Chase bank and Javascript

snowhiker

Wannabe Storage Freak
Joined
Jul 5, 2007
Messages
1,470
#1
Well this is bullshit.

I can't log into my bank, Chase, with NoScript plugin anymore?!? WTF? I have to completely disable NoScript then restart browser to log in.

NO scripts were blocked for chase. Ad block disabled, Ghostery disabled, cookies enabled, pop-ups allowed. Everything allowed.

Anything obvious I'm missing? Is NoScript blocking something but not reporting it? There is nothing to "allow" in NoScript status bar/options.

Lame. Sorry for /rant.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,329
Location
I am omnipresent
Website
s-laker.org
#2
I ran in to that as well. Sometimes it works if Ad blocking is off. I guess some of the site assets are on some CDN that's primarily used for ads? I've shrugged and used it in IE or on my tablet.
 

snowhiker

Wannabe Storage Freak
Joined
Jul 5, 2007
Messages
1,470
#3
Any alternatives to NoScript worth looking into? I feel like I should keep running NoScript but disabling/re-enabling it for one site is a PITA. Perhaps enough people will be hit with this problem the NoScript (or adblock+) people will come up with a patch.
 

snowhiker

Wannabe Storage Freak
Joined
Jul 5, 2007
Messages
1,470
#5
Hmmmmm. Removed AdBlock+ and still get the "enable javascript" prompt from chase bank web site. Still have to remove NoScript and restart browser to get in.

/facepalm
 

snowhiker

Wannabe Storage Freak
Joined
Jul 5, 2007
Messages
1,470
#6
Found the answer to my issue.

Seems a script came from "chasecdn.com" that NoScript blocked but the NoScript stasis bar didn't pop up like it normally does. Only found it by "right-click on page"-->NoScript-->Recently blocked sites. I then added site to NoScript's Whitelist and I'm back in business.

Doh!
 

dewey

What is this storage?
Joined
Apr 26, 2018
Messages
1
#7
chasecdn.com not trusted

I used whois.com to research chasecdn.com. It indicates that JPMorgan Chase is the registrar. However, the Chase "executive office" indicates it has nothing to do with the site and they consider the matter closed. I told them that I was no satisfied, they did not seem to care. So, I have started looking into the matter further. Since the chase people are telling me that Chase.com is not linking with chasecdn.com and that because my browser (mozilla) is seeing it, my browser is the problem. To turn off noscript is the equivalent of removing locks from my front door because people want in.

Last year I detected that chase.com had a link to a data mining company. When I informed Chase and the secret service, the link was removed. As far as I know, there was never a public announcement about this breach.
 
Top