Kagi Extension API Key Not Persistent in Firefox ESR on Kali Linux

Maxpl01t

Kagi Extension API Key Not Persistent in Firefox ESR on Kali Linux

Steps to Reproduce:

Open Firefox ESR on Kali Linux
Install Kagi extension in Firefox ESR
Open the Kagi extension options
Enter Kagi API key and save changes
Reopen Firefox ESR browser
Observe Kagi API key is missing from extension options
API key is not persisted and needs to be entered again

Expected Behavior:
The entered Kagi API key should be saved by the extension and persisted across Firefox restarts.

Actual Behavior:
The Kagi API key is not saved by the extension in Firefox ESR on Kali Linux. It needs to be re-entered each time Firefox is reopened.

Debug Info:

Firefox ESR browser on Kali Linux
OS version
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: 2023.2
Codename: kali-rolling
Latest Kagi Firefox extension version

Image/Video:

brn

Thanks for reporting this @Maxpl01t . Can you confirm if this is the same issue as reported in https://github.com/kagisearch/browser_extensions/issues/27#issuecomment-1735185298 ? Basically, do you have the option to delete browser history on quit?

Maxpl01t

brn Thanks for the suggestion but this is totally a different issue. Here the problem is that the Universal Summariser API Key is not persistent on Firefox ESR on Kali Linux (actually on Ubuntu is the same).

The issue you mention above is regarding the session token, which I did not even set up manually, as the extension did all the configuration on its own for private browsing, and that works pretty well.

brn

Thanks for clarifying @Maxpl01t . It might not be different, it just depends on how the extension was initially setup, but if you setup a manual session token in it, does that get stored/saved, or is it also lost? (if you don't set it up manually, it should never be lost because it'll be read from kagi.com assuming you're logged in)

Maxpl01t

brn I have just tried both configurations but none of them seems to work. In terms of the session token It was initially set up automatic, I just downloaded and installed the extension and put my credentials to log in of course and It works perfect.

Then I navigated to my API portal under Kagi settings to generate a new API token in order to have access to a more robust summarisation, so I copied the token and pasted on the Kagi Extension settings so I was able to summarise a page using Agnes engine, but after a minute or so, the API token wasn't there.

For testing purposes I configured the session token manually on the extension and it is no different from the automatic log in method. The session token remains with no issues at all. So it is all about the Universal Summarise API Token.

brn

Thanks for looking into it. I don't know what might be the issue, then, and I can't replicate it. Can you see any errors for the extension?

brn

@Maxpl01t is this still happening to you o v0.4.3?

Maxpl01t

brn
It seems to work as intended at the moment with v0.4.3. Many thanks.

KGuser

Very similar issue, but on Windows 11 (23H2). API key disappears after a while during simple browsing. Browser remains open all the time so no session data is being deleted. Firefox console log shows the following at about the time the API key is "lost":

Could not establish connection. Receiving end does not exist. background.js:66
saveToken moz-extension://e208da21-d8c9-4e89-bb50-1c2658f797a6/src/background.js:66
sendRemoveListener on closed conduit search@kagi.com.137438959956 ConduitsChild.sys.mjs:108
_send resource://gre/modules/ConduitsChild.sys.mjs:108
removeListener resource://gre/modules/ExtensionChild.sys.mjs:667
removeListener resource://gre/modules/ExtensionChild.sys.mjs:923
onClicked chrome://browser/content/child/ext-menus.js:289
removeListener resource://gre/modules/ExtensionCommon.sys.mjs:2890
revoke resource://gre/modules/ExtensionCommon.sys.mjs:2912
close resource://gre/modules/ExtensionCommon.sys.mjs:2917
unload resource://gre/modules/ExtensionCommon.sys.mjs:984
unload resource://gre/modules/ExtensionPageChild.sys.mjs:282
unload resource://gre/modules/ExtensionPageChild.sys.mjs:319
destroyExtensionContext resource://gre/modules/ExtensionPageChild.sys.mjs:486

Of note - Log entry (2) also appears in other times, but the API key remains. Hard to pin down a net cause.

