Autofill rules incorrectly applied with multiple sites in one entry

ThiefMaster
ThiefMaster
Community Member
edited July 2023 in 1Password in the Browser

See the screenshot for the autofill settings. I left the default for paprikaapp.com but for the second entry I changed it to be an exact domain match (since I have lots of custom stuff on aeum.net subdomains where I do not need/want this password).

However, when I login e.g. to my router (router.aeum.net) I also get this particular login offered. When I set both autofill rules to exact domain match, it disappears.

This is clearly a bug. Unless "related websites" uses some REALLY weird logic (is this documented somewhere? Is there a debug mode to see if the extension considers a site "related"?)

FYI this happens both with and without the desktop app integration.

1Password Version: Not Provided
Extension Version: 2.11.10
OS Version: Win 10
Browser: Firefox

Comments

  • steph.giles
    steph.giles

    Hey @ThiefMaster,

    It sounds like you are running into an issue that our developers are currently aware of whereby autofill behaviours are not respected when there are multiple websites saved within a login item.

    I have added you as an affected user to the internal issue, I'm sorry for the disruption.

    Let us know if there is anything else we can help with in the meantime.

    ref: dev/core/core#20855

  • ThiefMaster
    ThiefMaster
    Community Member

    Thanks for confirming this is a known problem and will be fixed.

    A small suggestion on how to improve this feature further: Add an option to stay in the subdomain. Currently you only have 'everywhere on the domain' (example.com even if the host entered is foo.example.com) and 'only on this particular subdomain' (only foo.example.com). But nothing like 'everywhere on this subdomain' which would in case of foo.example.com also fill on bar.foo.example.com.

    Alternatively, an option to do an exact match with glob-style wildcards enabled would be even better. That way I could for example put *.iot.mydomain.tld for a password I'm using for all my IoT devices (each on its own sub-subdomain), without cluttering anythingelse.mydomain.tld with those passwords nor having to list every xxx.iot.mydomain.tld host that exists manually.

  • steph.giles
    steph.giles

    Thank you for getting back to me @ThiefMaster, I have put in a request with our product team containing the suggestions you have provided for consideration in future updates.

    We appreciate you taking the time to suggest ways in which we can improve 1Password, let us know if there is anything else we can help with at all.

    ref: PB34449545

This discussion has been closed.