Skip to content

Chrome store extension doesn't think client.etesync.com is good. #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
alanruttenberg opened this issue Mar 19, 2019 · 9 comments
Open

Chrome store extension doesn't think client.etesync.com is good. #19

alanruttenberg opened this issue Mar 19, 2019 · 9 comments

Comments

@alanruttenberg
Copy link

I get a red x using both Chrome and Chromium.
The Firefox extension says the site is signed properly.
I verified the extension works in general with the good/bad pages.

I addition, loading the unpacked extension in ungoogled chromium complains about an error.

Screen Shot 2019-03-19 at 3 21 45 PM
Screen Shot 2019-03-19 at 3 20 33 PM
@rugk
Copy link

rugk commented Mar 19, 2019
edited
Loading

Which Chrome/ium version?

@tasn
Copy link
Owner

tasn commented Mar 20, 2019

The manifest issue doesn't look like an error, but rather a warning. It's a known thing, Chrome isn't aware of the "applications" section at the moment (as you can see, it's there to indicate a minimum Firefox version). It's safe to ignore...

@tasn
Copy link
Owner

tasn commented Mar 20, 2019
edited
Loading

As for not thinking client.etesync.com is good. Works for me here, Chrome version: 73.0.3683.75 (Official Build) Arch Linux (64-bit)

Settings are the ones from the official EteSync file: https://www.etesync.com/static/signed-pages.62b857c9583f.txt

Edit: maybe you have an extension installed that's editing the content of the page?

@rogerm4242
Copy link

rogerm4242 commented May 3, 2019
edited
Loading

I am also currently seeing this described behaviour with Chrome 74.0.3729.131-1 Ubuntu (64-bit).

The example pages work as expected:
https://stosb.com/~tom/signed-pages/good.html shows good.
https://stosb.com/~tom/signed-pages/bad.html shows bad.

But all pages I have seen at https://client.etesync.com show bad.

Edit: Firefox on the same machine shows OK.

@tasn
Copy link
Owner

tasn commented May 3, 2019

This is so interesting! I finally managed to reproduce it. It doesn't happen to me if I enter client.etesync.com nor if I refresh the page, but it does happen if I do a full refresh (Shift + refresh)! Only on Chrome. I'll have to take a look into this, thanks for reporting!

@Zvezdin
Copy link

Zvezdin commented May 30, 2022

I can confirm that while the good/bad examples work as expected, neither pim., nor client. sites pass verification. No other extensions enabled (incognito mode), and using any way to load the page (click on a link, enter url, full refresh). Any thoughts?

@tasn
Copy link
Owner

tasn commented May 30, 2022

It's only getting worse with manifest v3 (new chrome plugin architecture) which makes this plugin even harder to get working on Chrome. :|

@Zvezdin
Copy link

Zvezdin commented May 30, 2022

What's the issue there? How feasible/doable would it be to have 100% sig verification of a modern react app post-manifest-v3?

@tasn
Copy link
Owner

tasn commented May 30, 2022

Actually, I think I may be misremembering, and it's feasible to do the verification, just not the automatic blocking of non-verified scripts (which is also terrible).

As for the issue with the current version of the Chrome plugin (vs Firefox): Firefox lets you get the script as is, Chrome forces us to get the script from the DOM and try to make a consistent canonical version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tasn @alanruttenberg @rugk @rogerm4242 @Zvezdin