Nonresponsive to login

[aaron766]

I have tried removing and downloading the add-on in Firefox twice, and when I attempt to log in using my Pandora information, nothing happens. I can hit enter, the save button, there is no response. Not that an error was found in my username/password, that might actually be helpful. It just does nothing. This is using the up-to-date Firefox 88.0.1 browser.

[cpgeek]

Both the firefox and chrome versions of this plugin stopped behaving, upon reinstall, I found that neither would allow me to login. I'm sorry to say that I don't know anything about programming so I thought I would try to add another datapoint. Thank you for your help and making such a fantastic extension!

[hucario]

Reproduced this- It appears to be a network loop. Unsure of what to do in order to fix it. It needs further investigation, but it may be a day or two before I can get around to it.

[hucario]

Looks like the loop is caused by this:

        dataType: "json",
        success: function (response, status, xhr) {
            if (response.stat === "fail") {
                switch (response.code) {
                case 0:
                    return;
                case 1001:
                    partnerLogin();
                    break;

First, partner login succeeds Partner login calls user login User login fails with status 1001, causing partner login Partner login succeeds, then calling user login etc Full response:

{
    code: 1001,
    message: "Invalid username and/or password",
    stat: "fail"
}

Are y'all sure your password is correct? I'm going to try my password on pandora.com just in case

[cpgeek]

That was my first thought as well, but then I reset my password and am absolutely certain i entered the new one correctly. it works just fine on pandora.com.

[Seawolf87]

This is happening for me as well. It seems like it hangs a long time (looping) and then comes back with failed login creds. Those exact creds (copy pasted) work in Pandora.com.

Browser: Chrome version 2.0.0

[gjanes]

I opened another issue related to this problem, as I thought this particular issue was targeting the Firefox plugin. But I'm seeing the same as Seawolf87, after the update the plugin simply hangs. It was logged in previously with the credentials that work on pandora.com.

I found no way to get it to respond, the controls wouldn't do anything, so I closed the plugin window and tried to open it again, still unresponsive and would not re-open. Tried uninstalling the plugin to clear all data and install it again, and can't find the plugin in the Chrome store, so couldn't re-install, now I'm having to listen to pandora in a tab again. I miss your plugin.

Latest Chrome, version 2.0.0 (though now no version, can't re-install)

[pvrs12]

My bet on this is that Pandora’s API has changed. It’s possible (likely) they patched out the methods which we were using to access. They were ancient at this point so this isn’t too surprising. I may have some time to poke this weekend, but it’s unlikely I’ll be able to come to any easy fixes.

---

From: gjanes @.> Sent: Thursday, May 13, 2021 12:57:17 PM To: pvrs12/Anesidora @.> Cc: Subscribed @.***> Subject: Re: [pvrs12/Anesidora] Nonresponsive to login (#67)

I opened another issue related to this problem, as I thought this particular issue was targeting the Firefox plugin. But I'm seeing the same as Seawolf87, after the update the plugin simply hangs. It was logged in previously with the credentials that work on pandora.com.

I found no way to get it to respond, the controls wouldn't do anything, so I closed the plugin window and tried to open it again, still unresponsive and would not re-open. Tried uninstalling the plugin to clear all data and install it again, and can't find the plugin in the Chrome store, so couldn't re-install, now I'm having to listen to pandora in a tab again. I miss your plugin.

Latest Chrome, version 2.0.0 (though now no version, can't re-install)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/pvrs12/Anesidora/issues/67#issuecomment-840693263, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABVCK4NTZRWCATN6MWW45HDTNQAG3ANCNFSM44ZZFGQA.

[lovelydumpling]

Here's to hoping it's not too bad :( This is a real bummer.

[pvrs12]

This is the API that is currently used by Anesidora. I suspect that it has finally been shutdown: https://6xq.net/pandora-apidoc/json/

This is the API that I suspect Anesidora would need to migrate to in order to become functional again: https://6xq.net/pandora-apidoc/rest/

I have spent exactly no time looking at what the level of effort would be to migrate to this. I resurrected Anesidora when I first published it and have been adding on since then. All the API code is still untouched.

I'll see what I can do about porting stuff over to it, but I'm going to be busy until at least 2 weeks from now. @hucario if you end up with any insights lmk

[hucario]

This is the API that is currently used by Anesidora. I suspect that it has finally been shutdown: https://6xq.net/pandora-apidoc/json/

This is the API that I suspect Anesidora would need to migrate to in order to become functional again: https://6xq.net/pandora-apidoc/rest/

I have spent exactly no time looking at what the level of effort would be to migrate to this. I resurrected Anesidora when I first published it and have been adding on since then. All the API code is still untouched.

