Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
AluminiumTech

Forum sometimes doesn't like password manager like Dashlane

Recommended Posts

Posted · Original PosterOP

Hi there,

I'm posting this cos I've experienced this a few times recently.

 

Basically sometimes the forum decides it doesn't like password managers like Dashlane and when I'm on a forum page when signed out and click on signing in, dashlane automatically fills in the details and either automatically logs me in or I have to manually press the login button.

 

The forum then can sometimes give me an error such as this:

image.png.ba1511d1787e702004dff910253bdd89.png

 

I've had some difficulty replicating the issue.

 

Info:
Firefox 66.0.2 on Windows 10 v1809 with the latest updates.

Screen resolution is 1920x1080.

Specs are my Desktop specs in signature.

 

I do also have the Dashlane browser extension installed because it is my password manager. I also have a few other extensions but none of them are at all involved with this.

 

Thanks much.


How to setup MSI Afterburner OSD | How to make your AMD Radeon GPU more efficient with Radeon Chill

Samsung Galaxy S8 Exynos variant (Late 2018 - present) | Lenovo Thinkpad T480 i7-8550U with UHD 620 Graphics (Mid 2018 - present)

Samaritan XL (Early 2019 - present) - AMD Ryzen 7 1700X (8C/16T) , MSI X370 Gaming Pro Carbon, Corsair 16GB DDR4-3200MHz ,  Asus ROG Strix RX Vega 56 , Corsair RM850i PSU, Corsair H100i v2 CPU Cooler, Samsung 860 EVO 500GB SSD, Seagate BarraCuda 2TB HDD (2018), Seagate BarraCuda 1TB HDD (2014), NZXT S340 Elite, Corsair ML 120 Pro, Corsair ML 140 Pro

Link to post
Share on other sites

I've not used dashlane, but are you able to see which fields it's trying to fill? It looks like it's trying to fill the csrfKey field, which would mean that it's dong weird stuff. If you can delete that field from the autofilled fields, it should stop breaking.

 

The csrfKey field is a hidden field with a value that is unpredictable and changes each time you start a new session (approximately whenever you close all your ltt tabs), which is used to prevent someone from tricking you into clicking a link which does an action on LTT (for example, someone could make a link which causes you to submit a new post with content of their choosing, but because they don't know the correct value for the CSRF key it will be blocked).

 

My point is that the CSRF key is a security feature which  will not be changed. If it is causing incompatibility with Dashlane then changes will be required on their end. I'm happy to work with them to resolve it, though I would imagine that it breaks many more sites than just LTT.


I don't work for Floatplane Media, so any Floatplane comments that I make are my own and may be incorrect or in conflict with the official view.

 

For Floatplane support, please use the wizard linked in this topic

Link to post
Share on other sites
Posted · Original PosterOP
37 minutes ago, colonel_mortis said:

I've not used dashlane, but are you able to see which fields it's trying to fill?

The only fields that I can see it filling are my username and password fields. I don't see any other field it tries to fill on LTT.

37 minutes ago, colonel_mortis said:

It looks like it's trying to fill the csrfKey field, which would mean that it's dong weird stuff. If you can delete that field from the autofilled fields, it should stop breaking.

 

I'll need to double check if this is an option later.

37 minutes ago, colonel_mortis said:

The csrfKey field is a hidden field with a value that is unpredictable and changes each time you start a new session (approximately whenever you close all your ltt tabs), which is used to prevent someone from tricking you into clicking a link which does an action on LTT (for example, someone could make a link which causes you to submit a new post with content of their choosing, but because they don't know the correct value for the CSRF key it will be blocked).

 

My point is that the CSRF key is a security feature which  will not be changed. If it is causing incompatibility with Dashlane then changes will be required on their end. I'm happy to work with them to resolve it, though I would imagine that it breaks many more sites than just LTT.

Would writing something this help explain the issue to them?

 

image.png.2c88197f4db076d787745b429451b4c8.png


How to setup MSI Afterburner OSD | How to make your AMD Radeon GPU more efficient with Radeon Chill

Samsung Galaxy S8 Exynos variant (Late 2018 - present) | Lenovo Thinkpad T480 i7-8550U with UHD 620 Graphics (Mid 2018 - present)

Samaritan XL (Early 2019 - present) - AMD Ryzen 7 1700X (8C/16T) , MSI X370 Gaming Pro Carbon, Corsair 16GB DDR4-3200MHz ,  Asus ROG Strix RX Vega 56 , Corsair RM850i PSU, Corsair H100i v2 CPU Cooler, Samsung 860 EVO 500GB SSD, Seagate BarraCuda 2TB HDD (2018), Seagate BarraCuda 1TB HDD (2014), NZXT S340 Elite, Corsair ML 120 Pro, Corsair ML 140 Pro

Link to post
Share on other sites
30 minutes ago, AluminiumTech said:

Would writing something this help explain the issue to them?

 

image.png.2c88197f4db076d787745b429451b4c8.png

Yes, though I'd recommend also including a link to ltt (or this topic) and/or checking the box to send the HTML.


I don't work for Floatplane Media, so any Floatplane comments that I make are my own and may be incorrect or in conflict with the official view.

 

For Floatplane support, please use the wizard linked in this topic

Link to post
Share on other sites
Posted · Original PosterOP

A small update. I reported the issue to them.


How to setup MSI Afterburner OSD | How to make your AMD Radeon GPU more efficient with Radeon Chill

Samsung Galaxy S8 Exynos variant (Late 2018 - present) | Lenovo Thinkpad T480 i7-8550U with UHD 620 Graphics (Mid 2018 - present)

Samaritan XL (Early 2019 - present) - AMD Ryzen 7 1700X (8C/16T) , MSI X370 Gaming Pro Carbon, Corsair 16GB DDR4-3200MHz ,  Asus ROG Strix RX Vega 56 , Corsair RM850i PSU, Corsair H100i v2 CPU Cooler, Samsung 860 EVO 500GB SSD, Seagate BarraCuda 2TB HDD (2018), Seagate BarraCuda 1TB HDD (2014), NZXT S340 Elite, Corsair ML 120 Pro, Corsair ML 140 Pro

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Buy VPN

×