Facebook infinite reloading page with image/user posts! Topic is solved
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Re: Facebook infinite reloading page with image/user posts!
Ad http://hg.mozilla.org/mozilla-central/p ... a157f7feb7
See #869
An example:
viewtopic.php?f=29&t=13005&start=40#p95079
The unstable versions:
1) ...from the master branch
2) ...from the master branch + after the following fixes
1) The page infinitely loads.
2) The same page will load without a problem.
Could it be that "CORS" is the same issue? But maybe it's a coincidence
See #869
An example:
viewtopic.php?f=29&t=13005&start=40#p95079
The unstable versions:
1) ...from the master branch
2) ...from the master branch + after the following fixes
1) The page infinitely loads.
2) The same page will load without a problem.
Could it be that "CORS" is the same issue? But maybe it's a coincidence
-
- Pale Moon guru
- Posts: 35651
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Facebook infinite reloading page with image/user posts!
OK, I have to thank you VERY much for, by chance, finding the seemingly completely unrelated cause. This is a perfect example of "we need to know what trips up your code" and crickets as a response not helping.
I've merged the CORS change in and I'll build a new unstable today. if that confirms to fix it, I'll uplift it for 27.1 (since I still have to wait for Mozilla Security to give me sec bug access for FF51 bugs, anyway) -- at the same time I'll make the UA override native so there will be a solid record on FB's side of our users, as well as them being able to target that native UA directly if they are actually willing to fix things.
EDIT: new unstable is up. I checked the links and no infinite reloading occurs -- it still reloads once though, so there's certainly some scripting oddity still left on Facebook's side. if other on the unstable channel can confirm facebook operation if they previously had issues, I'll uplift.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Facebook infinite reloading page with image/user posts!
Yeah GMforker!JustOff wrote:It seems you have got it
That's a good bargain! A satisfied customer is the best business strategy of all!
Re: Facebook infinite reloading page with image/user posts!
So after all of this, are we saying it was Gecko related code? And by the way Tobin, I referenced you saying what you did before (except I didn't remember it was you saying it).
It occurred to me all along that there was some revision of Gecko where it took place. I'm glad you've seemed to have found it.
It occurred to me all along that there was some revision of Gecko where it took place. I'm glad you've seemed to have found it.
-
- Moon Magic practitioner
- Posts: 2411
- Joined: 2012-08-19, 20:32
Re: Facebook infinite reloading page with image/user posts!
Thanks guys for your perseverance! Since the above two links do not reload any more here already (27.0.3), can you also try this one which still keeps reloading?
Safe Mode / clean profile info: Help/Restart in Safe Mode
Information to include when asking for support - How to apply user agent overrides
How to auto-fill passwords
Windows 10 Pro x64
Information to include when asking for support - How to apply user agent overrides
How to auto-fill passwords
Windows 10 Pro x64
Re: Facebook infinite reloading page with image/user posts!
Moonchild wrote:I've merged the CORS change in and I'll build a new unstable today. if that confirms to fix it, I'll uplift it for 27.1 [..] at the same time I'll make the UA override native so there will be a solid record on FB's side of our users, as well as them being able to target that native UA directly if they are actually willing to fix things.
Nope. Even in FF compatibility mode all is ok.back2themoon wrote:can you also try this one which still keeps reloading?
UPD: New unstable build is already published, you can check it yourself.
Last edited by JustOff on 2017-01-30, 13:29, edited 2 times in total.
Re: Facebook infinite reloading page with image/user posts!
But maybe that should tell you something Matt A Tobin. Perhaps (and I say this working in broadcasting) the delivery is every bit as important as the message.Matt A Tobin wrote:I had already narrowed it down... Does no one read or remember what I say anymore unless it offends them?
And I do recall you saying what you did, but I had completely forgotten it was you. I knew someone said the refreshes stopped somewhere along the line. So my thought was, "why aren't you guys feverishly looking for it???" I think I posted to that effect.
-
- Pale Moon guru
- Posts: 35651
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Facebook infinite reloading page with image/user posts!
It's Gecko-adopted code, but the thing is, I checked the specs involved and nowhere does it say that data: URIs should be treated as same-origin in CORS. (I checked both the HTML spec and the CORS Fetch spec).JodyThornton wrote:So after all of this, are we saying it was Gecko related code? And by the way Tobin, I referenced you saying what you did before (except I didn't remember it was you saying it).
It occurred to me all along that there was some revision of Gecko where it took place. I'm glad you've seemed to have found it.
So although logical that data: is considered same-origin by the mainstream browsers, it's not in the spec, and was changed in Gecko because Chrome+IE do this.
Allowing this does make data: injection a potential attack surface.
Ultimately, it's still Facebook's issue specifying a CORS attribute on something with a data: URI as source and then tripping over their own unspecified usage with a security check when it's denied by Pale Moon. But certainly there's no reason why in the common case this should not be allowed.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Facebook infinite reloading page with image/user posts!
So this is on the unstable release?JustOff wrote:May be it's better to make unstable for public test without UA override, with only CORS changes?Moonchild wrote:I've merged the CORS change in and I'll build a new unstable today. if that confirms to fix it, I'll uplift it for 27.1 [..] at the same time I'll make the UA override native so there will be a solid record on FB's side of our users, as well as them being able to target that native UA directly if they are actually willing to fix things.
Nope. Even in FF compatibility mode all is ok.back2themoon wrote:can you also try this one which still keeps reloading?
-
- Pale Moon guru
- Posts: 35651
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Facebook infinite reloading page with image/user posts!
See above.JodyThornton wrote:So this is on the unstable release?
New unstables are up with the CORS change (but not the SSUAO yet)
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Moon Magic practitioner
- Posts: 2411
- Joined: 2012-08-19, 20:32
Re: Facebook infinite reloading page with image/user posts!
Did some quick tests with the unstable and indeed everything works perfectly, and Facebook runs generally smoother (tested with the native string). The below 'issue' has been fixed, too. Thanks again, everyone.
back2themoon wrote:About Messenger, I'm seeing this small difference from other browsers (incl.FF): when switching between users (on the left column), the whole page is being "refreshed" instead of just the message content so this adds some inevitable delay. Minor issue though and it otherwise works fine.
Safe Mode / clean profile info: Help/Restart in Safe Mode
Information to include when asking for support - How to apply user agent overrides
How to auto-fill passwords
Windows 10 Pro x64
Information to include when asking for support - How to apply user agent overrides
How to auto-fill passwords
Windows 10 Pro x64
-
- Pale Moon guru
- Posts: 35651
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Facebook infinite reloading page with image/user posts!
FTR: the following report was sent to Facebook:
I do plan to put this behind a pref eventually, because users should have the choice to deny potentially insecure loads from data: URIs if CORS is specified on the element.
Looking a bit more into this, making this pref-controlled is going a bit too far. The default allowance is fine; if you have a problem with data injection, then the only additional way this could be a problem is if you already have injection mitigation in place that doesn't understand base64.
Moonchild wrote:Dear support team:
Well, we've finally figured out what your problem is with triggering constant reloads, no thanks to your lack of help or willingness to do anything about it.
I do hope you forward the following technical details to your back-end developers because it is an important problem:
Apparently, you are using CORS restrictions on theater mode/gallery pages (or potentially all photos). Adjunct to that you use data: URIs in the same elements. The HTML and CORS Fetch specs don't specify how to treat data: URIs in this situation and secure browsers would deny these requests because it would present a potential attack surface for injection (injecting base64 data could in-line replace element contents by changing the src attribute).
If such a request is denied on the browser side, your website code goes into a reload loop (gallery->theater->gallery-> etc. ad nauseum) making further use of Facebook impossible. Mainstream browsers like Chrome are not considering the relevant attack surface and as such do not run into this problem. Our browser attempts to enforce stricter, in-spec, security, and as such hits this webdesign issue.
Please consider checking and changing the relevant code.
Moonchild,
Pale Moon lead dev.
Looking a bit more into this, making this pref-controlled is going a bit too far. The default allowance is fine; if you have a problem with data injection, then the only additional way this could be a problem is if you already have injection mitigation in place that doesn't understand base64.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Moonbather
- Posts: 57
- Joined: 2012-01-18, 04:49
- Location: USA
Re: Facebook infinite reloading page with image/user posts!
It is a Pale Moon issue, because it doesn't happen when I use CyberFox or Firefox 64bit.
-
- Moon Magic practitioner
- Posts: 2411
- Joined: 2012-08-19, 20:32
Re: Facebook infinite reloading page with image/user posts!
Sounding so convinced (following a thread with extensive discussion on this), I'm guessing you've also researched on the underlying technical issues of Facebook-Pale Moon communication in order to reach this conclusion... right?wildbill5891 wrote:It is a Pale Moon issue, because it doesn't happen when I use CyberFox or Firefox 64bit.
