Closed
Bug 1011638
Opened 7 years ago
Closed 5 years ago
Pinning violations need a better UI
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 846489
People
(Reporter: mmc, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(3 files)
firefox-pin-violation.png
This may be required before pinning on stable, because the current UI gives no information or workarounds in case of captive portal. Compare the Chrome UI to the Firefox one.
|
Reporter | |
Comment 1•7 years ago
|
||
|
|
Reporter | |
Comment 2•7 years ago
|
||
Duplicate of this bug: 1011637
Depends on: 1006710
|
|
Reporter | |
Comment 4•7 years ago
|
||
The current proposal from Kathleen is to add a "More info" button to the page and have it open a SUMO page. This will minimize FE changes. Madhava, what do you think? The context is that we are introducing a new SSL failure mode that is most likely transient, so we want to notify users what is causing the problem and have them try again later.
Flags: needinfo?(madhava)
|
||
Comment 5•7 years ago
|
||
Or add a third bullet point: "- More information" which links to a SUMO page. Whatever is the simplest change to the UI that would allow us to provide further information in SUMO pages.
|
|
Reporter | |
Comment 6•7 years ago
|
||
The Mac error page is slightly less eye-searing than the Linux one. To reproduce, download Nightly past 5/21, set security.cert_pinning.enforcement_level = 3 in about:config (enforces test pins), and visit https://pinningtest.appspot.com/
I think this was addressed in bug 846489 (and other bugs) - there's now a "Learn more" link (which goes to a sumo article that doesn't have pinning-specific information on it, but we can always change that). Also, captive portal detection is happening now, so I think we're good here.
Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(madhava)
Resolution: --- → DUPLICATE
Duplicate of bug: 846489
You need to log in
before you can comment on or make changes to this bug.
Description
•