Hello,
How can I manage with your browser extension (ff and chrome) htaccess passwords?
Both are not able to handle them, as I can see.
cheers Thomas
Hi @thomasz Welcome to the forum!
Can you clarify which htaccess passwords are you meaning? Do you mean the authentication form which appears due to htaccess settings? This was taken from my phone, but you get the idea… Like this one:
If so, maybe you are indicating the passbolt in-form feature does not work? Copying and pasting from the extension menu is always an option.
Hello,
I mean the browser access notification like that image shows you.
Under Chrome Desktop oder Firefox and so on.
They appear if you make a htaccess file:
AuthType Basic
AuthUserFile /path/to/.htpasswd
Require valid-user
It’s my understanding this form is from the browser itself instead of a web page that contains an in-page form. If it were an in-page form the extension could interact with it. The extension will recognize you are at the right URL - the red Passbolt extension icon shows a “1” over it. But in a scenario like this I believe that is the limit of interactivity.
However, the extension has clipboard icons which can be used to copy the username/password for this site.
- When arriving at the site, select the suggested password resource in the extension
- in the details for that resource you will see the clipboards on the far right of the extension window
Good Morning, yes technically I know the reason 
But I was not sure if that browser extension can handle it anyway with a trick or something else. Thank you for your support and have a good time
1 Like
You’re welcome! It’s not specifically a passbolt limitation, it’s just outside of the scope of what extensions are able to do.
of course no limitation. but maybe someone would have a nice idea about it 
anyway I love that tool and will using it
Hey, I just found that it’s possible for an extension to (auto) fill the basic auth - “Htaccess credentials” in this topic - so it’s not out of scope of extensions; even if it’s probably hard to solve.
Fyi, here is the GitHub message - related to the commit containing the solution - of Bitwarden : Autofill basic auth prompts · Issue #116 · bitwarden/clients · GitHub
@androot That’s very interesting, thanks for posting. Here’s the corresponding Firefox event documentation webRequest.onAuthRequired - Mozilla | MDN
I may be reading it wrongly, but it seems that if interaction is desired but not autofill, bad credentials would intentionally need to be provided?
With pleasure 
Not sure if I understand what you mean by “interaction is desired but not autofill” … like with the Passbolt’s dropdown ? Maybe with this type of auth, it could be “real” autofill, because there is no (or at least less) risk for the password to get “stolen” by iFrame ; and there is no need to find the login form because there is a function to provide login to the page protected by basic auth.
From the doc, the extension has to be careful not to enter an infinite loop if bad credentials are provided, but it can have a many tries.
Or you mean it has to be a first bad try, so the listener get ready ?
Sorry for my confused answer, I don’t really get the meaning of your message 
@androot Yes, I think you got it right! Sorry, the post was poorly worded. This is a very different scenario than current app behavior:
- would really only be possible with autofill
- entirely programmatic
- doesn’t use UI at all
Not sure what the devs think, maybe they will chime in.
No problem 
Indeed, it would be very different for the point you mentioned ! But it may be useful for many users. Currently, when I use a page with basic auth, I have to go tho the page, see the password prompt, click on cancel, open the Passbolt extension, copy the password, refresh the page, and enter correct data ; and fortunately my ID is simple enough, so it doesn’t need to be copied too 
If the extension could make it easier, would be “real” autofill, while for now (correct me if I’m wrong) the “Autofill” option (from community features, on regular login forms) is only “1-click fill”, no ? It’s not really auto because it requires a click, unlike “on-load fill”.