mina7601 Posted October 10, 2023 Share Posted October 10, 2023 17 hours ago, VistaLover said: but now I'm all out of ideas... TL;DR: I can't reproduce myself, sorry... Well, it's fine, but I am still sure it's not a problem on my end! Good that it loads for you, even on a fresh profile. 11 hours ago, anton12 said: http://www.rw-designer.com/ Hello mina7601, For me the website above loads fine with the latest versions of St52,NM28 and K-Meleon. St52 and NM28 have Palefill 1.27 activated,no other extensions. Good for you. Link to comment Share on other sites More sharing options...
Mathwiz Posted October 11, 2023 Share Posted October 11, 2023 On 10/9/2023 at 6:14 PM, mina7601 said: Hello, anyone has any clue why http://www.rw-designer.com/ doesn't load in Serpent 52.9 and Serpent 55 (and also K-Meleon)? It is another website I visit to get custom cursors (aside from GitHub and that heavy DeviantArt). The website gives a timeout when I attempt to load it. It loads fine in 360Chrome 13.5. Thanks! Strange. It came up fine for me (latest Serpent 55). Even HTTPS Everywhere didn't interfere. It came up in plain HTTP. So I'm baffled why it doesn't work for you. Can you ping www.rw-designer.com? BTW, I would prefer an HTTPS version, if only to avoid the remote possibility of a MITM attack - but I don't insist on the absolute latest TLS 1.3 with 256-bit keys, GCM, SHA2, etc. This ain't a banking - or even an email - site! The move to make HTTPS ubiquitous was a good one, so that folks who do insist on their privacy don't fall under undue suspicion; but somewhere along the line religion took over, and now every lowly podcast has to be encrypted with the kind of security formerly reserved for nuclear launch codes, making HTTPS yet another obstacle to using older browsers, email clients, etc. Link to comment Share on other sites More sharing options...
j7n Posted October 11, 2023 Share Posted October 11, 2023 (edited) Does the main page or archive . org result in a white screen in New Moon and Serpent for you? My configs are far from vanilla now to work around different issues. https://i.imgur.com/PmpyUFv.png Edited October 11, 2023 by j7n Link to comment Share on other sites More sharing options...
AstroSkipper Posted October 11, 2023 Share Posted October 11, 2023 21 minutes ago, j7n said: Does the main page or archive . org result in a white screen in New Moon and Serpent for you? My configs are far from vanilla now to work around different issues. https://i.imgur.com/PmpyUFv.png No problems here in the latest version of New Moon 28. Here is a screenshot: 2 Link to comment Share on other sites More sharing options...
basilisk-dev Posted October 11, 2023 Share Posted October 11, 2023 1 hour ago, j7n said: Does the main page or archive . org result in a white screen in New Moon and Serpent for you? My configs are far from vanilla now to work around different issues. This happens for me even in Basilisk. I was never able to figure out why, sometimes archive.org works for me and sometimes it doesn't. Link to comment Share on other sites More sharing options...
AstroSkipper Posted October 11, 2023 Share Posted October 11, 2023 2 minutes ago, basilisk-dev said: This happens for me even in Basilisk. I was never able to figure out why, sometimes archive.org works for me and sometimes it doesn't. Although web.archive.org works for me in New Moon 28, I have noticed, however, that the website has become more cumbersome and difficult to load than it was a few months ago. 2 Link to comment Share on other sites More sharing options...
roytam1 Posted October 11, 2023 Author Share Posted October 11, 2023 10 minutes ago, basilisk-dev said: This happens for me even in Basilisk. I was never able to figure out why, sometimes archive.org works for me and sometimes it doesn't. because CSP seems not working well: 21:16:35.272 Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://archive.org/offshoot_assets/ https://*.archive.org/offshoot_assets/ https://offshoot.prod.archive.org/offshoot_assets/ https://archive.org/includes/ https://*.archive.org/includes/ https://offshoot.prod.archive.org/includes/ https://archive.org/components/ https://*.archive.org/components/ https://offshoot.prod.archive.org/components/ https://archive.org/jw/ https://*.archive.org/jw/ https://offshoot.prod.archive.org/jw/ https://av.prod.archive.org/js/ https://esm.archive.org/ https://polyfill.archive.org/v3/polyfill.min.js 'sha256-CoX53XgCdkM1zegYEEpMUeYIZnv663inNm8bQv2VRbM='”). Source: call to eval() or related function blocked by CSP. 1 (unknown) 21:16:35.272 Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://archive.org/offshoot_assets/ https://*.archive.org/offshoot_assets/ https://offshoot.prod.archive.org/offshoot_assets/ https://archive.org/includes/ https://*.archive.org/includes/ https://offshoot.prod.archive.org/includes/ https://archive.org/components/ https://*.archive.org/components/ https://offshoot.prod.archive.org/components/ https://archive.org/jw/ https://*.archive.org/jw/ https://offshoot.prod.archive.org/jw/ https://av.prod.archive.org/js/ https://esm.archive.org/ https://polyfill.archive.org/v3/polyfill.min.js 'sha256-CoX53XgCdkM1zegYEEpMUeYIZnv663inNm8bQv2VRbM='”). Source: (function(a,G,x,v){let r,u,b,D,F,C,T,E,a.... 1 archive.org:1 21:16:35.273 Content Security Policy: The page’s settings blocked the loading of a resource at http://archive.org/offshoot_assets/index.34c417fd1d63.css (“style-src 'unsafe-inline' https://archive.org/ https://*.archive.org/ https://offshoot.prod.archive.org/”). 1 (unknown) 2 Link to comment Share on other sites More sharing options...
j7n Posted October 11, 2023 Share Posted October 11, 2023 Thank you for checking AstroSkipper! For me, web.archive.org works too. I didn't know that the subdomain "web" could be used. In Chromium there are animated tiles on the main archive.org, which are probably too complex. Link to comment Share on other sites More sharing options...
