Open Bug 1199572 Opened 10 years ago Updated 2 years ago

Password Manager does not works with captive portal

Categories

(Firefox :: Security, defect, P4)

Product:
Firefox
Component:
Security
Version:
39 Branch
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: akhadenilesh93, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Build ID: 20150630154324 Steps to reproduce: Open some web page(example.com) after my session expires. Here session refers to session provided by ISP, firewall for browsing. Actual results: 1. Login page from firewall or ISP appears, but the URL is the example.com. Password-box is not filled by Password Manager. 2. If we manually enter password, browser asks to save password for example.com. Expected results: 1. Password Box filled by password manager. 2. Browser should detect captive-portal, and should not offer to save password for site (example.com)
If this is a limitation we should fix it :( Its a common thing in Web2.0 apps :( I know i have lots of trouble getting password forms to fill :(
(In reply to noitidart from comment #1) > If this is a limitation we should fix it :( Its a common thing in Web2.0 > apps :( > I know i have lots of trouble getting password forms to fill :( Even if we use third party password managers, problem exists. Because of HTTP header in response, captive portal application should actually redirect us to login page rather than sending wrong response. Its bug at their side, I think. Even if we fix this, it will be workaround like this https://itunes.apple.com/us/app/autowifi/id299484372
Severity: normal → minor
QA Whiteboard: http://stackoverflow.com/questions/32265248/simulate-captive-login-with-greasemonkey-using-firefox-saved-password
Component: Untriaged → Security
OS: Unspecified → All
Priority: -- → P4
Hardware: Unspecified → All
(In reply to Nilesh Akhade from comment #0) > User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 > Firefox/39.0 > Build ID: 20150630154324 > > Steps to reproduce: > > Open some web page(example.com) after my session expires. > Here session refers to session provided by ISP, firewall for browsing. > > > Actual results: > > 1. Login page from firewall or ISP appears, but the URL is the example.com. > Password-box is not filled by Password Manager. > > 2. If we manually enter password, browser asks to save password for > example.com. > > > Expected results: > > 1. Password Box filled by password manager. > > 2. Browser should detect captive-portal, and should not offer to save > password for site (example.com) Browser should examine response code before attempting autofill of password. Usually captive login return 403 - Forbidden, if page is not which it should be.
Severity: minor → S4
You need to log in before you can comment on or make changes to this bug.