Firefox does not ask for master password if zabbix-vue connects to a web server that resquest a client side certificate
Closed this issue · 6 comments
When I use the zabbix-vue with my zabbix web frontend on a web server that asks the client to connect with a client side certificate, I get the popup to choose the certificate but I think it is not loaded (the zabbix-vue stay grayed). Firefox does not ask me for the master password for unlocking keychain.
Is it a common problem (firefox side)?
If not, it would be nice to be able to 'restart/reload' or disable/enable the plugin with a (contextual) menu entry , after having the master password entered.
That's an interesting use-case, and not one that was considered. I'm not sure how Firefox handles certificate approval for Extensions, so I'll have to investigate further.
It sounds like there isn't a way for an extension to prompt for interactivity from the background.js process. So if you have a custom SSL cert on your Zabbix endpoint, there isn't anything that can be done from the extension.
If you access that site from a Firefox tab, and go through the SSL cert acceptance steps, does the zabbix-vue extension then connect? If it doesn't start working, from the extensions screen you should be able to disable then enable the zabbix-vue extension to see if that allows it to successfully connect after manually accepting the cert.
If I disable the ext, close and réopen firefox. Then; enable the ext, I've the same behavior as if I start firefox with the ext enabled: I have the prompt to choose my cert but not the prompt for the master pwd. Result is the same, I get a 403, for the ext AND for a normal tab to my zabbix homepage. I have to clear the "active connections" , refresh my tab, FF ask me now to select the cert. AND ask me to enter the master pwd. Refresh the tab: OK/200. Re-enable the ext: OK/GREEN
I'll try on a other session with a client cert but no master password on firefox and I'll tell you if it work (ask for the cert and use it without having a tab opened on my Zabbix )
Anyway this is obviously not recommended and wouldnt solve my issue.
Maybe, an options to choose not the ext to start automatically and need a click on the icon to start it could be an acceptable solution. I never develop a FF extension so I can't imagine if it's a big task to accomplish.
Ok, just by disabling the master pwd in FF, the ZabbixVue works when FF starts, without any tab.
Is there a list in the code that defines the permission the app needs ?
The manifest.json contains the settings for the extension and permissions is one of the keys. For this extension that is https://github.com/mchugh19/zabbix-vue/blob/master/app/manifest.json#L16-L19
"background",
"notifications",
"storage",
"*://*/"
- background is needed to have a background js process running. This contains the logic for communicating with the zabbix server on the defined interval.
- notifications are needed to generate the browser notifications
- storage is needed to save the zabbix server details from the extension's options screen
- *://*/ allows the extension to communicate with http/https://* to reach your zabbix instance
There doesn't seem to be a way to handle firefox master passwords from an extension. So I'll close this out as there's nothing that can be done. If that continues to be an issue, feel free to open a bug report with Firefox upstream, and if the capability is created, I'll gladly use it.