Opened 3 years ago

Last modified 2 years ago

#14089 new defect

Google Drive/Docs do not work in Tor Browser

Reported by: garrettr Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-usability-website, tbb-torbutton
Cc: gk, brade, mcs, angelotheram Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Versions

Tor Browser 4.0.2 (Firefox 31.3.0) on Mac OS 10.9.5

STR

  1. Open new Tor Browser session.
  2. Navigate to drive.google.com and log in with a valid Google Account.

Expected Result

The page loads without errors. I am able to use the features of Google Drive, such as creating new documents and editing existing documents.

Actual Result

After the page loads, I see an error message, "There were some problems loading your apps" displayed on the page in a red notification box directly underneath the "Search Drive" input field. After some time elapses, this message changes to "Data load timed out."

Beyond these explicit error messages, the site is generally unusable. It is not possible to create new documents because New > New File doesn't list any file types, as it does in a normal browser. It is not possible to edit existing documents - when double-clicked, there is no "Open" button in the subsequent lightbox view of the document, so the document cannot be opened in Google Docs for editing.

In the Browser Console, I note multiple instances of "[01-02 20:25:10] Torbutton NOTE: Removing 3rd party HTTP auth for url [scrubbed]" which seems related to my activity on Google Drive. As I continue to try to use the site, an increasing amount of these errors are logged.

Additional notes

I have been able to reproduce these errors with the following configurations:

  1. Tor Browser with HTTPS-Everywhere disabled
  2. Tor Browser with NoScript disabled
  3. Tor Browser with HTTPS-Everywhere and NoScript disabled

I have been unable to reproduce the errors from the STR in:

  1. Firefox ESR 31.3.0

This suggests that the errors are not due to any of the following:

  1. Bugs in the Firefox ESR that Tor is based on
  2. Lack of support from Google for the older version of Firefox that Tor Browser is based on
  3. HTTPS-Everywhere
  4. NoScript

The messages in the Browser Console suggest that TorButton may be involved.

Child Tickets

Change History (9)

comment:1 Changed 3 years ago by garrettr

I have confirmed that the error is related to TorButton, specifically the Stanford SafeCache, which is blocking some of Google's requests and thereby breaking Google Docs in fun and interesting ways.

Confirmed workaround: set extensions.torbutton.safecache to a value other than the default of 1. The code appears to think 2 is a good "false" value, but it also looks like any value other than 1 will disable this code path. Weird.

comment:2 Changed 3 years ago by garrettr

Component: Tor BrowserTorbutton

comment:3 Changed 3 years ago by gk

Cc: gk added
Component: TorbuttonTor Browser
Keywords: tbb-usability tbb-torbutton added

comment:4 Changed 3 years ago by mikeperry

Keywords: tbb-usability-website added; tbb-usability removed

If this is due to SafeCache, this might be fixed by #13900. In fact, it may also be fixed in 4.5-alpha-2 already. I've been using Google Docs without issue for a while now, and the only difference is I use the 4.5-alpha series..

comment:5 in reply to:  4 Changed 3 years ago by gk

Replying to mikeperry:

If this is due to SafeCache, this might be fixed by #13900.

That patch is not written yet. The HTTP auth related logic is both in the alpha and in the stable version only in Torbutton available. I wonder, though, whether our JavaScript code is doing something wrong here.

garrettr: Could you give me the channel.URI.spec and the parent_spec involved here? You might find them (parent_host in this case which would be helpful as well) if you look at the log line starting with "SSC: Segmenting" immediately before the auth message. Or to be on the safe side rename torbutton_safelog to torbutton_log for the experiment and get it directly from where it occurs (see: https://gitweb.torproject.org/torbutton.git/tree/src/chrome/content/stanford-safecache.js?h=maint-1.7#n182).

comment:6 Changed 3 years ago by mcs

Cc: brade mcs angelotheram added

Now that #13900 has been fixed, the SafeCache code has been removed; therefore, the workaround mentioned above is not applicable. But comments made in #16058 (marked as a duplicate) imply that this bug still exists.

comment:7 Changed 3 years ago by mikeperry

The HTTP Auth errors in the description indicate that this may be some weird dependency on JS usage of HTTP Auth by Google Drive. I wonder if we could isolate HTTP Auth rather than strip it for third parties. That might actually fix this issue. In fact, simply fixing #15954 to make HTTP auth stripping check be based on TLD rather than FQDN might solve this case without the need for full isolation.

In the meantime, flipping the pref extensions.torbutton.restrict_thirdparty to false might fix it (this is the same as unchecking 'Restrict third party cookies and other tracking data' in the Torbutton Privacy and Security Settings UI).

Obviously, this is not something you should run with your TBB long term, as it will disable all of our isolation, and likely break the circuit UI as a result (or at least make it incorrect).

Last edited 3 years ago by mikeperry (previous) (diff)

comment:8 Changed 3 years ago by angelotheram

I can verify that the new workaround, setting extensions.torbutton.restrict_thirdparty to false, works for me. When I set this to false I can scroll through all my files in Google drive, and setting it back to true breaks Google drive scrolling again.

comment:9 Changed 2 years ago by cypherpunks

Severity: Normal

This is still an issue with TorBrowser-5.0.3 on Windows and Linux, but turning off 'Restrict third party cookies and other tracking data' as a workaround still works. To avoid that, I have saved the URLs to each of the docs and those work with 'Restrict third party cookies and other tracking data' enabled. It's just the primary/home page for drive.google.com that is failing.

Note: See TracTickets for help on using tickets.