Skip to content

Check and Handle Situations where the Brower blocks reading canvas data #702

Description

@branleb

When using docuseal with Firefox, it seems like docuseal does not handle Firefox' canvas extraction permission framework correctly.

The question to allow the permission for the site is asked only after clicking sign on the canvas.
The data extracted at this point is useless random RGB data, because the permission was not given yet.
Docuseal apparently does not check for that and thus creates trash data signatures which are not the result any user would want.

Docuseal has no way of going one step back, and "signing" again. The is no button to "redo" or "reissue" the signature or to tell docuseal "something went wrong, please do again".
Not having such a possibility and not checking if the required permissions to use a browser API are given thus should be considered as an issue worth fixing.

Steps to reproduce:

  1. Access a docuseal instance from a firefox profile for the first time
  2. Fill out a form with docuseal
  3. Use a signing procedure which uses canvas extraction. e.g. "Type Text"
  4. Get the permission question only after docuseal finished the document with randomized trash data (thus to be considered as corrupted data)

More information on the canvas extraction permission: https://www.firefox.com/nl/features/block-fingerprinting/
See also for even more information:
https://bugzilla.mozilla.org/show_bug.cgi?id=1376865
https://thehackernews.com/2017/10/canvas-browser-fingerprint-blocker.html
https://github.com/johnozbay/canvas-block-detector

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions