Page MenuHomePhabricator
Create Task
Maniphest T306844

iOS thinks Special:CentralAuth is a login form
Open, Needs TriagePublicBUG REPORT
Actions

Description

List of steps to reproduce (step by step, including full links if applicable):

What happens?:
iOS tries to log me into it, delaying my response to whatever urgency made me open CentralAuth on mobile in the first place.

IMG_0345.jpg (2×1 px, 225 KB)

What should have happened instead?:
The field shouldn't be detected as a login form

Software version (if not a Wikimedia wiki), browser information, screenshots, other information, etc.:

Event Timeline

AntiCompositeNumber created this task.Apr 25 2022, 9:32 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 25 2022, 9:32 PM
Dylsss subscribed.Apr 25 2022, 9:52 PM

Firefox desktop prompts for login details as well, it seems to also do so on a couple other forms for me, such as Special:BlockList, Special:ActiveUsers, Special:ListFiles, Special:GlobalRenameRequest.

Screenshot (278).png (963×1 px, 116 KB)

NightWolf1223 subscribed.Apr 26 2022, 2:14 AM
Jonteemil subscribed.Jun 19 2022, 10:37 PM
Daimona subscribed.Apr 8 2023, 12:15 PM
Tgr subscribed.Oct 8 2023, 8:31 PM

Is this still happening? The field has autocomplete="off" so I wouldn't expect it.

AntiCompositeNumber added a comment.Oct 8 2023, 8:49 PM

Yes, the browsers ignore autocomplete when determining if a form is a login form.

Tgr added a comment.Oct 8 2023, 9:53 PM

They certainly don't ignore it; e.g. Chromium advises autocomplete="username" for login forms. But I'm sure they have some other heuristics, I just don't see what it could be in this case - the form is not labeled as having anything to do with usernames. The field name is target, the ID is ooui-php-1, the form target is Special:CentralAuth the only even remotely relevant-sounding classname is mw-widget-userInputWidget on the parent... I guess the form label is Username: but I doubt we want to change that just to confuse browsers with stupid heuristics. Some people claim setting an invalid autocomplete value helps, I guess we could try that.

Bugreporter moved this task from Backlog to Special:CentralAuth on the MediaWiki-extensions-CentralAuth board.Mar 5 2024, 11:40 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL