Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

web: make flow or message make it clear that the tool generates the phrase for you #91

Open
elithrar opened this issue May 7, 2021 · 3 comments
Open

web: make flow or message make it clear that the tool generates the phrase for you #91

elithrar opened this issue May 7, 2021 · 3 comments

Comments

@elithrar
Copy link

elithrar commented May 7, 2021

Chrome Version 90.0.4430.93 (Official Build) (x86_64)

Steps to reproduce:

  1. Visit webwormhole.io
  2. Create a phrase + join
  3. Observe an uncaught exception in the console
  4. Attempting to join from other clients fails
Uncaught (in promise) bad code
(anonymous) @ webwormhole.js:19
(anonymous) @ webwormhole.js:18
Wormhole @ webwormhole.js:17
connect @ main.js:358

Possibly related is that the Wasm loader fails due to an invalid/incompatible CSP - Content Security Policy of your site blocks the use of 'eval' in JavaScript is reported by Chrome only when we execute the below:

async function wasmready() {
	if (!hacks.nowasm) {
		const go = new Go();
		const wasm = await WebAssembly.instantiateStreaming( // Content-Security-Policy warning triggers here
			fetch(hacks.wasmURL),
			go.importObject,
		);
		go.run(wasm.instance);
	}
}

You need to (unfortunately...) allow unsafe-eval to execute Wasm per WebAssembly/content-security-policy#7
@saljam
Copy link
Owner

saljam commented May 7, 2021
edited
Loading

Hi Matt!

That Chrome warning is almost certainly a red-herring. The Wasm actually runs fine despite it. It's been annoying me for almost a year! Proof for your case: the code that encodes and decodes the phrase is in Wasm. So if you got that far your browser is running Wasm fine.

Now why it failed: "bad code" error mean we couldn't decode the phrase. Possibly a typo? I know our wordlist still has a few words that sounds similar.

The fact that it is uncaught is definitely a regression though! This used to print a more helpful message.

@elithrar
Copy link
Author

elithrar commented May 7, 2021
edited
Loading

Interesting - the phrase was just HELLOTHERE. Using GORILLA still generates the error and a failure to connect -

image
image

I wonder if this is a local/corp proxy issue.

Update: No, going direct, instead of through the corp proxy, does not rectify. Using Chrome v90 and Firefox 88.0.1 (64-bit) as my two clients.

@saljam
Copy link
Owner

saljam commented May 23, 2021

for the record: this is an issue in the instructions in the initial prompt.

it's not clear enough that the tool picks the phrase for the user, so folks who haven't used it before often try to pick their own, e.g. #85.

@saljam saljam changed the title webwormhole.io - uncaught promise prevents connection from being established web: make flow or message make it clear that the tool generates the phrase for you May 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elithrar @saljam