Problems with authorization on http://hh.kz

[inDigazzZ]

Even if you disable the matrix filter, then http://hh.kz redirects to http://hh.kz/?nocookies.
If you disable the extension, then authorization starts to work.

[gorhill]

Even if you disable the matrix filter

How did you disable the matrix?

[inDigazzZ]

[inDigazzZ]

Problem was In Chrome and Opera, but now there's no problem in Chrome Canary 39.0.2151.4.
I can not say for sure since which version the problem disappeared.

[gorhill]

After you disabled the matrix, did you try to login directly from http://hh.kz/?nocookies? Often for that kind of problem you have to be sure you are logging on the original page before the error occurred, i.e. http://hh.kz/ in the current case.

In the current case, it appears the server redirected your login page to http://hh.kz/?nocookies, so you would have to go back to http://hh.kz/ and login from there.

[inDigazzZ]

directly from http://hh.kz/?nocookies and from http://hh.kz/ too.
even if matrix disabled and type and go to http://hh.kz/ in new tab there's
redirection to http://hh.kz/?nocookies

2014-09-10 18:45 GMT+05:00 Raymond Hill notifications@github.com:

After you disabled the matrix, did you try to login directly from
http://hh.kz/?nocookies? Often for that kind of problem you have to be
sure you are logging on the original page before the error occurred, i.e.
http://hh.kz/ in the current case.

—
Reply to this email directly or view it on GitHub
#410 (comment)
.

... Ануар Шугаев

[gorhill]

even if matrix disabled and type and go to http://hh.kz/ in new tab there's redirection to http://hh.kz/?nocookies

Ok, then I suspect there is a redirect to something else than hh.kz in between. Try using a domain-level scope instead, i.e. *.hh.kz. This may fix the whole login problem that even disabling completely the matrix won't be necessary. I personally rarely use site-level scopes because of login problem like this.

[inDigazzZ]

If completely turning off blocking does not work, then how can help *.hh.kz?
Tried - does not help.

2014-09-10 19:33 GMT+05:00 Raymond Hill notifications@github.com:

even if matrix disabled and type and go to http://hh.kz/ in new tab
there's redirection to http://hh.kz/?nocookies

Ok, then I suspect there is a redirect to something else than hh.kz in
between. Try using a domain-level scope instead, i.e. *.hh.kz. This may
fix the whole login problem that even disabling completely the matrix won't
be necessary. I personally rarely use site-level scopes because of login
problem like this.

—
Reply to this email directly or view it on GitHub
#410 (comment)
.

... Ануар Шугаев

[gorhill]

If completely turning off blocking does not work, then how can help *.hh.kz?

You turned off for hh.kz, the on/off switch applies only to the current scope.

[inDigazzZ]

Doesn't work

​

2014-09-10 19:59 GMT+05:00 Raymond Hill notifications@github.com:

If completely turning off blocking does not work, then how can help *.
hh.kz?

You turned off for hh.kz, the on/off switch applies only to the current
scope.

—
Reply to this email directly or view it on GitHub
#410 (comment)
.

... Ануар Шугаев

[gorhill]

You have to look into the request log to find out what requests was blocked which the login process may need. There could be a redirect to an intermediate site, this will show up in the request log.

[inDigazzZ]

it was http://hhid.ru/ - i've turned off blocking and hh.kz stars work

but look at previous screenshot
​

there's hhid in list, but loaded only cookies not script which loads
another source

2014-09-10 20:20 GMT+05:00 Raymond Hill notifications@github.com:

You have to look into the request log to find out what requests was
blocked which the login process may need. There could be a redirect to an
intermediate site, this will show up in the request log.

—
Reply to this email directly or view it on GitHub
#410 (comment)
.

... Ануар Шугаев

[gorhill]

Are you blocking behind-the-scene requests? I tried to login using random name/password just to see the flow of requests, and I can see that for whatever reasons, some requests ended up as behind-the-scene requests:

http://top-fwz1.mail.ru/tracker?js=13;id=310372;e=RT/unload;sid=08e06073;ids=310372;ver=60;_=0.3147901261691004
http://mc.yandex.ru/webvisor/2647417?rn=446347125&page-url=http%3A%2F%2Fhh.kz%2F&wmode=0&wv-type=0&wv-hit=788884724&wv-part=2&wv-check=3341&browser-info=z%3A-240%3Ai%3A20140910113349%3Arqnl%3A1%3Ast%3A1410363234

[inDigazzZ]

why Opera and Chrome loading different sources?

there's no hhid in Chrome and
and count of all sources is different

i've changed UA in Opera to Mozilla/5.0 (Windows NT 6.3; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2151.4 Safari/537.36

2014-09-10 20:31 GMT+05:00 Ануар Шугаев anuar.shugaev@gmail.com:

it was http://hhid.ru/ - i've turned off blocking and hh.kz stars work

but look at previous screenshot
​

there's hhid in list, but loaded only cookies not script which loads
another source

2014-09-10 20:20 GMT+05:00 Raymond Hill notifications@github.com:

You have to look into the request log to find out what requests was
blocked which the login process may need. There could be a redirect to an
intermediate site, this will show up in the request log.

—
Reply to this email directly or view it on GitHub
#410 (comment)
.

... Ануар Шугаев

... Ануар Шугаев

[inDigazzZ]

Are you blocking behind-the-scene requests?

no - blocking is turned of

2014-09-10 20:42 GMT+05:00 Ануар Шугаев anuar.shugaev@gmail.com:

why Opera and Chrome loading different sources?

there's no hhid in Chrome and
and count of all sources is different

i've changed UA in Opera to Mozilla/5.0 (Windows NT 6.3; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2151.4 Safari/537.36

2014-09-10 20:31 GMT+05:00 Ануар Шугаев anuar.shugaev@gmail.com:

it was http://hhid.ru/ - i've turned off blocking and hh.kz stars work

but look at previous screenshot
​

there's hhid in list, but loaded only cookies not script which loads
another source

2014-09-10 20:20 GMT+05:00 Raymond Hill notifications@github.com:

You have to look into the request log to find out what requests was
blocked which the login process may need. There could be a redirect to an
intermediate site, this will show up in the request log.

—
Reply to this email directly or view it on GitHub
#410 (comment)
.

... Ануар Шугаев

... Ануар Шугаев

... Ануар Шугаев

[gorhill]

Ok I started a completely new browser session with only HTTPSB, and entering hh.kz in the address bar. Request log:

12:06:01    page    <a>    http://hh.kz/?nocookies
12:06:01    page    <a>    http://hhid.ru/hhid/validate/O7nqwjRzjS5M75CBpveprXSFgBc7;http;hh.kz;80;/
12:06:01    page    <a>    http://hhid.ru/validate/;http;hh.kz;80;/
12:06:01    page    <a>    http://hh.kz/

So the request log in that case was the solution: when you type hh.kz in the address bar, what is really happening is that you are redirected to hhid.ru, which will apparently set session cookies, and then you are redirected back to hh.kz, which apparently needs the cookies from hhid.ru to be set.

I completely missed in your screenshot the empty hhid.ru: it's a telltale sign of a redirection.

So simply whitelisting only cookie for hhid.ru in hhid.ru scope is best security-wise. So import:

hh.kz%0A%09whitelist%0A%09%09cookie%20hh
.kz%0A%09%09stylesheet%20*%0A%09%09image
%20*%0A%09%09script%20*%0A%09%09xmlhttpr
equest%20*%0A%09%09cookie%20hhid.ru%0Ahh
id.ru%0A%09whitelist%0A%09%09cookie%20hh
id.ru

In the Recipes field of the "Scoped rules" tab.

Afterward, re-enable matrix filtering for hh.kz, given how much the page is bloated, this is best. From there, you should be able to whitelist only what is needed to login without having to disable completely matrix filtering.

Edit: I corrected the recipe above, we need to also allow cookie for hh.kz or else there is an infinite redirect loop. Don't forget to persist the two scopes.

[inDigazzZ]

Look above - I wrote about hhid. I'm using Opera and there hhid in list.
And hhid is 'green' and it mean that all sources from hhid will be loaded.
Why in Chrome hh.kz works without hhid in list?
10 сент. 2014 г. 21:13 пользователь "Raymond Hill" notifications@github.com
написал:

Ok I started a completely new browser session with only HTTPSB, and
entering hh.kz in the address bar. Request log:

12:06:01 page http://hh.kz/?nocookies
12:06:01 page http://hhid.ru/hhid/validate/O7nqwjRzjS5M75CBpveprXSFgBc7;http;hh.kz;80;/
12:06:01 page http://hhid.ru/validate/;http;hh.kz;80;/
12:06:01 page http://hh.kz/

So the request log in that case was the solution: when you type hh.kz in
the address bar, what is really happening is that you are redirected to
hhid.ru, which will apparently set session cookies, and then you are
redirected back to hh.kz, which apparently needs the cookies from hh.kz
to be set.

I completely missed in your screenshot the empty hhid.ru: it's a telltale
sign of a redirection
https://github.com/gorhill/httpswitchboard/wiki/URL-redirections.

So simple whitelisting only cookie for hhid.ru scope hhid.ru is best
security-wise. So import:

hhid.ru%0A%09whitelist%0A%09%09cookie%20hhid.ru

In the Recipes field of the "Scoped rules" tab.

Afterward, re-enable matrix filtering for hh.kz, given how much the page
is bloated, this is best. From there, you should be able to whitelist only
what is needed to login without having to disable completely matrix
filtering.

—
Reply to this email directly or view it on GitHub
#410 (comment)
.

[gorhill]

Why in Chrome hh.kz works without hhid in list?

If the session cookies from hhid.ru already exists when visiting hh.kz, there will be no redirections. I just checked that this is the case.

Edit: By the way, there was a typo in my recipe above, I fixed it.

[inDigazzZ]

Are you sure you're right?

i've just cleared browser data (all) in Chrome and in Opera.

Then i open hh.kz in Chrome and there NO redirection.
I just open site - without trying to log in.
And there's cookies from hhid.

Then i oper Opera and there is redirection.
I just open site - without trying to log in.
And there's cookies from hhid.

Rules in matrix same in Opera and in Chrome.

identical rules - different behavior.

2014-09-10 21:35 GMT+05:00 Raymond Hill notifications@github.com:

Why in Chrome hh.kz works without hhid in list?

If the session cookies from hhid.ru already exists when visiting hh.kz,
there will be no redirections. I just checked that this is the case.

—
Reply to this email directly or view it on GitHub
#410 (comment)
.

... Ануар Шугаев

[gorhill]

Are you sure you're right?

Yes.

I've just cleared browser data (all) in Chrome and in Opera.

You need more than this, you need to restart HTTPSB. On my side, I have "Keep local data only until you quit your browser" selected. So when I leave the browser, all cookies are removed. Re-launch the browser, you will see the redirection.

Thing is HTTPSB doesn't reset the lists of hostnames when you reload a page. It remembers the hostnames for a given page a while after the page has been closed (10-20 minutes, I don't remember exactly). This is by design, to be sure that crucial information about what a web page tried to do won't be flushed down the drain after a mere page refresh.

[inDigazzZ]

Sorry, but you're not right.
Cleared browser data and restart both browsers.

there's no redirection in Chrome.

I found the difference in the configuration file
in Opera
"statsFilters":{"show-allowed":false,"show-blocked":true,"show-cookie":true,"show-image":true,"show-main_frame":true,"show-object":true,"show-other":true,"show-script":true,"show-stylesheet":true,"show-sub_frame":true,"show-xmlhttprequest":true},"strictBlocking":true,"subframeColor":"#cc0000","subframeOpacity":100}

in Chrome
"statsFilters":{},"strictBlocking":true,"subframeColor":"#cc0000","subframeOpacity":23}

i've found bug in rules - problem was in rules

in Chrome

hh.kz%0A%09whitelist%0A%09%09
*%20hh.kz%0A%09%09
*%20hh.ru%0A%09%09
*%20hhcdn.ru%0A%09%09
*%20hhid.ru%0A%09%09image%20
*%0A%09%09script%20ajax.googleapis.com%0A%09%09stylesheet%20
*%0A%09%09sub_frame%20hh.kz
%0A%09%09sub_frame%20hhcdn.ru
%0A%09blacklist%0A%09%09
*%20*%0A%09%09sub_frame%20*%0A

in Opera ()

hh.kz%0A%09whitelist%0A%09%09
**%20coub.com <http://20coub.com>%0A%09%09*
*%20hh.kz%0A%09%09
*%20hh.ru%0A%09%09
*%20hhcdn.ru%0A%09%09
*%20hhid.ru%0A%09%09image%20
*%0A%09%09script%20ajax.googleapis.com%0A%09%09stylesheet%20
**%0A%09%09sub_frame%20coub.com <http://20coub.com>*
%0A%09%09sub_frame%20hh.kz
%0A%09%09sub_frame%20hhcdn.ru
%0A%09blacklist%0A%09%09
*%20*%0A%09%09sub_frame%20*%0A

I do not know how it happened, but if you remove all lines with coob.com,
then everything starts to work fine - with no redirection.

Thanks for your time...

2014-09-10 22:19 GMT+05:00 Raymond Hill notifications@github.com:

Are you sure you're right?

Yes.

I've just cleared browser data (all) in Chrome and in Opera.

You need more than this, you need to restart HTTPSB. On my side, I have "Keep
local data only until you quit your browser" selected. So when I leave
the browser, all cookies are removed. Re-launch the browser, you will see
the redirection.

Thing is HTTPSB doesn't reset the lists of hostnames when you reload a
page. It remembers the hostnames for a given page a while after the page
has been closed (10-20 minutes, I don't remember exactly). This is by
design, to be sure that crucial information about what a web page tried to
do won't be flushed down the drain after a mere page refresh.

—
Reply to this email directly or view it on GitHub
#410 (comment)
.

... Ануар Шугаев

[inDigazzZ]

NOOOOOOOOOOOO

Problems not in rules ((
I don't know why, but Chrome works with no problems - clearing
data/restarting.
Opera works through time.

One deleted fata / restarted / imported prefs from Chrome - works fine.
Another time deleted fata / restarted / imported prefs from Chrome -
doesn't work

it seems like Opera is pretty buggy ((

2014-09-10 23:11 GMT+05:00 Ануар Шугаев anuar.shugaev@gmail.com:

Sorry, but you're not right.
Cleared browser data and restart both browsers.

there's no redirection in Chrome.

I found the difference in the configuration file
in Opera

"statsFilters":{"show-allowed":false,"show-blocked":true,"show-cookie":true,"show-image":true,"show-main_frame":true,"show-object":true,"show-other":true,"show-script":true,"show-stylesheet":true,"show-sub_frame":true,"show-xmlhttprequest":true},"strictBlocking":true,"subframeColor":"#cc0000","subframeOpacity":100}

in Chrome

"statsFilters":{},"strictBlocking":true,"subframeColor":"#cc0000","subframeOpacity":23}

i've found bug in rules - problem was in rules

in Chrome
hh.kz%0A%09whitelist%0A%09%09

*%20hh.kz%0A%09%09
*%20hh.ru%0A%09%09
*%20hhcdn.ru%0A%09%09
*%20hhid.ru%0A%09%09image%20
*%0A%09%09script%20ajax.googleapis.com%0A%09%09stylesheet%20

%0A%09%09sub_frame%20hh.kz
%0A%09%09sub_frame%20hhcdn.ru
%0A%09blacklist%0A%09%09
*%20%0A%09%09sub_frame%20*%0A

in Opera ()

hh.kz%0A%09whitelist%0A%09%09
%20coub.com http://20coub.com%0A%09%09
%20hh.kz%0A%09%09
*%20hh.ru%0A%09%09
*%20hhcdn.ru%0A%09%09
*%20hhid.ru%0A%09%09image%20
*%0A%09%09script%20ajax.googleapis.com%0A%09%09stylesheet%20
*%0A%09%09sub_frame%20coub.com http://20coub.com
%0A%09%09sub_frame%20hh.kz
%0A%09%09sub_frame%20hhcdn.ru
%0A%09blacklist%0A%09%09
%20%0A%09%09sub_frame%20*%0A

I do not know how it happened, but if you remove all lines with coob.com,
then everything starts to work fine - with no redirection.

Thanks for your time...

2014-09-10 22:19 GMT+05:00 Raymond Hill notifications@github.com:

Are you sure you're right?

Yes.

I've just cleared browser data (all) in Chrome and in Opera.

You need more than this, you need to restart HTTPSB. On my side, I have "Keep
local data only until you quit your browser" selected. So when I leave
the browser, all cookies are removed. Re-launch the browser, you will see
the redirection.

Thing is HTTPSB doesn't reset the lists of hostnames when you reload a
page. It remembers the hostnames for a given page a while after the page
has been closed (10-20 minutes, I don't remember exactly). This is by
design, to be sure that crucial information about what a web page tried to
do won't be flushed down the drain after a mere page refresh.

—
Reply to this email directly or view it on GitHub
#410 (comment)
.

... Ануар Шугаев

... Ануар Шугаев

[gorhill]

It seems like Opera is pretty buggy

No, I can systematically get the redirection with Chrome:

Leave the browser (be sure no instance left in memory). Launch the browser, open tab at http://hh.kz:

Repeat at will. Then change:

Leave the browser (be sure no instance left in memory). Launch the browser, open tab at http://hh.kz: