TLS 1.2 Handshake: Does the server have to take all extensions sent by the Client?

I am unsure about how extensions are handled in TLS v1.2.

During the handshake, the client is able to add some extensions during ClientHello. As far I understood, the server can pick arbitrary subsets from this list in ServerHello similar to picking the cipher suite, which the client provided during ClientHello. Is this correct?

If not, is it that the server can either take all those extensions into account, or must abort the handshake? I am not sure which is true.

I was looking for an adequate answer here in RFC5246, but didn’t really find the one statement I am looking for.

Can Chrome Extensions steal OAuth tokens from redirect-uri?

This is a duplicate of a stack overflow question, since it might apply more to security and authentication best practices.

I’m working on auth between a Chrome Extension, Google Cloud Platform, and trying to send the id_token JWT to an AWS server to retrieve user data (and/or establish a session?).

My question is this — how can I prevent chrome extensions with tabs permissions from reading the GET request or the redirected URI which has the fully-validated user JWT?

The JWT confirms that a user is who they are, but how do I know my Chrome Extension is the one making the request to my backend?

I have a few ideas:

  1. Maybe I can make a private window that only my extension can control

  2. Maybe I can somehow use the nonce or get the nonce from my server first

  3. Maybe my chrome extension has a private key or some way to verify itself with my backend, which has the public key

Any help would be appreciated, it’s difficult to research this specific scenario.


var url = 'https://accounts.google.com/o/oauth2/v2/auth' +           '?client_id=' + encodeURIComponent(chrome.runtime.getManifest().oauth2.client_id) +           '&response_type=id_token' +           '&redirect_uri=' + encodeURIComponent(chrome.identity.getRedirectURL()) +           '&scope=' + encodeURIComponent(chrome.runtime.getManifest().oauth2.scopes.join(' ')) +           '&nonce=' + Math.floor(Math.random() * 10000000);  chrome.windows.create({ url: 'about:blank' }, function ({ tabs }) {     chrome.tabs.onUpdated.addListener(         function googleAuthorizationHook(tabId, changeInfo, tab) {             if (tab.id === tabs[0].id) {                 if (tab.title !== 'about:blank') {                     console.log(url);                     if (tab.title.startsWith(chrome.identity.getRedirectURL())) {                         const id_token = tab.title.split('#')[1];                         console.log(id_token);                     } else {                         console.error(tab.title)                     }                      chrome.tabs.onUpdated.removeListener(googleAuthorizationHook);                     chrome.tabs.remove(tab.id);                 }             }         }     );      chrome.tabs.update(tabs[0].id, { 'url': url }); }); 

Can lifesense detect elementals, and by extensions golems?

One of my player’s characters is a life oracle who just received life sense. They are arguing that since a golem is powered by elementals, that they should be able to detect the elemental within them and therefore detect golems.

Would their argument hold water? Do elementals count as living or just animated by elemental energy like undead with negative energy?

Ubuntu 18.04 google chrome crashes when gnome shell extensions are loaded

I wanted to use the current version of chrome. But it seems that unless I disable all my gnome shell extensions first it’s not going to happen.

I also tried based on previous questions disabling the sandbox and gpu with no effect. Ouput here:

