BUG: Changing website password through extension doesn't work (/.well-known/change-password)

New Contributor

4 years ago

Hi @Joy_1P, I did some testing on some servers and I found what is causing the issue on Twitter.

The 1password extension checks the url https://twitter.com/.well-known/change-password, but also checks: https://twitter.com/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200 (kudos for testing on an URL that explains what it is expecting)

The URL https://twitter.com/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200 generates a 200 OK
When the URL generates a 200, it doesn't work correctly and the user is bumped to the homepage. BUT if that URL would generate a 404 it does work correctly.

I also tested this at Github; https://github.com/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200 generates a 404 and thus the "change password" function of the extension works as expected.

Hope this helps! Not sure why you guys check /.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200 but there is probably a very good reason to do so :-)

Hope this helps!

Forum Discussion

BUG: Changing website password through extension doesn't work (/.well-known/change-password)

Featured discussions

November at 1Password: the Access-Trust gap, planning your estate, and an updated unlock experience

Recent discussions

Feature request: encrypted 1pex

Emergency access - people I trust that may ask to access my account in case of an emergency

Feature Request: Show Original Contributor of Items in Shared Family Vaults

Has something changed: http:// not filling in any more?

Cancelled Account, But Got Billed for 0.95 Cents