LastPass Chrome Extension breaks some WHM functionality

[sneader]

The LastPass password vault extension for Chrome seems to break certain WHM functionality. For example, if I try to install an SSL certificate, and paste in the .crt, I don't get the button that appears which lets me pre-populate the rest of the fields based on the crt details... or if I go to Edit DNS and type in a domain name, it no longer automatically finds the domain name.

--snip--
Uncaught SecurityError: Blocked a frame with origin "https://www.example.com:2087" from accessing a frame with origin "chrome-extension://hdokiejnpimakedhajhdlcegeplioahd". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "chrome-extension". Protocols must match.
--snip--

I opened a ticket with LastPass, but they claim this is a WHM problem and not a LastPass problem. Below is the communication received from Last Pass:

"LastPass Ticket # 1017296: Based on the error, it looks like cPanel is trying to access our frame, rather than us trying to access their frame. So, there is nothing we can do within our product to fix it."

I opened a ticket with cPanel (ID# 4379329) and they have confirmed the incompatibility and assigned an internal case ID of #81245.

Just thought I would document this, in case anyone else came here looking for help on this problem, like I did.

- Scott

 

[cPanelMichael]

Hello

I have reviewed internal case number 81245 that was opened with your ticket. The response on this internal case indicated the issue is actually with the Last Pass software. I recommend opening a support ticket with Last Pass, and requesting more technical information. It's possible the methods they implement are not compatible with cPanel/WHM.

Thank you.

 

[sneader]

Hi Michael. If you scroll up and read my first post, it not only shows that I opened a ticket with LastPass first (before contacting cPanel) but I even included their response, which states that this is a cPanel problem. Can you review this, and then let me know what you think I should do next?

- Scott

 

[cPanelMichael]

To clarify, I did review your original post before responding. The issue here is that the error is not directly related to cPanel/WHM itself. It's an issue with their application. They may need to modify their application to support cPanel/WHM authentication. They are welcome to contact us with any technical questions that can help them better modify their application to support interactions with cPanel/WHM.

Thank you.

 

[sneader]

Thanks Michael. How would they contact you? I did it via the ticket process, but they would not have an "IP Address" to use.

- Scott

 

[cPanelMichael]

They can register a forums account and post directly on our developers forum at:

cPanel Developers

Self Edit - Posting on our developers forum is the recommended method at this point.

Thank you.

 

[cPanelKenneth]

Scott,

I'm not able to reproduce the described behavior with the LastPass Chrome extension, and cPanel & WHM 11.40. I attempted the following:

1. Within WHM click Install an SSL Certificate on a Domain
2. Paste the Certificate into the Certificate field
3. Input the Domain name in the Domain field
4. The Autofill by Domain button was clickable

1. Within WHM click Install an SSL Certificate on a Domain
2. Input the Domain name in the Domain field
3. Click the 'Autofill by Domain' button

1. Within WHM click Install an SSL Certificate on a Domain
2. Input the Domain name in the Domain field
3. Click the 'Autofill by Domain' button
4. Paste the Certificate into the Certificate field
5. Click the 'Autofill be Certificate' button

In all instances the button(s) was clickable, and fields were populated.

cPanel & WHM 11.40
LastPass Chrome Extension 2.5.5

 

[sneader]

Hi Kenneth. Is there a way you can test with 11.38? If it doesn't work, then we know that 11.40 fixes this. If it works for you in 11.38.2.12 (the current Stable I'm running) then you have some other variable... as the person working with me on my cPanel ticket WAS able to reproduce this.

By the way, there has never been a problem with LastPass/WHM/Chrome until very recently... some recent 11.38.2 build broke something)

Thanks again... this is encouraging that 11.40 will solve it (assuming that it's broken for you in 11.38, but working in 11.40)

- Scott

 

[laxbobber]

In Chrome 30.0.1599.101 on MacOS and LastPass Version: 2.5.4 / Built: 2013-08-21 22:42:06
and on
Chrome 30.0.1.599.101 m on Windows 7 with LastPass Version 2.5.5 / Built: 2013-08-21 22:49:02

This is with WHM 11.38.2 (build 12)

I get this error immediately after logging in. I had the Chrome Dev tools pane open. Specifically it's telling me:

--snip--
Uncaught SecurityError: Blocked a frame with origin "https://www.example.com:2087" from accessing a frame with origin "chrome-extension://hdokiejnpimakedhajhdlcegeplioahd". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "chrome-extension". Protocols must match.
--snip--

This request originates from:

https://www.example.com:2087/cPanel...en/utilities_container/utilities_container.js

I tried to do some deeper debugging but ran out of time. I initially suspected it was in the breadcrumb functions but it might also be in some of the code which iterates frames such as mainFrameExists()

 

[cPanelKenneth]

In Chrome 30.0.1599.101 on MacOS and LastPass Version: 2.5.4 / Built: 2013-08-21 22:42:06
and on
Chrome 30.0.1.599.101 m on Windows 7 with LastPass Version 2.5.5 / Built: 2013-08-21 22:49:02

This is with WHM 11.38.2 (build 12)

I get this error immediately after logging in. I had the Chrome Dev tools pane open. Specifically it's telling me:

--snip--
Uncaught SecurityError: Blocked a frame with origin "https://www.example.com:2087" from accessing a frame with origin "chrome-extension://hdokiejnpimakedhajhdlcegeplioahd". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "chrome-extension". Protocols must match.
--snip--

This request originates from:

https://www.example.com:2087/cPanel...en/utilities_container/utilities_container.js

I tried to do some deeper debugging but ran out of time. I initially suspected it was in the breadcrumb functions but it might also be in some of the code which iterates frames such as mainFrameExists()

Thank you for digging further into this. I've forwarded the report to our developers. On the surface it looks like a bug in the YUI toolkit.

 

[sneader]

Hi Kenneth. I am happy to report that LastPass came out with a brand new major version and it seems to have cleared up whatever the conflict was. So far, everything seems completely fixed!

Can you update/close your internal case as needed?

If this was a LastPass issue and not a cPanel issue, I apologize. I was just the man in the middle.

- Scott

 

[skyhorse]

Hi Kenneth. I am happy to report that LastPass came out with a brand new major version and it seems to have cleared up whatever the conflict was. So far, everything seems completely fixed!

Can you update/close your internal case as needed?

If this was a LastPass issue and not a cPanel issue, I apologize. I was just the man in the middle.

- Scott

I'm not using lastpass and I have the same issue on MacOs 10.9, Chrome 31.0.1650.57 and WHM 11.40.0 (build 24) .
I have 1Password and AdBlock extensions (adblock is disabled). Safari, which also has 1password extension, is working fine.

 

[cPanelMichael]

I'm not using lastpass and I have the same issue on MacOs 10.9, Chrome 31.0.1650.57 and WHM 11.40.0 (build 24) .
I have 1Password and AdBlock extensions (adblock is disabled). Safari, which also has 1password extension, is working fine.

I moved this post to a new thread because it's associated with a different third-party software application. You can find the new thread at:

1Password Not Working

Thank you.

 

[sneader]

Well, I thought my LastPass / WHM conflicts were done, but tonight noticed that I'm still seeing it on the Transfer Account page. I see that 11.40 should get pushed out tonight (I'm on 11.38) so let me see if that, somehow, fixes things.

- Scott

 

[cPanelKenneth]

Well, I thought my LastPass / WHM conflicts were done, but tonight noticed that I'm still seeing it on the Transfer Account page. I see that 11.40 should get pushed out tonight (I'm on 11.38) so let me see if that, somehow, fixes things.

- Scott

The problem was identified and fixed in case 82249. The fix is in 11.40.1, which is in the EDGE tier at the moment. It likely won't hit the STABLE tier until after the new year.

 

[sneader]

Awesome!!!!! Really appreciate the follow-up!!!

- Scott

 

[cPanelMichael]

cPanel version 11.40.1.1 is now available on the Edge, Current, and Release build tiers. This version includes a resolution for internal case number 82249. The full change log is available at:

cPanel version 11.40 Change Log

You can update cPanel manually via:

/scripts/upcp

Or, you can wait for it to update automatically if you have automatic updates enabled.

Thank you.

 

[sneader]

This type of closure is really appreciated. Many thanks, Michael!!!

- Scott