Jump to content

My Browser Builds (Part 4)

roytam1
 Share

Recommended Posts

mina7601

mina7601

Posted
Posted
17 hours ago, VistaLover said:

but now I'm all out of ideas... TL;DR: I can't reproduce myself, sorry... :(

Well, it's fine, but I am still sure it's not a problem on my end! Good that it loads for you, even on a fresh profile.

11 hours ago, anton12 said:

http://www.rw-designer.com/

Hello  mina7601,
For me the website above loads fine with the latest versions of St52,NM28 and K-Meleon.
St52 and NM28 have Palefill 1.27 activated,no other extensions.

Good for you.

Link to comment
Share on other sites

Mathwiz

Mathwiz

Posted
Posted
On 10/9/2023 at 6:14 PM, mina7601 said:

Hello, anyone has any clue why http://www.rw-designer.com/ doesn't load in Serpent 52.9 and Serpent 55 (and also K-Meleon)? :dubbio: It is another website I visit to get custom cursors (aside from GitHub and that heavy DeviantArt). The website gives a timeout when I attempt to load it. It loads fine in 360Chrome 13.5. Thanks!

Strange. It came up fine for me (latest Serpent 55). Even HTTPS Everywhere didn't interfere. It came up in plain HTTP. So I'm baffled why it doesn't work for you. Can you ping www.rw-designer.com?

image.png.84c6c372217f7c5704c470065226075e.png

BTW, I would prefer an HTTPS version, if only to avoid the remote possibility of a MITM attack - but I don't insist on the absolute latest TLS 1.3 with 256-bit keys, GCM, SHA2, etc. This ain't a banking - or even an email - site!

The move to make HTTPS ubiquitous was a good one, so that folks who do insist on their privacy don't fall under undue suspicion; but somewhere along the line religion took over, and now every lowly podcast has to be encrypted with the kind of security formerly reserved for nuclear launch codes, making HTTPS yet another obstacle to using older browsers, email clients, etc.

Link to comment
Share on other sites
basilisk-dev

basilisk-dev

Posted
Posted
1 hour ago, j7n said:

Does the main page or archive . org result in a white screen in New Moon and Serpent for you? My configs are far from vanilla now to work around different issues.

This happens for me even in Basilisk. I was never able to figure out why, sometimes archive.org works for me and sometimes it doesn't.

Link to comment
Share on other sites
AstroSkipper

AstroSkipper

Posted
Posted
2 minutes ago, basilisk-dev said:

This happens for me even in Basilisk. I was never able to figure out why, sometimes archive.org works for me and sometimes it doesn't.

Although web.archive.org works for me in New Moon 28, I have noticed, however, that the website has become more cumbersome and difficult to load than it was a few months ago. :yes:

2
Link to comment
Share on other sites
roytam1

roytam1

Posted
  • Author
Posted
10 minutes ago, basilisk-dev said:

This happens for me even in Basilisk. I was never able to figure out why, sometimes archive.org works for me and sometimes it doesn't.

because CSP seems not working well: 

21:16:35.272 Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://archive.org/offshoot_assets/ https://*.archive.org/offshoot_assets/ https://offshoot.prod.archive.org/offshoot_assets/ https://archive.org/includes/ https://*.archive.org/includes/ https://offshoot.prod.archive.org/includes/ https://archive.org/components/ https://*.archive.org/components/ https://offshoot.prod.archive.org/components/ https://archive.org/jw/ https://*.archive.org/jw/ https://offshoot.prod.archive.org/jw/ https://av.prod.archive.org/js/ https://esm.archive.org/ https://polyfill.archive.org/v3/polyfill.min.js 'sha256-CoX53XgCdkM1zegYEEpMUeYIZnv663inNm8bQv2VRbM='”). Source: call to eval() or related function blocked by CSP. 1 (unknown)

21:16:35.272 Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://archive.org/offshoot_assets/ https://*.archive.org/offshoot_assets/ https://offshoot.prod.archive.org/offshoot_assets/ https://archive.org/includes/ https://*.archive.org/includes/ https://offshoot.prod.archive.org/includes/ https://archive.org/components/ https://*.archive.org/components/ https://offshoot.prod.archive.org/components/ https://archive.org/jw/ https://*.archive.org/jw/ https://offshoot.prod.archive.org/jw/ https://av.prod.archive.org/js/ https://esm.archive.org/ https://polyfill.archive.org/v3/polyfill.min.js 'sha256-CoX53XgCdkM1zegYEEpMUeYIZnv663inNm8bQv2VRbM='”). Source: (function(a,G,x,v){let r,u,b,D,F,C,T,E,a.... 1 archive.org:1

21:16:35.273 Content Security Policy: The page’s settings blocked the loading of a resource at http://archive.org/offshoot_assets/index.34c417fd1d63.css (“style-src 'unsafe-inline' https://archive.org/ https://*.archive.org/ https://offshoot.prod.archive.org/”). 1 (unknown)

 

2
Link to comment
Share on other sites
j7n

j7n

Posted
Posted

Thank you for checking AstroSkipper! For me, web.archive.org works too. I didn't know that the subdomain "web" could be used. In Chromium there are animated tiles on the main archive.org, which are probably too complex.

