Disable GUI Authentication User&Password Popup

Is it possible to disable the GUI Authentication User&Password Popup? I use LastPass, but it doesnt autofill passwords into popups.

A bit annoying to copy paste the password every time when accessing Syncthing. A regular login page would be convenient…

It’s not advisable, but you can hardcode the username and password into the URL and bookmark that. I think we have a ticket for implementing a proper login page, yet nobody cares enough about this to implement it. If your syncthing is listening localhost only, and you are the only one using the machine, you can probably disable authentication all together.

see https://github.com/syncthing/syncthing/issues/4137


No issue here with native FireFox password manager. Maybe I miss something

Probably works fine with the browser built-in password managers, but for example 1Password doesn’t like our current system. I’d be happy to see it become a real login page instead.

1 Like

I’m not such a huge fan of not setting passwords for convenience reasons.

Who knows Syncthing is also vunerable for this kind of DNS rebinding attacks etc.: https://arstechnica.com/information-technology/2018/01/bittorrent-users-beware-flaw-lets-hackers-control-your-computer/?comments=1

We prevented that particular vulnerability a while back.

1 Like

Also see also:

How do I hardcode the username & password in the url? I tried:

First one should work, unless your browser actually prevents it from working.

1 Like

I had to url encode my password too, whoops. Now it works fine.