We’re seeing an increasing amount of users reporting incompatibility of Enpass Extension with Brave Browser. We’ve identified the problem and isolated it to Brave Browser’s shields blocking all localhost network requests. Upon disabling the shields, the Enpass extension resumes the usual functioning.
Enpass uses localhost connection to establish communication between extension & native app and this functionality is essential to the core functioning of Enpass. The localhost connection is purely used for native app communication and isn’t related to any tracking or fingerprinting activities(which we don’t do anyway). This method of process communication is used very widely by numerous extensions and is supported by all major browsers. To resolve this problem, Brave browser could, in theory, keep blocking websites that are trying to fingerprint users and yet allow extensions to communicate on localhost. Or at the very least, there should be an option/permission to whitelist certain extensions so that Enpass users don’t face this problem in the future.
Some users have reported earlier on the same forum-
Yes, it is. As described, it keeps extensions from connecting to local apps, like our password managers, and literally breaks them by this. I disabled all Brave shields (thus the core of why I use Brave), and now it’s connecting again. That’s really too bad.
We NEED a fix for this, ASAP. There are a number of extensions (like password managers) that need this type of connection to function. It is a terrible UX and as a user that just switched to brave 5 days ago and recommended this browser to 3 friends (who all use Enpass, which is now as useful as a brick bc of this change), saying I am frustrated is an understatement.
Edit: adding @@127.0.0.1 as an exception in brave://adblock fixes the issue for enpass. THIS IS A TEMPORARY FIX! There are possible issues with that, because it can enable other sites to fingerprint you. We still need an official fix for that and disabling ad blocking is not an option, as this is the core functionality of brave.
As I said, it’s a temporary fix and under no circumstances a good one, so I’d understand why they don’t tell us this. Still, I don’t think it’s that hard to allow extensions the connection to localhost and block it for websites. Maybe I’m lacking information here, but I wouldn’t see issues with that.
Oh I’ll not disagree there but yeah more information would have ben appreciated. Heck if they really want to lock down the connection to localhost then either have it automatic as you say or stick a toggle in there to unblock it for extensions so the user has the choice. Not rocket science. I’m amazed it made it out from the beta test version.
I am also having trouble with Enpass. I reported to them and they, and besides they pointing that is because of Brave Shield, it works on other browsers I use (Firefox and Chromium).