search

Nitrokey / nitrokey-webupdate

Website to easily update firmware on Nitrokey devices.
https://update.nitrokey.com
Apache License 2.0
2 stars 1 forks source link

Inspection fails due to CORB #19

Closed szszszsz closed 3 years ago

szszszsz commented 3 years ago

Following error occurs for one of the users while running the inspection:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource 
at https://raw.githubusercontent.com/Nitrokey/nitrokey-fido2-firmware/master/STABLE_VERSION. 
(Reason: CORS request did not succeed).
Uncaught (in promise) TypeError: NetworkError when attempting to fetch resource.
Full log (click to show) ``` Environment information Firefox 82.0 on Windows 10 64-bit (WebAuthn supported) Connected Nitrokey FIDO2 firmware version: 1.1.0 Latest Nitrokey FIDO2 firmware version: unknown Device state: normal mode Connected device: Nitrokey FIDO2 Update application status: (9) Update failed github.com/Nitrokey/nitrokey-webupdate Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://raw.githubusercontent.com/Nitrokey/nitrokey-fido2-firmware/master/STABLE_VERSION. (Reason: CORS request did not succeed). Uncaught (in promise) TypeError: NetworkError when attempting to fetch resource. app.solo_version null main.js:304:11 PRE-CHECKING IF IN BOOTLOADER main.js:305:11 Boot check null main.js:404:11 IS BOOTLOADER false main.js:412:11 check-version RESPONSE Uint8Array(71) [ 1, 1, 0, 148, 191, 0, 32, 1, 0, 0, … ] main.js:174:13 NEED null main.js:353:11 HAVE Uint8Array(3) [ 1, 1, 0 ] main.js:354:11 TypeError: need is null inspect_ https://update.nitrokey.com/js/main.js?version=1:360 main.js:293:13 app.solo_version 1.1.0 main.js:304:11 PRE-CHECKING IF IN BOOTLOADER main.js:305:11 Boot check undefined main.js:404:11 Device not available undefined main.js:407:13 Failed running inspection main.js:335:13 app.solo_version 1.1.0 main.js:304:11 PRE-CHECKING IF IN BOOTLOADER main.js:305:11 Boot check null main.js:404:11 IS BOOTLOADER false main.js:412:11 check-version RESPONSE Uint8Array(71) [ 1, 1, 0, 148, 191, 0, 32, 1, 0, 0, … ] main.js:174:13 NEED null main.js:353:11 HAVE Uint8Array(3) [ 1, 1, 0 ] main.js:354:11 TypeError: need is null inspect_ https://update.nitrokey.com/js/main.js?version=1:360 inspect https://update.nitrokey.com/js/main.js?version=1:291 onclick https://update.nitrokey.com/:1 main.js:293:13 ```

Environment information

Firefox 82.0 on Windows 10 64-bit (WebAuthn supported) Connected Nitrokey FIDO2 firmware version: 1.1.0 Latest Nitrokey FIDO2 firmware version: unknown Device state: normal mode Connected device: Nitrokey FIDO2 Update application status: (9) Update failed

szszszsz commented 3 years ago

Works for me on Windows 10, Firefox 82 (as in reported conditions). Potentially some add-on is blocking the request for the user. To ask, could "clean" version be started for the update.

About the failure itself, this is caused by requesting a firmware version file from Github in an attempt to confirm that the firmware files on the WebUpdate server are the latest. This is not strictly required to run the update. We could potentially remove that check completely if that makes issues, or make it optional with a warning on failure instead of being required or crashing the web application.

jans23 commented 3 years ago

Please change webupdate to avoid such check. Does this implicate, we have to upload each firmware update to webupdate manually? Ideally webupdate would do this automatically but in PHP, not from JavaScript, which would be invisible to the user's browser.

szszszsz commented 3 years ago

Will be done. We are updating firmware on update.nitrokey.com already, from where it is later downloaded. This was just additional precaution from upstream to not distribute outdated firmware. No need to keep it I believe.