Closed Bug 1166111 Opened 10 years ago Closed 9 years ago

Enhance HTTP login on HTTPS page fill experience

Categories

(Toolkit :: Password Manager, defect, P3)

Product:
Toolkit
Component:
Password Manager
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 667233

People

(Reporter: tanvi, Unassigned)

References

Details

In https://etherpad.mozilla.org/same-domain-http-https-passwords4 we decided to: "Autofill HTTP on HTTPS if there is no HTTPS record." This is bug 667233. Instead, we could provide both HTTP and HTTPS logins deduped. So if there is one HTTP record and 2 HTTPS records, we offer the user all 3 via the autocomplete experience. They can then "upgrade" the HTTP record that hasn't been upgraded yet to an HTTPS record. This is an enhancement to the proposed policy.
Here are the cases to consider if we want to return both HTTP and HTTPS logins: 1) Only HTTPS logins exist Easy, return all HTTPS logins (current patch does this) 2) Only HTTP logins exist Easy, return all HTTP logins (current patch does this) 3) One HTTPS login exists and one HTTP login exists with the same username Return the HTTPS login 4) One HTTPS login exists and one (or more) HTTP logins exist with a different username Undecided. If we return the HTTP logins along with the one HTTPS login, the user will experience autocomplete instead of autofill. So either i) Just return the HTTPS and user gets autofill ii) Return the HTTP and HTTPS logins deduped and user gets autocomplete 5) More than one HTTPS login exists and one or more HTTP logins exist. Return the HTTP and HTTPS logins deduped and user gets autocomplete
Also see comments 35, 36, 38, 39 in Bug 667233 for discussion on whether this is needed as part of that bug, or whether it is truly an enhancement.
allLoginsCount[1] may be non-zero but still result in no logins because of the formSubmitURL check performed in Services.logins.findLogins()[2]. In that case, we don’t check the alternate scheme when the alternate scheme’s login entry may have a matching scheme and may have resulted in a returned login. We could optimize for this edge case. But this would not be a problem if we return both the HTTP and HTTPS logins, as this bug proposes. So just noting the edge case here but not filing a bug specifically for it since this bug would take care of it. [1] http://mxr.mozilla.org/mozilla-central/source/toolkit/components/passwordmgr/LoginManagerParent.jsm#285 [2] http://mxr.mozilla.org/mozilla-central/source/toolkit/components/passwordmgr/LoginManagerParent.jsm#334
Depends on: 1272507
The requests of this bug were implemented by bug 667233. (In reply to Tanvi Vyas - behind on reviews [:tanvi] from comment #1) > 4) One HTTPS login exists and one (or more) HTTP logins exist with a > different username > Undecided. If we return the HTTP logins along with the one HTTPS login, the > user will experience autocomplete instead of autofill. So either > i) Just return the HTTPS and user gets autofill > ii) Return the HTTP and HTTPS logins deduped and user gets autocomplete Option (ii) is what was implemented in bug 667233 otherwise the user may not be able to login with HTTP accounts if one of their accounts is HTTPS.
No longer depends on: 667233
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.