Filling Web Form Details in Chrome [browser and 1Password need to be in /Applications folder]

System

This discussion was created from comments split from: Web Form Details Not All Being Filled, They Use To.

kevinawoo

hey @brenty, I'm running into the same issue. My chrome extension isn't filling in web form details either.
Chrome Version: 67.0.3396.99 (Official Build) (64-bit)
Chrome extension 1password (beta): 4.7.1.4

I'm trying to log into AWS, which I have to switch between a few different accounts:
https://console.aws.amazon.com/console/home
(screenshot) https://cl.ly/28131m0V2Q03

AGAlumB

@kevinawoo: What version of 1Password are you using? This is an old discussion about a 1Password 6 beta.

kevinawoo

@brenty ah sorry. Should I start a new thread?

My current version is:
1Password 7
Version 7.0.5.BETA-2 (70005002)

AGAlumB

@kevinawoo: No need. We've got that covered. Just wanted to make sure you weren't in fact running an outdated beta. You never know! :)

Anyway, it sounds like you're up to date, so that's good. But keep in mind that if Chrome has a pending restart after updating that will break things for you. So if you haven't, go ahead and do that. Otherwise there's something else going on.

Lately I've seen a few cases where Chrome was damaged for some reason, and it was necessary to install a fresh copy. Just to eliminate that, please drag it to the Trash, restart your Mac, and then grab a new copy from Google:

https://google.com/chrome/

But make sure both Chrome and 1Password are in the system /Applications folder. That's a much more common issue we see. Due to sandboxing, they will not be able to talk to each other at all unless they are installed there. Let me know!

melomac

Hi @brenty
I am very interested as of why both Google Chrome and 1Password have to be in /Applications. Would you please be so kind to explain why?
Also, does 1Password has to be located in /Applications to work with Firefox or Safari?
And, is this sandbox "restriction" really necessary for non app store 1Password?
Thanks in advance.

rudy

@melomac,

They have to be in /Applications in order for us to be able to verify their code signatures. The API Apple provides only works from that location when sandboxing is turned on. Sandboxing is going to become more and more of a reality on the Mac as each new OS is released. We've turned sandboxing on now because we're getting ready for that reality. That preparation allows us to be ready for new security features such as Apple's App Hardening and App level System Integrity Protection features that are coming in 10.14, which require you to have sandboxing turned on.

melomac

So if the user decides to skip code signatures verifications, he or she could have his apps located anywhere?

rudy

@melomac,

The code signature verification is baked in, it hasn't been optional for quite awhile now.

melomac

So there is no solution for users who don't install products in /Applications to use 1Password7?

What about asking the user for an enlarged sandbox file access?

rudy

@melomac,

Unfortunately not. User approved sandbox file access expansion doesn't impress the Security framework API being used to verify the code signature. We've filed a radar with Apple to request improving that situation.

melomac

In the meantime, whatever can be done on your side would really help me, as I am supporting 1P for so many years now, and feel somehow betrayed by this new situation introduced in 1P7. Sticking to 1P6 for now :-(

AGAlumB

As Rudy mentioned, there isn't a way to circumvent the sandboxing restrictions. That's kind of the point. You can, however, get everything working by dragging both 1Password and the browser to the system /Applications folder. Cheers! :)

melomac

Thank you @brenty and @rudy but I still don't understand the technical limitation, at least in a non Mac App Store context.

I am truly sorry. Hopefully, 1P6 still rocks 🤞

rudy

@melomac,

Sandboxing isn't something that's limited to the App Store, but the writing is on the wall for certain. Apple is moving in the direction of making sandboxing a requirement rather than an optional environment. As a security application we want to be ready for that very near future. Turning on App Hardening and SIP for 1Password is a day-one goal for 10.14's release this fall.

melomac

I still don't get the entitlement that is forcing 1P7 and/or Chrome to be in /Applications and mandatory for 10.14.

AGAlumB

@melomac: It's not forced at this stage. As Rudy mentioned in the previous comment, we're making changes now so we're ready in the future.

melomac

This wasn't so obvious, thanks for clarifying.

I have been relying on 1Password for 11 years now, and if I want to go on, I have to change a 25 years old habit, and accept a partial regression to C:\PROGRAM FILES.

Unless you consider the minority of users I am representing, I may have to stick to 1P6 forever.

AGAlumB

Not the conclusion I would have arrived at, but okay. :)

melomac

What was the conclusion you would have expect then?

Users complying to authority arguments?

Are there other choices AgileBits would make on the behalf of a probable future at the cost of others freedom?

AGAlumB

What was the conclusion you would have expect then? Users complying to authority arguments?

@melomac: Sorry, but you kind of lost me when you started talking about "C:/Program Files". :)

Are there other choices AgileBits would make on the behalf of a probable future at the cost of others freedom?

That's a bit of a stretch. This isn't a political, social, or moral issue. It's the technical direction that a computing platform (and, arguably, the industry) is going.