http://www.walmart.com/store/finder doesn't work properly in latest firefox (non privacy) but ok with microsoft edge
I using Firefox 46.0.1 in regular (non private) mode. I went to http://www.walmart.com/store/finder and got the site headers, etc. but no content, no map. Microsoft Edge doesn't have any problem showing the full page. I've noticed this on a few sites lately.
Chosen solution
Hmm, yes, big empty white space. We both run the NoScript extension, and I noticed this message in the Browser Console when loading the page:
[NoScript] Blocking cross-site Javascript served from http://ll-us-i5.wal.co/dfw/63fd9f59-bd92/k2-_e3db6f3f-bb49-4b26-ad59-3ab8987390ea.v27.js-7a19b435de26ab8b51e5309d2761bcbc83e41a6b with wrong type info application/jav and included by http://www.walmart.com/store/finder
Wrong type info because the server sends "application/jav" instead of "application/javascript". It usually is safest to block mystery content, but assuming you trust this server:
Users who needed to log in to Walmart discovered this a while ago and a workaround was posted on the NoScript forum here: https://forums.informaction.com/viewtopic.php?p=81213#p81213
In summary:
(0) Select and copy the following (it's a pattern that matches the URL of the script files you want to run):
.wal.co/*.js*
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste noscript.i and pause while the list is filtered
(3) Double-click the noscript.inclusionTypeChecking.exceptions preference and edit it as follows:
(A) Press the Home key on the keyboard to position the cursor at the very beginning of the preference value (or click there using the mouse)
(B) Paste the pattern and then type a space to separate it from the default exceptions
(C) Click OK to save it
Then reload the store finder page and it should show the map and location search box.
Read this answer in context 👍 1All Replies (8)
Chosen Solution
Hmm, yes, big empty white space. We both run the NoScript extension, and I noticed this message in the Browser Console when loading the page:
[NoScript] Blocking cross-site Javascript served from http://ll-us-i5.wal.co/dfw/63fd9f59-bd92/k2-_e3db6f3f-bb49-4b26-ad59-3ab8987390ea.v27.js-7a19b435de26ab8b51e5309d2761bcbc83e41a6b with wrong type info application/jav and included by http://www.walmart.com/store/finder
Wrong type info because the server sends "application/jav" instead of "application/javascript". It usually is safest to block mystery content, but assuming you trust this server:
Users who needed to log in to Walmart discovered this a while ago and a workaround was posted on the NoScript forum here: https://forums.informaction.com/viewtopic.php?p=81213#p81213
In summary:
(0) Select and copy the following (it's a pattern that matches the URL of the script files you want to run):
.wal.co/*.js*
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste noscript.i and pause while the list is filtered
(3) Double-click the noscript.inclusionTypeChecking.exceptions preference and edit it as follows:
(A) Press the Home key on the keyboard to position the cursor at the very beginning of the preference value (or click there using the mouse)
(B) Paste the pattern and then type a space to separate it from the default exceptions
(C) Click OK to save it
Then reload the store finder page and it should show the map and location search box.
Modified
For other sites, you'll need to mention the URL when you run across it again.
http://store.hp.com/us/en/ContentView?eSpotName=PrinterFinder&storeId=10151&catalogId=10051&langId=-1 does the same thing.
As far as I can see, neither Firefox nor LastPass have "Browser Console". How do I find it?
I find it difficult to believe that all these sites just changed that part of their content. So I suspect the LastPass has started to enforce additional restrictions. If the site is whitelisted, I wonder why it is quibbling about "application/jav" instead of "application/javascript"
I posted to LastPass support asking for a generic fix.
Not LastPass, NoScript.
You can open Firefox's Browser Console using either:
- Ctrl+Shift+j
- menu button > Developer > Browser Console
NoScript is protecting against an attack where a tag in a page pulls a non-matching content type from a different server as a way to bypass the normal security checks for that other content type. It doesn't matter whether the two sites are trusted, because it is intended to protect against cross-site attacks.
The HP page doesn't give that specific error, so it probably is something else (I'll look into it a bit more).
On the http://store.hp.com it is a problem with third-party cookies. I see the content if I create an "allow for session" cookie exception.
Every now and then I see threads where specific content gets blocked because of such a cookie issue. If content is loaded in an iframe then you can check if it works if you temporarily allow all third-party cookies and if that helps check the domain of the URL in the iframe and create an exception and check again if that works. I personally don't like to enable third-party cookies by default because you end up with a lot of unnecessary cookies.
On HP, I had to allow a lot of domains in NoScript that I haven't allowed before in order to get the frame content to load. I have attached a screenshot. My testing was inconsistent, and I often reloaded using Ctrl+Shift+r (reload bypassing the cache) to force a full reload of the framed page. I'm not sure why it's so finicky.