blog/source/_posts/aliexpress-no-login-firefox.md

---
title: How to solve 'Cannot login to AliExpress on Firefox'
date: 2019-02-28 00:00:00
lastUpdated: 2019-04-25 00:00:00
tags:
- firefox
---

AliExpress login doesn't show up on Firefox. This is due to X-Frame-Options restriction. Here's how to whitelist it.

<!-- more -->

When you try to login to AliExpress on Firefox, the login box is just blank.

{% cloudinary 20190228/no-login.png %}

When I inspected the element (right click on the blank login and select `Inspect Element`), the login box is an iframe of `https://passport.aliexpress.com`. From the Web Console (`Ctrl + Shift + K`), the following error message suggested it's caused by [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options).

{% cloudinary 20190228/iframe.png %}

{% cloudinary 20190228/x-frame.png %}

From the Network inspection (`Ctrl + Shift + E`), `https://passport.aliexpress.com` has HTTP header `x-frame-options: SAMEORIGIN`. This restricts the iframe to the same domain. This caused the iframe unable to load because it's different from the login page `https://login.aliexpress.com`.

{% cloudinary 20190228/sameorigin.png %}

[Ignore X-Frame-Options](https://addons.mozilla.org/en-US/firefox/addon/ignore-x-frame-options-header/) Firefox extension is a way to whitelist the domain from the restriction. By default, the extension whitelist all domains. This is highly discouraged because it nullifies the security benefits of x-frame-options (e.g. prevent a banking website from being iframe-d inside a phishing website). Instead, we can whitelist the login page only.

```
https://passport.aliexpress.com/*
```

{% cloudinary 20190228/whitelist.png %}

That's how the whitelist works on the extension; you add the domain of the iframe not the page's domain. After you add it to the list, refresh the page and you should see the login.

{% cloudinary 20190228/login.png %}

**Edit:** AliExpress has a new login which pop-up on the home page. However, it does not work even with the above workaround.

{% cloudinary 20190228/invalid-login.png %}

To use the old login page, mouse-over on the **Account** link at the top right corner and click on **My Orders**. It should redirects to `https://login.aliexpress.com/...`

{% cloudinary 20190228/my-orders.png %}

If that does not work, the last resort is to use the direct link https://login.aliexpress.com/express/mulSiteLogin.htm
docs: Add 'How to solve Cannot login to AliExpress on Firefox' 2019-02-28 05:38:41 +00:00			`---`
fix: use single-quote in title 2019-04-05 01:30:09 +00:00			`title: How to solve 'Cannot login to AliExpress on Firefox'`
docs: Add 'How to solve Cannot login to AliExpress on Firefox' 2019-02-28 05:38:41 +00:00			`date: 2019-02-28 00:00:00`
fix: add new aliexpress workaround 2019-04-25 07:16:27 +00:00			`lastUpdated: 2019-04-25 00:00:00`
docs: Add 'How to solve Cannot login to AliExpress on Firefox' 2019-02-28 05:38:41 +00:00			`tags:`
			`- firefox`
			`---`

fix: use single-quote in title 2019-04-05 01:30:09 +00:00			`AliExpress login doesn't show up on Firefox. This is due to X-Frame-Options restriction. Here's how to whitelist it.`
docs: Add 'How to solve Cannot login to AliExpress on Firefox' 2019-02-28 05:38:41 +00:00
			`<!-- more -->`

			`When you try to login to AliExpress on Firefox, the login box is just blank.`

			`{% cloudinary 20190228/no-login.png %}`

fix: escape symbol typo 2019-04-22 04:53:01 +00:00			When I inspected the element (right click on the blank login and select `Inspect Element`), the login box is an iframe of `https://passport.aliexpress.com`. From the Web Console (`Ctrl + Shift + K`), the following error message suggested it's caused by [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options).
docs: Add 'How to solve Cannot login to AliExpress on Firefox' 2019-02-28 05:38:41 +00:00
			`{% cloudinary 20190228/iframe.png %}`

			`{% cloudinary 20190228/x-frame.png %}`

			From the Network inspection (`Ctrl + Shift + E`), `https://passport.aliexpress.com` has HTTP header `x-frame-options: SAMEORIGIN`. This restricts the iframe to the same domain. This caused the iframe unable to load because it's different from the login page `https://login.aliexpress.com`.

			`{% cloudinary 20190228/sameorigin.png %}`

			`[Ignore X-Frame-Options](https://addons.mozilla.org/en-US/firefox/addon/ignore-x-frame-options-header/) Firefox extension is a way to whitelist the domain from the restriction. By default, the extension whitelist all domains. This is highly discouraged because it nullifies the security benefits of x-frame-options (e.g. prevent a banking website from being iframe-d inside a phishing website). Instead, we can whitelist the login page only.`

			```
			`https://passport.aliexpress.com/*`
			```

			`{% cloudinary 20190228/whitelist.png %}`

			`That's how the whitelist works on the extension; you add the domain of the iframe not the page's domain. After you add it to the list, refresh the page and you should see the login.`

fix: mention new workaround for aliexpress 2019-04-15 10:53:14 +00:00			`{% cloudinary 20190228/login.png %}`

			`Edit: AliExpress has a new login which pop-up on the home page. However, it does not work even with the above workaround.`

			`{% cloudinary 20190228/invalid-login.png %}`

fix: add new aliexpress workaround 2019-04-25 07:16:27 +00:00			To use the old login page, mouse-over on the Account link at the top right corner and click on My Orders. It should redirects to `https://login.aliexpress.com/...`
fix: mention new workaround for aliexpress 2019-04-15 10:53:14 +00:00
fix: add new aliexpress workaround 2019-04-25 07:16:27 +00:00			`{% cloudinary 20190228/my-orders.png %}`
fix: mention new workaround for aliexpress 2019-04-15 10:53:14 +00:00
fix: add new aliexpress workaround 2019-04-25 07:16:27 +00:00			`If that does not work, the last resort is to use the direct link https://login.aliexpress.com/express/mulSiteLogin.htm`