Avoid auto complete for OpenID scopes #16160
Conversation
|
@hyzx86 in which browser you saw the bug? |
|
Edge, Maybe this problem has been fixed. I'll check it later.
…________________________________
From: Hisham Bin Ateya ***@***.***>
Sent: Sunday, May 26, 2024 6:37:22 PM
To: OrchardCMS/OrchardCore ***@***.***>
Cc: Tony Han ***@***.***>; Mention ***@***.***>
Subject: Re: [OrchardCMS/OrchardCore] Avoid auto complete for OpenID scopes (PR #16160)
@hyzx86<https://github.com/hyzx86> in which browser you saw the bug?
―
Reply to this email directly, view it on GitHub<#16160 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ADXDZQOC4RKU7TYP4NFEKC3ZEG3OFAVCNFSM6AAAAABIJU5OOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZSGE3TANJYHE>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
| @@ -54,7 +54,7 @@ | |||
|
|
|||
| <div class="mb-3" asp-validation-class-for="Scopes"> | |||
| <label asp-for="Scopes" class="form-label">@T["Scopes"]</label> | |||
| <input asp-for="Scopes" class="form-control" /> | |||
| <input asp-for="Scopes" class="form-control"autocomplete="off" /> | |||
There was a problem hiding this comment.
Referring to the screenshot below, there are two places where it is recommended to add directly to the form element
Also, the added attribute lost a space :)
There was a problem hiding this comment.
there are two places where it is recommended to add directly to the form element
Where are they?
Also, the added attribute lost a space :)
Really? which browser? coz we using this attribute in several places
There was a problem hiding this comment.
Ignore the screenshot above, it appears to be out of date
I'm using Edge, the other place I'm referring to is Client Secret, the latest version of the code I looked at has added the autocomplete property.
There was a problem hiding this comment.
OK , the above screenshot is indeed from the latest version of the source code, the Scopes element has indeed not been adjusted, but the Client Secret has been adjusted, and it doesn't seem to be working as expected, it's still autofilling (note that the textboxes in the red area on the left contain a light blue background).
There was a problem hiding this comment.
Do you mean the current auto-filling? I don't think so. Please the tested browser
There was a problem hiding this comment.
If you have credentials saved for the host, then it'll auto-fill them here still:
I have admin/Password1! saved for OC login. Check it after saving something like this.
There was a problem hiding this comment.
This is a strange problem, I applied the changes in the code, but the problem still exists, if you open and save in an anonymous window, the autocompletion really doesn't work, but it still autofills in the default browser!
There was a problem hiding this comment.
I didn't see the Client Secret in my screen, is there any configuration
There was a problem hiding this comment.
Tick the checkbox on the screenshot.
There was a problem hiding this comment.
I didn't see the Client Secret in my screen, is there any configuration
Yes, you have to check Use code response type , Refer to the screenshot above
src/OrchardCore.Modules/OrchardCore.OpenId/Views/OpenIdClientSettings.Edit.cshtml
Outdated
Show resolved
Hide resolved
…ettings.Edit.cshtml Co-authored-by: Tony Han <[email protected]>
|
@hishamco what is the status of this PR? This is a good PR that is fixing an issue. |
|
|
|
Anybody with anything else or can we merge? |
| @@ -144,7 +144,7 @@ | |||
|
|
|||
| <div class="mb-3 collapse" asp-validation-class-for="ClientSecret"> | |||
| <label asp-for="ClientSecret" class="form-label">@T["Client Secret"]</label> | |||
| <input asp-for="ClientSecret" class="form-control" type="password" autocomplete="off" /> | |||
| <input asp-for="ClientSecret" class="form-control" type="password" autocomplete="new-password" /> | |||
There was a problem hiding this comment.
This should be a good solution 👍
Fixes #13184