Skip to content

Instantly share code, notes, and snippets.

@victorb

victorb/Why is Google blocking Inbox on Firefox?.md

Last active July 18, 2020 04:26
Show Gist options
  • Star 18 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save victorb/1d0f4ee6dc5ec0d6646e to your computer and use it in GitHub Desktop.
Save victorb/1d0f4ee6dc5ec0d6646e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Why is Google blocking Inbox on Firefox?.md

Why is Google blocking Inbox on Firefox?

Recently, Google launched a new service called Inbox. It's basically Gmail re-invented with a different UI and UX. It's a good tool which improved my ability to keep a zero email inbox. I'm currently using the Android application of Inbox and not at all on the desktop, since it's not available for Firefox, my default browser. This requires me to open up Inbox in Google Chrome if I want to see it. Opening up Inbox in Firefox gives the following message:

Image of Inbox message if using Firefox

But, I couldn't understand why it's only available in Google Chrome so I started investigating on why it's so.

User Agent hack

First thing I tried, is to switch the user agent from Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0 (Firefox default user agent for me on Ubuntu Linux) to my Google Chromes user agent instead Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36

This is what I see now:

Image of Inbox working in Firefox

This got rid of the message when loading the page, but the application didn't work. I get an error in the console and the application is just loading but is not interactive because of the error. Could Google be right to be blocking the application since it didn't work in Firefox? To answer that question, I seek out to find out WHY Firefox didn't work and Google Chrome did.

CSP and you

Inspecting the console, we can see that the error is about CSP (Content Security Policy) which protects the browser from loading resource from other domains in order to protect the user of the browser. A quick visit to about:config and setting security.csp.enable to false brings me the following:

Image of Inbox working fully in Firefox

Inbox is running

All right! The application is fully functional. I can do everything I can do in Google Chrome. We have some warnings and errors in the console, but the application is still fully functional. It's slow, a lot slower than Google Chrome. If this is because of Firefox is bad or if Inbox is bad, I leave as a exercise for you to figure out. Animations doesn't seem to work, could be because of webkit-specific transitions or un-implemented Firefox features but I do know, that the application actually works if you want to.

CSP in Firefox and Google Chrome

So, obviously the most painful point for Googles team working on Inbox, is to solve the CSP issue. I'm not 100% sure on how the browsers implementation differs with CSP but there is a main difference in that there seems to be no CSP protected between Google domains in Google Chrome but that's just what I see after a quick look. If someone have more knowledge about this, I would be happy to know about it.

Since I got access to Inbox, the message have been there in Firefox. Yesterday, I figured out a way to circumwent it and use my favorite browser to get access to a webpage that should work in both browsers. Ideally, it would work in most major browsers but my goal was only to have access via Firefox. For now, I'm happy in being able to access Inbox on Firefox but a bit worried since I have to disable CSP. For now, I just keep on using Inbox on my Android phone only.

However, we still haven't figured out exactly why Google is blocking Inbox on Firefox. That the application is not working, seems to not be fully true. With some more man hours, it seems trivial for Google to get the application to run in Firefox to. Maybe too much Chrome specific technologies or just a try to limit the usage of Firefox on the web?

@alicoding
Copy link

I would love to use Inbox on my Firefox browser, too. But! CSP!? Oh that scares me when I have to disable this. Thanks for sharing this though I really appreciated it and I'd hope Google team will come out and explain the reason behind this all non-sense.

@wesleycho
Copy link

Probably the performance threshold Google has for its consumer facing products - if it runs slow on Firefox, then it would have normally have been a release blocker.

@mozfreddyb
Copy link

Disabling CSP globally sounds like a bad idea: This will reduce website security for every website that uses CSP to harden against XSS attacks.

I suggest you to use UserCSP to amend the policy only for Google Inbox. UserCSP was developed during Google Summer of Code 2012 and mentored at Mozilla. It allows you to set custom Content Security Policies per website and is open source

@explorigin
Copy link

Related? https://news.ycombinator.com/item?id=6723827

@sergiopereira
Copy link

I think CSP can also prevent the execution of script tags inside Web Component imports. IIRC Inbox was written using Web Components and the support for Web Components is pretty much Chrome only (well Opera is also using Chrome's Blink). The other browsers rely on polyfills, like Polymer. Something is clearly not supported even with polyfills.

