Cannot save new credentials using browser

[BikramKumar6928]

When I login to a new site where I have not added my credentials, the credentials are not saved to keepassxc.

Expected Behavior

When a new credentials is entered, upon successful login, the credentials should be saved in the keepassxc.

Current Behavior

The credentials are not getting saved.

Possible Solution

Steps to Reproduce (for bugs)

1. Open site.
2. Login by providing credentials.
3. Check if credentials have been saved.
   The credentials are not saved.

Debug info

KeePassXC-Browser Version: 1.7.12
KeePassXC Version: 2.7.1
Operating system: Linux
Browser: Firefox

Logs that I could find:-
In the about:debugging page, I see this when I try to login with new credentials

Cannot send activated_tab message:  Error: Could not establish connection. Receiving end does not exist.
    switchTab moz-extension://ea998e4f-fd04-44a0-a38f-87a57c7ddf5b/background/page.js:208

It is able to detect the keepassxc running locally, as it is able to retrieve credentials. The issue is when it tries to save it, it fails.

[varjolintu]

A banner should appear that allows you to save the credentials. It doesn't happen automatically. Is the banner shown? What is the site?

[rubaboo]

The banner appears.

The moment I click the "New" button, a red x appears on the extention's icon. Click on the icon, Reload, go back to the banner. Repeat the same process with the same result.

[varjolintu]

Please check the errors on the Web Developer console on the web page when that happens.

[rubaboo]

JSON.parse: unterminated string at line 1 column 1027 of the JSON data subprocess_common.jsm:495
    readJSON resource://gre/modules/subprocess/subprocess_common.jsm:495
stderr output from native app org.keepassxc.keepassxc_browser: thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: Error { kind: UnexpectedEof, message: "failed to fill whole buffer" }', src/main.rs:25:33
stderr output from native app org.keepassxc.keepassxc_browser: note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
JSON.parse: unterminated string at line 1 column 1027 of the JSON data subprocess_common.jsm:495
    readJSON resource://gre/modules/subprocess/subprocess_common.jsm:495

[varjolintu]

Well that seems strange. The error is coming from Native Messaging itself. Are you using the normal KeePassXC's keepassxc-proxy? Does it help if you make a new temporary profile for Firefox and test the extension again?

[rubaboo]

I'm using Flatpak LibreWolf with https://github.com/varjolintu/keepassxc-proxy-rust. KeepassXC is installed natively so I used the first part of the workaround described here: https://unix.stackexchange.com/questions/584521/how-to-setup-firefox-and-keepassxc-in-a-flatpak-and-get-the-keepassxc-browser-ad.

[varjolintu]

@rubaboo When have you compiled the proxy? I was wondering if the bug is fixed with varjolintu/keepassxc-proxy-rust#9 or is caused by it. Depending on are you using a version before or after. Just wondering if write_all() has something to do about this.

Btw, great post and explanation!

[rubaboo]

May 24. Should I recompile from latest?

[varjolintu]

May 24. Should I recompile from latest?

Yes. Try if the bug happens anymore.

[rubaboo]

Hi, this is my last report, I am switching to a "natively" installed Librewolf, everything just works there. In the flatpak Librewolf, on the other hand, things somehow completely broke down, and nothing is working even after I recompiled the proxy from the previous (as of May 24) source code. I did not backup the binary before compiling the latest source code, so I'm not able, strictly speaking, to return to the previous state. Even if I could, I would not want to anymore. Even the part that was working (filling in username/password) was flaky. I kept having to reload, reconnect, restart the browser, lock/unlock the vault - just to get it to recognize and fill the fields. I started to think KeepasXC was completely unusable. As a last resort, I tried the "native" Librewolf with the "native" proxy (/usr/bin/keepassxc-proxy), and for the first time seeing the thing work reliably.

I probably should not have hijacked this thread to begin with, since my setup was not "vanilla". The issues I experienced are somewhere between keepassxc-proxy-rust and the current state of flatpak-desktop integration in general, and are beyond my ability to even describe/report/help troubleshoot properly.

Anyhow, back to the final report. With flatpak LW, I am getting the below message in the browser console. Not trying to save new credentials, just loading the github login page causes this message and a red cross on the extension's button. So, I am not able to use the extention to even login using existing credentials. Sorry for being repetitive, I just want to be clear: I am getting the same failure consistently, regardless of whether I compile the proxy from varjolintu/keepassxc-proxy-rust@bd10966 or from varjolintu/keepassxc-proxy-rust@338735e6f4ab95f4b53734b05fe64c70694ea219m , although before (at the time of my first reply in this thread) I was able to login, and only had a problem saving new credentials.

