Non-working sites

[varjolintu]

Please report any non-working sites to this thread instead of creating a new issue.

Provide the following info when making a report:

1. Exact login URL and the URL of your entry or entries.
2. Dump of console output from the page (Firefox: Tools -> Browser Tools -> Web Developer Tools / Chromium-based: Tools -> Developer -> Javascript Console). Do this only if there's KeePassXC-Browser related output.
3. Have you tried Username-Only Detection, choosing Custom Fields etc.
4. Are you using Autofill instead of the manual one.
5. Does it affect the Username Icon, Autocomplete Menu, Popup Menu?
6. Version 1.8.0 and later, enable Debug Logging from the settings and inspect the pages's JavaScript console. It should show all input fields detected.

Please note that sites that require credentials to be made are with lower priority.

Separately reported non-working sites:
#803 - Nextcloud timeout password prompt
#879 - Bank of the Philippine Islands: https://online.bpi.com.ph/portalserver/onlinebanking/sign-in
#1269 - Mailgun: https://login.mailgun.com/ (Needs an exception for the password field)
#2045 - https://ibank.bog.ge/
#2047 - Flatex: https://www.flatex.de
#2060 - Runtastic: https://www.runtastic.com/en/login
#2109 - Yahoo new password fill problem

[jedenastka]

URL: https://www.ipko.pl

Description: The username input icon doesn't appear, the password input works perfectly.

Entry URL: The same as URL

Console output:

(index):1 [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-T8j7OyrQ0jX0/EpJebSD1DR2GDVUF4/rcMiG2xO4yGQ='), or a nonce ('nonce-...') is required to enable inline execution.
(index):1 [Report Only] Refused to load the image 'blob:https://www.ipko.pl/48d6e268-0fc9-435a-acd7-ee21ee8750aa' because it violates the following Content Security Policy directive: "img-src 'self' data: www.pkobp.pl".
(index):1 [Report Only] Refused to load the image 'blob:https://www.ipko.pl/ca812e00-2d13-4306-910b-ce9aa2da6096' because it violates the following Content Security Policy directive: "img-src 'self' data: www.pkobp.pl".
(index):1 [Report Only] Refused to load the image 'blob:https://www.ipko.pl/f5c4502d-96c8-4b20-807f-051a9ac0e1c6' because it violates the following Content Security Policy directive: "img-src 'self' data: www.pkobp.pl".

Workarounds:

• Username-only detection fixes the username, but breaks the password instead.
• Using RMB -> Fill username and password to fill only the username, then using password input to fill the password works.
• Since this is a two-page login, I can't set custom fields correctly.

Autofill: no

Versions:

• KeePassXC: 2.6.2
• KeePassXC-Browser: 1.7.8.1
• Operating system: Linux x86_64
• Browser: Chrome/Chromium 90.0.4430.212

[JakobDev]

URL: https://www.gog.com

The KeePassXC Icon appears on the login page, but when I click it, nothing happens.

[varjolintu]

@JakobDev GOG is using login iframe from auth.gog.com. Change your entry URL to https://gog.com or https://auth.gog.com instead.

[varjolintu]

For Garmin, change your entry URL to https://sso.garmin.com or https://garmin.com.

[Moilleadoir]

https://www.redbubble.com/shop/

Right-click options don’t do anything in the popup, but site is detected correctly.

Workaround: clicking on the Redbubble logo takes you to the root of the site, where the same login links to a separate page instead of a popup.

[keunes]

Not sure if it's a not-working site, or rather a feature request:
https://www.ethias.be/myethias/public/nl/connexion hides the password field by default:

As a consequence, the fill-and-submit button doesn't show up. I can activate the 'Only username option' - then the fill-and-submit button shows up on page load, but only fills the username and it activates the password field which then stays empty because I indicated only a username field should be considered.
So I'm unsure if this is a 'site not working', or if I should create a feature request to fill hidden password fields :)

[varjolintu]

So I'm unsure if this is a 'site not working', or if I should create a feature request to fill hidden password fields :)

We don't want to fill any hidden password fields.

[keunes]

We don't want to fill any hidden password fields.

Ok, thanks. Guess that makes sense. Still, there's no way I now can auto-fill-and-submit on this site.
From you reply I infer that it's not a 'non-working site' in any case, so I'll create a separate ticket to see how this site can be catered. Thanks again! :)

[stevefalco]

I'm having a problem accessing the CUPS (common unix printing system) admin page on a Fedora Linux system. The URL is https://localhost:631/admin and I've tried specifying this in KeePassXC both with and without the admin part of the URL.

