TWiki> LinuxSupport Web>LinuxSupport>LinuxSupportFAQ>NoScriptProblems (2009-02-24, JanIven) EditAttachPDF
Linux Support FAQ entry 12 Dec 2008, logged in as JanIven
LinuxSupportFAQForm
SupportProblem The Firefox "NoScript" extension provides good protection against a variety of web-borne attacks (see for an introduction to XSS and CSRF), and is "recommended best practice" for secure web surfing. However, several CERN web services are not compatible with it, and require manual configuration/whitelisting.
SupportAnswer
  • Web SingleSignOn/SSO (http://cern.ch/login) is being detected as a cross-site-scripting attack, probably due to the enormous size of the request being posted. This also may cause Firefox error message about a "Script not responding". Solution is to add the following to NoScript Options→Advanced→XSS : 
    ^@https://login.cern.ch/adfs/ls/
  • CERN sites known to require JavaScript:
    • all AIS applications (EDH,HRT,APT, ..),
    • LanDB (just for the initial login?)
  • Several sites change the JavaScript "security domain" to become cern.ch, in order to exchange data between pages hosted on several machines (otherwise JavaScript would treat them as separate sites, and prevent such sharing). For NoScript, this means that the whole cern.ch domain has to be whitelisted, not just the individual machines concerned. (Unfortunately, these sites then also will share that data with all other CERN webservices that similarly change their domain). This is worth contacting the site owner on, they might be able to change the way their site works (and thereby protect their service).

OsVersion all
HardwareArchitecture any
ApprovedBySupport SupportApproved
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2009-02-24 - JanIven
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LinuxSupport All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright &© 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback