Stuck at Checking AMO Credentials in Firefox Developer Edition

[sparsh238]

I have tried uninstalling and reinstalling the developer edition browser to no avail. Chrome Store Foxified works fine in the normal version of Firefox 59, but it is repeatedly getting stuck at checking AMO credentials in the developer version. I have also tried logging out of AMO in the normal version, but it still doesn't work.

The only way I can install chrome extensions is to foxify them in the normal firefox browser and import them from file in the developer edition browser.

[Jarvvski]

I have this too, but when installing an addon

[klydeinside]

Any news? This has been bugging me so bad.

[Schatteneis]

have the same problem too

[theel0ja]

Same here.

[Mrfiregem]

Checking in to report this bug is also a problem in the latest Nightly build [61.0a1 (2018-04-27) at the time of writing].

[nzec]

Same here.

[john-md86]

same here.

[doio]

Same here. On Firefox 60 now and this is hanging like forever.

[haxalicious]

I think this issue may be caused by a duplicate addon ID. When I download the unsigned version of many addons, especially popular ones and try to sign it through AMO it gives me an error that there is a duplicate addon ID. Changing the ID by opening the addon in a zip file and changing the gecko ID in manifest.json makes it sign properly.

[nzec]

@haxalicious I can't even download the addon. It just shows a white screen when I press on download the addon.

[doio]

I had to install Firefox 57.0, foxify Chrome store extensions and install them back on to Firefox 60.0

[netcrns]

You have to save the unsigned file from the foxified dashboard (click on the foxified addon to open the dashboard) after adding the add-on to firefox. Then go to about:debugging and load temporary add-on. Here you can load the add-on.

This is the text you get when attempting to install it unsigned in the dashboard btw.

[hoshsadiq]

I've got the same issue but I'm not using the Developer Edition.

[znmeb]

I have this too - Firefox 60 on Arch Linux. There is no workaround - this needs a fix!

[luisjotapepe]

Same here! 60.0.1 (64-bit) in Mac

[ghost]

also affecting me

[Noitidart]

Hey all, excuse my insane delay please. I'm in the middle of a lot of stuff.

This is due a bug in Firefox - it's related to this - https://bugzilla.mozilla.org/show_bug.cgi?id=1322113

To get around it, it seems we have to unset "never" from third party cookie settings.

[SavageCore]

I've tried Always, From visited and Never. Same issue each time

[Noitidart]

Oh weird, it might require restart of browser. These are my settings and it works:

I'm thinking of patching this, and when it fails, instead of doing fetch I'll open a new tab and use a content script. It's a bit of work but I think it should get around this.

[Noitidart]

I don't know why the above doesn't work for everyone, but worst case, we have to click on "Exceptions" and then add https://addons.mozilla.org.

[hoshsadiq]

I've got both of these options. Still no luck.

[netcrns]

@Noitidart What you suggested doesn't work for me either.
Did anyone try what I suggested?

[Noitidart]

@hiiamchronos - dang, thanks for testing. This is very weird. Loading temporary addon will work for sure, but I think folks want to load permanently. I'll try to start working on the tab method fallback method. For those interested, what i have to do is add a tab based version (instead of fetch based) of this block -

Chrome-Store-Foxified/src/webext/flow-control/extensions/index.js

Lines 317 to 376 in 0355d61

	let userKey, userSecret;
	{
	const res = yield call(fetch, `${AMO_DOMAIN}/en-US/developers/addon/api/key/`, {
	credentials: 'include'
	});
	const html = yield call([res, res.text]);
	if (html.includes('accept-agreement')) {
	yield put(patch(id, { status:'NEEDS_AGREE', statusExtra:undefined }));
	return;
	} else if (!html.includes('firefox/users/edit') && !html.includes('android/users/edit')) {
	yield put(patch(id, { status:'NOT_LOGGED_IN', statusExtra:undefined }));
	return;
	} else {
	const keyInputHtmlPatt = /input[^<]+jwtkey[^>]+/i;
	const secretInputHtmlPatt = /input[^<]+jwtsecret[^>]+/i
	let keyInputHtml, secretInputHtml;
	[ keyInputHtml ] = keyInputHtmlPatt.exec(html) || [];
	[ secretInputHtml ] = secretInputHtmlPatt.exec(html) || [];
	const valuePatt = /value=["']?(.*?)["' /<]/i;
	if (!keyInputHtml || !secretInputHtml) {
	// need to generate keys
	const [ tokenHtml ] = /input[^<]+csrfmiddlewaretoken[^>]+/i.exec(html) || [];
	if (!tokenHtml) return yield put(patch(id, { status:'Could not generate credentials - please report this bug at https://github.com/Noitidart/Chrome-Store-Foxified/issues.', statusExtra:undefined }));
	const [, token ] = valuePatt.exec(tokenHtml) || [];
	if (!token) return yield put(patch(id, { status:'Could not extract token for credentials - please report this bug at https://github.com/Noitidart/Chrome-Store-Foxified/issues.', statusExtra:undefined }));
	const res = yield call(fetch, `${AMO_DOMAIN}/en-US/developers/addon/api/key/`, {
	method: 'POST',
	credentials: 'include',
	headers: {
	Referer: `${AMO_DOMAIN}/en-US/developers/addon/api/key/`,
	'Content-Type': 'application/x-www-form-urlencoded'
	},
	body: qs.stringify({
	csrfmiddlewaretoken: token,
	action: 'generate'
	})
	});
	const html2 = yield call([res, res.text]);
	[ keyInputHtml ] = keyInputHtmlPatt.exec(html2) || [];
	[ secretInputHtml ] = secretInputHtmlPatt.exec(html2) || [];
	}
	if (!keyInputHtml || !secretInputHtml) return yield put(patch(id, { status:'Could not extract generated credentials - please report this bug at https://github.com/Noitidart/Chrome-Store-Foxified/issues.', statusExtra:undefined }));
	[, userKey ] = valuePatt.exec(keyInputHtml) || [];
	[, userSecret ] = valuePatt.exec(secretInputHtml) || [];
	if (!userKey || !userSecret) return yield put(patch(id, { status:'Could not credential values - please report this bug at https://github.com/Noitidart/Chrome-Store-Foxified/issues.', statusExtra:undefined }));
	}
	}

[ghost]

The extension won't let me save the unsigned extension to disk. Clicking on original or unsigned has no response.

[HeaTx]

same problem here and this appears on about:debugging
using Firefox Developer Edition 61.0b7 (64-bit)

[PatrickGuthridge]

The message in yellow is merely a warning. It doesn't affect the running of the extension at all.

[runcajsz]

Exact same problem here. Clicking on save to disk: Unsigned or Original does nothing. I can not use the about:debugging install method as well, cos I have no Unsigned package file to install.
Is there any workaround in current state? Thanks!
[Firefox 60.0.1 (64-bit), Windows 10 Pro 64-bit (10.0, Build 16299)]

[MikeRatcliffe]

I have the same issue despite enabling all cookies for AMO... I do see this CORS error in the browser console:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://addons.mozilla.org/en-US/developers/addon/api/key/. (Reason: CORS request did not succeed).

[MikeRatcliffe]

I have the same issue despite enabling all cookies for AMO... I do see this CORS error in the browser console:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://addons.mozilla.org/en-US/developers/addon/api/key/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://addons.mozilla.org/en-US/developers/addon/api/key/. (Reason: CORS request did not succeed).

Looking at the network request I see the following headers:
Request:

