- This topic has 17 replies, 1 voice, and was last updated 2 years, 6 months ago by mods-cm-org.
June 1, 2021 at 21:11 #71801TwirlipGuest
Using Firefox 89.0 (I saw the same thing when using the previous version, which I think was 88.0.1), I see this message at the bottom right-hand corner of each page of the website:
“Firefox Can’t Open This Page
To protect your security,”
(Yes, it really does end with a comma. Perhaps the text continues; but if so, I can’t scroll down to see it.)June 2, 2021 at 05:26 #71816mods-cm-orgGuest
Thank you for reporting this problem.
I have been unable to replicate the error message, using Firefox 88.0.1 – even with all permissions blocked by NoScript and uBlock Origin. Similarly, no such message appears when using the TOR browser (which is Firefox-based) with the default paranoia settings.
It sounds like there is a local problem with the SSL certificates stored on your own device. One potential fix is to clear your browsing history:
- Open Firefox and click the three lines button at the top-right corner in Firefox browser.
- Next click Options -> Privacy & Security. Scroll down in the right window to find History, and click ‘Clear browsing data‘.
- Select a time range like ‘All time’ (or a more recent period if you want to retain some elements in the History list), and tick ‘all options’ under Browsing history. Click the Clear Now button to clear all browsing history on Firefox.
Then revisit the blog again to check if the error message is gone. Let us know what happens.June 2, 2021 at 07:20 #71819TwirlipGuest
Thanks for the reply. I’m afraid I’m very reluctant to clear my browsing history, because I make continual use of it, several times every day. As the next best thing, I had a look at the site using Opera. I don’t use Opera much – I have little idea how its interface works, and I don’t even know what version I’ve got – so it has very little browsing history, and I’ve certainly never used it to view Craig’s site before. The display is very similar using both browsers. At the bottom of the page, with the window size that I’m using, there are three columns. The first is headed “Books by Craig Murray”. The second is headed “Recent Posts”. I forget what would usually appear in the third column, but now, in both browers, there is an odd-looking, very sparsely-rendered rectangle, with an aspect ratio of about 2:1, and a white background. In Firefox, the foreground is occupied by the text I quoted above. In Opera, the foreground is occupied by the top half of a large red Opera icon, with its bottom half cut off. It’s mostly just a white rectangle.June 2, 2021 at 09:31 #71825ClarkGuest
– “I’m very reluctant to clear my browsing history…”
To bypass your browsing history you could try a private window.
– “I forget what would usually appear in the third column…”
I don’t have a third column there; the right-hand third is simply the same grey background as behind the “Books” and “Recent Posts” elements.
Could the problem be the “Powered by [Wordpress]” icon? On my system this would appear below the specified area (uBlock Origin suppresses it), but it does at least contain the URL of the external site wordpress.org.June 2, 2021 at 11:25 #71827TwirlipGuest
Good suggestion – thanks! In a private Firefox window, I don’t see the rectangle. (I didn’t see it before accepting cookies, and I still don’t see it after having accepted them.) Just as you describe it, the right-hand third is now simply the same grey background as behind the “Books” and “Recent Posts” elements.June 2, 2021 at 16:59 #71836ClarkGuest
OK, well if you want to narrow down the cause you could try returning to a non-private window and visiting wordpress.org, to confirm whether you get the security warning there. And/or you could right-click on the security warning and use Firefox’s “Inspect” feature, and look at the nearby code for URLs of external sites – your history might hold an invalid security certificate or something for one of them.
Further to the mod’s suggestion above, Firefox’s “Clear history” dialogue permits you to select what to clear; you can retain your browsing and download history, active logins, form & search history and site preferences, and just clear cookies, cache and offline website data. Clearing cookies might change the behaviour of some websites, eg. it’ll empty any shopping baskets. Clearing the cache is the most likely to clear the warning.
Also check that your system’s date and time are roughly correct.June 2, 2021 at 17:52 #71837TwirlipGuest
When I tried to reply in detail to that last message, my post was blocked. I’ll try again, deleting whatever looks likely to have triggered the site’s defences. Meanwhile, here is the message I received:
“A potentially unsafe operation has been detected in your request to this site
Your access to this service has been limited. (HTTP response code 403)
If you think you have been blocked in error, contact the owner of this site for assistance.
