Breaks all sign in with Google

[yodaluca23]

This extension causes websites to not able to redirect any login with google login.

Description

If you try to sign in with Google on any website, with this extension, it will not be able to redirect and log you in.

Expected Behaviour

It allow the APIs needed to allow websites to redirect from sign in with google.

Current Behaviour

Site is unable to login and redirect.

Possible Solution

Have a toggle to fix log in with Google, toggle explaining, that it may allow some tracking APIs through.

Steps to Reproduce (for bugs)

1. create a fresh Firefox profile
2. Install CanvasBlocker
3. Try to sign into most sign in with google sites, for example (https://www.virustotal.com).

Context

I have had to completely disable the extension, because even if you whitelist accounts.google.com, it still does not work.

Your Environment

• CanvasBlocker Version used: 1.9

• Firefox version incl. 32- or 64-bit: WaterFox 64 bit

• Operating System and version (desktop or mobile):
  Edition Windows 11 Home
  Version 23H2
  Installed on ‎10/‎1/‎2022
  OS build 22631.3007
  Experience Windows Feature Experience Pack 1000.22681.1000.0

• Installed addons:

Name: Add-ons Search Detection
Type: extension
Version: 2.0.0
Enabled: true
ID: [email protected]

Name: Addon Store Compatibility
Type: extension
Version: 1.0.0
Enabled: true
ID: [email protected]

Name: AdNauseam
Type: extension
Version: 3.19.0
Enabled: true
ID: [email protected]

Name: AntiRickRoll
Type: extension
Version: 1.7
Enabled: true
ID: {5f1ad9c1-371d-4b5a-9469-0a187d41c3e9}

Name: Application Guard Extension
Type: extension
Version: 2.0.2206.23003
Enabled: true
ID: [email protected]

Name: Bing
Type: extension
Version: 1.3
Enabled: true
ID: [email protected]

Name: Bitwarden - Free Password Manager
Type: extension
Version: 2023.12.1
Enabled: true
ID: {446900e4-71c2-419f-a6a7-df9c091e268b}

Name: BTRoblox - Making Roblox Better
Type: extension
Version: 3.4.1
Enabled: true
ID: [email protected]

Name: Bypass Paywalls Clean
Type: extension
Version: 3.5.0.0
Enabled: true
ID: [email protected]

Name: ChatGPT for Google
Type: extension
Version: 2.1.1
Enabled: true
ID: {4b726fbc-aba9-4fa7-97fd-a42c2511ddf7}

Name: ClassLink OneClick Extension
Type: extension
Version: 6.4
Enabled: true
ID: [email protected]

Name: ClearURLs
Type: extension
Version: 1.26.1
Enabled: true
ID: {74145f27-f039-47ce-a470-a662b129930a}

Name: Dark Reader
Type: extension
Version: 4.9.74
Enabled: true
ID: [email protected]

Name: DuckDuckGo
Type: extension
Version: 1.1
Enabled: true
ID: [email protected]

Name: Ecosia
Type: extension
Version: 1.1
Enabled: true
ID: [email protected]

Name: Font Fingerprint Defender
Type: extension
Version: 0.1.4
Enabled: true
ID: {96ef5869-e3ba-4d21-b86e-21b163096400}

Name: FreshView for YouTube™
Type: extension
Version: 2.1.0
Enabled: true
ID: {8c27b925-ee33-423f-88a8-5e80f2c43cc0}

Name: Google
Type: extension
Version: 1.2
Enabled: true
ID: [email protected]

Name: Grammarly: Grammar Checker and AI Writing App
Type: extension
Version: 8.909.0
Enabled: true
ID: 87677a2c52b84ad3a151a4a72f5bd3c4@jetpack

Name: Honey
Type: extension
Version: 12.8.4
Enabled: true
ID: jid1-93CWPmRbVPjRQA@jetpack

Name: I don't care about cookies
Type: extension
Version: 3.5.0
Enabled: true
ID: jid1-KKzOGWgsW3Ao4Q@jetpack

Name: Indie Wiki Buddy
Type: extension
Version: 3.3.0
Enabled: true
ID: {cb31ec5d-c49a-4e5a-b240-16c767444f62}

Name: Malwarebytes Browser Guard
Type: extension
Version: 2.6.17
Enabled: true
ID: {242af0bb-db11-4734-b7a0-61cb8a9b20fb}

Name: Modern for Wikipedia
Type: extension
Version: 1.25
Enabled: true
ID: {e9090647-32ff-48e4-9c3c-1361e8fd270e}

Name: Netflix Color Plus
Type: extension
Version: 2.4.8
Enabled: true
ID: NetflixColorPlus@extension

Name: PronounDB
Type: extension
Version: 0.14.1
Enabled: true
ID: [email protected]

Name: Qwant
Type: extension
Version: 1.1
Enabled: true
ID: [email protected]

Name: Rakuten: Get Cash Back For Shopping
Type: extension
Version: 5.36.1
Enabled: true
ID: {35d6291e-1d4b-f9b4-c52f-77e6410d1326}

Name: Refined GitHub
Type: extension
Version: 24.1.10
Enabled: true
ID: {a4c4eda4-fb84-4a84-b4a1-f7c1cbf2a1ad}

Name: Remove YouTube™ Tab Number
Type: extension
Version: 0.5
Enabled: true
ID: {7b3d30b7-08e6-458e-a034-cd8635d12bc6}

Name: Return YouTube Dislike
Type: extension
Version: 3.0.0.14
Enabled: true
ID: {762f9885-5a13-4abd-9c77-433dcd38b8fd}

Name: Rounded Tube
Type: extension
Version: 1.9.4
Enabled: true
ID: {e03ca11f-3adb-4795-830f-7c4b0e439e25}

Name: Ruffle - Flash Emulator
Type: extension
Version: 0.1.0.1079
Enabled: true
ID: {b5501fd1-7084-45c5-9aa6-567c2fcf5dc6}

Name: Schoology Plus
Type: extension
Version: 7.8.6
Enabled: true
ID: [email protected]

Name: Silk - Privacy Pass Client
Type: extension
Version: 4.0.0
Enabled: true
ID: {48748554-4c01-49e8-94af-79662bf34d50}

Name: Simple Translate
Type: extension
Version: 2.8.2
Enabled: true
ID: simple-translate@sienori

Name: SingleFile
Type: extension
Version: 1.22.39
Enabled: true
ID: {531906d3-e22f-4a6c-a102-8057b88a1a63}

Name: SponsorBlock for YouTube - Skip Sponsorships
Type: extension
Version: 5.4.29
Enabled: true
ID: [email protected]

Name: Startpage
Type: extension
Version: 1.0
Enabled: true
ID: [email protected]

Name: Stop Mod Reposts
Type: extension
Version: 5.1.0
Enabled: true
ID: jid1-sykbIdJBHPRJPA@jetpack

Name: Surfshark VPN Extension
Type: extension
Version: 4.8.1
Enabled: true
ID: {732216ec-0dab-43bb-ac85-4b5e1977599d}

Name: Suspicious Site Reporter
Type: extension
Version: 1.23
Enabled: true
ID: {4d0d1b7b-351a-41da-bef8-8c565fdbbcb4}

Name: Tampermonkey
Type: extension
Version: 5.0.1
Enabled: true
ID: [email protected]

Name: Unpaywall
Type: extension
Version: 3.98
Enabled: true
ID: {f209234a-76f0-4735-9920-eb62507a54cd}

Name: User-Agent Switcher and Manager
Type: extension
Version: 0.5.0
Enabled: true
ID: {a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}

Name: Wayback Machine
Type: extension
Version: 3.2
Enabled: true
ID: [email protected]

Name: Yahoo!
Type: extension
Version: 1.0
Enabled: true
ID: [email protected]

Name: Youtube-shorts block
Type: extension
Version: 1.4.1
Enabled: true
ID: {34daeb50-c2d2-4f14-886a-7160b24d66a4}

Name: CanvasBlocker
Type: extension
Version: 1.9
Enabled: false
ID: [email protected]

Your Settings

<!--- Copy your CanvasBlocker settings here. -->
<!-- They can be retrieved by checking the expert mode and going to export settings. -->
<!--- You may consider deleting personal data - especially the "persistentRndStorage". -->

{
	"logLevel": 1,
	"urlSettings": [
		{
			"url": "mail.google.com",
			"protectDOMRect": false
		},
		{
			"url": "onedrive.live.com",
			"protectDOMRect": false
		},
		{
			"url": "paypal.com",
			"protectWindow": false
		},
		{
			"url": "dhl.de",
			"protectWindow": false
		},
		{
			"url": "------",
			"protectedCanvasPart": "nothing",
			"blockMode": "allow",
			"protectAudio": false,
			"historyLengthThreshold": 10000,
			"protectDOMRect": false,
			"protectWindow": false,
			"protectScreen": false,
			"protectSVG": false
		}
	],
	"hiddenSettings": {},
	"expandStatus": {},
	"displayHiddenSettings": false,
	"whiteList": "",
	"sessionWhiteList": "",
	"blackList": "",
	"blockMode": "fake",
	"protectedCanvasPart": "input",
	"minFakeSize": 10,
	"maxFakeSize": 1000000,
	"rng": "persistent",
	"protectedAPIFeatures": {},
	"useCanvasCache": true,
	"ignoreFrequentColors": 3,
	"minColors": 3,
	"fakeAlphaChannel": false,
	"webGLVendor": "",
	"webGLRenderer": "",
	"webGLUnmaskedVendor": "",
	"webGLUnmaskedRenderer": "",
	"persistentRndStorage": "{\"--------------------------------------------",
	"persistentIncognitoRndStorage": "",
	"storePersistentRnd": true,
	"persistentRndClearIntervalValue": 0,
	"persistentRndClearIntervalUnit": "days",
	"lastPersistentRndClearing": 1703561879238,
	"sharePersistentRndBetweenDomains": false,
	"askOnlyOnce": "individual",
	"askDenyMode": "block",
	"showCanvasWhileAsking": true,
	"showNotifications": true,
	"highlightPageAction": "none",
	"highlightBrowserAction": "color",
	"displayBadge": true,
	"storeNotificationData": false,
	"storeImageForInspection": false,
	"ignoreList": "",
	"ignoredAPIs": {},
	"showCallingFile": false,
	"showCompleteCallingStack": false,
	"enableStackList": false,
	"stackList": "",
	"protectAudio": true,
	"audioFakeRate": "0.1%",
	"audioNoiseLevel": "low",
	"useAudioCache": true,
	"audioUseFixedIndices": true,
	"audioFixedIndices": "11",
	"historyLengthThreshold": 2,
	"protectWindow": true,
	"allowWindowNameInFrames": true,
	"protectDOMRect": true,
	"domRectIntegerFactor": 4,
	"protectSVG": true,
	"protectTextMetrics": true,
	"blockDataURLs": true,
	"protectNavigator": false,
	"navigatorDetails": {},
	"protectScreen": true,
	"screenSize": "",
	"fakeMinimalScreenSize": false,
	"displayAdvancedSettings": true,
	"displayDescriptions": false,
	"theme": "auto",
	"dontShowOptionsOnUpdate": false,
	"disruptSessionOnUpdate": false,
	"updatePending": false,
	"isStillDefault": false,
	"storageVersion": 1
}

[AtmosphericIgnition]

I see that you have a userAgent switcher installed, are you spoofing your userAgent? Even if the extension is disabled, check if Firefox is actually sending the correct userAgent string.

I remember encountering a glitch where even after a userAgent spoofing extension was disabled, the browser was still sending the spoofed userAgent because, the config override didn't revert back to the original string.
There is a similar issue about not being able to log into Google because of a userAgent override triggering Google's bot detection nonsense and refusing to allow logging in. You can check your userAgent by going to a site like browserleaks.com and see if the UA string matches your OS and browser.

I also see that you have a lot of extensions enabled, so it could be worth checking if one of them is trying to protect a JS API that CanvasBlocker is also trying to protect and causing issues. It might also be worth checking your about:config, ticking the Show only modified preferences box, and looking for any config that might have been changed by you, or an extension.

Let me know if any of this helped you.

[kkapsner]

Whitelisting accounts.google.com works for me

Please try the latest beta at https://canvasblocker.kkapsner.de/versions/?C=M;O=D

[koullis22]

after update 1.10 i couldnt login to gmail accounts..i was always getting

This browser or app may not be secure. “try using a different browser.If you’re already using a supported browser,you can refresh your screen and try again to sign in”

reinstalled 1.09 and works fine

[kkapsner]

1.10.1 is in the approval process.

[koullis22]

1.10.1 is in the approval process.

great thanks

[AtmosphericIgnition]

I just got the update to 1.10.1 from the Mozilla Add-on Store, and it has fixed all issues with Google sites for me.

[koullis22]

I just got the update to 1.10.1 from the Mozilla Add-on Store, and it has fixed all issues with Google sites for me.

thank you for the update..i will check it once i restart firefox

[yodaluca23]

I will test it when I get time.

[yodaluca23]

I will test it when I get time.

Just tried signing into VirusTotal, with Google, while using the updated extension, and I was still unable to be redirected and logged in until I disabled the extension. How do I add a site to the whitelist?

[yodaluca23]

Just tried signing into VirusTotal, with Google, while using the updated extension, and I was still unable to be redirected and logged in until I disabled the extension. How do I add a site to the whitelist?

I added accounts.google.com to the whitelist, by manually editing the save file and loading it, I then unchecked all the boxes to not protect any APIs on accounts.google.com, and restarted firefox, and it's still not redirecting me logged in...

[kkapsner]

At which screen are you not redirected? Please give me some screenshots.

[spodermenpls]

@yodaluca23 I just tested it out, you have to whitelist the Window API protection for virustotal.com (same pop-up problem as with PayPal and DHL.de), then it should work.
How to whitelist the Window API protection you may ask? Go to the CanvasBlocker settings->"APIs" tab on the left->scroll down to "Window API"->expand the "site-specifc values" list by clicking on the small black arrow on the right->type virustotal.com in the text field, click the "+" and then remove its checkmark.

[yodaluca23]

@yodaluca23 I just tested it out, you have to whitelist the Window API protection for virustotal.com (same pop-up problem as with PayPal and DHL.de), then it should work. How to whitelist the Window API protection you may ask? Go to the CanvasBlocker settings->"APIs" tab on the left->scroll down to "Window API"->expand the "site-specifc values" list by clicking on the small black arrow on the right->type virustotal.com in the text field, click the "+" and then remove its checkmark.

Tried that, still did not work.

Here is the screen recording @kkapsner

CanvasBlocker.Glitch.mp4

[spodermenpls]

@yodaluca23 I even opened an account on VirusTotal now to test it under the same conditions as you do, it works perfectly. Are you really sure you added virustotal.com (as described above), and not accounts.google.com, or something else? The site-specific entry among the Window API settings has to look like this:

[yodaluca23]

@yodaluca23 I even opened an account on VirusTotal now to test it under the same conditions as you do, it works perfectly. Are you really sure you added virustotal.com (as described above), and not accounts.google.com, or something else? The site-specific entry among the Window API settings has to look like this:

Yes, mine looks just like that....

[spodermenpls]

@yodaluca23 Hm.. I don't know what the issue is on your end, then. I use Firefox instead of Waterfox, don't know if that has something to do with it.