Closed Bug 1724136 Opened 2 years ago Closed 1 year ago

Password Manager fails when username is on one page and password is on another


(Toolkit :: Password Manager, defect, P2)




94 Branch
Tracking Status
firefox-esr78 --- unaffected
firefox-esr91 --- disabled
firefox91 --- disabled
firefox92 --- disabled
firefox93 --- wontfix
firefox94 --- verified


(Reporter: eros_uk, Assigned: dlee)


(Depends on 1 open bug, Regression)


(Keywords: regression)


(2 files)

Further to a discussion with dveditz on, there appears to be an issue when a different domain is used for login process.

In this case:
From to


  1. on click the "login with SSO" button. I had already created an account with, but hadn't logged into ubuntuforums yet.
  2. autofill name and password and click submit (this is fine)
  3. I get a "Personal Data Request" page that says wants to know my name/address -- typical OAuth. On this page there's a hidden openid.usernamesecret hidden field, with the hidden label "Leave this field blank to prove your humanity". Firefox has filled in my email address there.
  4. submit the form
  5. get the "bad robot" text


  • The issue started in Nightly 91
  • Turning off Autofill logins and passwords in Settings prevents the problem


Regressed by: 1708455
Has Regression Range: --- → yes

The markup of the form (In my case the form is hidden):

<form action="" method="POST" name="decideform">
<div style="display: none;">
    <label>Leave this field blank to prove your humanity
        <input type="text" name="openid.usernamesecret" value="">
Severity: -- → S3
Priority: -- → P2

Hey Dimi, is there a chance we'll be able to fix this regression in the 93 time frame?

Flags: needinfo?(dlee)

(In reply to Julien Cristau [:jcristau] from comment #3)

Hey Dimi, is there a chance we'll be able to fix this regression in the 93 time frame?

Hi Julien,
Probably not :(
Since my plan is to enable multi-page login form support in 94, I'll try to fix this in 94.

Flags: needinfo?(dlee)
Assignee: nobody → dlee

Thanks for the pointers. I guess bug 1721971 means this bug does not currently affect release, just nightly?

(In reply to Julien Cristau [:jcristau] from comment #5)

Thanks for the pointers. I guess bug 1721971 means this bug does not currently affect release, just nightly?

yes, nightly and early beta.

Since _getFormFields calls getUsernameFieldFromUsernameOnlyForm,
we don't have to call getUsernameFieldFromUsernameOnlyForm in onFormSubmit.
Instead, We can just use the result of _getFormFields to know whether an username-only
form is submitted.
This also makes sure we use the site recipe while check if the form is a
username-only form during form submission.

Depends on D124339

Keywords: leave-open
Pushed by
P1. Support filtering out username-only forms by site recipes r=sfoster,tgiles
P2. Restructure onFormSubmit function r=sfoster,tgiles
Depends on: 1247245

Hi Timea, The patch is landed in 94 and the recipe is also in the RemoteSettting now, could you help verify whether this is fixed? thanks!

Flags: needinfo?(timea.babos)

Hi Dimi, something might've changed with the page since I am not able to reach the "Personal Data Request" page mentioned by the reporter. After hitting submit, I will reach the My Account page.

Hi erosman, could you please check this out if it is fixed on your side? Should be fixed in the latest Firefox Nightly 94 build, please download it from here: Please make sure to Download the Nightly build and let us know how it goes.

Flags: needinfo?(timea.babos) → needinfo?(eros_uk)

I have been using it with Autofill logins and passwords set to unchecked which bypasses the bug.

I tested it right now with the latest Nightly and above checked and there was no problem, so it is fixed for the site/test-case that was mentioned in the initial post.

Flags: needinfo?(eros_uk)

Thanks for the fast check!

Dimi, seems like this is safe to be marked as Fixed.

Closed: 1 year ago
Resolution: --- → FIXED
Keywords: leave-open
Target Milestone: --- → 94 Branch
Flags: qe-verify+

Hi erosman, I was not able to reproduce the issue before the fix. I know you already check in Nightly build, but would it possible for you to check against latest Beta 94 (just to make sure that issue is fixed on release version)?.

Thank you so much.

Flags: needinfo?(eros_uk)

Tested on Win7 with 94.0b8 ( and the bug appears to be fixed.

Flags: needinfo?(eros_uk)

Closing based on previous comment and since not reproducing on Beta 94.0b8 on Win10 and Ubuntu 20.4.

Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.