-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[AC-1046] activate autofill on page load policy #4860
Conversation
/> | ||
<label class="form-check-label" for="enabled">{{ "turnOn" | i18n }}</label> | ||
</div> | ||
</div> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We had a good discussion here a couple of weeks ago about some of the impacts of the autofill on page load setting. Enabling it can be a security risk. Should we add a callout here similar to the one in the autofill settings with a warning that it can be exploited?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a very good point, @bitwarden/dept-design what would you think about copying everything after WARNING: into a callout on the policy?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@differsthecat added a callout, nice catch!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good, thank you @jlf0dev !
Adding hold - we need to restrict this feature to Enterprise 2020 plans |
Update: This feature has been locked to the current Enterprise plans. This is more of a 'hard lock' than other features, and doesn't allow CS to toggle the feature on/off. Since this is a hackathon item, Product felt this was appropriate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good!
Type of change
Objective
Adds a new policy that will automatically activate auto-fill on page load for all users in the organization when the policy is enabled.
From the end-user perspective, a one-time notification will show to indicate that the organization turned on the setting. The policy will not restrict the user from modifying the setting after activation. This means that the user can:
Server dependency at bitwarden/server#2751
Code changes
Some of the messaging on browser has been lost recently, specifically "loggedIn", "unlocked", and "syncCompleted" messages don't get caught by the
bitwardenPopupMainMessageListener
. This means that we can't detect when the user completes any of these actions to activate the setting and show the popup. As an alternative, I have attached the flag detection on thecurrent-tab.component
so when the user navigates to that page it activates from the policy.ActivateAutofill
policy and set a flag for later when we know the popup is open.Screenshots
Before you submit