Authenticator addon broken due to WASM CSP
Categories
(WebExtensions :: Developer Outreach, defect)
Tracking
(firefox-esr91 unaffected, firefox100 unaffected, firefox101 unaffected, firefox102 fix-optional)
Tracking | Status | |
---|---|---|
firefox-esr91 | --- | unaffected |
firefox100 | --- | unaffected |
firefox101 | --- | unaffected |
firefox102 | --- | fix-optional |
People
(Reporter: marco, Unassigned)
References
(Regression, )
Details
(Keywords: regression)
Since bug 1740263 landed, the Authenticator addon (https://addons.mozilla.org/firefox/addon/auth-helper/) no longer works.
To reproduce, set up the addon with an earlier Nightly, with a password to encrypt the secrets. After updating to the latest Nightly, enter the password to decrypt the secret. The addon fails, and the browser console shows the message "Error: Please use $(ref:runtime.getURL).".
Comment 1•2 years ago
|
||
Set release status flags based on info from the regressing bug 1740263
Comment 2•2 years ago
|
||
:tschuster, since you are the author of the regressor, bug 1740263, could you take a look?
For more information, please visit auto_nag documentation.
Comment 3•2 years ago
•
|
||
edited: nevermind, discussed in another bug
Comment 4•2 years ago
|
||
Looks like this is an extension problem rather than a Firefox problem.
The extension is overriding the default CSP and tries to be more restrictive. Unfortunately, the extension did not track Firefox change speedily enough and has thus broken by a change in the CSP spec. In fact, we tried to mitigate and reduce the impact by adjusting the default CSP of all extensions. However, an extension with a custom CSP can not benefit from our adjustments and has to make manual changes.
I gave them a bit of a clue in a naive pull request at https://github.com/Authenticator-Extension/Authenticator/pull/907 though.
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Comment 5•2 years ago
|
||
Thanks Freddy for your outreach in comment 4.
While I'll mark this outreach as completed, we may consider a patch to improve backwards-compatibility, see the discussion at bug 1770468.
Updated•2 years ago
|
Comment 6•2 years ago
|
||
Outreach completed, and we have landed a Firefox-side patch in bug 1770468.
Description
•