Unable to log into Chase.com online banking

Description of the issue:
Unable to sign into the online banking experience of Chase bank/credit cards.
After entering user name and password and clicking Sign in button, I’m being redirected to page that says " Please turn on JavaScriptTM in your browser" etc.

Exact URL of the website in question:
https://www.chase.com/

Did the issue present with default Shields settings? (yes/no)
yes

Does the site function as expected when Shields are turned off?
no

Is there a specific Shields configuration that causes the site to break? If so, tell us that configuration. (yes/no):
n/a

Does the site work as expected when using Chrome?
yes

Brave version (check About Brave):
Version 0.68.132 Chromium: 76.0.3809.132 (Official Build) (64-bit)

Hi @mwdca,

Thanks for reporting. I use Chase and was able to login just now, MacOS. What OS are you on? Have you experienced this before or just since the latest update?

Hi @steeven,

I just recently restarted using Brave, so I don’t know if this is new.
I use MacOS too, 10.14.6.

Could you try deleting your cache and cookies and try to log in then (I obviously have no cached pages or cookies from Chase on my browser, so that’ll be more representative of what I’m experiencing)?

Are you starting off at https://ww.chase.com or elsewhere?

Clearing and checking now. Starting at https://www.chase.com/

Hi @mwdca, still working for me.

Have you tried it with Shields down? If so, does it work then?

Thanks!

It does not work with shields down.

Hey @fanboynz, would you mind taking a look here if you have a sec?

@mwdca,
I would recommend clearing cache/site data as well as resetting permissions for chase.com. To do this:

  1. Visit Chase.com and click the “lock” icon in the address bar
  2. Click Site settings
  3. Then select both Clear data and Reset permissions

Note that you’ll have to refresh the page before the changes take place. Once complete, try logging in again.

I browsed around the site seemed to be okay, can’t really test the actual logging in/checking balances etc

Seems okay here, from NZ.

Did fine a couple of new trackers, but nothing preventing the site from rendering.

@Mattches Thanks for suggestions, but it didn’t help unfortunately. I cleared all data, reset permissions, and restarted the whole browser.

@mwdca,
Would you mind trying to login using both:

  • A private browsing session
  • Using a new browsing profile ( a “guest” profile will work as well – use the “profile” icon next to the main menu for both of these options)

@Mattches it works on a new profile. I noticed that it doesn’t block scripts in the global shield defaults in the new test profile.
If I turn off script blocking in the global shield defaults in my original profile, it works. However, that’s not a great solution. So there must be script from some non chase.com site that’s required?

So here’s the thing – most sites are going to run and/or require scripts. In fact, if you’re using default Shields settings, Scripts should be Allowed by default. Did you maybe change the Global Shields settings in the browser to block scripts?

Ah yes, sorry if that wasn’t clear. My global shield settings have scripts blocked, unlike the defaults.
Are you saying it’s impractical to do so, even if I turn off the shield completely on sites that need it, such as chase.com?
Using that setting then essentially breaks most websites?
Is there no way to say “chase.com is allowed to pull in scripts from anywhere, even non-chase.com”?

@mwdca,
Taken from the above linked Shields article:

What I would recommend is that if you want to keep Scripts blocked globally – the very first thing you should do when a site is not functioning as intended is enabling Scripts in the Shields panel. Recall that protections set in the Shields Panel are site-specific and are retained across sessions.

For example, with chase.com, now that you know the site will work as intended with Scripts allowed, you can enable scripts in the Shields panel and continue blocking them globally by default. This way, the next time you visit chase (or any site in which you’ve enabled Scripts in the panel), the settings will already be configured properly without the need to adjust them again.

Hope this helps! Let me know if any of the above is unclear.

@Mattches
Appreciate your efforts so far!

I understand the concept of global vs site-specific settings and also the inner workings of web sites, as a lead developer on large consumer-facing site myself. Hence, as an insider, I’m especially scared of privacy invasion and appreciate Brave ;).

I understand the idea that if I turn the global setting on to block scripts, I need to be prepared to turn it on individually for many sites, which I am. But in this case it’s not sufficient.

Neither turning off all protections in the site-specific shield for chase.com nor turning the shield off completely make it work (for me) while the global setting to block scripts is enabled.

What I’m thinking is that chase.com, during the login process, either does a redirect or iframe or uses another mechanism to pull in a page or script from another domain that’s not in the chase.com domain, which isn’t governed by the chase.com domain settings, so then the global settings are used.
Unfortunately I can’t figure out when and where that is done.

Would appreciate any other pointers? Thank you!

1 Like

@mwdca,
So when I visit chase.com with scripts Blocked globally – I’m greeted with the following message:

If I

  • Open Shields and allow scripts, the site renders as intended. So, off the bat, I know that I must have JS allowed in order to login.
  • Open Shields and allow scripts once, this also causes the site to render as intended.

However, now when I attempt to login, I see this message with the following settings:

Further investigating, I see by clicking the “lock” icon, JS is confirmed (supposedly) to be set to Allow:

At this point, it seems that no matter what I do the site behaves as you stated – blocking scripts globally seems to supersede any other changes to permissions/protections made. I’ll likely be filing an issue for this today and get some dev eyes on it.

Thank you very much for your patience and troubleshooting the issues with me :slight_smile:

This topic was automatically closed after 30 days. New replies are no longer allowed.