Save Buttons do not work on firefox about ai-prompt-genius HOT 5 CLOSED

Was it a CORS issue? Did it throw a security error?

• Basically, browsers don't allow you to get the individual pixel data off of images that are cross origin (not on the same domain), because theoretically that could be used to scrape private images. If a canvas is thus "tainted", it'll throw a security error (of all things) if you attempt to "getPixelData" or otherwise use any operation to know what's on the image itself.
• The way it's fixed is by setting the image headers though on loading and then configuring the server headers. If that's the case, that might not be so fixable.

I'm at a loss though as to why it would think that there is a CORS issue. Unless it's one of the headers is malformed on their part.

Edit:

I was afraid of that...

Edit:
Oh god CORS the basilisk rears its ugly head.

Edit:
See this reddit post for how CORS rears its ugly head.

I think the solution has to be to somehow exclude images.
I am strongly suspicious of profile images being the culprit. AI is an SVG, but the user's profile image is actually lifted from Next.JS and from the user's own account; that account might be an outlook account with a custom image. You see the problem.

Perhaps a solution is to create like a weird shadow mirror (like what you did for #chat_history) and simply exclude or replace the images with something else.

from ai-prompt-genius.

A workaround for now could be to only save to .html for now for firefox.

ie, then the user will at least always have a pretty record to use.

In any case, users might tolerate having three clicks to go to our page and export as pdf or as png; after all, having something is better than having nothing.

from ai-prompt-genius.

As a further workaround, I was looking at printer APIs (and no, browsers probably aren't stupid enough to expose that workaround) but then I had a thought. Why can't we just tell users they can literally print their stuff to pdf?

All our button would need to call is window.print(), and save to pdf is always an option. It doesn't actually print or use paper, it's just how the API works.

Then, we just need to remember to tell users that that is an intended feature, in case they panic and think they misclicked.

Edit: upon further testing, it appears OpenAI was too lazy to fix the print API. It won't print anything past the first page, which is bad. Red herring.

from ai-prompt-genius.

Wait, I have an idea. What if we move our export script to be similar to the prompt injector script? That might bypass a few permission requirements since that just directly injects script. So basically, scripts on the body itself may bypass CORS.
https://stackoverflow.com/questions/42719041/how-to-resolve-typeerror-networkerror-when-attempting-to-fetch-resource

Do note however that on firefox, XRAY vision means that content script and page scripts can't talk to each other, and what's more, they don't KNOW that they're not talking to each other because the page is silently failing when you try to modify objects. No variable from content.js is available to scripts on the physical chat.openai.com/chat page itself, and vice versa.
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Sharing_objects_with_page_scripts

For export scripts, that's fine because they literally don't need to talk to anyone, it's fine.

It's also possible we forgot a few permissions.
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions

from ai-prompt-genius.

It WORKS! Sorta. But one head of the hydra CORS is defeated with injection.
Basically, if all the javascript is on the page then that's one source of CORS down (there's still another source of CORS that comes from loading images but that's another story).

from ai-prompt-genius.