STR: Enable tracking protection Open web console Load a page with tracking elements You should see an error: 'The resource at "http://some/url" was blocked because tracking protection is enabled.' We should add a 'Learn More' link to an MDN page explaining more about this feature for web developers.
Note that there is a similar message already in the console: 'This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1. [Learn More]' When you click on the learn more link it opens https://developer.mozilla.org/en-US/docs/Web/Security/Weak_Signature_Algorithm in a new tab.
Hi Brian, is this bug related to a particular user story?
(In reply to Marco Mucci [:MarcoM] from comment #2) > Hi Brian, is this bug related to a particular user story? Javaun, I can't remember - were you planning to file a user story for the web developer documentation or should Will / I file one?
Flags: needinfo?(bgrinstead) → needinfo?(jmoradi)
(In reply to Brian Grinstead [:bgrins] from comment #3) > (In reply to Marco Mucci [:MarcoM] from comment #2) > > Hi Brian, is this bug related to a particular user story? > > Javaun, I can't remember - were you planning to file a user story for the > web developer documentation or should Will / I file one? Hi Brian, no worries we'll take care of it. We'll have this bug and Bug 1177194 block the new story. Thanks.
Aside: we do this already for CORS errors, see bug 1121824. We are also considering linkifying other sorts of messages like JS Engine errors that refer to MDN pages that explain the messages in depth.
Assignee: nobody → bgrinstead
Status: NEW → ASSIGNED
Iteration: --- → 42.3 - Aug 10
Priority: P2 → P1
Hi Brian, does this bug require QA verification?
Will, do you know what the URL will be for the MDN page on Tracking Protection?
Created attachment 8640589 [details] [diff] [review] tp-webconsole-message.patch Nick, Can you please have a look at the webconsole changes? Note: the actual URL for 'learn more' is subject to change based on Will's work. Steve, this patch updates nsChannelClassifier to increase the severity of the Tracking Protection messages in the web console to match those from Mixed Content Blocking (https://dxr.mozilla.org/mozilla-central/source/dom/security/nsMixedContentBlocker.cpp#175). Is that alright?
This sounds fine to me, but I want to make sure. Tanvi and Francois: it should be fine to have TP Blocking reported as an error to the Web Console, just like Mixed Content Blocking, right?
I'm not sure about the severity. It's not really "broken" in the same way as mixed content is (and needs to be fixed by the developer). In the case of TP, it's pointing out that the user has decided to block this tracking content. It feels kind of different to me.
(In reply to François Marier [:francois] from comment #10) > I'm not sure about the severity. It's not really "broken" in the same way as > mixed content is (and needs to be fixed by the developer). In the case of > TP, it's pointing out that the user has decided to block this tracking > content. It feels kind of different to me. That's an interesting point about MCB and TP being different wrt the level of brokenness. I'm OK with leaving it as a warning if that's intentional. My thinking in making the change was (a) that a developer may be looking at the console because they saw some breakage on the page so having it be severe might help draw attention to it, and (b) it happened to be different from MCB messages for no particular reason.
I think it is very useful to have Tracking Protection messages in the webconsole with a learn more link. I agree that it should be a warning instead of an error, because there is not something wrong with the site that the developer needs to fix. But just something the developer should be aware of when developing their site; some users will have Tracking Protection enabled and some third party resources will be blocked. Visually, I'm not sure it even makes a big difference whether its a warning or an error. The red triangle for a warning sets a tone similar to the red x for an error.
Comment on attachment 8640589 [details] [diff] [review] tp-webconsole-message.patch Review of attachment 8640589 [details] [diff] [review]: ----------------------------------------------------------------- LGTM
Attachment #8640589 - Flags: review?(nfitzgerald) → review+
The URL should be: https://developer.mozilla.org/Firefox/Privacy/Tracking_Protection There is some extra work to do to make sure redirects work properly in all locales. I'll file a separate bug for that. Javaun: when do we need the actual page to be in place at that URL?
Flags: needinfo?(wbamberg) → needinfo?(jmoradi)
Created attachment 8640740 [details] [diff] [review] tp-webconsole-message.patch Thanks everyone for the feedback. This new patch keeps the message as a warning and updates the URL to the correct one. Try push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=b0672e4df120
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
status-firefox42: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 42
Hi Will, is it possible to have something (A stub? ) in there by uplift? 8/11 this hits DevEdition, and if ever there was a crowd for this link, it's them. A page in progress (labeled as such) is better than nothing I realize that's not much time. If that's too much a stretch, let's go before beta in 9/21 uplift.
Javaun: yes, it's totally possible to have the page in place by 8/11. Since the thing is already drafted, it's just a matter of copying it into MDN. I just needed to know when it should be there, so as to fit into our overall plans for communicating this feature.
Verified fixed FF 42.0a2 (2015-08-25) Win 7, Ubuntu 14.04, OS X 10.10.
Status: RESOLVED → VERIFIED
status-firefox42: fixed → verified
You need to log in before you can comment on or make changes to this bug.