Mobile Safari with LastPass extension autofills honeypot
Bug #1784908 reported by
Adam Collard
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical SSO provider |
Fix Released
|
Medium
|
Adam Collard |
Bug Description
Using Safari on iOS with the LastPass extension causes Safari to autofill the honeypot field and therefore get identified as a bot.
Neither Firefox for iOS nor Chrome exhibit this behaviour, and I have triple-checked the field is not set to auto-fill from LastPass.
By moving the honeypot after the email field we can avoid Safari's behaviour of auto-filling the field.
Related branches
lp:~adam-collard/canonical-identity-provider/mobile-safari-is-not-a-bot
- Tom Wardill (community): Approve
-
Diff: 103 lines (+64/-4)2 files modifiedsrc/identityprovider/middleware/honeypot.py (+42/-1)
src/identityprovider/tests/test_middleware.py (+22/-3)
Changed in canonical-identity-provider: | |
status: | Confirmed → In Progress |
Changed in canonical-identity-provider: | |
status: | In Progress → Fix Released |
To post a comment you must log in.