Disable plugin on specific domains

[codeindustriesnl]

I've run into a problem with Grafana v10.3.3 (252761264e22ece57204b327f9130d3b44592c01). Using Canvasblocker gives an error using it. I've not been able to disable it only for that website

Description

Grafana seems to be using the API that Canvasblocker is blocking (assumption)

I must use Grafana but I would like to enable Canvasblocker for all other sites. So I would like to disable it for specific Grafana websites.

Expected Behaviour

When encountering a dysfunctional website due to the Canvasblocker plugin to be able to disable the plugin only for that site (once verified).

Current Behaviour

Grafana v10.3.3 (252761264e22ece57204b327f9130d3b44592c01) does not allow me to login. It provides an error message showing

If you're seeing this Grafana has failed to load its application files

1. This could be caused by your reverse proxy settings.

2. If you host grafana under subpath make sure your grafana.ini root_url setting includes subpath. If not using a >reverse proxy make sure to set serve_from_sub_path to true.

3. If you have a local dev build make sure you build frontend using: yarn start, or yarn build

4. Sometimes restarting grafana-server can help

5. Check if you are using a non-supported browser. For more information, refer to the list of supported browsers.

Possible Solution

To be able to exclude Canvasblocker to work on a specific domain/url.

Steps to Reproduce (for bugs)

Context

I must use a private tab

No.

Your Environment

• CanvasBlocker Version used: Version 1.10.1
• Firefox version incl. 32- or 64-bit: 124.0.1 (64-bit)
• Operating System and version (desktop or mobile): Manjaro desktop
• Installed addons: Selenium, SAML tracer, KeypassXC, addblock plus

Your Settings

<!--- Copy your CanvasBlocker settings here. -->
<!-- They can be retrieved by checking the expert mode and going to export settings. -->
<!--- You may consider deleting personal data - especially the "persistentRndStorage". -->

[spodermenpls]

Click on the fingerprint icon in the address bar, and hover over the domain on the line of the protection that you want to disable, and click on the green checkmark: If you don't know which API protection(s) is/are actually at fault, the temporary disabling (checkmark with clock symbol) may be useful too, to do some easily reversible testing (by restarting FF). Okay, nevermind, the clock checkmark only whitelists the domain for all API protections, not for individual ones. @kkapsner Maybe a feature to consider, temporary (= only for this session) API-specific whitelisting? 😅

To disable CanvasBlocker as a whole for a domain, quick and dirty, you can click on the big blue icon in CB's extension menu (accessible via the "Extensions" puzzle piece button to the right of the address and search bar):

Addendum: "Failed to load application files" kinda sounds like an issue caused by the default block of all Data URLs, you can whitelist the domain in the corresponding Data URL settings in the third pane ("Misc") of the CB settings ("expert mode" must be ticked), by adding the domain and then removing its checkmark. Maybe that's the culprit.

[NDev8]

I have the same problem after an update. Allowing all APIs does not seem to help.

To reproduce this, you can use https://play.grafana.org/ You only need to open the site (no login required)

The following error is displayed on the console: Uncaught TypeError: `target` argument of Reflect.getPrototypeOf must be an object, got null

You can enable the Pause on exceptions checkbox in the debugger to see the code line that causes the exception: https://github.com/kkapsner/CanvasBlocker/blob/54c625cd267fa6923ea1e210f04714fce0bb46e8/lib/extension.js#L182

It was added in 54c625c

Unfortunately, I don't have the time to debug the error further.

[thatso]

I can confirm this behavior for the latest Grafana 10.4.2-OSS and it cost me the better part of this night's sleep as I coincidentally ran into this problem right after a crash of my docker host which led me to believe that the Grafana container's data volume got trashed. After wasting lots of time repeatedly restoring the volume from a recent backup and the error If you're seeing this Grafana has failed to load its application files stayed, I finally started to suspect something entirely different to be the culprit and eventually discovered this issue here. :astonished: Also, as has already been stated on numerous occasions, it was extremely hard to figure out how to whitelist a domain and even than it continued failing to load.

[kkapsner]

Please try the latest beta: https://canvasblocker.kkapsner.de/versions/?C=M;O=D

[spodermenpls]

Also, as has already been stated on numerous occasions, it was extremely hard to figure out how to whitelist a domain and even than it continued failing to load.

@kkapsner Maybe it's time for a dedicated entry in the "FAQ" page with screenshots (how to whitelist API-specific for domains, how to whitelist domains temporarily, how to disable CB on a site with my blue button), including a mention of Data URLs being blocked by default (and where to whitelist domains for that) - Data URLs only being somewhat mentioned in the "why does CB need permission X" section is not too helpful for issues from this angle.

[thatso]

@spodermenpls I tried to completely disable CB for Grafana like you described: This resulted in the following section being added to the settings:

"urlSettings": [
        {
            "url": "grafana.lan",
            "blockMode": "allowEverything",
            "blockDataURLs": false
        }
    ],

However, it still did not load (I even tried CTRL + F5 in Firefox, cleared the cache and all things like that). Side note: export settings -> inspect to get there is unexpected and the fact that changes made in this view turn active without any further confirmation dialogue even more so.

@kkapsner canvasblocker_beta-1.11.20240417.xpi with default settings lets Grafana load correctly. :+1: At the first try, I fell for the fact that beta and release versions were active at the same time causing loading to continue to fail: I admit not having read any beta restrictions, but maybe you can make release and beta versions to automatically be mutually exclusive to avoid this pitfall?

[spodermenpls]

@thatso Well, whitelisting not changing the issue is to be expected, since this is already confirmed to be a lower-level bug/regression in CanvasBlocker, independent of issues with API-specific protections. I'm not sure why you open/tinker with "export settings" though, this is (as the name suggests) only necessary if you want to export the settings (either for a transfer between devices or to post your settings here on GitHub), it's the equivalent of "about:config" in FF, if you will - just without the warning prompt.

I don't think one can automatically disable add-ons without user interaction the way you described, I guess @kkapsner needs to add a disclaimer ("please disable the release version of CanvasBlocker while the Beta version is active") when he posts his one-line plea for beta testing. 😅

[thatso]

It seems I've missed the fact that whitelisting does not help. Must have been too late in the night for me. :wink: However, I was not sure if the entry in block mode equals a whitelist and couldn't find any other place to check besides the mentioned export settings. As said: I expected this to be a text view of the settings to copy and paste somewhere else rather than a live edit. A respective warning note would be extremely helpful.

[NDev8]

The beta works for me too. Thank you for fixing the bug.

[Qhilm]

The latest beta also fixes an issue on salesforce. Specific pages/tabs inside Salesforce where unable to load since weeks (unclear if it's a salesforce or canvasblocker change), I whitelisted all the domains I could think of and it wasn't helping.

canvasblocker_beta-1.11.20240417.xpi fixes my issue.

Just in case anyone searches for "salesforces" in here.

[Qhilm]

Issue is back for salesforce, I'm now 1.10.1 (not on the beta). I have whitelisted all domains I can think of that could be related, but it has no impact.

Question: how can I see all domains the webpage is loading? Maybe I'm missing something. Salesforce is a mess of iFrames and the likes.

[StarkZarn]

This is still an issue for Grafana as well.

[zkhcohen]

This is still an issue for Grafana as well.

This project is abandoned. The developer has had the fix in the beta (which you should download) for months, and hasn't submitted it to Firefox for release approval.

[spodermenpls]

@zkhcohen CanvasBlocker isn't abandoned for good yet, @kkapsner was last active here "only" 4 weeks ago. He does everything in his spare time and by himself, he may have other priorities for the moment or may not have realized the gravity of the issue fully yet. As mentioned, those affected can already switch to the latest beta version, that seemingly fixes the issue.