search

keepassxreboot / keepassxc-browser

KeePassXC Browser Extension
GNU General Public License v3.0
1.72k stars 176 forks source link

TypeError: 'toJSON' called on an object that does not implement interface PublicKeyCredential. #2298

Open piyushgarg opened 1 month ago

piyushgarg commented 1 month ago

Background: The current version 1911 is working fine with passkey on chrome browsers but not on Firefox based browsers.

Expected Behavior

1911 version should work with passkey on Firefox browsers also. Found that version 1903 version working fine with Firefox. Found that code has been refactored to Prototype based. Well not sure if it could cause an issue. Downloaded the old version https://addons.mozilla.org/firefox/downloads/file/4257616/keepassxc_browser-1.9.0.3.xpi

working object 1903

image

non-working object 1911

image

Current Behavior

Somewhere after 1903 version code has been refactored to Prototype based approach than the earlier approach. After the publickeycredential object is sent back to the client code, it tries to convert it into its JSON.stringify() which works on 1903 but not on 1911 and hence the error (in subject)

Possible Solution

I possibly assume the problem is somewhere in the object type.

Steps to Reproduce (for bugs)

  1. Unfortunately as the server meant for emp, it wont work for outside.
  2. I will try to help to get it fixed.

Debug info

KeePassXC - {2.7.9} KeePassXC-Browser - {1911} Operating system: Linux Browser: Firefox/Librewolf

varjolintu commented 1 month ago

According to these sites the whole .toJSON() is still a bit experimental, and a proper support for Chrome is arriving with version 129. Is it possible that the site itself is doing something strange?

https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential/toJSON https://chromestatus.com/feature/5141695044255744?context=myfeatures

mcimadamore commented 2 weeks ago

I have exactly this same problem (unfortunately also on an internal link that I cannot share here). Downgrading keepassxc-browser plugin to 1.9.0.3 does the trick - but it would be handy if this was fixed in the upstream version.

mcimadamore commented 2 weeks ago

This seems similar: https://github.com/keepassxreboot/keepassxc-browser/pull/2323 But I've tried the patch locally, and doesn't seem to solve this issue.

varjolintu commented 2 weeks ago

Instead of internal links, I'd need a site where I can reproduce this.

mcimadamore commented 1 week ago

Made some progress, and was able to find a workaround. On Firefox, go to about:config, and set security.webauthn.enable_json_serialization_methods to false. This solves the issue, which seems to point at either some issue in how FF does this, or in how the website itself fails to take into account this new protocol which, as noted in the discussion above, is relatively new, and only currently implemented in FF (19+). (although, I cannot explain why downgrading the browser plugin to 1903 makes this problem disappear)

varjolintu commented 1 week ago

Downgrading probably helps because in that old extension version a normal Object was handled instead of the actual object prototype.