(In reply to :Gijs (he/him) from comment #1) > > - Once the download has completed, click the Download UI Button, and the file should show there. No host is displayed. Click 'Show All Downloads' and the downloaded file will show in the list with the host shown as the trusted device, not the true download site. > > FWIW, I suspect the current behaviour is intentional... Showing the final origin of the file would mean always showing CDN domains, rather than the domain from which the user believes they downloaded something (because they clicked a link on that domain). Marco, thoughts? From a user point of view, showing the page he clicked seems to make more sense. The CDN case is a very good fit, it could completely differ from where the user downloaded the file, and then the user could be confused. On the other side, it seems to make sense to show the right origin of the file. Other browsers (I checked Chrome) show the complete final url, nothing about the originating page. Omitting one of the two information seems a loss to me. Maybe we should show both, like "trusted -> actual"? Would users undestand that? I'm not sure whether the Downloads Panel itself should show origin information, it may be handy to show it once a download is complete, but there are space limits that don't work well with a long origin string (the origin would end up being cut, that'd be bad for spoofing, but we could provide a tooltip with the full text). I also checked what Chrome does here, and it doesn't show an origin in their quick downloads UI. That seems unfortunate. I guess we assume, since those are just downloads for the session, the user knows where they came from? Though redirects are turning the table.
Bug 1641487 Comment 7 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to :Gijs (he/him) from comment #1) > > - Once the download has completed, click the Download UI Button, and the file should show there. No host is displayed. Click 'Show All Downloads' and the downloaded file will show in the list with the host shown as the trusted device, not the true download site. > > FWIW, I suspect the current behaviour is intentional... Showing the final origin of the file would mean always showing CDN domains, rather than the domain from which the user believes they downloaded something (because they clicked a link on that domain). Marco, thoughts? From a user point of view, showing the page they clicked seems to make more sense. The CDN case is a very good fit, it could completely differ from where the user downloaded the file, and then the user could be confused. On the other side, it seems to make sense to show the right origin of the file. Other browsers (I checked Chrome) show the complete final url, nothing about the originating page. Omitting one of the two information seems a loss to me. Maybe we should show both, like "trusted -> actual"? Would users undestand that? I'm not sure whether the Downloads Panel itself should show origin information, it may be handy to show it once a download is complete, but there are space limits that don't work well with a long origin string (the origin would end up being cut, that'd be bad for spoofing, but we could provide a tooltip with the full text). I also checked what Chrome does here, and it doesn't show an origin in their quick downloads UI. That seems unfortunate. I guess we assume, since those are just downloads for the session, the user knows where they came from? Though redirects are turning the table.
(In reply to :Gijs (he/him) from comment #1) > > - Once the download has completed, click the Download UI Button, and the file should show there. No host is displayed. Click 'Show All Downloads' and the downloaded file will show in the list with the host shown as the trusted device, not the true download site. > > FWIW, I suspect the current behaviour is intentional... Showing the final origin of the file would mean always showing CDN domains, rather than the domain from which the user believes they downloaded something (because they clicked a link on that domain). Marco, thoughts? From a user point of view, showing the page they clicked seems to make more sense. The CDN case is a very good fit, it could completely differ from where the user downloaded the file, and then they could be confused. On the other side, it seems to make sense to show the right origin of the file. Other browsers (I checked Chrome) show the complete final url, nothing about the originating page. Omitting one of the two information seems a loss to me. Maybe we should show both, like "trusted -> actual"? Would users undestand that? I'm not sure whether the Downloads Panel itself should show origin information, it may be handy to show it once a download is complete, but there are space limits that don't work well with a long origin string (the origin would end up being cut, that'd be bad for spoofing, but we could provide a tooltip with the full text). I also checked what Chrome does here, and it doesn't show an origin in their quick downloads UI. That seems unfortunate. I guess we assume, since those are just downloads for the session, the user knows where they came from? Though redirects are turning the table.
(In reply to :Gijs (he/him) from comment #1) > > - Once the download has completed, click the Download UI Button, and the file should show there. No host is displayed. Click 'Show All Downloads' and the downloaded file will show in the list with the host shown as the trusted device, not the true download site. > > FWIW, I suspect the current behaviour is intentional... Showing the final origin of the file would mean always showing CDN domains, rather than the domain from which the user believes they downloaded something (because they clicked a link on that domain). Marco, thoughts? From a user point of view, showing the page they clicked seems to make more sense. The CDN case is a very good fit, it could completely differ from where the user downloaded the file, and then they could be confused. On the other side, it seems to make sense to show the right origin of the file. Other browsers (I checked Chrome) show the complete final url, nothing about the originating page. Omitting one of the two information seems a loss to me. Maybe we should show both, like "trusted -> actual"? Would users undestand that? I'm not sure whether the Downloads Panel itself should show origin information, it may be handy to show it once a download is complete, but there are space limits that don't work well with a long origin string (the origin would end up being cut, that'd be bad for spoofing, but we could provide a tooltip with the full text). I also checked what Chrome does here, and it doesn't show an origin in their quick downloads UI. That seems unfortunate. I wonder if we assume, since those are just downloads for the session, the user knows where they came from? Though redirects are turning the table.