No passwords on some pages - Promised response from onMessage listener went out of scope

[johnbeard]

Current Behavior

On some pages, Keepass-broswer doesn't work on the page. The button indicates a background connection to the DB, but the inputs never get the login options. The pages that do and don't work appear to be the same each time.

The following is seen in the console:

Error: "Promised response from onMessage listener went out of scope"
λ <anonymous>moz-extension://05f8e9a2-3a5d-4962-a815-a98885d66edd/background/init.js:84:1
keepassxc-browser.js:1488:17

This line reads:

browser.runtime.onMessage.addListener(kpxcEvent.onMessage);

Steps to Reproduce (for bugs)

1. Make sure keepassxc-browser is connected to keepassxc (green icon)
2. Go to certain pages. For me, an example is https://login.launchpad.net
3. Observe the error in the console and that you cannot log in with Keepassxc

Debug info

KeePassXC - 2.3.4
KeePassXC-Browser - 1.3.0
Operating system: Linux (Arch)
Browser: Firefox 63.0 (also in 62.0)

[gnmerritt]

I'm see this same behavior in both Chrome and Firefox, starting after the 2.3.4 update. When I fired up the extension debugger I see the following two messages:

Error 15: No logins found
Use of nsIFile in content process is deprecated.

Is it safe to downgrade?

Versions

KeePassXC-Browser Version: 1.3.0
KeePassXC Version: 2.3.4
OS: macOS 10.14 (mojave)
Browsers: Firefox 63 and Chrome 69.0

[gnmerritt]

Ok, so after some more digging it looks like this happens for entries that don't have a scheme in their url (usaa.com) and can be fixed by adding the scheme to the entry by hand (https://usaa.com).

I think this may have been introduced by keepassxreboot/keepassxc#2003 where the entry url string is being parsed into a QUrl which may be adding a default scheme which then fails to match later?

I'm firing up the build environment to try and confirm for real.

[varjolintu]

See #311 (comment).

[apiraino]

@varjolintu when is the next release of the addon scheduled for release? This regression on the protocol / domain matching is pretty annoying (came here to report that also https://accounts.firefox.com/signin is not working anymore not matter how I tweak the URL in KeepassXC).

thanks

[varjolintu]

@apiraino No details on the release schedule. But you can always use a snapshot release if you don't like waiting.

If you are using Firefox, Mozilla has disabled all content scripts from their login pages, so it will not work no matter what. It's annoying because with Chromium-based browsers everything still works normally.

[droidmonkey]

wow... they should at least post a warning like: "extensions are disabled for this page"

[apiraino]

@varjolintu ok, thanks

@droidmonkey Mozilla actually says that in the official documentation and expect the third-party developer to take care of warning the user. I've encountered too this limitation (as I'm working, too on FF extensions) but for some reason I didnt link it to the fact that keepassxc-browser "doesnt work" on Mozilla sites (my bad).

[droidmonkey]

That is ridiculous. So instead of integrating a warning (ONCE) into Firefox itself, they want every extension maintainer to integrate their own warning with their own wording and presentation format.

[apiraino]

¯\(ツ)/¯

NoScript, for example, has those URLs hardcoded in an included file and shows a message when I click the extension icon:

      await include("/lib/restricted.js");
      let isRestricted = isRestrictedURL(tab.url);
      if (!isHttp || isRestricted) {
        showMessage("warning", _("privilegedPage"));
        return;
      }

[0xpr03]

I am not sure if this is intended or related but I get that error message when developing locally.
So my URL is somthing like localhost:XXX. With a login-form and no running keepassxc. My console still outputs

Error: "Promised response from onMessage listener went out of scope"
    <anonymous> moz-extension://ed94a7e0-83ca-4bc0-8ebe-4303ee3881e6/background/init.js:79

keepassxc-browser.js:869:25

No functionality is broken, it's just that my console always prints this warning.

Firefox 67.0.3 with KeepassXC plugin 1.4.6

[varjolintu]

That error is written because the event listener used in the background still handles everything as callbacks, not as Promise. I already have a fix for this but it needed a big refactor and it's not yet ready. Still, it shouldn't cause any problems. It's just a warning.