Fill in doesn't work in sidebar
The screenshot explains it pretty good; I try to sign in pocket in the sidebar but no way of fill in works with the Webextensions. (I tried context menu, keyboard shortcut and clicking on the extensions icon)
1Password Version: 6.8
Extension Version: 4.6.10.2
OS Version: MacOS 10.13
Sync Type: Dropbox
Comments
-
@heubergen: Thanks for reaching out. I’m sorry for the confusion! Just to confirm, it looks like you're trying to sign into a Firefox add-on there, not a website. Is that correct? It isn't possible for 1Password to integrate with other add-ons/extensions in that fashion. It can save and fill login credentials when you visit a URL matching your saved login. Otherwise you can copy and paste. I hope this helps. Be sure to let me know if you have any other questions! :)
0 -
Hi @brenty
The add-on opens https://getpocket.com/a/ in a sidebar so technically I sign into the website from pocket. Does that make sense to you?
Here a link to the add-on so you may can try it for your self: https://addons.mozilla.org/en-US/firefox/addon/pocket-in-sidebar/?src=cb-dl-created0 -
@heubergen: Thanks for the link! Is this a new thing with Firefox? For some reason it's the first I've seen it myself. Maybe I'm just not using as many extensions there as I used to! :)
I don't see any indication where it's opening https://getpocket.com/a/ in the sidebar, as there's no address field there. And given that Firefox's address bar doesn't reflect this, 1Password cannot match what's in the sidebar with a login. It doesn't look to me like Firefox gives extensions access to the sidebar at all, as 1Password cannot read the fields there to save either. But it's something we can look into to see if it's possible to do something there in the future. Thank you for bringing this up! :)
0 -
Ah, gotcha. We'll look into it. :)
0 -
@heubergen Thanks so much for your interest in having 1Password fill into Pocket in Sidebar. I looked over the API for Sidebars in Firefox, and it looks like this functions similarly to how other extension-supplied content works. This would include things like browserAction and options pages. What these all have in common is they load their content from HTML files within the browser extension itself. While this particular extension eventually loads
getpocket.com/a
, the real page ispopup.html
in their extension bundle. The upshot of all of this is that our extension code for interrogating the page and then filling your details into it are not injected into these pages by Firefox. As a result, we aren't able to fill into these sidebar pages.Note that I don't consider this a Firefox bug. Extensions operate in their own isolated worlds for a reason. It's safer and more stable that way and it allows each extension at least one small arena where they can know that their code isn't being interfered with and that the page is reasonably safe from intrusion.
All that being said, I do have some ideas for how we could make this better for extensions that want to go an extra step to support 1Password sign in for these kinds of pages. Right now, they are no more than ideas and those ideas would need some serious time to breathe and expand before they could become anything like a shipping solution, but I did want to mention it so you know that we're not simply shrugging the idea off. :smile: Hopefully, we'll be able to clear the decks soon and start branching out to think more about how we can get 1Password filling into more places.
Cheers!
--
Jamie Phelps
Code Wrangler @ AgileBits
Fort Worth, Texas0 -
Okay thank you for the detailed explanation.
My idea for a short term implementation would be that 1Password would see the popup.html and would let the user decide which login he wants to fill in. (Currently the extensions open the pocket page in a new tab when I try to click on the login) but that just an idea from me :)0 -
I don't think we'll do anything like that as it would make phishing attacks very easy. 1Password only fills logins at URLs matching the ones saved for the item for this reason. We don't want 1Password to facilitate something like that, but, as always, the user can choose to copy and paste password credentials anywhere they wish.
0