Please give us the ability to remove/ignore http:// in certain conditions

I'm a web developer, and all of my local development sites run on http://, even though the staging and production versions are on SSL. I get this warning every time I try to log in to a local development site, even if there's a "http" tag on the entry (which was the workaround provided for 1Password on Desktop to get the warning to go away). Could we add something to remove this for situations like mine please? I get the warning even on sites that have never gone live, so the "This login was originally saved on a secure site" isn't always true.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hey @codeknight! Just to clarify, are you using the same set of credentials on the development, staging, and production versions? The solution here would be to have the URL that's saved in 1Password be an http URL, instead of an https one. This warning means that what's in 1Password is different from the site you're on, basically.

  • codeknight
    codeknight
    Community Member

    Yes - same login details for all of them, as the database is frequently copied from production > staging > local.

    Here's what it looks like in 1P, to clarify:

    I'd rather not have three separate entries for one site.

  • Thanks for clarifying. So although I'd normally recommend having SSL URLs wherever possible, for your particular use case, it might just make the most sense to change your staging and production URLs to also be HTTP, unless you're launching these sites directly from 1Password, and launching those two URLs wouldn't automatically redirect to HTTPS and it would be problematic for you.

    I do find it somewhat curious behavior, however, if I'm understanding correctly and fully: in your original screenshot, are you on that first dev URL, the one whose TLD is .test? Since you have that dev URL saved as HTTP, if you're on that HTTP site, I can see that message being confusing in that case.

  • codeknight
    codeknight
    Community Member

    Yes - in the first screenshot, I see that warning message whenever I try to sign into a local development site, for example http://codeknight.test. I'd expect not to see that warning, given that http://codeknight.test is one of the URLs listed in the 1P entry (especially when it's tagged with http).

    I develop sites locally on my machine, and those URLs start with http://, because I don't have a local fake SSL certificate. The staging and production URLs are SSL. Expected behaviour would be that 1Password detects which site I'm on, and doesn't warn me about the local one.

    Incidentally, this isn't an issue when using the normal 1Password browser extension for the desktop app, it only happens with 1PasswordX.

  • Thanks for clarifying everything for me. I've filed a feature request with our developers for future consideration. :smile:

    I do just want to point out that the HTTP tag is strictly for Watchtower warnings, so it doesn't come into play here. But I see the use case for not showing this warning when multiple URLs are present (including an http one), so we'll see what the future holds.

    ref: dev/core/core#468

  • codeknight
    codeknight
    Community Member

    That's great, thanks!

  • AGAlumB
    AGAlumB
    1Password Alumni

    :) :+1:

This discussion has been closed.