Page MenuHome GnuPG
Create Task
Maniphest T8023

Chromium blocks loading web client due to CORS policy
Open, NormalPublic
Actions

Description

Supposedly affects Chromium >= 141, and possibly some versions of Edge.

The first symptom of this is that the logo is not rendered, even though test page renders correctly. When clicking on the (broken) logo, chromium will prompt for:

outlook.live.com wants to Look for and connect to any device on your local network

Selecting "Block" renders the plugin unusable. Selecting "Allow" will allow the plugin to run, but a reload may be needed. After the fact, the setting can be changed via chrome://settings/content/siteDetails?site=https%3A%2F%2Foutlook.live.com%2F ("Local network access"; exact URL could be subject to change).

A more in-depth description of the background (although it's a slightly different use-case, and affecting Edge, here) is at https://learn.microsoft.com/en-us/answers/questions/5647994/3rd-party-app-unable-to-call-our-end-point-in-edge .

TL;DR: Chromium blocks loading, because the load is initiated from a public network (outlook.live.com), while the plugin is served from the local network.

Event Timeline

tfry created this task.Thu, Jan 8, 10:56 AM
tfry updated the task description. (Show Details)
tfry updated the task description. (Show Details)Thu, Jan 8, 11:01 AM
m.eik added a subscriber: m.eik.Thu, Jan 8, 11:18 AM

when do you see this precisely?

tfry added a comment.EditedThu, Jan 8, 12:37 PM

when do you see this precisely?

chromium 143, here.

The logo-not-loaded: Anytime the GnuPG logo should be visible, anywhere in the browser window, unless and until access has been allowed, explicitly.

The prompt to allow access: This does not seem to pop up at the same point, in the two accounts I have tested, but may occur:

  • As soon as log in to an outlook account, where the manifest.xml has been added

  • When clicking on the (broken) GnuPG logo to start the add-in

Selecting "Block" results in an error message inside the add-in pane after some ~20 seconds:

And after retrying twice, the message "The connection is blocked because it was initiated by a public page to connect to devices or servers on your local network." appears.

m.eik added a comment.Thu, Jan 8, 1:41 PM

i didn't see any of this in chromium 141.0.7390.77, but i do after an upgrade to 143.0.7499.170. but only at the first start. when i closed chromium and launched it again, the logo appeared as desired (i did a successful pairing the first time).

tfry added a comment.Thu, Jan 8, 2:17 PM

I suppose you selected "Allow", then, and yes, that's enough to "fix" the problem. Chromium does remember the decision (unfortunately, it also remembers if you selected "Block", and some users are doubtlessly going to do so).

tfry added a comment.Thu, Jan 8, 2:19 PM

Addendum: I currently do not think we can do anything about this, except for documenting it.

tfry triaged this task as Normal priority.Fri, Jan 9, 8:03 AM