Closed Bug 1770667 Opened 2 years ago Closed 2 years ago

Authenticator addon broken due to WASM CSP

Categories

(WebExtensions :: Developer Outreach, defect)

defect

Tracking

(firefox-esr91 unaffected, firefox100 unaffected, firefox101 unaffected, firefox102 fix-optional)

RESOLVED DUPLICATE of bug 1770468
Tracking Status
firefox-esr91 --- unaffected
firefox100 --- unaffected
firefox101 --- unaffected
firefox102 --- fix-optional

People

(Reporter: marco, Unassigned)

References

(Regression, )

Details

(Keywords: regression)

Since bug 1740263 landed, the Authenticator addon (https://addons.mozilla.org/firefox/addon/auth-helper/) no longer works.

To reproduce, set up the addon with an earlier Nightly, with a password to encrypt the secrets. After updating to the latest Nightly, enter the password to decrypt the secret. The addon fails, and the browser console shows the message "Error: Please use $(ref:runtime.getURL).".

Set release status flags based on info from the regressing bug 1740263

:tschuster, since you are the author of the regressor, bug 1740263, could you take a look?
For more information, please visit auto_nag documentation.

Flags: needinfo?(tschuster)

edited: nevermind, discussed in another bug

Looks like this is an extension problem rather than a Firefox problem.
The extension is overriding the default CSP and tries to be more restrictive. Unfortunately, the extension did not track Firefox change speedily enough and has thus broken by a change in the CSP spec. In fact, we tried to mitigate and reduce the impact by adjusting the default CSP of all extensions. However, an extension with a custom CSP can not benefit from our adjustments and has to make manual changes.

I gave them a bit of a clue in a naive pull request at https://github.com/Authenticator-Extension/Authenticator/pull/907 though.

Component: DOM: Security → Extension Compatibility
Flags: needinfo?(tschuster)
Product: Core → Firefox
Component: Extension Compatibility → Compatibility
Product: Firefox → WebExtensions
Summary: "Error: Please use $(ref:runtime.getURL)." with Authenticator addon → Authenticator addon broken due to WASM CSP
See Also: → 1770700

Thanks Freddy for your outreach in comment 4.

While I'll mark this outreach as completed, we may consider a patch to improve backwards-compatibility, see the discussion at bug 1770468.

Component: Compatibility → Developer Outreach
See Also: → 1770468
See Also: → 1770909

Outreach completed, and we have landed a Firefox-side patch in bug 1770468.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.