Path: csiph.com!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail From: Richmond Newsgroups: alt.comp.software.seamonkey Subject: Re: Problematic popup for imap.mail.yahoo.com Date: Tue, 14 Oct 2025 14:28:26 +0100 Organization: Frantic Message-ID: <864is1obnp.fsf@example.com> References: <864is9pb09.fsf@example.com> <10c6fqq$1ril4$1@dont-email.me> <868qhdocu9.fsf@example.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Info: solani.org; logging-data="1086670"; mail-complaints-to="abuse@news.solani.org" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) Cancel-Lock: sha1:ETNdHjZI+rRlWtvgyAnQ0jPuu0A= sha1:JOzQPYgfu+K92R60g948nJq5JqY= X-User-ID: eJwVydkRADAEBcCWHA9RjjD6LyGT/V1TZ++Am8PWNrHpNJshkNpTV4ZQrMqVN1Qy/o6hqRrzABRLEP8= Xref: csiph.com alt.comp.software.seamonkey:7977 Richmond writes: > David H Durgee writes: > >> David H Durgee wrote: >>> David H Durgee wrote: >>>> Mark Bourne wrote: >>>>> David H Durgee wrote: >>>>>> David H Durgee wrote: >>>>>>> Richmond wrote: >>>>>>>> David H Durgee writes: >>>>>>>> >>>>>>>>> Starting yesterday I am getting a problematic popup from >>>>>>>>> imap.mail.yahoo.com every time it tries to check for mail. >>>>>>>>> >>>>>>>>> The popup requests that I login, but when I click the button >>>>>>>>> after I enter the email and password I get a spinner and >>>>>>>>> nothing else happens. >>>>>>>>> >>>>>>>>> I am assuming that something about the popup is causing >>>>>>>>> problems for SeaMonkey 2.53.21 here. >>>>>>>>> >>>>>>>>> The URL for the window shows as: >>>>>>>>> >>>>>>>>> https://login.yahoo.com/?src=thunderbird&clientid= >>>>>>>>> >>>>>>>>> The window can be moved but remains on top.  No right click >>>>>>>>> menu. >>>>>>>>> >>>>>>>>> Cannot highlight and copy the URL. >>>>>>>>> >>>>>>>>> The window title is "Enter credentials for" on >>>>>>>>> imap... >>>>>>>>> >>>>>>>>> Obviously I cannot access yahoo mail at the moment and given >>>>>>>>> it is non-functional all I can do is close the window. >>>>>>>>> >>>>>>>>> How do I get this corrected? >>>>>>>>> >>>>>>>>> Dave >>>>>>>> >>>>>>>> It sounds like it is trying to set up Oauth2. Maybe you have to >>>>>>>> enable javascript? Or maybe it is requesting 2FA? >>>>>>>> >>>>>>> >>>>>>> I thought I had Oauth2 already setup on all my mail connections, >>>>>>> but perhaps I missed it.  Looking in my passwords do not show >>>>>>> one for that email address, so that may be the problem. >>>>>>> >>>>>>> I will look into how I need to get that working. >>>>>>> >>>>>>> Dave >>>>>> >>>>>> The error console shows [ABE} errors relating to this.  How do I >>>>>> fix that? >>>>>> >>>>>> Dave >>>>> >>>>> I don't know if it might have other meanings, but to me "ABE" is >>>>> NoScript's "Application Boundaries Enforcer" that restricts which >>>>> domains can load Javascript and other resources from which other >>>>> domains.  It could be that the Yahoo login page is trying to load >>>>> Javascript from another Yahoo domain, and maybe you've configured >>>>> ABE rules that prevent that.  As far as I recall ABE isn't enabled >>>>> by default in NoScript, and has very few restrictions by default >>>>> even if enabled.  So if that is the problem, hopefully you'd know >>>>> you've enabled ABE at some point and that's enough of a clue to >>>>> work out how to adjust whatever rules you've set up. >>>>> >>>>> Or it could be "ABE" has a completely different meaning in this >>>>> context...! >>>>> >>>> >>>> I disabled ABE in No Script and those messages went away.  I still >>>> see one No Script related error listed: >>>> >>>>> [NoScript] Force text/plain for missing content-type on >>>>> https://api.login.yahoo.com... >>>> >>>> I don't know if that is directly related to the problem or not, it >>>> sounds pretty innocuous and appears to confirm this relates to >>>> oauth2 based on the URL. >>>> >>>> Unfortunately I am still getting nowhere with this. >>>> >>>> Dave I thought to try something with the above URL, I opened it in >>> a Firefox tab enabling all scripting it requested and it was able to >>> complete to a point where it tried to do something with localhost >>> that failed.  It even sent me an email to my backup account about a >>> Thunderbird login. This morning I tried the same thing in a >>> Seamonkey tab and wind up with a spinner after entering the >>> password.  Looking in the error console I see: >>> >>>> Timestamp: 10/9/25, 11:51:19 AM MDT Error: SyntaxError: missing : >>>> after property id Source File: >>>> https://s.yimg.com/aaq/benji/benji-2.3.23.js Line: 1, Column: 25600 >>>> Source Code: s[n]=e.benji.debug.logs[n]||[]).push(r)}}class >>>> fs{_googletag;features;refreshQueue;debounceTimer;constructor(){return >>>> th >>> >>>> Timestamp: 10/9/25, 11:51:19 AM MDT Error: about:blank : Unable to >>>> run script because scripts are blocked internally. >>> >>>> Timestamp: 10/9/25, 11:51:21 AM MDT Error: about:blank : Unable to >>>> run script because scripts are blocked internally. >> So it >>>> appears that Yahoo is indeed doing something SeaMinkey isn't >> >>>> supporting. >> Dave >> >> >> I have Thunderbird on my system as well, but I don't use it as I >> prefer SeaMonkey. If I were to set up Thunderbird to access Yahoo >> mail via IMAP and SMTP with oauth2, assuming it will work, would >> there be a way to pull the oauth2 entry from it and add it to the >> SeaMonkey password file to get it working here? >> > > When I tried with Thunderbird, the next thing which came up after the > password prompt (which was where it got stuck with seamonkey) was a > dialog requesting that I choose where to send a > one-time-password. I.e. the 2fa dialog. It was possible to select from > the url but it had 'thunderbird' embedded in it, so I didn't bother to > try. Another thing I noticed when using Seamonkey is that when you get > stuck on the password prompt you can click "yahoo" top left and you > get prompted to accept cookies. After tha however there is no way to > go back to the password prompt. I've noticed that if I disable javascript I can get the 2FA popup, however I don't get any further than that. Perhaps what is needed is an on-the-fly javascript toggle button.