Non-working sites

[varjolintu]

UPDATE: This thread is obsolete. Please report non-working sites as sub issues under #2386.

Please report any non-working sites to this thread instead of creating a new issue.

Provide the following info when making a report:

1. Exact login URL and the URL of your entry or entries.
2. Dump of console output from the page (Firefox: Tools -> Browser Tools -> Web Developer Tools / Chromium-based: Tools -> Developer -> Javascript Console). Do this only if there's KeePassXC-Browser related output.
3. Have you tried Username-Only Detection, choosing Custom Fields etc.
4. Are you using Autofill instead of the manual one.
5. Does it affect the Username Icon, Autocomplete Menu, Popup Menu?
6. Version 1.8.0 and later, enable Debug Logging from the settings and inspect the pages's JavaScript console. It should show all input fields detected.

Please note that sites that require credentials to be made are with lower priority.

Separately reported non-working sites:
#803 - Nextcloud timeout password prompt
#879 - Bank of the Philippine Islands: https://online.bpi.com.ph/portalserver/onlinebanking/sign-in
#1269 - Mailgun: https://login.mailgun.com/ (Needs an exception for the password field)
#2045 - https://ibank.bog.ge/
#2047 - Flatex: https://www.flatex.de
#2060 - Runtastic: https://www.runtastic.com/en/login
#2109 - Yahoo new password fill problem

[keunes]

Not sure if it's a not-working site, or rather a feature request:
https://www.ethias.be/myethias/public/nl/connexion hides the password field by default:

As a consequence, the fill-and-submit button doesn't show up. I can activate the 'Only username option' - then the fill-and-submit button shows up on page load, but only fills the username and it activates the password field which then stays empty because I indicated only a username field should be considered.
So I'm unsure if this is a 'site not working', or if I should create a feature request to fill hidden password fields :)

[varjolintu]

So I'm unsure if this is a 'site not working', or if I should create a feature request to fill hidden password fields :)

We don't want to fill any hidden password fields.

[keunes]

We don't want to fill any hidden password fields.

Ok, thanks. Guess that makes sense. Still, there's no way I now can auto-fill-and-submit on this site.
From you reply I infer that it's not a 'non-working site' in any case, so I'll create a separate ticket to see how this site can be catered. Thanks again! :)

[stevefalco]

I'm having a problem accessing the CUPS (common unix printing system) admin page on a Fedora Linux system. The URL is https://localhost:631/admin and I've tried specifying this in KeePassXC both with and without the admin part of the URL.

When I browse to this page, there is no initial request for a password, and that is the expected behavior:

Then, when I click on an action, like "Add Printer", a login box pops up, but KeyPassXC-Browser doesn't appear to notice it, perhaps because the URL stays the same:

If I attempt to "Choose custom login fields", that tool is shown behind the login box, and there doesn't appear to be any way to select the user name and password fields:

This is not the only URL with this problem. I also see it on a Raspberry Pi running the "pi-star" Ham radio software. From the pi-star Dashboard page (no password needed), if I click on "Configuration", a login box pops up, the URL doesn't change, and KeyPassXC-Browser doesn't notice the login box.

Is there a way to make this sort of thing work?

Incidentally, when I was using the built-in Firefox password system, it was able to fill in the credentials on these login boxes.

[varjolintu]

@stevefalco Can you use the Web Inspector to check how that dialog is inserted to the page?

[stevefalco]

Ok, here is what the admin page shows before clicking "Add Printer". I've highlighted the entry for "Add Printer":

Once I click "Add Printer", the Inspector becomes blank!

I've never used the inspector before, so I'm probably doing something wrong. Please give me some more "newbie" instructions and I'll get you whatever data you need. :-)

[varjolintu]

I've never used the inspector before, so I'm probably doing something wrong. Please give me some more "newbie" instructions and I'll get you whatever data you need. :-)

Are you sure that is not a HTTP Basic Auth dialog?

[keunes]

Are you sure that is not a HTTP Basic Auth dialog?

That was my thinking also, based on the screenshot (and a touch of memory from using CUPS a long while ago). Maybe we should file a request against CUPS if they could move to an integrated log-in mechanism instead?