@salgo
Copy link

salgo commented Nov 14, 2014

Interesting article but I'm not sure if I mind that they've released a beta product to work with a single browser. Who hasn't wanted to do that? And if there's certain performance optimisations that make it only work in Chrome for now, fine really, it's beta.

@chrisle
Copy link

chrisle commented Nov 14, 2014

[Disclaimer: I work at Google but I have NOTHING to do with Inbox. The follow info are public links on HN and Mozilla.org. Just passing the info along.]

@wesleycho is correct.

It's a performance issue for the beta launch. There is no intent to exclude it. Firefox is in the works.
https://news.ycombinator.com/item?id=8495498

Also see Bugzilla entry. The use of spare arrays with huge indexes was a performance issue in Firefox. It's been fixed in Inbox and in FF but not shipped in FF yet. (https://bugzilla.mozilla.org/show_bug.cgi?id=1087963)

@caruccio
Copy link

Well, you just answered your own question: because it doesn't work as a product on firefox yet:

  • security issues
  • bad perfomance
  • bad user experience (no animations)

@tehmaspc
Copy link

It's beta - why do people expect the world when something is in beta? Maybe more folks should understand what it means by beta and/or exhibit some common sense and patience. Titles like 'Why is Google blocking Inbox on Firefox?' are not helpful and create FUD for no reason.

@privong
Copy link

privong commented Nov 14, 2014

@tehmaspc Normally, I would agree with you. But Google has kind of done this to themselves, with their habit of leaving things in "beta" for long periods of time. It has somewhat diluted the weight of "beta releases", at least as far as Google goes.

@dccrowley
Copy link

Inbox does not work in safari even though it is a webkit browser. You can't watch Apple keynotes in Crome either. Bitch is the new black? or is it 1997 all over again?

@mbleigh
Copy link

mbleigh commented Nov 14, 2014

@dccrowley remember that Chrome is no longer a WebKit browser, it's now Blink. And large swaths of the things that have been done in Blink since the split would be directly related to performance in an app like Inbox.

Inbox will eventually support Safari. Apple's keynotes will probably never support other browsers because Apple.

@SamJoan
Copy link

SamJoan commented Nov 14, 2014

IMO Google is heading the Microsoft way, either you use all our products or you use none of our products.

Not because of this in particular, but for other fiascos as well (e.g. try and use android without using the closed-source google play)

@cayblood
Copy link

Polymer, the web components framework that Inbox is built on, has some pretty heavyweight polyfills for other browsers that don't fully support the web components spec yet. These polyfills result in a pretty significant performance hit. It's probably improvable, but it will go away altogether as browsers implement the spec more fully.

@fbeauchamp
Copy link

@droope : ms just open a beta for web skype, for all modern browser, and open sourced .net

Just tested inbox on IE11 , it seems ok but with a few graphical bugs

@nevercast
Copy link

As @cayblood said, Chrome has some native support for Web Components, other browsers are lacking behind. It's not that Google is trying to disadvantage you because you're not using Google. It's because you're disadvantaging yourself using a browser with missing support for the BETA application you're trying to use.

Wait for Mozilla to roll out the fixes, then you can Inbox on Firefox all day long.

@mahossam
Copy link

I just want to announce that Maxthon Cloud browser runs Inbox perfectly out of the box (just like chrome).
I tried the Windows and Linux versions. Both are working perfectly.
http://www.maxthon.com/

@erik-alm
Copy link

erik-alm commented Jan 1, 2015

If you're running Ubuntu you can run Inbox without problems in Chromium (which is the open source base for Chrome) - i.e. no need to install Chrome via tar-ball, ppa or deb when you can get Chromium directly from the repos.

@aladinbouzerd
Copy link

@droope you can use other app stores like Amazon or 1mobile

@h4writer
Copy link

h4writer commented Jan 8, 2015

FYI, there is an addon for Firefox that removes the restriction (created it a few days ago):
https://addons.mozilla.org/en-US/firefox/addon/enable-google-inbox/

@hackergrrl
Copy link

Looks like support has been extended to Firefox and Safari.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment