Having trouble turning off save new password alerts for one website.

mackim2

I'm picking up a closed string I started in October 2019. I frequently am changing customer information in a ticket selling website for our local theatre. Every time I update a customer account, 1Password prompts me to update my password to that site. I have tried entering the domaine in the preferences where it says, "Detect new usernames and passwords and offer to save them (except on the following domains)". I have tried the domain both with and without the "http://" in front of it. But no luck. Any suggestions?

---

1Password Version: 7.6
Extension Version: 4.7.5.90
OS Version: OSX 10.14.6
Sync Type: Not Provided
Referrer: forum-search:mackim

ag_ana

Hi @mackim2!

Are you able to share what you entered in that field exactly, so we can take a look at what format you entered the domain name?

mackim2

I have tried
http://tixhub.com and
http://secure1.tixhub.com
but also
tixhub.com
secure1.tixhub.com

ag_ana

@mackim2:

Thank you for the confirmation. We have discussed something similar some time ago (you can find the discussion here, so I wonder if this is the same thing that is happening to you. Can you take a look at bundtkate's comment in that discussion and see if that applies to you?

We never heard back from the other user afterwards, so it would be great if you could give us some feedback and let us know if those suggestions helped :)

mackim2

I just read bundkate's comment. I assume by unlocked she means not yet signed into 1Password. Just unlocked it and then realized that the domain, or rather URL, should be https:// so I made that change. Didn't solve the problem. So I went back to just "secure1.tixhub.com" and still the same result with 1Password unlocked.

mackim2

I have been trying some different things, still no result. When the prompt came up (see screenshot) to save the password, I clicked on the gear icon at the bottom left, and chose "never save password for this site" or similar wording.

mackim2

I have also turned off the Chrome preference for saving any passwords at all.

ag_ana

@mackim2:

Thank you for the confirmation. I tested that website, and things seem to be working for me:

1. I tried to login to the website, and 1Password prompted me to add the account to the app
2. I then went to 1Password Preferences > Browsers tab, and added tixhub.com to the list of excluded domains
3. I went back to the website, tried to login, and 1Password did not prompt me to save the login anymore

Can you maybe post a screenshot of your Preferences > Browsers tab window, so we can take a look and see if there is a mistake there?

mackim2

Ok, the situation is a little more complicated. TixHub has both front end, which patrons access to buy tickets or do other transactions. They sign in with their own password. The back end is for our box office staff and administrators (me). I have set the 1password prefs as shown in the attached image. If I try to sign in myself to the backend and type a different password than the correct one, 1Password does not offer to save it. This is correct behavior and the same as your experience.

The problem pops up when I am editing the patron's account info which includes their password, though I can't read it. No matter what changes I make to the record, when I click "Update" 1Password notices that it contains a password and offers to save it. This behaviour persists no matter what I do. It's probably an unusual set of circumstances that might just be too much for 1Password to handle. It's not a big deal unless I'm doing a lot of edits to customer accounts.

ag_ana

@mackim2:

Thank you for the additional information.

The problem pops up when I am editing the patron's account info which includes their password, though I can't read it. No matter what changes I make to the record, when I click "Update" 1Password notices that it contains a password and offers to save it.

Is this page also on the tixhub.com domain, or is it perhaps on a different one?

mackim2

Here's the URL for one customer account:
https://secure1.tixhub.com/shuswap/bom/u_reg.asp

Ben

@mackim2

I've been speaking with our extensions team about this case. Our suspicion is that there is some sort of a frame on the page that you're working on that is causing this to happen. On the page where you're editing the account info (which then results in the prompt) could you please right click, select inspect, and then do a search for 'iframe'? Are there any results?

Please let us know.

Ben

ref: archives/CCSB4GCRE/p1595351312374000

mackim2

Yes, there is at least one iframe in the code. Attached is the contextual menu that appears on the right click.

Ben

Thanks for the update @mackim2. That goes a long way toward confirming our suspicions... Are you able to tell what domain the iframe is pulling from? I believe if you view the page source of the parent page (not the frame) and find the iframe tag, the src element would have that information.

HTML iframe src Attribute

Ben

mackim2

I know just a little about HTML but here goes. The word "iframe" appears 15 times in the page code. The block quoted below seems to be the most promising and the only occasions where a scource is identified. However, the source does not list the entire URL so I don't know what the domain would be. Can you tell from this? I'm finding this process fascinating.

<div id="dialogRequest" style="display: none;max-width:800px;color: #fff;font-size: 16px;z-index:99999 !important;" title="Branding Set Up Request">
                          <iframe frameborder="0" width="500" height="200" src="../bom_nouveau/dialogRequest.asp"></iframe>
</div>                      
                        <div id="dialogRC" style="display: none;max-width:800px;color: #fff;font-size: 16px;z-index:99999 !important;" title="Registration Confirmation">
                          <iframe frameborder="0" width="500" height="200" src="../bom_nouveau/dialogRegistrationConfirmation.asp"></iframe>
                        </div>

                        <div id="dialogOC" style="display: none;max-width:800px;color: #fff;font-size: 16px;z-index:99999 !important;" title="Order Confirmation">
                          <iframe frameborder="0" width="500" height="200" src="../bom_nouveau/dialogOrderConfirmation.asp"></iframe>
                        </div> -->

Ben

Hey @mackim2

That's very helpful, thank you. Unfortunately it doesn't point in the direction we thought it would. The "../" prefix in the src element means that these frames are loading pages on the same domain as the parent page (but up one folder level). It is interesting too that there is a --> at the end of that code block, as that's the syntax to end a comment (<!-- is the start of a comment), meaning that whole section of code may not actually be doing anything. This is a very strange page. 😅

I'll loop back with our extensions team to see if they have any further ideas, as I'm quite stumped.

Ben

mackim2

I could send you the entire code from the page if that would help.

Ben

@mackim2

I'd only want you to do that if the source doesn't contain any customer information. If that's the case, sure, please send it to support+forum@1password.com. If it does contain customer info it would probably be best not to. In that case... are the ones you posted above definitely the only iframes that have src elements?

Ben

mackim2

I have created a fictional customer and have sent the entire page code to the address you gave me. I checked and yes, those are the only references to iFrame that have a src element. Thanks for your efforts on this.

mackim2

Support ID: [#FIK-17328-948]

ag_ana

@mackim2:

Thank you! I confirm that I have managed to locate your message in our system :+1: We will take a look and someone will get back to your email as soon as possible.

Thank you for your patience!

ref: FIK-17328-948