duplicating single sign-in windows

[greenImporting]

Select Topic Area

Bug

Body

found a user on github with a connected company that duplicates a single sign-on page every time I hover over it. happens on both librewolf and chromium.

bwoken.mp4

i have not found another user or linked business that reproduces this behavior, but nevertheless it is quite funny to see.

user with this behavior can be found here

[Thiago-code-lab]

Hey there @greenImporting ! Good catch. That is a pretty wild (and somewhat funny) bug to run into!

I managed to take a look, and this looks like a classic case of a missing "debounce" or state lock on GitHub's hovercard event listeners combined with their Enterprise Single Sign-On (SSO) flow.

Here is what is likely happening under the hood:

The Technical "Why"
The Hover Event: When you hover over an organization tag like @charlesschwab, GitHub's front-end fires an event to fetch the "hovercard" data (the little preview box that usually pops up).

The SSO Intercept: Because Charles Schwab is an Enterprise account with strict privacy settings, GitHub's server responds by saying, "Wait, you need to authenticate via SSO to see this data."

The Duplication Bug: The system triggers the SSO prompt modal. However, because there is no mechanism to say "Hey, an SSO prompt is already open, don't open another one", every subsequent mouse movement or re-hover over the link fires the fetch request again, spawning an endless army of SSO windows.

What to do next
Since this is a core front-end bug on GitHub's side, posting it here in Discussions is a great start, but it might not get a tracking ticket right away.

To ensure the GitHub engineering team sees it, I highly recommend submitting this exact report (along with your video) directly to the GitHub Support Portal. They are usually pretty quick at patching up UI race conditions like this once they are aware of them.

Great find! 🐛