Password is being revealed in url

I have encountered a strange issue with a website:

When I log in manually everything works as expected (I get logged in, no weird urls).

But when I log in using 1Password's autofill, I do NOT get logged in (the same page just reloads) and my username and password get revealed in the url!

I do not fully understand what is going on here, but it does not seem ideal...

I'm on macOS and using Chrome.

browser extension

feature request

macos

1P_Evon
2 months ago
Hello again, danito.
I’ve contacted our development team regarding this, and the problem stems from this specific website’s code.
This form is simply a `<form>` element lacking specific attributes. Without a method attribute, it defaults to `method= “get”`, which will direct the user to the specified path in the `action` attribute.
Moreover, the absence of Javascript listeners is linked to the clicking of the Sign-in button and the functionality of the auto-submit feature.
You can reproduce this without using 1Password at all if you select the Sign-in button in dev tools and type `$0.click()` in the console. That will run a `click` on the element you have selected in the Elements tab.
Our development team is in the process of updating our website design documentation for developers to reflect best practices: Design your website to work best with 1Password Developer.
I hope that helps. Let me know if you have any further questions.
-Evon

danito
Occasional Contributor
2 months ago
Thanks for looking into it! I will avoid using autosubmit/autofill for this website for now.
- 1P_Evon
  1Password Team
  2 months ago
  Hello again, danito.
  I’ve contacted our development team regarding this, and the problem stems from this specific website’s code.
  This form is simply a `<form>` element lacking specific attributes. Without a method attribute, it defaults to `method= “get”`, which will direct the user to the specified path in the `action` attribute.
  Moreover, the absence of Javascript listeners is linked to the clicking of the Sign-in button and the functionality of the auto-submit feature.
  You can reproduce this without using 1Password at all if you select the Sign-in button in dev tools and type `$0.click()` in the console. That will run a `click` on the element you have selected in the Elements tab.
  Our development team is in the process of updating our website design documentation for developers to reflect best practices: Design your website to work best with 1Password Developer.
  I hope that helps. Let me know if you have any further questions.
  -Evon
  - danito
    Occasional Contributor
    2 months ago
    Thank you! I don't grasp what this means fully myself but I will forward it to the website's team.
1P_Evon
1Password Team
2 months ago
Hello, danito. Thank you for reaching out. I'm sorry about the problem you encountered.

I've done some testing on my end and have been able to recreate the same problem only on this specific website when using the Open and Fill feature. I've shared the details with our development team for further investigation.

In the meantime, I recommend temporarily turning off the Autosubmit feature for this specific item. Here's how:

Open Chrome and navigate to the Wayfinder website.

Click the 1Password icon in Chrome's toolbar.

On the Wayfinder Login item, click the three dots for more options and select Don't sign in automatically.

If you are using the 1Password desktop app to Open and Fill, here's how to turn off Autosubmit:

Open and unlock the 1Password desktop app.

Click your account name at the top left and select Settings.

In the General section, turn off Submit automatically with Universal Autofill

I hope that helps. Let me know if you have any questions.

Forum Discussion

Password is being revealed in url

Recent Discussions

Pricing for new customers vs existing

secret key

Switching from Individual to Families (going through Billing doesn't work)

1Password dropdown masks macOS autofill for SMS verification codes

Unable to delete vault in iMac.