macOS: AutoFill does not see WebDAV databases added by the main app

[gencys]

Description After adding a database on a WebDav server, adding it to KeePassium and enabling AutoFill, the AutoFill popup asks to add a database and doesn't show the previously added database.

How to reproduce Steps to reproduce the behavior:

1. Open KeePassium
2. Add a database hosted on a WebDav server
3. Enable AutoFill
4. Go to a password form
5. Open the autofill promt
6. See that the database is not there and the prompt asks to add one.

Expected behavior KeePassium should remember the database over WebDav that was added before.

Screenshots https://github.com/keepassium/KeePassium/assets/43763900/ed668422-b9b6-4c9a-9f15-1247abc9c04f https://github.com/keepassium/KeePassium/assets/43763900/d91bf8c5-5984-4161-ae3c-3f87f4e8bfac

Environment:

• Device: MacBook Pro, 16-inch, 2019
• OS: MacOS 14.2.1
• App Version: v1.48.142

Additional context I did a fresh install of KeePassium to make sure there was no conflict with any previous database's backups.

[keepassium]

Hi, thank you for the feedback and sorry for such a delay.

I can confirm that on macOS databases added to the main app do not appear in AutoFill. Basically, they maintain independent file lists.

The reason is system's security restrictions. The main app and its AutoFill extension run as two separate processes. When you pick a file via the standard system dialog, KeePassium receives a special reference to the file (a security-scoped bookmark).

That file reference is very restricted, it allows access to the selected file only, only from the calling process (KeePassium), and only on this device. Reinstall the file provider, reinstall the app, try passing the reference to another process — and it won't work. That's security scoping at work.

As I mentioned, the AutoFill extension runs in a separate process. So it cannot resolve references created by the main app. This has been a major problem for years, until Apple fixed this in iOS 14. But on macOS the restrictions remain and AutoFill has its own file list.

This is also listed in AutoFill onboarding screen:

Now, all the above applies to the system's file selection dialog and KeePassium's internal WebDAV connection is not subject to these limitations. But I think it would be even more confusing if only some files added in the main app would show up in AutoFill. So, as a lesser evil, I would rather keep the file lists completely separated.

[gencys]

Alright fair enough thanks for the detailed answer @keepassium and sorry I missed that info there... However it's kinda confusing and tedious for us that when we want to add the DB on WebDav we have to have mounted the WebDav server in the Finder so that we can go and open it in the Finder via the popup. So do you think it'd be possible to have the autofill popup ask for the WebDav creds like the main app does ? (I can open a new issue if necessary)

[keepassium]

So do you think it'd be possible to have the autofill popup ask for the WebDav creds like the main app does ?

Wait, doesn't it already? 🤔

Ah, perhaps you mean the "AutoFill Setup" dialog above. Yes, this is an oversight, I'll get this fixed.

In the meanwhile, click "Skip" in that dialog and then you can get to WebDAV setup via the Plus button → Connect to server.