- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Apparently this site uses "suspicious cross-site POST requests" according to NoScript in Firefox.
Until this changes, you'll need to tweak the NoScript settings a little in order to be able to sign into your community.vzw.com account with NoScript XSS sanitizing enabled. (I'll assume you've already allowed scripts from vzw.com and/or lithium.com - I'm pretty sure you'll need those enabled in order to use the forums at all)
1) Open your NoScript options in Firefox:
Tools -> Add-ons -> Extensions (tab) -> NoScript -> Options
2) In the NoScript options click the "Advanced" tab.
3) In the advanced tab click the "XSS" sub-tab.
4) In the "Anti-XSS Protection Exceptions" text box on the "XSS" tab add the following line:
^https://signin\.verizon\.com/sso/authsso/forumLogin\.jsp.*$
5) Click OK and then close the Add-ons window.
6) Close your tab/window for community.vzw.com and try again.
7) If this doesn't work you may also need to delete any cookies you have from vzw.com and/or close Firefox all together and try again.
--------------------------------------------------------------------------------------------------------------
Details on the problem, how I identified it, and how I came across this solution
--------------------------------------------------------------------------------------------------------------
For the past two days I've been trying to get my community.vzw.com account setup and running and no matter what I tried, I would always end up on a screen that said my user name and password was invalid. To add to the confusion I was able to reset my password on the account using the "Forgot username/password" link and it STILL wouldn't work.
Then I noticed that for a split second right after I press the enter key to login there is a small notification bar at the top of the browser window. It goes away too fast to read, but I was able to notice the "NoScript" icon on the bar before it disappeared. So, I enabled scripts globally in NoScript and STILL had the same problem. Disabling/Removing NoScript all together fixed the problem and I was able to login. Of course that's not an acceptable solution, but at least I knew for sure that the problem was being caused by NoScript now.
Recalling past situations with sites not playing well with NoScript I remembered that there were NoScript messages logged in the Firefox error console (Tools -> Error console) when some actions are blocked. So, I enabled NoScript again, tried to login, opened the error console and sure enough, there's a message saying:
[NoScript XSS] Sanitized suspicious upload
to [https://signin.verizon.com/sso/authsso/forumLogin.jsp<some data here>]
from [http://www22.verizon.com/content/sso/signin.aspx?<some more data here>]:
transformed into a download-only GET request.
So, I took the URL from the "to ..." section of the message and entered it into the equivalent regular expression into the exceptions and tada! It worked! I can now sign into the community forums and still have the protection of NoScript to keep me safe from other sites. 🙂
Enjoy!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wow! What a nice description of the issue you are having and resolution steps! I have also passed this along to our IT folks to have a look.
Thank you for being so thorough I am sure there are others that may run into this!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this the same for Aurora in that all I have found just script in the Sign in box for the tablet giveaway-If there is some way for loading a screenshot as an attachment I can show you the problem I'm encountering-I'm uploading again Javascript as it says it is outdated though the Java download says it is already there. So where do I send a screenshot to show the problem I'm encountering-I typed in script in the box and this is the one thread it took me to.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the expert advice. Adding the line to the Anti-XSS exception worked for me. I still can't use my forum name and password to log in but at least I can use my verizon.com one without first going through the main page.
