Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KeePassHttp Settings (optionally) specify protocol in allow array #1467

Closed
Eothred opened this issue Feb 9, 2018 · 4 comments
Closed

KeePassHttp Settings (optionally) specify protocol in allow array #1467

Eothred opened this issue Feb 9, 2018 · 4 comments
Assignees
@varjolintu
Labels
feature: Browser

Comments

@Eothred
Copy link

Eothred commented Feb 9, 2018
edited
Loading

I noticed that when I accept a site to use my keepass entry, the KeePassHttp Settings Allow array is updated with the url that is allowed to do so, without the http/https part (or ftp or whatever else I suppose).

I would like to suggest that one could optionally include the https:// as an example, to say that the username and password should not be sent if the url is http only (some will consider the latter to be less secure). This would make it (more) obvious to me that I am trying to enter a site on a non-secure url, because my user/pwd is not sent to my browser.

The example entry would then look like (if we now imagine that I selected to deny the http and allow the https):

{"Allow":["https://www.amazon.com"],"Deny":["http://www.amazon.com"],"Realm":""}
@phoerious
Copy link
Member

I think this should rather be a feature of the browser extension to warn when trying to send credentials for an insecure website. Chrome already does something like that on its own.

@phoerious phoerious assigned phoerious and varjolintu and unassigned phoerious Feb 11, 2018
@varjolintu
Copy link
Member

I'll see what I can do. This would be a nice improvement indeed.

@phoerious
Copy link
Member

I wouldn't save the protocol, I'd just warn the user on HTTP.

@Eothred
Copy link
Author

Eothred commented Mar 6, 2018

Looks to me like this was implemented in 2.3.0 to some extent? I see there is an option to set "Match URL scheme", which appears to be similar to what I suggested

@varjolintu varjolintu mentioned this issue May 28, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@varjolintu varjolintu

Labels
feature: Browser
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Eothred @phoerious @droidmonkey @varjolintu