LastPass Chrome Extension breaks some WHM functionality

sneader

Well-Known Member
Aug 21, 2003
1,178
57
178
La Crosse, WI
cPanel Access Level
Root Administrator
The LastPass password vault extension for Chrome seems to break certain WHM functionality. For example, if I try to install an SSL certificate, and paste in the .crt, I don't get the button that appears which lets me pre-populate the rest of the fields based on the crt details... or if I go to Edit DNS and type in a domain name, it no longer automatically finds the domain name.

--snip--
Uncaught SecurityError: Blocked a frame with origin "https://www.example.com:2087" from accessing a frame with origin "chrome-extension://hdokiejnpimakedhajhdlcegeplioahd". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "chrome-extension". Protocols must match.
--snip--

I opened a ticket with LastPass, but they claim this is a WHM problem and not a LastPass problem. Below is the communication received from Last Pass:

"LastPass Ticket # 1017296: Based on the error, it looks like cPanel is trying to access our frame, rather than us trying to access their frame. So, there is nothing we can do within our product to fix it."

I opened a ticket with cPanel (ID# 4379329) and they have confirmed the incompatibility and assigned an internal case ID of #81245.

Just thought I would document this, in case anyone else came here looking for help on this problem, like I did.

- Scott
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

I have reviewed internal case number 81245 that was opened with your ticket. The response on this internal case indicated the issue is actually with the Last Pass software. I recommend opening a support ticket with Last Pass, and requesting more technical information. It's possible the methods they implement are not compatible with cPanel/WHM.

Thank you.
 

sneader

Well-Known Member
Aug 21, 2003
1,178
57
178
La Crosse, WI
cPanel Access Level
Root Administrator
Hi Michael. If you scroll up and read my first post, it not only shows that I opened a ticket with LastPass first (before contacting cPanel) but I even included their response, which states that this is a cPanel problem. Can you review this, and then let me know what you think I should do next?

- Scott
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
To clarify, I did review your original post before responding. The issue here is that the error is not directly related to cPanel/WHM itself. It's an issue with their application. They may need to modify their application to support cPanel/WHM authentication. They are welcome to contact us with any technical questions that can help them better modify their application to support interactions with cPanel/WHM.

Thank you.
 

sneader

Well-Known Member
Aug 21, 2003
1,178
57
178
La Crosse, WI
cPanel Access Level
Root Administrator
Thanks Michael. How would they contact you? I did it via the ticket process, but they would not have an "IP Address" to use.

- Scott
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
They can register a forums account and post directly on our developers forum at:

cPanel Developers

Self Edit - Posting on our developers forum is the recommended method at this point.

Thank you.
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
76
308
cPanel Access Level
Root Administrator
Scott,

I'm not able to reproduce the described behavior with the LastPass Chrome extension, and cPanel & WHM 11.40. I attempted the following:

1. Within WHM click Install an SSL Certificate on a Domain
2. Paste the Certificate into the Certificate field
3. Input the Domain name in the Domain field
4. The Autofill by Domain button was clickable

1. Within WHM click Install an SSL Certificate on a Domain
2. Input the Domain name in the Domain field
3. Click the 'Autofill by Domain' button

1. Within WHM click Install an SSL Certificate on a Domain
2. Input the Domain name in the Domain field
3. Click the 'Autofill by Domain' button
4. Paste the Certificate into the Certificate field
5. Click the 'Autofill be Certificate' button

In all instances the button(s) was clickable, and fields were populated.

cPanel & WHM 11.40
LastPass Chrome Extension 2.5.5
 

sneader

Well-Known Member
Aug 21, 2003
1,178
57
178
La Crosse, WI
cPanel Access Level
Root Administrator
Hi Kenneth. Is there a way you can test with 11.38? If it doesn't work, then we know that 11.40 fixes this. If it works for you in 11.38.2.12 (the current Stable I'm running) then you have some other variable... as the person working with me on my cPanel ticket WAS able to reproduce this.

