Keep getting "Session expired"

[summersab]

I mainly use the extension to allow the mailto: handler to work, so this isn't a huge issue for me. However, no matter what I do, the plugin shows "ERR" on the icon, and my account shows that the session has expired. I've tried using the beta and mail.protonmail.com but neither makes a difference. I'd be happy to provide more detailed feedback, but I've never debugged a Chrome extension, so . . .

[Elehiggle]

So you are using Chrome? Go to the extension page in Chrome, enable Developer mode in the top right. Then find the ProtonMail extension there and click on Details. You should see a link at "Inspect views". Click on the background page link. Then developer tools should open and click on Console. You should see the error output, make a screenshot and send it here :)

[summersab]

I don't think I needed to obfuscate the hashes, but I did it just in case. Here are the requests and responses that keep getting sent repeatedly. If you need any other information, let me know!

GET /api/events/latest HTTP/1.1
Host: beta.protonmail.com
Connection: keep-alive
Accept: application/vnd.protonmail.v1+json
DNT: 1
x-pm-appversion: Other
x-pm-uid: XXXXXXXXXXXXXXXXX
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/2019.04 Iridium/2019.04 Safari/537.36 Chrome/73.0.0.0
x-pm-apiversion: 3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: Session-Id=XXXXXXXXXXXXXXXXX; __tawkuuid=e::protonmail.com::XXXXXXXXXXXXXXXXX::2; protonmail-v4-onboard-modal-v2=true; Version=default

HTTP/1.0 401 Unauthorized
date: Mon, 09 Mar 2020 14:33:38 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Fri, 04 May 1984 22:15:00 GMT
pragma: no-cache
cache-control: no-cache, private
access: application/vnd.protonmail.api+json;apiversion=3
set-cookie: Session-Id=XXXXXXXXXXXXXXXXX; Domain=protonmail.com; Path=/; HttpOnly; Secure; Max-Age=7776000
set-cookie: Version=default; Path=/; Secure; Max-Age=7776000
set-cookie: Version=; Domain=protonmail.com; Path=/; Secure; Expires=Thu, 01 Jan 1970 00:00:00 GMT
content-length: 78
content-type: application/json
content-security-policy: default-src 'self'; connect-src 'self' blob:; script-src 'self' blob: 'sha256-XXXXXXXXXXXXXXXXX'; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://secure.protonmail.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.protonmail.ch/reports/csp; frame-ancestors 'none';
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: max-age=2592000, enforce, report-uri="https://reports.protonmail.ch/reports/tls"
public-key-pins-report-only: pin-sha256="XXXXXXXXXXXXXXXXX"; pin-sha256="XXXXXXXXXXXXXXXXX"; report-uri="https://reports.protonmail.ch/reports/tls"
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://reports.protonmail.ch/reports/csp
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
connection: keep-alive

POST /api/auth/refresh HTTP/1.1
Host: beta.protonmail.com
Connection: keep-alive
Content-Length: 0
Accept: application/vnd.protonmail.v1+json
Origin: chrome-extension://jfiaocmgamojjagpllpljapgekgmkaje
x-pm-appversion: Other
x-pm-uid: XXXXXXXXXXXXXXXXX
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/2019.04 Iridium/2019.04 Safari/537.36 Chrome/73.0.0.0
DNT: 1
x-pm-apiversion: 3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: Session-Id=XXXXXXXXXXXXXXXXX; __tawkuuid=e::protonmail.com::XXXXXXXXXXXXXXXXX::2; protonmail-v4-onboard-modal-v2=true; Version=default

HTTP/1.1 400 Bad Request
date: Mon, 09 Mar 2020 14:33:39 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Fri, 04 May 1984 22:15:00 GMT
pragma: no-cache
cache-control: no-cache, private
access: application/vnd.protonmail.api+json;apiversion=3
set-cookie: Session-Id=XXXXXXXXXXXXXXXXX; Domain=protonmail.com; Path=/; HttpOnly; Secure; Max-Age=7776000
set-cookie: Version=default; Path=/; Secure; Max-Age=7776000
set-cookie: Version=; Domain=protonmail.com; Path=/; Secure; Expires=Thu, 01 Jan 1970 00:00:00 GMT
content-length: 72
content-type: application/json
content-security-policy: default-src 'self'; connect-src 'self' blob:; script-src 'self' blob: 'sha256-XXXXXXXXXXXXXXXXX'; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://secure.protonmail.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.protonmail.ch/reports/csp; frame-ancestors 'none';
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: max-age=2592000, enforce, report-uri="https://reports.protonmail.ch/reports/tls"
public-key-pins-report-only: pin-sha256="XXXXXXXXXXXXXXXXX"; pin-sha256="XXXXXXXXXXXXXXXXX"; report-uri="https://reports.protonmail.ch/reports/tls"
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=https://reports.protonmail.ch/reports/csp
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none

[Elehiggle]

The extension somehow does not have the permissions to read the cookies or send the cookies with the request (most likely the latter). Which Chromium-based browser are you using? Are you using any special configurations for your browser?

I have experienced a similar issue on Firefox, because I have the privacy.firstparty.isolate option enabled. I have forked this repo and added code to work around this issue, but due to the nature of it only the main function, persist session, is working (no notifications).

To my knowledge, there is no option like privacy.firstparty.isolate on Chromium. Persisting session should still be possible though whatever the bug might be, so in theory my code could work in your case. But there is no option like privacy.firstparty.isolate that you could check for easily in Chromium like my code does for Firefox.

In any case, if you have a bit of experience and want a quick and dirty solution, you could comment the following two lines: https://github.com/gitladen7/protonmail-webextension/blob/master/src/background/services/emailFetcherService.ts#L177

This will prevent the extension from clearing your session, because it thinks it expired (as the request fails, no cookies = no authorization = 401 Unauthorized).

You can also enable additional logging output to the console with detailed information by enabling the development mode. You could comment the return here: https://github.com/gitladen7/protonmail-webextension/blob/master/src/background/helpers/logger.ts#L6

[summersab]

Ah, this is starting to make sense. I'm using Iridium, a privacy/security-focused browser. I've got DNT enabled and 3rd party cookies disabled. Perhaps that's the issue? I'm not sure how to add an extension to the list of sites that are permitted to store cookies (I assume that would normally be the workaround). Thoughts?

Thanks for your prompt response!

[Elehiggle]

I have just installed Iridium and it works without problems with the extension. DNT/3rd party blocking was enabled by default, and there didn't seem to be other options to harden it even more from the GUI. So that is pretty weird :P

[Elehiggle]

I think it might be because you use beta protonmail. Can you check on mail.protonmail.com instead?

[Elehiggle]

Yeah, apparently @gitladen7 just fixed it in his recent commit. Looks like ProtonMail did some changes to their beta version just today. This still doesn't explain why you have had this issue for many days. Wait 1-2 days until the extension was updated in the stores and try again (Chrome store may take a bit longer). Alternatively, it would be good to confirm it works for you on normal mail.protonmail.com with the current version.