Disable GUI Authentication User&Password Popup

Is it possible to disable the GUI Authentication User&Password Popup? I use LastPass, but it doesnt autofill passwords into popups.

A bit annoying to copy paste the password every time when accessing Syncthing. A regular login page would be convenient…

It’s not advisable, but you can hardcode the username and password into the URL and bookmark that. I think we have a ticket for implementing a proper login page, yet nobody cares enough about this to implement it. If your syncthing is listening localhost only, and you are the only one using the machine, you can probably disable authentication all together.

see https://github.com/syncthing/syncthing/issues/4137


No issue here with native FireFox password manager. Maybe I miss something

Probably works fine with the browser built-in password managers, but for example 1Password doesn’t like our current system. I’d be happy to see it become a real login page instead.


I’m not such a huge fan of not setting passwords for convenience reasons.

Who knows Syncthing is also vunerable for this kind of DNS rebinding attacks etc.: https://arstechnica.com/information-technology/2018/01/bittorrent-users-beware-flaw-lets-hackers-control-your-computer/?comments=1

We prevented that particular vulnerability a while back.

1 Like

Also see also:

How do I hardcode the username & password in the url? I tried:

First one should work, unless your browser actually prevents it from working.

1 Like

I had to url encode my password too, whoops. Now it works fine.


I hacked it by combining basic authentication and setting an header in my reverse proxy.

http:/user:password@ip:port can be used to login.

Adding the user:password part can also be done in the reverse proxy (nginx in my case).

My config looks like this and will auto login user syncthing (no password)

# reverse proxy for syncthing
server {

    location / {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Authorization "Basic c3luY3RoaW5nOg==";

         proxy_pass http://localhost:8383;

I don’t want (and need) the prompt as I run my own authentication with Vouch Proxy. It would be nice of Syncthing would allow header (also named proxy) authentication like FileBrowser and Navidrome.