#5 Breaks Mailvelope API mode

Open
opened 8 years ago by DeletedUser · 3 comments

Hi, when this add-on is activated a website cannot use the Mailvelope API any more. Websites using Mailvelope do not seem to connect to it any more. I can reproduce this issue on https://demo.mailvelope.com/.

This may of course be a natural result, because this add-on is designed to block this, however I would propose one thing:

  • Could you please add the ability to exclude certain websites from this add-on so I can exclude my mail provider to allow them to access Mailvelope?

Also reported in Mailvelope: https://github.com/mailvelope/mailvelope/issues/406

Hi, when this add-on is activated a website cannot use the [Mailvelope](https://www.mailvelope.com/de/) [API](https://mailvelope.github.io/mailvelope/) any more. Websites using Mailvelope do not seem to connect to it any more. I can reproduce this issue on https://demo.mailvelope.com/. This may of course be a natural result, because this add-on is designed to block this, however I would propose one thing: * Could you please add the ability to exclude certain websites from this add-on so I can exclude my mail provider to allow them to access Mailvelope? Also reported in Mailvelope: https://github.com/mailvelope/mailvelope/issues/406
calif commented 8 years ago

Hi,

I had the same problem with my mail provider and solved it the following way. I'm using Firefox, so I can't tell how to solve the problem using other browsers but I think it should work a similar way.

Disable 'No Resource URI Leak' and go to your mail providers website. Mailvelope should work as always and if you try to read an encrypted mail a Mailvelope-windows opens asking you to enter your password. The name of this window is what is needed. Under firefox it starts with 'resource://' followed by a string. For me it is 'jid1-aqqsmbyb0a8adg-at-jetpack'. (I think it is the same for a users but I'm not sure).

Go to the settings menu of 'No Resource URI Leak' and list the string under 'Exposed resource:// domains'. Now Mailvelope should work again.

Another way to find the needed string is to go to your Firefox's configuion folder and search the extensions folder. For me (under Linux) the path is: '/home/YOURNAME/.mozilla/firefox/PROFILENAME.default/extensions'. In this folder, there are the xpi-files of your installed addons meaning one belongs to Mailvelope. The file name is the same string as above. Please note: The file name contains a '@' that has to be replaced by '-at-' and '.xpi' has to be ignored.

(Chromium seems to save addons under '/home/YOURNAME/.config/chromium/PROFILE/Extensions/'. Maybe Chromium users find the needed string there.)

Now Mailvelope should work again.

Please be aware: As the description at the settings menu underlines, whitelisting "may harm your privacy" and should only be used "for debugging and as temporary measures". I dont't know if whitelisted links may be read out by webpages and/or can be used for fingerprinting. Maybe, a developer can answer this.

I hope my solution works for you and everyone else.

Hi, I had the same problem with my mail provider and solved it the following way. I'm using Firefox, so I can't tell how to solve the problem using other browsers but I think it should work a similar way. Disable 'No Resource URI Leak' and go to your mail providers website. Mailvelope should work as always and if you try to read an encrypted mail a Mailvelope-windows opens asking you to enter your password. The name of this window is what is needed. Under firefox it starts with 'resource://' followed by a string. For me it is 'jid1-aqqsmbyb0a8adg-at-jetpack'. (I think it is the same for a users but I'm not sure). Go to the settings menu of 'No Resource URI Leak' and list the string under 'Exposed resource:// domains'. Now Mailvelope should work again. Another way to find the needed string is to go to your Firefox's configuion folder and search the extensions folder. For me (under Linux) the path is: '/home/YOURNAME/.mozilla/firefox/PROFILENAME.default/extensions'. In this folder, there are the xpi-files of your installed addons meaning one belongs to Mailvelope. The file name is the same string as above. Please note: The file name contains a '@' that has to be replaced by '-at-' and '.xpi' has to be ignored. (Chromium seems to save addons under '/home/YOURNAME/.config/chromium/PROFILE/Extensions/'. Maybe Chromium users find the needed string there.) Now Mailvelope should work again. Please be aware: As the description at the settings menu underlines, whitelisting "may harm your privacy" and should only be used "for debugging and as temporary measures". I dont't know if whitelisted links may be read out by webpages and/or can be used for fingerprinting. Maybe, a developer can answer this. I hope my solution works for you and everyone else.
platform commented 8 years ago
Owner

Yes, whitelisted resources can be read by any site. Also, IDs of traditional add-ons are constant.

Possible solution: https://discourse.mozilla-community.org/t/how-to-determine-the-mime-type-of-the-loading-document-in-a-content-policy/9917

Yes, whitelisted resources can be read by any site. Also, IDs of traditional add-ons are constant. Possible solution: https://discourse.mozilla-community.org/t/how-to-determine-the-mime-type-of-the-loading-document-in-a-content-policy/9917
Deleted User commented 8 years ago
Poster

Thanks for the instructions. So whitelisting "jid1-aqqsmbyb0a8adg-at-jetpack" did the trick. One just should not forget to click on the "Update" button.

Thanks for the instructions. So whitelisting "jid1-aqqsmbyb0a8adg-at-jetpack" did the trick. One just should not forget to click on the "Update" button.
Sign in to join this conversation.
No Milestone
No assignee
3 Participants
Loading...
Cancel
Save
There is no content yet.