Support Discourse login forms

[mcnesium]

Since recently I see the auto login fail on Discourse forums like this one. No idea whether this is due to a Discourse update or browserpass changes.

[maximbaz]

Had a look at their markup, unfortunately it's the update on their side. Not only the current login box doesn't use the <form> tag, their Login button has no indication of what it is supposed to do (no class, no name that would indicate that it is a login button).

If there is a way to complain to their support team, please do, but otherwise I'm afraid there's nothing we could do 😞

[mcnesium]

I reported the issue. Lets see what happens…

[mcnesium]

the answer:

Submit buttons does not have to be a child of the HTML <form> element. I recently added the form attribute to the Login button to help password managers.

While I personally disagree with the habit, I must admit that technically he is right: <button> specs at MDN.

Looks like his commit will only land in Discourse v2.0, but you could be prepared for that, if browserpass can not handle the form attribute yet.

[maximbaz]

Great finding, I didn't know it's a thing - definitely will implement.

[mcnesium]

bug report :tada:

[maximbaz]

I've looked into this, the fact that they fixed "form" attribute is great, but the reason why Browserpass is still unable to detect the login button is because there are no "markers" on the button that would confirm that it is indeed a login button. I don't want Browserpass to click random buttons, so I posted an explanation on their Github asking to add any identifying label, in id, name or class attribute.

See https://github.com/discourse/discourse/pull/7056#issuecomment-478290102

I tested that when I edit HTML in Chromium Devtools and add for example class="login" to the Login button, Browserpass correctly detects it.

So at the moment there's nothing else to do on our side, but Discourse team needs to identify their login button better.