Does not handle basic auth for links opened in a new tab in Firefox
Opened this issue · 2 comments
Expected Behavior
Basic auth is handled in the same way it is as when opening a link in the same tab or in a new window: KeePassXC pops up a dialog asking which credentials to use to fill the dialog, and selecting credentials does so.
Current Behavior
The tab opens and shows Firefox's basic auth dialog. KeePassXC does not offer to fill.
Cancelling Firefox's dialog then reloading the page triggers KeePassXC as expected. It even works if you right-click an unfocused tab and reload it that way. Reloading multiple such tabs at once seems to be a way to trigger #1997.
Possible Solution
Steps to Reproduce (for bugs)
- Have a bookmark or a webpage with a link to a page that uses HTTP Basic auth for which KeePassXC has credentials.
- Middle-click the link to open in a new tab, or right-click and select "Open in New Tab".
Debug info
KeePassXC - 2.8.0-snapshot
KeePassXC-Browser - 1.8.10
Operating system: Linux x86_64
Browser: Mozilla Firefox 121.0
It seems in this situation (opening a bookmark to background tab) Chromium based browsers show the HTTP Basic Auth dialog right away. If cancel is selected, only after that the KeePassXC dialog appear.
After investigating this a bit, there's a few problems when making a possible fix:
- The extension assumes user is on the active tab before retrieving credentials.
- If there are multiple HTTP Basic Auth credentials, the active tab's popup is changed with the accepted login list. That is not possible because there's no stored data for that tab in the background scripts. Either the current tab overrides the current login data (if there is some), or we just don't support multiple HTTP Basic Auth credentials in this scenario.
- Browser's should only trigger the Basic Auth dialog when the tab is active (in my opinion).