Autofill isn't working for a specific site

[cscharf]

Describe the Bug

We are aware of many sites' login forms, payment gateways, identity forms, etc. where the Bitwarden browser extension either on a single platform/browser or multiple will not autofill information. This is something the Bitwarden team is actively working on but need your help as a community and active Bitwarden users!

Expected Result

When you have autofill configured and get to a page where you have saved credentials within Bitwarden, and your browser extension is unlocked, the credentials should be automatically populated. Otherwise, if you have saved information and use a manual action or command to autofill credentials, identity information, card information, etc.; it should properly populate the form.

Actual Result

This works most of the time, but not always and it can depend on many, many factors. Some sites simply don't work, some don't work consistently and others who knows. This is what we're aiming to fix!

Call to Action

Below is a link to a Google Form that we have created for capturing information that will help us track down all of these pages and forms where Bitwarden has failed to autofill your information. You may submit as many as you like, just please help us help you and the community by providing meaningful information and only those sites/pages where it legitimately doesn't work.

Report autofill failure Report autofill failure on Mobile

If you've been sent to this issue because another issue you had open was closed as a duplicate, thank you for taking the time to submit the issue to us, however we truly need to track this under a single item in aggregate fashion so we can manage it holistically and ensure we're taking broad measures that will improve this behavior with the maximum benefit to all. Please consider using the linked form above to submit the prior sites you had reported in the issue closed.

[setyb]

I'm sorry, I don't use Google, nor do I recommend any of their products to others. In fact, Google-run host names as well as all known Google IP addresses are completely blocked here. Life is better without Google™.

I'm happy to continue to contribute via any non-Google and non-Facebook open-source product.

[cscharf]

I'm happy to continue to contribute via any non-Google and non-Facebook open-source product.

Understood @setyb , please feel free to respond in this thread; the form simply helps us collect and aggregate patterns (and works still with every kind of blocker on); however I understand your reluctance.

[skube]

As a recent LP refugee, I find the term Autofill a little ambiguous. Does it mean:

• Right-click input and select BitWarden > Auto-fill > Select login ?
• Or, click extension and select login ?
• Or, using the keyboard shortcut ?
• Or, Auto-fill on Page Load (which is the most term-accurate IMHO)

I understand from the Help page it means all of the above, it's just if you are tracking and collating issues, shouldn't you differentiate the various modes a little better?

Case in point, I created #1624 which only didn't work because my default keyboard shortcut had be cleared for some reason.

[eliykat]

@skube Good question. By "auto-fill", we mean auto-filling credentials by any method, including all those you list. Generally if one method won't work none of them will, but if the problem is with a particular method, you can note it in the Additional Info section of the form.

Also, we're trying to record problems caused by specific websites. So if you're experiencing a problem for all websites, it's more likely to be an issue with your install or configuration (as in your report), which is out of scope for this issue.

[Pulsar]

Hello @cscharf, As

• There are many websites that deviate a lot from a more standard way of naming input fields by "user" and "password"
• Collecting is highly a continuous process and would probably never end as sites change and new pop up every day
• Most probable, users giving feedback to this thread are probably either developers or IT professionals.

Therefore I suggest to create a simple feature that gives the user the ability to determine custom selector for user and password if it does not function properly. Also a small option to share the configuration would be nice. Example data shared:

{
  "url": "exmaple.com/login",
  "userSelector": "#user",
  "passwordSelector": ".credentials.password[0]"
}

Each then shared custom selector could be downloaded by the other users.

Also a right click to element and then, bitwarden > set as user input, bitwarden > set as password input would be a solution. Note: only user and password selector should be given by the user, the link should be automatically collected.

(To All: Show your support if you agree with this solution)

[cscharf]

That's not a bad idea @Pulsar , however this can be accomplished today a bit easier by using custom fields and just putting your username and/or password in a custom field (which can also be a hidden type) and using the matching rules for naming accordingly which alleviates some of the autofill issues with sites that have non-standard or odd naming schemes for those fields (or any fields for that matter).

As far as the ability for the community to be able to contribute these 1-off odd mappings in an easy way through the Bitwarden extension, that may certainly be something to look into as that allows economies of scale and a super easy way for a lot of people to contribute. That of course would have to be tempered with hardening and proper vetting of those to ensure malicious code isn't injected or other bad behaviors (manual review process, PRs, etc.). Will give this some thought and put a card on our backlog as a placeholder for it.

[EDIflyer]

Interesting idea, @Pulsar - I remember LastPass did this for mapping saved website logins to Android apps when using it on the mobile, which was quite handy. @cscharf perhaps that might be worth considering too? I filed #1625 before I'd realised this thread and the Google Form exists - is there enough info in my previous bug to use or do you want me to complete the form too? (will bookmark it for the future!)

[cscharf]

is there enough info in my previous bug to use or do you want me to complete the form too? (will bookmark it for the future!)

@EDIflyer, if you're willing, submitting via the form would be great, otherwise someone on the team will backfill. Thanks!

[JanPokorny]

I found a payment gate where card info auto-fill fails (or, rather, it fails the first time but works the second time), detailed at #1653. I was directed to this issue, but it seems that the form is specifically for log-ins. It asks for a login page URL... but payment gates don't work that way, you need to go to an e-shop that uses the gate and actually try to pay for something to see the gate.

So, what is the procedure for reporting payment gates where the card info autofill fails?

[cscharf]

Hi @JanPokorny , I've updated the description and form to be more inclusive of all autofill, we did intend that but for whatever reason when I quickly tossed everything together I just had credentials/logins stuck in my head. Thanks!

[JanPokorny]

@cscharf Hello, you did not answer my question. Autofill of card details fails on https://platebnibrana.csob.cz/[something], but that's a one-time transactional URL and I can't simply give you the URL to test it yourself. To see the payment page, you actually have to try to pay for something. So, am I to give you an address for an e-shop that uses that payment gate, and instructions how to try to pay for something?

[cscharf]

Hello, you did not answer my question.

Sorry @JanPokorny , the example you have above is sufficient enough, we don't need the actual URL if you have a representative version of it to share, along with the notes/explanation of how to get to it/invoke it.

Thanks again! Chad

[setyb]

@cscharf wrote:

As far as the ability for the community to be able to contribute these 1-off odd mappings in an easy way through the Bitwarden extension, that may certainly be something to look into as that allows economies of scale and a super easy way for a lot of people to contribute. That of course would have to be tempered with hardening and proper vetting of those to ensure malicious code isn't injected or other bad behaviors (manual review process, PRs, etc.). Will give this some thought and put a card on our backlog as a placeholder for it.

I think this is an interested idea as well, but I share the same concerns as Chad (@cscharf). Additionally, I have concerns about bloat in that the majority of special cases will not likely apply to the majority of users. For example, if the community finds 1000 special cases, how many of those will actually be used by the average user?

As Chad mentioned, custom fields work very well in many cases, but do require some technical know-how (more than the typical user probably possesses, but not too hard or time-consuming to learn). What I would like to see worked on the most is all the sites for which custom fields do not work. A little bit of JavaScript injection by Bitwarden on those sites might be required.

[sigboe]

Is there any way the Bitwarden extension could autodetect a failed auto-fill? This way we could opt in to automatically provide this data? Or opt in to have a pop up ala "update password" to send this failed attempt?

I am guessing if you actually got a good amount of data and the ability to sort it by failure reason you could quickly fix the most sites at once by starting doing changes that would fix the most sites.

[Charlock1]

BitWarden doesn't recognize password field on bigbadtoystore.com

[sigboe]

BitWarden doesn't recognize password field on bigbadtoystore.com

Im sorry but it doesn't help just making a comment here. In the first post here, there is a link to a form you fill out to report issues with autofill. You also need to pick which browser and OS you are using. :smile:

[Charlock1]

Hi Sigurd,

I also filled out the form. Thank you.

On Thu, May 27, 2021, 1:23 AM Sigurd Bøe @.***> wrote:

BitWarden doesn't recognize password field on bigbadtoystore.com

Im sorry but it doesn't help just making a comment here. In the first post here, there is a link to a form you fill out to report issues with autofill. You also need to pick which browser and OS you are using. 😄

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/bitwarden/browser/issues/1621#issuecomment-849361923, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADRGRUAC3PRYECXJEBU2EXLTPXQOPANCNFSM4X3EMQFA .

[ghost]

Form filled out for #1901.

[eliykat]

Hi all! A quick update - we've gotten 200+ responses on the Google Form, which has been extremely useful for being able to review your reports in bulk and strike out any duplicates. It's also kept the rest of the Github Issues section tidy so that we don't get lost in a swathe of autofill issues. So thank you everyone for taking the time to submit or post your reports here. This is actively being reviewed and analyzed so that we can make some improvements in this area.

We're still collecting responses in the meantime, so keep 'em coming!

[Unixware]

the extension (chrome) is filling the passwords on a field that IS NOT PASSWORD. this happens on the PHPList (admin console) the bitwarden is filling my password on the password field AND ON THE "Forgot Password? Enter your email address:" field.

To test it please try the demo page of the PHPlist:

https://demo.phplist.org/lists/admin/

demo admin username: admin demo admin password: phplist

thanks

[EDIflyer]

When I've had similar situations before I've just added a field ('forgotpassword' in this case) and made it blank but agree would be good to not fill in the first place if possible.

[Unixware]

good tip, thanks

On 04/08/2021, EDIflyer @.***> wrote:

When I've had similar situations before I've just added a field ('forgotpassword' in this case) and made it blank but agree would be good to not fill in the first place if possible.

-- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/bitwarden/browser/issues/1621#issuecomment-892682437

[HaroonRehman]

Tested Website: 🥇 https://forums.kali.org/forum.php

Auto-fill not working and password is disclosing which is a critical case if we are doing streaming or share our screen in a conference

[simonz21]

also doesn't work on my QNAP login pages. Works on password but not Username

[rajeshisnepali]

Doesn't work in Mega.nz extensions (URL: chrome-extension://bigefpfhnfcobdlfbedofhhaibnlghod/mega/secure.html)

[andrhevictor]

@eliykat I'm sorry to revive this issue, but I was wondering how does the "detection" of password change/creation works? Does it detect the HTML input names/ids?

[eliykat]

@andrhevictor, yes:

• this function runs in the background on the webpage, scrapes its contents, and sends it to the extension in a consumable format (PageDetails)
• this service is responsible for consuming the PageDetails and identifying fields (e.g. username, password, credit card number, whatever) for autofill. For example, here is the logic that finds password fields.

But if you don't want to read all that: yes, it's a combination of the HTML id, name, and other attributes (such as type="password").

If a field is not detected for autofill because it doesn't match the assumptions in that logic, you can still create a custom field (particularly a linked custom field) to specifically target the HTML input element. However, there are some autofill issues that this doesn't solve (e.g. accidentally overwriting CAPTCHA data or interfering with javascript on the page).

[andrhevictor]

@eliykat Thank you! Was more curious than anything else 😅 Glad to know more about how it works underneath. Thanks again.

[Szeraax]

@simonz21 , check out https://github.com/bitwarden/desktop/issues/1004

[t-AIR-e]

Citi.com - I'm unable to login with autofill but if I autofill and then remove my username and manually enter my username, works.