Link to comment
Share on other sites
AstroSkipper

AstroSkipper

Posted
Posted (edited)
5 minutes ago, roytam1 said:

because CSP seems not working well: 

21:16:35.272 Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://archive.org/offshoot_assets/ https://*.archive.org/offshoot_assets/ https://offshoot.prod.archive.org/offshoot_assets/ https://archive.org/includes/ https://*.archive.org/includes/ https://offshoot.prod.archive.org/includes/ https://archive.org/components/ https://*.archive.org/components/ https://offshoot.prod.archive.org/components/ https://archive.org/jw/ https://*.archive.org/jw/ https://offshoot.prod.archive.org/jw/ https://av.prod.archive.org/js/ https://esm.archive.org/ https://polyfill.archive.org/v3/polyfill.min.js 'sha256-CoX53XgCdkM1zegYEEpMUeYIZnv663inNm8bQv2VRbM='”). Source: call to eval() or related function blocked by CSP. 1 (unknown)

21:16:35.272 Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://archive.org/offshoot_assets/ https://*.archive.org/offshoot_assets/ https://offshoot.prod.archive.org/offshoot_assets/ https://archive.org/includes/ https://*.archive.org/includes/ https://offshoot.prod.archive.org/includes/ https://archive.org/components/ https://*.archive.org/components/ https://offshoot.prod.archive.org/components/ https://archive.org/jw/ https://*.archive.org/jw/ https://offshoot.prod.archive.org/jw/ https://av.prod.archive.org/js/ https://esm.archive.org/ https://polyfill.archive.org/v3/polyfill.min.js 'sha256-CoX53XgCdkM1zegYEEpMUeYIZnv663inNm8bQv2VRbM='”). Source: (function(a,G,x,v){let r,u,b,D,F,C,T,E,a.... 1 archive.org:1

21:16:35.273 Content Security Policy: The page’s settings blocked the loading of a resource at http://archive.org/offshoot_assets/index.34c417fd1d63.css (“style-src 'unsafe-inline' https://archive.org/ https://*.archive.org/ https://offshoot.prod.archive.org/”). 1 (unknown)

 

Ok! Maybe, I have no problems accessing this website because I have generally disabled CSP in New Moon 28 for some reasons. :P

Edited by AstroSkipper
1
Link to comment
Share on other sites
VistaLover

VistaLover

Posted
Posted (edited)

Something ignored so far by previous posts:

1. The screenshot posted by @j7n has a blank page rendered on the plain HTTP version of "archive.org":

http://archive.org

I can replicate here on my "dirty" St52 profile:

DrPn820.png

But the screenshot posted by @AstroSkipper (in NM28) has the secure version of "archive.org":

https://archive.org

Indeed, that one loads as expected in my St52 (dirty) profile; @j7n, does it also load for you when you specifically request the HTTPS version of AO?

Edited by VistaLover
Link to comment
Share on other sites
j7n

j7n

Posted
Posted

After I disabled CSP and re-enabled it, the site now redirects to HTTPS and loads (even while CSP is again enabled). It also loads when I directly type in https. It seems to remember some state from earlier, despite a cleared history. Normally  I never type https colon slash, and just go with whichever the site is happy with.

1
Link to comment
Share on other sites
AstroSkipper

AstroSkipper

Posted
Posted (edited)
1 hour ago, j7n said:

With security.csp.enable set to false, archive.org loads. What are the real drawbacks of disabling CSP?

I personally control CSP via my self-created custom button Toggle CSP which I made available to the public a long time ago here:

Due to the colours of Toggle CSP, one always knows whether CSP is enabled (green) or disabled (red). :yes: Disabling CSP is of course associated with a loss of security. On the other hand, CSP causes a lot of problems with different websites. So, it's up to the user to decide whether to enable or disable this feature. smilie_denk_24.gif

Edited by AstroSkipper
Update of content
2
Link to comment
Share on other sites
VistaLover

VistaLover

Posted
Posted
2 hours ago, j7n said:

What are the real drawbacks of disabling CSP?

1 hour ago, AstroSkipper said:

Disabling CSP is of course associated with a loss of security.

Astro is right :thumbup :

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

1 hour ago, AstroSkipper said:

So, it's up to the user to decide whether to enable or disable this feature

ditto ;) ...

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...