-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bootstrap-content-message-handler.js prints to browser console on every window message, even those made by other extensions #7575
Comments
Same issue in Firefox Linux -- and others are saying it also affects Chrome, Mac, everywhere - https://community.bitwarden.com/t/looping-infinitely-bootstrap-content-message-handler-js-is-looping-infinitely-on-almost-every-website/62270 |
Hi there, Thank you for your report! I have flagged this to our engineering team. If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time - our engineering team will be happy to review these. Thanks once again! |
I turned off every other extension that I have and only had Bitwarden running. Not even logged in and it seems like anything I do triggers this error message. CleanShot.2024-01-16.at.17.08.16.mp4 |
As a web dev, this is an extremely annoying bug, as it clogs up my console which I need in order to do my job. I will most likely have to uninstall the extension if this is not resolved promptly. |
This is super URGENT to be fixed. As said on above, it is highly affecting web dev to do their job. Screen.Recording.2024-01-17.at.10.11.00.AM.mov |
I happen to be working on a React app and use Debug logs specifically because the other types tend to be clogged up, this is an extremely disrupting issue. |
I'm having the same issue in Brave Version 1.61.116 Chromium: 120.0.6099.217 (Official Build) (arm64) |
If you follow the link in the browser console that takes you to the source of the console statement, it shows the source as: init() {
// eslint-disable-next-line no-console -- In content script
console.debug("Attaching message event listener.");
window.addEventListener("message", this.handleWindowMessage, false);
chrome.runtime.onMessage.addListener(this.handleExtensionMessage);
} That doesn't match what was committed to this repository: clients/apps/browser/src/autofill/content/content-message-handler.ts Lines 16 to 19 in 5906a36
Is the extension not being built from the committed code? That seems less than ideal. |
same behaviour on Fedora 39/Firefox 121.0.1 |
Same behaviour on Firefox 121.0.1 (64 bits), as suggested in this topic on bitwarden forum, i disabled React Dev Tools and no more spam error in console. |
Seems to be related to this commit/release Happening everytime anything uses window.postMessage |
Hey folks! We apologize for the flood of logging. That logging was added to our release candidate code to help pin down an issue that was very intermittent. The logging is not in The filter provided by @pensono is a good one. My personal recommendation is to use a different browser/profile to develop in separate from your personal extensions/data. This allows me access to newer chrome API's since I use Chrome Canary to develop vs Firefox personally. It also means I can enable all the other developer goodies in If the logs you care about come from an iframe by chance you can change your devtools to only show messages from that context. In firefox that is done by clicking Or in chrome that same button in at the top of the console tab. |
I just want to make sure I understand...
I have no problem with either of these details. Like I said, I'm just tryin' to make sure I understand. |
Same for me on Firefox on Windows. I had to disabled Bitwarden from Firefox so I can work again // Edit If I disable the Angular DevTools the error also disappears |
With all due respect, fixing this shouldn't take ~3 weeks, and a change like this should really be behind some kind of feature flag that the person testing the extension can enable for themselves, not on by default. If this is the current situation and it's expected to be handled as described, please use this as a learning opportunity how not to do this in the future. |
Sorry, but how does filling my console help you debug this issue? Why was this version pushed out to everyone if it's only a release candidate, not a mainline release? |
Another react dev here with the issue on Firefox. I can't find how to permanently hide these messages on Firefox so I've found that filtering by |
workaroundyou can temporarily install an older version of the extension. firefox
remember to re-enable updates once the issue is fixed. chromeunsure - can someone comment? PS. it's not ok to release something like this publicly. as said before, this should be hidden behind a feature flag or not widely released. please update your release workflow. cc @justindbaur |
Possible to introduce a flag in the options section of the extension? Something like enable logs. So we can easily turn it off, and debugging still will be available? Really annoying thing, since I'm using logs filtering for personal purposes |
@justindbaur, I agree with @DJDavid98 that this isn't the kind of thing that should wait until the next normal release. This is a bug that is quite frustrating for the users who notice it and as such should warrant a bugfix release ASAP. I know you're being flooded right now because of this issue (which is also a hint that it needs to be fixed ASAP), but I do want to say that I'm a huge fan of Bitwarden and appreciate your hard work. |
I need to be able to filter other logs (which makes the regex exclusion disruptive, I'm either filtering for one thing or filtering OUT the bitwarden stuff), and we log out to the debug channel (so I can't just exclude that channel). I'm in that group of people that are just altogether screwed 😄 while there are workarounds, it's incredibly disruptive to my flow either way unfortunately hence my frustration edit: I'll also add that I shouldn't be expected to have to do this as a consumer, so if my options are "do this thing that pulls you out of your flow but technically works" or "downgrade" I'm going to downgrade |
This issue actually just started interfering with how github was loading some of my repositories (stalling to the point of an unresponsive script where I couldn't even open dev tools). I have chosen the option of downgrading for now but I am really surprised that this was ever pushed into production and upon seeing that it has had a large impact that an urgent hotfix is not yet being considered. |
Hello, I'm wondering if this is known to have a performance impact. I noticed the logs while debugging some of my own code, but ignored it for a while by filtering it out. When I closed the tab, my browser froze for several seconds. Now everything's a bit laggy and stuttery. I'll restart of course (which I normally wouldn't do for weeks at a time 😛), and I've rolled back the update myself, so it's not the end of the world. And I'll most likely remember to re-enable updates. But if this does have a major performance impact, which my experience at least hints at, I think that might be a reasonable justification for shipping a dot release ahead of schedule. If that is the case, then I believe filtering is not a solution to the performance issues. Also, it's risky to have users roll back and disable automatic updates. They may forget to ever re-enable it, and then a segment of users will be unreachable by updates. With that said, I don't know anything about your processes so I can't guess how disruptive a dot release would be for your release schedule. I just wanted to register my personal experience, as I'm not sure the performance impact for users has been considered. |
