Note that it isn't completely obvious to me that we want to completely disable this. Some websites may implement their auth on a separate subdomain or entirely different domain than the top-level page. Bug 786276 has made it so we will never autofill on these websites, but if we were to make this change we would also never prompt to save logins for these sites either. We could consider only prompting the user to save a login if the iframe is same-site, but that won't support sites like `example.com` with an iframe from `example-auth.com`.
Bug 1673714 Comment 1 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Note that I'm not convinced that we want to completely disable this. Some websites may implement their auth on a separate subdomain or entirely different domain than the top-level page. Bug 786276 has made it so we will never autofill on these websites, but if we were to make this change we would also never prompt to save logins for these sites either. We could consider only prompting the user to save a login if the iframe is same-site, but that won't support sites like `example.com` with an iframe from `example-auth.com`.