[BUG] Favicons from suggestions break cookie creation in some websites

[gsabater]

Hello,

I have notices that I can't login to my phpmyadmin server because the browser refuses to create the session cookie.
Upon further investigation, looks there is a request to an http page inside the login page, which breaks the security and prevents the site from creating cookies. View attachment.

From what i can see, the omnibox is loading an item from my history, which is a localhost server without https, and thus rendering the whole site insecure and then i cannot login.

I have verified this by disabling the extension and then i can login without problems.

I suggest you eiter

• dont inject the omnibox DOM directly into the page
• dont perform searches on page init until the user invoques the omnibox
• dont display images until the user opens the box

[alyssaxuu]

I've just updated the extension (will go live in a few minutes, max in an hour).