Card payment no longer works with PM
Forum rules
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, UXP applications, and related, but don't have a more fitting board available.
Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, UXP applications, and related, but don't have a more fitting board available.
Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
-
- Fanatic
- Posts: 225
- Joined: 2021-02-19, 20:46
Card payment no longer works with PM
It's been maybe a week or two max. since randomly I noticed that any card payment I try to make in PM fails (as in the pay gate simply saying the transaction failed). It doesn't seem to matter what eshop I use or what pay gate they use, it simply fails.
Is this something anyone else noticed?
It wasn't until yesterday when I tried to pay for stuff from Firefox, and it simply worked.
It feels like all these Cloudflare problems that happen every once in a while, but it's weird I have never experienced it before.
Is this something anyone else noticed?
It wasn't until yesterday when I tried to pay for stuff from Firefox, and it simply worked.
It feels like all these Cloudflare problems that happen every once in a while, but it's weird I have never experienced it before.
-
- Knows the dark side
- Posts: 4984
- Joined: 2015-12-09, 15:45
Re: Card payment no longer works with PM
You've been here long enough to know the drill when reporting any problems, so why haven't you provided even the URL of the gateway on question, let alone any other troubleshooting info? I have zero problems making payments with my bank, Paypal, Amazon and a few other places.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX
-
- Pale Moon guru
- Posts: 35651
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Card payment no longer works with PM
Might also want to do a malware check on your system.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Astronaut
- Posts: 588
- Joined: 2015-06-01, 12:52
- Location: US Southeast
Re: Card payment no longer works with PM
My first guess was malware as well, or a borked PM profile/install.
All my credit card transactions have also been fine.
All my credit card transactions have also been fine.
-
- Fanatic
- Posts: 225
- Joined: 2021-02-19, 20:46
Re: Card payment no longer works with PM
I am not trying to troubleshoot anything yet (hence why it's in general discussion section), I'm trying to figure out whether anyone else has been seeing that very recently, which would indicate something changing over at those companies or the higher up payment systems out there.moonbat wrote: ↑2023-07-27, 11:19You've been here long enough to know the drill when reporting any problems, so why haven't you provided even the URL of the gateway on question, let alone any other troubleshooting info? I have zero problems making payments with my bank, Paypal, Amazon and a few other places.
For the record, I am NOT talking about internet banking, Paypal or Amazon (which is an eshop).
I am talking about any random eshop that lets you pay with a credit card. The interface between them and the card companies is what seems to be failing for reasons I do not understand.
But to name something, one such provider or interface or whatever it is is Gopay. I really don't feel like buying random stuff at random eshops just to see how many payment interface systems are out there and what is failing where.
Re: malware, that's a negative.
P.S. I am from Europe. I know (or up until now believed) online payment is completely different in the U.S.
P.P.S. Borked profile, I don't think so, I created a new one after the webcomponents update to PM landed and haven't touched anything about it since. I don't even use any extensions besides Ublock origin.
-
- Knows the dark side
- Posts: 4984
- Joined: 2015-12-09, 15:45
Re: Card payment no longer works with PM
Check if you're blocking anything from the gateway in question. These can require third party scripts to work. uBO's log should show you what's been blocked.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX
-
- Fanatic
- Posts: 225
- Joined: 2021-02-19, 20:46
Re: Card payment no longer works with PM
But that makes no sense, I made literally zero changes to anything browser related since I created the new profile. Ublock is always updated too.
Anyway I have just had the chance to order something.
This is what error console showed after clicking pay in the eshop:
But then the payment went through. I will have to try the first eshop again when I have the chance. Or maybe the card company fixed it meanwhile.
P.S. Why do I have to copy line by line in the console instead of being able to select all?
Anyway I have just had the chance to order something.
This is what error console showed after clicking pay in the eshop:
Code: Select all
Timestamp: 28.07.2023 9:10:17
Warning: Content Security Policy: Ignoring ‘x-frame-options’ because of ‘frame-ancestors’ directive.
Timestamp: 28.07.2023 9:10:18
Warning: Strict-Transport-Security: The site specified a header that could not be parsed successfully.
