keewebhttp subdomain support

Created on 15 Mar 2021  路  3Comments  路  Source: keeweb/keeweb

Describe the bug
It seems that keewebhttp does not respect subdomains with the ChromeKeePass extension. I have already talked to the extension developer, he said that the extension passes the full url to KeeWeb, but Keeweb does not return a specific result for the current subdomain, but for all sites under the main domain.
So it is also some kind of design question if this behavior is intended, and the results should be filtered by the extension itself. But imo keeweb should only expose the minimal dataset for security reasons, as the user can not predict what happens to the autofill credentials on a (possibly) corrupted website.

To Reproduce
Steps to reproduce the behavior:

  1. Install ChromeKeePass Extension for Chrome/Edge
  2. Create 1st password for a site with url example.com
  3. Create 2nd password for a site with url subdomain.example.com
  4. Create 3rd password for a site with url other-subdomain.example.com
  5. Open the site, which is hosted under a subdomain. KeeWeb will now provide all passwords for the single subdomain.

Expected behavior
KeeWeb should only suggest the password with a 100% match for the subdomain. Possibly also the password with the url that has not a subdomain (1st), as it can be considered as kind of wildcard login.

Environment
Chrome/Edge

browser-interaction bug
Source
picture btxtiger

All 3 comments

It should be probably a setting, because it can be a desired behavior too.

antelle picture antelle on 15 Mar 2021

@antelle I also believe this related to the autotype issue issue and I think one entry could mapping to multiple domains or applications as well, for long term design, I would like to see KeeWeb can support one entry can auto type multiple Application/domains, otherwise, users have to duplicate the same keepass entry in order achieve this function which is not a good practice

gynet picture gynet on 18 Mar 2021
👍1

This issue not exactly fixed as asked, and won't be fixed in this form because KeePassHttp is deprecated, but v1.18 version will have an option for subdomains:

subdomains

antelle picture antelle on 28 Apr 2021
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

antelle picture antelle  路  3Comments
rEnr3n picture rEnr3n  路  3Comments
amine250 picture amine250  路  3Comments
denisgarci picture denisgarci  路  4Comments
smacleod picture smacleod  路  4Comments