Path: csiph.com!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail From: Richmond Newsgroups: alt.comp.software.seamonkey Subject: Re: Problematic popup for imap.mail.yahoo.com Date: Tue, 14 Oct 2025 21:05:08 +0100 Organization: Frantic Message-ID: <86jz0xmeq3.fsf@example.com> References: <864is9pb09.fsf@example.com> <10c6fqq$1ril4$1@dont-email.me> <868qhdocu9.fsf@example.com> <864is1obnp.fsf@example.com> <86wm4xmsqy.fsf@example.com> <86seflmj4x.fsf@example.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Info: solani.org; logging-data="1086670"; mail-complaints-to="abuse@news.solani.org" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) Cancel-Lock: sha1:RbkzPQalVKhd4txEJJNlZRxhZWg= sha1:LIxBL8cLTp35/OhHnozxW8G6qMU= X-User-ID: eJwFwYEBwCAIA7CXRFtYzxkg/59gwuPmFXA6OJzyH9JXU33PtIqn2yBi7WtUpynGMlOKtfEALngRRQ== Xref: csiph.com alt.comp.software.seamonkey:7986 David H Durgee writes: > Richmond wrote: >> Richmond writes: >> >>> Richmond writes: >>> >>>> Richmond writes: >>>> >>>>> David H Durgee writes: >>>>> >>>>>> David H Durgee wrote: >>>>>>> David H Durgee wrote: >>>>>>>> Mark Bourne wrote: >>>>>>>>> David H Durgee wrote: >>>>>>>>>> David H Durgee wrote: >>>>>>>>>>> Richmond wrote: >>>>>>>>>>>> David H Durgee writes: >>>>>>>>>>>> >>>>>>>>>>>>> Starting yesterday I am getting a problematic popup from >>>>>>>>>>>>> imap.mail.yahoo.com every time it tries to check for mail. >>>>>>>>>>>>> >>>>>>>>>>>>> The popup requests that I login, but when I click the button >>>>>>>>>>>>> after I enter the email and password I get a spinner and >>>>>>>>>>>>> nothing else happens. >>>>>>>>>>>>> >>>>>>>>>>>>> I am assuming that something about the popup is causing >>>>>>>>>>>>> problems for SeaMonkey 2.53.21 here. >>>>>>>>>>>>> >>>>>>>>>>>>> The URL for the window shows as: >>>>>>>>>>>>> >>>>>>>>>>>>> https://login.yahoo.com/?src=thunderbird&clientid= >>>>>>>>>>>>> >>>>>>>>>>>>> The window can be moved but remains on top.  No right click >>>>>>>>>>>>> menu. >>>>>>>>>>>>> >>>>>>>>>>>>> Cannot highlight and copy the URL. >>>>>>>>>>>>> >>>>>>>>>>>>> The window title is "Enter credentials for" on >>>>>>>>>>>>> imap... >>>>>>>>>>>>> >>>>>>>>>>>>> Obviously I cannot access yahoo mail at the moment and given >>>>>>>>>>>>> it is non-functional all I can do is close the window. >>>>>>>>>>>>> >>>>>>>>>>>>> How do I get this corrected? >>>>>>>>>>>>> >>>>>>>>>>>>> Dave >>>>>>>>>>>> >>>>>>>>>>>> It sounds like it is trying to set up Oauth2. Maybe you have >>>>>>>>>>>> to enable javascript? Or maybe it is requesting 2FA? >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I thought I had Oauth2 already setup on all my mail >>>>>>>>>>> connections, but perhaps I missed it.  Looking in my passwords >>>>>>>>>>> do not show one for that email address, so that may be the >>>>>>>>>>> problem. >>>>>>>>>>> >>>>>>>>>>> I will look into how I need to get that working. >>>>>>>>>>> >>>>>>>>>>> Dave >>>>>>>>>> >>>>>>>>>> The error console shows [ABE} errors relating to this.  How do I >>>>>>>>>> fix that? >>>>>>>>>> >>>>>>>>>> Dave >>>>>>>>> >>>>>>>>> I don't know if it might have other meanings, but to me "ABE" is >>>>>>>>> NoScript's "Application Boundaries Enforcer" that restricts which >>>>>>>>> domains can load Javascript and other resources from which other >>>>>>>>> domains.  It could be that the Yahoo login page is trying to load >>>>>>>>> Javascript from another Yahoo domain, and maybe you've configured >>>>>>>>> ABE rules that prevent that.  As far as I recall ABE isn't >>>>>>>>> enabled by default in NoScript, and has very few restrictions by >>>>>>>>> default even if enabled.  So if that is the problem, hopefully >>>>>>>>> you'd know you've enabled ABE at some point and that's enough of >>>>>>>>> a clue to work out how to adjust whatever rules you've set up. >>>>>>>>> >>>>>>>>> Or it could be "ABE" has a completely different meaning in this >>>>>>>>> context...! >>>>>>>>> >>>>>>>> >>>>>>>> I disabled ABE in No Script and those messages went away.  