This is a post to for users reporting issues with passbolt browser extension.
What is the issue?
Since the rolllout of v4.5 on chrome, some users are reporting not being able to access passbolt. Typically they will experience a blank page on login. In the log they will see errors related to the CSRF token.
Who is affected
Users that have their instance running passbolt under a directory (e.g. https://www.passbolt-domain.com/passbolt)
What is the root cause of the issue
The issue is a change introduced in the browser extension with v4.5 on how CSRF token is managed.
For those requiring immediate access to their passwords, two temporary solutions are available:
- Opt for Firefox or Edge browsers, as they are not affected by this problem.
- Or manually adjust the cookie settings:
- Navigate to your Passbolt instance URL using your browser.
- Access the Chrome developer tools through this link .
- Within the developer tools, select the ‘Application’ tab.
- From the left sidebar, click on ‘Cookies’ and then select your Passbolt URL.
- In the main panel, right-click on the cell for the ‘csrfToken’ path and choose ‘Edit path’.
- Eliminate the trailing slash from the path.
- Reload the page, you should be able to sign-in to passbolt
Long term fix
The team is currently working on releasing v4.5.1 as a hotfix. Ref. Release v4.5.1-rc.0 · passbolt/passbolt_browser_extension · GitHub
We will keep you posted here when the fix is available.
Thank you for your patience and apologies for the inconvenience.