Keepassxc-browser: Autofill of HTTP Basic Auth for multiple specific files not working

So credentials for the same URL doesn't automatically work with that auth request?

I've one entry in keepass with the domain itself for the basic auth credentials.
I temporarily deactivated all other entries for that domain/subdomain/subpaths (like user accounts).
And I still can't get it to work.
When I open a webpage where the initial request is behind the basic auth (on the same domain, same credentials) it works fine.

The only way to get this to work would be to investigate every file request during the page load, and I'm not sure if that's something we want to do. Another thing is that it's unclear if this is even possible to do at file level.

If it's possible, maybe as an optional - default deactivated - option 🤔

We are already connected to the webRequest.onAuthRequired, and I'm not aware of any other API that deals with HTTP Basic Auth. I suggest you to debug the extension's background script httpauth.js and see if the file request is visible in the callback function. I would do it myself but I'm lacking an example site.

I've created a test page with a html file and a js file behind a basic auth: https://test.niklas.top/ (test:123)

But... it works. So I have to invastigate more, so apparently the fact that only the file is behind a basic auth is not actually the issue...

@varjolintu I've added 3 other js files with the same credentials. Now only the first popup will get autofilled. I think that could be the issue.

Thanks for the test site. I'll look into it.

Ok. I know what happens but I don't know why it happens.

Each file load sends a request for retrieving credentials from KeePassXC, but only first one of these is received. And the same reply for the first request is seen in all four, which of course causes the last three to ignore it because the reply doesn't match the request.

@varjolintu How's the roadmap of the plugin?
Is it worth it to get on the project and invest time to understand the architecture and look for myself or do you have any ideas how this could be fixed faster and easier by yourself?

I haven't had time to look this any further (yet) but here's some more information about my last attempts to solve this:

Things I tried:

• Removed any possible sleep or delay from the proxy when reading stdin. No help.
• Made a message buffer to the extension that ensures the replies are for the correct request (this could be merged anyway because it increases the reliability of passing messages). No help.
• Made sure that the four request differ and are sent separately. Confirmed.

Things that need to be tried:

• Trace the messages between extension (e.g. with strace) and the proxy to confirm the requests are received correctly. This way we can ensure if the problem is with the proxy, KeePassXC or Native Messaging.
• If the same happens with direct connection to KeePassXC. However, this feature will be removed in 2.6.0.

Changes made in 1.7.0 allowed me to solve this pretty quickly. Give the PR a try.

I imported the branch as a dev extension, allowed the origin and I tried it on my test page, so when I first open it, it asks me to allow access to the entry in KeePassXC, then it loads the first JS file and then it just keeps on loading.. :/

Hmmh? I need to retest it then. It worked for me last time.

Retested it, and it gets stuck after the first file when browsing the page first time. After that all files load normally, if you reload the page.