1P won't open on a given web page.

camnercamner Member
in Mac

On a particular web page (URL = https://www.myopenmath.com/course/testquestion.php?cid=47835&qsetid=279245) using Chrome, I can't invoke 1P to fill in my credentials. I tried shift-command-X, nothing happened. I tried clicking in the username box, got the prompt to enter shift-command-X, nothing happened. I also tried 1PX from the Chrome tool bar, and finally 1P via the menu item. Nothing worked.

BUT, I can go to a web page on the same site and invoke 1P without a problem (even on a page that doesn't have any credentials to fill in.

FWIW, this window opens up as a popup window from another URL at the same site, if that helps at all.


1Password Version: 7.2.5
Extension Version: 1PX 15.0.1
OS Version: 10.14.5
Sync Type: Not Provided

Comments

  • brentybrenty

    Team Member

    @camner: Can you clarify what OS, browser, and 1Password versions you're using there? Most of those seem like typos, and when I go to that page, I'm able to save and fill using 1Password X. Let me know, and we'll figure out what's different between us. :)

  • camnercamner Member

    MacOS 10.14.4/Chrome 74.0.3729.131 / 1P 7.2.5 / 1PX 1.15.1 (sorry 'bout the typos in the signature in the original post).

    I'm not surprised that it worked for you, because you can't access the page the same way I do! It works for me, too, if I put the URL into Chrome via pasting or via clicking on the link. If you take a look at the screenshot below, you'll see that there is no URL box, etc. It opens as a popup from somewhere else on the same site.

    The typical way the window pops up is when one is an instructor for a course and one is writing/debugging a question one has written. To preview the question, it opens up in a popup window. If one is logged in already, there's no problem; the popup opens and all is good. I often have lots of windows/tabs open to questions I'm working on. When I reboot my computer, I'm automatically logged out of the MyOpenMath system, and I have lots of windows requiring me to log in before it will take me back to the page I was working on before the reboot. With 1P that isn't too tedious, but without it, I have to manually log in, which requires me to open 1P another way to lookup my credentials (in particular, my generated password, which I couldn't possibly memorize if I tried!).

    Now that I think about it, when Chrome opens after a reboot and attempts to reload the open windows, the offending window in question isn't "popping up" via a link from another page in the MyOpenMath system. But there must/might be something about the nature of the page (or what it means for a window not to have a URL box, etc.) that is making the difference.

  • brentybrenty

    Team Member
    edited May 13

    @camner: Thanks for getting back to me! I'll be honest, I was a bit surprised I could access the page. However, it looks the same to me as it does in your screenshot. So I think we're on the same page, both literally and figuratively. :)

    I think the only difference is that you're opening that page from a link from somewhere else which creates a new window without all the browser chrome in Chrome -- e.g. no toolbar or address. I think that's part of the problem: you obviously can't open 1Password X there from the toolbar when it's missing. So it may be helpful to go to the page directly in a new tab, rather than following whatever link is doing that.

    No worries about the typos. They're actually helpful because they make me stop and think about what else may be different. I'd still suggest trying what I said above, but I'm wondering if you might also have better luck with the 1Password X beta:

    How to install 1Password X beta in Chrome

    That may help some with the inline menu and filling, but that shouldn't help with the toolbar issue you're having. 1Password X needs to always unlock from the toolbar because otherwise webpages can just present you with a fake unlock screen to try to trick you. But of course with the toolbar missing... So you could try unlocking 1Password X in a different Chrome window -- one with a toolbar -- before trying to fill in the one with the toolbar missing. Let me know how it goes!

  • camnercamner Member

    OK, sorry to be dense, but I'm not understanding you when you say "it may be helpful to go to the page directly in a new tab, rather than following whatever link is doing that." I don't have any choice about how to get there (unless I copy/paste the URL from the window/tab "without the browser chrome." And if I have to do that, I have the tedious task of doing it repeatedly.

    This issue comes up when I quit the browser (or more likely reboot) with my typical 20 or so of these "dechromed" windows/tabs. I need to log back in to MyOpenMath on each of those windows to restore the contents as I had it before quitting/rebooting. That's tedious, and what I was hoping to avoid.

    So, the next time I'm here in this situation I will try to open 1P from the toolbar in another window (that has a toolbar) and then switch back to the offending "chromeless" window/tab.

    Thanks for your help!

