Upgrade StorageFix: Zotero Connector not working with request policy (Firefox)
Hi,
to get the Zotero Connector (5.0.11) working I had to add a rule to "Request Policy Continued" addon for Firefox (54.0) to allow from blank (=any) to 127.0.0.1 on 23119 (as indicated here https://www.zotero.org/support/kb/connector_zotero_unavailable).
I did not have to touch NoScript's ABE (which seems to have been complaining at the beginning and on which I spend an hour to try to figure out how it was blocking Zotero - it wasn't) or its XSS protextion, nor uBlock Origin, nor anything else.
Especially not my firewall!
IMHO, the Knowledge Base article quite carelessly advises to "whitelist 127.0.0.1 with port 23119 from any security/firewall features of the software". Please give more sound security advice to the public (such as to figure out which software is actually blocking and not just to whitelist in all).
If anyone has an idea how I could specify the request rule to not have to allow from any, I would highly appreciate that! (though I suspect it might not be possible since it would be the specific site requesting localhost?)
Thanks! :)
to get the Zotero Connector (5.0.11) working I had to add a rule to "Request Policy Continued" addon for Firefox (54.0) to allow from blank (=any) to 127.0.0.1 on 23119 (as indicated here https://www.zotero.org/support/kb/connector_zotero_unavailable).
I did not have to touch NoScript's ABE (which seems to have been complaining at the beginning and on which I spend an hour to try to figure out how it was blocking Zotero - it wasn't) or its XSS protextion, nor uBlock Origin, nor anything else.
Especially not my firewall!
IMHO, the Knowledge Base article quite carelessly advises to "whitelist 127.0.0.1 with port 23119 from any security/firewall features of the software". Please give more sound security advice to the public (such as to figure out which software is actually blocking and not just to whitelist in all).
If anyone has an idea how I could specify the request rule to not have to allow from any, I would highly appreciate that! (though I suspect it might not be possible since it would be the specific site requesting localhost?)
Thanks! :)
In any case, I've adjusted the page to combine the separate steps for "security software" and browser extensions, since there's no real difference, and to suggest reenabling each piece of software one at a time to identify which ones are actually blocking requests.
If things were "obvious" or "necessary" I guess we wouldn't have to worry so much about security issues. Better err on the side of caution here... For instance, there are stupid people like me around who first try to fix the software spawning error messages instead of following a much more reasonable approach, which you also suggested, right from the beginning, not only after an hour ;)