Giter VIP home page Giter VIP logo

Comments (7)

Elehiggle avatar Elehiggle commented on August 28, 2024

So you are using Chrome? Go to the extension page in Chrome, enable Developer mode in the top right. Then find the ProtonMail extension there and click on Details. You should see a link at "Inspect views". Click on the background page link. Then developer tools should open and click on Console. You should see the error output, make a screenshot and send it here :)

from protonmail-webextension.

summersab avatar summersab commented on August 28, 2024

I don't think I needed to obfuscate the hashes, but I did it just in case. Here are the requests and responses that keep getting sent repeatedly. If you need any other information, let me know!

GET /api/events/latest HTTP/1.1
Host: beta.protonmail.com
Connection: keep-alive
Accept: application/vnd.protonmail.v1+json
DNT: 1
x-pm-appversion: Other
x-pm-uid: XXXXXXXXXXXXXXXXX
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/2019.04 Iridium/2019.04 Safari/537.36 Chrome/73.0.0.0
x-pm-apiversion: 3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: Session-Id=XXXXXXXXXXXXXXXXX; __tawkuuid=e::protonmail.com::XXXXXXXXXXXXXXXXX::2; protonmail-v4-onboard-modal-v2=true; Version=default

HTTP/1.0 401 Unauthorized
date: Mon, 09 Mar 2020 14:33:38 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Fri, 04 May 1984 22:15:00 GMT
pragma: no-cache
cache-control: no-cache, private
access: application/vnd.protonmail.api+json;apiversion=3
set-cookie: Session-Id=XXXXXXXXXXXXXXXXX; Domain=protonmail.com; Path=/; HttpOnly; Secure; Max-Age=7776000
set-cookie: Version=default; Path=/; Secure; Max-Age=7776000
set-cookie: Version=; Domain=protonmail.com; Path=/; Secure; Expires=Thu, 01 Jan 1970 00:00:00 GMT
content-length: 78
content-type: application/json
content-security-policy: default-src 'self'; connect-src 'self' blob:; script-src 'self' blob: 'sha256-XXXXXXXXXXXXXXXXX'; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://secure.protonmail.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.protonmail.ch/reports/csp; frame-ancestors 'none';
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: max-age=2592000, enforce, report-uri="https://reports.protonmail.ch/reports/tls"
public-key-pins-report-only: pin-sha256="XXXXXXXXXXXXXXXXX"; pin-sha256="XXXXXXXXXXXXXXXXX"; report-uri="https://reports.protonmail.ch/reports/tls"
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://reports.protonmail.ch/reports/csp
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
connection: keep-alive

POST /api/auth/refresh HTTP/1.1
Host: beta.protonmail.com
Connection: keep-alive
Content-Length: 0
Accept: application/vnd.protonmail.v1+json
Origin: chrome-extension://jfiaocmgamojjagpllpljapgekgmkaje
x-pm-appversion: Other
x-pm-uid: XXXXXXXXXXXXXXXXX
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/2019.04 Iridium/2019.04 Safari/537.36 Chrome/73.0.0.0
DNT: 1
x-pm-apiversion: 3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: Session-Id=XXXXXXXXXXXXXXXXX; __tawkuuid=e::protonmail.com::XXXXXXXXXXXXXXXXX::2; protonmail-v4-onboard-modal-v2=true; Version=default

HTTP/1.1 400 Bad Request
date: Mon, 09 Mar 2020 14:33:39 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Fri, 04 May 1984 22:15:00 GMT
pragma: no-cache
cache-control: no-cache, private
access: application/vnd.protonmail.api+json;apiversion=3
set-cookie: Session-Id=XXXXXXXXXXXXXXXXX; Domain=protonmail.com; Path=/; HttpOnly; Secure; Max-Age=7776000
set-cookie: Version=default; Path=/; Secure; Max-Age=7776000
set-cookie: Version=; Domain=protonmail.com; Path=/; Secure; Expires=Thu, 01 Jan 1970 00:00:00 GMT
content-length: 72
content-type: application/json
content-security-policy: default-src 'self'; connect-src 'self' blob:; script-src 'self' blob: 'sha256-XXXXXXXXXXXXXXXXX'; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://secure.protonmail.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.protonmail.ch/reports/csp; frame-ancestors 'none';
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: max-age=2592000, enforce, report-uri="https://reports.protonmail.ch/reports/tls"
public-key-pins-report-only: pin-sha256="XXXXXXXXXXXXXXXXX"; pin-sha256="XXXXXXXXXXXXXXXXX"; report-uri="https://reports.protonmail.ch/reports/tls"
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://reports.protonmail.ch/reports/csp
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none

from protonmail-webextension.

Elehiggle avatar Elehiggle commented on August 28, 2024

The extension somehow does not have the permissions to read the cookies or send the cookies with the request (most likely the latter). Which Chromium-based browser are you using? Are you using any special configurations for your browser?

I have experienced a similar issue on Firefox, because I have the privacy.firstparty.isolate option enabled. I have forked this repo and added code to work around this issue, but due to the nature of it only the main function, persist session, is working (no notifications).

To my knowledge, there is no option like privacy.firstparty.isolate on Chromium. Persisting session should still be possible though whatever the bug might be, so in theory my code could work in your case. But there is no option like privacy.firstparty.isolate that you could check for easily in Chromium like my code does for Firefox.

In any case, if you have a bit of experience and want a quick and dirty solution, you could comment the following two lines: https://github.com/gitladen7/protonmail-webextension/blob/master/src/background/services/emailFetcherService.ts#L177

This will prevent the extension from clearing your session, because it thinks it expired (as the request fails, no cookies = no authorization = 401 Unauthorized).

You can also enable additional logging output to the console with detailed information by enabling the development mode. You could comment the return here: https://github.com/gitladen7/protonmail-webextension/blob/master/src/background/helpers/logger.ts#L6

from protonmail-webextension.

summersab avatar summersab commented on August 28, 2024

Ah, this is starting to make sense. I'm using Iridium, a privacy/security-focused browser. I've got DNT enabled and 3rd party cookies disabled. Perhaps that's the issue? I'm not sure how to add an extension to the list of sites that are permitted to store cookies (I assume that would normally be the workaround). Thoughts?

Thanks for your prompt response!

from protonmail-webextension.

Elehiggle avatar Elehiggle commented on August 28, 2024

I have just installed Iridium and it works without problems with the extension. DNT/3rd party blocking was enabled by default, and there didn't seem to be other options to harden it even more from the GUI. So that is pretty weird :P

from protonmail-webextension.

Elehiggle avatar Elehiggle commented on August 28, 2024

I think it might be because you use beta protonmail. Can you check on mail.protonmail.com instead?

from protonmail-webextension.

Elehiggle avatar Elehiggle commented on August 28, 2024

Yeah, apparently @gitladen7 just fixed it in his recent commit. Looks like ProtonMail did some changes to their beta version just today. This still doesn't explain why you have had this issue for many days. Wait 1-2 days until the extension was updated in the stores and try again (Chrome store may take a bit longer). Alternatively, it would be good to confirm it works for you on normal mail.protonmail.com with the current version.

from protonmail-webextension.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.