You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/06/28 10:33:52 UTC
[GitHub] [airflow] abhishekbhakat opened a new issue, #24700: Password autocompletion set off on login page
abhishekbhakat opened a new issue, #24700:
URL: https://github.com/apache/airflow/issues/24700
### Description
The form on the login page for Airflow has not set `autocomplete="off"` either for the form or the password input field.
Modern browsers ignore that and offer autocompletion anyway, which some will when it detects it is a login form.
### Use case/motivation
Even though browsers are free to ignore this option. There are a few Airflow users reporting this as a vulnerability caught in their scanner. Therefore it should be a "good to have".
### Related issues
_No response_
### Are you willing to submit a PR?
- [X] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] Tingweiftw commented on issue #24700: Password autocompletion set off on login page
Posted by GitBox <gi...@apache.org>.
Tingweiftw commented on issue #24700:
URL: https://github.com/apache/airflow/issues/24700#issuecomment-1195111248
Is there any further action on this? We used airflow and similar issue was caught in our vulnerabilility assessement.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Password autocompletion set off on login page [airflow]
Posted by "potiuk (via GitHub)" <gi...@apache.org>.
potiuk commented on issue #24700:
URL: https://github.com/apache/airflow/issues/24700#issuecomment-1838950549
This is not valid according to Brent's comment, so we can close this one.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] abhishekbhakat commented on issue #24700: Password autocompletion set off on login page
Posted by GitBox <gi...@apache.org>.
abhishekbhakat commented on issue #24700:
URL: https://github.com/apache/airflow/issues/24700#issuecomment-1168589972
Can we try adding a parameter to [Login.tsx](https://github.com/apache/airflow/blob/main/airflow/ui/src/views/Login.tsx) as:
```
<FormControl mt={4}>
<FormLabel htmlFor="password">Password</FormLabel>
<InputGroup>
<InputLeftElement>
<Icon as={FiLock} color="gray.300" />
</InputLeftElement>
<Input
type="password"
name="password"
placeholder="Password"
data-testid="password"
value={password}
onChange={(e) => setPassword(e.target.value)}
isRequired
/>
</InputGroup>
</FormControl>
```
Guess the parameter should be `autoComplete = 'off'`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk commented on issue #24700: Password autocompletion set off on login page
Posted by GitBox <gi...@apache.org>.
potiuk commented on issue #24700:
URL: https://github.com/apache/airflow/issues/24700#issuecomment-1195228645
> Is there any further action on this? We used airflow and similar issue was caught in our vulnerabilility assessement.
> Submitting a pull request is always the fastest way to get this fixed!
Also it is the good thing to do to pay back for the free software you use @Tingweiftw. I think if your company is bothered by something in Free, Open Source Software I think it is only reasonable to expect they sponsor a little time of their engineer to contribute such a fix back. This would be awesome if your commpany fulfills the moral obligations there (rather than expect things to happen).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] uranusjr commented on issue #24700: Password autocompletion set off on login page
Posted by GitBox <gi...@apache.org>.
uranusjr commented on issue #24700:
URL: https://github.com/apache/airflow/issues/24700#issuecomment-1195116088
Submitting a pull request is always the fastest way to get this fixed!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] boring-cyborg[bot] commented on issue #24700: Password autocompletion set off on login page
Posted by GitBox <gi...@apache.org>.
boring-cyborg[bot] commented on issue #24700:
URL: https://github.com/apache/airflow/issues/24700#issuecomment-1168546899
Thanks for opening your first issue here! Be sure to follow the issue template!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Password autocompletion set off on login page [airflow]
Posted by "potiuk (via GitHub)" <gi...@apache.org>.
potiuk closed issue #24700: Password autocompletion set off on login page
URL: https://github.com/apache/airflow/issues/24700
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org