issue: Remove Old Login Code #6542
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This removes old and tired code from the login pages where we throw `Http::response(422);` to "prevent browsers from suggesting saving the username and password". This is no longer the case as browsers no longer play by these rules. The only way to properly do this nowadays is to set an attribute on the form tag to disable autocomplete. We don't want to do this either as that would prevent password managers from autofilling the auth info. Throwing a 422 code prevents some setups from accepting logins due to 4XX codes being error codes in nature. Removing this code seemingly has no negative impact whatsoever. A short backstory, this was [originally a 401 code](osTicket@a99b9ce) to prevent browsers from suggesting saving the auth info. Later it was [changed to a 422 code](osTicket@772d5c5) to make IE play nice.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This removes old and tired code from the login pages where we throw
Http::response(422);to "prevent browsers from suggesting saving the username and password". This is no longer the case as browsers no longer play by these rules. The only way to properly do this nowadays is to set an attribute on the form (or input) tag to disable autocomplete. We don't want to do this either as that would prevent password managers from autofilling the auth info.Throwing a 422 code prevents some setups from accepting logins due to 4XX codes being error codes in nature. Removing this code seemingly has no negative impact whatsoever.
A short backstory, this was originally a 401 code to prevent browsers from suggesting saving the auth info. Later it was changed to a 422 code to make IE play nice.