Citi Bank revisited: Citi.com login broken

Users and developers helping users with technical Pale Moon issues (Windows and other non-Linux O.S.). Please direct questions about the Linux version to the appropriate Linux board.

Moderator: trava90

Forum rules
This board is for technical/usage questions and troubleshooting for the Pale Moon browser only. The main focus here is on Pale Moon on Windows. Please direct your questions for Linux, Android and Mac to the dedicated boards.
Technical issues and questions not related to the Pale Moon browser should be posted in "technical chat"
Please keep off-topic and general discussion out of this board, thank you!
User avatar
kelendral
Fanatic
Fanatic
Posts: 117
Joined: 2015-05-29, 19:28
Location: Earth

Re: Pale Moon 28.8.2.1 breaks Citi.com login

Post by kelendral » 2020-02-10, 14:16

therube wrote:
2020-02-07, 14:06
URL of your login link?
UA override you have for citi.com?
Compatibility mode you have set in PM?

Using any extensions which may be affecting things?
Can you still log in after restarting PM in Safe Mode?
(Very possible that even something like uBlock is allowing things to work, where without it may not.
[See, Bahco.com - Unable to view product's technical details.])
https://online.citi.com
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0 (Pale Moon)
Firefox

Many (about 90 installed extensions).
Opened another profile with no addons and no settings changes and was unable to logon. Did not try safe mode.
Tested disabling uBlock Origin could still logon. Will test some more (it could also be a setting).
Browser Primary: Pale Moon 64bit
Browser Secondary: Basilisk 64bit
OSes: Win7Ult 64bit Desk & Win10Pro 64bit Laptop

pshipwrite
Hobby Astronomer
Hobby Astronomer
Posts: 20
Joined: 2018-04-18, 21:34

Re: Citi Bank revisited: Citi.com login broken

Post by pshipwrite » 2020-02-18, 15:50

One small footnote regarding this discussion concerning the Citibank website. This problem/issue was recently discussed in the "Pale Moon for Linux" forum at Christmas time, https://forum.palemoon.org/viewtopic.php?f=37&t=23493. Even though I run Pale Moon on Windows 7, I searched all the Pale Moon forums for Citi and found the posts in the Linux forum. I suggest users search all the PM forums for a potential issue, not just the "General support" forum.

User avatar
Pallid Planetoid
Knows the dark side
Knows the dark side
Posts: 3735
Joined: 2015-10-06, 16:59
Location: Los Angeles CA USA

Re: Citi Bank revisited: Citi.com login broken

Post by Pallid Planetoid » 2020-02-25, 18:26

ertooso wrote:
2020-02-23, 22:47
is it broken on 28.8.2 point nothing? Is it broken on 28.8.0? Is it broken on 28.7.whateverthatwas? Did you check?
It appears that it last worked on PM v27.9.4 (thanks to input by Tony0945): viewtopic.php?f=3&t=23774&start=20#p183721 (read this post and mine subsequent to this post). That said, my recollection is that it worked in much more current PM builds than this (using Win10). What and when Citi has done may very well be a factor as well beyond PM version releases.
Current Pale Moon(x86) Release | WIN10 | I5 CPU, 1.7 GHz, 6GB RAM, 500GB HD[20GB SSD]
Formerly user Pale Moon Rising - to provide context involving embedded reply threads.
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
Knowing Pale Moon is indisputably #1 is defined by knowing the totality of browsers. - Pale Moon Rising

rereser
Hobby Astronomer
Hobby Astronomer
Posts: 23
Joined: 2019-08-02, 12:49

Re: Citi Bank revisited: Citi.com login broken

Post by rereser » 2020-03-02, 17:37

solution posted by roytam1 on the msfn board.
about:config --- network.http.upgrade-insecure-requests = true (default = false)
don't know if this poses a security risk.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 27420
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Citi Bank revisited: Citi.com login broken

Post by Moonchild » 2020-03-02, 17:42

And you don't even have to dive into the realm of dragons for that.

I made settings like these available in preferences for a reason.

It does mean that citi has a problem with their website setup though, that something is set to make requests over http when it should be https. Faulty website security causing breakage.
don't know if this poses a security risk.
The setting itself doesn't. It tells the server that you prefer that it uses the upgrade insecure requests CSP directive:
The HTTP Content-Security-Policy (CSP) upgrade-insecure-requests directive instructs user agents to treat all of a site's insecure URLs (those served over HTTP) as though they have been replaced with secure URLs (those served over HTTPS). This directive is intended for web sites with large numbers of insecure legacy URLs that need to be rewritten.
Since this is a transparent "upgrade" mechanism, the result is that website owners (like here) probably won't be alerted to mixed-content links still present. It's only meant to be used during a transitional period between http and https for large and complex sites (which a bank most certainly should not be in!)
Attachments
oe.png
"There will be times when the position you advocate, no matter how well framed and supported, will not be accepted by the public simply because you are who you are." -- Merrill Rose
Image

User avatar
Pallid Planetoid
Knows the dark side
Knows the dark side
Posts: 3735
Joined: 2015-10-06, 16:59
Location: Los Angeles CA USA

Re: Citi Bank revisited: Citi.com login broken

Post by Pallid Planetoid » 2020-03-02, 18:01

Moonchild wrote:
2020-03-02, 17:42
.... giving you illogical secure site errors when you're supposedly not on a secure site.
Would these "errors" in some cases at some level potentially break the proper functioning of any other non-citi impacted sites? And if so would you have any idea as far as a rough estimate of the prevalence of impacted sites in terms of percentage?
Current Pale Moon(x86) Release | WIN10 | I5 CPU, 1.7 GHz, 6GB RAM, 500GB HD[20GB SSD]
Formerly user Pale Moon Rising - to provide context involving embedded reply threads.
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
Knowing Pale Moon is indisputably #1 is defined by knowing the totality of browsers. - Pale Moon Rising

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 27420
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Citi Bank revisited: Citi.com login broken

Post by Moonchild » 2020-03-02, 21:24

[statistics and big data question]
You're asking the wrong person. That's not my job.
"There will be times when the position you advocate, no matter how well framed and supported, will not be accepted by the public simply because you are who you are." -- Merrill Rose
Image

pshipwrite
Hobby Astronomer
Hobby Astronomer
Posts: 20
Joined: 2018-04-18, 21:34

Re: Citi Bank revisited: Citi.com login broken

Post by pshipwrite » 2020-03-03, 20:01

Just another quick footnote. Pale Moon's development team added Opportunistic Encryption, including the option to "Enable Upgrade Insecure Requests", back in version 28.2, released on November 13, 2018. Therefore, this latest Citi.com login issue is solely due to Citi changing its website, which I believe occurred sometime in December, 2019.

User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 7594
Joined: 2012-10-09, 19:37
Location: Just beyond the Lament Configuration

Re: Citi Bank revisited: Citi.com login broken

Post by New Tobin Paradigm » 2020-03-03, 20:07

Well.. I can only suggest using a different browser or a different bank or try flipping that off or on.
Image
- Welcome to the worst nightmare of all... reality! -

pshipwrite
Hobby Astronomer
Hobby Astronomer
Posts: 20
Joined: 2018-04-18, 21:34

Re: Citi Bank revisited: Citi.com login broken

Post by pshipwrite » 2020-03-03, 20:34

New Tobin Paradigm, I am going to turn on "Enable Upgrade Insecure Requests" when I need to login to Citi's website and when done, turn it back off. I just wanted to point out this option was added way back at the end of 2018. This issue with Citi's website is due solely to their website changes and NOT to any Pale Moon browser changes.

Tony0945
Moon lover
Moon lover
Posts: 86
Joined: 2015-08-22, 23:59
Location: Chicago suburbs

Re: Citi Bank revisited: Citi.com login broken

Post by Tony0945 » 2020-03-04, 04:08

Citibank working in bootleg "New Moon" build of 28.3.1 Windows (forbidden two character name)
network.http.upgrade-insecure-requests does not appear at all.
Not working in PM for Linux 28.8.4 bone stock.
Toggling network.http.upgrade-insecure-requests from false to true allowed login
SOLVED! Gott Sie Dank!

User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 7594
Joined: 2012-10-09, 19:37
Location: Just beyond the Lament Configuration

Re: Citi Bank revisited: Citi.com login broken

Post by New Tobin Paradigm » 2020-03-04, 18:50

Tony0945 wrote:
2020-03-04, 04:08
Citibank working in bootleg "New Moon" build of 28.3.1 Windows (forbidden two character name)
And this helps us how? Why are you even here?
Image
- Welcome to the worst nightmare of all... reality! -

Tony0945
Moon lover
Moon lover
Posts: 86
Joined: 2015-08-22, 23:59
Location: Chicago suburbs

Re: Citi Bank revisited: Citi.com login broken

Post by Tony0945 » 2020-03-04, 22:52

It's data. It shows that citibank works in a compiled version when it doesn't try to upgrade to https.

