starred/WiFiManager
1
0
Fork 0
mirror of https://github.com/tzapu/WiFiManager.git synced 2026-04-30 10:35:52 +03:00
Code Issues 656 Projects Releases 8 Packages Wiki Activity

[GH-ISSUE #713] Security help wanted #596

New issue
Closed
opened 2026-02-28 01:26:09 +03:00 by kerem · 2 comments
kerem commented 2026-02-28 01:26:09 +03:00
Owner
Copy link

Originally created by @dmalham on GitHub (Aug 29, 2018).
Original GitHub issue: https://github.com/tzapu/WiFiManager/issues/713

This is a nice bit of code but one thing I don’t like is that after you have saved the WiFi credentials from the AP web page. the browser address of the new page includes both the SSID and the password in plain. This, I think, is a security hole as it stays in the browser history of the device you use to connect to the AP unless, of course, you clear the history or use the private browsing option. Not very idiot proof! Can anyone reassure me or come up with a fix I can use?

Dave

Originally created by @dmalham on GitHub (Aug 29, 2018). Original GitHub issue: https://github.com/tzapu/WiFiManager/issues/713 This is a nice bit of code but one thing I don’t like is that after you have saved the WiFi credentials from the AP web page. the browser address of the new page includes both the SSID and the password in plain. This, I think, is a security hole as it stays in the browser history of the device you use to connect to the AP unless, of course, you clear the history or use the private browsing option. Not very idiot proof! Can anyone reassure me or come up with a fix I can use? Dave
kerem 2026-02-28 01:26:09 +03:00
kerem commented 2026-02-28 01:26:09 +03:00
Author
Owner
Copy link

@tablatronix commented on GitHub (Aug 29, 2018):

change GET to POST in the form see development branch

<!-- gh-comment-id:417065117 --> @tablatronix commented on GitHub (Aug 29, 2018): change GET to POST in the form see development branch
kerem commented 2026-02-28 01:26:09 +03:00
Author
Owner
Copy link

@dmalham commented on GitHub (Aug 30, 2018):

Thanks! That does the trick

Dave
<!-- gh-comment-id:417256988 --> @dmalham commented on GitHub (Aug 30, 2018): Thanks! That does the trick Dave
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
revert-1849-master
feature_fastconnect
feature_auth
feature_slimable
PEAP
feature_statichtmlparams
feature_asyncwebserver
feature_pagestringsref
parameter-smart-ptr
gh-pages
Legacy_v1
hotfixes
autochannelselect_feature
travis
smartconfig
v2.0.17
v2.0.16-rc.2
v2.0.15-rc.1
v2.0.0-rc.1
v2.0.14-beta
v2.0.13-beta
v2.0.12-beta
v2.0.11-beta
v2.0.10-beta
v2.0.9-beta
v2.0.8-beta
2.0.7-beta
2.0.6-beta
2.0.5-beta
2.0.4-beta
0.16.0
2.0.3-alpha
0.15.0
0.14
0.13
0.12
0.11
0.10
0.9
0.8
0.7
0.6
0.5
v0.4
v0.3
v0.2
v0.1
Labels
Clear labels   
📶 WiFi

   
🕸️ HTTP

   
Branch

   
DEV Help Wanted

   
Discussion

   
Documentation

   
ESP32

   
Example

   
Good First Issue

   
Hotfix

   
In Progress

   
Incomplete

   
Needs Feeback

   
Priority

   
QA

   
Question

   
Task

   
Upstream/Dependancy

   
bug

   
duplicate

   
enhancement

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
wontfix
No labels
📶 WiFi
🕸️ HTTP
Branch
DEV Help Wanted
Discussion
Documentation
ESP32
Example
Good First Issue
Hotfix
In Progress
Incomplete
Needs Feeback
Priority
QA
Question
Task
Upstream/Dependancy
bug
duplicate
enhancement
invalid
pull-request
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/WiFiManager#596
No description provided.