Skip to content

HTTP Auth & form on the same site #273

Closed
#343
Closed
HTTP Auth & form on the same site#273
#343
Labels
feature request
@Neraud

Description

@Neraud
Neraud
opened on Aug 24, 2018

When a site uses both HTTP Auth and a standard form login, you can't automatically inject both passwords.

Expected Behavior

Ideally :

  • the user can flag each entry to be used for HTTP Auth, Logon forms, or both
  • the browser extension sorts between the available entries depending on the type of login required
  • if a single one is applicable, it automatically injects, else it fallbacks to the manual user selection

Also, the "Return only best-matching credentials" setting should still work.

Worst case example :
http://domain/app1 & http://domain/app2 have different HTTP Auth and Login forms.
The user should be able to have 4 entries :

No manual interaction should be required once these entries are properly set up.

Current Behavior

Currently, I don't think I can flag an entry for HTTP Auth and another for Login form.
So when I have those 2 entries available for the same site, I am prompted to select the one for HTTP Auth, and then have to select the one for Login form.

Possible Solution

I don't know how the extension works internally, but I guess adding variables to the "KeePassXC-Browser Settings" could be a solution.

Adding a new couple of optional attributes there could work.
For example :
{ "Allow": ["domain"], "Deny": [], "Realm": "", "AllowForHttpAuth": true, "AllowForLoginForm": true }

To preserve the behaviour for existing entries, I assume having both set to true by default would work.

Best UX would be to use a dialog on the browser to let the user flag his entries when multiple ones are applicable, but I assume that's a complicated enhancement.
I don't think many users are impacted by this use case, so I guess having to manually edit the attribute would be sufficient.

Steps to Reproduce (for bugs)

Unfortunately I can't give you access to the site I'm having issue with.
Any site with both HTTP Auth and Login form would work.

Debug info

KeePassXC - 2.3.3
keepassxc-browser - 1.2.0
Operating system: Win
Browser: Chrome & Firefox
Proxy used: YES

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions