Some of Brave's Default Shields settings breaking extensions

[Brave-Matt]

Description

I realize that this may seem obvious since this was a common issue with the pre-installed extensions in Browser-Laptop but given that Brave-Core allows for all Extensions, this problem pops up much more often and supporting/advising users on how to address the issue is slightly problematic.

Examples:
1 - Evernote Web Clipper
This extension installs without issue but breaks after attempting to sign-in to Evernote account. Sign-in is still registered/successful, but the extension cannot be used and you're presented with the following error:

2 - Diigo Web Capture - Capture and Annotate
This extension works very much in the same way as Evernote. Installs fine and even further, account sign-in works properly. However, when attempting to use the extension (for instance, clicking "Add a Bookmark", the extension displays as seen here:

The loading wheel in the top right spins infinitely. Selecting "save" closes the extension but does not actually save the content.

Both of these issues are resolved by changing Brave's default Shields settings - specifically changing the Cookie Control option to Allow all cookies. Once switched, these extensions behave as expected.

This occurs on both Dev and Beta versions, with or without fresh install and with or without additional extensions installed.

Steps to Reproduce

(Covered above but will simplify)

1. Install Evernote Web Clipper extension
2. Sign into your Evernote account via extension or website
3. Attempt to use any function of Evernote Web Clipper

Actual result:

Function is not performed, alert message to make sure cookies are allowed is displayed.

Expected result:

Evernote function executes

Reproduces how often:

Always

Brave version (chrome://version info)

Beta - Version 0.55.10 Chromium: 70.0.3538.22 (Official Build) beta (64-bit)
Dev - Version 0.56.1 Chromium: 70.0.3538.22 (Official Build) dev (64-bit)

Reproducible on current release:

• Does it reproduce on brave-browser dev/beta builds? Yes
• Does it reproduce on browser-laptop? No/ NA

Website problems only:

• Does the issue resolve itself when disabling Brave Shields? Not site-specific Shields
• Is the issue reproducible on the latest version of Chrome? No

Additional Information

Initial reports:
https://community.brave.com/t/diigo-annotate-and-capture/33859
https://community.brave.com/t/evernote-web-clipper-extension/33648/4

[Brave-Matt]

+1 from Community: https://community.brave.com/t/lastpass-issues-persist-in-beta/33932/2

[Brave-Matt]

Another from Community : https://community.brave.com/t/unable-to-log-in-to-the-grammarly-extension/34011****

[eljuno]

+1 from Community with Soapbox extension from Wistia https://community.brave.com/t/soapbox-from-wistia-cant-log-in/34306?u=eljuno

[Brave-Matt]

+1 from Community: https://community.brave.com/t/new-tab-redirect/34855/8

With this extensions the "Allow all Cookies" workaround does not resolve the issue.

[srirambv]

+1 from https://community.brave.com/t/shield-settings-for-extensions/35957 for Todoist Extension and the Gmail extension

[planetceres]

I have also reproduced this issue when trying to sync my account with the YayAnotherSpeedDial extension (https://github.com/Mimiste/YayAnotherSpeedDial). I can log in successfully, but no data is synced after login, and opening a new tab requires signing in again.

As @srirambv suggested on the community board, allowing all cookies fixes the log in persistence bug, but this is a suboptimal solution.

[Brave-Matt]

+1 (of many ) from Community:
https://community.brave.com/t/cannot-sing-in-with-hangouts-extension/35698

[srirambv]

@bbondy @rebron @kjozwiak this one needs to be fixed and uplifted to 57 if possible. There's an increasing number of complains about extension being broken because of default global shields settings.

[kjozwiak]

Agreed, once we start migrating users in 0.57.x, a lot more folks will be running into this issue when they start using extensions. We'll probably be seeing a lot more +1's being added. @bbondy can we get someone to look at this and see if it's possible to fix for 0.57.x before we migrate?

[srirambv]

+1 from @shinglyu via @2164 for Pocket using Google account

[bbondy]

Has this been re-tested since the cookie fix with PDFJS?
That fix was a generalized extensions can't access cookies so I think all or most of those issues are related to it.

I tested the first 2 extensions in the first comment with dev channel and they both work. I think if you use a 0.57.x build it will work too.

@Brave-Matt @kjozwiak @srirambv pls confirm.

[Brave-Matt]

@bbondy, sorry for the late reply.
Just tested on Dev build:

---

Evernote WC - Extension works only if All Cookies Allowed is set in Global Shields

More info: I'm also unable to edit the options for Evernote unless all cookies are allowed (global)

---

Diigo - Extension works as expected with Global Shields set to default

---

Grammarly - Extension does work, but I'm unable to login to the extension. That is, the extension alerts me that Grammarly is active but features aren't present because I'm not logged in. When I click "login" it brings me to the Grammarly page, I log in, return to extension - no change. This is with Global and site Shields turned off or on.

---

Todoist - Functions but only when all cookies are allowed globally

---

Notifier for gmail - Does not work. Regardless of Shields settings, extension will not display new emails, unread emails, inbox count, or even display as active (extension is colored when active, grayed out if not).

---

Yayanotherspeedial - Works if you click the extension and to open the YASD new tab page. However, it does not override the new tab page (likely related to #993 so hopefully fixed soon)

---

Hangouts - Extension doesn't work unless all cookies allowed (global). Otherwise, prompted to login, but login page never loads.

---

Pocket - To my surprise, works great with default Shields.

---

Additional (known to be) broken extensions not yet tested:

• Google Keep
• Join (jaoapps)
• Google Black Menu Extension
• GotoMeeting
• Soapbox
• LastPass

Question:
For instances where cookies must be allowed globally - Do we plan on implementing a workaround for this or (maybe more likely) a way to add extensions to an exceptions list? @bbondy

[mrzealot]

+1 for Mixmax
(https://www.reddit.com/r/brave_browser/comments/9rbgc2/what_settings_need_to_be_changed_to_allow_the/)

Gmail integration does not work (tested in 0.58.9), "Allow all cookies" fixes it in the meantime.

[bbondy]

Fix to disable this is done here brave/brave-core#975
But I need to add some tests first. I'll try to get it uplifted to 0.57.x.

[GeetaSarvadnya]

Verification Passed on

Brave	0.57.18 Chromium: 71.0.3578.80 (Official Build) (64-bit)
Revision	2ac50e7249fbd55e6f517a28131605c9fb9fe897-refs/branch-heads/3578@{#860}
OS	Windows

• With default global shield settings, extensions are working without any issues
• Verfied the STR from description

Verification Passed on

Brave	0.57.18 Chromium: 71.0.3578.80 (Official Build) (64-bit)
Revision	2ac50e7249fbd55e6f517a28131605c9fb9fe897-refs/branch-heads/3578@{#860}
OS	Linux

• All extensions listed in the issue were installed and worked correctly without having to change default shields settings

[bcamarneiro]

rescuetime extension is not sending detailed information about my usage

[Abdelhaq75]

+1 on the Google Keep extension

[NickAnEngineer]

Shield also breaks the Mendely importer extension (https://chrome.google.com/webstore/detail/mendeley-importer/dagcmkpagjlhakfdhnbomgmjdpkdklff?hl=en), after trying to log in it reports
'You cannot be signed in as you appear to have blocked third-party cookies.To sign in, please allow third-party cookies for mendeley.com.'

I'm on version 0.61.51 on Linux

[benmordecai]

I could not tell if this issue is supposed to be resolved in 0.57 going forward, but I am running 0.62.37 and I still get a CSRF Token mismatch when trying to use the Todoist for Gmail extension due to 3rd party cookie.

[dabat]

@benmordecai you must be running a dev/beta build, correct?
I'm running the release build on v0.61.52 and the Google Keep extension does not work with "block third party cookies" or "all cookies allowed".
Is this supposed to be fixed?

[benmordecai]

@benmordecai you must be running a dev/beta build, correct?
I'm running the release build on v0.61.52 and the Google Keep extension does not work with "block third party cookies" or "all cookies allowed".
Is this supposed to be fixed?

You are right I am running the beta. I am not sure if the fix is supposed to be in place on either build, but I wanted to report that if it is, I am still having the issue.

[amplicity]

+1 MixMax - Breaking with shields down

https://www.reddit.com/r/brave_browser/comments/9rbgc2/what_settings_need_to_be_changed_to_allow_the/

[PedroRojasU]

@benmordecai you must be running a dev/beta build, correct?
I'm running the release build on v0.61.52 and the Google Keep extension does not work with "block third party cookies" or "all cookies allowed".
Is this supposed to be fixed?

Google Keep still broken in 0.62.50

[lightlii]

Still broken for the are.na extension.
Surely the best solution would be to allow users set cookies settings per extension?
At the moment it seems the only option I have is to allow all cookies or switch to another browser? Seems less than ideal..

Thanks

[bbondy]

Please post new issues, we keep 1 issue per landed area of code unless it is reverted. Thank you!

[kjozwiak]

Regarding Google Keep not working, we have #3650 opened. Please add +1's into that issue if you're having issues with Google Keep.

[lightlii]

Please post new issues, we keep 1 issue per landed area of code unless it is reverted. Thank you!

Ok thanks!

[pmguerre]

Shield also breaks the Mendely importer extension (https://chrome.google.com/webstore/detail/mendeley-importer/dagcmkpagjlhakfdhnbomgmjdpkdklff?hl=en), after trying to log in it reports
'You cannot be signed in as you appear to have blocked third-party cookies.To sign in, please allow third-party cookies for mendeley.com.'

I'm on version 0.61.51 on Linux

+1 (I'm on version 0.64.77 in Windows 10)

[kjozwiak]

@pmguerre can you please create a new issue regarding Mendely not working with default shield settings? This issue fixed some of the cases when 0.57.x was released which was on around December 4th, 2018. We usually don't reopen issues once they closed.

Once you create an issue, you can mention the bug # in here so folks looking at this issue can find the new issue relating to Mendely.

[josegocampo]

Has this been fixed? It is not allowing me to use the Evernote Clipper Extension, saying I need to allow 3rd party cookies and even if I chose to allow all cookies in Braves settings nothing changes.

[kjozwiak]

@josegocampo are you still having issues with 0.66.99 CR: 75.0.3770.100? I just tried using https://chrome.google.com/webstore/detail/evernote-web-clipper/pioclpoplcdbaefihamjohnefbikjilc with both Email and Google logins and everything seemed to be working while using the default shield settings. I was able to save several articles as screenshots, pages, clips etc.. Example:

How are you attempting to login? Email or Gmail? What are your default cookie settings for shields?

If you're still having issues, can you please create a new issues similar to #3650.

[neolit]

Todoist extension doesn't work when shields are up.
Version 0.70.12 Chromium: 76.0.3809.72 (Official Build) nightly (64-bit)

[ashleshbiradar]

+1 for grammarly. Logs me in the website, but does not log me into the extension.

[c0mpl3xx7]

It's 2021 and the google keep issue is still not solved... I think a lot of us are really sad about this fact

[lesad]

+1 for Todoist extension, still broken as @neolit proved.