Remove KeePassHttp plugin and qhttp #1752
Conversation
INSTALL.md
Outdated
| -DWITH_XC_YUBIKEY=[ON|OFF] Enable/Disable YubiKey HMAC-SHA1 authentication support (default: OFF) | ||
| -DWITH_XC_BROWSER=[ON|OFF] Enable/Disable KeePassXC-Browser extension support (default: OFF) | ||
| -DWITH_XC_NETWORKING=[ON|OFF] Enable/Disable Networking support (favicon download) (default: OFF) | ||
|
|
||
| -DWITH_XC_ALL=[ON|OFF] Enable/Disable compiling all plugins above (default: OFF) |
There was a problem hiding this comment.
This seems to have different spacing from the rest of the stuff here – looks like they use a combination of spaces and tabs, whereas this is just spaces?
cmake/Findqhttpengine.cmake
Outdated
| include(FindPackageHandleStandardArgs) | ||
| find_package_handle_standard_args(qhttpengine DEFAULT_MSG QHTTPENGINE_LIBRARY QHTTPENGINE_INCLUDE_DIR) | ||
|
|
||
| mark_as_advanced(QHTTPENGINE_LIBRARY QHTTPENGINE_INCLUDE_DIR) |
There was a problem hiding this comment.
Is qhttpengine coming back? ;-)
There was a problem hiding this comment.
Oh yah great catch haha
|
Removed remaining references. |
|
KeePassHTTP, We will miss you 💔 |
|
There is still a Note about KeePassHTTP section in README. |
|
|
|
(Stolen from mozilla-jetpack/jpm#546 (comment), humor from Mozilla :) |
|
@droidmonkey I guess this should be removed or updated. There's also some references to the http connector in |
|
Note: I think this will need a blog post about it or a warning paragraph in the release note, just letting users know that this isn't supported anymore, avoiding thousand of new issues. |
|
The giant yellow banner in 2.3.0 shown for three start-ups wasnt enough? |
|
Yes, but now we need to tell users that we actually removed it :D |
|
Hah of course, we could detect that the service is enabled in the existing configuration file and issue them the final warning. I'll add that to this PR. |
|
I think just a mention in the blog post or the release post is fine, no need to add into KeePassXC itself |
|
Sorry for the delay, I removed the additional HTTP references noted by @louib |
droidmonkey
force-pushed
the
refactor/remove-http
branch
from
9698549 to
ccf272d
Compare
- New Database Wizard [#1952] - Advanced Search [#1797] - Automatic update checker [#2648] - KeeShare database synchronization [#2109, #1992, #2738, #2742, #2746, #2739] - Improve favicon fetching; transition to Duck-Duck-Go [#2795, #2011, #2439] - Remove KeePassHttp support [#1752] - CLI: output info to stderr for easier scripting [#2558] - CLI: Add --quiet option [#2507] - CLI: Add create command [#2540] - CLI: Add recursive listing of entries [#2345] - CLI: Fix stdin/stdout encoding on Windows [#2425] - SSH Agent: Support OpenSSH for Windows [#1994] - macOS: TouchID Quick Unlock [#1851] - macOS: Multiple improvements; include CLI in DMG [#2165, #2331, #2583] - Linux: Prevent Klipper from storing secrets in clipboard [#1969] - Linux: Use polling based file watching for NFS [#2171] - Linux: Enable use of browser plugin in Snap build [#2802] - TOTP QR Code Generator [#1167] - High-DPI Scaling for 4k screens [#2404] - Make keyboard shortcuts more consistent [#2431] - Warn user if deleting referenced entries [#1744] - Allow toolbar to be hidden and repositioned [#1819, #2357] - Increase max allowed database timeout to 12 hours [#2173] - Password generator uses existing password length by default [#2318] - Improve alert message box button labels [#2376] - Show message when a database merge makes no changes [#2551] - Browser Integration Enhancements [#1497, #2253, #1904, #2232, #1850, #2218, #2391, #2396, #2542, #2622, #2637, #2790] - Overall Code Improvements [#2316, #2284, #2351, #2402, #2410, #2419, #2422, #2443, #2491, #2506, #2610, #2667, #2709, #2731]
Description
drumroll please.... this is the official removal of the KeePassHttp support and the qhttp backend. With the integration of the KeePassXC-Browser and native messaging we no longer need this plugin and it was deprecated in 2.3.0.
Closes #913
Motivation and context
HTTP servers in a password manager is not a good idea. Also the KeePassHttp protocol is not very secure.
How has this been tested?
It still compiles!
Types of changes
Checklist:
-DWITH_ASAN=ON. [REQUIRED]