JSON.parse: unterminated string at line 1 column 1027 of the JSON data [subprocess_common.jsm:495](resource://gre/modules/subprocess/subprocess_common.jsm)
    readJSON resource://gre/modules/subprocess/subprocess_common.jsm:495
stderr output from native app org.keepassxc.keepassxc_browser: thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: Error { kind: UnexpectedEof, message: "failed to fill whole buffer" }', src/main.rs:25:33
stderr output from native app org.keepassxc.keepassxc_browser: note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
JSON.parse: unterminated string at line 1 column 1027 of the JSON data [subprocess_common.jsm:495](resource://gre/modules/subprocess/subprocess_common.jsm)
    readJSON resource://gre/modules/subprocess/subprocess_common.jsm:495

Thank you.

[droidmonkey]

You should report rust proxy issues over on that repository. It is neither the official proxy nor is it recommended for use.

[gasinvein]

There is a WIP pull request that will add support for interacting with native messaging hosts across sandboxed app (snap and flatpak) boundaries, flatpak/xdg-desktop-portal#705

Until it's ready and supported in browsers, I came up with this workaround for connecting flatpaked Firefox with flatpaked KeePassXC (should be applicable to Chromium-based, too):

1. Granted the browser access to KeePassXC flatpak app and KDE runtime installations, and to the KeePassXC proxy socket:

   flatpak override --user \
     --filesystem={/var/lib,xdg-data}/flatpak/{app/org.keepassxc.KeePassXC,runtime/org.kde.Platform}:ro \
     --filesystem=xdg-run/app/org.keepassxc.KeePassXC:create \
     org.mozilla.firefox

2. Created a wrapper script that will launch the official keepassxc-proxy from KeePassXC flatpak, at a path accessible by the Firefox flatpak, e.g.

   ~/.var/app/org.mozilla.firefox/data/bin/keepassxc-proxy-wrapper.sh
   

   This script requires Flatpak 1.12 or newer.

   #!/bin/bash
   
   APP_REF="org.keepassxc.KeePassXC/x86_64/stable"
   
   for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"; do
       if [ -d "$inst/app/$APP_REF" ]; then
           FLATPAK_INST="$inst"
           break
       fi
   done
   [ -z "$FLATPAK_INST" ] && exit 1
   
   APP_PATH="$FLATPAK_INST/app/$APP_REF/active"
   
   RUNTIME_REF=$(awk -F'=' '$1=="runtime" { print $2 }' < "$APP_PATH/metadata")
   RUNTIME_PATH="$FLATPAK_INST/runtime/$RUNTIME_REF/active"
   
   exec flatpak-spawn \
       --env=LD_LIBRARY_PATH=/app/lib \
       --app-path="$APP_PATH/files" \
       --usr-path="$RUNTIME_PATH/files" \
       -- keepassxc-proxy "$@"

   Fun fact: this script makes use of the mechanism initially implemented for Steam flatpak to allow it launching Proton containers; now it allows Firefox flatpak to launch KeePassXC container.
3. Put the native messaging host json manifest to a the path where flatpaked Firefox will look for it, e.g.

   ~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
   

   and edited its contents to launch the previously created wrapper, e.g.

   {
       "allowed_extensions": [
           "keepassxc-browser@keepassxc.org"
       ],
       "description": "KeePassXC integration with native messaging support",
       "name": "org.keepassxc.keepassxc_browser",
       "path": "/home/username/.var/app/org.mozilla.firefox/data/bin/keepassxc-proxy-wrapper.sh",
       "type": "stdio"
   }

@rugk may be interested in updating their guide to use the official keepassxc-proxy instead of the keepassxc-proxy-rust that appears to work unstable.

[tazihad]

@gasinvein Thank You so much man. I followed your guide to do same with Brave Flatpak. And it works flawlessly. And it's better than previous script.

1. permission for brave

flatpak override --user --filesystem={/var/lib,xdg-data}/flatpak/{app/org.keepassxc.KeePassXC,runtime/org.kde.Platform}:ro --filesystem=xdg-run/app/org.keepassxc.KeePassXC:create com.brave.Browser

2. put keepassxc-proxy-wrapper.sh to ~/.var/app/com.brave.Browser/config/BraveSoftware/Brave-Browser/keepassxc-proxy-wrapper.sh. make sure keepassxc-proxy-wrapper.sh is executable.
3. copy Native messaging host from ~/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/ to ~/.var/app/com.brave.Browser/config/BraveSoftware/Brave-Browser/NativeMessagingHosts/
4. and edited the line

{
    "allowed_origins": [
        "chrome-extension://pdffhmdngciaglkoonimfcmckehcpafo/",
        "chrome-extension://oboonakemofpalcgghocfoadofidjkkk/"
    ],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
    "path": "/home/username/.var/app/com.brave.Browser/config/BraveSoftware/Brave-Browser/keepassxc-proxy-wrapper.sh",
    "type": "stdio"
}

[tzugen]

For those who are using Debian, the current version of Flatpak is 1.10, which wont work, so you will need to install a newer version through bullseye-backports.

[t-winter]

Thanks, @gasinvein, for the solution!

The script didn't work on my system, I think it's because I installed KeePassXC only for the user, the runtime is only available system-wide though.

Here's a version of the script that also works in that case:

#!/bin/bash

# KeePassXC install dir
APP_REF="org.keepassxc.KeePassXC/x86_64/stable"
for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"; do
    if [ -d "$inst/app/$APP_REF" ]; then
        FLATPAK_INST="$inst"
        break
    fi
done
[ -z "$FLATPAK_INST" ] && exit 1

APP_PATH="$FLATPAK_INST/app/$APP_REF/active"

# runtime install dir
RUNTIME_REF=$(awk -F'=' '$1=="runtime" { print $2 }' < "$APP_PATH/metadata")
for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"; do
    if [ -d "$inst/runtime/$RUNTIME_REF" ]; then
        FLATPAK_INST="$inst"
        break
    fi
done
[ -z "$FLATPAK_INST" ] && exit 1

RUNTIME_PATH="$FLATPAK_INST/runtime/$RUNTIME_REF/active"

exec flatpak-spawn \
    --env=LD_LIBRARY_PATH=/app/lib \
    --app-path="$APP_PATH/files" \
    --usr-path="$RUNTIME_PATH/files" \
    -- keepassxc-proxy "$@"

[revelation1]

Anyone able to get the above approach to work? The latest uses org.fedoraproject.KDE5Platform and not org.kde.Platform. Adding that override to firefox and exectuting the above keepassxc-proxy-wrapper.sh leads to an error...."error while loading shared libraries: libbotan-2.so.19: cannot open shared object file: No such file or directory"

Can someone please point me to the current working method for flatpak xc/firefox. A google search leads to a wild goose chase with a hundred approaches and none of them work. Copy/pasting is hard work. ;)

[dmy3k]

@revelation1
Stumbled upon as well. Adjusting the following env var should fix it

--env=LD_LIBRARY_PATH="/app/lib:/var/lib/flatpak/app/org.keepassxc.KeePassXC/x86_64/stable/active/"

[varjolintu]

@omega3 Your issue is not related to this thread.

[droidmonkey]

@omega3 flatpak Firefox does not support native messaging

[omega3]

I was referring to comment-1153736766

I wasn't paying attention and wanted to use it with native keepassxc and flatpak Firefox. Thank you for pointing this out to me.

I can confirm this workaround works with both keepassxc and Firefox installed as flatpak (Manjaro Plasma 5).

[QaldeK]

I tried do apply/adapt this workaround for flatpacket floorp (firefox fork). Without succes. Has anyone managed to do this?

[C-Higgins]

You will also need to make that script executable:

chmod +x ~/.var/app/org.mozilla.firefox/data/bin/keepassxc-proxy-wrapper.sh

[HelmicNewciv]

Was about to comment the same, Steam Deck users just following instructions won't necessarily know to do that.

[Mrcuve0]

Was anyone able to achieve a connection among flatpak KeepassXC and flatpak Zen-Browser?
I remember it was pretty straightforward with flatpak Floorp (simply changing to the correct paths was sufficient).

With Zen, I tried the same procedure described by @gasinvein in #1631 (comment) but I'm not able to establish a connection.

In KeepassXC, I additionally flagged the "Use a custom browser configuration location" and set up the correct path to the native-messaging-hosts folder.
Of course I added the flatpak permissions to the correct executable (io.github.zen_browser.zen)

[varjolintu]

@Mrcuve0 Your issue is not related to this thread, so please find a proper issue for your problem if you'd like to discuss about it. Flatpak browsers are not supported btw.

[varjolintu]

@klack Only if you could write this to the correct thread :) #1267

[klack]

Lol done!

@klack Only if you could write this to the correct thread :) #1267

[tzugen]

This is a modification of @gasinvein scripts, which adds supports for Fedora and Fedora Silverblue:

1. Granted the browser access to KeePassXC flatpak app and KDE runtime installations, and to the KeePassXC proxy socket:

flatpak override --user \
  --filesystem={/var/lib,xdg-data}/flatpak/{app/org.keepassxc.KeePassXC,runtime/org.kde.Platform,runtime/org.fedoraproject.KDE5Platform}:ro \
  --filesystem=xdg-run/app/org.keepassxc.KeePassXC:create \
  org.mozilla.firefox

2. Created a wrapper script that will launch the official keepassxc-proxy from KeePassXC flatpak, at a path accessible by the Firefox flatpak, e.g.

~/.var/app/org.mozilla.firefox/data/bin/keepassxc-proxy-wrapper.sh

This script requires Flatpak 1.12 or newer.

#!/bin/bash

APP_REF="org.keepassxc.KeePassXC/x86_64/stable"

for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"; do
    if [ -d "$inst/app/$APP_REF" ]; then
        FLATPAK_INST="$inst"
        break
    fi
done
[ -z "$FLATPAK_INST" ] && exit 1

APP_PATH="$FLATPAK_INST/app/$APP_REF/active"

RUNTIME_REF=$(awk -F'=' '$1=="runtime" { print $2 }' < "$APP_PATH/metadata")
RUNTIME_PATH="$FLATPAK_INST/runtime/$RUNTIME_REF/active"

exec flatpak-spawn \
    --env=LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/app/lib:$APP_PATH/files/lib64" \
    --app-path="$APP_PATH/files" \
    --usr-path="$RUNTIME_PATH/files" \
    -- keepassxc-proxy "$@"

3. Put the native messaging host json manifest to a the path where flatpaked Firefox will look for it, e.g.

~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

and edited its contents to launch the previously created wrapper, e.g.

{
    "allowed_extensions": [
        "keepassxc-browser@keepassxc.org"
    ],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
    "path": "/home/username/.var/app/org.mozilla.firefox/data/bin/keepassxc-proxy-wrapper.sh",
    "type": "stdio"
}

for fedora silverblue: put /var/home into the last json.

[varjolintu]

Please. Put the Flatpak stuff to the correct thread instead of this.

[rexmtorres]

This is a modification of @gasinvein scripts, which adds supports for Fedora and Fedora Silverblue:

1. Granted the browser access to KeePassXC flatpak app and KDE runtime installations, and to the KeePassXC proxy socket:

flatpak override --user \
  --filesystem={/var/lib,xdg-data}/flatpak/{app/org.keepassxc.KeePassXC,runtime/org.kde.Platform,runtime/org.fedoraproject.KDE5Platform}:ro \
  --filesystem=xdg-run/app/org.keepassxc.KeePassXC:create \
  org.mozilla.firefox

2. Created a wrapper script that will launch the official keepassxc-proxy from KeePassXC flatpak, at a path accessible by the Firefox flatpak, e.g.

~/.var/app/org.mozilla.firefox/data/bin/keepassxc-proxy-wrapper.sh

This script requires Flatpak 1.12 or newer.

#!/bin/bash

APP_REF="org.keepassxc.KeePassXC/x86_64/stable"

for inst in "$HOME/.local/share/flatpak" "/var/lib/flatpak"; do
    if [ -d "$inst/app/$APP_REF" ]; then
        FLATPAK_INST="$inst"
        break
    fi
done
[ -z "$FLATPAK_INST" ] && exit 1

APP_PATH="$FLATPAK_INST/app/$APP_REF/active"

RUNTIME_REF=$(awk -F'=' '$1=="runtime" { print $2 }' < "$APP_PATH/metadata")
RUNTIME_PATH="$FLATPAK_INST/runtime/$RUNTIME_REF/active"

exec flatpak-spawn \
    --env=LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/app/lib:$APP_PATH/files/lib64" \
    --app-path="$APP_PATH/files" \
    --usr-path="$RUNTIME_PATH/files" \
    -- keepassxc-proxy "$@"

3. Put the native messaging host json manifest to a the path where flatpaked Firefox will look for it, e.g.

~/.var/app/org.mozilla.firefox/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

and edited its contents to launch the previously created wrapper, e.g.

{
    "allowed_extensions": [
        "keepassxc-browser@keepassxc.org"
    ],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
    "path": "/home/username/.var/app/org.mozilla.firefox/data/bin/keepassxc-proxy-wrapper.sh",
    "type": "stdio"
}

for fedora silverblue: put /var/home into the last json.

Thank you for this! Works on bluefin-dx (Fedora 41). Was able to make it work for both Firefox and Microsoft Edge.