Why am I here? Because I like to use Palemoon and I've banked at citi for 30 years and I am confirming the previous poster's post to help others that want to use PM at citi.

Which is what YOU should be doing instead of insulting posters to show what a bad ass you are.
I still use Thunderbird because YOU are the developer of interlinks.
I forbear a lot because, unlike you, I was taught to be civil. Were you raised by cannibals?

User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 7594
Joined: 2012-10-09, 19:37
Location: Just beyond the Lament Configuration

Re: Citi Bank revisited: Citi.com login broken

Post by New Tobin Paradigm » 2020-03-04, 23:05

Too bad you don't use Pale Moon, btw that is the browser's name. If it isn't an official build it isn't a valid datapoint. So your verification is worthless.

Also, good. I don't want you to use Interlink, also that is the correct name of the email client.

So you regard cannables as badasses. Is it because they eat people? Is this something you secretly wish you could do but can not bring yourself to because it would be considered uncivilized? Do you live only for apperences then? Perhaps you just consider your self weak and use civility as a reasonable excuse.

I have so many questions but these are already getting far off-topic.
Image
- Welcome to the worst nightmare of all... reality! -

Tony0945
Moon lover
Moon lover
Posts: 86
Joined: 2015-08-22, 23:59
Location: Chicago suburbs

Re: Citi Bank revisited: Citi.com login broken

Post by Tony0945 » 2020-03-05, 02:47

Folks, one more thing. Don't use a VPN. That also causes this problem.

KlarkKentThe3rd
Lunatic
Lunatic
Posts: 326
Joined: 2018-04-20, 20:31

Re: Citi Bank revisited: Citi.com login broken

Post by KlarkKentThe3rd » 2020-05-02, 01:13

network.http.upgrade-insecure-requests being true SOLVES IT.

Freaking thanks!

User avatar
Pallid Planetoid
Knows the dark side
Knows the dark side
Posts: 3735
Joined: 2015-10-06, 16:59
Location: Los Angeles CA USA

Re: Citi Bank revisited: Citi.com login broken

Post by Pallid Planetoid » 2020-05-02, 01:36

^ This isn't the topic where you were posing your questions about Citibank -- it was in this topic at this location in the topic: viewtopic.php?f=46&t=19119&start=260#p188641 where you first brought up Citibank (first asking about Noscript presumably thinking originally that this was the cause of the Citibank problem in a post above this - which it isn't. It is Citibanks problem of which thankfully there is a pref setting as you now know provides a "workaround" to the ongoing Citibank login issue).
Current Pale Moon(x86) Release | WIN10 | I5 CPU, 1.7 GHz, 6GB RAM, 500GB HD[20GB SSD]
Formerly user Pale Moon Rising - to provide context involving embedded reply threads.
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
Knowing Pale Moon is indisputably #1 is defined by knowing the totality of browsers. - Pale Moon Rising

KlarkKentThe3rd
Lunatic
Lunatic
Posts: 326
Joined: 2018-04-20, 20:31

Re: Citi Bank revisited: Citi.com login broken

Post by KlarkKentThe3rd » 2020-05-02, 02:21

Well, my thanks goes into the æther, and hopefully reaches whoever came up with it.

User avatar
Pallid Planetoid
Knows the dark side
Knows the dark side
Posts: 3735
Joined: 2015-10-06, 16:59
Location: Los Angeles CA USA

Re: Citi Bank revisited: Citi.com login broken

Post by Pallid Planetoid » 2020-05-02, 03:05

KlarkKentThe3rd wrote:
2020-05-02, 02:21
Well, my thanks goes into the æther, and hopefully reaches whoever came up with it.
It was actually HERE (where it was discussed further) in this one and another topic than the one you were in previously where rereser came up with the pref setting that was originally mentioned on an msfn board. :clap:
Last edited by Pallid Planetoid on 2020-05-02, 04:12, edited 1 time in total.
Current Pale Moon(x86) Release | WIN10 | I5 CPU, 1.7 GHz, 6GB RAM, 500GB HD[20GB SSD]
Formerly user Pale Moon Rising - to provide context involving embedded reply threads.
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
Knowing Pale Moon is indisputably #1 is defined by knowing the totality of browsers. - Pale Moon Rising

KlarkKentThe3rd
Lunatic
Lunatic
Posts: 326
Joined: 2018-04-20, 20:31

Re: Citi Bank revisited: Citi.com login broken

Post by KlarkKentThe3rd » 2020-05-02, 04:06

Re-sent thanks his way.

Post Reply