  • brentybrenty

    Team Member

    @camner: Sorry. I don't think it's you. What I'm saying, frankly, may make no sense at all, as the only thing I have to go on is your description. So if I'm misunderstanding and giving you nonsense advice, I'm sorry! :lol:

    This is what I had in mind:

    The typical way the window pops up is when one is an instructor for a course and one is writing/debugging a question one has written. To preview the question, it opens up in a popup window. If one is logged in already, there's no problem; the popup opens and all is good.

    With your additional comments, I think you can scratch most of what I said. But I think maybe it's still worth trying signing in in another tab/window first, either before even going to the tab/window where you encounter this issue, or perhaps just reloading the page ( ⌘ R ) would work.

    I don't have any situation like that myself, but since Chrome only loads the last active tab when you reopen it, if that's, I dunno, a search page, then you can go to the site first to login normally, and then switch to the other tabs you had left open, so that when Chrome loads them you'll already be logged in. Does that make sense?

    At this point we're kind of drifting into "wacky website" territory and not something that 1Password itself can help with, but hopefully my suggestion either works or leads you to some other workable solution in that area, since I'm not sure that anything we do with 1Password would be able to work around this on its own. Let me know how it goes though. :)

  • camnercamner Member

    @brenty: You've been quite helpful, and I appreciate the time.

    The only thing I think 1P could do (though there may be a reason you don't want to) would be to allow the keyboard combo of shift-command-x to invoke 1P. Is the reason 1P can't do that is because the browser window doesn't have a toolbar, the 1PX extension hasn't loaded? I would have thought that extensions load anyway, not dependent on whether the browser has a toolbar visible. But, that said, I have no expertise in the ins and outs of how browsers do their magic.

  • brentybrenty

    Team Member

    @camner: Any time! And I'm really glad you circled back around to that. I was thinking earlier that this might come up, so I appreciate you asking:

    The only thing I think 1P could do (though there may be a reason you don't want to) would be to allow the keyboard combo of shift-command-x to invoke 1P. Is the reason 1P can't do that is because the browser window doesn't have a toolbar, the 1PX extension hasn't loaded?

    Rather than being about 1Password X (or any extension) needing to be visible to run in the browser (that's happening no matter what, in every window/tab, when you have an extension enabled), it's about security. I apologize in advance if I don't explain this well, but I'll do my best to tie it all together.

    We require that 1Password X be opened from the browser's toolbar (using the mouse or keyboard shortcut) so that the user knows what they're entering their Master Password into is 1Password X, installed in their browser, not just something that looks like it.

    1Password X runs entirely in the browser, so we can't have a Master Password input outside of the browser, like we can with the desktop app/extension. That's safe from malicious webpages because, for example, 1Password for Mac is running at the OS level, not within the browser; so nothing in the browser can see what you do in 1Password for Mac. Whew. ;)

    So on the one hand, if you go to a malicious website, they could present you with a fake "1Password" unlock screen to trick you into giving them your Master Password. If 1Password X itself let you unlock within the webpage, how could you tell the difference visually? So part of it is that the browser has the extension menu open directly from the toolbar button, literally connected to it, so you know that's where it's coming from. This is happening entirely outside of the webpage, and you can see that just by looking at it. Otherwise, if clicking the toolbar button opened a prompt within the webpage view, you can't really tell if it's the webpage itself: after all, it's just Javascript, HTML, CSS, etc. either way.

    So we've designed 1Password X so that you absolutely cannot enter your Master Password to unlock it except from the browser's toolbar. And then in the case of the way this specific site is designed, they're hiding that toolbar so you can't get to it to unlock 1Password X. Frustrating, how all of this interacts, but hopefully that helps clarify. :blush:

  • camnercamner Member
    edited May 15

    Thanks, that helps. But it leads to another question. What stops a malicious site from trying to fool me into entering my master password into a fake 1P box? Does one just need to keep one's wits about one and take care never to enter the master password into any box that wasn't user initiated via the browser toolbar (or the system menubar)?

  • brentybrenty

    Team Member

    @camner: Exactly. Unfortunately we can't stop anyone from making a fake "1Password" sign in on their website, nor can we prevent you from entering your Master Password there. Just as you need to make sure you are entering any sensitive information only where you intend it to go, it's something that is entirely up to you. It's not something anyone else has control over. However, if you're using 1Password X, you can know that it will only have you enter your Master Password in the extension's browser toolbar menu, as you'll be prompted to open that if you try to do it from the inline icon on a webpage instead.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file