alyssaxuu / omni

The all-in-one tool to supercharge your productivity ⌨️

Home Page:https://chrome.google.com/webstore/detail/omni/mapjgeachilmcbbokkgcbgpbakaaeehi?hl=en&authuser=0

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[BUG] Favicons from suggestions break cookie creation in some websites

gsabater opened this issue · comments

Hello,

I have notices that I can't login to my phpmyadmin server because the browser refuses to create the session cookie.
Upon further investigation, looks there is a request to an http page inside the login page, which breaks the security and prevents the site from creating cookies. View attachment.

image

From what i can see, the omnibox is loading an item from my history, which is a localhost server without https, and thus rendering the whole site insecure and then i cannot login.

I have verified this by disabling the extension and then i can login without problems.

I suggest you eiter

  • dont inject the omnibox DOM directly into the page
  • dont perform searches on page init until the user invoques the omnibox
  • dont display images until the user opens the box

I've just updated the extension (will go live in a few minutes, max in an hour).

ezoic increase your site revenue