github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #5016] webserver doesn't ask for password! (on Brave browser) #3950

New issue
Closed
opened 2026-05-05 14:30:54 -06:00 by gitea-mirror · 3 comments
gitea-mirror commented 2026-05-05 14:30:54 -06:00
Owner
Copy link

Originally created by @smac89 on GitHub (Oct 12, 2025).
Original GitHub issue: https://github.com/fatedier/frp/issues/5016

Bug Description

That can't be right. Configuring web server in the frps with a password doesn't prompt for a password on login. Even worse, the web sever for frpc reveals the contents of the config file, once again no password prompt!

frpc Version

0.65.0

frps Version

0.65.0

System Architecture

linux/amd64

Configurations

In frps.toml

[webServer]
addr = "127.7.7.7"
port = 8000
user = "admin"
password = "..."

Copy the above configuration to frpc.toml and you will experience the same.

Logs

No response

Steps to reproduce

...

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
Originally created by @smac89 on GitHub (Oct 12, 2025). Original GitHub issue: https://github.com/fatedier/frp/issues/5016 ### Bug Description That can't be right. Configuring web server in the frps with a password doesn't prompt for a password on login. Even worse, the web sever for frpc reveals the contents of the config file, once again no password prompt! ### frpc Version 0.65.0 ### frps Version 0.65.0 ### System Architecture linux/amd64 ### Configurations In frps.toml ```toml [webServer] addr = "127.7.7.7" port = 8000 user = "admin" password = "..." ``` Copy the above configuration to frpc.toml and you will experience the same. ### Logs _No response_ ### Steps to reproduce 1. 2. 3. ... ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [x] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [x] Client Plugin - [x] Server Plugin - [ ] Extensions - [ ] Others
gitea-mirror commented 2026-05-05 14:30:57 -06:00
Author
Owner
Copy link

@smac89 commented on GitHub (Oct 12, 2025):

Ok slight correction after further testing: On every other browser except for Brave, Frp prompts for password...wtf?

Tested on Edge, Firefox, and Brave. In all three cases, I'm using a private window. I have restarted brave numerous times, yet it has somehow obtained the credentials and is logging in automatically even in private mode. This is also the first time ever that I am accessing my frp dashboard on any of these browsers...

https://github.com/user-attachments/assets/8f11840d-78c0-44df-9659-b8d7f841d659

https://github.com/user-attachments/assets/b6c00df9-8771-44bc-b0e0-d5aff250e2c0

https://github.com/user-attachments/assets/4643049c-b8d1-46e1-8dcf-d780add4492d

<!-- gh-comment-id:3395470798 --> @smac89 commented on GitHub (Oct 12, 2025): Ok slight correction after further testing: On every other browser except for Brave, Frp prompts for password...wtf? Tested on Edge, Firefox, and Brave. In all three cases, I'm using a private window. I have restarted brave numerous times, yet it has somehow obtained the credentials and is logging in automatically even in private mode. This is also the first time ever that I am accessing my frp dashboard on any of these browsers... https://github.com/user-attachments/assets/8f11840d-78c0-44df-9659-b8d7f841d659 https://github.com/user-attachments/assets/b6c00df9-8771-44bc-b0e0-d5aff250e2c0 https://github.com/user-attachments/assets/4643049c-b8d1-46e1-8dcf-d780add4492d
gitea-mirror commented 2026-05-05 14:30:57 -06:00
Author
Owner
Copy link

@smac89 commented on GitHub (Oct 13, 2025):

Sorry false alarm. Looks like brave automatically uses Bitwarden to supply the login for the site without prompting me...

Took posting all three videos to discover the culprit smh.

<!-- gh-comment-id:3395539556 --> @smac89 commented on GitHub (Oct 13, 2025): Sorry false alarm. Looks like brave automatically uses Bitwarden to supply the login for the site without prompting me... Took posting all three videos to discover the culprit smh.
gitea-mirror commented 2026-05-05 14:30:58 -06:00
Author
Owner
Copy link

@linonetwo commented on GitHub (Dec 3, 2025):

Thanks, I also find this. And I find every browser's Bitwarden extension will auto provide username & password for bearar basic auth, this is a feature!

<!-- gh-comment-id:3608033109 --> @linonetwo commented on GitHub (Dec 3, 2025): Thanks, I also find this. And I find every browser's Bitwarden extension will auto provide username & password for bearar basic auth, this is a feature!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#3950
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?