I’m not sure how this happened, but for the last few weeks on https://community.wanikani.com, clicking into a new post’s text area sometimes shows my address as if Chrome is trying to autocomplete it. It doesn’t happen every time, and I haven’t been able to figure out any kind of pattern for when it does happen. But it has happened well over a dozen times, including just a few minutes ago. Sorry I can’t give any more information.
1 Like
There has been a lot of fear, uncertainty and doubt and confusion around this topic.
At last I have this fixed per:
https://github.com/discourse/discourse/commit/918a0ea3a428e0e3ea4bcfb887df711bc895c0d8
I had a double repro on local (both in canary and latest chrome). I confirmed autocomplete="random-non-off" string fixes it.
This was an intentional break by Google, cause they know better ™
https://bugs.chromium.org/p/chromium/issues/detail?id=468153#c164
The tricky part here is that somewhere along the journey of the web autocomplete=off become a default for many form fields, without any real thought being given as to whether or not that was good for users. This doesn’t mean there aren’t very valid cases where you don’t want the browser autofilling data (e.g. on CRM systems), but by and large, we see those as the minority cases. And as a result, we started ignoring autocomplete=off for Chrome Autofill data
So now, when we do not want autocomplete we simple set autocomplete="discourse"
I am not sure if we will backport this to stable or not, you will need to be on latest.
8 Likes
This still buries the lede a mile deep — it does not cover the other issue, which is that Chrome randomly™ decided to start auto-filling this field in the current version. Never happened with older versions.
Has nothing to do with the metadata. This field was never auto filled in the past. Then suddenly it was.
3 Likes
Yeah to be blunt Chrome are violating:
https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill
Which specifies in black-and-white-and-red-and-blue:
When wearing the autofill expectation mantle, the
autocompleteattribute, if specified, must have a value that is an ordered set of space-separated tokens consisting of either a single token that is an ASCII case-insensitive match for the string "off", or a single token that is an ASCII case-insensitive match for the string "on", or autofill detail tokens.
The reasoning by Google is that they no longer trust developers with off so they ignore it. This is user hostile, standards hostile, and the list goes on.
If other browsers (aka. Firefox) stumble with autocomplete="discourse" I will revert this so the community can take it up with Chrome.
10 Likes