Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

http://www.walmart.com/store/finder doesn't work properly in latest firefox (non privacy) but ok with microsoft edge

  • 8 uphendule
  • 3 zinale nkinga
  • 738 views
  • Igcine ukuphendulwa ngu jscher2000

more options

I using Firefox 46.0.1 in regular (non private) mode. I went to http://www.walmart.com/store/finder and got the site headers, etc. but no content, no map. Microsoft Edge doesn't have any problem showing the full page. I've noticed this on a few sites lately.

Isisombululo esikhethiwe

Hmm, yes, big empty white space. We both run the NoScript extension, and I noticed this message in the Browser Console when loading the page:

[NoScript] Blocking cross-site Javascript served from http://ll-us-i5.wal.co/dfw/63fd9f59-bd92/k2-_e3db6f3f-bb49-4b26-ad59-3ab8987390ea.v27.js-7a19b435de26ab8b51e5309d2761bcbc83e41a6b with wrong type info application/jav and included by http://www.walmart.com/store/finder

Wrong type info because the server sends "application/jav" instead of "application/javascript". It usually is safest to block mystery content, but assuming you trust this server:

Users who needed to log in to Walmart discovered this a while ago and a workaround was posted on the NoScript forum here: https://forums.informaction.com/viewtopic.php?p=81213#p81213

In summary:

(0) Select and copy the following (it's a pattern that matches the URL of the script files you want to run):

.wal.co/*.js*

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste noscript.i and pause while the list is filtered

(3) Double-click the noscript.inclusionTypeChecking.exceptions preference and edit it as follows:

(A) Press the Home key on the keyboard to position the cursor at the very beginning of the preference value (or click there using the mouse)

(B) Paste the pattern and then type a space to separate it from the default exceptions

(C) Click OK to save it

Then reload the store finder page and it should show the map and location search box.

Funda le mpendulo ngokuhambisana nalesi sihloko 👍 1

All Replies (8)

more options

Isisombululo Esikhethiwe

Hmm, yes, big empty white space. We both run the NoScript extension, and I noticed this message in the Browser Console when loading the page:

[NoScript] Blocking cross-site Javascript served from http://ll-us-i5.wal.co/dfw/63fd9f59-bd92/k2-_e3db6f3f-bb49-4b26-ad59-3ab8987390ea.v27.js-7a19b435de26ab8b51e5309d2761bcbc83e41a6b with wrong type info application/jav and included by http://www.walmart.com/store/finder

Wrong type info because the server sends "application/jav" instead of "application/javascript". It usually is safest to block mystery content, but assuming you trust this server:

Users who needed to log in to Walmart discovered this a while ago and a workaround was posted on the NoScript forum here: https://forums.informaction.com/viewtopic.php?p=81213#p81213

In summary:

(0) Select and copy the following (it's a pattern that matches the URL of the script files you want to run):

.wal.co/*.js*

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste noscript.i and pause while the list is filtered

(3) Double-click the noscript.inclusionTypeChecking.exceptions preference and edit it as follows:

(A) Press the Home key on the keyboard to position the cursor at the very beginning of the preference value (or click there using the mouse)

(B) Paste the pattern and then type a space to separate it from the default exceptions

(C) Click OK to save it

Then reload the store finder page and it should show the map and location search box.

Okulungisiwe ngu jscher2000

more options

For other sites, you'll need to mention the URL when you run across it again.

more options

http://store.hp.com/us/en/ContentView?eSpotName=PrinterFinder&storeId=10151&catalogId=10051&langId=-1 does the same thing.

As far as I can see, neither Firefox nor LastPass have "Browser Console". How do I find it?

more options

I find it difficult to believe that all these sites just changed that part of their content. So I suspect the LastPass has started to enforce additional restrictions. If the site is whitelisted, I wonder why it is quibbling about "application/jav" instead of "application/javascript"

more options

I posted to LastPass support asking for a generic fix.

more options

Not LastPass, NoScript.

You can open Firefox's Browser Console using either:

  • Ctrl+Shift+j
  • menu button > Developer > Browser Console

NoScript is protecting against an attack where a tag in a page pulls a non-matching content type from a different server as a way to bypass the normal security checks for that other content type. It doesn't matter whether the two sites are trusted, because it is intended to protect against cross-site attacks.

The HP page doesn't give that specific error, so it probably is something else (I'll look into it a bit more).

more options

On the http://store.hp.com it is a problem with third-party cookies. I see the content if I create an "allow for session" cookie exception.

Every now and then I see threads where specific content gets blocked because of such a cookie issue. If content is loaded in an iframe then you can check if it works if you temporarily allow all third-party cookies and if that helps check the domain of the URL in the iframe and create an exception and check again if that works. I personally don't like to enable third-party cookies by default because you end up with a lot of unnecessary cookies.

more options

On HP, I had to allow a lot of domains in NoScript that I haven't allowed before in order to get the frame content to load. I have attached a screenshot. My testing was inconsistent, and I often reloaded using Ctrl+Shift+r (reload bypassing the cache) to force a full reload of the framed page. I'm not sure why it's so finicky.