1P Nightly: getting spammed to download "Apollo Devtools" Chrome Extension!

I've been running 1P Nightly, and currently have v8.12.4.6 installed.

Today I went to open my Chrome DevTools console and saw this message:

"Download the Apollo DevTools for a better development experience: https://chrome.google.com/webstore/detail/apollo-client-developer-t/jdkknkkbebbapilgoeccciglkfbmbnfm"

Which leads to this page for "Apollo Client Devtools" ?

I found that link in the 1P Nightly extension's codebase.

Why is this prompt appearing? Don't like this at all...

browser extension

1P_Dave
1 month ago
I wanted to provide an update here to close the loop. Further investigation showed the message was being logged by the website itself, not 1Password. This was confirmed by reproducing it in a Chrome profile without 1Password installed and by the fact that the sentry-BLbbFoZy.js file belongs to the site, not the 1Password extension.

1Password's browser extension does include Apollo Client (we use GraphQL internally), so it's normal to find that string in the 1Password extension's bundled code on disk. However, while the Apollo message string does exist inside the 1Password extension, Apollo's own checks will prevent 1Password from logging that message to Chrome's dev tools console: https://github.com/apollographql/apollo-client/blob/main/src/core/ApolloClient.ts#L866-L896

That being said, our developers are planning to remove the string from our code in future releases.

-Dave

7 Replies

Replies have been turned off for this discussion

1P_Dave
Moderator
1 month ago
I wanted to provide an update here to close the loop. Further investigation showed the message was being logged by the website itself, not 1Password. This was confirmed by reproducing it in a Chrome profile without 1Password installed and by the fact that the sentry-BLbbFoZy.js file belongs to the site, not the 1Password extension.

1Password's browser extension does include Apollo Client (we use GraphQL internally), so it's normal to find that string in the 1Password extension's bundled code on disk. However, while the Apollo message string does exist inside the 1Password extension, Apollo's own checks will prevent 1Password from logging that message to Chrome's dev tools console: https://github.com/apollographql/apollo-client/blob/main/src/core/ApolloClient.ts#L866-L896

That being said, our developers are planning to remove the string from our code in future releases.

-Dave
1P_Dave
Moderator
2 months ago
1Password's browser extension does include Apollo Client (we use GraphQL internally), so it's normal to find that string in the 1Password extension's bundled code on disk. However, while the Apollo message string does exist inside the 1Password extension, Apollo's own checks should prevent 1Password from logging that message to Chrome's dev tools console: https://github.com/apollographql/apollo-client/blob/main/src/core/ApolloClient.ts#L866-L896

We haven't yet been able to reproduce the 1Password extension writing the message to the console. Because of that, it's possible the console message is coming from the website being inspected, rather than the 1Password extension. To help us investigate further, can you share:

The exact website URL where you see this message

A full console log: Save a console log in your browser

Please send this to support@1Password.com and include a link to this community thread. After emailing in, you'll receive a reply from BitBot, our friendly robot assistant with a Support ID that looks something like [#ABC-12345-678]. Post that here, and I'll be able to locate your message and look into this further.

-Dave
- luckman212
  Frequent Contributor
  1 month ago
  Thanks, I just emailed the requested info.
  My bug ID is [#LXH-94641-815]
  - 1P_Dave
    Moderator
    1 month ago
    Thank you! I've sent you a reply via email.
    
    -Dave
1P_Dave
Moderator
2 months ago
luckman212

Thank you for those additional details. I've located the same code on my end and I've reached out to our development team. I'll update this thread as soon as possible.

-Dave
luckman212
Frequent Contributor
2 months ago
I already uninstalled the Nightly version because of this and went back on the stable track.
But, I can answer with 100% certainty that comes from the 1P extension itself. The code is literally right there on the disk, in both nightly AND stable versions.
I can still find it in my currently installed stable version 8.12.1.3 as well as my backup from 3 days ago which was still running nightly 8.12.4.2. I highlighted it below. The offending code is in the file:
chunks/chunk-PQH6ALAA.js
1P_Dave
Moderator
2 months ago
Hello luckman212! 👋

Thank you for reaching. I've tested the nightly version of 1Password in the browser and I'm unable to reproduce that log line in dev tools. I've also asked a colleague of mine to try and they're also not seeing it.

Is it possible that the log line is coming from the webpage in your screenshot itself? Or from something else in your browser? If you create a brand new Chrome profile, install 1Password in the profile but keep other extensions turned off, and navigate to autofill.me then do you see the same issue?

Dave

Forum Discussion

1P Nightly: getting spammed to download "Apollo Devtools" Chrome Extension!

7 Replies

Featured discussions

Meet the 1Password team at KubeCon Europe

Recent discussions

1password locks within 10 seconds on High Performance or Dynamic resolution screen share on macOS

Multiple account support in op run

Concatenate password with OTP

op CLI hangs on macOS Tahoe

How do I use the SSH agent in headless Linux?