PM 28.14.2 Github

For support with specific websites

Moderator: trava90

Forum rules
Please always mention the name/domain of the website in question in your topic title.
User avatar
BopBe
Moongazer
Moongazer
Posts: 10
Joined: 2019-08-21, 19:59

Re: PM 28.14.2 Github

Post by BopBe » 2020-10-15, 16:21

JustOff wrote:
2020-10-15, 15:25
Here is a workaround: GitHub Web Components Polyfill.
Damn. Working fine as far as I could test: marking notifications "done", markdown preview, etc. Superb.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 28792
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: PM 28.14.2 Github

Post by Moonchild » 2020-10-15, 18:15

For those curious as to what it does: the extension injects an existing WebComponents polyfill library in html pages on github.com. This way Github's reliance-without-fallsbacks on Google WebComponents is satisfied (in essence doing what GitHub itself should be doing to be browser-agnostic).
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
Image

User avatar
JustOff
Moon Magic practitioner
Moon Magic practitioner
Posts: 2057
Joined: 2015-09-03, 19:47
Location: UA
Contact:

Re: PM 28.14.2 Github

Post by JustOff » 2020-10-15, 18:34

In fact, it's fortunate that this approach met the basic requirements of the GitHub framework, but not all features work as expected, for example, there are no pop-ups on usernames, issues, commits, etc., and it's also impossible to create a new repository. However, the main functions are currently working, and hopefully the GitHub devs don't break it again too quickly.
Here are the add-ons I made in a spare time. That was fun!

User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 8531
Joined: 2012-10-09, 19:37
Location: Skaro

Re: PM 28.14.2 Github

Post by New Tobin Paradigm » 2020-10-15, 20:33

How does this mesh with my ajax bypass and why is it not something that can be seen? What is this encoded as and what is the original source and why is it disabling and intercepting csp. For all I know it is sending you everything I do on github including credentials.

Explain.
return NS_OK;
Image

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 28792
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: PM 28.14.2 Github

Post by Moonchild » 2020-10-15, 20:47

I can answer part of this: GitHub uses a rather strict CSP policy, so to enable an injected script, it needs to be added as an allowed source in the policy or the browser will not load/execute it.
It's encoded because it'll have characters in there that would break the JS otherwise (like quotes). Seems to be standard base-64 encoding.
Although I do wonder why you're not supplying the code in plaintext as a resource:// URI and inject a script tag with that. It would make it a lot more transparent.
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
Image

User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 8531
Joined: 2012-10-09, 19:37
Location: Skaro

Re: PM 28.14.2 Github

Post by New Tobin Paradigm » 2020-10-15, 20:48

Why couldn't this just be in not encoded form. ie resource uri link that would have made the perfect basis for something I asked for some months ago: an example of simple script injection as an extension without the massive amount of dependance on greasemonkey.

But, as always, it was just me asking so no one bothered to help and JustOff's almost but not quite useful solution negates that goal. Also, bootstrap style rather than toolkit style because of course it would be.
return NS_OK;
Image

User avatar
JustOff
Moon Magic practitioner
Moon Magic practitioner
Posts: 2057
Joined: 2015-09-03, 19:47
Location: UA
Contact:

Re: PM 28.14.2 Github

Post by JustOff » 2020-10-15, 21:06

Moonchild wrote:
2020-10-15, 20:47
I can answer part of this: GitHub uses a rather strict CSP policy, so to enable an injected script, it needs to be added as an allowed source in the policy or the browser will not load/execute it.
It's encoded because it'll have characters in there that would break the JS otherwise (like quotes). Seems to be standard base-64 encoding.
Quite right.
Although I do wonder why you're not supplying the code in plaintext as a resource:// URI and inject a script tag with that. It would make it a lot more transparent.
I'm afraid that this would require relaxing the CSP even more, whereas now I only allowed a script with a specific sha256 hash.
Here are the add-ons I made in a spare time. That was fun!

User avatar
SlySven
Moongazer
Moongazer
Posts: 8
Joined: 2018-07-07, 22:42

Re: PM 28.14.2 Github

Post by SlySven » 2020-10-15, 21:44

As the project I code for has it's repository on GitHub I do have an account and I left a message on https://support.github.com which got me this canned response:
## Please do not write below this line ##

Your request has been updated.

You can add a comment by replying to this email.



Adrienn Richmond (GitHub Support)

Oct 15, 2020, 4:38 PM UTC

Hi Stephen,

Thanks for contacting GitHub Support!

I'm afraid that we only support the current versions of Chrome, Firefox, Safari, and Microsoft Edge. We do not support any other browsers and unfortunately it is irrelevant that your browser is a fork of Firefox.

Here is a list of our supported browsers:

https://help.github.com/articles/supported-browsers

Could you please try visiting the page again in a supported browser and let us know if you are still experiencing any issues?

If you're still having trouble even then, could you please confirm the exact browser version and operating system you're using?