Safe Mode / clean profile info: Help/Restart in Safe Mode
Information to include when asking for support - How to apply user agent overrides
How to auto-fill passwords
Windows 10 Pro x64
Information to include when asking for support - How to apply user agent overrides
How to auto-fill passwords
Windows 10 Pro x64
Re: Facebook infinite reloading page with image/user posts!
It's been proven time and time again that it's a facebook issue.wildbill5891 wrote:It is a Pale Moon issue, because it doesn't happen when I use CyberFox or Firefox 64bit.
It does seem the way facebook coded their site is completely irresponsible.Moonchild wrote:FTR: the following report was sent to Facebook:
Moonchild wrote:Dear support team:
Well, we've finally figured out what your problem is with triggering constant reloads, no thanks to your lack of help or willingness to do anything about it.
I do hope you forward the following technical details to your back-end developers because it is an important problem:
Apparently, you are using CORS restrictions on theater mode/gallery pages (or potentially all photos). Adjunct to that you use data: URIs in the same elements. The HTML and CORS Fetch specs don't specify how to treat data: URIs in this situation and secure browsers would deny these requests because it would present a potential attack surface for injection (injecting base64 data could in-line replace element contents by changing the src attribute).
If such a request is denied on the browser side, your website code goes into a reload loop (gallery->theater->gallery-> etc. ad nauseum) making further use of Facebook impossible. Mainstream browsers like Chrome are not considering the relevant attack surface and as such do not run into this problem. Our browser attempts to enforce stricter, in-spec, security, and as such hits this webdesign issue.
Please consider checking and changing the relevant code.
Moonchild,
Pale Moon lead dev.I do plan to put this behind a pref eventually, because users should have the choice to deny potentially insecure loads from data: URIs if CORS is specified on the element.
Looking a bit more into this, making this pref-controlled is going a bit too far. The default allowance is fine; if you have a problem with data injection, then the only additional way this could be a problem is if you already have injection mitigation in place that doesn't understand base64.
Re: Facebook infinite reloading page with image/user posts!
Please, pay attention that by using the native UA tagging people on Facebook doesn't work.Moonchild wrote:
OK, I have to thank you VERY much for, by chance, finding the seemingly completely unrelated cause. This is a perfect example of "we need to know what trips up your code" and crickets as a response not helping.
I've merged the CORS change in and I'll build a new unstable today. if that confirms to fix it, I'll uplift it for 27.1 (since I still have to wait for Mozilla Security to give me sec bug access for FF51 bugs, anyway) -- at the same time I'll make the UA override native so there will be a solid record on FB's side of our users, as well as them being able to target that native UA directly if they are actually willing to fix things.
Or, at least, it didn't work last time I checked it while testing UAs for this issue.
Edit: it didn't work with a 64 bit UA.
-
- Astronaut
- Posts: 588
- Joined: 2015-06-01, 12:52
- Location: US Southeast
Re: Facebook infinite reloading page with image/user posts!
Posting to follow up after updating a couple of our computers to PM 27.1 (too lazy to do the living room and bed room right now)
Pages/images confirmed to loop just moments before upgrading are fixed on both machines now. Great sleuthing! Woohoo!
Pages/images confirmed to loop just moments before upgrading are fixed on both machines now. Great sleuthing! Woohoo!
-
- Board Warrior
- Posts: 1878
- Joined: 2015-09-30, 23:02
- Location: uk.
Re: Facebook infinite reloading page with image/user posts!
The pale moon developer has explained why it is not a palemoon issue.wildbill5891 wrote:It is a Pale Moon issue, because it doesn't happen when I use CyberFox or Firefox 64bit.
FTR:facebook is working perfectly now after update.
user of multiple puppy linuxes..upup,fossapup.scpup,xenialpup.....
Pale moon 29.4.1
Pale moon 29.4.1
Re: Facebook infinite reloading page with image/user posts!
Although 27.03. worked as a charm here, even on the Facebook, 27.1 works even better.
Photos are even better too. But, unless FB friends sends me some naked photos I'm not much interested in them anyway.
Otherwise, I seems that there are plenty of monkeys on Facebook. Maybe, as pure business proposal, should change name to MonkeyBook?
Huh, as usually, my friends do nothing there, exept complaing, so I'm bit afraid that they wouldn't say 'Mind your own business'.
Photos are even better too. But, unless FB friends sends me some naked photos I'm not much interested in them anyway.
Otherwise, I seems that there are plenty of monkeys on Facebook. Maybe, as pure business proposal, should change name to MonkeyBook?
Huh, as usually, my friends do nothing there, exept complaing, so I'm bit afraid that they wouldn't say 'Mind your own business'.