Block Technical Data
Block Reason: A potentially unsafe operation has been detected in your request to this site
Time: Wed, 2 Jun 2021 16:49:23 GMT
Wordfence is a security plugin installed on over 3 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.
You can also read the documentation to learn about Wordfence’s blocking tools, or visit wordfence.com to learn more about Wordfence.”June 2, 2021 at 17:54 #71838TwirlipGuest
This is the beginning of what I tried to post:
“Clock time is updated from an Internet time server every day or so, and is never more than a few seconds out. There are no security warnings when I visit wordpress.org (or the vestigial blog I have to maintain there in order to comment on other blogs). I’m vague about how the Inspector works, but it looks as if the rectangle is generated by this HTML code (I hope I’ve formatted it right): […]”June 2, 2021 at 18:03 #71839TwirlipGuest
I don’t to try posting any HTML code again, but if you search the HTML code (for, say, this page) for the string ‘footer_three’, you’ll see an ‘iframe’ element containing a URL descended from http://www.facebook.com/plugins. That seems to be what generates the rectangle when the page is rendered.June 2, 2021 at 18:04 #71840TwirlipGuest
I think the website may be punishing me for “jigsaw identification” of the offending HTML element. 🙂
Even when I try to describe how to locate the element, my post simply doesn’t appear!
Trying again (even more briefly): search the source code of this page for the string ‘footer_three’.June 2, 2021 at 18:09 #71842TwirlipGuest
Whew, that worked!
Trying a bit more:
When you have found that string, look for the ‘iframe’ element that follows it. It contains a URL descended from http://www.facebook.com, and seems to be what is generating the odd rectangle when the page is rendered.June 2, 2021 at 18:11 #71844TwirlipGuest
The post that didn’t appear before has now appeared (making the post immediately above it redundant). Meanwhile, another attempted post (also now redundant) has failed to appear. My brain hurts.June 2, 2021 at 19:12 #71847ClarkGuest
Wordfence can be twitchy. I have no technical experience with it. It has blocked my comments on two or three occasions; I never did work out why, though I seem to remember that they had something numeric or vaguely technical-looking in them.
I think this is a different issue from the original security warning.June 2, 2021 at 19:31 #71850TwirlipGuest
Yes, I’m sure it’s a separate problem.
I have made a toy HTML file containing a copy of the
footer_threecode, and it reproduces the behaviour in both Firefox and Opera. So the problem I’m having is definitely caused by the Facebook link. (Not that it is much of a problem, if it is mainly caused by something wrong with the settings on my system.)June 2, 2021 at 20:25 #71851mods-cm-orgGuest
The behaviour varies between browsers. On my system:
- Chrome shows the Facebook widget correctly (i.e. ‘Follow’, ‘Share’ and the number of people following: 4.4K);
- Edge also shows the widget correctly;
- So does TOR;
- Firefox shows a blank column with no widget;
- Opera (with the built-in VPN) shows a blank box with the top of the Opera “O” symbol;
- Epic Privacy Browser (which is based on an old fork of Chromium with all the Google elements stripped out) shows a box with a frowning error symbol and the text “
www.facebook.comrefused to connect”;
- Chrome in ‘Incognito’ mode shows the same frowning symbol and error message.
It appears that Facebook itself rejects the connection if the browser doesn’t meet certain conditions.June 2, 2021 at 21:27 #71862TwirlipGuest
Very thorough. Thanks!June 2, 2021 at 21:36 #71863TwirlipGuest
I’ve just got another variant response. Using Edge (which I’ve used far less than even Opera), I see a rectangle of the same size as before, but this time with a light grey background, and in the foreground, there is a large, simple icon in black, showing a rectangle in portrait orientation with a corner folded over, thus obviously representing a document, and on top of it a symbol like a road traffic “No Entry” sign, i.e., a circle with a diagonal bar.June 2, 2021 at 21:51 #71864mods-cm-orgGuest
The problems seem associated with the privacy settings rather than the browsers per se. Epic Privacy Browser and Opera VPN are both cagey about sharing info with Facebook. There’s also a clear difference between the results from Chrome in ordinary mode and in Incognito mode. So it looks like Facebook rejects the widget if it’s unable to query the browser for the information it requires: i.e. something to identify who you are.
In that case, the error box is a sign that you’ve evaded Facebook’s evil eye. Wear the badge with pride!