Conflict with https://support.1password.com and Firefox to save links
After updating yesterday to Firefox v58.0, I tried to bookmark these two links using Bare Bones's Yojimbo.app bookmarklet. (see below)
- https://support.1password.com/getting-started-ios/
- https://support.1password.com/1password-extension-ios/
- https://support.1password.com
All failed to bring up the enter window to add. I tried other links for 1Password and they failed as well. Safari and Google Chrome still work as expected.
The original domain links with Agilebit.com, still work in Firefox. What is special about these links and why is Firefox blocking? I asked on the Firefox forum but have not received a reply.
Bookmarklet:
javascript:var%20u='x-yojimbo://CreateItem?kind=Bookmark&name='+encodeURIComponent(document.title)+'&location='+encodeURIComponent(window.location);var%20tags=window.prompt(%22Enter%20tags:%22);%0Dif(tags!=null)%7Bu=u+%22&tags=%22+encodeURIComponent(tags);window.location=u;%7D
1Password Version: 1Password 6 Version 6.8.5 (685004)
Extension Version: 4.7.0.1
OS Version: 10.13.3 Beta (17D39a)
Sync Type: 1Password subscription
Comments
-
@Dianeoforegon We're not really equipped here to tell you why another developer's app isn't working as expected. All of those three URLs you listed are current, valid links to pages on our site, so I'm at a bit of a loss to suggest next steps for you. You might want to get Bare Bones' customer support involved as they'll be the best-able to assist you.
0 -
This is the reply I received on Firefox forum:
I think it's a CSP issue. This has been an annoyance on Github for a long time. The site says:
content-security-policy: ... script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://ajax.googleapis.com/ https://agilemail.createsend.com/;
The site does not allow the 'unsafe-inline' script source, which is what Firefox requires for bookmarklets to run.
0 -
Sorry for the confusion there! Indeed, our website's content security policy does not allow cross-site scripts. Otherwise that could allow someone malicious to inject code and redirect users to malicious downloads from our own website.
0 -
I'm still a bit confused. Why does my script work in Chrome and Safari? I save bookmarks in Bare Bones Yojimbo. If I have to manually copy/paste bookmarks this is a definite hit to my productivity. The script is provided by the Yojimbo.
Adding to my confusion....Today I received an email that someone had commented on my post. I clicked on the link but instead of taking me to this forum, it took me to my sign in page where I manage my subscriptions requiring my secret key. I had to go back into my bookmarks to find the forum using discussions.agilebits.com to find the comment.
What the heck is going on?
0 -
Just realized that the link I clicked on was part of the title of post instead of the Check it out button. Duh!
However the first part about being confused over why it works in Chrome and Safari still needs clarification.
0 -
@Dianeoforegon - we certainly don't want to negatively impact anyone's productivity, but at the same time, with security and our own app being our main concerns, I would suggest that if your Yojimbo script works for you in Safari and Chrome, that you access 1Password support page links in either of those two browsers, rather than the current iteration of Firefox, or contact Bare Bones for assistance with their script. Thanks! :)
0
