Can I restrict the password autofill to the exact url / form (sub)domain
I have different login forms on different sub domains so I always get a huge lists of different logins. and also I get my password for the basic auth from the web-server on my login form.
I also consider this as a security risk when different sub domains belong to different parties and I accidentally put my password into the wrong form.
Can I config Firefox the way that I get only passwords in the list that match the exact url or at least the (sub)domain?
Another Question As a Web-developer can I do something that my client don't experience such a mess (like giving the login form a special id so passwords are restricted do this particular form.
Chosen solution
Could you test this out and see whether it works for you:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.
(2) In the search box in the page, type or paste signon.includeOtherSubdomainsInLookup and pause while the list is filtered
(3) Double-click the preference to switch the value from true to false
Regarding the web dev side of it, I don't know whether the form ID is relevant at all. Possibly the name attributes of the username and password field could be a factor. If they are, and you write their values to hidden fields on form submit, then you could randomize those names.
Read this answer in context 👍 1All Replies (1)
Chosen Solution
Could you test this out and see whether it works for you:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.
(2) In the search box in the page, type or paste signon.includeOtherSubdomainsInLookup and pause while the list is filtered
(3) Double-click the preference to switch the value from true to false
Regarding the web dev side of it, I don't know whether the form ID is relevant at all. Possibly the name attributes of the username and password field could be a factor. If they are, and you write their values to hidden fields on form submit, then you could randomize those names.
Modified