AstroSkipper Posted October 11, 2023 Share Posted October 11, 2023 (edited) 5 minutes ago, roytam1 said: because CSP seems not working well: 21:16:35.272 Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://archive.org/offshoot_assets/ https://*.archive.org/offshoot_assets/ https://offshoot.prod.archive.org/offshoot_assets/ https://archive.org/includes/ https://*.archive.org/includes/ https://offshoot.prod.archive.org/includes/ https://archive.org/components/ https://*.archive.org/components/ https://offshoot.prod.archive.org/components/ https://archive.org/jw/ https://*.archive.org/jw/ https://offshoot.prod.archive.org/jw/ https://av.prod.archive.org/js/ https://esm.archive.org/ https://polyfill.archive.org/v3/polyfill.min.js 'sha256-CoX53XgCdkM1zegYEEpMUeYIZnv663inNm8bQv2VRbM='”). Source: call to eval() or related function blocked by CSP. 1 (unknown) 21:16:35.272 Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://archive.org/offshoot_assets/ https://*.archive.org/offshoot_assets/ https://offshoot.prod.archive.org/offshoot_assets/ https://archive.org/includes/ https://*.archive.org/includes/ https://offshoot.prod.archive.org/includes/ https://archive.org/components/ https://*.archive.org/components/ https://offshoot.prod.archive.org/components/ https://archive.org/jw/ https://*.archive.org/jw/ https://offshoot.prod.archive.org/jw/ https://av.prod.archive.org/js/ https://esm.archive.org/ https://polyfill.archive.org/v3/polyfill.min.js 'sha256-CoX53XgCdkM1zegYEEpMUeYIZnv663inNm8bQv2VRbM='”). Source: (function(a,G,x,v){let r,u,b,D,F,C,T,E,a.... 1 archive.org:1 21:16:35.273 Content Security Policy: The page’s settings blocked the loading of a resource at http://archive.org/offshoot_assets/index.34c417fd1d63.css (“style-src 'unsafe-inline' https://archive.org/ https://*.archive.org/ https://offshoot.prod.archive.org/”). 1 (unknown) Ok! Maybe, I have no problems accessing this website because I have generally disabled CSP in New Moon 28 for some reasons. Edited October 11, 2023 by AstroSkipper 1 Link to comment Share on other sites More sharing options...
j7n Posted October 11, 2023 Share Posted October 11, 2023 With security.csp.enable set to false, archive.org loads. What are the real drawbacks of disabling CSP? Link to comment Share on other sites More sharing options...
VistaLover Posted October 11, 2023 Share Posted October 11, 2023 (edited) Something ignored so far by previous posts: 1. The screenshot posted by @j7n has a blank page rendered on the plain HTTP version of "archive.org": http://archive.org I can replicate here on my "dirty" St52 profile: But the screenshot posted by @AstroSkipper (in NM28) has the secure version of "archive.org": https://archive.org Indeed, that one loads as expected in my St52 (dirty) profile; @j7n, does it also load for you when you specifically request the HTTPS version of AO? Edited October 11, 2023 by VistaLover Link to comment Share on other sites More sharing options...
j7n Posted October 11, 2023 Share Posted October 11, 2023 After I disabled CSP and re-enabled it, the site now redirects to HTTPS and loads (even while CSP is again enabled). It also loads when I directly type in https. It seems to remember some state from earlier, despite a cleared history. Normally I never type https colon slash, and just go with whichever the site is happy with. 1 Link to comment Share on other sites More sharing options...
AstroSkipper Posted October 11, 2023 Share Posted October 11, 2023 (edited) 1 hour ago, j7n said: With security.csp.enable set to false, archive.org loads. What are the real drawbacks of disabling CSP? I personally control CSP via my self-created custom button Toggle CSP which I made available to the public a long time ago here: Due to the colours of Toggle CSP, one always knows whether CSP is enabled (green) or disabled (red). Disabling CSP is of course associated with a loss of security. On the other hand, CSP causes a lot of problems with different websites. So, it's up to the user to decide whether to enable or disable this feature. Edited October 11, 2023 by AstroSkipper Update of content 2 Link to comment Share on other sites More sharing options...
mina7601 Posted October 11, 2023 Share Posted October 11, 2023 (edited) On 10/11/2023 at 6:49 AM, Mathwiz said: Can you ping www.rw-designer.com? Yes, I am able to ping it via cmd Edited October 12, 2023 by mina7601 1 Link to comment Share on other sites More sharing options...
VistaLover Posted October 11, 2023 Share Posted October 11, 2023 2 hours ago, j7n said: What are the real drawbacks of disabling CSP? 1 hour ago, AstroSkipper said: Disabling CSP is of course associated with a loss of security. Astro is right : https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP 1 hour ago, AstroSkipper said: So, it's up to the user to decide whether to enable or disable this feature ditto ... Link to comment Share on other sites More sharing options...
Recommended Posts