This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Verification codes never received from in Thunderbird if sent from Firefox page.

  • Kòsí àwọn èsì
  • 0 ní àwọn ìṣòro yìí
more options

Twice now I have had issues with a site (A bank) sending an ID verification code to my email address in Thunderbird in Ubuntu and also on my Mobile via Bluemail. Resulting in hours of correspondence to get around the problem by other means. (I am deaf so prefer not to use the phone)

I have a theory, please can someone with "The knowledge" have a butchers at the console text below as I think that it may be the cross site cookie prohibition, a standard setting for most of us which stops this verification code working: Note Noscript is set to "Temp trust all on site" Ghostery set to Trust site.


10:10:16.837 This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “”. app.xxxxxx.com

10:10:17.432 Creating extension->page port windowPatchMessages:ffc75872-b49e-4666-86bd-ac9098503051 patchWindow.js:68:13 10:10:17.433 Creating page->extension port windowPatchMessages:ffc75872-b49e-4666-86bd-ac9098503051 patchWindow.js:68:13 10:10:17.615 SyncMessage ee6c0473-4026-407d-b249-14b23027ac4e,https://app.xxxxxx.com/, state loading, result: {"permissions":{"capabilities":["script","object","media","frame","font","webgl","fetch","ping","noscript","unchecked_css","lan","lazy_load"],"temp":false},"cascaded":true} SyncMessage.js:265:15 10:10:18.726 Cookie warnings 35 10:10:18.845 Cookie “test_WZRK_S_6ZW-WZ7-6W7Z2” has been rejected for invalid domain. app.xxxxxx.com 10:10:20.121 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.amplitude.com/. (Reason: CORS request did not succeed). Status code: (null). 10:10:20.804 <script> source URI is not allowed in this document: “https://www.googletagmanager.com/gtm.js?id=GTM-MM5DB72”. app.xxxxxx.com:1:1 10:10:25.887 Content-Security-Policy warnings 2 10:10:26.489 uncaught exception: could not create user after 0 tries 10:10:26.611 Content-Security-Policy: The page’s settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: “script-src 'nonce-71i9SF28SAnnX0RhGdQoBw' 'unsafe-inline'” inject.js:33:28 10:10:27.034 POST https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport [HTTP/3 404 133ms]

10:10:27.038 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.amplitude.com/. (Reason: CORS request did not succeed). Status code: (null). 10:10:27.224 SyncMessage cd07dec8-0ad4-419a-828a-2b896ab8a2f0,https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fapp.xxxxxx.com&mid=, state interactive, result: {"permissions":{"capabilities":["script","object","media","frame","font","webgl","fetch","ping","noscript","unchecked_css","lan","lazy_load"],"temp":false},"cascaded":true} SyncMessage.js:265:15 10:10:27.225 Creating extension->page port windowPatchMessages:2394f016-93c4-4532-aa69-f7db21556d75 patchWindow.js:68:13 10:10:27.226 Creating page->extension port windowPatchMessages:2394f016-93c4-4532-aa69-f7db21556d75 patchWindow.js:68:13 10:10:28.342 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.amplitude.com/. (Reason: CORS request did not succeed). Status code: (null). 10:10:35.953 This site appears to use a scroll-linked positioning effect. This may not work well with asynchronous panning; see https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html for further details and to join the discussion on related tools and features! app.xxxxxx.com 10:10:36.026 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.amplitude.com/. (Reason: CORS request did not succeed). Status code: (null). 10:10:36.349 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.amplitude.com/. (Reason: CORS request did not succeed). Status code: (null). 10:10:38.578 XHRGET https://live.services.xxxxxxx.com/rest/v3/two-factor-auth/validate?action=my-account&skipCodeGeneration=true [HTTP/1.1 403 Forbidden 77ms]

10:10:38.578 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.amplitude.com/. (Reason: CORS request did not succeed). Status code: (null). 10:10:40.453 XHRGET https://live.services.xxxxxxxx.com/rest/v3/two-factor-auth/validate?action=my-account&skipCodeGeneration=false [HTTP/1.1 403 Forbidden 79ms]

10:10:40.773 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.amplitude.com/. (Reason: CORS request did not succeed). Status code: (null). 10:13:06.025 Error: this.requestMonitor is undefined undefined


Many thanks in advance.

Twice now I have had issues with a site (A bank) sending an ID verification code to my email address in Thunderbird in Ubuntu and also on my Mobile via Bluemail. Resulting in hours of correspondence to get around the problem by other means. (I am deaf so prefer not to use the phone) I have a theory, please can someone with "The knowledge" have a butchers at the console text below as I think that it may be the cross site cookie prohibition, a standard setting for most of us which stops this verification code working: Note Noscript is set to "Temp trust all on site" Ghostery set to Trust site. ---------------------------------------------------------------------------------------------------------------- 10:10:16.837 This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”. app.xxxxxx.com 10:10:17.432 Creating extension->page port windowPatchMessages:ffc75872-b49e-4666-86bd-ac9098503051 patchWindow.js:68:13 10:10:17.433 Creating page->extension port windowPatchMessages:ffc75872-b49e-4666-86bd-ac9098503051 patchWindow.js:68:13 10:10:17.615 SyncMessage ee6c0473-4026-407d-b249-14b23027ac4e,https://app.xxxxxx.com/, state loading, result: {"permissions":{"capabilities":["script","object","media","frame","font","webgl","fetch","ping","noscript","unchecked_css","lan","lazy_load"],"temp":false},"cascaded":true} SyncMessage.js:265:15 10:10:18.726 Cookie warnings 35 10:10:18.845 Cookie “test_WZRK_S_6ZW-WZ7-6W7Z2” has been rejected for invalid domain. app.xxxxxx.com 10:10:20.121 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.amplitude.com/. (Reason: CORS request did not succeed). Status code: (null). 10:10:20.804 <script> source URI is not allowed in this document: “https://www.googletagmanager.com/gtm.js?id=GTM-MM5DB72”. app.xxxxxx.com:1:1 10:10:25.887 Content-Security-Policy warnings 2 10:10:26.489 uncaught exception: could not create user after 0 tries 10:10:26.611 Content-Security-Policy: The page’s settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: “script-src 'nonce-71i9SF28SAnnX0RhGdQoBw' 'unsafe-inline'” inject.js:33:28 10:10:27.034 POST https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport [HTTP/3 404 133ms] 10:10:27.038 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.amplitude.com/. (Reason: CORS request did not succeed). Status code: (null). 10:10:27.224 SyncMessage cd07dec8-0ad4-419a-828a-2b896ab8a2f0,https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fapp.xxxxxx.com&mid=, state interactive, result: {"permissions":{"capabilities":["script","object","media","frame","font","webgl","fetch","ping","noscript","unchecked_css","lan","lazy_load"],"temp":false},"cascaded":true} SyncMessage.js:265:15 10:10:27.225 Creating extension->page port windowPatchMessages:2394f016-93c4-4532-aa69-f7db21556d75 patchWindow.js:68:13 10:10:27.226 Creating page->extension port windowPatchMessages:2394f016-93c4-4532-aa69-f7db21556d75 patchWindow.js:68:13 10:10:28.342 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.amplitude.com/. (Reason: CORS request did not succeed). Status code: (null). 10:10:35.953 This site appears to use a scroll-linked positioning effect. This may not work well with asynchronous panning; see https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html for further details and to join the discussion on related tools and features! app.xxxxxx.com 10:10:36.026 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.amplitude.com/. (Reason: CORS request did not succeed). Status code: (null). 10:10:36.349 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.amplitude.com/. (Reason: CORS request did not succeed). Status code: (null). 10:10:38.578 XHRGET https://live.services.xxxxxxx.com/rest/v3/two-factor-auth/validate?action=my-account&skipCodeGeneration=true [HTTP/1.1 403 Forbidden 77ms] 10:10:38.578 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.amplitude.com/. (Reason: CORS request did not succeed). Status code: (null). 10:10:40.453 XHRGET https://live.services.xxxxxxxx.com/rest/v3/two-factor-auth/validate?action=my-account&skipCodeGeneration=false [HTTP/1.1 403 Forbidden 79ms] 10:10:40.773 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.amplitude.com/. (Reason: CORS request did not succeed). Status code: (null). 10:13:06.025 Error: this.requestMonitor is undefined undefined --------------------------------------------------------------------------------------------------------------- Many thanks in advance.

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.