OS: Windows 11 Pro (23H2)
Firefox: 120.0.1 (fresh install, only Kagi extension active)
Extension: 0.4.3

brn

@KGuser can you please try, in the extension's permissions/settings, disabling the "Run in Private Windows" toggle, saving the token, then enabling it again?

KGuser

@brn

Same error with both these steps:

Fresh install of extension, only for normal windows (OFF for Run in Private Windows) and manually enter API Key:
Error just as API key is forgotten:
saveToken moz-extension://e208da21-d8c9-4e89-bb50-1c2658f797a6/src/background.js:66
Fresh install of extension, only for normal windows (OFF for Run in Private Windows) and manually enter API Key, then turn ON "Run in Private Windows":
Error when API key is forgotten:
saveToken moz-extension://e208da21-d8c9-4e89-bb50-1c2658f797a6/src/background.js:66

In both cases, the API key is lost a random amount of time later while just simply browsing the net in Firefox. Browser remains open all the time.

KGuser

Extra information.

Looking further into the errors occurring in the console just as the API key is "forgotten", which was forgotten straight after a Kagi Serach:

Unchecked lastError value: Error: The menu id kagi-summarize already exists in menus.create. background.js:231
<anonymous> moz-extension://e208da21-d8c9-4e89-bb50-1c2658f797a6/src/background.js:231
Unchecked lastError value: Error: The menu id kagi-image-search already exists in menus.create. background.js:237
<anonymous> moz-extension://e208da21-d8c9-4e89-bb50-1c2658f797a6/src/background.js:237
Content-Security-Policy warnings 3
Content-Security-Policy: Ignoring “'unsafe-inline'” within script-src: ‘strict-dynamic’ specified search
Content-Security-Policy: Ignoring “https://*.kagi.com” within script-src: ‘strict-dynamic’ specified search
Content-Security-Policy: Ignoring “'unsafe-inline'” within script-src: nonce-source or hash-source specified search
InstallTrigger is deprecated and will be removed in the future. search:242:24140

brn

Thanks for the extra details @KGuser , the errors you mention in the second post don't seem relevant (they happen when there are multiple uninstalls + installs of the extension), but the saveToken errors seem relevant. Is there any more information from them (the stack trace, usually)?

KGuser

@brn - I'm at the edge of my debugging knowledge, and I couldn't get a stack trace. As a feeble attempt to assist, this is what I found:

The following error is the only one that pops up the moment the API key is lost. This is seen in the Firefox "Browser Console":
Could not establish connection. Receiving end does not exist. saveToken moz-extension://e208da21-d8c9-4e89-bb50-1c2658f797a6/src/background.js:66
If I go to Firefox "about:debugging#/runtime/this-firefox", and turn on the developer tools for the extension, The following repeat warning appears in the console window after a few minutes:
Background event page was not terminated on idle because a DevTools toolbox is attached to the extension.
While that developer tools console window is open, the API is NEVER lost. It works perfectly. Once that console window closes, the API key is lost after a random amount of time browsing.
Also, in the "Storage" tab of the extension developer tools, the Extension Storage section shows correct values for api_token, api_engine, session_token and "sync_enabled" as "false". When the API key is lost, api_token and api_engine is undefined, session_token is correct, but now "sync_enabled" is "true".

That's the best I have. Happy hunting!

brn

Thanks @KGuser ! When you see that error in the console, it should be possible to click in the error and get some more information about the trace. If you can't get that, it's fine, though.

KGuser

Thanks @brn . Clicking on the saveToken error, takes me to this section of the extension's background.js

// tell the extension popup to update the UI await browser.runtime.sendMessage({ type: 'synced', token: sessionToken, api_token: sessionApiToken, api_engine: sessionApiEngine, summary_type: sessionSummaryType, target_language: sessionTargetLanguage, });

Specifically the "await browser.runtime.sendMessage" line is highlighted. Not sure if this is what you need.

brn

Ok, that does seem to mean the extension is closed before it reaches that point, which is weird, but I suppose I can work around it, as it's not the saving that's wrong, it's the asking the extension's UI to show the locally saved values that's failing.

brn

v0.5.0 should still help with this as per https://github.com/kagisearch/browser_extensions/pull/62