Description of the issue:
Unable to sign into the online banking experience of Chase bank/credit cards.
After entering user name and password and clicking Sign in button, I’m being redirected to page that says " Please turn on JavaScriptTM in your browser" etc.
Thanks for reporting. I use Chase and was able to login just now, MacOS. What OS are you on? Have you experienced this before or just since the latest update?
I just recently restarted using Brave, so I don’t know if this is new.
I use MacOS too, 10.14.6.
Could you try deleting your cache and cookies and try to log in then (I obviously have no cached pages or cookies from Chase on my browser, so that’ll be more representative of what I’m experiencing)?
@Mattches it works on a new profile. I noticed that it doesn’t block scripts in the global shield defaults in the new test profile.
If I turn off script blocking in the global shield defaults in my original profile, it works. However, that’s not a great solution. So there must be script from some non chase.com site that’s required?
So here’s the thing – most sites are going to run and/or require scripts. In fact, if you’re using default Shields settings, Scripts should be Allowed by default. Did you maybe change the Global Shields settings in the browser to block scripts?
Ah yes, sorry if that wasn’t clear. My global shield settings have scripts blocked, unlike the defaults.
Are you saying it’s impractical to do so, even if I turn off the shield completely on sites that need it, such as chase.com?
Using that setting then essentially breaks most websites?
Is there no way to say “chase.com is allowed to pull in scripts from anywhere, even non-chase.com”?
What I would recommend is that if you want to keep Scripts blocked globally – the very first thing you should do when a site is not functioning as intended is enabling Scripts in the Shields panel. Recall that protections set in the Shields Panel are site-specific and are retained across sessions.
For example, with chase.com, now that you know the site will work as intended with Scripts allowed, you can enable scripts in the Shields panel and continue blocking them globally by default. This way, the next time you visit chase (or any site in which you’ve enabled Scripts in the panel), the settings will already be configured properly without the need to adjust them again.
Hope this helps! Let me know if any of the above is unclear.
I understand the concept of global vs site-specific settings and also the inner workings of web sites, as a lead developer on large consumer-facing site myself. Hence, as an insider, I’m especially scared of privacy invasion and appreciate Brave ;).
I understand the idea that if I turn the global setting on to block scripts, I need to be prepared to turn it on individually for many sites, which I am. But in this case it’s not sufficient.
Neither turning off all protections in the site-specific shield for chase.com nor turning the shield off completely make it work (for me) while the global setting to block scripts is enabled.
What I’m thinking is that chase.com, during the login process, either does a redirect or iframe or uses another mechanism to pull in a page or script from another domain that’s not in the chase.com domain, which isn’t governed by the chase.com domain settings, so then the global settings are used.
Unfortunately I can’t figure out when and where that is done.
At this point, it seems that no matter what I do the site behaves as you stated – blocking scripts globally seems to supersede any other changes to permissions/protections made. I’ll likely be filing an issue for this today and get some dev eyes on it.
Thank you very much for your patience and troubleshooting the issues with me
