Chrome does not play EOS HTML5 teases

Post all technical issues and questions here. We'll gladly help you wherever we can.
Post Reply
zimbobee
Explorer
Explorer
Posts: 19
Joined: Mon Apr 16, 2012 11:09 pm
Gender: Male
Sexual Orientation: Straight
I am a: Submissive

Chrome does not play EOS HTML5 teases

Post by zimbobee »

Does anybody have any idea why Chrome keeps blocking these teases?
The effect is a black screen when you try to open the tease.
Digging a little deeper I find its blocked possibly by content security policy of the webpage?

The error is:
eosscript.com/?host:1 Refused to display 'https://eosscript.com/?host' because it has not opted-into the following policy required by its embedder: 'default-src 'none'; script-src https://eosscript.com; style-src https://eosscript.com; img-src https://eosscript.com https://media.milovana.com blob:; media-src https://eosscript.com https://media.milovana.com blob:; connect-src https://eosscript.com https://media.milovana.com https://sentry.io blob:; font-src https://eosscript.com; worker-src https://eosscript.com blob:; block-all-mixed-content'.

I thought it maybe a corruption in the browser as it's ok on my PC, so as my laptop needed a refresh I reformatted it and reinstalled everything from scratch. This resolved the problem and it's been fine for a few weeks, but now the issue is back again!

Any ideas, assistance or guidance would be appreciated as this is driving me nuts now!
kerkersklave
Explorer At Heart
Explorer At Heart
Posts: 549
Joined: Sun Jul 06, 2014 2:11 pm
Gender: Male
Sexual Orientation: Open to new ideas!
I am a: Slave

Re: Chrome does not play EOS HTML5 teases

Post by kerkersklave »

What this means is, that the embedding website declares certain security policies (basically which servers may be accessed). If you view the source code of the tease viewer you will find an iframe with a csp-Attribute declaring exactly the rules mentioned in the error message.

The website embedded in this iframe is eoscript.com/?host. This page has to be delivered with an http-header acknowledging these rules. And for me, it does, and everything works fine.

The error message probably means, that these headers are missing. You can check that opening the developer tools (press f12) in chrome and opening the network tab. Click on the rewuest for eaoscript.com/?host and look for content-security-policy: under "Respons Header"
There should be the same rules listed.

If they are not, then that is the reason. As the server does clearly send them, the only reason I can think of, is, that something is removing them. Maybe some strange browser extension, anti-virus software that messes with your browser or something similar.
zimbobee
Explorer
Explorer
Posts: 19
Joined: Mon Apr 16, 2012 11:09 pm
Gender: Male
Sexual Orientation: Straight
I am a: Submissive

Re: Chrome does not play EOS HTML5 teases

Post by zimbobee »

Here is a screenshot of the headers:
Headers.png
Headers.png (120.62 KiB) Viewed 2549 times
If i'm reading this right, it looks ok to me, or am I missing something?
kerkersklave
Explorer At Heart
Explorer At Heart
Posts: 549
Joined: Sun Jul 06, 2014 2:11 pm
Gender: Male
Sexual Orientation: Open to new ideas!
I am a: Slave

Re: Chrome does not play EOS HTML5 teases

Post by kerkersklave »

No, it is not ok.
Do you see all those URLs containing kaspersky in the header? You probably installed kasperky anti virus software and enabled some web security feature. For some reason that tool is inserting these URLs. I assume it is also inserting certain scripts into the websites you are viewing, for whatever reason, and to enable these scripts to access their servers they are adding these URLs.
(The default policy only allows a script to access the server it has been loaded from).

This usually works fine, but Milovona uses an iframe with an embedding-policy. It specifies which content the embedded webpage (the EOS viewer) is allowed to access. (All the things mentioned in the error message).
The embedded page must not access nor declare to access anything else.

As the virus scanner is adding additional URLs to the header the page is blocked completely.

I would recommend to disable this feature completely and remove kaspersky from chrome. Virus scanners _might_ have some use on windows machines. But Google does a lot to make Chrome safe including warnings of dangerous websites. So there is really no need to add an extra tool. Such a tool can even compromise the safety of your browser.

In case you really want to keep it, there might be a way to disable it at least for milovana.com and eosscript.com.
But it might still break other websites.
zimbobee
Explorer
Explorer
Posts: 19
Joined: Mon Apr 16, 2012 11:09 pm
Gender: Male
Sexual Orientation: Straight
I am a: Submissive

Re: Chrome does not play EOS HTML5 teases

Post by zimbobee »

Thanks for the advice!
I did wonder about Kaspersky, but I'd tried removing it, rebooted and tested again but the issue still remained. I think at that time it must have been using the cache!
Tested again by removing Kaspersky, rebooting and then clearing the the entire browser cace and it now works correctly again!
Thanks again!
zimbobee
Explorer
Explorer
Posts: 19
Joined: Mon Apr 16, 2012 11:09 pm
Gender: Male
Sexual Orientation: Straight
I am a: Submissive

Re: Chrome does not play EOS HTML5 teases

Post by zimbobee »

After more investigation I've discovered its a feature within Kaspersky called script injection. Not sure why it only effects Chrome, but it certainly appears to be the case. The feature can be turned off in the Network option under the additional tab in the settings. Once turned off, clear the cache and reboot the system, then it should work correctly within Chrome!
Post Reply

Who is online

Users browsing this forum: No registered users and 17 guests