Open Bug 1578066 Opened 6 years ago Updated 3 years ago

Support scheme upgrade for logins with IP address origins

Categories

(Toolkit :: Password Manager, enhancement, P3)

Product:
Toolkit
Component:
Password Manager
Type:
enhancement

Tracking

()

Tracking Flags:
Tracking Status
firefox70 --- affected

People

(Reporter: vtol, Unassigned)

References

Details

(Whiteboard: [passwords:cross-origin] [passwords:fill-ui])

Attachments

(1 file)

debug log
3.06 KB, text/plain
Details

With the current build (da9a6db4b59b15ff3805a97f1a530551acb6b27a ) a login record set for http does not apply for https and vice versa and thus requires to generate a login record for each.

It would seem implausible that the login credentials would be different for each protocol, least I could not come up with a scenario where a server would deploy different credentials depending on whether the ingress traffic is http or https.

(In reply to vtol from comment #0)

With the current build (da9a6db4b59b15ff3805a97f1a530551acb6b27a ) a login record set for http does not apply for https and vice versa and thus requires to generate a login record for each.

We implemented fetching of http: logins on https: for the same domain many years ago so please include debug logs of a specific site where you don't see the http: login available over https:?

When filing bugs about the desktop password manager the "Lockwise" name only distracts from the bug issue so please don't include it in your summary, the Password Manager component is enough information to identify the feature you're talking about.

Summary: Lockwise - derive/assume login record the same for http & https → Derive/assume login record the same for http & https
Flags: needinfo?(vtol)
Attached file debug log

(In reply to Matthew N. [:MattN] (PM me if requests are blocking you) from comment #1)

We implemented fetching of http: logins on https: for the same domain

Perhaps then it is rather about ip addresses only. Got the following LAN entries in Lockwise:

  • http://[fd30:d64c:1eed:4c3a::12]
  • http://192.168.112.12

And it works on http as expected but does not https -> log attached.

Being on https and

  1. mouse right click into login field
  2. menu popup -> fill login -> the record stored for http is being displayed
Flags: needinfo?(vtol)

Hmm… I thought that should work.

Priority: -- → P3
Summary: Derive/assume login record the same for http & https → Support scheme upgrade for logins with IP address origins
Whiteboard: [passwords:cross-origin] [passwords:fill-ui]
See Also: → 1638671

The bug has a release status flag that shows some version of Firefox is affected, thus it will be considered confirmed.

Status: UNCONFIRMED → NEW
Ever confirmed: true
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: