 and (second) 3 or 4 scripts, and surprise I saw the login page instead of the warning.

Maybe I will delete this topic, but for the moment I think I will leave it for a little while if it can be useful for someone else or if the problem comes back.

user0022 commented 3 weeks ago

Hello again. I was about to delete this topic like I had said, as the problem had disappeared and I thought it was maybe very specific and very rare, but it just came back, and a bit more complicated this time. I had just updated Firefox from 128.3esr to 128.3.1esr, so it surely came from this.

Make searches on the site issue (without having logged/identified).

NS enabled, and main script allowed (...leboncoin.fr):

NS disabled:

NS disabled + Tracking content allowed: [In about:preferences#privacy, I had chosen Custom and blocked/checked more or less maximum security choices, among them Tracking content (In all windows of course) was blocked.]

I still allow tracking content, an I re-enable NS with only the main script allowed:

With then these 2 scripts allowed, I tried to block Tracking content again, but no, filters didn't work, so conclusion I have to allow these 2 scripts PLUS allow Tracking content.

Login issue.

The "search" thing was different from the login issue, which made me open this topic. But now (surely because of FF update, like I said), the login issue had come back too, like the first time. So I tried to login with NS enabled and all scripts allowed, and it didn't work, just like the first time, showing a message telling I had to allow javascript though I had allowed everything in NS. Then I disabled NS (AND I blocked again Tracking content as maybe it is needed for search options but not for login), and yes I could then login. So I logged off, and re-enabled NS, and allowed only the main script and Tracking content still blocked, and I saw the login still worked, so having logged 1 time without NS had unblocked the situation for login with NS, like the firs time. About Tracking content, blocking it still didn't prevent from login, but still prevented from using filters in the search, even with NS disabled.

Provisory conclusion.

I had noted a site in english which seemed to have the same behavior. I should find it later in notes. Maybe my case is more general than I thought. A troubleshooting when a problem with NS comes on one site could be to disable NS, do what one wanted to do, and re-enabling NS can show the problem has disappeared (???).