Issue metadata
Sign in to add a comment
|
"Never save password" broken on https://applet.danid.dk |
||||||||||||||||||||
Issue descriptionOriginally reported on https://productforums.google.com/forum/#!topic/chrome/lIRCHYreidg. Unfortunately, https://applet.danid.dk itself does not seem to serve any website, at least not in my country (outside Denmark), so I could not investigate further. If the page serves HTTP AUTH, then a common reason for Never Save being ignored is the page changing their signon realm (which consists also from a free-text string for HTTP AUTH). Chrome will only apply the blacklisting to the exact signon realm. I proposed a solution in https://crbug.com/147655#c26 some time ago, but there was not much interest in following it and the bug ultimately got closed. If the page serves HTML forms, then I don't know what would be causing this. We can investigate once we see the issue.
,
Dec 5 2017
,
Dec 5 2017
The user expected that choosing "never save passwords for this site" meant that on all future visits to that site, Chrome would not offer to save passwords. Instead, they are getting the "do you want to save" option on every visit. The user expected: Visit site. Enter pw. Chrome: Want to save? User: Never for this site. Visit site again. Enter pw. Chrome does NOT prompt to save. But instead, the user had this experience: Visit site. Enter pw. Chrome: Want to save? User: Never for this site. Visit site again. Enter pw. Chrome: Want to save? User: I told you NO last time, why are you asking me again? Never save means you never save! Is the observed behaviour a bug, or by design?
,
Dec 6 2017
I don't thing there is trouble in understanding the general issue. Of course this is not by design, and on the majority of pages this works fine. However, I'd like to discover why is Chrome behaving like that on danid.dk. As explained in #0, that page does not serve any password forms in my location. If you observe the error yourself, could you please try to answer: (1) Are there any HTML forms present? Or is this an HTTP auth (such as in httpbin.org/basic-auth/user/password)? (2) If this is an HTTP auth, what is the "signon realm" displayed (explanation shown in the auth dialog, provided by the site)? Is it different between two consecutive visits to the page?
,
Dec 6 2017
It seems like there were reports in the past that "Never" doesn't work. How about being more aggressive and suppressing the prompt for the whole origin?
,
Dec 7 2017
I am supportive of that.
,
Dec 7 2017
Me too. I think that's already the conclusion of bug 147655 , right? Should we just reopen it and merge this one to it?
,
Jan 16 2018
Having the same problem and have done a small test, don't know if it is of any use. Logged in to a site that uses the applet from danID and selected "never save", went to the "Never save" list and followed the saved link. Then I deleted the entry and did the same all over again. The two attempts to "never save" gave 2 different links for the same web page: https://applet.danid.dk/launcher/std/1516122993137 https://applet.danid.dk/launcher/std/1516123422445
,
Jan 19 2018
This should be fixed with https://chromium-review.googlesource.com/c/chromium/src/+/873635
,
Feb 5 2018
The NextAction date has arrived: 2018-02-05 |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by vabr@chromium.org
, Dec 5 2017