Host: addons.mozilla.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
origin: moz-extension://f29068b8-7959-8a49-aa4a-3ec79d8cb835
Cookie: __utma=164683759.2128494984.1422745782.1519510008.1523956865.90; optimizelyEndUserId=oeu1510670814912r0.22146363887705678; optimizelySegments=%7B%22245984388%22%3A%22false%22%2C%22246002457%22%3A%22search%22%2C%22246073289%22%3A%22none%22%2C%22246073290%22%3A%22ff%22%7D; optimizelyBuckets=%7B%7D; _ga=GA1.2.285078097.1510678043; __utmz=164683759.1519510008.89.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); sessionid=".eJxVjsFKAzEQht9lz7JkMkl2x5vFQi8FkaLeQpJJ3Lay0U0KovjuZqGXngb-7_9m5rdL386W6mrs7jvJqKPwFAgSowltItDALFuEFHzLFBMjC8SopdDBjAnIsATwfujuulCWZGs-x7nt-zzttziox3J4oPnss3v6ordXNz1vfw67l51ufesudbKXEhc7uTI1KaYxBYlGcQoqEa8nCAAR3CgGAw5JCpXSrXzkpoJUKLRQt8i70N5ZOZ_c_J77kOe6HH2_VvorLf0-c_zYXLt__-kBWF0:1fRlAZ:DkuIP9Rqm1lPllpgxQunRGrrAzk"; _gid=GA1.2.14104536.1528578557; frontend_auth_token="eyJhdXRoX2hhc2giOiJlZjhmYzIzNjRkZmM0ZjlkYzY4ZjkxMTMzMWE4MDc2MWEzOTIwNGZmIiwidXNlcl9pZCI6MTI0MzA1MDR9:1fRl70:cAxwn9gqBd-tZby9_s2NajE4p3I"; taar_cohort=TAAR_COHORT_INCLUDED
Connection: keep-alive

Response:

HTTP/1.1 302 FOUND
Content-Security-Policy: script-src https://ssl.google-analytics.com/ga.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://addons.cdn.mozilla.net; style-src 'self' 'unsafe-inline' https://addons.cdn.mozilla.net; object-src 'none'; default-src 'self'; frame-src 'self' https://www.google.com/recaptcha/; img-src 'self' data: blob: https://ssl.google-analytics.com https://addons.cdn.mozilla.net https://static.addons.mozilla.net https://sentry.prod.mozaws.net; media-src https://videos.cdn.mozilla.net; child-src 'self' https://www.google.com/recaptcha/; connect-src 'self' https://sentry.prod.mozaws.net; font-src 'self' https://addons.cdn.mozilla.net; form-action 'self' https://developer.mozilla.org; base-uri 'self' https://addons.mozilla.org; report-uri /__cspreport__
Content-Type: text/html; charset=utf-8
Date: Sat, 09 Jun 2018 21:26:11 GMT
ETag: "d41d8cd98f00b204e9800998ecf8427e"
Location: https://addons.mozilla.org/en-US/developers/addon/agreement/
Public-Key-Pins: max-age=5184000; includeSubDomains; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="
Server: nginx
strict-transport-security: max-age=31536000
Vary: User-Agent
X-AMO-Request-ID: c11b4a62b9424973b51553df787793c1
x-content-type-options: nosniff
X-Frame-Options: DENY
x-xss-protection: 1; mode=block
transfer-encoding: chunked
Connection: keep-alive

Not sure if that helps you though ;)

[SavageCore]

#113 (comment)

Does not appear to work for me. Still get unsigned warnings and no install. It would appear only ESR, developer edition and Nightly support this - see here.

I was able to save to disk and install temporary from about:debugging though, so the clearing and disabling helps!

[chaoscreater]

I have the same issue as well, on latest Firefox 60.0.2. I have tried this on different PCs, one that had Firefox installed previously and a new install of Windows 10 and new install of Firefox. Same issue.

However, on Firefox v56 and below, it seems to work fine. I have tried to install different Chrome extensions and tested the same Chrome extension install on all PCs in all Firefox versions.

UPDATE:

I have figured out a proper workaround for this.

First, install Foxified in Firefox v56 or below. Then, install the Chrome extensions you want (in Firefox v56). You should then receive an email from Firefox with the addon you've installed. Copy the link in your Firefox v60 and install it there. Go to "Mange Status & Versions" on the addon page and you should be able to click on the .xpi file to install.

[CmdrNorthpaw]

Workaround doesn't work. The Manage Versions screen doesn't have a file download link

[Jarvvski]

I feel like this is never going to be looked at.

[chaoscreater]

@OctoPenguin Bullshit. You just need to follow the instructions. I am still using my workaround method and created an addon just 3 days ago:

[SeriousM]

I can confirm that this workaround works.

[Toriigate]

How idiotic is it, though, that one of Quantum's strengths - compatibility with Chrome extensions - has been undermined so thoroughly and stupidly by Mozilla.

[nzec]

@ShintoPlasm Agree 100%. It is a surprise that Mozilla doesn't contribute to this project themselves. After all, this is a major selling point of Firefox.

[dspjm]

I might try to abandon firefox now. Some Chrome extentions are just too important comparing with the advantages of Firefox.

[SeriousM]

Your comment does not add any value to the issue. Please avoid that.

[dspjm]

For workaround in #113 (comment) Don't need to set the 'xpinstall.signatures.required' in normal versions. Just enable about:debugging and it works.

[Hayd1]

Cannot get it to work, still. Any luck?

[Rimhollow]

The workaround in #113 using v56 worked for me. Note that you'll need to have an account on firefox.com in advance or you won't receive the email, and you might be prompted to log in to addons.mozilla.org twice, as "AMO" (via Foxified) and/or "Developer Hub" (via the email link). Also, you might want to use these instructions to set up a separate profile for Firefox v56 if you have problems.

Goodness, it's kind of a clusterfuck, though. All this just to install an extension.

[Lucretia]

Same Gentoo testing, FF 61.0

[TheAlexPorter]

Thanks @131072 ! The easiest solution was just switching over to the Developer Edition of Firefox and following those steps. I'm so happy this works again.

[subhive]

I've tired the suggested methods, but the only one that has worked for me is rolling back to an old version. Hoping this gets resolved and is working with FF 61 soon.

[RJVB]

Any update from the extension developer on this?

[neekt]

The workaround using an older Firefox version no longer seems to work. I'm now getting the "Could not generate credentials" error on all versions (including 56, 59, and all >=60) on macOS 10.13.6. It was still a functional workaround on v59 when I last used it a couple of months ago (approx), so a recent change must have killed it.

The developer has discontinued work on this extension, so the best we can hope for now is a fork or replacement.

[chaoscreater]

@neekt still works for me, tested just now against Firefox 56. I'm using Windows though but I don't think that matters.

[neekt]

@chaoscreater You're right, it does still work, but it's only working with my old Firefox account. I set up a new Firefox account recently for work, and I'm only getting the credentials error with that. Email is verified, two-step authentication enabled, fresh Firefox profile and everything. Very odd.

Anyway, thanks for prompting me to do more testing! It's good to know there's still a workaround, albeit possibly one that won't work for everyone?

[andrewrembrandt]

FYI - I've reached out to AMO regarding enabling CORS, will report back.

[Noitidart]

Fix merged to master, thank you all! I just need to fix #120 and I can release.

[CmdrNorthpaw]

THANK YOU!!!

…

On Sun, 26 May 2019 at 07:56, Noitidart ***@***.***> wrote: Fix merged to master, thank you all! I just need to fix #120 <#120> and I can release. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#113?email_source=notifications&email_token=AHFA2UGG2FQH46MRZMUYQV3PXIYCNA5CNFSM4EXIK5AKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODWH7T6I#issuecomment-495974905>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHFA2UBF5GUKNGU4DJRFUKDPXIYCNANCNFSM4EXIK5AA> .

[Noitidart]

Thanks @OctoPenguin :) It doesn't have all the bugs ironed out. It's getting stuck at "uploading" but for a different reason now, for some addons. Try it out folks: https://send.firefox.com/download/478f2f27fe5525cc/#AWA2CrJGqdPTnFPEP6bQAQ

[greystonegirl16]

Thanks @OctoPenguin :) It doesn't have all the bugs ironed out. It's getting stuck at "uploading" but for a different reason now, for some addons. Try it out folks: https://send.firefox.com/download/478f2f27fe5525cc/#AWA2CrJGqdPTnFPEP6bQAQ

@Noitidart, the send.firefox link doesn't work anymore. Is there another link I can use to access the updated extension? What I downloaded from the Firefox Extensions is still having the issues outlined in this thread. Thanks!