- changed status to duplicate
Could not logIn via http
Issue #32
duplicate
Login via local file (drag&drop) works fine. Same file via http (http://www.MYWEBSITE/sicherung/Private/DatabaseV2.kdbx) does not work! I get always a "{}" message... Any settings / privileges missing?
Comments (9)
-
repo owner
-
repo owner
@paro_parrot if you can attach the KDBX file in bug report, it would help me reproduce the problem and fix it.
Alternatively, can you create a new file, and import old entries? Other people have reported that worked for them.
Thanks.
-
reporter
I'm back with some testings:
-
The kdbx file is ok. No problem opening in local keepass 2.8 installation
-
I tried several locations for the kdbx file on my webserverer. Everytime I get the same error.
-
In Firefox the error message is only "{}" in Chrome and Internet Explorer I get the error message "The provided URL cannot be reached. This is often due to insufficient cross origin resource sharing policy. "
-
browserpass and the kdbx are on my own webserver - is this the problem?
-
-
repo owner
@paro_parrot as the error says: cross origin restriction was probably violated.
If you host BrowsePass on your www.paro.net, you must place the KDBX on that same www.paro.net host.
If you launch BrowsePass locally (on your file system), then you must configure your web server to support CORS.
If you can, please open up Chrome Developer Tools (Ctrl-Shift-I), and look at the requests. You will be able to find out why exactly Chrome fails to download the KDBX.
I would love to help you if you can provide me with more information, preferably step by step instructions you use to set BrowsePass and the KDBX on your web server.
-
reporter
It only works with the same domain (browserpass and kdbx file)!
Hosting browserpass on a subdomain (http://browserpass.MYWEBSITE.com) does not work with a file located at http://www.MYWEBSITE/sicherung/Private/DatabaseV2.kdbx
-
I run into exactly the same situation. The subject seams to be CORS.
Solution: After having installed and activated the Firefox add-on "cors everywhere" by spenibus https://github.com/spenibus/cors-everywhere-firefox-addon it works fine! (For Chrome I do not have any idea.)
Would you mind testing and integrating this functionality into BrowsePass. Thanks a lot!
-
repo owner
@brahmachari: I would like to keep BrowsePass as browser agnostic as possible. But don't let this deter you from adding the feature yourself.
-
I already had a look how I can do it my self - I will not be able to do so. I did not ask for an additional feature, we speak about an XSS-issue. BrowsePass, as it is - I could not make it to work, nor with FF nor with Chrome.
I'm very thankful for using BrowsePass. Let me know what information I can deliver for getting it to work without tweaking it. (It has to be as simple as possible because my administrator has to access my passwords over the internet.)
-
BrowsPass as it is does not work while the .kdbx resides on another domain. (The subject is CORS because we have a XSS-issue). New input how to get it work; there are two ways:
1) enable CORS on the client side (see above 2016-02-01) - works fine!
2a) enable CORS on the server by using .htaccess - does not work for some reason.
<IfModule mod_setenvif.c> <IfModule mod_headers.c> <FilesMatch "\.kdbx$"> SetEnvIf Origin ":" IS_CORS Header set Access-Control-Allow-Origin "*" env=IS_CORS </FilesMatch> </IfModule> </IfModule>2b) enable CORS on the server by using php - does not work either. new file "index.php" (instead of "index.html" what has been renamed to "index-original.html")
<?php header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: GET, POST'); header('Access-Control-Allow-Headers: X-Requested-With'); header('Access-Control-Allow-Credentials: true'); include('index-original.html'); ?>I got the inputs from: http://enable-cors.org
https://gist.github.com/ludo237/5857215
https://www.paddysherry.com/wordpress/uncategorized/cors
Would be great you could have a look at it. :-) Thanks a lot!
- Log in to comment
Duplicate of
#29.