Or, If you’re living on the bleeding edge, expect some paper cuts.
The Chromium team (the open-source project behind Google Chrome) is doing an amazing job of constantly moving the web forward and making the web a safer place for users of Google Chrome.
Recently, many users of the latest pre-release versions of Google Chrome have notified us that the 1Password extension refuses to work in OS X and Windows, showing the following error message:
What is going on?
The Google Chrome developers have started implementing changes to the types of connections extensions are allowed to establish. These changes are part of a larger and more complex plan to harden Google Chrome against certain kinds of web-based attacks (like cross-site request forgery attacks), in which a malicious website or extension attempts to compromise internal network devices and processes listening on the localhost IP address.
Unfortunately, in the process of implementing these new security measures, something was broken in a way that results in many Chrome extensions, including 1Password, not working anymore in the Canary build and the dev channel of Chrome.
What seems to be the issue?
The 1Password web browser extension needs to communicate with a helper process that runs in the background to access your 1Password data (1Password mini in OS X and 1Password Helper in Windows). This is facilitated by establishing WebSocket protocol connections at the localhost address of a computer. WebSocket connections are similar to the typical HTTP requests your web browser performs when visiting a website.
The way we understand the current situation is this:
- An extension tries to open a ws:// (WebSocket) connection.
- Chrome recognises the chrome-extension protocol and checks whether the connection attempt has a secure origin.
- If Chrome determines that the connection is not secure, it rejects the attempt and any further connection requests are never even attempted beyond that.
In the case of 1Password, this results in the extension thinking that the 1Password application does not exist on the PC/Mac in the first place or that something is blocking the WebSocket connection.
What is going to happen?
This is an ongoing issue that we’re still investigating but so far it is clear that the Chromium development community has recognised that many extensions communicate with host applications using WebSocket and other protocols. To our current knowledge, they are treating this issue as a regression in need of fixing, but any fix requires careful consideration in light of their efforts to increase security.
There are various active discussion threads and bug reports related to this situation in the Chromium project. To name only a few:
- WebSockets initiated in Chrome extensions has null Origin header in their handshake
- Block sub-resource loads from the web to private networks and localhost
- Allow url::SchemeHostPort to hold non-file scheme without port
What to do now?
Testing pre-release software can be fun and is incredibly useful for the developers of that software and the developers of apps that interact with it — seriously, we love our beta testers. 1Password supports the latest stable builds of Safari, Chrome, Firefox, and Opera. While we make every effort to maintain compatibility with Beta, Dev, Nightly, Canary builds or other birds or browsers, we can’t guarantee that 1Password will always work as browsers go through their various development and release cycles.
If 1Password is as essential to your daily life as it is to ours, our suggestion is to temporarily return your browser to the stable version and check out the new Canary build/dev channel releases in a week or two — did I mention how much we appreciate beta testers sending in feedback? If you do want to live on the bleeding edge, please be aware of the potential for bugs in development and public beta versions of browsers and software in general and be patient with the developers of browsers, apps, and extensions as they negotiate a shifting landscape. We’ve added the article, “Prerelease (beta, dev, nightly) browser builds,” to our knowledge base to keep you apprised of any issues with unfinished versions of browsers.
As with any other questions regarding 1Password, please sound off about any issues you run into when using 1Password with pre-release versions of browsers in our discussion forums.