Source File: https://secure.checkout.visa.com/checkout-widget/resources/js/src-i-adapter/visaSdk.js
Line: 0
Timestamp: 28.07.2023 9:10:18
Warning: unreachable code after return statement
Source File: https://src.mastercard.com/QUN4/bJen/wkVYx/SKvlA/N77Qzb2rmcJa/FwcsSHIcHw0/QH/ZqKBcQaAI
Line: 1, Column: 211116
Source Code:
L9,VS,KB,vg,F5,k9,DK;var tUM;var QUM;var Er;var lKM;var CKM;Q8M;}());
Timestamp: 28.07.2023 9:10:18
Warning: Content Security Policy: Couldn’t process unknown directive ‘script-src-elem’
Timestamp: 28.07.2023 9:10:18
Warning: Content Security Policy: Couldn’t process unknown directive ‘report-to’
Timestamp: 28.07.2023 9:10:19
Error: SecurityError: The operation is insecure.
Source File: https://secure.checkout.visa.com/checkout-widget/resources/vba/js/vba-3.1.4.min.js
Line: 2
Timestamp: 28.07.2023 9:10:19
Warning: Strict-Transport-Security: The site specified a header that could not be parsed successfully.
Source File: https://secure.checkout.visa.com/logging/logEvent
Line: 0
Timestamp: 28.07.2023 9:10:32
Warning: Content Security Policy: Ignoring ‘report-uri’ since it does not contain any parameters.
P.S. Why do I have to copy line by line in the console instead of being able to select all?
-
- Pale Moon guru
- Posts: 35651
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Card payment no longer works with PM
Just because you didn't change anything, doesn't mean it'll remain working if they change stuff on their side.LuftWafflePilot wrote: ↑2023-07-28, 07:17But that makes no sense, I made literally zero changes to anything browser related since I created the new profile.
Seems it's actually your card processor's payment gateway that is the problem which would explain why you've seen issues over multiple sites when trying to pay.
The code you quoted from the console indicated they have several issues with their CSP, most likely trying to strictly lock down and control how resources are being loaded in their checkout.
Also "code after return statement" is at the very least sloppy scripting, and could actually be a bug in their code, too. Of course being minimized and obfuscated, we can't really do anything with it. But, you could possibly report this to visa.com if the problem persists. Yes they will probably just tell you to use spyware (Chrome) instead, but if enough people point this out it may just get solved.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Astronaut
- Posts: 660
- Joined: 2014-09-01, 15:11
- Location: Milan Italy
Re: Card payment no longer works with PM
I continue in a different sectio with a similar case viewtopic.php?f=70&t=30127
The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. (G.B. Shaw)
-
- New to the forum
- Posts: 1
- Joined: 2023-08-09, 11:36
Re: Card payment no longer works with PM
and everyone has cloudflare ?
-
- Fanatic
- Posts: 225
- Joined: 2021-02-19, 20:46
Re: Card payment no longer works with PM
And it happened again...
No errors in console at all, so it must be incompatibility with PM on their end.
No errors in console at all, so it must be incompatibility with PM on their end.
You do not have the required permissions to view the files attached to this post.
-
- Fanatic
- Posts: 225
- Joined: 2021-02-19, 20:46
Re: Card payment no longer works with PM
comgate.cz seems to persistently refuse to work with PM.
https://pay2.comgate.cz/status/5HAM-TUOL-T4GR
https://pay2.comgate.cz/status/5HAM-TUOL-T4GR
Code: Select all
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://payments.comgate.cz/client/journal?id=5HAM-TUOL-T4GR. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
(unknown)
Content Security Policy: Couldn’t process unknown directive ‘style-src-elem’
(unknown)
Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to control workers, or directive ‘frame-src’ to control frames respectively.
(unknown)
Content Security Policy: Couldn’t process unknown directive ‘report-to’
(unknown)
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://payments.comgate.cz/client/instructions/outages?id=5HAM-TUOL-T4GR. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
(unknown)
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://payments.comgate.cz/client/instructions/load?id=5HAM-TUOL-T4GR&restart=false&needStyle=true&iframe=false. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
(unknown)
-
- Pale Moon guru
- Posts: 35651
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Card payment no longer works with PM
Code: Select all
Reason: CORS header ‘Access-Control-Allow-Origin’ missing
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Keeps coming back
- Posts: 940
- Joined: 2021-01-26, 11:18
Re: Card payment no longer works with PM
The server doesn't seem to know how to properly respond to an OPTIONS request. MS Edge asks for GET immediately, while Pale Moon asks for OPTIONS first. Of course, if I interpret the protocol correctly and the browsers do not hide anything.
