1Password adding spurious data to URLs

Options
gopher
gopher
Community Member
in 1Password in the Browser

I've recently noticed that on HTTP forms (Not HTTPS), when clicking "Open and Fill" 1Password is not just putting in the URL stored in 1Password's database, but a whole load of other URL parameters. e.g.

www.example.com/?onepasswdfill=XXXXXXXXX&onepasswdvault=YYYYYYYYY

Because of this extra data the page doesn't open, so you have to manually remove the spurious 1Password HTTP parameters and try again.

I'm using 1Password 6 (From the App Store) with Firefox 48 (It was happening with Firefox 47 too)

GTG

1Password Version: 6.3.1
Extension Version: 4.5.8
OS Version: 10.11.6
Sync Type: iCloud

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni
    Options

    Hello @gopher,

    The two parameters added to the stored URL are what allow the 1Password Browser Extension to know the URL came from 1Password and what item should be used to fill once loading of the page has completed. We rely on the ability to view the URL before the browser has started to even load it to look for these parameters and strip them from the URL that the browser loads. As you may surmise from this, it means this behaviour has existed for quite some time in 1Password as it's how open and fill works at all.

    I assume that other than open and fill is the extension working to allow filling? If it is I'd like you to check something for me please. Can you visit about:support in Firefox and in the section titled Application Basics you should see an entry titled Multiprocess Windows. What does it say against this?

This discussion has been closed.