[varjolintu]

Are you sure that is not a HTTP Basic Auth dialog?

That was my thinking also, based on the screenshot (and a touch of memory from using CUPS a long while ago). Maybe we should file a request against CUPS if they could move to an integrated log-in mechanism instead?

HTTP Basic Auth should still work, but for now you can only fill credentials from the extension toolbar icon.

[stevefalco]

I don't know enough about http. How would I test to see if this is a basic auth dialog?

I'm not sure what you mean by "for now you can only fill credentials from the extension toolbar icon". There is a "Redetect login fields" button when I click on the extension icon, but the button doesn't do anything for this dialog - here is what it looks like after clicking "Redetect login fields" :

I noticed that the KeePassXC app has browser integration settings "Use this entry only with HTTP Basic Auth" and "Do not use this entry with HTTP Basic Auth". Should I select either of those?

Lastly, is there a way to turn on debugging to see what, if anything, is passed to the extension?

[christophehenry]

The new Synology login page (on v7 OS) makes KeepassXC-browser unusable. In this version, contrary to v6, they adopted a JS-based form where v6 was a plain old HTML form.

So this starts with a form with 1 input for the username:

and you have to click to the next arrow to reveal the password <input>:

But, somehow, they decided to do something I've never seen in webdev before. They just reuse the same <input> on the password panel and differenciate the two by mutating the syno-id property:

It takes the value username when on the username panel and the value password when on the password panel.

[stevefalco]

Regarding my issues from a week or two ago with a CUPS URL and a Pi-Star ham radio URL, it turns out these sites are using basic auth. I turned on the keepassxc-browser setting "Automatically fill in HTTP Basic Auth dialogs and submit them" and now both URLs work properly.

So keepassxc-browser doesn't even detect the login/password fields when that setting is off, but does auto-fill/auto-submit the information when that setting is on. In fact, when the setting is on, I don't even see the normal login screen - I see a little popup from keepassxc-browser instead.

Is that the expected behavior?

[varjolintu]

Regarding my issues from a week or two ago with a CUPS URL and a Pi-Star ham radio URL, it turns out these sites are using basic auth. I turned on the keepassxc-browser setting "Automatically fill in HTTP Basic Auth dialogs and submit them" and now both URLs work properly.

So keepassxc-browser doesn't even detect the login/password fields when that setting is off, but does auto-fill/auto-submit the information when that setting is on. In fact, when the setting is on, I don't even see the normal login screen - I see a little popup from keepassxc-browser instead.

Is that the expected behavior?

Yes :) There's already an alternative implementation that shows a proper dialog on the page for HTTP Basic Auth but it's still under work.

[TESTER-sec]

@TESTER-sec The URL for allowing Cross-Origin Iframes for Site Preferences is https://www.icloud.com/. What I mean by "automatic" here, is the Predefined Sites feature where we add automatic exceptions for common sites that need rules for Username-Only Detection etc.

Understood.

Because of Shadow DOM the password fill must be done manually?

I also tried various other configuration, such as enhanced field detection in the automatic exceptions, but the only thing that works (for me) is to copy the password from the KeePassXC GUI (Right-Click > Copy Password) and then paste it.

Finally, for www.icloud.com this is the only configuration that works (for me) to make User ID fill possible (but no subsequent password fill):

[varjolintu]

@TESTER-sec For Shadow DOM every element must be checked on the page to find them first, and then parse each Shadow DOM element's content. It's very time-consuming and that is why it isn't enabled by default.

I have found multiple pages that no longer work with the password fill, and I'm gonna provide a fix for all of them at the same time.

EDIT: With iCloud the password is filled if you press the Username Icon again.

[vbeffa]

@vbeffa Add https://e.sfcu.org/sfcuonline/ to Site Preferences and enable Improved Input Field Detection for it. The login form is inside Shadow DOM and we support it only partially be default.

Thank you.

[varjolintu]

@varjolintu I guess I don't really know what Auto-Type is. I assumed it would auto fill in my user/pass without me doing anything, but I always need to click a field popup or use the extension icon. The app seems to have screenshot protection, but I was going to show that when I looked for the feature I already have "Enable Auto-Type for this entry" checked.

