Chrome password auto-fill breaking IPv6

bimmerdriver

@johnpoz said in Chrome password auto-fill breaking IPv6:

My point exactly - what does the OP think pfsense could do to keep chrome from jumping to conclusions about form boxes? Its not like the forms fields are all labeled username and password ;)

The OP had the right idea, but pretty sure it was meant as sarcastic response ;) hehehe

I'll give the chrome developers a call and tell them to get on it right away.

Again, where did I say it was a pfsense problem?

johnpoz

Your in the pfsense webgui section...

Where you should be is your browser of choice forums asking them for how to stop it from filling in shit it shouldn't be filling in... There is NOTHING pfsense can do to stop your browser from doing that!

You have already been given your "work arounds"

Use a different browser, disable its auto fill feature.

bimmerdriver

@johnpoz said in Chrome password auto-fill breaking IPv6:

Your in the pfsense webgui section...

Where you should be is your browser of choice forums asking them for how to stop it from filling in shit it shouldn't be filling in... There is NOTHING pfsense can do to stop your browser from doing that!

You have already been given your "work arounds"

Use a different browser, disable its auto fill feature.

Again, not clear how you jumped to conclusion that I was implying this is a pfsense problem solely on the basis that I was posting in the webgui section. What other section would I post a question about the webgui in?

johnpoz

It has ZERO to do with pfsense or its gui... Again you should be on your browsers of choice forums..

Or in the general section.. What your browser autofills has zero to do with pfsense gui at all.

Derelict has already completed this thread to be honest..

Do you think there is some code pfsense could put on its forms to tell chrome not to fill them?

JeGr

@johnpoz said in Chrome password auto-fill breaking IPv6:

Do you think there is some code pfsense could put on its forms to tell chrome not to fill them?

Actually there is. You can set autocomplete="xy" on a form field to signal browsers to stop form-filling or how they should handle them. BUT it also states clearly, that id/names of those fields should be pretty specific to trigger that. The field in question is "dhcprejectfrom" and I can't see how in the hell that should be a trigger to inject a "name" field in it. So either Chrome reads the form name and that triggers it or it's completely bonkers.

My 2c would be to actually stop password-filling/-saving in/from any browser and use a password safe (like keepass) and if you're lazy an extension for your favourite browser to have it fill your login forms after asking. Most extension that does so (lastpass for their service, kee/vault for keepass, etc.) have a much better matching algorithm or configuration on which sites they offer and on which the don't allow to fill in. I'm using a combo of auto-type or "kee" (extension) with keepass for years. Best thing ever. And inter-operable if you ever switch browsers for testing etc.

Derelict

I gave up on all of that browser plugin junk a couple years ago and now use the Lastpass mac application and copy/paste everything. They have made it pretty easy, I think in part due to my feedback. :)

This has the added benefit of being the same workflow for everything - even if it is not in the browser (or is in a secondary browser for testing reasons, etc).

stephenw10

If it's auto-filling a value in that field that value is stored somewhere and you should be able to remove it from Chrome.

I use Chromium all the time and have never hit that issue. The proxy pass/username auto-fill is very annoying though.

Steve

tcarlisle

Wow, the temperature in here sure is hot. Yeah, the OP did not in any way blame pfsense and did not demonstrate an expectation that pfsense would own resolving this.

Anyone that has researched this has found that getting google to consider changing the autofill behavior so it can be disabled on a per-site basis knows that is not going to happen any time soon.

That said, I was able to solve the problem I was seeing by going to my google account and removing saved login/password for the firewall. As long as I have it set to save credentials in google, then certain pages also populate my username on forms. For example, when viewing the admin page for an interface, in the "reject leases from" box., it would always put my login that was saved from the login page.

It probably isn't a particularly good practice to have your firewall credentials saved in a browser anyways.

I spent a little time looking at the page html and I can see no good reason why google chrome would mistake this field for the user's login. So this is clearly a chrome issue.

Raffi_

Agree with @bimmerdriver and @tcarlisle on this. The op did a service of letting others know about the issue and never actually requested a fix or placed blame on pfSense. Yes, the forum is mostly people trying to get a fix or requesting help, but it's not exclusively for those purposes. I often just browse random topics like this to learn from others.

Thanks for the heads up.

Raffi

stephenw10

Technically this should have been in general discussion if it was known not to be a pfSense issue initially.
I've moved it there now.

I've been bitten by this sort of thing and blamed pfSense in the past. It was the LastPass plugin in my case.

Steve

Nelso5n

This is breaking the system that the web page is being used for. The only work-around I could find was to delete the username and password.

jimp

Might be better on 2.4.5 & 2.5.0: https://redmine.pfsense.org/issues/9864

Gertjan

@andrealucia said in Chrome password auto-fill breaking IPv6:

This prevents the IPv6 gateway from starting. In years of running pfsense, I've never seen this behaviour.

When pfSense boots, interfaces are mounted, protocols are started, things like IPv4 and IPv6 are activated, links are build. IP's are set, masks and gateways are defined.
All this happens long before processes like a web server (nginx), that hosts the pfSense GUI, are started.

Yet the login of a user using some browser disrupts the IPv6 gateway ?
How ?

@andrealucia said in Chrome password auto-fill breaking IPv6:

Is there any other work-around?

I thought the issue was solved. It's a browser behaviour.

Slat1e

This post is deleted!