Closed
Bug 1188481
Opened 9 years ago
Closed 9 years ago
[userstory] Cert Warnings: Untrusted connection
Categories
(Firefox :: General, defect)
Firefox
General
Tracking
()
RESOLVED
FIXED
People
(Reporter: MarcoM, Unassigned)
References
()
Details
(Whiteboard: [fxprivacy] [userstory])
User Story
Summary: * As a User, I want Firefox to warn me when a site has security problems that I wouldn’t be able to notice so that I don’t trust a site that could leak my information. Acceptance Criteria: * Styled as per design * Broken lock icon displays * Headline: “Your connection is not secure” body copy: “The owner of expired.badssl.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.” * “Learn more” link goes to SUMO page: https://support.mozilla.org/en-US/kb/tls-error-reports * Checkbox “Report errors like this to Mozilla” is checked. ( UNCLEAR WHAT THIS IS. DOES NOT SEEM TO BE EXISTING FUNCTIONALITY * “Return to prior” page button (NEW FUNCTIONALITY? CURRENT “Get me out of here!” BUTTON GOES TO ABOUT:HOME) * “Advanced” button reveals technical details about invalid cert ** After clicking “Advanced”, user sees a styled warning and has the ability to add a manual exception for the site.
Attachments
(1 file)
|
(deleted),
image/png
|
Details |
Cert Warnings Untrusted connection.png
No description provided.
Flags: firefox-backlog+
|
Reporter | |
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INCOMPLETE
|
|
Reporter | |
Comment 1•9 years ago
|
||
|
|
Reporter | |
Updated•9 years ago
|
Status: RESOLVED → REOPENED
User Story: (updated)
Flags: firefox-backlog+
Resolution: INCOMPLETE → ---
Summary: [userstory] Certificate warning (invalid cert) → [userstory] Cert Warnings: Untrusted connection
|
|
Reporter | |
Updated•9 years ago
|
Status: REOPENED → NEW
|
||
Comment 2•9 years ago
|
||
The user story mentions adding "a manual exception for the site". I understood that as "temporarily override the check for the duration of the session". Is that correct, or do we want to set the override forever (or something else)?
Flags: needinfo?(jmoradi)
|
|
||
Comment 3•9 years ago
|
||
The current code shows a modal prompt for setting a permanent exception, but from the mockup I get the impression that this is not what we want.
|
|
||
Comment 4•9 years ago
|
||
We had a couple of discussions about this point last week and the consensus was to move forward with the existing modal dialog for the time being (v1) and then use an approach more similar to the mockup (v2). We agreed that it’s important to offer the ability to make these exceptions permanent in the warning notification.
April suggested that if we are going to have a persistent warning bar on the screen for sites that have had security exceptions, then that would be the perfect place to offer a link for people to revoke their trust.
Bram liked this approach a lot, and has updated his mockup to match:
http://brampitoyo.github.io/fx-untrusted-connection/untrusted-connection-warning-ui.png
The behaviour is as follows:
- When clicking the “Proceed” link, the modal dialogue to add exception doesn’t appear anymore
- Instead, we set exception to permanent by default, and load the site that the user wants to load
- However, when a site have had security exception, we also show a persistent warning bar that tells user to be careful
- This warning bar makes it easy to revoke permanent exception
Flags: needinfo?(jmoradi)
|
|
Reporter | |
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago → 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•