Fetching a favicon from a localhost url MUST only connect to localhost (even if DuckDuckGo is activated) - Githubissues

keepassxreboot / keepassxc

KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.

https://keepassxc.org/

Other

20.17k stars 1.42k forks source link

Fetching a favicon from a localhost url MUST only connect to localhost (even if DuckDuckGo is activated) #10823

Open stdedos opened 1 month ago

stdedos commented 1 month ago

Overview

Steps to Reproduce

Activate DuckDuckGo website icons
Create a localhost entry
Fetch favicon

Expected Behavior

Since this is a localhost url, only localhost can provide it

Actual Behavior

Download fails

Context

KeePassXC - Version 2.7.8 Revision: f6757d3

Qt 5.12.8 Debugging mode is disabled.

Operating system: Ubuntu 20.04.6 LTS CPU architecture: x86_64 Kernel: linux 5.15.0-107-generic

Enabled extensions:

Auto-Type
Browser Integration
Passkeys
SSH Agent
KeeShare
YubiKey
Secret Service Integration

Cryptographic libraries:

Botan 2.12.1

Operating System: /Linux/ Desktop Env: Gnome Windowing System: X11