Based on the logs, the response to the OPTIONS request is missing the "Access-Control-Allow-Origin" header. But this header is in the response to the GET request.
EDIT:
I can confirm the same (as in MS Edge) behavior in FireFox 105 - the OPTIONS request is not sent for this URL:
Code: Select all
https://payments.comgate.cz/client/instructions/outages?id=5HAM-TUOL-T4GR
-
- Pale Moon guru
- Posts: 35651
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Card payment no longer works with PM
Well, that URL returns a 500 error with a "not found" message from their Zend framework, so I can't really do much more about this to find out what's going on with that.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Keeps coming back
- Posts: 940
- Joined: 2021-01-26, 11:18
Re: Card payment no longer works with PM
Are you trying to open that URL directly? Indeed, we get "Not found" in this case.
In fact, this URL is requested by a script from the page
https://pay2.comgate.cz/status/5HAM-TUOL-T4GR
And in this case we get 204 in response to the OPTIONS request.
UPDATE:
Great, I think I've caught the reason.
In fact, a preflight request is also generated in FF the first time the page is accessed, but then the cache prevents it from being sent.
The difference is that the preflight request does not contain a referer and then the response does not contain access-control-allow-origin and the page does not work. PM32.5 also does not send a referer in a preflight request.
FF63: No referer, no access-control-allow-origin response, page does not work.
PM320502: No referer, no access-control-allow-origin response, page does not work.
FF65: +referer, +access-control-allow-origin response, page works.
You do not have the required permissions to view the files attached to this post.
-
- Keeps coming back
- Posts: 940
- Joined: 2021-01-26, 11:18
Re: Card payment no longer works with PM
No Referer header in CORS request from IE or Firefox
https://stackoverflow.com/questions/321 ... or-firefox
"In Chrome, this works as expected - OPTIONS preflight request is sent to server, server responds with access control headers, POST request is sent. When I try to do this in IE or Firefox, no referer is sent with the OPTIONS request ... "
https://stackoverflow.com/questions/321 ... or-firefox
"In Chrome, this works as expected - OPTIONS preflight request is sent to server, server responds with access control headers, POST request is sent. When I try to do this in IE or Firefox, no referer is sent with the OPTIONS request ... "
-
- Pale Moon guru
- Posts: 35651
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Card payment no longer works with PM
Sorry, but I think Chrome does not follow the standard then (and neither does Firefox since they became more Chrome like in this respect...)
The request is sent from pay2.comgate.cz and the OPTIONS request is made to payments.comgate.cz -- that is a cross-origin request.
The standard does not have any special behaviour for OPTIONS, so the default rules apply:
Please let me know if I somehow misunderstand this...
The request is sent from pay2.comgate.cz and the OPTIONS request is made to payments.comgate.cz -- that is a cross-origin request.
The standard does not have any special behaviour for OPTIONS, so the default rules apply:
A preflight request will not have explicit CORS permissions (since it happens before CORS headers are known) and are inherently insecure, so a referer should not be sent.https://www.rfc-editor.org/rfc/rfc9110#name-referer wrote:A user agent SHOULD NOT send a Referer header field if the referring resource was accessed with a secure protocol and the request target has an origin differing from that of the referring resource, unless the referring resource explicitly allows Referer to be sent.
Please let me know if I somehow misunderstand this...
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Keeps coming back
- Posts: 940
- Joined: 2021-01-26, 11:18
Re: Card payment no longer works with PM
Yes, it seems logical...Moonchild wrote: ↑2024-01-02, 17:55A user agent SHOULD NOT send a Referer header field if the referring resource was accessed with a secure protocol and the request target has an origin differing from that of the referring resource, unless the referring resource explicitly allows Referer to be sent.
But there is such an interesting thing:
Either the site indicated this or FF used some kind of default...
You do not have the required permissions to view the files attached to this post.
-
- Pale Moon guru
- Posts: 35651
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Card payment no longer works with PM
Looks like FF just started wholesale ignoring that and always allowing it, contrary to the spec. bug #1720294
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite