Users and developers helping users with generic and technical Pale Moon issues on all operating systems.
Moderator:trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
Operating system:7 Browser version:latest 64 32-bit or 64-bit browser?:^ Problem URL:aftership.com/track Browser theme (if not default):none Installed add-ons:none Installed plugins: (about:plugins):none
If possible, please include the output of help->troubleshooting information (as text):
Timestamp: 11/10/2022 10:54:51 AM
Warning: Content Security Policy: Ignoring ‘x-frame-options’ because of ‘frame-ancestors’ directive.
Timestamp: 11/10/2022 10:55:19 AM
Error: None of the “sha512” hashes in the integrity attribute match the content of the subresource.
Source File: https://www.aftership.com/track
Line: 0
tried a new profile and it wont load. It used to work fine.
works on chrome
2021202.jpg
You do not have the required permissions to view the files attached to this post.
None of the “sha512” hashes in the integrity attribute match the content of the subresource.
They need to fix their hashes, then
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
This is actually a bad thing.
I don't know specifically about this site, but in general Chrome, and by extension Firefox, has adopted a policy of connecting to websites no matter what, often without warning the user.
This means that users can connect to misconfigured or outright insecure websites without realizing it, in addition of hiding important details to webmasters.
The latter, in particular, is a big issue if the site contains sensitive data as the administrators will not be able to properly assess the safety of said sensitive content.
This is actually a bad thing.
I don't know specifically about this site, but in general Chrome, and by extension Firefox, has adopted a policy of connecting to websites no matter what, often without warning the user.
This means that users can connect to misconfigured or outright insecure websites without realizing it, in addition of hiding important details to webmasters.
The latter, in particular, is a big issue if the site contains sensitive data as the administrators will not be able to properly assess the safety of said sensitive content.
Kind of ironic considering they're going in the opposite direction with their increasingly "use HTTPS or die" zealot-like attitude, and the outright refusal to allow a user to view a page that fails SSL in an HSTS context (yeah, I know the spec says that, but and spec that dictates what they user should be able to view on their own machine no matter what settings they set is a dumb spec).
Kind of ironic considering they're going in the opposite direction with their increasingly "use HTTPS or die" zealot-like attitude, and the outright refusal to allow a user to view a page that fails SSL in an HSTS context (yeah, I know the spec says that, but and spec that dictates what they user should be able to view on their own machine no matter what settings they set is a dumb spec).
Off-topic:
Never claimed they did things coherently. I'm just saying that they allow connections even through misconfigured channels that can potentially be insecure.
Whether they force HTTPS or not is irrelevant to this.
If we want to wear our tinfoil full-set armor, we could argue that this is all a plan to dilute web security through Let's Encrypt and poorly-configured channels, so as to implant a world-wide backdoor to get access to people's machines/data/other.