Remove extension gRPC address setting
This commit is contained in:
@@ -11,7 +11,7 @@ The browser extension does **not** talk to vault files directly.
|
||||
## Security Model
|
||||
|
||||
- KeePassGO remains the source of truth for authentication, authorization, approvals, and audit events.
|
||||
- The browser extension stores the gRPC address and API token in browser extension storage.
|
||||
- The browser extension stores the API token in browser extension storage.
|
||||
- The native messaging host receives the token on each request from the extension.
|
||||
- The native messaging host uses the token only to attach `authorization: Bearer ...` metadata to the local gRPC request.
|
||||
- The native messaging host does not persist the token to disk.
|
||||
@@ -78,14 +78,13 @@ Firefox:
|
||||
|
||||
1. Load `browser/extension/manifest.firefox.json` as a temporary add-on or package it as an extension.
|
||||
2. Open the extension settings page.
|
||||
3. Leave the gRPC address blank to use the local default Unix socket, or set an explicit address if you overrode the listener.
|
||||
4. Paste an API token scoped for browser login lookup and credential copy.
|
||||
3. Paste an API token scoped for browser login lookup and credential copy.
|
||||
|
||||
Chromium / Chrome:
|
||||
|
||||
1. Load a Chromium manifest based on `browser/extension/manifest.chromium.json`, or install the published extension when that distribution exists.
|
||||
2. Start KeePassGO once so it can refresh the native host manifest for the discovered extension id.
|
||||
3. Configure the gRPC address and API token in the extension settings page.
|
||||
3. Configure the API token in the extension settings page.
|
||||
|
||||
## Current Browser Flow
|
||||
|
||||
|
||||
Reference in New Issue
Block a user