If you do roll back and disable automatic updates, just subscribe to the issue so you see it close so you get reminded to turn them back on. |
There's no way it doesn't have a performance impact - I'm seeing a debug log roughly every second (when I'm trying to work on my own code). Yes I have the debug channel turned off so I don't see the flood of messages, but the information is still in my browser. |
Tangential to the problem at hand, but I just wanted to say how refreshing it is to see such consistently polite and constructive discussion in this issue, despite the clearly significant amount of irritation this has caused a number of web developers (including myself). So many other communities would descend into mud-slinging and insults, so this speaks volumes to the quality of the Bitwarden user community I guess ❤️ And thanks a lot to @justindbaur for his transparent and honest communication "under fire" - this is great to see 👏 That said, I will add my voice to the list of people who really think that an emergency hotfix release is warranted. We're talking about literally removing a single line of code, which surely could have been done with less time and effort than this whole issue has required? So @justindbaur, I would suggest you go back to the people referred to here:
and ask them to think again. Or if there is some reason why cutting an emergency hotfix release to remove one line of code isn't as straightforward as it seems, then explaining that to the community would go a long way towards making people more patient with the status quo. |
hi @justindbaur could you set our expectations for when this will be fixed? Thank you! |
Yep, definitely had a performance impact on my computer, had a few crashes. My mistake was leaving too many tabs open but who doesn't? I hope they solve it soon. |
From what I have seen with extensions, they can take weeks to months to get updates approved. But that probably can be fast tracked given how big bitwarden is. |
Did your manager check with the security team that it isn't leaking any information it shouldn't? For a password manager I would expect more thorough procedures before logging to the live app. |
Hey all, give @justindbaur a break. I know it's disappointing that it's taking this long for a fix but we don't know the internal workings of the Bitwarden team. There are enough workarounds posted for the time being and it will be fixed when it's fixed. |
If true, that would not be a reason to avoid doing a quick hotfix; in fact, if anything it would be a reason to do one ASAP instead of waiting for the next normal release. |
For those saying this extra logging should only apply to people testing. It's possible that the bug they are trying to catch with the extra logging is so rare that they couldn't restrict the logging to just a subset of testers. They probably needed a larger pool. Also, the average user isn't in the dev console and developers should already know how to filter unwanted messages from the console without hand holding. The outrage here is a little overblown. |
'If you accidentally push code to production, you should take it out again' is not really outrage. I was pleased to find a thread that explained why my browser console was doing that. |
True, there are workarounds, and "fixed when it's fixed" is probably good enough for a free product. But is "waiting 3 weeks to fix a known issue caused by a single line of code" good enough for a paid tier? For me, the answer is no. |
Very interesting finding, launched my app and was dumbstruck but then I remembered installing this extension. |
Not sure if this helps others or has been mentioned above... I was experiencing this and found that if I login to the extension it goes away. |
Hey all, happy update, we are preparing a release that will remove the logging. You can see the diff from our previous release here. This should remove all the logging you see from us on your various sites. Please note that updates to browser extensions go through a review on their respective stores. This process can sometimes take several days but we will be pushing this update to 100% of users right away so you should get the update soon after approval. If we are to ever release any logging in the content scripts we will be sure to make it opt-in so that none of our fellow developers have to have this affect them but I also assure you that is was a very one-off scenario and I don't foresee the need for logging in this part of the application to be needed ever again. |
Thank you, @justindbaur. I really appreciate your hard work on Bitwarden. It's an amazing product that I couldn't live without! |
hell ya ty. appreciate your responsiveness, thx for handling this <3 |
just came across this issue, and read through the whole thread. Appreciate the hard work on open source. Happily waiting for the update. |
soon |
i uninstalled bitwarden - problem solved lol |
As a web developer who has certainly pushed worse things to main, I don't think I can throw stones here. Appreciate the candidness and look forward to being able to turn my debug channel back on! |
@NotSaviru Update to 2024.1.1 |
updated but sometime it appears |
Thank you so much for the update! Really appreciated. |
Steps To Reproduce
Example of when the issue would happen:
Using both this addon and Bitwarden's Firefox addon and navigating to youtube.com, the browser console gets flooded with constant debug messages.
Expected Result
bootstrap-content-message-handler.js should probably only log messages that originate from Bitwarden's own scripts.
Actual Result
bootstrap-content-message-handler.js floods the console with debug messages for every window message made by any addon.
Screenshots or Videos
No response
Additional Context
Anything that uses window messages is caught by Bitwarden's bootstrap-content-message-handler.js.
As an example navigating to youtube.com with this addon and Bitwarden's addon enabled, the console gets constantly spammed with these two debug messages:
by Bitwarden's bootstrap-content-message-handler.js
I only marked Windows 11 and Firefox in the issue template as that was where I saw the issue, but I assume the issue isn't exclusive to either.
Operating System
Windows
Operating System Version
11
Web Browser
Firefox
Browser Version
121.0.1
Build Version
2024.1.0
Issue Tracking Info
The text was updated successfully, but these errors were encountered: