hybridreactor / scriptno

Automatically exported from code.google.com/p/scriptno
0 stars 0 forks source link

latest version breaks sites using mod_auth_krb/SPNEGO #262

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. kinit
2. browse URL of whitelisted https site that uses mod_auth_krb
3. get gobbledygook
4. disable scriptsafe
5. browse same url
6. get expected page

What is the expected output? What do you see instead?

Expected output is that I get authenticated access to web page.  What happens 
is that I get a page full of seemingly random characters; it may be encrypted 
data, but it is certainly not what is supposed to happen.

What version of the product are you using? On what operating system?

ScriptSafe 1.0.6.18, Chrome Version 35.0.1916.114, OSX 10.8.5

Please provide any additional information below.

This worked fine when I last used it a few days ago.  The sites that I have 
problems with work fine with ScripSafe turned off, and work fine with other 
browsers.

Also, I notice that the changelog on the chrome store says nothing about 
version 1.0.6.18; the last version it shows is 1.0.6.17.  The url provided for 
the full changelog (http://andryou.com/projects/scriptsafe-changelog/) gives me 
a page that says "not here"

Original issue reported on code.google.com by abe.sin...@gmail.com on 20 May 2014 at 7:42

GoogleCodeExporter commented 9 years ago
Confirmed - the latest update causes weird issues with SPNEGO-authenticated 
sites.  Disabling ScriptSafe allows the pages to load correctly, enabling it 
blocks some content from loading.  This even though the pages are in Trusted 
domains.

Original comment by camillo....@gmail.com on 25 Jun 2014 at 10:06