Domain resolution trouble ? [port numbers and invalid TLDs can break the URL matching]
Hello,
I have been using 1P for a long time and really enjoy it. So I first wanted to congratulate the whole team for this product.
However, I can't manage to make something work and I want to submit it. I detected it on the Windows version (because it is related to my local network at work) but I guess I would have the same behaviour at home on my Mac version.
When I am on a specific URL in the browser (tested on FF and chrome), the list of logins suggested by 1P is incomplete :
Indeed, I would like to also get the following login but it's not in the list
There is a good reason for the ones in the list to be here since they belong to the same domain (dev.harvest)
For most of the URL of the same domain, everything works fine
Here, the 2 logins related to sonar.dev.harvest are suggested in priority and others behind the "Show X more items" are related to dev.harvest
By the way, here is a section of my settings
I don't know if it is a valuable clue but I noticed that the location mentioned in the logins list may vary.
All of these logins are related to URLs on the same domain dev.harvest but most of them include the prefix (first part) in the location column
Did I miss something ?
Can someone give me a hint to make things work ?
Thank you
1Password Version: 4.6.0.585
Extension Version: 4.4.2
OS Version: Windows 7
Sync Type: Not Provided
Comments
-
Well, I managed to make things work with the following domain matching :
Then, 1P suggests the login I wantHowever, I didn't understand why I had to do this for this URL and not for some others on the same domain...
0 -
Hi @lrichard,
It might have to do with the fact your domain is not on the public suffix TLD list which our domain matching algorithms are based on, it might have some unexpected differences if we don't know how the TLD is mapped. Think of how .co.uk is a TLD and not a co domain owned by .uk TLD.
That's why domain matching works, you gave us some mapping data we can use.
This might be a red hearing though. Have you try removing the port in the address to see if that's the issue? We had issues in the past where the port can interfere but we've fixed it since. I wonder if you can remove the port and the domain matching list to see if 1Password will behave properly like this.
0 -
Hi Mike
Thank you for the explanation.
I removed the domain matching entry in order that the matching fails again. I then replaced the 1P login URL with one without the port and the matching is OK again. I ended up adding an URL stopping before the port so that it works and allows me to keep to good URL (with the port).
Such a configuration works without any Domain Matching entry.There is something else I don't get : I tried with my 1P version 5 on my Mac and it works well in all circumstances. Moreover, the Mac version doesn't have similar settings as the Logins tab of the Windows version (no domain matching in particular). How comes ? Mac and Windows version use different algorithms to match the addresses ?
0 -
Hi @lrichard,
Thanks for trying that for me, that suggests it's related to the port again. We'll investigate this and see what further changes we need to make.
I'll follow up as soon as we find something.
Mac and Windows version use different algorithms to match the addresses ?
Pretty much, they're two separate programs that's natively coded for the platform rather than being a port, plus they're also handled by their own engineering teams. There are technical differences but we're working on improving this in the future to make sure they're in sync.
0 -
Hi @lrichard,
I've been testing this and unfortunately, I cannot reproduce it with or without ports. I had several ports, different subdomains, and so on, I just can't break it:
I wonder if you can try something else for me. Can you open the main 1Password program, unlock and create a new Login item manually that's identical to the affected item that doesn't show up with the same URL including the port. Does this specific Login item show up? If yes, it means that specific item is the issue, not the way the domain is saved with the port.
0 -
Hi @MikeT,
Indeed, with a new login, everything works fine. Even simpler : saving an affected login makes it work.
Does it make sense if I send the share content of an affected item to you (there's no real security issue since this login is related to a local private network) in order that you can analyze it ?0 -
In fact, saving an existing item did not always make it work and I had to create some new ones.
BTW, I noticed that working items have the "dev.harvest" location whereas affected items mention full address as location0 -
Interesting. Are there any differences in the URLs saved in these two items?
0 -
I can see no difference between these 2 items from the GUI.
In particular, the saved URL is http://big-weblogic.dev.harvest:7001/console/login/LoginForm.jsp in both cases0 -
I can see no difference between these 2 items from the GUI.
@lrichard: I think you actually hit the nail right on the head in your earlier post:
BTW, I noticed that working items have the "dev.harvest" location whereas affected items mention full address as location
I may be misunderstanding something about this complex problem, but to me it seems rather simple. As MikeT mentioned earlier:
It might have to do with the fact your domain is not on the public suffix TLD list which our domain matching algorithms are based on, it might have some unexpected differences if we don't know how the TLD is mapped. Think of how .co.uk is a TLD and not a co domain owned by .uk TLD.
I believe that because the are not valid TLDs, 1Password for Windows is simply seeing both
dev.harvest
andbig-weblogic.dev.harvest
, in their entirety, as the TLD, and is treating them differently as a result. This would also explain why your Domain Matching hack worked.Now, I could be all wrong about this in the first place, but it seems to me that there isn't a clear solution here. We can certainly investigate this further and possibly get some insight based on what the 1Password for Mac team is doing...but I know that their matching has some strange edge cases too, so that may just be trading one problem for another. Thanks again for bringing this to our attention! We'll see what we can do to improve the automatic matching, and in the mean time I'm glad that the Domain Matching setting serves as a workaround for you. :)
0 -
OK. I'd like to thank all of you for your involvement and your instructive contributions.
It is not a big issue to me as far as I can get things right by saving a new login or by setting some domain matching configuration.
Maybe it has to do with the fact that I share my vault between 1P Mac and 1P Windows. I had several versions of 1P on these platforms and I guess that the way one app saved a login might disrupt an other version of the app. I can't remember if I saved the affected login from an older version of 1P Mac for example.
Anyway, there are enough workarounds to prevent me from being blocked by this issue.0 -
OK. I'd like to thank all of you for your involvement and your instructive contributions.
@lrichard: You're most welcome! We're always working to improve 1Password for you and the rest of our awesome customers, and you help make that possible. Thanks so much for your patience and support! :chuffed:
Maybe it has to do with the fact that I share my vault between 1P Mac and 1P Windows. I had several versions of 1P on these platforms and I guess that the way one app saved a login might disrupt an other version of the app. I can't remember if I saved the affected login from an older version of 1P Mac for example.
While it's certainly possible if there's a bug in there, the same browser extension is used everywhere on both platforms (the one exception being Internet Explorer). So it's actually more likely that some extension version or website differences could be the culprit if you saved the login a while ago. Often simply manually saving the login will save additional information that will allow 1Password to fill correctly on a given site, regardless of the platform. But of course there are differences in the URL matching between Mac and Windows, which is the main issue you're running into.
Don't worry. We won't stop working to make 1Password better! :)
0