I'll see what I can do about porting stuff over to it, but I'm going to be busy until at least 2 weeks from now. @hucario if you end up with any insights lmk

That's about what I thought when I went to bed last night. The code would have to be rewritten to take this into account. I actually investigated using the REST api when I was making a separate pandora thing (genericplayer) but eventually ended up going with the JSON API for one reason: The REST API requires a CSRF token which I'm unsure how to get easily. From the documentation:

All requests require an X-CsrfToken header as well as a matching csrftoken cookie. The current version of the API merely validates that the token and cookie match so the client can make up whatever they want. However, the token can also be obtained by making a HEAD request to https://www.pandora.com/ and saving the cookies. The API endpoints will not serve cookies until after authentication. Clients SHOULD make a HEAD request to the root domain and include the current value of the csrftoken cookie in each request.

Of course, I could just do document.cookie = 'csrftoken=cooltoken' and use cooltoken as the csrf header, but I want to do it properly and it's not possible for a cross-origin request to save cookies accessible via document.cookie. (I spent about a day on this before I gave up and used the JSON API). Anesidora is a browser extension though, so there may be an extension-level API for grabbing cookies from a request. I'll research it.

[hucario]

Update: This appears to work, so I'll attempt to integrate it later. You'll need the cookies permission, so that'll have to be added to the manifest.

chrome.cookies.getAll({
    domain: 'pandora.com',
    name: 'csrftoken'
}, (cookies) => {
    console.log(cookies[0].value) // the token
})

[lovelydumpling]

Do you take donations? I want to thank you for the work you put into this~

[pvrs12]

Do you take donations? I want to thank you for the work you put into this~

@lovelydumpling I appreciate the offer, but I don't want to accept any donations for this.

If you'd still like to donate my preference would be to a local charity or a cause that you support

[hucario]

Alright, I've worked on it for a while but I've hit a bit of a roadblock. I can get the CSRF token just fine: However, logging in seems to present a bit of an issue. Pandora appears to be using anti-bot measures More details here: https://github.com/PromyLOPh/pandora-apidoc/issues/45

[pvrs12]

Hmm. If they’re doing dedicated anti-bot measures then it’s probably the end of the line... Not only does that provide difficulty in getting things working again, but it also adds liability to circumvention of things like DMCA, which I’m not a big fan of.

I’ll leave this open to see how the linked issue plays out, but if things go poorly I’ll probably archive the repo and remove the extension.

@hucario thanks again for your work and research into this

---

From: hucario @.> Sent: Monday, May 17, 2021 12:59:23 AM To: pvrs12/Anesidora @.> Cc: Patrick Vares @.>; Comment @.> Subject: Re: [pvrs12/Anesidora] Nonresponsive to login (#67)

Alright, I've worked on it for a while but I've hit a bit of a roadblock. I can get the CSRF token just fine: [image]https://user-images.githubusercontent.com/50851047/118434099-50615000-b691-11eb-880d-789ea4d14b10.png However, logging in seems to present a bit of an issue. Pandora appears to be using anti-bot measures More details here: PromyLOPh/pandora-apidoc#45https://github.com/PromyLOPh/pandora-apidoc/issues/45

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/pvrs12/Anesidora/issues/67#issuecomment-841985206, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABVCK4M5BKWTKPSWT6NTM73TOCPCXANCNFSM44ZZFGQA.

[hucario]

The odd thing is that projects like pianobar still work, so I'm going to investigate their sauce code and see if I can steal replicate it. Tomorrow. I've beat my head against the wall enough today, thanks (attempted to debug the json login endpoint for about an hour with no progress)

[rpuentes2020]

I run a dual boot system with this extension installed on Windows 10 Firefox and Ubuntu 20.04 Firefox v 88.0.1. While switching to my Ubuntu OS, out of habit I launched this extension and learned it still runs fine on Ubuntu... Just thought I'd share this finding.

[dropgate]

I had a different experience under Ubuntu/Firefox. I was able to log in, receive my station list and choose a station. It would retrieve the song name and album art from Pandora but it wouldn't play. Just another data point.

[pvrs12]

Well, this is fun. So it looks like all that was added was some trivial User-Agent. That explains why the Ubuntu users and pianobar had success.

I'll try to get an update out tonight

[pvrs12]

Okay, well that was super easy. New version is being pushed through the Mozilla addon store now.

https://github.com/pvrs12/Anesidora/releases/tag/v2.0.1

[DarkAlchy]

Still broken in Chrome, and works in Firefox but no buttons exist. That part might be because of Umatrix or some other crap I have.

[cpgeek]

confirmed. firefox can now access pandora and the plugin functions but the navigation buttons are not displayed (but their tooltips are so one can navigate using those).

[cpgeek]

And the chrome version still has the same behavior with not logging in.

[Seawolf87]

Chrome bugs I'm seeing are the following: Refused to set unsafe header "User-Agent" and "Uncaught RangeError: Maximum call stack size exceeded." much later on. Like noticed it 10 minutes later.

The UA error is probably causing the login issues. Is there a better way to spoof the UA?

[lovelydumpling]

Can verify Chrome still locking up on my end. Works in Firefox. Regarding the UI, I use the Old layout myself as preference, and it's fully apparent and functional there.

I'm beyond ecstatic that this is working! I used Anesidora for my sleep, and the Pandora's original behavior of "Are you still listening?" really messes with that. It's such a relief that this didn't die permanently, like what seemed possible for a moment there. Thank you immensely.

[hucario]

Well, this is fun. So it looks like all that was added was some trivial User-Agent. That explains why the Ubuntu users and pianobar had success.

I'll try to get an update out tonight

Looks like that wasn't it. Sure, things may be working now, but you can't actually set the user-agent header (it's protected):

[pvrs12]

@hucario is this on chrome? I think it may only be protected there. Also perhaps there is an additional permission I can set

---

From: hucario @.> Sent: Thursday, May 20, 2021 6:23:37 PM To: pvrs12/Anesidora @.> Cc: Patrick Vares @.>; State change @.> Subject: Re: [pvrs12/Anesidora] Nonresponsive to login (#67)

Well, this is fun. So it looks like all that was added was some trivial User-Agent. That explains why the Ubuntu users and pianobar had success.

I'll try to get an update out tonight

Looks like that wasn't it. Sure, things may be working now, but you can't actually set the user-agent header (it's protected): [image]https://user-images.githubusercontent.com/50851047/119056294-4d12e080-b97f-11eb-97dc-115f0acc7493.png

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHubhttps://github.com/pvrs12/Anesidora/issues/67#issuecomment-845519684, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABVCK4KXJQVLTH6DE2BT3X3TOWDWTANCNFSM44ZZFGQA.

[hucario]

@hucario is this on chrome? I think it may only be protected there. Also perhaps there is an additional permission I can set … ____ From: hucario @.> Sent: Thursday, May 20, 2021 6:23:37 PM To: pvrs12/Anesidora @.> Cc: Patrick Vares @.>; State change @.> Subject: Re: [pvrs12/Anesidora] Nonresponsive to login (#67) Well, this is fun. So it looks like all that was added was some trivial User-Agent. That explains why the Ubuntu users and pianobar had success. I'll try to get an update out tonight Looks like that wasn't it. Sure, things may be working now, but you can't actually set the user-agent header (it's protected): [image]https://user-images.githubusercontent.com/50851047/119056294-4d12e080-b97f-11eb-97dc-115f0acc7493.png — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub<#67 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABVCK4KXJQVLTH6DE2BT3X3TOWDWTANCNFSM44ZZFGQA.

I think it's a WHATWG spec, but there is an API for this: https://stackoverflow.com/a/27936481/11726576

[pvrs12]

So it seems that this is a Chrome specific issue. I'm going to move the discussion over to #68

[cpgeek]

So it seems that this is a Chrome specific issue. I'm going to move the discussion over to #68

There's a firefox bug where it isn't rendering the buttons (perhaps we should break that out into another discussion?) and a chrome bug where chrome isn't allowing the extension to set a user agent and thus @hucario 's fix isn't being applied and thus results in the same behavior as indicated at the beginning of this discussion.

[pvrs12]

@cpgeek

71 for the Firefox icons

---

From: cpgeek @.> Sent: Friday, May 21, 2021 11:35:14 AM To: pvrs12/Anesidora @.> Cc: Patrick Vares @.>; State change @.> Subject: Re: [pvrs12/Anesidora] Nonresponsive to login (#67)

So it seems that this is a Chrome specific issue. I'm going to move the discussion over to #68https://github.com/pvrs12/Anesidora/issues/68

There's a firefox bug where it isn't rendering the buttons (perhaps we should break that out into another discussion?) and a chrome bug where chrome isn't allowing the extension to set a user agent and thus @hucariohttps://github.com/hucario 's fix isn't being applied and thus results in the same behavior as indicated at the beginning of this discussion.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHubhttps://github.com/pvrs12/Anesidora/issues/67#issuecomment-846039453, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABVCK4POPLVL2OGG6KBIIODTOZ4TFANCNFSM44ZZFGQA.

[hucario]

From the webRequest docs;

Also synchronous XMLHttpRequests from your extension are hidden from blocking event handlers in order to prevent deadlocks

so uh looks like we finally switching to async requests bois (of note is that this will prevent the main thread from freezing up during requests(!) as well) I'll do it