Disable autocomplete on login page
From the Customer
We're being asked to disable the autocomplete features in gitlab and we were curious if this is a documented feature or if we can run any possible fixes your way? Specifically the login page
I think this URL covers it: https://www.beyondsecurity.com/scan_pentest_network_vulnerabilities_autocomplete_not_disabled
Impact
“By not providing AutoComplete=off to the fields in the form, values that can be sensitive in their nature, for example credit card numbers, password, etc may be cached and saved by the browser accessing the site. This could lead to its compromise or re-usage without the user's consent or approval.
Solution
Turn off the AUTOCOMPLETE attribute in any HTML INPUT element that is used for passwords or contains sensitive information.
This can be accomplished for a single field (such as a password field) by modifying the HTML source and adding the following line:
<input name="q" type="text" autocomplete="off">”