By the way, there has never been a problem with LastPass/WHM/Chrome until very recently... some recent 11.38.2 build broke something)

Thanks again... this is encouraging that 11.40 will solve it (assuming that it's broken for you in 11.38, but working in 11.40)

- Scott
 

laxbobber

Registered
Jan 4, 2005
4
0
151
In Chrome 30.0.1599.101 on MacOS and LastPass Version: 2.5.4 / Built: 2013-08-21 22:42:06
and on
Chrome 30.0.1.599.101 m on Windows 7 with LastPass Version 2.5.5 / Built: 2013-08-21 22:49:02

This is with WHM 11.38.2 (build 12)

I get this error immediately after logging in. I had the Chrome Dev tools pane open. Specifically it's telling me:

--snip--
Uncaught SecurityError: Blocked a frame with origin "https://www.example.com:2087" from accessing a frame with origin "chrome-extension://hdokiejnpimakedhajhdlcegeplioahd". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "chrome-extension". Protocols must match.
--snip--

This request originates from:

https://www.example.com:2087/cPanel...en/utilities_container/utilities_container.js

I tried to do some deeper debugging but ran out of time. I initially suspected it was in the breadcrumb functions but it might also be in some of the code which iterates frames such as mainFrameExists()
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
76
308
cPanel Access Level
Root Administrator
In Chrome 30.0.1599.101 on MacOS and LastPass Version: 2.5.4 / Built: 2013-08-21 22:42:06
and on
Chrome 30.0.1.599.101 m on Windows 7 with LastPass Version 2.5.5 / Built: 2013-08-21 22:49:02

This is with WHM 11.38.2 (build 12)

I get this error immediately after logging in. I had the Chrome Dev tools pane open. Specifically it's telling me:

--snip--
Uncaught SecurityError: Blocked a frame with origin "https://www.example.com:2087" from accessing a frame with origin "chrome-extension://hdokiejnpimakedhajhdlcegeplioahd". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "chrome-extension". Protocols must match.
--snip--

This request originates from:

https://www.example.com:2087/cPanel...en/utilities_container/utilities_container.js

I tried to do some deeper debugging but ran out of time. I initially suspected it was in the breadcrumb functions but it might also be in some of the code which iterates frames such as mainFrameExists()
Thank you for digging further into this. I've forwarded the report to our developers. On the surface it looks like a bug in the YUI toolkit.
 

sneader

Well-Known Member
Aug 21, 2003
1,178
57
178
La Crosse, WI
cPanel Access Level
Root Administrator
Hi Kenneth. I am happy to report that LastPass came out with a brand new major version and it seems to have cleared up whatever the conflict was. So far, everything seems completely fixed!

Can you update/close your internal case as needed?

If this was a LastPass issue and not a cPanel issue, I apologize. I was just the man in the middle. :)

- Scott
 

skyhorse

Active Member
Aug 18, 2004
25
0
151
Hi Kenneth. I am happy to report that LastPass came out with a brand new major version and it seems to have cleared up whatever the conflict was. So far, everything seems completely fixed!

Can you update/close your internal case as needed?

If this was a LastPass issue and not a cPanel issue, I apologize. I was just the man in the middle. :)

- Scott
I'm not using lastpass and I have the same issue on MacOs 10.9, Chrome 31.0.1650.57 and WHM 11.40.0 (build 24) .
I have 1Password and AdBlock extensions (adblock is disabled). Safari, which also has 1password extension, is working fine.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
I'm not using lastpass and I have the same issue on MacOs 10.9, Chrome 31.0.1650.57 and WHM 11.40.0 (build 24) .
I have 1Password and AdBlock extensions (adblock is disabled). Safari, which also has 1password extension, is working fine.
I moved this post to a new thread because it's associated with a different third-party software application. You can find the new thread at:

1Password Not Working

Thank you.
 

sneader

Well-Known Member
Aug 21, 2003
1,178
57
178
La Crosse, WI
cPanel Access Level
Root Administrator
Well, I thought my LastPass / WHM conflicts were done, but tonight noticed that I'm still seeing it on the Transfer Account page. I see that 11.40 should get pushed out tonight (I'm on 11.38) so let me see if that, somehow, fixes things.

- Scott
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
76
308
cPanel Access Level
Root Administrator
Well, I thought my LastPass / WHM conflicts were done, but tonight noticed that I'm still seeing it on the Transfer Account page. I see that 11.40 should get pushed out tonight (I'm on 11.38) so let me see if that, somehow, fixes things.

- Scott
The problem was identified and fixed in case 82249. The fix is in 11.40.1, which is in the EDGE tier at the moment. It likely won't hit the STABLE tier until after the new year.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
cPanel version 11.40.1.1 is now available on the Edge, Current, and Release build tiers. This version includes a resolution for internal case number 82249. The full change log is available at:

cPanel version 11.40 Change Log

You can update cPanel manually via:

/scripts/upcp

Or, you can wait for it to update automatically if you have automatic updates enabled.

Thank you.