Add Wildcard Domain Support to Autosave Exclusion List

This discussion was created from comments split from: Wildcard hostname matching.

Comments

  • I wish to add our support for wildcard matching but also would like to see you match on entire URL's.

    Use case: I login to a lot different accounts that have a subset of "security questions" after initial login. 1password asks if I want to update the existing password(s) for the site as a result.

    So for example I'd want to exclude *.domain.com//app/login/questions.nl webpage from asking me to store the password.

    Many thanks.

  • matthew_agmatthew_ag 1Password Alumni
    edited June 2017

    Hey there @Krash,

    Thanks for writing in - I have moved your post out to it's own thread as your question was a little different to the other thread which was focused on wildcard support during filling rather than Autosave. I hope you don't mind.

    We do have limited wildcard support but as I understand the current behaviour, this won't work for your intended use case.

    1Password's Current Autosave Exclusion Wildcard Support:

    Firstly, in our comparison logic between the list of Autosave exclusion addresses and the website URL we always strip the website URL down to it's hostname. So let's say you're on https://sub.domain.com/, our comparison logic will first extract two versions of the domain:

    • sub.domain.com - let's call this the "hostname".
    • domain.com - let's call this the "naked hostname" (no sub-domains).

    From this point on, 1Password will only be comparing the "hostname" and "naked hostname" with the list of addreses in the Autosave exclusion list.

    • The first attempt 1Password makes at matching is a simple search for the "hostname" and "naked hostname" within each of the strings listed in the Autosave exclusion list. If there is a match with any on the list then we will prevent Autosave.

      So for example, let's say you have an Autosave exclusion address of https://sub.domain.com/login and you're viewing a web page with the address https://sub.domain.com/another-page, 1Password will prevent Autosave in this case because the hostname of the web page address is sub.domain.com which is a sub-string of https://sub.domain.com/login.

    • If there is no direct match then we will iterate over all the Autosave exclusion addresses and compare them to the "hostname" (the sub.domain.com version above). During this matching attempt, if there are any wildcards within the Autosave exclusion strings then they will be taken into account.

      The wildcards supported are the * and ? characters, where ? matches 1 character and * matches 0 or more characters. The wildcard support as it stands now will only help you if you wanted to match at the sub domain or domain level. For example, to exclude the following domains domainA.com, domainB.com and domainC.com you can add an Autosave exclusion of domain*.com which will match all the previously mentioned domains. This works for sub-domains also.

      Note: Any trailing text after the hostname part of the Autosave exclusion item will cause it to not match and then fail to prevent the Autosave prompt.

    So as I mentioned, this unfortunately don't help in your scenario because it looks like you want to specifically exclude being prompted based on the path of the URL (the part after the hostname) which isn't taken into account when wildcards are being matched.

    Thank you for taking the time to let us know about this suggestion though! We will certainly take it into consideration however I have to be honest that it is unlikely to be added to 1Password any time soon as we have a lot of filling and extension connection issues to focus on at the moment.

    I hope my description above helps - please let me know if you've any questions!

    Best regards,
    Matthew

    ref: OPW6-704

  • No problem @matthew_ag , appreciate the feedback. Completely understand it's an edge case so for now I've just disabled the auto-save feature entirely as we go through the security questions waaaay more than we create new logins.

  • matthew_agmatthew_ag 1Password Alumni

    Hey @Krash,

    Thanks for you understanding. We love hearing about these kinds of edge cases they really help us understand what you guys need from 1Password. :chuffed:

    Since you've disabled Autosave, I thought it would be worth mentioning that if you do want to save a Login item quickly you can use the keyboard shortcut Ctrl Alt \ to bring up the 1Password Mini which while on the log in page, then will allow you to save a new Login in two clicks (Settings icon > "Save New Login"). This might be useful for your workflow. For more about this please checkout the guide for saving new Logins here:

    https://support.1password.com/save-login-manually/

    I hope that helps. Please let us know if we can be of further assistance.

    Best regards,
    Matthew

  • Will do, again thanks for your assistance - I haven't used the mini-app at all really so I'll be sure to try and remember to do so.

  • matthew_agmatthew_ag 1Password Alumni

    :chuffed: :+1:

This discussion has been closed.