Cheers,
Adrienn
GitHub Support



Stephen Lyons

Oct 15, 2020, 3:16 AM UTC

Dear Sir/Madam;

I regret to report that some change that you have made to your https://github.com website has rendered GitHub unusable for me with my primary browser PaleMoon https://www.palemoon.org/ (version 28.14.2 released 2020/10/02). This mature fork of FireFox (with Mozilla's telemetry removed and with a forked from Gecko rendering engine "Goanna") has become unable to produce previews of messages, no auto-completion of emojis after typing a ':' and most significantly the merge button is unresponsive in that clicking it does not do anything - which is a PITA as I had a couple of PRs I wanted to merge.

This change has happened in the last 24 hours so is not concerned with any update in the browser. To confirm this I tried two additional steps, first by creating a new profile with no add-ons in the latest version and then by uninstalling the browser and reinstalling the previous 28.13.0 version. Neither actions restored normal operations.

Just in case it was a problem with my AntiVirus software in the 64-bit Windows 10 Home 2004 (OS build 19041.508) I also booted up the same (latest) browser in a second 64-bit PC using Linux (Devuan 3.0) and that was equally unusable.

Tracking this issue at: viewtopic.php?f=70&p=201727 someone else has reported that some JavaScript is failing to load - I do not know if that will help anyone to debug and fix this problem as it is a major inconvenience!

Regards

Stephen Lyons

This email is a service from GitHub Support.
[93WV8E-QX2D]
I sent an unfavourable reply reminding them of Postel's Law and pointing out that it is the omission of https://github.com/webcomponents/polyfills that breaks things for non-bleeding edge browsers used by those that are not sheeple...

I am not expecting a positive response from GH but I am pleased to say that whatever JustOff is doing in their add-on is at least restoring the functionality I need. Whether GH fixes their page generation to put back the call for that third-party resource remains to be seen. So, provided JustOff is not doing anything otherwise untoward in the PaleMoon (and presumably other affected) browsers they get a +1 from me...

User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 8531
Joined: 2012-10-09, 19:37
Location: Skaro

Re: PM 28.14.2 Github

Post by New Tobin Paradigm » 2020-10-15, 21:54

Chrome, Wants to be Chrome, Was Chrome, and Chrome are their supported browsers.
return NS_OK;
Image

User avatar
prengle
Hobby Astronomer
Hobby Astronomer
Posts: 27
Joined: 2020-09-05, 01:53

Re: PM 28.14.2 Github

Post by prengle » 2020-10-15, 22:13

SlySven wrote:
2020-10-15, 21:44
As the project I code for has it's repository on GitHub I do have an account and I left a message on https://support.github.com which got me this canned response:

-snip-

I sent an unfavourable reply reminding them of Postel's Law and pointing out that it is the omission of https://github.com/webcomponents/polyfills that breaks things for non-bleeding edge browsers used by those that are not sheeple...

I am not expecting a positive response from GH but I am pleased to say that whatever JustOff is doing in their add-on is at least restoring the functionality I need. Whether GH fixes their page generation to put back the call for that third-party resource remains to be seen. So, provided JustOff is not doing anything otherwise untoward in the PaleMoon (and presumably other affected) browsers they get a +1 from me...
i wasn't even able to get a manufactured response from their h-1b-powered support team, so more power to you i guess - although i literally do not host anything on github, so that might be a problem. i'm not even surprised this is another webcomponents issue, i don't even want to know what's going to happen if big tech universally decides to adopt Google™ Web Bundles™ (and they probably will)
JustOff wrote:
2020-10-15, 15:25
Here is a workaround: GitHub Web Components Polyfill.
i didn't see this until i woke up around 10 minutes ago but thank you!

User avatar
Tharthan
Board Warrior
Board Warrior
Posts: 1110
Joined: 2019-05-20, 20:07
Location: New England

Re: PM 28.14.2 Github

Post by Tharthan » 2020-10-15, 23:08

GitHub wrote: we only support [...] Chrome, Firefox, Safari, and Microsoft Edge. We do not support any other browsers and unfortunately it is irrelevant that your browser is a fork of Firefox.

Cheers,
Adrienn
GitHub Support
The fact that they doubled down on being totally uninterested in fixing bugs that their laziness caused is simply amazing. I'm surprised that their message didn't end with "Switch to Chrome, or buzz off. You are lucky that we are even bothering to respond to you, vermin." After all, the façade of professionalism in their e-mail message to you was totally broken by their "your browser originating as a fork of Firefox means nix to us" comment.

