When using docuseal with Firefox, it seems like docuseal does not handle Firefox' canvas extraction permission framework correctly.
The question to allow the permission for the site is asked only after clicking sign on the canvas.
The data extracted at this point is useless random RGB data, because the permission was not given yet.
Docuseal apparently does not check for that and thus creates trash data signatures which are not the result any user would want.
Docuseal has no way of going one step back, and "signing" again. The is no button to "redo" or "reissue" the signature or to tell docuseal "something went wrong, please do again".
Not having such a possibility and not checking if the required permissions to use a browser API are given thus should be considered as an issue worth fixing.
Steps to reproduce:
- Access a docuseal instance from a firefox profile for the first time
- Fill out a form with docuseal
- Use a signing procedure which uses canvas extraction. e.g. "Type Text"
- Get the permission question only after docuseal finished the document with randomized trash data (thus to be considered as corrupted data)
More information on the canvas extraction permission: https://www.firefox.com/nl/features/block-fingerprinting/
See also for even more information:
https://bugzilla.mozilla.org/show_bug.cgi?id=1376865
https://thehackernews.com/2017/10/canvas-browser-fingerprint-blocker.html
https://github.com/johnozbay/canvas-block-detector
When using docuseal with Firefox, it seems like docuseal does not handle Firefox' canvas extraction permission framework correctly.
The question to allow the permission for the site is asked only after clicking sign on the canvas.
The data extracted at this point is useless random RGB data, because the permission was not given yet.
Docuseal apparently does not check for that and thus creates trash data signatures which are not the result any user would want.
Docuseal has no way of going one step back, and "signing" again. The is no button to "redo" or "reissue" the signature or to tell docuseal "something went wrong, please do again".
Not having such a possibility and not checking if the required permissions to use a browser API are given thus should be considered as an issue worth fixing.
Steps to reproduce:
More information on the canvas extraction permission: https://www.firefox.com/nl/features/block-fingerprinting/
See also for even more information:
https://bugzilla.mozilla.org/show_bug.cgi?id=1376865
https://thehackernews.com/2017/10/canvas-browser-fingerprint-blocker.html
https://github.com/johnozbay/canvas-block-detector