Also tried deleting the google-chrome directory in ~/.config/

[I]  ~/downloads  google-chrome --no-sandbox --disable-gpu [I]  ~/downloads  google-chrome [25111:25111:0925/181842.865622:ERROR:sandbox_linux.cc(369)] InitializeSandbox() called with multiple threads in process gpu-process. [25111:25111:0925/181843.063204:ERROR:buffer_manager.cc(488)] [.DisplayCompositor]GL ERROR :GL_INVALID_OPERATION : glBufferData: <- error from previous GL command [I]  ~/downloads  google-chrome [26005:26005:0925/182004.342502:ERROR:sandbox_linux.cc(369)] InitializeSandbox() called with multiple threads in process gpu-process. [26005:26005:0925/182004.532653:ERROR:buffer_manager.cc(488)] [.DisplayCompositor]GL ERROR :GL_INVALID_OPERATION : glBufferData: <- error from previous GL command ^C⏎                                                                                                                                                           [I]  ~/downloads  google-chrome [27395:27395:0925/182113.790411:ERROR:sandbox_linux.cc(369)] InitializeSandbox() called with multiple threads in process gpu-process. [27395:27395:0925/182113.950042:ERROR:buffer_manager.cc(488)] [.DisplayCompositor]GL ERROR :GL_INVALID_OPERATION : glBufferData: <- error from previous GL command [27304:27463:0925/182216.357162:FATAL:bus.cc(1215)] D-Bus connection was disconnected. Aborting. fish: “google-chrome” terminated by signal SIGTRAP (Trace or breakpoint trap) [I]  ✘  ~/downloads  google-chrome [4750:4750:0925/182437.014522:ERROR:sandbox_linux.cc(369)] InitializeSandbox() called with multiple threads in process gpu-process. [4750:4750:0925/182437.167120:ERROR:buffer_manager.cc(488)] [.DisplayCompositor]GL ERROR :GL_INVALID_OPERATION : glBufferData: <- error from previous GL command  ^C⏎                                                                                                                                                           [I]  ~/downloads  google-chrome [7102:7102:0925/182637.328197:ERROR:sandbox_linux.cc(369)] InitializeSandbox() called with multiple threads in process gpu-process. [7102:7102:0925/182637.526328:ERROR:buffer_manager.cc(488)] [.DisplayCompositor]GL ERROR :GL_INVALID_OPERATION : glBufferData: <- error from previous GL command [7102:7102:0925/182714.072002:ERROR:buffer_manager.cc(488)] [.DisplayCompositor]GL ERROR :GL_INVALID_OPERATION : glBufferData: <- error from previous GL command [I]  ~/downloads  [7977:7977:0925/182751.089945:ERROR:sandbox_linux.cc(369)] InitializeSandbox() called with multiple threads in process gpu-process. [7977:7977:0925/182751.423313:ERROR:buffer_manager.cc(488)] [.DisplayCompositor]GL ERROR :GL_INVALID_OPERATION : glBufferData: <- error from previous GL command [7977:7977:0925/182810.783713:ERROR:buffer_manager.cc(488)] [.DisplayCompositor]GL ERROR :GL_INVALID_OPERATION : glBufferData: <- error from previous GL command [7977:7977:0925/182818.426713:ERROR:buffer_manager.cc(488)] [.DisplayCompositor]GL ERROR :GL_INVALID_OPERATION : glBufferData: <- error from previous GL command 

GNOME-Shell extensions: Pixel Saver/No Title Bar bug

I’m having trouble hiding my applications’ title bar. Basically, I’ve tried Pixel Saver (which is what I used before reinstalling Ubuntu 18.04) and No Title Bar and for some reason they only work with the Firefox window. In the case of No Title Bar, it shows the minimize, expand and close buttons on the top bar but it doesn’t remove the active application’s title bar (so, yes, I get 3 buttons on the top bar and 3 on the app’s title bar).

I’ve tried uninstalling and reinstalling both extensions, also restarting my computer but nothing seems to work. I can’t understand what’s going on.

One last thing: the min., exp. and close buttons appear on the left-side of the wifi, volume and battery icons. Is there a way to put them on the right-side of those? So, always as the last 3 icons appearing on the right-side of the top bar?

Update: I’ve installed Unite which also merger title bar with top bar but there are still some windows that will not merge. see image

Deploy firefox including extensions to LiveCD

I’m working on a customized LiveCD and would like to provide Firefox including a few extensions pre-installed. The steps of LiveCD customization are done within a self-written .sh-script.

I found this question where an approach for my requirement is discussed.
Following that approach, what I did then via chroot in path edit/ is:

  1. Download the XPI file I want to have installed.
  2. Unzip it.
  3. Read the extension ID in manifest.json (a string like this 'id': '{idstring}').
  4. Create a folder {idstring} in /usr/share/mozilla/extensions and insert all files retrieved by unzipping the XPI file.

Unfortunately, when I test the generated ISO file and run firefox, the extension is not available and is also not installed on startup of firefox.

How can I add an extension to firefox for the LiveCD via a .sh-script? If there are several approaches, I would prefer if the installation is already finished when running firefox on the LiveCD for the first time.

Thanks for your help!

Edit: While after performing the procedure mentioned above the extensions are available in path edit/usr/share/mozilla/extensions in folder {idstring} and therefore should be included in the created LiveCD, I can’t find them when booting from the LiveCD.
What am I missing here?
If you need additional information, just let me know.