Skip to content

fix(core): stop password managers from offering to save the OTP auth code#404

Merged
antfu merged 1 commit into
mainfrom
fix/otp-disable-password-manager-save
Jul 14, 2026
Merged

fix(core): stop password managers from offering to save the OTP auth code#404
antfu merged 1 commit into
mainfrom
fix/otp-disable-password-manager-save

Conversation

@antfubot

Copy link
Copy Markdown
Collaborator

Description

The client-authorization OTP form (ViewBuiltinClientAuthNotice.vue \u2192 OtpInput.vue) already hinted autocomplete="one-time-code" on each digit box for autofill, but nothing told browsers/password managers to skip offering to save the entered code as a credential.

  • Added autocomplete="off" on the wrapping <form> \u2014 the primary signal native browser password managers (Chrome/Firefox/Safari) use to skip a save-credential prompt on submit.
  • Added data-1p-ignore, data-lpignore="true", data-bwignore="true", and data-form-type="other" on each digit <input> \u2014 the attributes 1Password, LastPass, Bitwarden, and Dashlane respectively check to suppress their own save offers.

Linked Issues

Additional context

Verified with pnpm eslint on the changed files; no functional/behavioral change to the OTP flow itself.


Created with the help of an AI agent.

@pkg-pr-new

pkg-pr-new Bot commented Jul 14, 2026

Copy link
Copy Markdown

Open in StackBlitz

npm i https://pkg.pr.new/@vitejs/devtools@404
npm i https://pkg.pr.new/@vitejs/devtools-kit@404
npm i https://pkg.pr.new/@vitejs/devtools-rolldown@404

commit: 6ee38a2

@antfu antfu merged commit 00556e1 into main Jul 14, 2026
10 checks passed
@antfu antfu deleted the fix/otp-disable-password-manager-save branch July 14, 2026 03:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants