Reset/Restore Canvas Permission Prompt
When attempting to log-in to a website (Credit Karma) I have previously visited many times with FireFox, I was presented with something new - something I eventually have come to believe is the Canvas Permission Prompt, as described here:
https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting
Not knowing what the prompt wanted from me, I foolishly clicked on the "Don't Allow" button feeling that was the safest thing to do, but realized only as I was clicking the button that the "Always remember my decision" checkbox was default-checked. And as I feared, now whenever I go to the site login page, I am unable to click into the User Name or Password boxes to fill-in my info and nor can I click on the "Log In" button. All other links on the page still seem to work, though.
I have attempted these possible fixes in the about:config list: 1. privacy.resistFingerprinting - I had previously set this to True as per suggestions from several YouTube posters expounding their opinions on safety and security and have been operating with this setting for many months. I tried setting it back to its default False state and restarting FireFox, but the problem still persists. 2. privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts and
privacy.resistFingerprinting.randomDataOnCanvasExtract - These two looked interesting because of the "Canvas" text and I found them to be set to their default True values since the installation of FireFox. I have individually set them each to False followed by a FireFox restart, but still the problem persists.
So how do I get the Canvas Permission Prompt to be reset/restored so I can use the login page to get to my account.
Thx
All Replies (7)
You can try this code in the Browser Console.
Replace "https://xxxx" with the correct origin (protocol and hostname; no trailing '/' and paths).
Services.perms.(Services.scriptSecurityManager.createContentPrincipalFromOrigin("https://xxxx"), "canvas");
Mr. cor-el
Thank you for your response and suggestion. I have to admit that your info and suggestion is way beyond my skill level! In following the information in the Browser Console document, I was able to invoke the "Parent process Browser Console". But, the Title of the console window does not match what is shown in the Browser Console document. Is that OK? Is the difference only due to documentation that has not been updated for a newer version of the Tool?
After I turned on the command line, I copy/pasted the following code per your suggestion and received what I think is an error dump:
Services.perms.(Services.scriptSecurityManager.createContentPrincipalFromOrigin("https://www.creditkarma.com"), "canvas"); Uncaught SyntaxError: missing name after . operator
getEvalResult resource://devtools/server/actors/webconsole/eval-with-debugger.js:251 evalWithDebugger resource://devtools/server/actors/webconsole/eval-with-debugger.js:172 evaluateJS resource://devtools/server/actors/webconsole.js:960 evaluateJSAsync resource://devtools/server/actors/webconsole.js:851 makeInfallible resource://devtools/shared/ThreadSafeDevToolsUtils.js:103
debugger eval code:1:15
Can you determine what I have done incorrectly here?
Thx
Sorry, something appears to went wrong with pasting the command (missing removeFromPrincipal; should have tested it). This should work:
Services.perms.removeFromPrincipal(Services.scriptSecurityManager.createContentPrincipalFromOrigin("https://www.creditkarma.com"), "canvas");Cor-el
Well, I may have broken Browser Console! After your recent reply with the corrected command, I invoked the Browser Console by clicking on the 3BarMenu and selecting More Tools>Browser Console. A new window was displayed with several lines of commands?/status?/whatever in the middle section of the window. This seemed to be a typical operation that I have been seeing since you introduced it to me, but not knowing what I was looking at, I did not inspect the lines very hard nor did I copy/paste them to a text document to log the operation of the Console Browser.
I then copy/pasted the updated command from your response and received the following result:
Services.perms.removeFromPrincipal(Services.scriptSecurityManager.createContentPrincipalFromOrigin("https://www.creditkarma.com"), "canvas"); undefined
Is this the expected result from executing the command?
Unfortunately, I then canceled the Browser Console to determine if I could use the login screen, but the problem still persists. But now, whenever I invoke the Browser Console, the middle section of the window is blank - no lines of commands?/status?/whatever are displayed. And this operation occurs regardless of the browser window used to invoke the Browser Console.
So, did I break the Browser Console? Do I have the "https://www.creditkarma.com" string correct in the command? Is there anything else I could do? Or should I abandon all hope and abandon my Credit Karma account?
It is normal the see undefined as the response since this call doesn't return anything.
Is www.creditkarma.com the correct hostname for which you created that exception as you didn't give such details?
There is a Filter bar and buttons where you can select what messages to show in the console. If all are cleared then the display will remain empty. You can use this to check the permissions and possibly test cookie permissions and replace canvas by cookie as you likely have cookie exceptions.
Services.perms.getAllWithTypePrefix("canvas")
Services.perms.getAllWithTypePrefix("cookie")
Cor-el
undefined: OK, good to know, thanks.
correct hostname: Well, the actual login website URL is:
https://www.creditkarma.com/auth/logon/logout
But I understood your original instructions of ".. no trailing '/' and paths" to mean I shouldn't use the "/auth/logon/logout" portion of the URL. Is this correct? Or should I try using the full URL?
Filter buttons: On my display, all of the filter buttons have black text on a light grey background. Prior my first use of the "Services.perms.removeFromPrincipal( ... );" command you suggested earlier, the Browser Console always displayed a set of messages in the middle section of the window whenever I invoked the tool. Ever since I used this command, the buttons remain black text on light grey background, but the middle section now always remains blank upon invoking the tool. As an experiment, I just clicked on the the "Debug" button of the a console I have open and the button background changed to white. Which button state represents an enabled filter?
Check permissions: The following text is displayed by the Browser Console invoked from the login website when the two check permissions commands you suggested are copy/pasted to the console command line: Services.perms.getAllWithTypePrefix("canvas") Array [ XPCWrappedNative_NoHelper ] 0: XPCWrappedNative_NoHelper { type: "canvas", capability: 2, expireType: 0, … } length: 1 <prototype>: Array []
Services.perms.getAllWithTypePrefix("cookie") Array [] length: 0 <prototype>: Array []
Other: Prior to your most recent response, I experimented by using my wife's laptop to access the login website. On my first attempt, I was able to successfully use the login fields to log-in to my account. After logging out and killing the browser window, I opened a new browser window and entered the login page URL again. This time, when I clicked into the Username field, the Canvas Permissions Prompt window was displayed. This time, I cleared the "Always remember my decision" checkbox and then clicked on the "Allow data access" button. The browser re-displayed the login webpage but I am now unable to click into any of the login fields. And the problem still persists on any subsequent attempt to use the login website. Lastly, I am able to access the login page whenever I use the Edge browser.
So is this a bug? I am now fearful that any login webpage that I access that happens to use canvas fingerprinting will become unusable to me because either response I make to the Canvas Permissions Prompt seems to result in a broken login page for me forever when using FireFox.
Thank you for your assistance to date and I would appreciate any further thoughts and help.
You can try to rename permissions.sqlite in the Firefox profile folder to remove all permission to see if that works.