[BUG] .htaccess authorization blocked

[ogrosko]

When the website is secured by .htaccess authorization (basic) keepasshttp-connector blocks page load (no login popup shows up) and browser says

Waiting for www.some-domain.domain

I have to disable the connector extenson/addon to proceed the page. Same behaviour on FF and Chrome

KeepassConnector: v1.8.4.2 firefox: v1.8.4.2 chrome: v62.0.3202.94

[smorks]

is this the same as issue #41? do you have multiple credentials specified for the site? if so, you should just be able to click on the KeePassHttp-Connector icon and select the proper credentials.

[agsteele]

I'm not sure that #54 is the same as #41. Nor is it quite the same as this issue (#53). In #54 I get a login box but it is never populated with the credentials.

[ogrosko]

I don't think it's the same problem. I'm not able to select credentials because authentification popup window even not shows up.

[smorks]

@ogrosko did you try clicking on the KeePassHttp-Connector icon?

[ogrosko]

Yes but no credentials for select

[smorks]

have you tested on other sites? for example, using the "Standard Auth" button on this site: https://auth-demo.aerobatic.io/

[Doridian]

Same issue. I have credentials saved for that site, but none of them are valid for HTTP Basic Auth (becuase I did/do not store those), they are used for logging in on a form AFTER that Basic Auth, Chrome keeps spinning on the page "Waiting for KeePassHTTP-Connector".

Even disabling the plugin's "Fill Basic Auth fields" option does not make it load successfully.

Also the dialog just shows Select the login information you would like to get logged in with: No options below that, no "Accept" or "Deny" dialog from KeePassXC either.

So far the only ways I have found to get the page to load is:

• Disable the addon entirely
• Enter the URL like https://user:password@domain/ manually

P.S.: The demo site you linked does not expose the problem, but I also don't have any (wrong) credentials stored for that site.

P.P.S.: I have confirmed adding invalid credentials (in my case user and password "test") causes the bug to also occur on that demo page. First KeePassXC asked me for authorization to use them, and once I granted it, the page is now stuck loading forever. Even adding valid credentials does not make it work.

Again: All of this is with "Auto fill HTTP Auth dialogs and send them." turned OFF, it should not even interfere with those dialogs at all. (same results with it turned ON, tho, as well, so it seems as if that option was just entirely ignored by the extension)

[ghost]

Same here: Default authorization-dialog is suppressed but no credentials are provided by keepasshttp-connector. Maybe because URL is not available through URL-bar at that point?

[ogrosko]

@Doridian Exactly what you describe is the problem ;)

[smorks]

@Doridian thanks for your detailed explanation. i will do some testing to try and reproduce this.

[riedel]

Interestingly the bug is only triggered for me on our intranet (trac) site (not on the example above).

Possibly related error in the browser console:

Source-Map-Fehler: TypeError: NetworkError when attempting to fetch resource.
Ressourcen-Adresse: moz-extension://dcd6d0be-ed77-498d-ae41-3b5ffefd7495/browser-polyfill.min.js
Source-Map-Adresse: browser-polyfill.min.js.map

[Felixoid]

This issue affects me as well.

KeePassHttp-Connector Version:
1.0.8
KeePassHttp Version:
1.8.4.2

firefox 57.0.2-1 x64 If you need some additional info - I'm glad to help with a diagnosing.

[smorks]

i believe i found the problem, but it only seems to happen when the "Auto fill HTTP Auth" option is turned OFF, at least for me.

it should be fixed in v1.0.9, which should be available later today.

[Doridian]

Now if I disable HTTP auth, it works fine and doesn't hang my browser anymore. Also when I have valid credentials stored, it will utilize those to auth and work fine.

It seems, however, that when I have multiple credentials stores for a site, then it still offers me no way to select any of those. (I tried with https://auth-demo.aerobatic.io/ ). Storing no credentials: Auth dialog. Storing one credentials (invalid): Auth dialog. Storing two credentials (both invalid): Extension hang. Extension gets the little red square indicating it wants me to pick a credentials, but only gives Select the login information you would like to get logged in with: with no options below.

Here is how I have the creds stored in KeePassXC:

And here is what the extension does:

[smorks]

i will do some testing with how you have it setup to see if i can reproduce the issue.

[smorks]

i've managed to reproduce the issue where no credentials are showing up. appears to only happen in Chrome. will do some further testing.

[smorks]

should be fixed now, and v1.0.10 should be in the chrome web store soon.

[riedel]

Today had the same problem again in

FF Version: 57.0.2

KeePassHttp-Connector Version: 1.0.9

KeePassHttp Version: 1.8.4.2

Additionally I noted that I am actually not able to save HTTP Auth Credentials

[smorks]

have you tried creating a new firefox profile, to see if that makes a difference?

instructions for Windows are here: http://kb.mozillazine.org/Creating_a_new_Firefox_profile_on_Windows

if that still doesn't work, can you give more specifics on what's happening? like if you have multiple credentials for the same site, and what exactly it is that you're seeing?

also, there's no way for the extension to save HTTP Auth Credentials, so those have to be entered manually.

[ogrosko]

@smorks

should be fixed now, and v1.0.10 should be in the chrome web store soon.

Can please also update Firefox addon to latest version I have still v1.0.9 and no updates are found

Thx

[smorks]

Can please also update Firefox addon to latest version I have still v1.0.9 and no updates are found

the fix for 1.0.10 was fixing an issue in chrome only, so i didn't update the firefox version. are you still experiencing the same issue?

is the same site working in chrome but not in firefox?

[ogrosko]

the fix for 1.0.10 was fixing an issue in chrome only, so i didn't update the firefox version. are you still experiencing the same issue?

Yes

It works for me in Chrome with version 1.0.10 and unchecked option Auto fill HTTP Auth dialogs and send them.

In Firefox it doesn't work, no mater if Auto fill HTTP Auth dialogs and send them. is checked or unchecked

[smorks]

can you try and reproduce it at my auth test site: https://auth.brandt.tech ? the correct username & password is "user" - "pw1234".

[ogrosko]

Hmm weird behaviour It works fine with one KeePass entry. No mater if Auto fill HTTP Auth dialogs and send them. is checked/unchecked When I create second entry it works only if Auto fill HTTP Auth dialogs and send them. is unchecked When I delete second entry it doesn't work. No mater if Auto fill HTTP Auth dialogs and send them. is checked/unchecked

[smorks]

are you using KeePass or KeePassXC? if KeePassXC, what version?

[ogrosko]

I'm using MacPass Version 0.7.3 (17830)

[smorks]

i will try and do some testing to see if i can figure out what is going wrong.

[smorks]

It works fine with one KeePass entry. No mater if Auto fill HTTP Auth dialogs and send them. is checked/unchecked

i thought i changed it so it would only work if that option was checked, but in my testing it was always auto-filling with one entry. i'll look into that.

When I create second entry it works only if Auto fill HTTP Auth dialogs and send them. is unchecked When I delete second entry it doesn't work. No mater if Auto fill HTTP Auth dialogs and send them. is checked/unchecked

what do you mean that "it works" or "it doesn't work"? Does it hang, or are there any entries available in the KeePassHttp-Connector icon, or does it prompt you for a username & password?

[smorks]

just to be clear, here's how it worked for me in my testing, with more than 1 entry.

With the Auto fill HTTP Auth dialogs and send them option ON:

• click on KeePassHttp-Connector Icon, see all relevant entries.
• if i pick the correct one, it works.
• if i pick incorrect credentials, you get a popup to enter your username & password.

With the Auto fill HTTP Auth dialogs and send them option OFF:

• always shows a popup to enter your username & password

I tried deleting an entry (both with the entry going to the Recycle Bin, or deleted directly), and it appeared to work correctly for me. Maybe there's a bug in MacPass?