Opened 3 years ago

Last modified 8 months ago

#22530 new defect

Redirection loop with disabled js on every page of

Reported by: cypherpunks Owned by: hiro
Priority: High Milestone:
Component: Webpages/Blog Version:
Severity: Major Keywords: user-feedback, blog
Cc: Dbryrtfbcbhgf, gk, qwertyu Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


For several years everyone was able to post on without enabling JavaScript and other dangerous things.

Observed behaviour: can not post unless slider set to medium or low
Expected behaviour: high security supported
Steps to reproduce: try to post at with security slider on high

Child Tickets

#30576closedhiroIf permissions.default.image is set to 2 and one comments on a blog post it keeps reloadingWebpages/Blog

Change History (14)

comment:1 Changed 3 years ago by arma

If somebody could identify what exactly is the setting that makes it not work, that will help move this ticket forward.

comment:2 Changed 3 years ago by gk

If I set my slider to "high" and just allow JavaScript on the blog it works. Otherwise I get a redirect loop (you can see that when you are opening the web console (Ctrl + Shift + K) and go to the Network tab.

comment:3 Changed 3 years ago by gk

Cc: Dbryrtfbcbhgf added

Closed #22526 as duplicate.

comment:4 Changed 3 years ago by gk

Cc: gk added

comment:5 Changed 3 years ago by hiro

There is a problem with the menu bar. It needs js enabled to work. I am wondering if this can be fixed by having a custom admin template in drupal. The problem with building a custom admin template in drupal is that it might complicate things a bit.
BTW we have this same issue with storm.

Last edited 3 years ago by hiro (previous) (diff)

comment:6 Changed 3 years ago by hiro

Status: newaccepted

I have been investigating this a bit more. The status at the moment is the following.

The template we are using implements bootstrap w some JS, when Tor browser is used w/ high security level, posting to the blog (comments and new blog posts for registered users) is not possible.

This is part due to issues with tor-bootstrap template as well as issues with drupal admin template.

I am trying to see if it is possible to solve the comments side of this issue, so that users would be allowed to post with high security level in Tor browser.

To do this I am specifically trying to strip the problematic JS while I fix the other big and small design issues.

The admin part is a bit more complicated to solve instead. I might have a look around to see if I can find a no-JS admin template. If not we should consider recoding the admin template ourselves, which might be a big effort.

Unfortunately we have inherited this issue from the old tor labs template that was adapted for the blog.

Last edited 3 years ago by hiro (previous) (diff)

comment:7 Changed 3 years ago by cypherpunks

I don't need js enabled to post at I see a blog comment of mine from one month ago.
My most significant prefs change from TBB default is allowing history (I reset this in Firefox prefs GUI).
Other prefs I change seem even less related to js - disable trim urls, wrap lines in view source, minimum font size, and a few others like those.
I also set noscript options strictly.
I change those after setting security slider to highest.

The only "strange" behavior I experience by the new blog is that after I have posted a comment (as reply or a new comment), tor blog won't show the "reply" link on comments. But this happens in only the same TBB tab. Loading the blog page in a new tab fixes that "strange" defect.

comment:8 Changed 3 years ago by cypherpunks

To avoid confusion:
I posted only comment 7 and this addendum comment on this ticket.

comment:9 Changed 3 years ago by gk

#25698 is a duplicate.

comment:10 Changed 2 years ago by traumschule

#27477 as well.

it is really bad the we encourage / force users to turn on js without even a warning (just like mozilla).

i was looking for the code, but did not find it. is your drupal under git somewhere?

comment:11 Changed 2 years ago by traumschule

Summary: Tor Browser 7.0 can't post on unless security slider is loweredRedirection loop with disabled js on every page of

Since yesterday all pages permanently reload (TB 8.5a1).

comment:12 Changed 17 months ago by wayward

Keywords: user-feedback blog added

comment:13 Changed 12 months ago by gk

Cc: qwertyu added
Status: acceptednew

#32312 is a duplicate.

comment:14 Changed 8 months ago by cypherpunks

#30576 is a duplicate

Note: See TracTickets for help on using tickets.