Autocomplete Attribute Not Disabled for Password Fields in Login Forms

[MarBed190]

Description

Currently, the password input fields in Apache Airflow's login forms do not have the autocomplete attribute set to off. This allows browsers to store passwords entered by users, which poses a potential security risk—especially when accessing Airflow from shared or public computers. To enhance security and adhere to best practices for handling sensitive information, the autocomplete attribute should be disabled for all password fields in form-based authentication.

Use case/motivation

As an employee responsible for the security of our corporate IT systems that utilize Apache Airflow, I want to enhance the protection of user credentials by disabling the autocomplete feature on password fields. This change will make our systems more secure for all users by preventing browsers from storing sensitive passwords, which could be exploited if a device is compromised or shared. Additionally, implementing this fix will ensure that our automated security scanners no longer flag this issue, helping us maintain compliance with our organization's security policies and reducing the overhead of managing reported vulnerabilities.

Related issues

No response

Are you willing to submit a PR?

• Yes I am willing to submit a PR!

Code of Conduct

• I agree to follow this project's Code of Conduct

[boring-cyborg]

Thanks for opening your first issue here! Be sure to follow the issue template! If you are willing to raise PR to address this issue please do so, no need to wait for approval.