New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document that Passff never autosubmits over http or make it an option. #498
Comments
When you try to fill your pass credentials on an unsafe page (e.g. with http-protocol), PassFF does warn about this already with a prompt (confirmation dialog). It never silently refuses to fill or submit. There is a global option to disable all phishing checks. Do you have that option disabled or enabled? Since your bug report seems to suggest that PassFF silently refuses to submit forms on a http page, it would be interesting to be able to reproduce this. Unfortunately, there are almost no http-pages left on the internet. Maybe I can test this with a temporary http server on my localhost... |
OK I see where you coming from: https downgraded to http can be seen as a phising attempt.
Clicks OK> Clicks Cancel> Notes:
|
Yes, you did, apparently:
|
I stand corrected. |
This gave me an idea: |
Versions
Status line output:
[12:13:19] show -> (0) no error message
Steps to reproduce the issue
Actual behaviour
For 1, inputs got filled and submitted
For 2, inputs got filled and then nothing happens, even the debug log is silent.
The submit icon accessed from input field's passff icon also behaves like autosubmit, that is, doing nothing on a http site.
Expected behaviour
must have:
Passff should complain about sending passwords over an insecure channel and/or this behaviour should be in the readme.
nice to have:
A global option like 'warn about phishing sites' or even better a per site override just like (the so far undocumented) autosubmit: false option.
Reason for still dealing with http
For my use case I work on a handful of local sites accessed over VPN that do not and will not have ssl.
The text was updated successfully, but these errors were encountered: