AdobeAAMDetect plugin

yondvale

Per the included screen shot, the AdobeAAMDetect plugin for Safari 9.02 (El Capitan), is blocking some 1Password plugin. It happens with every iteration of 1Password for teams. For example, start, team page, discussion.

Although the Adobe plugin is set for Ask, it doesn't.

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

rob

Hi, @yondvale, and welcome to the 1Password discussion forums!

I'm not sure I understand the issue you're experiencing. Is the plugin causing you problems with the 1Password web site or is 1Password's site causing problems with the plugin?

Do you see these problems on other web sites?

yondvale

Prior to the 1Password Team Site, I've never experienced this behavior with Safari so I would say something in the 1Password site causes the Adobe plugin to flip.

dteare

Thanks for getting back to us, @yondvale.

I wonder if AdobeAAMDetect is trying to inject something into our page? We have a very restrictive Content Security Policy that helps prevent injection attacks.

As a test, try going to this website as they also have a relatively restricted content security policy (albeit not as strict as ours):

http://content-security-policy.com/

Does the problem happen there as well? Also, do you know what this error means in your one screenshot?

yondvale

I'm afraid I don't know what those error messages mean but I have a link you may understand far better than I.

dteare

Thank you for including another screenshot, @yondvale! I would have been completely confused without them :)

Your new screenshot confirmed my suspicion. Since the "Blocked Plug-in" message is also appearing on the http://content-security-policy.com website it's very likely that AdobeAAMDetect is injecting a plugin into every page that loads within your browser. We (and many other sites that value security and privacy) have restrictive Content Security Polices to prevent these plugins from loading. This is a very good thing.

You can learn more about Content Security Policies, why they are important, and how to enable them here:

https://ole.michelsen.dk/blog/secure-your-website-with-content-security-policy.html

I hope that helps explain why the "Blocked Plug-in" message appears. Please let us know if there is anything else I can help with.

Cheers!

rob

@yondvale Could you open your browser console on our website and send us a screenshot of what you see there?

To open the browser console in Safari, you'll need to first turn on the "Develop" menu under the "Advanced" tab in Safari's preferences:

Then you can select "Error Console" from the new "Develop" menu in the menu bar:

If it's a Content Security Policy issue, there should be an error there describing what the issue is. I'd love to verify that's what is happening for you.

Thanks for your time!

yondvale

Is this what you wanted to see?

rob

@yondvale yep, that's it! That confirms our suspicions regarding the Content Security Policy. As Dave mentioned, we implement the security policy we do to protect our users, specifically from malicious plugins and extensions, among other things.

This does have the side effect of causing some plugins and extensions not to work as they should on our sites, but we value our users' security too much to make our security policy more lenient.