Welp, at any rate it should be fixed now. :)

I'm sorry, but I guess there are no news on that topic. It's not as important as things we're currently working on - in my opinion.

Yes, we're using external service to measure and improve our performance and track errors on your (user) side.

In current moment I don't know whether it's possible for website to work with it blocked by noScript.
You could enable scripts from these domains to prevent JavaScript from crashing + help us improve performance and track errors.

Right, account menu disappears on forum pages regardless of the browser/noScript/adBlock (works if cached) - we'll fix it very soon.

Probably noScript will not affect website then in any new way. It's a different bug - sorry!

It's fixed now.

It's not that we're sending anybodys log-in data to random server.
First of all - it's not sending anything to cloudfront - it's downloading a script from there, just as we would host this script on GOG.com - no difference here.
Secondly - Cloudfront is a "cloud" service to store assets and a lot of developers use it. GOG.com may have a lot more dependencies from external domains in the future, because why not?
Third thing is log-in doesn't work because whole JavaScript init crashes, not because exactly "log in" function needs this cloudfront script.

I'd advise you to not block it. :)


About "Attach images" button - I see it's broken and I know why. We'll fix it.

Try to enable localStorage.

About 0 minutes.

It's a normal and good thing that you use third party stuff in your projects - on web backend, on web frontend and in native applications.
Here, with this single one, the difference is just the domain on which it is hosted.
(it's considered faster to load assets asynchronously from common domains, but not everybody agrees on that)

If you'll block our javascripts - they can't run. :)
Logging in (opening the modal) requires javascript to run properly, and they'll crash if you block part of them.

Yes - it's a serious advice. I don't see any reason to block it personally.
If you decide to block scripts, you should know that you won't be able to use any scripts until you unblock them.


edit: If you wish, you can always chat me about that.

You can try following:

Go to NoScript settings -> Advanced tab -> Trusted tab,
then enable checkbox "Cascade top document's permissions to 3rd party scripts"

Then you would trust what we embed ourselves without permitting couldfront globally.

I don't see an option to add file or file regex (only domain regex) to whitelist, unfortunately.

I'd like to add something:

- JavaScript can't install malware on your computer.
- JS running on www.gog.com can't get your login credentials on GOG.com too, because it's done on a separate domain (login.gog.com) - no JS that is running by the main page can access what's inside. Unless you are running - let's say - old Internet Explorer with some security settings disabled.
- It can't get your session cookie too, because it's "HTTP only".

What's interesting - for example Adalia Fundamentals, other userscripts, or browser addons (like NoScript :D ), potentially can get your password as you type, or your session cookie in the next update with no problem at all. ;)

Consider that popular userscript or browser addon creator is hacked, or NoScript/GreaseMonkey gets sold to evil company. Good that browser is asking for camera permiossions. ;) Security is important.

I'll watch the video later - sounds interesting. JavaScript can BE malware (somewhat restricted by the browser security), but can't install any. ;)

Stay safe!

Did someone try the NoScript settings I suggested, or have bad opinion about them? ;)

Could you please tell what browser are you using?

Disable Adalia's script/add-on/etc. and everything should show up.