Closed Bug 195161 Opened 21 years ago Closed 21 years ago

Security warning and corresponding preferences appear to be incorrect/contradictory

Categories

(Camino Graveyard :: General, defect)

Product:
Camino Graveyard
Component:
General
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: welch, Assigned: saari)

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.0.1) Gecko/20030226 Chimera/0.6+
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.0.1) Gecko/20030226 Chimera/0.6+

When I leave an encrypted page (e.g., logged into my account on www.dyndns.org)
for an unencrypted page/site (e.g., www.apple.com), I get an expected "Security
Warning" but the message in the dialog box (sheet) is not quite right. It says
"You have requested an encrypted page that contains some unencrypted
information." which is not true. I am leaving an encrypted page and entering
unencrypted site, but there is no mixed encryption.

Similarly the checkbox text on that same dialog box/sheet says "Alert me
whenever I'm about to view an encrypted page that contains some unencrypted
information." This is inappropriate because (again) I am not going to a mixed
page, simply transitioning from encrypted to unencrypted.

On a related not, the Security tab of the Preferences has an option to show a
warning before "Leaving a page that supports encryption." I have this UNchecked
and still get the above warning. If instead I uncheck the "Viewing a page with a
mix of ...." I no longer get the warning.

In summary, I think the mixed encryption dialogs and preferences are confused
with the leaving-encrypted dialogs and preferences.

Mozilla (2003021217) appears to include appropriate dialogs. It says you are
leaving an encrypted site and warns you, and gives the option to disable the
proper preference.

Reproducible: Always

Steps to Reproduce:
1. Make sure the "Viewing a page with a mix of ..." option is CHECKED in the
Security pane of the Preferences.
2. Visit a secure site, e.g. log into (some account on) www.dyndns.org.
3. Enter the URL (or use a bookmark) http://www.apple.com.
4. You should see the Security Warning dialog/sheet.

Actual Results:  
I dismiss the (inappropriate) dialog and go on my merry way.

Expected Results:  
The dialog and preferences should talk about LEAVING an encrypted site for an
unencrypted one, NOT entering a site with mixed encryption.
Confirmed using FizzillaMach/2003022103 going from <https://www.paypal.com/> to
<http://www.apple.com/>.

If the "leaving encrypted page" warning is enabled, that is shown. If that is
then disabled and the test repeated, the "encrypted/unencrypted mix" warning is
shown, even though it shouldn't be.

It doesn't happen using FizzillaMach/2003022103.
Severity: trivial → normal
Status: UNCONFIRMED → NEW
Ever confirmed: true
I can't confirm this bug using the 2003081002 NB. WorksForMe.
wfm
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.