LastPass preventing to access top right menu #3766

New Issue

OVERLORD · 2026-02-05T07:22:51+03:00

OVERLORD commented

2026-02-05 07:22:51 +03:00

Originally created by @crystalin on GitHub (Apr 26, 2023).

Describe the Bug

Just did my first installation.
On the main page, I cannot click on the top right buttons.

See the html element that seems to overlay the buttons preventing to click on them

(Removing this lastpass element in the console allows to click on the buttons again)

Refreshing the page doesn't help.
This is the first time (in years) I have such an issue on a website with LastPass so I'm reporting it here

Steps to Reproduce

Install with the script on ubuntu 22
Add Google Project ID/Secret (not sure if this is needed)
Edit profile (name, image, connect Google)
Go back to main page

Expected Behaviour

Being able to click on buttons

Screenshots or Additional Context

No response

Browser Details

Chrome

Exact BookStack Version

v23.02.3

PHP Version

No response

Hosting Environment

Ubuntu 22.04

Originally created by @crystalin on GitHub (Apr 26, 2023). ### Describe the Bug Just did my first installation. On the main page, I cannot click on the top right buttons. See the html element that seems to overlay the buttons preventing to click on them <img width="1447" alt="image" src="https://user-images.githubusercontent.com/329248/234694576-4e70ecdc-2dba-4399-b4c6-3bfadc783abc.png"> (Removing this lastpass element in the console allows to click on the buttons again) Refreshing the page doesn't help. This is the first time (in years) I have such an issue on a website with LastPass so I'm reporting it here ### Steps to Reproduce Install with the script on ubuntu 22 Add Google Project ID/Secret (not sure if this is needed) Edit profile (name, image, connect Google) Go back to main page ### Expected Behaviour Being able to click on buttons ### Screenshots or Additional Context _No response_ ### Browser Details Chrome ### Exact BookStack Version v23.02.3 ### PHP Version _No response_ ### Hosting Environment Ubuntu 22.04

OVERLORD added the 🐛 Bug label 2026-02-05 07:22:51 +03:00

OVERLORD closed this issue

2026-02-05 07:22:54 +03:00

OVERLORD commented

2026-02-05 07:22:57 +03:00

@ssddanbrown commented on GitHub (Apr 26, 2023):

Hi @crystalin,
I suggest maybe disabling lastpass on your BookStack site/domain if possible.
Alternatively, you can add something like the below to the BookStack "Custom HTML Head Content" customization setting to prevent the element being active:

<style>
[data-lastpass-root] {display:none !important;}
</style>

I'm guessing it's trying to show a view in an iframe but the CSP rules that BookStack enforces is blocking the lastpass frame from loading (Since it's rightfully seen as non-trusted content).
As a third option, You could add the extension address to BookStack's ALLOWED_IFRAME_SOURCES option as detailed here which might let that load but I've never tested that with extensions.

Otherwise, I'm not really willing to build-in or maintain workarounds in the core system for plugins/extension that will try to inject their own content into a page in their own way.

@ssddanbrown commented on GitHub (Apr 26, 2023): Hi @crystalin, I suggest maybe disabling lastpass on your BookStack site/domain if possible. Alternatively, you can add something like the below to the BookStack "Custom HTML Head Content" customization setting to prevent the element being active: ```html <style> [data-lastpass-root] {display:none !important;} </style> ``` I'm guessing it's trying to show a view in an iframe but the [CSP rules](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src) that BookStack enforces is blocking the lastpass frame from loading (Since it's rightfully seen as non-trusted content). As a third option, You could add the extension address to BookStack's `ALLOWED_IFRAME_SOURCES` option [as detailed here](https://www.bookstackapp.com/docs/admin/security/#iframe-source-control) which might let that load but I've never tested that with extensions. Otherwise, I'm not really willing to build-in or maintain workarounds in the core system for plugins/extension that will try to inject their own content into a page in their own way.

OVERLORD commented

2026-02-05 07:23:02 +03:00

@crystalin commented on GitHub (Apr 27, 2023):

It makes sense, thank you for the quick response.
I reported it cause I've never seen such a behavior on another website and thought it could reflect a bad UI element on the page.

Using

<style>
[data-lastpass-root] {display:none !important;}
</style>

works

@crystalin commented on GitHub (Apr 27, 2023): It makes sense, thank you for the quick response. I reported it cause I've never seen such a behavior on another website and thought it could reflect a bad UI element on the page. Using ``` <style> [data-lastpass-root] {display:none !important;} </style> ``` works

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#3766