I worry that coders are becoming comfortable (like a couch potato is on their couch, irritated when they need to or are asked to get up and get something) with not having to be browser-neutral. After all, if (to all intents and purposes) everything is Chrome, then why would someone who has spent the last several years just coding for Chrome bother coding for anything else whatsoever?
Last edited by Tharthan on 2020-10-15, 23:21, edited 4 times in total.
"This is a war against individuality and intelligence. Only thing we can do is stand strong."adesh, 9 January 2020

"I used to think I was a grumpy old man, but I don't hold a candle compared to Tharthan."Cassette, 9 September 2020

Image

User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 8531
Joined: 2012-10-09, 19:37
Location: Skaro

Re: PM 28.14.2 Github

Post by New Tobin Paradigm » 2020-10-15, 23:16

Seems to mesh well enough with my ajax bypass userscript. I was able to make a new repository with it. Though the popup fake tooltips for usernames and issues are still not present.
return NS_OK;
Image

User avatar
dtoxic
Apollo supporter
Apollo supporter
Posts: 40
Joined: 2017-10-04, 00:14
Location: Tau Ceti

Re: PM 28.14.2 Github

Post by dtoxic » 2020-10-15, 23:23

Tharthan wrote:
2020-10-15, 23:08
GitHub wrote: we only support [...] Chrome, Firefox, Safari, and Microsoft Edge. We do not support any other browsers and unfortunately it is irrelevant that your browser is a fork of Firefox.

Cheers,
Adrienn
GitHub Support
The fact that they doubled down on being totally uninterested in fixing bugs that their laziness caused is simply amazing. I'm surprised that their message didn't end with "Switch to Chrome, or buzz off. You are lucky that we are even bothering to respond to you, vermin." After all, the façade of professionalism in their e-mail message to you was totally broken by their "your browser originating as a fork of Firefox means nix to us" comment.

I worry that coders are becoming comfortable (like a couch potato is on their couch, irritated when they are asked to stand up) with not having to be browser-neutral. After all, if (to all intents and purposes) everything is Chrome, then why would someone who has spent the last several years just coding for Chrome bother coding for anything else whatsoever?
I don't think it's laziness, they what to eliminate every browser that does not comfort to their view,and of course imagine a browser of a big tech company without telemetry....how on earth are they going to spy on you :D
Windows 7 SP1 X64
Windows 10 LTSC X64

User avatar
Tharthan
Board Warrior
Board Warrior
Posts: 1110
Joined: 2019-05-20, 20:07
Location: New England

Re: PM 28.14.2 Github

Post by Tharthan » 2020-10-15, 23:27

Off-topic:
Google wants to eliminate any browser that does not run on their technology. But coders that are unaffiliated with Google may merely be becoming utterly accustomed to writing code just for Chrome and pretty much nothing else.

Microsoft has, since the dawn of Windows 10, adopted a Google-like approach to their consumers. Since they use Chromium for their Microsoft Edge browser, and since only Chrome and a Chrome clone exist as "mainstream browsers" these days, they would not want to bother coding for anything else.
"This is a war against individuality and intelligence. Only thing we can do is stand strong."adesh, 9 January 2020

"I used to think I was a grumpy old man, but I don't hold a candle compared to Tharthan."Cassette, 9 September 2020

Image

User avatar
dink_fbneo
Moongazer
Moongazer
Posts: 13
Joined: 2020-01-17, 00:29

Re: PM 28.14.2 Github

Post by dink_fbneo » 2020-10-15, 23:43

JustOff thank you!! This made my day :)

User avatar
SlySven
Moongazer
Moongazer
Posts: 8
Joined: 2018-07-07, 22:42

Re: PM 28.14.2 Github

Post by SlySven » 2020-10-16, 00:22

Off-topic:
Sorry to be irreverent, but when I see JustOff I am mentally starting to read that moniker as
beginning with another four letter word that begins with 'J'
which is really unfortunate as I actually want to thank them as a life-saver in this situation...

MGB1971
Apollo supporter
Apollo supporter
Posts: 38
Joined: 2018-05-11, 09:31

Re: PM 28.14.2 Github

Post by MGB1971 » 2020-10-17, 13:18

Please, what is your ajax bypass userscript?

User avatar
adesh
Board Warrior
Board Warrior
Posts: 1277
Joined: 2017-06-06, 07:38

Re: PM 28.14.2 Github

Post by adesh » 2020-10-17, 14:11


User avatar
JustOff
Moon Magic practitioner
Moon Magic practitioner
Posts: 2057
Joined: 2015-09-03, 19:47
Location: UA
Contact:

Re: PM 28.14.2 Github

Post by JustOff » 2020-10-17, 14:21

As of today, there is no need for additional scripts when using GitHub Web Components Polyfill.
Here are the add-ons I made in a spare time. That was fun!

User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 8531
Joined: 2012-10-09, 19:37
Location: Skaro

Re: PM 28.14.2 Github

Post by New Tobin Paradigm » 2020-10-17, 20:11

My userscript serves two things one is ajax loading of an unchecked direct call to shadowDom and because it foils all ajax loading it actually improves performance so don't shit on my userscript, insect.
return NS_OK;
Image

Post Reply