Trustbank Fill-In Issue

URL: https://trustbank.net/page/choose-location
The login shows up in the right-click menu but if I click on the item the login information are not filled in.

As you can see in the screenshot there's not issue with the Login item itself.


1Password Version: 6.8.8
Extension Version: 4.7.1.b2
OS Version: 10.13.3
Sync Type: iCloud

Comments

  • Hi @heubergen,

    If you save a Login item from inside the browser you should find it works. This bank uses an iframe for the login form and the actual login form is being delivered from a very different domain, secure.fundsxpress.com to be precise. 1Password won't fill into that iframe unless the Login item specifically allows it and I would place good money that your saved Login item only references https://trustbank.net/page/choose-location and was created from inside 1Password. The reason for that belief is the labels for the fields in the Login item don't match the page :wink: Banks often confuse me, I just can't make sense of some (I'm being polite) of their security decisions. Like this one, if it wasn't for 1Password it is unlikely you would have learnt that your account details are being sent to secure.fundsxpress.com.

    Actually, as I've got the source open I'm going to report on two messages reported in the Chrome console so that you're fully aware of certain design decisions they've made.

    Mixed Content: The page at 'https://trustbank.net/page/choose-location' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic|Vollkorn'. This request has been blocked; the content must be served over HTTPS.

    I suspect Troy Hunt would have something to say about that and I suspect it would be quite blunt. Thankfully the browser blocked it.

    The SSL certificate used to load resources from https://secure.fundsxpress.com will be distrusted in M70. Once distrusted, users will be prevented from loading these resources. See https://g.co/chrome/symantecpkicerts for more information.
    

    Based on the supplied link it's not an impending revocation but if it were me I'd want to get that resolved sooner rather than later, before it does become a real issue.

    Believe me, banks in the UK do all sorts of things that never cease to baffle me so you're not alone.

  • iFrame, obviously... Sorry for not checking that!

    Can be closed.

  • Hi @heubergen,

    Obvious maybe if you're in the small percentage of people that are aware of iframes and their implications, an expectation I'll never have about any of our users. I'd expect it of Jamie (my senior) but mostly because he's better than I in all things related to the extension so I'd have to mock him a little if he missed it :tongue: Glad we could help figure this one out and everything is running smoothly for you :smile:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file