CapitalOne snubs Opera with latest website revision

CapitalOne snubs Opera with latest website revision

CapitalOne cardholders, please send an e-mail to them as well to let them know their latest revision stinks. You can also call Online Banking Customer Service toll free at 1-877-442-3764. The website has always worked well with Opera (at least as far as I know).

Message to webinfo@capitalone.com from me:

Hello,

I have been a CapitalOne customer for about 1 1/2 years and have always enjoyed the convenience of online banking, which is one of the reasons I use CapitalOne. As a credit card customer, it has always been very convenient to be able to login to check my balances, view statements, etc.

Unfortunately, it seems like those time are over. Due to changes in your website, I am no longer able to access the Credit Card website, past the login page. When I enter my login credentials, the login box disappears and nothing else happens.

I am using Opera 9.24 on Windows XP and also Opera 9.24/Mozilla Firefox 2 on Ubuntu Linux. I hope that you will not tell me that I need to use Internet Explorer in order to access your website, because that is a backward step for me. Opera has been, currently is, and most likely will continue to be far more secure than Internet Explorer ever will be, and I refuse to change my browser just because one site requires it.

I do hope that you will be able to resolve my issues, as I will not be using my CapitalOne credit card without the ability to check my account details online.

Thank you in advance.

The problem is for security reasons the child frame (where you login) is not allowed to change the address of the parent frame (the rest of the page). This restriction is because the child frame is at login.capitalone.com and the main site is at servicing.capitalone.com. They could easily fix this by setting the document.domain for both documents. Until then, I've whipped up a quick fix for it.

How to install userjs
You will also have to toggle this setting.

I'll email this information to them.

TZRick: I just sent Capital One a nastygram of my own. FYI, does not work in the newest 9.5 build (9656), either.

fearphage: Thanks for checking it out, the script works like a charm.

Edit: I just got this reply from Capital One:

Hello Charlie,

Thank you for contacting Capital One.

We'll be glad to assist you, but because regular e-mail is not secure,
we'll need you to call us to discuss this matter. Please call our
Customer Relations Department at 1-866-750-0873 (1-804-934-2001 if you
are overseas). Our representatives are available 24 hours every day for
your convenience.

Since regular electronic correspondence is not a secure method of
contacting us and we wish to protect the integrity of account
information, Capital One prefers to discuss personal and
account-specific questions by telephone rather than by e-mail. We
assure you that all other electronic contact with us such as viewing
statements and making payments is secure.

Thank you for contacting Capital One.

Regards,

Capital One Online Banking

Yeah, right.

My Email:

Your new website for credit card holders is violating cross-domain
access and throwing an error in the Opera browser. This prevents
anyone using Opera to login to their accounts. The problem is that for
security reasons the child frame (where you login) is not allowed to
change the address of the parent frame (the rest of the page). This
restriction is because the child frame is at login.capitalone.com and
the main site is at servicing.capitalone.com. This could easily be
fixed by setting document.domain on both pages. Adding
"document.domain = 'capitalone.com';" as the first piece of javascript
on both pages will resolve the issue.

The problem and fix are talked about here:
http://my.opera.com/community/forums/topic.dml?id=213642

Thank you for your time and consideration,

Phred

Reply:

Hello Phred,

Thank you for your message.

We appreciate the time you have taken to provide feedback regarding
Opera browser. Please be assured that your feedback has been forwarded
to the appropriate area for review.

Our goal is to provide all of our potential and existing customers with
the highest level of service, and we sincerely regret that your
experience did not represent that goal.

Thank you for being a Capital One customer.

Regards,

Capital One Online Banking

ahah
Automated response..
Fear, you should start your e-mail telling them to redirect the e-mail to their website tech team. Then you should mention that it breaks all browsers but IE, else they won't move a finger, and say the old *yadda yadda* we only support IE *yadda*

Hello Tarrik,
Thank you for contacting Capital One.

We'll be glad to assist you, but because regular e-mail is not secure,
we'll need you to call us to discuss this matter. Please call our
Customer Relations Department at 1-866-750-0873 (1-804-934-2001 if you
are overseas). Our representatives are available 24 hours every day
for
your convenience.

