Open
Bug 1246182
Opened 9 years ago
Updated 2 years ago
Prevent autofilling of logins for HTTP (non-HTTPS) sites
Categories
(Firefox for iOS :: Browser, defect)
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| fxios | + | --- |
People
(Reporter: sleroux, Unassigned)
References
(Depends on 1 open bug)
Details
(Whiteboard: [PasswordManager])
Due to security concerns, desktop and Android have moved away from autofilling HTTP sites. We should only autofill on HTTPs to be more secure and consistent.
|
Reporter | |
Updated•9 years ago
|
Assignee: sleroux → nobody
Status: ASSIGNED → NEW
|
||
Updated•9 years ago
|
Assignee: nobody → jhugman
Status: NEW → ASSIGNED
|
||
Comment 1•9 years ago
|
||
We discussed this in the funnel review, and identified dependencies before this ships:
* We need to make it easy to fill logins; a long-press context menu, for example.
* We should support autocomplete, too.
This is a security/usability tradeoff, and we fall on the usability side: simply disabling autofill looks like we're actively breaking the web.
As such, I don't think this is a 2.0+, no?
|
|
Reporter | |
Comment 2•9 years ago
|
||
I had it 2.0+ prior to the funnel meeting on Friday so I think this is 3.0+.
|
|
||
Updated•9 years ago
|
|
|
||
Updated•9 years ago
|
Rank: 3
|
|
||
Updated•9 years ago
|
Assignee: jhugman → nobody
Status: ASSIGNED → NEW
|
||
Updated•7 years ago
|
Whiteboard: [PasswordManager]
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•