Failed authenticating: Background task failed: Desktop request failed: 403 Forbidden

[DawrFromUa]

Hi there. I've got some problem after update. I've made next steps:

• Update program
• Update extension
• Set Enable browser access as true
• Unlock program
• Pressed connect button and enter password to field.

What's wrong?

[perry-mitchell]

What desktop version are you using?

[DawrFromUa]

What desktop version are you using?

Latest and couple previous version after major update.

[perry-mitchell]

Ok, I'm not exactly sure what issue you're having. Your initial steps don't actually mention what's wrong.

Please include a detailed description of what's not working, and add a screenshot or copy the error message if something is displayed to you.

[DawrFromUa]

Ok, I'm not exactly sure what issue you're having. Your initial steps don't actually mention what's wrong.

Please include a detailed description of what's not working, and add a screenshot or copy the error message if something is displayed to you.

My trouble is that I can't connect extension to program. Title of this tread is error what I get always when I trying to connect.

Error is: Failed authenticating: Background task failed: Desktop request failed: 403 Forbidden

And if you tell me where I can find logs, I can give it for you. I have Windows 10 right now.

[perry-mitchell]

You'd want to go into your extensions (assuming you're running chrome - it's a similar process on other browsers):

And open the background page debugger:

And then try connecting again. Please check the console and the network for any failed requests. Screenshots are valuable but please blur any Authorization headers or anything else that look sensitive. The data should be encrypted so it shouldn't be showing any raw vault information.

[DawrFromUa]

Oh, I have Mozilla Firefox.

So, I was open Extensions page, check errors, but there is empty (also after restart of page).

And then I open connection page, restart it and enter a password. There is my error list.

[perry-mitchell]

Hmm, that error makes it sound like the client code used to authenticate the browser extension is not present in the desktop config.

Have you reset or edited the desktop app's config in any way?

Have you tried resetting the data in the extension and reconnecting? You can do this via the settings tab in the popup menu.

[DawrFromUa]

Hmm, that error makes it sound like the client code used to authenticate the browser extension is not present in the desktop config.

Have you reset or edited the desktop app's config in any way?

Have you tried resetting the data in the extension and reconnecting? You can do this via the settings tab in the popup menu.

I haven't touched any files either desktop or extension. Following your recommendations, I reset the settings using the settings in the popup menu and tried to reconnect. It's the same problem.

[Oxalin]

@DawrFromUa About 403 error specifically: could you please have a look at your firewall settings to be sure Buttercup Desktop is allowed to communicate? I've encountered this error on two different setups at work and in both cases the firewall was preventing Buttercup Desktop from going through the firewall (even if it is on the same host).

[perry-mitchell]

Seems that this could be a bigger problem that I'd have thought. I'm biased of course as I use Linux/Mac primarily and don't have firewall issues. I wonder if an alternative like this would be better suited than a proxy + port.

That would negate some other issues where they'd like to have Buttercup listening on another logical machine, but I think this outweighs such issues.

[Oxalin]

Under Windows, I can't remember if it's at launch the first time Buttercup desktop is launched or if it is after selecting Enable browser connectivity, but a window appears asking if we want to allow the application communicate through the firewall. Someone who doesn't allow it for whatever reason (not knowingly or thinking it doesn't need to communicate through internet or because they don't have the administrative rights) will never be asked again about this change, since a rule will have been written in Windows Defender firewall (I can't tell for other firewall application).

A hint to this solution should at least be suggested to the user.

@perry-mitchell I can't say if an alternative as proposed would fix the issue completely, but I'm willing to try it.

[DawrFromUa]

Thanks a lot for your help @Oxalin.

@perry-mitchell So, I've drop my Windows Defender for all groups (public, local, private etc....). Allow all rights for buttercup.exe for all users. Also I found in Windows Defender Farewall two lines (rules) for Buttercup. I've switch this (turn off) but it does'nt help. And I've start browser as administator and this way also doesn't help.

[la-pieuvre]

Hi there, I have the same issue on chrome 112.0.5615.137 on mac os 14.4 (23E214) with the extension 3.2 (autoupdate) I touche nothing and now I have the error message "Failed starting connection: Background task failed: Failed to fetch". My colleague has the same problem with version 3.2 on chrome windows.

I have an older version of the desktop app (2.25.0) that works fine.

[DawrFromUa]

Hi there, I have the same issue on chrome 112.0.5615.137 on mac os 14.4 (23E214) with the extension 3.2 (autoupdate) I touche nothing and now I have the error message "Failed starting connection: Background task failed: Failed to fetch". My colleague has the same problem with version 3.2 on chrome windows. I have an older version of the desktop app (2.25.0) that works fine.

@la-pieuvre in this case I think you just don't start Buttercup or don't Enable browser access in Connections (on top of the desktop app in menu).

[perry-mitchell]

Failed to fetch is usually when there's nothing listening - no port open, no desktop app running.

I suspect the firewall is a big problem but it annoys me that showing some kind of helpful indicator to fix it is one of the only ways forward right now.

[DawrFromUa]

Failed to fetch is usually when there's nothing listening - no port open, no desktop app running.

I suspect the firewall is a big problem but it annoys me that showing some kind of helpful indicator to fix it is one of the only ways forward right now.

I've rollback version to 2.XX for using on windows. btw, thanks a lot for you app and hope you find why firewall doesn't allow your app working at windows. Also where I can ask you develop some needed functions for everyone? Here or something else?

[Oxalin]

@la-pieuvre if Buttercup Desktop is not running or if Enable browser access is disabled, the error I get is very similar, but not exactly the same (difference related to the OS maybe): Failed starting connection: Background task failed: NetworkError when attempting to fetch resource.

So I would be inclined to think DawrFromUa's comment is right (Buttercup Desktop not running): https://github.com/buttercup/buttercup-browser-extension/issues/488#issuecomment-2049812333

[Oxalin]

Also I found in Windows Defender Farewall two lines (rules) for Buttercup. I've switch this (turn off) but it does'nt help.

@DawrFromUa Under Windows Defender Firewall, when you say you've switched the two lines off, do you mean you unchecked them at the far left? And were you under Control panel > System and Security > Windows Defender Firewall > Allow an app or feature through Windows Defender Firewall?

Because there is a second way to access the Windows Defender Firewall's settings, and it's through the Advanced settings under Control panel > System and Security > Windows Defender Firewall. There, you have better control of rules for both TCP and UDP.

Rules must be enabled (checked) and they must be applied to the right network profile: if the rules are enabled on Private network, but yours is configured as a public network (Windows often sets networks as public even when they are private. You must then change the profile manually).

That being said, I saw that even when the firewall is not properly set and an 403 error is returned, the extension may have been able to make a connection with Buttercup Desktop. In that case, the extension will first throw a 403 error, BUT if you close the tab and you click on the extension's icon, the "connect" button will have disappeared. You will even be able to see the vaults under the submenu icon and unlock them. Once it is done, you are able to see and search through your entries. I have to confirm if this scenario holds when the extension is fresh (after a fresh reboot).

Update: it holds. I wonder why we receive a 403, when obviously the connection is active.

[Oxalin]

I think I understand why the 403 error happens, why however the connection is active and we should be looking for.

"netstat -anob" returns: TCP [::]:12821 [::]:0 LISTENING 11328 [Buttercup.exe] TCP [::]:12822 [::]:0 LISTENING 11328 [Buttercup.exe]

It shows us that Buttercup is listening on any nework interface ([::] | 0.0.0.0), not just localhost (127.0.0.1). So Windows Defender Firewall (WDF) is first triggered because we are asking to listen to any interface, which supposes we may have incoming connections from "outside" the firewall. Whatever we answer to WDF to add or not a specific inbound rule, Buttercup Desktop will still listen and be able to catch connections coming from "inside" through localhost.

So the extension sends a call (DESKTOP_URL_BASE = localhost:12822), Buttercup Desktop catches the call through 127.0.0.1 and answers correctly.

Now this part is my interpretation of what must be happening: but somewhere along the way, the call from the extension is "blocked" by WDF because of Buttercup Desktop is listening at any interface. When the extension looks at the answers, it is able to establish a connection with Buttercup Desktop, but it still have to deal with the 403 produced by WDF.

I had a look at Buttercup Desktop's code and I see we use "express" to communicate. On listen(), a port is set, but hostname is omitted, which tells express to listen to "any" interface. If we are to allow incoming connections from any interface on Buttercup Desktop side (which is a viable option, see FR https://github.com/buttercup/buttercup-browser-extension/issues/491), the extension has to be able to correctly determine that the connection has been established and discard the 403.

[DawrFromUa]

Also I found in Windows Defender Farewall two lines (rules) for Buttercup. I've switch this (turn off) but it does'nt help.

@DawrFromUa Under Windows Defender Firewall, when you say you've switched the two lines off, do you mean you unchecked them at the far left? And were you under Control panel > System and Security > Windows Defender Firewall > Allow an app or feature through Windows Defender Firewall?

So, when I told "switched the two lines off" I meant about Windows Defender Firewall with Advanced Security in Inbound Rules section.

And answer for your question: Yes, buttercup is checked in this "Allow an app or feature through Windows Defender Firewall" as Private and Publick (true and true).

Because there is a second way to access the Windows Defender Firewall's settings, and it's through the Advanced settings under Control panel > System and Security > Windows Defender Firewall. There, you have better control of rules for both TCP and UDP.

Yes, there is all as True (Enabled)

That being said, I saw that even when the firewall is not properly set and an 403 error is returned, the extension may have been able to make a connection with Buttercup Desktop. In that case, the extension will first throw a 403 error, BUT if you close the tab and you click on the extension's icon, the "connect" button will have disappeared. You will even be able to see the vaults under the submenu icon and unlock them. Once it is done, you are able to see and search through your entries. I have to confirm if this scenario holds when the extension is fresh (after a fresh reboot).

Update: it holds. I wonder why we receive a 403, when obviously the connection is active.

I understand you correctly?

[perry-mitchell]

Just a side note: windows firewall won't return a 403.. this would involve the firewall setting up an intercepting HTTP server to respond with such a code. If the firewall rejects a connection it just stops it - there'd be no error response code if it was the firewall.

403 most likely came from the desktop application for some reason. We'd need to see the full desktop logs in that case.

[DawrFromUa]

Just a side note: windows firewall won't return a 403.. this would involve the firewall setting up an intercepting HTTP server to respond with such a code. If the firewall rejects a connection it just stops it - there'd be no error response code if it was the firewall.

403 most likely came from the desktop application for some reason. We'd need to see the full desktop logs in that case.

How to grub logs? Is app saving this?

[Oxalin]

Just a side note: windows firewall won't return a 403.. this would involve the firewall setting up an intercepting HTTP server to respond with such a code. If the firewall rejects a connection it just stops it - there'd be no error response code if it was the firewall.

Yes of course, I may not have worded things correctly, but that's what I meant. While Buttercup Desktop can return a 403, I thought that the extension could interprete a ressource/port being blocked by a firewall as a 403.

[marcovidero]

You need to enable secure file host in Desktop App.

Then, restart browser and desktop app.

Tested in:

1. Firefox 118.0.1 (64-bit) with Buttercup extension 3.2.0 in Ubuntu 23.10;
2. Brave Version 1.65.114 Chromium: 124.0.6367.60 (Official Build) (64-bit) with Buttercup extension 3.2.0 in Ubuntu 23.10; and
3. Brave Version 1.64.122 Chromium: 123.0.6312.122 (Official Build) (64-bit) with Buttercup extension 3.2.0 in Fedora Linux 39 (Workstation Edition).

[DawrFromUa]

You need to enable secure file host in Desktop App.

Then, restart browser and desktop app.

Tested in:

1. **Firefox 118.0.1** (64-bit) with **Buttercup extension 3.2.0** in **Ubuntu 23.10**;

2. **Brave Version 1.65.114** Chromium: 124.0.6367.60 (Official Build) (64-bit) with **Buttercup extension 3.2.0** in **Ubuntu 23.10**; and

3. **Brave Version 1.64.122** Chromium: 123.0.6312.122 (Official Build) (64-bit) with **Buttercup extension 3.2.0** in **Fedora Linux 39** (Workstation Edition).

Hi. According your message, this isn't work on my pc. Checkbox already checked from start.

[marcovidero]

Hi. According your message, this isn't work on my pc. Checkbox already checked from start.

I will try to replicate your environment.

Please, let me know the versions of:

1. Browser;
2. Buttercup Extension;
3. Buttercup Desktop; and
4. OS.

[DawrFromUa]

Hi. According your message, this isn't work on my pc. Checkbox already checked from start.

I will try to replicate your environment.

Please, let me know the versions of:

1. Browser;

2. Buttercup Extension;

3. Buttercup Desktop; and

4. OS.

Hi, thanks a lot.

1. Brave 1.65.114 Chromium: 124.0.6367.60 (x64)
2. Buttercup Extension 3.2.0
3. Desktop @ v2.27.0 Core @ v7.7.0
4. Win 10 x64

[Rumadon]

Hi. According your message, this isn't work on my pc. Checkbox already checked from start.

I will try to replicate your environment. Please, let me know the versions of:

1. Browser;

2. Buttercup Extension;

3. Buttercup Desktop; and

4. OS.

Hi, thanks a lot.

1. Brave 1.65.114 Chromium: 124.0.6367.60 (x64)
2. Buttercup Extension 3.2.0
3. Desktop @ v2.27.0 Core @ v7.7.0
4. Win 10 x64

Hey, I saw the same issue and unchecked and then rechecked the checkbox and it fixed the issue for me

[flying-pizza-69]

i have the same issue. i get this error every time i open the extension. the desktop app is running and the enable browser access is checked. i can see my vault in the extension though.

browser: firefox 126 extension version: 3.2.0 desktop app: Desktop @ v2.24.4, Core @ v7.4.0, Flags: installed os: arch linux 6.9.2 kernel x86_64

[perry-mitchell]

@flying-pizza-69 404 not found is due to a resource not being present. Please try to reset the browser connection and try re-authenticating. Something is missing on the desktop side, it sounds like.

[flying-pizza-69]

perry-mitchell, it seems like it was a version mismatch issue, i was using the package from AUR. i downloaded the binary from github and it worked. thanks.

[perry-mitchell]

@DawrFromUa Is this still occurring?

@marcovidero Did you manage to replicate?

If the desktop is installed from an up-to-date source and the extension too - then I suppose it could come down to Brave potentially. I don't have the resources to personally add it to the testing regime but I see no reason why it wouldn't work.

[spr2]

I just experienced this issue too: after an app crash completely nulled the desktop.config.json to 0 byte...first got "No API client ID set" error in the browser extension...then after clearing browser extension cache "403 forbidden" and then after reset turning off/on secure file host in the desktop app and then an additional desktop client restart it works again.