When I browse to this page, there is no initial request for a password, and that is the expected behavior:

Then, when I click on an action, like "Add Printer", a login box pops up, but KeyPassXC-Browser doesn't appear to notice it, perhaps because the URL stays the same:

If I attempt to "Choose custom login fields", that tool is shown behind the login box, and there doesn't appear to be any way to select the user name and password fields:

This is not the only URL with this problem. I also see it on a Raspberry Pi running the "pi-star" Ham radio software. From the pi-star Dashboard page (no password needed), if I click on "Configuration", a login box pops up, the URL doesn't change, and KeyPassXC-Browser doesn't notice the login box.

Is there a way to make this sort of thing work?

Incidentally, when I was using the built-in Firefox password system, it was able to fill in the credentials on these login boxes.

[varjolintu]

@stevefalco Can you use the Web Inspector to check how that dialog is inserted to the page?

[stevefalco]

Ok, here is what the admin page shows before clicking "Add Printer". I've highlighted the entry for "Add Printer":

Once I click "Add Printer", the Inspector becomes blank!

I've never used the inspector before, so I'm probably doing something wrong. Please give me some more "newbie" instructions and I'll get you whatever data you need. :-)

[varjolintu]

I've never used the inspector before, so I'm probably doing something wrong. Please give me some more "newbie" instructions and I'll get you whatever data you need. :-)

Are you sure that is not a HTTP Basic Auth dialog?

[keunes]

Are you sure that is not a HTTP Basic Auth dialog?

That was my thinking also, based on the screenshot (and a touch of memory from using CUPS a long while ago). Maybe we should file a request against CUPS if they could move to an integrated log-in mechanism instead?

[varjolintu]

If the first attempt to login fails at cb.bank then the redirect to https://web13.secureinternetbank.com/PBI_PBI1151/Login/043310980/1 happens and KeePassXC does not work at that webpage.

With an entry that has https://cb.bank as the URL and https://web13.secureinternetbank.com/ as an additional URL, the latter page still works for me without any issues.

[varjolintu]

I can reproduce the issue (no User ID field detection and KeePassXC will not fill the field via the context menu):

https://online.adp.com/signin/v1/?APPID=Pin4NAS&productId=80e309c3-709e-bae1-e053-3505430b5495&returnURL=https://login.adp.com&callingAppId=landing&TARGET=-SM-https://login.adp.com/ee/getProducts?event=Next&userSelected=anActiveEmployee&transId=89P-M48-4MXMRG

https://online.adp.com/signin/v1/?APPID=WFNPortal&productId=80e309c3-7085-bae1-e053-3505430b5495&returnURL=https://workforcenow.adp.com/&callingAppId=WFN

https://signin.online.adp.com/signin/v1/?APPID=HomepagePortal&productId=80e309c3-7078-bae1-e053-3505430b5495&returnURL=https://portal.adp.com/public/index.htm&callingAppId=HomepagePortal

https://online.adp.com/signin/v1/?APPID=MyTotalSource&productId=80e309c3-70a7-bae1-e053-3505430b5495&returnURL=https://totalsource.adp.com/ts/login.do&callingAppId=MyTotalSource

Add URL https://online.adp.com/* to Site Preferences and enable Username-only Detection and Improved Input Field Detection. The login form is inside Shadow DOM, and the latter option makes some more aggressive identification for these.

[TESTER-sec]

Add URL https://online.adp.com/* to Site Preferences and enable Username-only Detection and Improved Input Field Detection. The login form is inside Shadow DOM, and the latter option makes some more aggressive identification for these.

Thank You

I did add and configure exactly as you instructed above, however it only works for the User ID field.

Right-click -> Fill Password remains not functioning; I must copy the password via the KeePassX GUI and then manually paste the password

[TESTER-sec]

https://web13.secureinternetbank.com/

Thank You, I will try it.

[jibbers42]

I can't get login fields detected for Bask Bank.

1. Exact login URL and the URL of your entry or entries.
   https://secure.baskbank.com/MyAccount/uux.aspx#/login

2. Dump of console output from the page (Firefox: Tools -> Browser Tools -> Web Developer Tools / Chromium-based: Tools -> Developer -> Javascript Console). Do this only if there's KeePassXC-Browser related output.
   I didn't see any related output.

3. Have you tried Username-Only Detection, choosing Custom Fields etc.
   Custom Fields is not able to select the fields on the page. I added the site manually and turned on Improved Input Field Detection, but it didn't help.

