From: nunojsilva@invalid.invalid   
      
   On 2025-10-09, David H Durgee wrote:   
      
   > David H Durgee wrote:   
   >> Mark Bourne wrote:   
   >>> David H Durgee wrote:   
   >>>> David H Durgee wrote:   
   >>>>> Richmond wrote:   
   >>>>>> David H Durgee  writes:   
      
   >>>>>>> The URL for the window shows as:   
   >>>>>>>   
   >>>>>>> https://login.yahoo.com/?src=thunderbird&clientid=   
   >>>>>>>   
   [...]   
   >> I disabled ABE in No Script and those messages went away.  I still   
   >> see one No Script related error listed:   
   >>   
   >>> [NoScript] Force text/plain for missing content-type on   
   >>> https://api.login.yahoo.com/oauth2/request_auth?response_typ   
   =code&client_id=dj0yJmk9NUtCTWFMNVpTaVJmJmQ9WVdrOVJ6UjVTa2xJTXpR   
   WNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD0yYw--&redirect_uri=http%3A   
   2F%2Flocalhost&scope=mail-w&login_hint=dhdurgee%40yahoo.com   
   >>>   
   >>   
   >> I don't know if that is directly related to the problem or not, it   
   >> sounds pretty innocuous and appears to confirm this relates to   
   >> oauth2 based on the URL.   
   >>   
   >> Unfortunately I am still getting nowhere with this.   
   >>   
   >> Dave   
   >   
   > I thought to try something with the above URL, I opened it in a   
   > Firefox tab enabling all scripting it requested and it was able to   
   > complete to a point where it tried to do something with localhost that   
   > failed.  It even sent me an email to my backup account about a   
   > Thunderbird login.   
      
   (Just to clarify:   
      
   The localhost part is because of the redirect_uri parameter in the   
   OAuth2 request, if you open this address in a browser, it will try to   
   redirect to localhost on success, that's expected.)   
      
   --   
   Nuno Silva   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)