Chrome Autofill Breaks Authentication #8376
Labels
bug
A problem with current functionality, as opposed to missing functionality (enhancement)
frozen-due-to-age
Issues closed and untouched for a long time, together with being locked for discussion
needs-triage
New issues needed to be validated
Milestone
v1.20.1, Linux (64-bit Intel/AMD) Build 2022-05-18
Docker container lscr.io/linuxserver/syncthing on Unraid v6.10.2
Chrome Version 102.0.5005.63 (Official Build) (64-bit)
If the username and password for Syncthing is saved in Chrome's built-in password manager, it will autofill the fields in the GUI settings dialog with the current username/password. If you try to change anything on the GUI settings page and save it, this will inexplicably break authentication going forward. On page reload, Syncthing will ask for authentication, but the username and password don't work. Sometimes it will partially load the page, sometimes not. Sometimes it does this with the new username and password, sometimes with the old ones, sometimes with a new username and old password or an old username and new password. Regardless, it will ask for authentication again immediately, even if the connection wasn't explicitly denied.
To solve the problem, I had to edit the config.xml file to remove the user and password, delete all saved logins from Chrome, and then set a new username and password through the GUI.
The current username and password should not be autofilled in the GUI settings dialog.
Save the username and password in Chrome, then open the GUI settings dialog, then try to change the username and/or password, then save.
I am accessing Syncthing through Nginx Reverse Proxy Manager, but the issue seems to persist when accessing the GUI directly by ip:port. HTTPS is not enabled, as that is handled by the reverse proxy.
Add the autocomplete="off" HTML attribute to the inputs in the GUI settings dialog. Sometimes this doesn't behave as expected with passwords; another option that may workaround this is autocomplete="new-password" for the password field.
The text was updated successfully, but these errors were encountered: