NoScript block for Handelsbanken BankID

I had a repeat this weekend of the same issue as last week, that it worked perfectly fine to sign in to my bank, Handelsbanken, using mobile BankID, but approving new payments or transfers did not work, the site would just lock up and not process the approval for the payment.

After some help from Handelsbanken tech support we narrowed it down to the plugins in Firefox, and with some additional testing I found out it’s NoScript (again) which is this time blocking the payment approvals. Previously it has been blocking my internal sites on http://192.168.x.x local subnet, and blocking referrals to Google Fonts, to name the most recent.

I’m not yet sure what I will do here, I don’t want to remove NoScript, but on the other hand it is getting somewhat random what works from day to day, and when it gets to nitty gritty details such as BankID-login working but BankID-signing not working it becomes rather difficult to keep the program without adding a secondary browser for entirely trusted sites, such as banks.

This last option is incidentally suggested by Avast every time I login, to use their SafeZone browser, but I’m not sure why it needs to open 12 parallell processes each time I try to login, so I’m not yet ready to switch to it.

And switching to IE, as suggested by tech support, does work, but the point of using Firefox with NoScript was to make things more secure. NoScript description states that

“It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking site…”

However, things keep getting broken and fixes breaks new things. If I could get to a stable version I could try to disable automatic updates entirely for it. But so far there’s no stable version in sight. Maybe I should try Edge?

And all I wanted was to quickly download a file

The morning starts with troubleshooting my own computer, as it so often tend to do. Auto-updates may be a must in some cases but sometimes they’re really more a pain…

This morning I wanted to update my webpage, and in order to do so I needed to access the photos from yesterday, which were uploaded to OneDrive, since I was now on a computer which does not cache this folder locally due to lack of disk space.

Starting Firefox and going over to onedrive.com I noticed a new, odd behavior. There was an infinite reload-loop and selecting a folder was almost impossible. The reloads also made the browser so slow it became unusable. (Excluding the fact that this really shouldn’t happen of course).

A quick check in Edge confirmed it was a Firefox problem, and that reminded me of the notification I had dismissed that NoScript had updated itself. Seeing this a the most likely problem I disabled the plugin and all was well again.

What annoys me in this is that I have whitelisted all URL’s used and needed by Onedrive, so this shouldn’t really happen. And it’s the second time in a short while where NoScript has failed. I really like the plugin, but I don’t like unpredicted instability, so I’m not sure whether to keep NoScript or not, but I’m not sure there are any equally good replacements either.

Minnow suddenly looked different

It started just the other day, my personal website looked different.

And not intentionally by my doing, which I didn’t like at all.

At first I didn’t see it, it was after all only a minor change in appearance. But then I got it, the font had changed. And the font in Minnow was one of the reasons I use this particular lovely little theme (the other being it’s clean and without distractions).

But why? I hadn’t updated anything, or had I…?

So I began to backtrack through the endless stream of updates. The iPhone and iPad gets gigabytes of updates almost every day for all apps, quite annoying but quickly eliminated since the problem existed on PC as well.

Firstly, it only happened for the website hosted on a dedicated server, not for the same replica hosted on WordPress.com, (this site).

So what auto-updates on a WordPress site? Well, basically everything…
The site itself, but that hadn’t changed. The WP Security plugin, hadn’t changed. And Jetpack, which seems to update itself about every time I look away, also hadn’t changed.

Oh well, onwards. Now, the problem also only happened when using Firefox, not in IE, or Edge.So I started on that end. Edge works, FF does not. But FF works on another users computer, so it must be a local issue then.

Not Firefox versions, these were the same. But after disabling all plugins it worked. Which, by re-enabling them one by one pinpointed the problem to NoScript, and as it turned out, this plugin had just auto-updated itself just a few days ago. Got it!

Now, the problem became something else. All relevant sites were whitelisted, the local domain, wp.com, wordpress.com, and gstatic.com for the fonts. So this shouldn’t really happen. A quick search on Google turned up some recommendation to allow the @font-face value, which I tested but still things did not work.

Enter Forum search to the rescue. Not much of a search really since it was listed among the top hot topics, new NoScript update breaks Google Fonts. And a solution as well, to install the newest release candidate.

And while I usually prefer stable released versions to RC’s, in this case given the choice of uninstalling NoScript, or not having working fonts, the answer was to use the RC.