4. Are you using Autofill instead of the manual one.
   No autofill

5. Does it affect the Username Icon, Autocomplete Menu, Popup Menu?
   Yes, it behaves like there are no fields on this page.

6. Version 1.8.0 and later, enable Debug Logging from the settings and inspect the pages's JavaScript console. It should show all input fields detected.
   I didn't see any listed.

[varjolintu]

@jibbers42 I have no good solution for this site. The input fields are inside Shadow DOM and the Improved Input Field Detection did not help. Also trying to fill manually from the context menu is interrupted by the page scripts that are trying to manipulate or check the input values.
Your best shot here is to use Auto-Type instead.

[jibbers42]

@varjolintu OK, thanks for having a look

[jibbers42]

@varjolintu I guess I don't really know what Auto-Type is. I assumed it would auto fill in my user/pass without me doing anything, but I always need to click a field popup or use the extension icon.
The app seems to have screenshot protection, but I was going to show that when I looked for the feature I already have "Enable Auto-Type for this entry" checked.

Is that all I would need to enable to try your suggestion?

[droidmonkey]

Auto-type is not browser extension. Please read the user guide for more information.

[varjolintu]

@varjolintu I guess I don't really know what Auto-Type is. I assumed it would auto fill in my user/pass without me doing anything, but I always need to click a field popup or use the extension icon. The app seems to have screenshot protection, but I was going to show that when I looked for the feature I already have "Enable Auto-Type for this entry" checked.

Is that all I would need to enable to try your suggestion?

You can try triggering the Global Auto-Type using the browser extension's context menu on the input field.

[jibbers42]

You can try triggering the Global Auto-Type using the browser extension's context menu on the input field.

Wow that worked great - I didn't know that menu item was there, thanks!

[mrtoikka]

Using the following:
keepassxc-browser 1.9.3
Firefox 130.0.1

I go to https://www.icloud.com/ and click the keepassxc-browser icon in the 'Email or Phone Number' field and I get the following response:

"Error! No logins found. https://idmsa.apple.com"

I've added https://idmsa.apple.com to the URL field for the entry in KeepassXC, and I have also added https://www.icloud.com as an additional URL in the Browser Integration section for the entry, but no luck.

Did I miss something? or is this a bug?

[TESTER-sec]

Using the following: keepassxc-browser 1.9.3 Firefox 130.0.1

I go to https://www.icloud.com/ and click the keepassxc-browser icon in the 'Email or Phone Number' field and I get the following response:

"Error! No logins found. https://idmsa.apple.com"

I've added https://idmsa.apple.com to the URL field for the entry in KeepassXC, and I have also added https://www.icloud.com as an additional URL in the Browser Integration section for the entry, but no luck.

Did I miss something? or is this a bug?

I can replicate this reported issue at-will every single time using Edge.

I even enabled for www.icloud.com via the KeePassXC browser extension, and it does not fix the issue:

[varjolintu]

@mrtoikka @TESTER-sec For me the automatic allowing of Cross-Origin iframes did the job. I'll add an automatic exception for that to the Predefined Sites feature. https://idmsa.apple.com is the only URL I had on my entry.

EDIT: I've noticed some bugs with PayPal's segmented 2FA and Patreon's login page also. Gonna fix those soon, so no need to report those.

[vbeffa]

This was working until today.

1. Exact login URL and the URL of your entry or entries.

https://e.sfcu.org/sfcuonline/uux.aspx#/login

Entry: sfcu.org

2. Dump of console output from the page (Firefox: _Tools -> Browser Tools -> Web Developer Tools_ / Chromium-based: _Tools -> Developer -> Javascript Console_). Do this **only** if there's KeePassXC-Browser related output.

No related output.

3. Have you tried _Username-Only Detection_, choosing _Custom Fields_ etc.

Yes.

4. Are you using _Autofill_ instead of the manual one.

I tried both.

5. Does it affect the _Username Icon, Autocomplete Menu, Popup Menu_?

Nothing is detected any more.

6. Version 1.8.0 and later, enable Debug Logging from the settings and inspect the pages's JavaScript console. It should show all input fields detected.

I don't see any logging of detected input fields.

Any updates on this?

[varjolintu]

@vbeffa Add https://e.sfcu.org/sfcuonline/ to Site Preferences and enable Improved Input Field Detection for it. The login form is inside Shadow DOM and we support it only partially by default.

[TESTER-sec]

@mrtoikka @TESTER-sec For me the automatic allowing of Cross-Origin iframes did the job. I'll add an automatic exception for that to the Predefined Sites feature. https://idmsa.apple.com is the only URL I had on my entry.

