Remove extension gRPC address setting

This commit is contained in:
Joe Julian
2026-04-12 06:59:59 -07:00
parent af2ce66b78
commit 4b8c1de1a6
5 changed files with 6 additions and 19 deletions
+3 -4
View File
@@ -11,7 +11,7 @@ The browser extension does **not** talk to vault files directly.
## Security Model
- KeePassGO remains the source of truth for authentication, authorization, approvals, and audit events.
- The browser extension stores the gRPC address and API token in browser extension storage.
- The browser extension stores the API token in browser extension storage.
- The native messaging host receives the token on each request from the extension.
- The native messaging host uses the token only to attach `authorization: Bearer ...` metadata to the local gRPC request.
- The native messaging host does not persist the token to disk.
@@ -78,14 +78,13 @@ Firefox:
1. Load `browser/extension/manifest.firefox.json` as a temporary add-on or package it as an extension.
2. Open the extension settings page.
3. Leave the gRPC address blank to use the local default Unix socket, or set an explicit address if you overrode the listener.
4. Paste an API token scoped for browser login lookup and credential copy.
3. Paste an API token scoped for browser login lookup and credential copy.
Chromium / Chrome:
1. Load a Chromium manifest based on `browser/extension/manifest.chromium.json`, or install the published extension when that distribution exists.
2. Start KeePassGO once so it can refresh the native host manifest for the discovered extension id.
3. Configure the gRPC address and API token in the extension settings page.
3. Configure the API token in the extension settings page.
## Current Browser Flow