You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/06/28 10:33:52 UTC

[GitHub] [airflow] abhishekbhakat opened a new issue, #24700: Password autocompletion set off on login page

abhishekbhakat opened a new issue, #24700:
URL: https://github.com/apache/airflow/issues/24700

   ### Description
   
   The form on the login page for Airflow has not set `autocomplete="off"` either for the form or the password input field.
   Modern browsers ignore that and offer autocompletion anyway, which some will when it detects it is a login form.
   
   ### Use case/motivation
   
   Even though browsers are free to ignore this option. There are a few Airflow users reporting this as a vulnerability caught in their scanner. Therefore it should be a "good to have".
   
   ### Related issues
   
   _No response_
   
   ### Are you willing to submit a PR?
   
   - [X] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] Tingweiftw commented on issue #24700: Password autocompletion set off on login page

Posted by GitBox <gi...@apache.org>.

Tingweiftw commented on issue #24700:
URL: https://github.com/apache/airflow/issues/24700#issuecomment-1195111248

   Is there any further action on this? We used airflow and similar issue was caught in our vulnerabilility assessement.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Password autocompletion set off on login page [airflow]

Posted by "potiuk (via GitHub)" <gi...@apache.org>.

potiuk commented on issue #24700:
URL: https://github.com/apache/airflow/issues/24700#issuecomment-1838950549

   This is not valid according to Brent's comment, so we can close this one.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] abhishekbhakat commented on issue #24700: Password autocompletion set off on login page

Posted by GitBox <gi...@apache.org>.

abhishekbhakat commented on issue #24700:
URL: https://github.com/apache/airflow/issues/24700#issuecomment-1168589972

   Can we try adding a parameter to [Login.tsx](https://github.com/apache/airflow/blob/main/airflow/ui/src/views/Login.tsx) as:
   
   ```
             <FormControl mt={4}>
               <FormLabel htmlFor="password">Password</FormLabel>
               <InputGroup>
                 <InputLeftElement>
                   <Icon as={FiLock} color="gray.300" />
                 </InputLeftElement>
                 <Input
                   type="password"
                   name="password"
                   placeholder="Password"
                   data-testid="password"
                   value={password}
                   onChange={(e) => setPassword(e.target.value)}
                   isRequired
                 />
               </InputGroup>
             </FormControl>
   ```
   
   Guess the parameter should be `autoComplete = 'off'`?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on issue #24700: Password autocompletion set off on login page

Posted by GitBox <gi...@apache.org>.

potiuk commented on issue #24700:
URL: https://github.com/apache/airflow/issues/24700#issuecomment-1195228645

   > Is there any further action on this? We used airflow and similar issue was caught in our vulnerabilility assessement.
   > Submitting a pull request is always the fastest way to get this fixed!
   
   Also it is the good thing to do to pay back for the free software you use @Tingweiftw. I think if your company is bothered by something in Free, Open Source Software I think it is only reasonable to expect they sponsor a little time of their engineer to contribute such a fix back. This would be awesome if your commpany fulfills the moral obligations there (rather than expect things to happen). 
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] uranusjr commented on issue #24700: Password autocompletion set off on login page

Posted by GitBox <gi...@apache.org>.

uranusjr commented on issue #24700:
URL: https://github.com/apache/airflow/issues/24700#issuecomment-1195116088

   Submitting a pull request is always the fastest way to get this fixed!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] boring-cyborg[bot] commented on issue #24700: Password autocompletion set off on login page

Posted by GitBox <gi...@apache.org>.

boring-cyborg[bot] commented on issue #24700:
URL: https://github.com/apache/airflow/issues/24700#issuecomment-1168546899

   Thanks for opening your first issue here! Be sure to follow the issue template!
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Password autocompletion set off on login page [airflow]

Posted by "potiuk (via GitHub)" <gi...@apache.org>.

potiuk closed issue #24700: Password autocompletion set off on login page
URL: https://github.com/apache/airflow/issues/24700


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org