Skip to content

Set Autocomplete Off on Login Form - Main #44929

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jscheffl merged 2 commits into from
Dec 15, 2024
Merged

Set Autocomplete Off on Login Form - Main #44929

jscheffl merged 2 commits into from
Dec 15, 2024

Conversation

@geraj1010
Copy link
Contributor

@geraj1010 geraj1010 commented Dec 14, 2024

closes: #44019

Updated main Javascript to apply autocomplete="off" to both username and password inputs on login page. This will help prevent the browser from providing hints for the username (and password), as requested in the Issue.

Based on Flask-AppBuilder source code, i.e. https://github.com/dpgaspar/Flask-AppBuilder/tree/master/flask_appbuilder/templates/appbuilder/general/security (see login_db.html and login_ldap.html), this should work for both AUTH_DB (default) and AUTH_LDAP authentication, since they both apparently use the same HTML elements in the form.

@boring-cyborg boring-cyborg bot added area:UI Related to UI/UX. For Frontend Developers. area:webserver Webserver related Issues labels Dec 14, 2024
@geraj1010 geraj1010 mentioned this pull request Dec 14, 2024
Closed
@jscheffl jscheffl added the legacy ui Whether legacy UI change should be allowed in PR label Dec 14, 2024
jscheffl
jscheffl approved these changes Dec 14, 2024
View reviewed changes
Copy link
Contributor

@jscheffl jscheffl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I actually am not a fan that autocomplete is turned off just in sake of "security" as usability suffers with this. In my view this is more convenience and is something to be considered on a shared PC... but anyway.

@jscheffl
Copy link
Contributor

jscheffl commented Dec 14, 2024

Small issue in static check, can you resolve this? Best is to use pre-commit locally then you can catch it before submitting to CI

@geraj1010
Copy link
Contributor Author

geraj1010 commented Dec 14, 2024

I actually am not a fan that autocomplete is turned off just in sake of "security" as usability suffers with this. In my view this is more convenience and is something to be considered on a shared PC... but anyway.

Yea I can see that. Perhaps maybe next iteration can turn this into a Webserver environment variable/Airflow Configuration setting?

@geraj1010
Copy link
Contributor Author

geraj1010 commented Dec 15, 2024

Small issue in static check, can you resolve this? Best is to use pre-commit locally then you can catch it before submitting to CI

Right on, thanks for the heads up. All fixed now.

@jscheffl jscheffl added this to the Airflow 2.10.5 milestone Dec 15, 2024
@jscheffl jscheffl merged commit c77c7f0 into apache:main Dec 15, 2024
48 checks passed
github-actions bot pushed a commit that referenced this pull request Dec 15, 2024
@geraj1010
[v2-10-test] Set Autocomplete Off on Login Form - Main (#44929)
074f81a 
* #44019 - Set autocomplete to off for username and password login form

* fixed static check
(cherry picked from commit c77c7f0)

Co-authored-by: James Regan <spartyman1234@gmail.com>
@github-actions
Copy link

github-actions bot commented Dec 15, 2024

Backport successfully created: v2-10-test

Status Branch Result
v2-10-test PR Link

@jscheffl jscheffl added the type:bug-fix Changelog: Bug Fixes label Dec 15, 2024
github-actions bot pushed a commit to aws-mwaa/upstream-to-airflow that referenced this pull request Dec 15, 2024
@geraj1010
[v2-10-test] Set Autocomplete Off on Login Form - Main (apache#44929)
ee43508 
* apache#44019 - Set autocomplete to off for username and password login form

* fixed static check
(cherry picked from commit c77c7f0)

Co-authored-by: James Regan <spartyman1234@gmail.com>
romsharon98 pushed a commit that referenced this pull request Dec 15, 2024
@github-actions @geraj1010
[v2-10-test] Set Autocomplete Off on Login Form - Main (#44929) (#44940)
0eab2b4 
* #44019 - Set autocomplete to off for username and password login form

* fixed static check
(cherry picked from commit c77c7f0)

Co-authored-by: James Regan <spartyman1234@gmail.com>
@geraj1010 geraj1010 deleted the airflow_44019_main branch December 15, 2024 19:54
kaxil pushed a commit that referenced this pull request Dec 17, 2024
@github-actions @geraj1010 @kaxil
[v2-10-test] Set Autocomplete Off on Login Form - Main (#44929) (#44940)
ba72647 
* #44019 - Set autocomplete to off for username and password login form

* fixed static check
(cherry picked from commit c77c7f0)

Co-authored-by: James Regan <spartyman1234@gmail.com>
got686-yandex pushed a commit to got686-yandex/airflow that referenced this pull request Jan 30, 2025
@geraj1010 @got686-yandex
Set Autocomplete Off on Login Form - Main (apache#44929)
e4e9ec3 
* apache#44019 - Set autocomplete to off for username and password login form

* fixed static check
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ephraimbuddy ephraimbuddy ephraimbuddy approved these changes

@jscheffl jscheffl jscheffl approved these changes

@ryanahamilton ryanahamilton Awaiting requested review from ryanahamilton

@ashb ashb Awaiting requested review from ashb

@bbovenzi bbovenzi Awaiting requested review from bbovenzi

@pierrejeambrun pierrejeambrun Awaiting requested review from pierrejeambrun

Assignees

No one assigned

Labels

area:UI Related to UI/UX. For Frontend Developers. area:webserver Webserver related Issues legacy ui Whether legacy UI change should be allowed in PR type:bug-fix Changelog: Bug Fixes

Projects

None yet

Milestone

Airflow 2.10.5

Development

Successfully merging this pull request may close these issues.

Autocomplete Attribute Not Disabled for Password Fields in Login Forms

3 participants

@geraj1010 @jscheffl @ephraimbuddy