Hi:
I'm using MacPass with MacPassHTTP. I found it will return almost all passwords from the database when I navigated to some new sites as the following screenshot.
The fallback route is www.iqiyi.com -> iqiyi.com, then if iqiyi.com not exists in the database, it will finally fallback to com. However, fallback to the root domain is really not a good idea.
I created a pull request to fix this fallback as KeePassHttp did.
zsxsoft
commented
6 years ago
Hi: I'm using MacPass with MacPassHTTP. I found it will return almost all passwords from the database when I navigated to some new sites as the following screenshot.
I tried to debug it, and I finally found that there is a problem with its fallback. https://github.com/MacPass/KeePassHTTPKit/blob/0817abfb83a09308fd2d5c637e84237bb6c3280d/KeePassHTTPKit/Handlers/KPHHandler.m#L112
The fallback route is
www.iqiyi.com->iqiyi.com, then ifiqiyi.comnot exists in the database, it will finally fallback tocom. However, fallback to the root domain is really not a good idea.I created a pull request to fix this fallback as KeePassHttp did.