Is that all I would need to enable to try your suggestion?

Actually, try this:

• Add https://secure.baskbank.com/* to Site Preferences and enable Improved Input Field Detection for it.

[rocketraman]

Just wanted to add a vote to Apple Login password fill no longer working. Username fill works without any issue, but when the password field is added to the form, KeepassXC refuses to fill it, even when explicitly choosing "Fill Password". Have tried the suggestions above, including adding a setting for follow cross-origin frames for https://idmsa.apple.com to no avail. This used to work (without that explicit setting), but has regressed recently.

[varjolintu]

Just wanted to add a vote to Apple Login password fill no longer working. Username fill works without any issue, but when the password field is added to the form, KeepassXC refuses to fill it, even when explicitly choosing "Fill Password". Have tried the suggestions above, including adding a setting for follow cross-origin frames for https://idmsa.apple.com to no avail. This used to work (without that explicit setting), but has regressed recently.

Already fixed for the next version (see #2351). Just wait for the release. Of course you can already add the option manually for Apple's login page.

[rocketraman]

Already fixed for the next version (see #2351). Just wait for the release. Of course you can already add the option manually for Apple's login page.

@varjolintu I added the option manually and it still does not work.

[rocketraman]

[rocketraman]

Here is a screencast with KeepassXC debug logging turned on, maybe it can help:

Screencast_20241016_111612.webm

[varjolintu]

Ah, they've changed the login page to include two buttons. I gotta make a new exception for that. Thanks for the info.

[varjolintu]

@rocketraman Those buttons are possibly only seen when you've set a passkey for your Apple login? Have you set up one?

[rocketraman]

@rocketraman Those buttons are possibly only seen when you've set a passkey for your Apple login? Have you set up one?

I have not configured a passkey for my Apple login because Apple's implementation works only with iOS devices (can't use KeepassXC or my Yubikey AFAIK). Perhaps it is using some other signal to display that button. I do have passkeys enabled elsewhere. And I do have a developer account.

[airtower-luna]

Filling the login form on https://www.vr.fi/ (Finnish Railway) doesn't work, though it seems like fields are detected. Happened with 1.9.3, and also after the update to 1.9.4 today. Debug log:

[Debug keepassxc-browser.js:230] KeePassXC-Browser - Input fields found: [global.js:139:13](moz-extension://***/common/global.js)
Array [ input#login-modal-username.form_input__G8UP1, input#login-modal-password.form_input__G8UP1
 ]
[global.js:142:17](moz-extension://***/common/global.js)
[Debug keepassxc-browser.js:236] KeePassXC-Browser - Login field combinations identified: [global.js:139:13](moz-extension://***/common/global.js)
Array [ {…} ]
[global.js:142:17](moz-extension://***/common/global.js)
[Debug fields.js:199] KeePassXC-Browser - Input fields found: [global.js:139:13](moz-extension://***/common/global.js)
Array [ input#login-modal-username.form_input__G8UP1, input#login-modal-password.form_input__G8UP1
 ]
[global.js:142:17](moz-extension://***/common/global.js)
[Debug fields.js:223] KeePassXC-Browser - Login field combinations identified: [global.js:139:13](moz-extension://***/common/global.js)
Array [ {…} ]
​
0: Object { username: input#login-modal-username.form_input__G8UP1, password: input#login-modal-password.form_input__G8UP1
, passwordInputs: (1) […], … }
​
length: 1

I tried to use the field selector, but the tool ends up behind the modal background, so any attempt to click the buttons closes the modal instead. Screenshot:

I wonder if the button to fill the form actually appears, but ends up hidden behind the modal instead?

[varjolintu]

@airtower-luna They have some nasty overlay that overrides even the z-index the Custom Login Fields banner sets. Something is also messing up with the icons. At least for me the credentials can be still filled using the popup or mouse/keyboard shortcuts.

[airtower-luna]

At least for me the credentials can be still filled using the popup or mouse/keyboard shortcuts.

Thank you, I hadn't thought of those options, they work for me too. 😅 Which turns the issue from a major problem into a mere annoyance.

