1Password adding spurious data to URLs
I've recently noticed that on HTTP forms (Not HTTPS), when clicking "Open and Fill" 1Password is not just putting in the URL stored in 1Password's database, but a whole load of other URL parameters. e.g.
www.example.com/?onepasswdfill=XXXXXXXXX&onepasswdvault=YYYYYYYYY
Because of this extra data the page doesn't open, so you have to manually remove the spurious 1Password HTTP parameters and try again.
I'm using 1Password 6 (From the App Store) with Firefox 48 (It was happening with Firefox 47 too)
GTG
1Password Version: 6.3.1
Extension Version: 4.5.8
OS Version: 10.11.6
Sync Type: iCloud
Comments
-
Hello @gopher,
The two parameters added to the stored URL are what allow the 1Password Browser Extension to know the URL came from 1Password and what item should be used to fill once loading of the page has completed. We rely on the ability to view the URL before the browser has started to even load it to look for these parameters and strip them from the URL that the browser loads. As you may surmise from this, it means this behaviour has existed for quite some time in 1Password as it's how open and fill works at all.
I assume that other than open and fill is the extension working to allow filling? If it is I'd like you to check something for me please. Can you visit
about:support
in Firefox and in the section titled Application Basics you should see an entry titled Multiprocess Windows. What does it say against this?0