I still >>>>>>>> see one No Script related error listed: >>>>>>>> >>>>>>>>> [NoScript] Force text/plain for missing content-type on >>>>>>>>> https://api.login.yahoo.com... >>>>>>>> >>>>>>>> I don't know if that is directly related to the problem or not, it >>>>>>>> sounds pretty innocuous and appears to confirm this relates to >>>>>>>> oauth2 based on the URL. >>>>>>>> >>>>>>>> Unfortunately I am still getting nowhere with this. >>>>>>>> >>>>>>>> Dave I thought to try something with the above URL, I opened it in >>>>>>> a Firefox tab enabling all scripting it requested and it was able >>>>>>> to complete to a point where it tried to do something with >>>>>>> localhost that failed.  It even sent me an email to my backup >>>>>>> account about a Thunderbird login. This morning I tried the same >>>>>>> thing in a Seamonkey tab and wind up with a spinner after entering >>>>>>> the password.  Looking in the error console I see: >>>>>>> >>>>>>>> Timestamp: 10/9/25, 11:51:19 AM MDT Error: SyntaxError: missing : >>>>>>>> after property id Source File: >>>>>>>> https://s.yimg.com/aaq/benji/benji-2.3.23.js Line: 1, Column: >>>>>>>> 25600 Source Code: s[n]=e.benji.debug.logs[n]||[]).push(r)}}class >>>>>>>> fs{_googletag;features;refreshQueue;debounceTimer;constructor(){return >>>>>>>> th >>>>>>> >>>>>>>> Timestamp: 10/9/25, 11:51:19 AM MDT Error: about:blank : Unable to >>>>>>>> run script because scripts are blocked internally. >>>>>>> >>>>>>>> Timestamp: 10/9/25, 11:51:21 AM MDT Error: about:blank : Unable to >>>>>>>> run script because scripts are blocked internally. >> So it >>>>>>>> appears that Yahoo is indeed doing something SeaMinkey isn't >> >>>>>>>> supporting. >> Dave >>>>>> >>>>>> >>>>>> I have Thunderbird on my system as well, but I don't use it as I >>>>>> prefer SeaMonkey. If I were to set up Thunderbird to access Yahoo >>>>>> mail via IMAP and SMTP with oauth2, assuming it will work, would >>>>>> there be a way to pull the oauth2 entry from it and add it to the >>>>>> SeaMonkey password file to get it working here? >>>>>> >>>>> >>>>> When I tried with Thunderbird, the next thing which came up after the >>>>> password prompt (which was where it got stuck with seamonkey) was a >>>>> dialog requesting that I choose where to send a >>>>> one-time-password. I.e. the 2fa dialog. It was possible to select >>>>> from the url but it had 'thunderbird' embedded in it, so I didn't >>>>> bother to try. Another thing I noticed when using Seamonkey is that >>>>> when you get stuck on the password prompt you can click "yahoo" top >>>>> left and you get prompted to accept cookies. After tha however there >>>>> is no way to go back to the password prompt. >>>> >>>> I've noticed that if I disable javascript I can get the 2FA popup, >>>> however I don't get any further than that. Perhaps what is needed is >>>> an on-the-fly javascript toggle button. >>> >>> I did it! I logged into Yahoo Webmail using Seamonkey. I had to ask an >>> AI to create a Javascript toggle button extension. Then I entered user >>> name and password without javascript until the 2fa prompt came up, then >>> I enabled javascript and logged in. It's only taken a few hours. :( >> I have also got Yahoo Oauth2 working with Seamonkey, but I am not >> entirely sure how I did it, other than turning javascript on and off, >> and sort of inching forward a bit further each time. >> > > I tired this approach with my imap mail account and I got to the point > of the 2FA choice, but after putting in the code I get the spinner > when I check the box to stay verified and click the next button. > > You both say you got into webmail. Did that place an Oauth2 token in > the password file? If so, I will have to try that myself and see if > the problem is solved in mail as well. > I have just repeated this with a different profile and it worked again. I will try to record it while I remember it: So I turn off javascript, set authentication to Oauth2, go to the yahoo email account and click on the inbox, the restricted window comes up, I enter the user name and password, I get the 2fa dialog, I click text message to phone, I click stay authenticated, then I go back to the browser window and enable javascript. I click resend the code and wait for the timeout, then resend again, and I get a code, which I enter, then it askes me to agree to Oauth2 terms, and I am in, and I can see emails in my Yahoo account via Imap. This didn't all work first time, and at some point during the proceedings, after javascript was re-enabled, I clicked help and accepted cookies.