Note I like the way Bitwarden handle’s basic auth web pages. However it’s not obvious how or when it works. Currently, to understand how Bitwarden handles basic auth you have to go searching github to find posts like these:
- Autofill basic auth prompts · Issue #116 · bitwarden/browser · GitHub
- Autofill basic auth prompts · Issue #116 · bitwarden/browser · GitHub
- [SECURITY] Bitwarden browser extension leaks basic auth credentials · Issue #1124 · bitwarden/browser · GitHub
- change default match on basic auth to host by kspearrin · Pull Request #1397 · bitwarden/browser · GitHub
IMHO it’d be nice if Bitwarden:
- Had a help page describing its basic auth functionality
- Would display a popup whenever its “basic auth” auto login is invoked
This popup would also:
- Have a link to the new help page for more details
- Have a button to disable the basic auth popup notification for the current site (basic auth auto-login would still work, just the popup notification would be hidden)
Another global option would also be nice:
- Enable basic auth auto-login (default enabled/checked). Unchecking this would stop basic auth auto-login from ever being invoked.