keepassxc-browser icon indicating copy to clipboard operation
keepassxc-browser copied to clipboard

Published 20 hours ago verified publisher icon keepassxreboot

Problem logging into obywatel.ufg.pl - Polish gov. site about car insurance

Open CapSel opened this issue 8 months ago • 5 comments
trafficstars

That is what I was able to get from JS console in firefox:

Security Error: Content at https://obywatel.ufg.pl/powiadomienia may not load or link to moz-extension://a904e032-5fa9-4784-80a2-d48c905260a9/content/62.32ff1b88b694850b.js.
<script> source URI is not allowed in this document: “moz-extension://a904e032-5fa9-4784-80a2-d48c905260a9/content/62.32ff1b88b694850b.js”. powiadomienia:1:1
Security Error: Content at https://obywatel.ufg.pl/powiadomienia may not load or link to moz-extension://a904e032-5fa9-4784-80a2-d48c905260a9/content/895.58cb473545e7de0f.js.
<script> source URI is not allowed in this document: “moz-extension://a904e032-5fa9-4784-80a2-d48c905260a9/content/895.58cb473545e7de0f.js”. powiadomienia:1:1
Security Error: Content at https://obywatel.ufg.pl/powiadomienia may not load or link to moz-extension://a904e032-5fa9-4784-80a2-d48c905260a9/content/471.04f0d4e7b5608725.js.
<script> source URI is not allowed in this document: “moz-extension://a904e032-5fa9-4784-80a2-d48c905260a9/content/471.04f0d4e7b5608725.js”. powiadomienia:1:1
Security Error: Content at https://obywatel.ufg.pl/powiadomienia may not load or link to moz-extension://a904e032-5fa9-4784-80a2-d48c905260a9/content/677.846c2862082fe70b.js.
<script> source URI is not allowed in this document: “moz-extension://a904e032-5fa9-4784-80a2-d48c905260a9/content/677.846c2862082fe70b.js”. powiadomienia:1:1
Security Error: Content at https://obywatel.ufg.pl/powiadomienia may not load or link to moz-extension://a904e032-5fa9-4784-80a2-d48c905260a9/content/217.144cba33744f795e.js.
<script> source URI is not allowed in this document: “moz-extension://a904e032-5fa9-4784-80a2-d48c905260a9/content/217.144cba33744f795e.js”. powiadomienia:1:1
ChunkLoadError: Loading chunk 217 failed.
(error: moz-extension://a904e032-5fa9-4784-80a2-d48c905260a9/content/217.144cba33744f795e.js)
    j https://obywatel.ufg.pl/mr/rweb/main.854052fcbcbd835c.js:1
    e https://obywatel.ufg.pl/mr/rweb/main.854052fcbcbd835c.js:1
    e https://obywatel.ufg.pl/mr/rweb/main.854052fcbcbd835c.js:1
    4431 https://obywatel.ufg.pl/mr/rweb/main.854052fcbcbd835c.js:1
    n https://obywatel.ufg.pl/mr/rweb/main.854052fcbcbd835c.js:1
    <anonymous> https://obywatel.ufg.pl/mr/rweb/main.854052fcbcbd835c.js:1
    <anonymous> https://obywatel.ufg.pl/mr/rweb/main.854052fcbcbd835c.js:1
main.854052fcbcbd835c.js:1:93
    4431 https://obywatel.ufg.pl/mr/rweb/main.854052fcbcbd835c.js:1
    invoke https://obywatel.ufg.pl/mr/rweb/polyfills.31777991649170a2.js:1
    run https://obywatel.ufg.pl/mr/rweb/polyfills.31777991649170a2.js:1
    et https://obywatel.ufg.pl/mr/rweb/polyfills.31777991649170a2.js:1
    invokeTask https://obywatel.ufg.pl/mr/rweb/polyfills.31777991649170a2.js:1
    runTask https://obywatel.ufg.pl/mr/rweb/polyfills.31777991649170a2.js:1
    ee https://obywatel.ufg.pl/mr/rweb/polyfills.31777991649170a2.js:1
    invokeTask https://obywatel.ufg.pl/mr/rweb/polyfills.31777991649170a2.js:1
    Te https://obywatel.ufg.pl/mr/rweb/polyfills.31777991649170a2.js:1
    ye https://obywatel.ufg.pl/mr/rweb/polyfills.31777991649170a2.js:1
    Oe https://obywatel.ufg.pl/mr/rweb/polyfills.31777991649170a2.js:1

After disabling KeepassXC browser plugin and refreshing page it loads without problems. I can use this website only with plugin disabled. After enabling plugin next click or refresh causes site to be empty and the errors similar to what I already pasted.

I tried adding this site to "Site preferences" and setting "Disable all features", or "Enable all features", and all other combinations - it did not help.

One way to login to this website is to use gov. issued mObywatel app from app store (ios and android). There are other option but I can't use them. None of these option is passkey.

Would it be possible to create kind of "blacklist" where this addon can't modify webpage source?

CapSel avatar Mar 05 '25 22:03 CapSel

I used "login" wrongfully - login itself works fine but webpage is empty/white after logging in. So my first impression was that login failed because there was no visible result of logging in.

CapSel avatar Mar 05 '25 22:03 CapSel

I should probably try disabling all other extension as well. The log you pasted doesn't include anything from our extension. Does this happen with other browsers as well?

varjolintu avatar Mar 06 '25 05:03 varjolintu

I tried in Brave - same situation. Also I noticed another thing - I need to just disable passkeys in browser extension to fix the issue. Firefox and Brave - same behaviour.

CapSel avatar Mar 06 '25 20:03 CapSel

Then this is probably related to the injected script we are adding because of passkeys support. Something inside it must collide with the page.

varjolintu avatar Mar 06 '25 21:03 varjolintu

Related: https://github.com/keepassxreboot/keepassxc-browser/issues/2475

varjolintu avatar Mar 07 '25 09:03 varjolintu

The issues handled at https://github.com/keepassxreboot/keepassxc-browser/issues/2494

varjolintu avatar Sep 20 '25 07:09 varjolintu