cache problem with django admin interface

RESOLVED DUPLICATE of bug 499223

Status

()

Toolkit
Password Manager
RESOLVED DUPLICATE of bug 499223
8 years ago
8 years ago

People

(Reporter: manuel franco, Unassigned)

Tracking

({access})

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [DUPEME], URL)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
Build Identifier: 

The problem is in the django web framework admin interface.
when i store my password on icewasel 3.0.6 or 3.5.2 firefox private data, and  i
 want to create a new user, the new user form is preloaded with the
 current user's username and password
 regards I run a lenny debian .

I reported this bug to django, bet they say that is a firefox bug

http://groups.google.com/group/django-updates/browse_thread/thread/7b180de96e21276d


Reproducible: Always

Steps to Reproduce:
1. save password  for the admin interface when the browse ask for it
2. create new user
3.
Actual Results:  
The new user form is prepulated whit the current username and password

Expected Results:  
blanks fiels for new user creaticon

thread for djando community

http://groups.google.com/group/django-updates/browse_thread/thread/7b180de96e21276d
(Reporter)

Updated

8 years ago
Keywords: access

Updated

8 years ago
Component: Networking: Cookies → Password Manager
Product: Core → Toolkit
QA Contact: networking.cookies → password.manager
The login form has action="/admin/" while the new user has action=""

Normally we only match forms that have the same action URI. When the action is empty, we do a wild card search. All the Django admin forms have action="" and that is causing the problem. They could fix that & this problem would go away.

Otherwise this is a hard problem to tackle. The heuristics for determining a "new user" page would not be worth the minimal tradeoffs.
Whiteboard: [DUPEME]
I don't think the action URI is involved -- we never store the path from the URL, just the base hostname part (eg "http://host.com").

But you're right about it looking like a user's login page to the password manager -- it can't really tell the difference.

Best workaround is to add "autocomplete=off" to these fields (or the form itself) in the admin page. Not only will this prevent login manager from filling the fields, it will suppress having it ask if you want it to remember the login.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 499223
You need to log in before you can comment on or make changes to this bug.