EDIT: I've noticed some bugs with PayPal's segmented 2FA and Patreon's login page also. Gonna fix those soon, so no need to report those.

I am unsure what you mean by "automatic allowing of Cross-Origin iframes."

I had to manually add https://idmsa.apple.com and configure Cross-Origin iframes. That worked to fill the User ID, but it does not resolve the fill of the password. I have to manually copy the password and paste it into the password field.

This is the same issue as I reported earlier in this thread for ADP login web pages:

#1358 (comment)

"Right-click -> Fill Password remains not functioning; I must copy the password via the KeePassX GUI and then manually paste the password"

[varjolintu]

@TESTER-sec The URL for allowing Cross-Origin Iframes for Site Preferences is https://www.icloud.com/. What I mean by "automatic" here, is the Predefined Sites feature where we add automatic exceptions for common sites that need rules for Username-Only Detection etc.

[TESTER-sec]

@TESTER-sec The URL for allowing Cross-Origin Iframes for Site Preferences is https://www.icloud.com/. What I mean by "automatic" here, is the Predefined Sites feature where we add automatic exceptions for common sites that need rules for Username-Only Detection etc.

Understood.

Because of Shadow DOM the password fill must be done manually?

I also tried various other configuration, such as enhanced field detection in the automatic exceptions, but the only thing that works (for me) is to copy the password from the KeePassXC GUI (Right-Click > Copy Password) and then paste it.

Finally, for www.icloud.com this is the only configuration that works (for me) to make User ID fill possible (but no subsequent password fill):

[varjolintu]

@TESTER-sec For Shadow DOM every element must be checked on the page to find them first, and then parse each Shadow DOM element's content. It's very time-consuming and that is why it isn't enabled by default.

I have found multiple pages that no longer work with the password fill, and I'm gonna provide a fix for all of them at the same time.

EDIT: With iCloud the password is filled if you press the Username Icon again.

[vbeffa]

@vbeffa Add https://e.sfcu.org/sfcuonline/ to Site Preferences and enable Improved Input Field Detection for it. The login form is inside Shadow DOM and we support it only partially be default.

Thank you.

[varjolintu]

@varjolintu I guess I don't really know what Auto-Type is. I assumed it would auto fill in my user/pass without me doing anything, but I always need to click a field popup or use the extension icon. The app seems to have screenshot protection, but I was going to show that when I looked for the feature I already have "Enable Auto-Type for this entry" checked.

Is that all I would need to enable to try your suggestion?

Actually, try this:

• Add https://secure.baskbank.com/* to Site Preferences and enable Improved Input Field Detection for it.

[rocketraman]

Just wanted to add a vote to Apple Login password fill no longer working. Username fill works without any issue, but when the password field is added to the form, KeepassXC refuses to fill it, even when explicitly choosing "Fill Password". Have tried the suggestions above, including adding a setting for follow cross-origin frames for https://idmsa.apple.com to no avail. This used to work (without that explicit setting), but has regressed recently.

[varjolintu]

Just wanted to add a vote to Apple Login password fill no longer working. Username fill works without any issue, but when the password field is added to the form, KeepassXC refuses to fill it, even when explicitly choosing "Fill Password". Have tried the suggestions above, including adding a setting for follow cross-origin frames for https://idmsa.apple.com to no avail. This used to work (without that explicit setting), but has regressed recently.

Already fixed for the next version (see #2351). Just wait for the release. Of course you can already add the option manually for Apple's login page.

[rocketraman]

Already fixed for the next version (see #2351). Just wait for the release. Of course you can already add the option manually for Apple's login page.

@varjolintu I added the option manually and it still does not work.

[rocketraman]

[rocketraman]

Here is a screencast with KeepassXC debug logging turned on, maybe it can help:

Screencast_20241016_111612.webm

[varjolintu]

Ah, they've changed the login page to include two buttons. I gotta make a new exception for that. Thanks for the info.

[varjolintu]

@rocketraman Those buttons are possibly only seen when you've set a passkey for your Apple login? Have you set up one?

[rocketraman]

@rocketraman Those buttons are possibly only seen when you've set a passkey for your Apple login? Have you set up one?

I have not configured a passkey for my Apple login because Apple's implementation works only with iOS devices (can't use KeepassXC or my Yubikey AFAIK). Perhaps it is using some other signal to display that button. I do have passkeys enabled elsewhere. And I do have a developer account.