Suite in Tor browser doesn't see Trezor Bridge running

[STew790]

Describe the bug When I try to go to Suite web page in Tor browser, Suite shows me that it doesn't see bridge running even though you can go to bridge status page and that shows you the bridge is in fact running. @wendys-cats and @bosomt are experiencing the same. @wendys-cats also reports, that in the Brave browser, when you turn ON the Tor, it is working OK but only because Brave actually uses WebUSB and not bridge. Also, in Tor browser, it doesn't matter if you try to go to standard URL or onionized URL.

Steps to reproduce:

1. Open Tor Browser
2. Go to Trezor Suite web (standard or onionized URL)
3. Connect your device
4. Observe, that the Suite is not seeing Trezor Bridge is running

Info:

• Suite version: web 22.3.2 (563be1e28ad75ddd4e38c2002e6032b0743511d2)
• Browser: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
• OS: Linux x86_64
• Screen: 1800x900
• Device:

Expected result: I can use Trezor Suite in Tor browser and connect my device.

Actual result: I can't connect my device to Trezor Suite in Tor browser.

Screenshots:

[prusnak]

Have you implemented all steps documented in https://wiki.trezor.io/Tor ?

(Especially setting network.proxy.no_proxies_on and network.http.referer.hideOnionSource variables)

I think we might want to increase visibility of these steps if we add them directly in the "Trezor Bridge is not running dialog" (if we have web suite).

[wendys-cats]

@prusnak yes, we did (for Tor Browser). Others (@matejkriz and @marekrjpolak ) have confirmed it as well.

Looks like a tor+bridge issue, since Brave+tor can find the device, but only via webusb.

[prusnak]

I can reproduce locally with Tor Browser 11.0.7.

It seems that something has changed in CORS handling. Before, Origin was not propagated to Trezor Bridge via HTTP headers unless network.http.referer.hideOnionSource was set to False. Trezor Bridge needs to know the Origin, because it does the website filtering, otherwise it will not respond. It seems to me (needs to be confirmed) that the Browser now does not report the Origin to Bridge even if network.http.referer.hideOnionSource is set to False.

[bosomt]

Retested in latest version of Tor browser - 11.0.14 same behavior, Bridge is running but device is not recognized/detected by Tor browser

[Hercules1122]

Hope that gets resolved as well. https://github.com/trezor/trezor-suite/issues/6588

[Hercules1122]

Does anyone get the Trezor working on another OS than Windows?

On Tails doesn't work.

On Whonix I run on Terminal in the folder sudo dpkg -i trezor-bridge_2.0.27_amd64.deb and sudo dpkg -i trezor-udev_2_all.deb. Than open Suite and says ' Trezor Bridge not running '. I got a notification though that a new Version of Suite is available, but I dont get access to Tor when I want to connect at the switch. The Download starts. Tor Browser on Whonix also doesnt show up http://127.0.0.1:21325/ the Trezor device. So the Device doesnt get recognized on Whonix as well... and I dont get connection to Tor on Suite on Whonix.

On Whonix I can start the App 'MyCrypto' and I get connection to the Ethereum Network. Which doesn't work on Tails actually. Than I get asked ' How would you like to connect to your Wallet? ' There is Trezor listed. ' Connect to Trezor ' - no device connected. As the device doesnt get recognized on Whonix.

On Kali Linux, I see the http://127.0.0.1:21325/status/ page, but says connected Devices: 0 Also on Suite App it says ' Connect your Trezor '.

I would like to have the Trezor running on a Tor by default OS or Tor Browser.

[Hercules1122]

For sure on Tails the Trezor works for Electrum. But what about others coins?

Just to have it running on Tor Browser would be the nicest option.

[matejkriz]

I can run and use Suite in Tor browser 11.5.7 when NoScript addon (about:addons) is disabled.

1. do all the instuctions described here https://trezor.io/learn/a/tor-in-trezor-suite-app
2. on top of that type about:addons to url in Tor Browser
3. disable NoScript addon by toggle (I can't find some setting inside to make it work, has to be completely disabled 😞 )

[Hercules1122]

I can run and use Suite in Tor browser 11.5.7 when NoScript addon (about:addons) is disabled.

1. do all the instuctions described here https://trezor.io/learn/a/tor-in-trezor-suite-app

2. on top of that type `about:addons` to url in Tor Browser

3. disable NoScript addon by toggle (I can't find some setting inside to make it work, has to be completely disabled 😞 )

Works, very nice and good news! =) With the onion link it still says 'Trezor Bridge is not running' though.

[prusnak]

With the onion link it still says 'Trezor Bridge is not running' though.

Is network.http.referer.hideOnionSource set to false?

[Hercules1122]

With the onion link it still says 'Trezor Bridge is not running' though.

Is network.http.referer.hideOnionSource set to false?

Yes, still doesn't work.

[sime]

With the onion link it still says 'Trezor Bridge is not running' though.

Is network.http.referer.hideOnionSource set to false?

Yes, still doesn't work.

Can you access the bridge directly via the following URL?

http://127.0.0.1:21325/status/

[Hercules1122]

On Tor Browser it works to connect via clearnet page to Suite. But doesn't work with .onion link. Says 'Trezor Bridge is not running'. Bridge Status page works.

[matejkriz]

@Hercules1122 Works for me even on .onion, see:

what is you Tor Browser version and platform? Could you please double check all 7 steps from Instructions for enabling Trezor Bridge in Tor Browser?

[Hercules1122]

@Hercules1122 Works for me even on .onion, see:

what is you Tor Browser version and platform? Could you please double check all 7 steps from Instructions for enabling Trezor Bridge in Tor Browser?

Thanks for reaching back. Tried on another computer, on Windows. Same result. Works on clearnet url, but doesnt work on .onion. Trezor get recognized in Status page correctly and I followed the steps in the instruction. Still says ' Trezor Bridge is not running ' at .onion.

[sime]

@Hercules1122 Additional debugging can be retrieved from the Console log. Tools menu > Browser Tools > Web Developer Tools. Please share what errors you might find there.

[Hercules1122]

@Hercules1122 Additional debugging can be retrieved from the Console log. Tools menu > Browser Tools > Web Developer Tools. Please share what errors you might find there.

This appears in the console: 'Access-Control-Allow-Origin' https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowOrigin

[prusnak]

This appears in the console:

'Access-Control-Allow-Origin'

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowOrigin

Can you please post a screenshot of the whole browser window (so we see the address-bar and contents of the website) together with the console open?

[Hercules1122]

This appears in the console: 'Access-Control-Allow-Origin' https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowOrigin

Can you please post a screenshot of the whole browser window (so we see the address-bar and contents of the website) together with the console open?

Sure..

[Hercules1122]

Here all good.. :)

[prusnak]

Hm, what version of the bridge are you running? What does http://localhost:21325/ say?

[sime]

@Hercules1122 I managed to reproduce your issue when network.http.referer.hideOnionSource in about:config is set to true.

Our docs clearly say to set it to false.

[Hercules1122]

Hm, what version of the bridge are you running? What does http://localhost:21325/ say?

Currently installed: Trezor Bridge 2.0.27 http://127.0.0.1:21325/status/ Connected devices: 1 and recognize the Trezor I am using.

@Hercules1122 I managed to reproduce your issue when network.http.referer.hideOnionSource in about:config is set to true.

Our docs clearly say to set it to false.

As said on clearnet link it works to connect to Suite. It's set to false. Probably otherwise it won't work on regular link.

[prusnak]

Currently installed: Trezor Bridge 2.0.27

That's it. You have to be running Trezor Bridge at least version 2.0.30 to enable bridge on .onion addresses.

You can download it from here https://github.com/trezor/data/tree/master/bridge/2.0.30

[Hercules1122]

Currently installed: Trezor Bridge 2.0.27

That's it. You have to be running Trezor Bridge at least version 2.0.30 to enable bridge on .onion addresses.

You can download it from here https://github.com/trezor/data/tree/master/bridge/2.0.30

Works now! 👯‍♂️ Wonderful! 👍 I didn't notice that there is a newer version. Because on https://trezor.io/learn/a/what-is-trezor-bridge -> https://suite.trezor.io/web/bridge/ the Download Button says 'Download latest Bridge 2.0.27'

Thank you very much for the service and great support! :-) Keep it up!

[sime]

@STew790 I think this can be closed. Running Suite in Tor browser is now documented here: https://trezor.io/learn/a/tor-in-trezor-suite-app

[prusnak]

Running Suite in Tor browser is now documented here: https://trezor.io/learn/a/tor-in-trezor-suite-app

Can we please add note to this page that Trezor Bridge version at least 2.0.30 is required?

Then we can close the issue.

[STew790]

Required version of Trezor Bridge added. Closing issue.