Title isn’t changed in the basic authentication popup

cloutierjo / titleUrl

Firefox plugin that add the url in the title

GNU General Public License v3.0

15 stars 4 forks source link

Title isn’t changed in the basic authentication popup #1

Open cloutierjo opened 7 years ago

cloutierjo commented 7 years ago

The title of the windows seen by keepass on websites with basic authentication, mostly companies with intranet services, isn't changed.

Offerel commented 7 years ago

cloutierjo commented 7 years ago

As a work around with keepass, I've added a custom auto type sequence based on the basic auth popup title. So connecting to those 4 web sites I use with basic auth is only triggering auto type and selecting the right web site from those 4 choice.

This is really only a work around for keepass specific use case and I'm still trying to find a real solution to this.

Offerel commented 7 years ago

This is no option for me, since i have more than 200 Entrys for the Window Title "Authentication required". We must find another way...

cloutierjo commented 7 years ago

I think the better fix might be on the keepass side. I can't find anything with the new webExtension API

alerque commented 6 years ago

I've also run up against this. I have about 15 entries for such basic auth sites and it's starting to get obnoxious. The browser internal password manage knows how to keep them straight but it's not passing anything useful that I can see. I'm using the same hack as above for KeepassXC but having to pick between them is not ideal.

Francewhoa commented 6 years ago

Same challenge here. titleUrl is presently not able to add the URL to HTTP Basic Auth pop up. With large amount of HTTP Basic Auth pop ups it's hard and slow to scroll through a long list to find the correct entry.

Steps to reproduce

Go to https://www.httpwatch.com/httpgallery/authentication/#showExample10
Click on "DISPLAY IMAGE" button
The HTTP Basic Auth pop up window will open. Notice that the URL was not added to the HTTP Basic Auth pop up title. This is the challenge.
The suggested new feature expected result is a URL would be added to the HTTP Basic Auth pop up title. Authentication Required - https://<URL.HERE> Instead of Authentication Required

keepass-helper add-on is able to do add URL to HTTP Basic Auth pop up. Maybe some of its open source code could be recycled for add-url-to-window-title?

Any volunteer for a patch? I would be happy to contribute testing and or documentation.

Using:

titleUrl 0.5
Firefox 52.8 at 64 bit
Debian 8 Jessie

Francewhoa commented 6 years ago

Workaround This is an additional temporary workaround. This MultiPass Disarmed for HTTP basic auth add-on is able to store HTTP Basic Authentication credentials.

Strength

Allow you to automatically enter the HTTP Basic Auth credentials. Then use titleUrl add-on and KeePass(X/XC) or equivalent for the remaining form(s).
Open source
No spyware

Challenge It seems to presently have weak storage security. In plain text. I mean a not authorized person with access to your computer would be able to read anything stored using this add on. Such as HTTP Basic Authentication URLs, usernames, and passwords. Related ticket at https://github.com/excitoon/MultiPassDisarmed/issues/2

Suggestion Use this add-on only for appropriate sites. Which do not contain sensitive information. Or off-line.

cloutierjo commented 6 years ago

keepass-helper use an older plugin API that isn't supported in recent firefox version. it isn't possible to reproduce what they where doing with the new plugin API.

I think our best hope is with this firefox feature request: https://bugzilla.mozilla.org/show_bug.cgi?id=613785