Make password manager recognize www for passwords

RESOLVED INVALID

Status

()

--
enhancement
RESOLVED INVALID
14 years ago
10 years ago

People

(Reporter: tonglebeak, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

14 years ago
Here's an example: logging in to spreadfirefox.

If you login using http://spreadfirefox.com and get password manager to remember
it, it'll store fine. Yay. Now, if you try to login
http://www.spreadfirefox.com, the password is not there: the password manager
sees the www and assumes it's not the same site. I see why this is there: for
subdomains and stuff. However, I believe the password manager should exclude www
when looking for remembered passwords, so the saved password works on
http://www.spreadfirefox.com and http://spreadfirefox.com
(Reporter)

Updated

14 years ago
OS: Windows XP → All
Hardware: PC → All
Version: unspecified → Trunk

Comment 1

13 years ago
Changing to enhancement.

-1 Vote from me.
Severity: major → enhancement

Comment 2

13 years ago
Mass edit: Changing QA to default QA Contact
QA Contact: davidpjames → password.manager
Assignee: bryner → nobody

Comment 3

12 years ago
Recommend invalid.

CNAME entries do not imply same website, due to host headers.
90-99% of the time, this would probably work. However, there are instances where http://www.example.com/ and http://example.com/ are not the same site, and possibly even rare instances where this would present a security risk. I would think that this is why the behavior is as it is.

This is probably a WONTFIX, but that's not my call - confirming so that a developer can make a decision on this.
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 5

12 years ago
(In reply to comment #4)
> and possibly even rare instances where this would present a security risk. I
> would think that this is why the behavior is as it is.

Current behavior is based on HTTP, DNS protocol, and the Mozilla Same Origin Rule.  These are implemented by every web server and client, not "rare instances".  This is not a valid bug.
(Reporter)

Updated

11 years ago
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → INVALID
(Assignee)

Updated

10 years ago
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.