941279 - Redirect blocking is useless without redirect info

Status: UNCONFIRMED

(Firefox :: Settings UI, enhancement)

Description

[mietek]

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0 (Beta/Release)
Build ID: 20131115105702

Steps to reproduce:

I turned on the "Warn me when websites try to redirect or reload a page" feature in Preferences. 

However, when I get the warning (plus an Allow button), I'm not told where the redirect leads. How am I supposed to decide whether I want to take that redirect or if it's safe, if I have no idea where it's taking me?

At the very least, Firefox should display the redirect URL. It's also a good idea to tell the user whether it's a javascript redirect, a html meta tag redirect, or a 30x HTTP code - and if the latter, which one exactly.

And I sincerely hope that the redirect warning feature stops all of the above. Otherwise what's the point if it can be circumvented. (Please elaborate in response.)

With the NSA using redirects against even technically savvy targets (the infamous Slashdot/LinkedIn MitM/MotS attack against EU telecoms' tech staff), having a tight control on redirects should be a security priority for Mozilla.


Actual results:

no info


Expected results:

show: redirect URL + what kind of redirect

Comment 1

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

IMO, we should probably remove this option, but make sure an addon can re-add it.

Comment 2

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

I agree we should remove this option - it basically makes the web unusable.

Comment 3

[nivtwig]

Why remove this option? It is essential.

Many websites like news sites reload their pages after some time has elapsed. I don't like that because it causes slowness and freezes when many tabs are open. I know the site, I don't need to know where it redirects because I know that it reloads (to the same site), and I need this option to stop that. 

In the bug contents you complain that the problem is that you need more info about where it redirects, and that you are not sure that it works as expected in all cases. 
Then these problems should be fixed, but why do you want to remove the option in the preferences ?

Comment 4

[nivtwig]

Was the option removed ?

I can't find it in the options UI of Nightly 57.0a1 (2017-08-02), after the whole options UI was changed. 
I tried to find it also using the new options search, searching for "redirect", "refresh" ,"reload" but found nothing similar.

Comment 5

[YF (Yang)]

The option removed in https://hg.mozilla.org/mozilla-central/rev/74b19063d4e2#l23.18


The reporter request to enhance this feature, but [:keeler] on comment 2 change this summary to remove the feature. Retrieve the summary.

Comment 6

[nivtwig]

(In reply to YF (Yang) from comment #5)
> The option removed in
> https://hg.mozilla.org/mozilla-central/rev/74b19063d4e2#l23.18

Thanks very much. 
I think this option should be brought back.

Why was it removed, what are the reasons ? 
This bug was never confirmed, and nobody answered my objections for removal in comment 3 giving good reasons to remove it instead of leaving it alone and improving and enhancing the feature in the future.

Can someone point me to where the detailed reasoning for removing this specific option was given or documented?
The changeset given here relates to Bug 1365133, but in a quick search I didn't find any specific bug ( in the blocking bugs of 1365133) where removing the option was tracked, and going over all the bugs and related bugs and documents and drafts of the UI preferences change is a long and slow search.