Closed Bug 974742 Opened 10 years ago Closed 10 years ago

rename "signon.overrideAutocomplete" pref to be less ambiguous and update documentation

Categories

(Toolkit :: Password Manager, defect)

defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 956906

People

(Reporter: davemgarrett, Assigned: manishearth)

References

Details

Attachments

(1 file)

It's ambiguous what's being overridden by the pref name "signon.overrideAutocomplete". Setting this to true overrides a page's ability to override the password manager's autocompletion of passwords using 'autocomplete="off"'. Bug 956906 will change the default value to true. This pref should be inverted in meaning and renamed to "signon.allowSitesToDisablePasswordManager" or similar.
Maybe we should change the pref name *first*, since bug 956906 involves changes to the documentation as well.
Assignee: nobody → manishearth
Status: NEW → ASSIGNED
Well, that's why I suggested it in bug 956906 first. ;)
Summary: rename "signon.overrideAutocomplete" pref after 956906 lands → rename "signon.overrideAutocomplete" pref to be less ambiguous and update documentation
I set it as signon.allowSitesToDisablePasswordManager, but we probably can get a better name for it.
Attachment #8378762 - Flags: review?(gavin.sharp)
Blocks: 956906
No longer depends on: 956906
Attachment #8378762 - Flags: feedback?(ben.bucksch)
Honestly, is there even a real need to let users change this back? Isn't there some way to selectively tell the password manager to never remember passwords for one site? I'd rather the pref were just ditched in favor of never applying the autocomplete flag to the password manager.
There are security concerns, as listed in bug 956906. I don't think they're ultimately going to be a big issue, though.

People running Fx on shared systems may want to use it to provide their users with some additional security.

But yes, one possible way out is to just remove the functionality entirely. I guess adding the pref and setting it to false is just less drastic a change.
Also, selectively telling the password manager to never remember passwords on a site does exist already.

But this is more of "if a site wants to disable passwords, let it" pref, which makes the change globally instead of having to enter the URL of every banking site under the sun in the exceptions list.
+1 on a clearly named background (non-UI) pref that allows to keep the old behaviour
Technical aspect in favor of renaming at same time as switching the default: when Firefox sees that the user value matches the default, it will not store the user value in prefs.js. That means that if you manually change the pref using about:config, then switch back and forth once between old and new builds, the user pref is deleted.
Workarounds:
* use user.js
* rename pref

Password storing is a hot topic that many many companies care about, so this is a good place to spend the little extra time to rename it to make the transition nicer.
Blocks: 952143
Comment on attachment 8378762 [details] [diff] [review]
Rename to signon.allowSitesToDisablePasswordManager, switch polarity

Changing reviewer to :adw since he seems to be handling the autocomplete business, and this bug blocks the others.
Attachment #8378762 - Flags: review?(gavin.sharp) → review?(adw)
Blocks: 951981
Comment on attachment 8378762 [details] [diff] [review]
Rename to signon.allowSitesToDisablePasswordManager, switch polarity

Sorry for not giving feedback earlier.  I'm clearing the review request since the patch in bug 956906 covers this.  If that bug does end up covering this, we can close this bug.  (We don't usually track MDN documentation changes in bugs.)
Attachment #8378762 - Flags: review?(adw)
Renamed in bug 956906. Pref is now "signon.storeWhenAutocompleteOff" (polarity not flipped).
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Attachment #8378762 - Flags: feedback?(ben.bucksch)
You need to log in before you can comment on or make changes to this bug.