3

Every time I go to aliexpress with Chrome I find I cannot highlight text on an items page (I can on the search results list though), and I cannot right click to get the context menu on images, for example. both behaviors work just fine in Edge.

The only error I see in the console is two of these:

618686_795079156.html?spm=5261.7049941.1998509440.374.8HLhc7&sdom=101.342.433.0_795079156:1 [Report Only] Refused to load the script 'about:blank' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.aliexpress.com *.aliunicorn.com *.alipay.com *.aliyun.com *.alicdn.com *.aliimg.com *.alibaba.com *.alisoft.com *.doubleclick.net *.mmstat.com *.greencompute.org *.video.taobao.com *.itao.com *.tbcdn.cn *.taobaocdn.com *.akamaihd.net *.taobao.com www.google-analytics.com https://stylessl.aliunicorn.com https://assets.alicdn.com https://ynuf.alipay.com https://login.alibaba.com https://login.aliexpress.com *.amap.com *.cnzz.com *.cnzz.net apis.google.com *.googleapis.com translate.google.com www.gstatic.com https://www.google.com bs.yandex.ru mc.yandex.ru vk.com *.vk.me *.facebook.com connect.facebook.net static.criteo.net *.criteo.com". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

I have an adblocker in chrome but even if I turn it off I still get this behavior. I'd like to correct it, but to do that I have to find out what is wrong..

juan garcia
  • 1,326
  • 2
  • 23
  • 56
roberto tomás
  • 4,435
  • 5
  • 42
  • 71

2 Answers2

3

The right click disabling is quite possibly coming from a use of event.preventDefault which other answers describe as a way to get this behavior; here's one picked more or less at random.

One way to try to find out which script is causing this would be to use the Chrome web inspector and search in all sources (ctrl+shift-F on windows) for 'preventDefault' and throw a breakpoint on every call to it, then right click on the appropriate element or elements and see if you hit a breakpoint.

Inability to select text may be due to the use of the (non-standards track) CSS property user-select. If you find the element or elements that you cannot select in the Elements tab of the web inspector, you can look at their computed CSS style and see if the user-select property is set to none.

Community
  • 1
  • 1
ellisbben
  • 6,352
  • 26
  • 43
  • these were interesting comments and I voted you up for the detail you added. unfortunately neither lead to anything.. `preventDefault` is not in any content from any `http://aliexpress.com/store/product/`-* page (didn't show up at all with ctl+shift+F from the inspect panel), and `user-select` only exists (as `-webkit-user-select`, etc) in an iframe that is not part of the content at all. – roberto tomás Nov 11 '15 at 19:09
  • Very, very curious! Can you provide a link to one of the product pages on which you see this behavior? I don't see it in http://www.aliexpress.com/store/product/Min-order-is-10-mix-2014-Factory-Outlet-elegant-pearl-big-Vintage-Style-Imitate-Collar-Necklaces/811278_850680960.html – ellisbben Nov 13 '15 at 01:33
  • 2
    @ ellisbben — huh ... the one you gave is an example of a page that gives me this issue in chrome but not in edge. it is those product pages. Same issue with my ad blocker off. I just checked, even with Incognito mode and all extensions not allowed incognito, it still does it. chrome Version 47.0.2526.58 beta-m (64-bit) – roberto tomás Nov 14 '15 at 03:36
  • for me it happens everywhere in aliexpress. It works perfect on others sites including alibaba, amazon, gearbest etc... – Kostanos Aug 30 '18 at 15:48
  • I can't find a page which exhibits this behavior on https://aliexpress in chrome beta 69.0.3497.42. @Kostanos if you find a way to reliably get this behavior, why don't you capture a HAR? https://community.box.com/t5/Managing-Content-Troubleshooting/How-to-Generate-a-HAR-File-in-Chrome-IE-Firefox-and-Safari/ta-p/366 – ellisbben Aug 31 '18 at 15:08
1

The console is saying you have a CSP violation. CSP stands for Content Security Policy and the list shows all of the domains that cannot run JavaScript.

This can be added by your ad-blocker or the website headers. From the sounds of it, the ad-blocker isn't deactivated properly.

Karl Gjertsen
  • 4,690
  • 8
  • 41
  • 64
  • 1
    thank you. I disabled my adblocker and the errors went away (replaced with a "connection refused error ... here, if interested: `GET http://atmamos.im.alisoft.com/muliuserstatusx.atc?beginnum=0;8pctgRBMALNEhd…9r8PrPJ8;8pctgRBMALNEhdyYkfatd2gW9r8PrPJ8;8pctgRBMALNEhdyYkfatd2gW9r8PrPJ8 net::ERR_CONNECTION_REFUSED`) — it didn't change the mouse behvior issues but it did fix the console error, so thank you! – roberto tomás Nov 11 '15 at 19:12
  • Glad you got it sorted. CSP headers are useful, but they can catch you out. – Karl Gjertsen Nov 11 '15 at 19:57