Closed
Bug 1338160
Opened 8 years ago
Closed 8 years ago
Contextual warning to username/password field on HTTP pages not triggered
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(firefox52 affected, firefox54 affected)
RESOLVED
DUPLICATE
of bug 1335389
People
(Reporter: u549602, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: qablocker)
Environment: Beta
Device: Sony Xperia Z2 (Android 5.0.1);
Build: Beta 52.0b4 ;
Steps to reproduce:
1. Open Fennec and go to about:config
2. Set "security.insecure_field_warning.contextual.enabled" - true and "signon.autofillForms.http" - false
3. Go to http://imgur.com/login
4. Tap inside credential box
Expected result:
"This connection is not secure. Logins entered here could be compromised." message displayed
Actual result:
Notification not triggered
Notes:
Please note that this is also occurring on Sony Xperia Z5 (Android 6.0), (Huawei Honor 8 Android 6.0) (Motorola Nexus 6 Android 7.0)
Comment 1•8 years ago
|
||
(In reply to Mihai Ninu {:Ninu} from comment #0)
> 2. Set "security.insecure_field_warning.contextual.enabled" - true and
> "signon.autofillForms.http" - false
Does the warning appear if you quit the application after changing the preferences? Does the warning appear if there is a saved login for the insecure site?
It's not actually expected to work since nobody tested or intended to implement this yet but some of the code is shared so I thought maybe it would work a bit.
I don't think we need further testing with these pref changes on Android for 52.
Flags: needinfo?(MattN+bmo)
(In reply to Matthew N. [:MattN] (Meetings In Taipei) from comment #1)
> (In reply to Mihai Ninu {:Ninu} from comment #0)
> > 2. Set "security.insecure_field_warning.contextual.enabled" - true and
> > "signon.autofillForms.http" - false
>
> Does the warning appear if you quit the application after changing the
> preferences? Does the warning appear if there is a saved login for the
> insecure site?
Hi Matt,
No is the answer, the notification doesn't appear.
> It's not actually expected to work since nobody tested or intended to
> implement this yet but some of the code is shared so I thought maybe it
> would work a bit.
>
> I don't think we need further testing with these pref changes on Android for
> 52.
@Sebastian: Hey Sebastian, can you please check with Matt if you want to implement this on mobile?
Flags: needinfo?(s.kaspari)
Comment 3•8 years ago
|
||
Yeah, I think we should! Redirecting to barbara and joe for roadmap.
Flags: needinfo?(s.kaspari)
Flags: needinfo?(jcheng)
Flags: needinfo?(bbermes)
Comment 4•8 years ago
|
||
Actually I saw that it's already on our core browser trello board (and filed: bug 1335389):
https://trello.com/c/ZV6aqy2R/162-inform-users-of-danger-when-entering-password-info-on-non-https-site
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(jcheng)
Flags: needinfo?(bbermes)
Resolution: --- → DUPLICATE
Assignee | ||
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•