KeePassHttp Settings (optionally) specify protocol in allow array

[Eothred]

I noticed that when I accept a site to use my keepass entry, the KeePassHttp Settings Allow array is updated with the url that is allowed to do so, without the http/https part (or ftp or whatever else I suppose).

I would like to suggest that one could optionally include the https:// as an example, to say that the username and password should not be sent if the url is http only (some will consider the latter to be less secure). This would make it (more) obvious to me that I am trying to enter a site on a non-secure url, because my user/pwd is not sent to my browser.

The example entry would then look like (if we now imagine that I selected to deny the http and allow the https):

{"Allow":["https://www.amazon.com"],"Deny":["http://www.amazon.com"],"Realm":""}

[phoerious]

I think this should rather be a feature of the browser extension to warn when trying to send credentials for an insecure website. Chrome already does something like that on its own.

[varjolintu]

I'll see what I can do. This would be a nice improvement indeed.

[phoerious]

I wouldn't save the protocol, I'd just warn the user on HTTP.

[Eothred]

Looks to me like this was implemented in 2.3.0 to some extent? I see there is an option to set "Match URL scheme", which appears to be similar to what I suggested