search

magento / security-package

Magento Security Extensions
Open Software License 3.0
66 stars 69 forks source link

Replace autocomplete="off" with autocomplete="one-time-code" on auth #332

Open JamesFX2 opened 9 months ago

JamesFX2 commented 9 months ago

Hi,

https://web.dev/sms-otp-form/ recommends that autocomplete="off" is replaced with autocomplete="one-time-code" so that the browser doesn't ask the user if they want to replace their current password with the autocomplete.

See also https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/autocomplete#values

For example,

https://github.com/magento/security-package/blob/develop/TwoFactorAuth/view/adminhtml/web/template/google/auth.html#L25

Can submit a PR myself with "fixes" if requested.

m2-assistant[bot] commented 9 months ago

Hi @JamesFX2. Thank you for your report. To speed up processing of this issue, make sure that you provided sufficient information. Add a comment to assign the issue: @magento I am working on this

Join Magento Community Engineering Slack and ask your questions in #github channel.