The most useful one is autocomplete=new-password, which prevents browsers
prefill with current password, Chrome will also suggest a random strong
password for users who turned on account sync.
Related docs:
https://html.spec.whatwg.org/multipage/form-control-
infrastructure.html#autofill
https://www.chromium.org/developers/design-documents/form-styles-that-
chromium-understands
https://developer.mozilla.org/en-
US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields
--
Ticket URL: <https://code.djangoproject.com/ticket/29379>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Old description:
> Add autocomplete=username/email/current-password/new-password to
> contrib.auth builtin forms.
>
> The most useful one is autocomplete=new-password, which prevents browsers
> prefill with current password, Chrome will also suggest a random strong
> password for users who turned on account sync.
>
> Related docs:
> https://html.spec.whatwg.org/multipage/form-control-
> infrastructure.html#autofill
> https://www.chromium.org/developers/design-documents/form-styles-that-
> chromium-understands
> https://developer.mozilla.org/en-
> US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields
New description:
Add autocomplete=username/email/current-password/new-password to
contrib.auth builtin forms.
Pull request: https://github.com/django/django/pull/9921
The most useful one is autocomplete=new-password, which prevents browsers
prefill with current password, Chrome will also suggest a random strong
password for users who turned on account sync.
Related docs:
https://html.spec.whatwg.org/multipage/form-control-
infrastructure.html#autofill
https://www.chromium.org/developers/design-documents/form-styles-that-
chromium-understands
https://developer.mozilla.org/en-
US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields
--
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:1>
* needs_better_patch: 0 => 1
Comment:
This seems OK/good in theory. We're a bit ahead of the curve in terms of
current browser support so there's a question about when (and whether)
this gets adopted.
[https://github.com/django/django/pull/9921 PR] has failures that need
addressing.
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:2>
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:3>
* cc: Jeff (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:4>
Comment (by sedrubal):
Hi, what is the status of this pull request? I just wanted to open the
same pull request and then I found this ticket...
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:5>
Comment (by Claude Paroz):
After months of inactivity, feel free to take over the patch (crediting
the original author), and polish it so as it can get in the review queue
again.
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:6>
* status: new => assigned
* owner: nobody => Hasan Ramezani
Comment:
PR [https://github.com/django/django/pull/11070]
Just a little change in https://github.com/django/django/pull/9921 so
tests are passed.
Do we need to add tests for it? how?
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:7>
* needs_docs: 0 => 1
* needs_better_patch: 1 => 0
Comment:
Since this is marked as a new feature, you might want to add a line or two
to the 3.0 release notes. I don't think you need to add anything to the
documentation.
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:8>
* needs_docs: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:9>
* needs_tests: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:10>
Comment (by Hasan Ramezani):
@Johannes Hoppe , I did your requested changes on the PR.
Any suggestion for the tests?
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:11>
* needs_tests: 1 => 0
Comment:
Tests added to PR!
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:12>
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:13>
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"dcb8f00d06eec99072b78d54215c9a3dc04acb99" dcb8f00]:
{{{
#!CommitTicketReference repository=""
revision="dcb8f00d06eec99072b78d54215c9a3dc04acb99"
Fixed #29379 -- Added autocomplete attribute to contrib.auth.forms fields.
Thank you to Nick Pope for review.
Co-authored-by: CHI Cheng <clou...@gmail.com>
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:14>
Comment (by Nick Pope):
[https://github.com/django/django/pull/11623 PR] moving `autocomplete`
attribute into `UsernameField`.
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:15>
Comment (by Carlton Gibson <carlton.gibson@…>):
In [changeset:"999891bd80b3d02dd916731a7a239e1036174885" 999891bd]:
{{{
#!CommitTicketReference repository=""
revision="999891bd80b3d02dd916731a7a239e1036174885"
Refs #29379 -- Moved autocomplete attribute to UsernameField.
Moving the autocomplete attribute into UsernameField allows this to work
for custom forms making use of UsernameField, removes some duplication
in the code, and keeps consistency with the autocapitalize attribute
that is already defined on UsernameField.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/29379#comment:16>