Closed
Bug 1406945
Opened 7 years ago
Closed 7 years ago
Password prompt is show on each invocation of history.pushState or history.replaceState
Categories
(Toolkit :: Password Manager, defect, P1)
Tracking
()
RESOLVED
DUPLICATE
of bug 1386283
Tracking | Status | |
---|---|---|
firefox56 | --- | fix-optional |
firefox57 | --- | fix-optional |
firefox58 | --- | fix-optional |
People
(Reporter: hello, Unassigned)
References
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/61.0.3163.79 Chrome/61.0.3163.79 Safari/537.36 Steps to reproduce: * Open https://jsfiddle.net/xgL1wt31/ in Firefox * Enter username and a password and click on "login" * The remember password prompt is shown. Click on "Don't save" * Click on "pushState" Actual results: The remember password prompt is shown each time you click on "pushState" (when history.pushState is invoked). Expected results: The remember password prompt should only be shown once and not after clicking on "Don't save" or anywhere else on the screen. Web-Apps like mail.tutanota.com use the pushState API in order to manipulate the URL on each click of a user which currently triggers the password prompt and makes these webapps unusable. A workaround for older Firefox releases was to click on (save) "Never". However, this button has been removed from the latest firefox releases which makes webapps that make use of the pushState API completely unusable for Firefox users.
Updated•7 years ago
|
Component: Untriaged → Password Manager
Product: Firefox → Toolkit
Comment 1•7 years ago
|
||
(In reply to Tutanota from comment #0) > Web-Apps like mail.tutanota.com use the pushState API in order to manipulate > the URL on each click of a user which currently triggers the password prompt > and makes these webapps unusable. Why does the username and password field remain in the page after login? Hopefully the username and password aren't still populated in the hidden fields. I would recommend that the fields be removed from the document after login. Is there a reason that can't be done? Btw. it would only be unusable for users who didn't choose to save their login. > A workaround for older Firefox releases was to click on (save) "Never". > However, this button has been removed from the latest firefox releases which > makes webapps that make use of the pushState API completely unusable for > Firefox users. The Never option should still be there in the dropdown on the Not Now button.
Blocks: 1166947
Flags: needinfo?(hello)
Updated•7 years ago
|
status-firefox56:
--- → fix-optional
status-firefox57:
--- → fix-optional
(In reply to Matthew N. [:MattN] (huge backlog; PM if requests are blocking you) from comment #1) > Why does the username and password field remain in the page after login? > Hopefully the username and password aren't still populated in the hidden > fields. I would recommend that the fields be removed from the document after > login. Is there a reason that can't be done? Do you refer to the example at https://jsfiddle.net/xgL1wt31/? I am removing both text fields after the login from the dom on line 3 (document.body.removeChild(document.getElementById("login"))). > Btw. it would only be unusable for users who didn't choose to save their > login. That is true. It is "only" relevant for users that care about privacy and maximum account security. > > A workaround for older Firefox releases was to click on (save) "Never". > > However, this button has been removed from the latest firefox releases which > > makes webapps that make use of the pushState API completely unusable for > > Firefox users. > > The Never option should still be there in the dropdown on the Not Now button. You are right about this! I just re-tested with Firefox 57 and 58 and the Never option is there. Sorry, I probably mixed this up with another browser...
Flags: needinfo?(hello)
Updated•7 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
status-firefox58:
--- → fix-optional
Priority: -- → P1
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•