Bug 7765 - Web Access doesn't offer to save the password on Chromium based browsers
Summary: Web Access doesn't offer to save the password on Chromium based browsers
Status: CLOSED WONTFIX
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Web Access (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.17.0
Assignee: Bugzilla mail exporter
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-09-14 16:21 CEST by Samuel Mannehed
Modified: 2024-02-20 10:15 CET (History)
1 user (show)

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Samuel Mannehed cendio 2021-09-14 16:21:07 CEST 
We don't even get the question to save the password or not on Chromium based browsers. I have tested Chrome 93 on Fedora 34 and Windows 10 and Edge 93 on Windows 10. Things work fine on Firefox on Fedora 34 and Windows 10.

Chromium-based Edge might have a hint here, it complains in the browser console that our password field doesn't have "autocomplete" attributes and suggests that it should have "autocomplete='current-password'":

> [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://www.chromium.org/developers/design-documents/create-amazing-password-forms) <input class=​"pam_prompt" type=​"password" name=​"pamresponse" value>​

Looking at the page linked in the message I get the impression that this should only be used by external password managers.. But perhaps something has changed over the years and Chrome now expects this attribute in order to present the question.
Comment 1 Pierre Ossman cendio 2022-10-11 16:16:37 CEST 
Hmm... This area seems fragile. With ThinLinc 4.14.0 I at least get "Show all passwords" when I right click the password field. After bug 7908 that entry is gone though. And adding the autocomplete fields doesn't seem to change anything.

Firefox doesn't seem to care about any of these changes, though, and always figures out the correct thing.

Tested with Chromium 105 and Firefox 102.
Comment 2 Samuel Mannehed cendio 2024-02-14 16:37:24 CET 
This seems to be related to certificates.

If I browse (using Chrome 120 on Fedora 39) to Web Access on a server with only a self-signed certificate, I don't get the option to use a saved password. This holds true even if using both `autocomplete="username"` on the username input and `autocomplete="current-password"` on the password input.

However, using the same browser and client, when browsing to https://tl.cendio.se which has a proper certificate, I do get the option to use a saved password.

I'm suggesting that we close this one.
Comment 3 Linn cendio 2024-02-16 08:45:49 CET 
Can confirm that the password-save-prompt is related to certificates.

I tested setting up a proper cert on Ubuntu 22.04, and when logging in on WebAccess through Chrome on Windows 11 I did get the prompt for saving password.
Comment 4 Samuel Mannehed cendio 2024-02-20 10:15:54 CET 
Since this seems to be intentional from Chrome, then it is not something we should try to work around.

Nothing for us to do here. Closing.
Note You need to log in before you can comment on or make changes to this bug.