Since regular electronic correspondence is not a secure method of
contacting us and we wish to protect the integrity of account
information, Capital One prefers to discuss personal and
account-specific questions by telephone rather than by e-mail. We
assure you that all other electronic contact with us such as viewing
statements and making payments is secure.

Thank you for contacting Capital One.

Regards,

Capital One Online Banking

So now...how am I supposed to login to the secure area?? I guess they want me to call, which basically means devoting part of my life to talk to a foreigner (no offence...my roots are from outside of the US too, but when the accent prevents me from understanding...you get the picture) and a choppy VoIP connection. I'll think about it...time is money, so I'll see how much I'm willing to lose.

Originally posted by xErath:

Automated response

Its not an automated response. Someone worker-bee at a call center typed that out.

@TZRick: Use the steps here to login

Interestingly, in response to the OP, Firefox 2.0.0.9 on Windows XP worked for me.
Perhaps some mac users could try to ping them over this. I'd say that they can't possibly recommend Mac Users to use IE. Plus, Mac users have a high profile, despite their market share.

Originally posted by fearphage:

The problem is for security reasons the child frame (where you login) is not allowed to change the address of the parent frame (the rest of the page). This restriction is because the child frame is at login.capitalone.com and the main site is at servicing.capitalone.com. They could easily fix this by setting the document.domain for both documents. Until then, I've whipped up a quick fix for it.

How to install userjs
You will also have to toggle this setting.

I'll email this information to them.

It is not working for me.

You make a link that something in opera config must be changed but what needs to be changed?

Originally posted by JSJAG:

You make a link that something in opera config must be changed but what needs to be changed?

Check the box for that option [User JavaScript on HTTPS] and click "Save." Then reload the Capital One login page. Opera will ask you if you really want to load userjs for an https site. Say yes.

You must have been answering just I figured it out. Yes the quick fix works and I guess for the sake of security I will need to un-check the box after paying my bill.

I attempted to use the fix posted above by installing the user javascript and changing JavaScriptonHTTPS setting but nothing has changed. Am I missing something?

Oh my God, i did not see it until now. It does not work in 9.24, 9.5 in win xp. I have been with capitalone since 2004 and never saw such issue I think. Can opera communicate with them to resolve the issue? Lets do Help>report site problem.
Customer service on technical issues related to website is too dumb these days. They have set answer somewhat like "... use IE...".

No luck till today.

In general the feedback to webmaster is not answered by capital one. I sent them a message via secure messaging system after log in. I hope this way i will get some response. If you have an account, please do the same. The more response they get, the more likely they will fix the site.

I was wrong and hoped too much from capital one! After contacting them 3 times via secured messaging from my account, I got exact reply all the three times.

******************************************
Hello Poor opera user (I added this instead of my name!),

We appreciate your feedback concerning online issues and have forwarded
your message to the appropriate department. Capital One's goal is to
provide all of our customers with the highest level of service, and we
sincerely regret that your experience with website did not represent
that goal.

If you have any other questions please reply to this message.

Thank you for being an Online Banking customer.

Regards,

Capital One Online Banking

*******************************************
So, beautiful corporate world!

problem still there. no luck.

Did anyone tell any 'open the web' guys or are they expected to be reading this? I just saw the same thing and used the same fix for another bank. It's a common problem.

I wrote to the bank and you saw the kind og response they give. boring. Now open the web guys are supposed to look into this open the web threads. At least hoping. I see your fix and explanation. nice but still too big a problem to fix for small user group. Many users outside forum will have no clue whats going on.

This fix goes into browser.js. I'm afraid since I'm not a customer I can't really test if it is sufficient or if there is more sniffing and brokenness to overcome inside.

Originally posted by hallvors:

This fix goes into browser.js. I'm afraid since I'm not a customer I can't really test if it is sufficient or if there is more sniffing and brokenness to overcome inside.

Have you already fixed it? I did help>check for update (does it renew browser.js). I just tried but could not log in using opera 9.25 and 9.5 latest build.

I too am having the same problem with CapitalOne. I emailed them,and this is the response I got:

Hello Cathleen,
Thank you for your message.
We regret any inconvenience you may have experienced. Please know that Capital One is aware of this issue and working to resolve this situation.
Our goal is to provide all of our customers with the highest level of service, and we sincerely regret that your experience did not represent that goal.
Regards,
Capital One Online Banking



Hopefully they will get the problem fixed in a timely manner.

This is why I am in boycot of the capitol scheme!

Originally posted by operafan2006:

Have you already fixed it? I did help>check for update (does it renew browser.js).

It is out now. Please try again (in case you checked for updates before it was live) and let me know!

Originally posted by hallvors:

Originally posted by operafan2006:

Have you already fixed it? I did help>check for update (does it renew browser.js).

It is out now. Please try again (in case you checked for updates before it was live) and let me know!

Thanks. It works now after I did help>check for updates just now.

captialone just updated their code which clashed with the browser.js fix. The new code (added 9/12 or 9/22) is below:

if (document.domain.indexOf('.') >= 0)
    document.domain = document.domain.substring(document.domain.indexOf('.') + 1);

This sets the parent frame's domain to "com" currently. While the child frame (through browser.js) has its domain set to "capitalone.com" thus the two will not be very cordial. This could be re-hacked with browser.js but...

I've contacted one of the devs to see if we can get this resolved once and for all without browser.js:

Hello Gregg,

Concering your work @ capitalone.com: The current setup of the website you are maintaining is preventing Opera browser users from using it.
https://servicing.capitalone.com/c1/login.aspx
The javascript sets document.domain on the parent frame but not on the child frame. This prevents the child from accessing the properties of the parent. If you were to set document.domain on the child to match the parent then all would be able to use this site. Detailed description and fix: http://my.opera.com/community/forums/topic.dml?id=213642

Your and Deepak's recent changes to TopTabMenu/Script/common.js broke my fix. It would be best if you set the doc.domain on both pages yourself.

Thank you for your time,
Frederick

and now we play the waiting game...

Originally posted by fearphage:

This sets the parent frame's domain to "com" currently.

Huh? Scripts are never allowed to shorten document.domain to just "com". Did you mean the problem is that it tries to set domain to "com" but this throws an exception so the modification never happens? If you really see document.domain=="com" happening please bug it ASAP.

Apart from that thanks for contacting them! Just tell me if I need to modify browser.js.

Originally posted by hallvors:

Scripts are never allowed to shorten document.domain to just "com".

o rly?

We sent a few emails back to let him know how i found him and all that jazz (ode to the information age) but then this is the final response:

Fred -

Thanks for your input to this situation. I will have members of my development team consider this, and rectify the situation if the feasibility is deemed necessary.

Thank you.

Gregg

I'm going to contact him once more to request some status update whether it is positive or negative.

EDIT: Filed as bug #366749

could not log in to account. Any immediate fix?

Originally posted by operafan2006:

could not log in to account. Any immediate fix?

Yes.

1. Login by typing your username/password as usual
2. If login succeeds, you get a blank box.
3. Right click inside the blank box.
4. Select Frame -> Open
5. ???
6. Profit!

Originally posted by Zoomer:

Select Frame -> Open

thats interesting!

Anyway, looks like the latest build fixed the problem probably with browser.js. Hoepfuly, it can be fixed from the source by capitalone.

I figured there would be no security restrictions on a user command.

I wouldn't hold my breath on the fix.
It would be a bit of a pita, requiring that they change the layout. For IE/FF? Sure. For Opera? Sad, but see above.

If the date in the box at the top on http://www.opera.com/docs/browserjs/ is October 6th or later I believe the site should/might work .. please confirm? I don't have an account there..

If you see an earlier date, try to choose "help > check for updates", click OK or cancel in the info box and re-load the page.

This should now be resolved with either the upcoming 9.60 build or the latest browser.js for 9.5x

Originally posted by hallvors:

This should now be resolved with either the upcoming 9.60 build or the latest browser.js for 9.5x

yes, it is fixed with latest 9.6. Thanks for prompt action. Is capitalone responsive to you guys about this matter at all? or they are simply playing ignoring games.