[BUG] Favicons from suggestions break cookie creation in some websites
gsabater opened this issue · comments
Hello,
I have notices that I can't login to my phpmyadmin server because the browser refuses to create the session cookie.
Upon further investigation, looks there is a request to an http page inside the login page, which breaks the security and prevents the site from creating cookies. View attachment.
From what i can see, the omnibox is loading an item from my history, which is a localhost server without https, and thus rendering the whole site insecure and then i cannot login.
I have verified this by disabling the extension and then i can login without problems.
I suggest you eiter
- dont inject the omnibox DOM directly into the page
- dont perform searches on page init until the user invoques the omnibox
- dont display images until the user opens the box
I've just updated the extension (will go live in a few minutes, max in an hour).