TampereHacklab / mulysa

Mulysa member management for Hacklabs
GNU General Public License v3.0
6 stars 11 forks source link

Browser password autofill messes up csrf token in sso login page #452

Closed tswfi closed 10 months ago

tswfi commented 1 year ago

Steps to reproduce (chrome mobile, reports of ios safari also acting similar)

New incognito tab Go to site which does sso login against mulysa Go to login Use browser password autofill Click login => csrf error

Cannot reproduce when not using browser autofill. Also lastpass pwd fill does work correctly.

Seems to work fine when going to login page without sso login request.

sbeach92 commented 10 months ago

I think this problem has disappeared. Maybe along some chrome update?

tswfi commented 10 months ago

Now that you mention I haven't seen this either in a while.

Tried to replicate but wasn't able to quickly.

Lets close this.

olmari commented 10 months ago

I bet this had something related to do with https://github.com/TampereHacklab/mulysa/commit/5b70ee44d8be551358f8975efb3fd85a678e0b47 or such, which gave elaborate issues on email inking too in certain cases.