Breaks all sign in with Google

[yodaluca23]

This extension causes websites to not able to redirect any login with google login.

Description

If you try to sign in with Google on any website, with this extension, it will not be able to redirect and log you in.

Expected Behaviour

It allow the APIs needed to allow websites to redirect from sign in with google.

Current Behaviour

Site is unable to login and redirect.

Possible Solution

Have a toggle to fix log in with Google, toggle explaining, that it may allow some tracking APIs through.

Steps to Reproduce (for bugs)

1. create a fresh Firefox profile
2. Install CanvasBlocker
3. Try to sign into most sign in with google sites, for example (https://www.virustotal.com).

Context

I have had to completely disable the extension, because even if you whitelist accounts.google.com, it still does not work.

Your Environment

• CanvasBlocker Version used: 1.9

• Firefox version incl. 32- or 64-bit: WaterFox 64 bit

• Operating System and version (desktop or mobile): Edition Windows 11 Home Version 23H2 Installed on ‎10/‎1/‎2022 OS build 22631.3007 Experience Windows Feature Experience Pack 1000.22681.1000.0

• Installed addons:

  
  Name: Add-ons Search Detection
  Type: extension
  Version: 2.0.0
  Enabled: true
  ID: addons-search-detection@mozilla.com

Name: Addon Store Compatibility Type: extension Version: 1.0.0 Enabled: true ID: addonstores@waterfox.net

Name: AdNauseam Type: extension Version: 3.19.0 Enabled: true ID: adnauseam@rednoise.org

Name: AntiRickRoll Type: extension Version: 1.7 Enabled: true ID: {5f1ad9c1-371d-4b5a-9469-0a187d41c3e9}

Name: Application Guard Extension Type: extension Version: 2.0.2206.23003 Enabled: true ID: ApplicationGuardRel@microsoft.com

Name: Bing Type: extension Version: 1.3 Enabled: true ID: bing@search.waterfox.net

Name: Bitwarden - Free Password Manager Type: extension Version: 2023.12.1 Enabled: true ID: {446900e4-71c2-419f-a6a7-df9c091e268b}

Name: BTRoblox - Making Roblox Better Type: extension Version: 3.4.1 Enabled: true ID: btroblox@antiboomz.com

Name: Bypass Paywalls Clean Type: extension Version: 3.5.0.0 Enabled: true ID: magnolia@12.34

Name: ChatGPT for Google Type: extension Version: 2.1.1 Enabled: true ID: {4b726fbc-aba9-4fa7-97fd-a42c2511ddf7}

Name: ClassLink OneClick Extension Type: extension Version: 6.4 Enabled: true ID: classlink_firefox_addon@classlink.com

Name: ClearURLs Type: extension Version: 1.26.1 Enabled: true ID: {74145f27-f039-47ce-a470-a662b129930a}

Name: Dark Reader Type: extension Version: 4.9.74 Enabled: true ID: addon@darkreader.org

Name: DuckDuckGo Type: extension Version: 1.1 Enabled: true ID: ddg@search.waterfox.net

Name: Ecosia Type: extension Version: 1.1 Enabled: true ID: ecosia@search.waterfox.net

Name: Font Fingerprint Defender Type: extension Version: 0.1.4 Enabled: true ID: {96ef5869-e3ba-4d21-b86e-21b163096400}

Name: FreshView for YouTube™ Type: extension Version: 2.1.0 Enabled: true ID: {8c27b925-ee33-423f-88a8-5e80f2c43cc0}

Name: Google Type: extension Version: 1.2 Enabled: true ID: google@search.waterfox.net

Name: Grammarly: Grammar Checker and AI Writing App Type: extension Version: 8.909.0 Enabled: true ID: 87677a2c52b84ad3a151a4a72f5bd3c4@jetpack

Name: Honey Type: extension Version: 12.8.4 Enabled: true ID: jid1-93CWPmRbVPjRQA@jetpack

Name: I don't care about cookies Type: extension Version: 3.5.0 Enabled: true ID: jid1-KKzOGWgsW3Ao4Q@jetpack

Name: Indie Wiki Buddy Type: extension Version: 3.3.0 Enabled: true ID: {cb31ec5d-c49a-4e5a-b240-16c767444f62}

Name: Malwarebytes Browser Guard Type: extension Version: 2.6.17 Enabled: true ID: {242af0bb-db11-4734-b7a0-61cb8a9b20fb}

Name: Modern for Wikipedia Type: extension Version: 1.25 Enabled: true ID: {e9090647-32ff-48e4-9c3c-1361e8fd270e}

Name: Netflix Color Plus Type: extension Version: 2.4.8 Enabled: true ID: NetflixColorPlus@extension

Name: PronounDB Type: extension Version: 0.14.1 Enabled: true ID: firefox-addon@pronoundb.org

Name: Qwant Type: extension Version: 1.1 Enabled: true ID: qwant@search.waterfox.net

Name: Rakuten: Get Cash Back For Shopping Type: extension Version: 5.36.1 Enabled: true ID: {35d6291e-1d4b-f9b4-c52f-77e6410d1326}

Name: Refined GitHub Type: extension Version: 24.1.10 Enabled: true ID: {a4c4eda4-fb84-4a84-b4a1-f7c1cbf2a1ad}

Name: Remove YouTube™ Tab Number Type: extension Version: 0.5 Enabled: true ID: {7b3d30b7-08e6-458e-a034-cd8635d12bc6}

Name: Return YouTube Dislike Type: extension Version: 3.0.0.14 Enabled: true ID: {762f9885-5a13-4abd-9c77-433dcd38b8fd}

Name: Rounded Tube Type: extension Version: 1.9.4 Enabled: true ID: {e03ca11f-3adb-4795-830f-7c4b0e439e25}

Name: Ruffle - Flash Emulator Type: extension Version: 0.1.0.1079 Enabled: true ID: {b5501fd1-7084-45c5-9aa6-567c2fcf5dc6}

Name: Schoology Plus Type: extension Version: 7.8.6 Enabled: true ID: schoology.plus@aopell.me

Name: Silk - Privacy Pass Client Type: extension Version: 4.0.0 Enabled: true ID: {48748554-4c01-49e8-94af-79662bf34d50}

Name: Simple Translate Type: extension Version: 2.8.2 Enabled: true ID: simple-translate@sienori

Name: SingleFile Type: extension Version: 1.22.39 Enabled: true ID: {531906d3-e22f-4a6c-a102-8057b88a1a63}

Name: SponsorBlock for YouTube - Skip Sponsorships Type: extension Version: 5.4.29 Enabled: true ID: sponsorBlocker@ajay.app

Name: Startpage Type: extension Version: 1.0 Enabled: true ID: startpage@search.waterfox.net

Name: Stop Mod Reposts Type: extension Version: 5.1.0 Enabled: true ID: jid1-sykbIdJBHPRJPA@jetpack

Name: Surfshark VPN Extension Type: extension Version: 4.8.1 Enabled: true ID: {732216ec-0dab-43bb-ac85-4b5e1977599d}

Name: Suspicious Site Reporter Type: extension Version: 1.23 Enabled: true ID: {4d0d1b7b-351a-41da-bef8-8c565fdbbcb4}

Name: Tampermonkey Type: extension Version: 5.0.1 Enabled: true ID: firefox@tampermonkey.net

Name: Unpaywall Type: extension Version: 3.98 Enabled: true ID: {f209234a-76f0-4735-9920-eb62507a54cd}

Name: User-Agent Switcher and Manager Type: extension Version: 0.5.0 Enabled: true ID: {a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}

Name: Wayback Machine Type: extension Version: 3.2 Enabled: true ID: wayback_machine@mozilla.org

Name: Yahoo! Type: extension Version: 1.0 Enabled: true ID: yahoo@search.waterfox.net

Name: Youtube-shorts block Type: extension Version: 1.4.1 Enabled: true ID: {34daeb50-c2d2-4f14-886a-7160b24d66a4}

Name: CanvasBlocker Type: extension Version: 1.9 Enabled: false ID: CanvasBlocker@kkapsner.de

## Your Settings
~~~ json
<!--- Copy your CanvasBlocker settings here. -->
<!-- They can be retrieved by checking the expert mode and going to export settings. -->
<!--- You may consider deleting personal data - especially the "persistentRndStorage". -->
~~~

{ "logLevel": 1, "urlSettings": [ { "url": "mail.google.com", "protectDOMRect": false }, { "url": "onedrive.live.com", "protectDOMRect": false }, { "url": "paypal.com", "protectWindow": false }, { "url": "dhl.de", "protectWindow": false }, { "url": "------", "protectedCanvasPart": "nothing", "blockMode": "allow", "protectAudio": false, "historyLengthThreshold": 10000, "protectDOMRect": false, "protectWindow": false, "protectScreen": false, "protectSVG": false } ], "hiddenSettings": {}, "expandStatus": {}, "displayHiddenSettings": false, "whiteList": "", "sessionWhiteList": "", "blackList": "", "blockMode": "fake", "protectedCanvasPart": "input", "minFakeSize": 10, "maxFakeSize": 1000000, "rng": "persistent", "protectedAPIFeatures": {}, "useCanvasCache": true, "ignoreFrequentColors": 3, "minColors": 3, "fakeAlphaChannel": false, "webGLVendor": "", "webGLRenderer": "", "webGLUnmaskedVendor": "", "webGLUnmaskedRenderer": "", "persistentRndStorage": "{\"--------------------------------------------", "persistentIncognitoRndStorage": "", "storePersistentRnd": true, "persistentRndClearIntervalValue": 0, "persistentRndClearIntervalUnit": "days", "lastPersistentRndClearing": 1703561879238, "sharePersistentRndBetweenDomains": false, "askOnlyOnce": "individual", "askDenyMode": "block", "showCanvasWhileAsking": true, "showNotifications": true, "highlightPageAction": "none", "highlightBrowserAction": "color", "displayBadge": true, "storeNotificationData": false, "storeImageForInspection": false, "ignoreList": "", "ignoredAPIs": {}, "showCallingFile": false, "showCompleteCallingStack": false, "enableStackList": false, "stackList": "", "protectAudio": true, "audioFakeRate": "0.1%", "audioNoiseLevel": "low", "useAudioCache": true, "audioUseFixedIndices": true, "audioFixedIndices": "11", "historyLengthThreshold": 2, "protectWindow": true, "allowWindowNameInFrames": true, "protectDOMRect": true, "domRectIntegerFactor": 4, "protectSVG": true, "protectTextMetrics": true, "blockDataURLs": true, "protectNavigator": false, "navigatorDetails": {}, "protectScreen": true, "screenSize": "", "fakeMinimalScreenSize": false, "displayAdvancedSettings": true, "displayDescriptions": false, "theme": "auto", "dontShowOptionsOnUpdate": false, "disruptSessionOnUpdate": false, "updatePending": false, "isStillDefault": false, "storageVersion": 1 }

[AtmosphericIgnition]

I see that you have a userAgent switcher installed, are you spoofing your userAgent? Even if the extension is disabled, check if Firefox is actually sending the correct userAgent string.

I remember encountering a glitch where even after a userAgent spoofing extension was disabled, the browser was still sending the spoofed userAgent because, the config override didn't revert back to the original string. There is a similar issue about not being able to log into Google because of a userAgent override triggering Google's bot detection nonsense and refusing to allow logging in. You can check your userAgent by going to a site like browserleaks.com and see if the UA string matches your OS and browser.

I also see that you have a lot of extensions enabled, so it could be worth checking if one of them is trying to protect a JS API that CanvasBlocker is also trying to protect and causing issues. It might also be worth checking your about:config, ticking the Show only modified preferences box, and looking for any config that might have been changed by you, or an extension.

Let me know if any of this helped you.

[kkapsner]

Whitelisting accounts.google.com works for me

Please try the latest beta at https://canvasblocker.kkapsner.de/versions/?C=M;O=D

[koullis22]

after update 1.10 i couldnt login to gmail accounts..i was always getting

This browser or app may not be secure. “try using a different browser.If you’re already using a supported browser,you can refresh your screen and try again to sign in”

reinstalled 1.09 and works fine

[kkapsner]

1.10.1 is in the approval process.

[koullis22]

1.10.1 is in the approval process.

great thanks

[AtmosphericIgnition]

I just got the update to 1.10.1 from the Mozilla Add-on Store, and it has fixed all issues with Google sites for me.

[koullis22]

I just got the update to 1.10.1 from the Mozilla Add-on Store, and it has fixed all issues with Google sites for me.

thank you for the update..i will check it once i restart firefox

[yodaluca23]

I will test it when I get time.

[yodaluca23]

I will test it when I get time.

Just tried signing into VirusTotal, with Google, while using the updated extension, and I was still unable to be redirected and logged in until I disabled the extension. How do I add a site to the whitelist?

[yodaluca23]

Just tried signing into VirusTotal, with Google, while using the updated extension, and I was still unable to be redirected and logged in until I disabled the extension. How do I add a site to the whitelist?

I added accounts.google.com to the whitelist, by manually editing the save file and loading it, I then unchecked all the boxes to not protect any APIs on accounts.google.com, and restarted firefox, and it's still not redirecting me logged in...

[kkapsner]

At which screen are you not redirected? Please give me some screenshots.

[spodermenpls]

@yodaluca23 I just tested it out, you have to whitelist the Window API protection for virustotal.com (same pop-up problem as with PayPal and DHL.de), then it should work. How to whitelist the Window API protection you may ask? Go to the CanvasBlocker settings->"APIs" tab on the left->scroll down to "Window API"->expand the "site-specifc values" list by clicking on the small black arrow on the right->type virustotal.com in the text field, click the "+" and then remove its checkmark.

[yodaluca23]

@yodaluca23 I just tested it out, you have to whitelist the Window API protection for virustotal.com (same pop-up problem as with PayPal and DHL.de), then it should work. How to whitelist the Window API protection you may ask? Go to the CanvasBlocker settings->"APIs" tab on the left->scroll down to "Window API"->expand the "site-specifc values" list by clicking on the small black arrow on the right->type virustotal.com in the text field, click the "+" and then remove its checkmark.

Tried that, still did not work.

Here is the screen recording @kkapsner

https://github.com/kkapsner/CanvasBlocker/assets/67206487/e592a6c3-856a-47c6-b2aa-e3cc66be2c72

[spodermenpls]

@yodaluca23 I even opened an account on VirusTotal now to test it under the same conditions as you do, it works perfectly. Are you really sure you added virustotal.com (as described above), and not accounts.google.com, or something else? The site-specific entry among the Window API settings has to look like this:

[yodaluca23]

@yodaluca23 I even opened an account on VirusTotal now to test it under the same conditions as you do, it works perfectly. Are you really sure you added virustotal.com (as described above), and not accounts.google.com, or something else? The site-specific entry among the Window API settings has to look like this:

Yes, mine looks just like that....

[spodermenpls]

@yodaluca23 Hm.. I don't know what the issue is on your end, then. I use Firefox instead of Waterfox, don't know if that has something to do with it.