[stdedos]

I have issues with reddit:

1. Detection is unstable
2. When it happens, giving a new password does NOT trigger an Update dialog

KeePassXC - 2.7.9
KeePassXC-Browser - 1.9.4
Operating system: Linux x86_64
Browser: Chrome/Chromium 114.0.0.0

[varjolintu]

@stdedos This is when you have an account and you change the password?

EDIT: Seems it's not a form. Just three different input fields. This needs some special handling. I'd prefer a bigger change to the code that identifies these kind of situations as well.

[stdedos]

Because the keydb has the wrong password

[varjolintu]

Because the keydb has the wrong password

What do you mean? This is just a situation where the change password fields are not inside a form, and button is not a submit button. This needs custom handling before it can work.

[foss-]

Tried to create a passkey in discourse software. The instance in question is https://forum.antennapod.org/. Both attempts in Firefox 132.0.1 and Brave 1.71.123 resulted in macOS system dialogs showing and preventing creating a passkey which is stored in keepassxc.

Maybe it is not possible to intercept that request. Should it not be possible using a QR Code to create the passkey may be a feasible workaround if support for it gets added.

[jonasbb]

The segmented TOTP fields of the Akamai Control Center login (<https://control.akamai.com/apps/auth/#/login >) are not detected as such. It used to work with older versions of the browser extension (e.g., 1.9.1), but not in the recent ones (1.9.3/1.9.4). This is the code snippet of the login page.

<form _ngcontent-ng-c2604870032="" novalidate="" class="col-sm-offset-1 col-sm-10 ng-pristine ng-invalid ng-touched">
    <akam-form-field _ngcontent-ng-c2604870032="" class="otp-input no-label akam-form-field" _nghost-ng-c3597358192="">
        <div _ngcontent-ng-c3597358192="" class="form-field-container">
            <div _ngcontent-ng-c3597358192="" class="form-field-label"></div>
            <div _ngcontent-ng-c3597358192="" class="form-field-control">
                <auth-otp-input _ngcontent-ng-c2604870032="" formcontrolname="totp" _nghost-ng-c3839044623="" class="ng-pristine ng-invalid ng-touched">
                    <input _ngcontent-ng-c3839044623="" autocomplete="off" inputmode="numeric" type="text" class="otp-code ng-pristine ng-invalid ng-touched" name="otp-code-0">
                    <input _ngcontent-ng-c3839044623="" autocomplete="off" inputmode="numeric" type="text" class="otp-code ng-untouched ng-pristine ng-invalid" name="otp-code-1">
                    <input _ngcontent-ng-c3839044623="" autocomplete="off" inputmode="numeric" type="text" class="otp-code ng-untouched ng-pristine ng-invalid" name="otp-code-2">
                    <input _ngcontent-ng-c3839044623="" autocomplete="off" inputmode="numeric" type="text" class="otp-code ng-pristine ng-invalid ng-touched" name="otp-code-3">
                    <input _ngcontent-ng-c3839044623="" autocomplete="off" inputmode="numeric" type="text" class="otp-code ng-untouched ng-pristine ng-invalid" name="otp-code-4">
                    <input _ngcontent-ng-c3839044623="" autocomplete="off" inputmode="numeric" type="text" class="otp-code ng-untouched ng-pristine ng-invalid" name="otp-code-5">
                </auth-otp-input>
            </div>
        </div>
    </akam-form-field>
</form>

If I use the browser console to add a maxLength to each input, it gets detected as TOTP fields and offers to autofill the value. So maybe this check is too restrictive here.

keepassxc-browser/keepassxc-browser/content/fields.js

Lines 108 to 109 in 6214935

	(input.inputMode === 'numeric' && input.pattern.includes('0-9')) ||
	((input.type === 'text' || input.type === 'number') && input.maxLength === 1) ||

[varjolintu]

Hi all. From now on you can create a new issue for a non-working site, and we will track it using the new thread using sub-issues:
#2386

I'll try to solve some of the reported sites in here, but the conversation has already over 300 messages, so it's quite cumbersome to keep track all of the problems. If there are some sites you have reported but I haven't responded anything, you are free to create a new issue about it.

This one will be closed. Thanks!