Include a 'learn more' link on the blocked tracking protection message in the web console

VERIFIED FIXED in Firefox 42

Status

P1
normal
VERIFIED FIXED
3 years ago
4 months ago

People

(Reporter: bgrins, Assigned: bgrins)

Tracking

Trunk
Firefox 42
Dependency tree / graph
Bug Flags:
firefox-backlog +
qe-verify +

Firefox Tracking Flags

(firefox41 affected, firefox42 verified)

Details

(Whiteboard: [fxprivacy] [campaign])

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

3 years ago
STR:
Enable tracking protection
Open web console
Load a page with tracking elements

You should see an error:
'The resource at "http://some/url" was blocked because tracking protection is enabled.'

We should add a 'Learn More' link to an MDN page explaining more about this feature for web developers.
Flags: firefox-backlog?
(Assignee)

Comment 1

3 years ago
Note that there is a similar message already in the console:

'This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1. [Learn More]'

When you click on the learn more link it opens https://developer.mozilla.org/en-US/docs/Web/Security/Weak_Signature_Algorithm in a new tab.
Hi Brian, is this bug related to a particular user story?
Flags: needinfo?(bgrinstead)
Flags: firefox-backlog?
Flags: firefox-backlog+
(Assignee)

Comment 3

3 years ago
(In reply to Marco Mucci [:MarcoM] from comment #2)
> Hi Brian, is this bug related to a particular user story?

Javaun, I can't remember - were you planning to file a user story for the web developer documentation or should Will / I file one?
Flags: needinfo?(bgrinstead) → needinfo?(jmoradi)
(In reply to Brian Grinstead [:bgrins] from comment #3)
> (In reply to Marco Mucci [:MarcoM] from comment #2)
> > Hi Brian, is this bug related to a particular user story?
> 
> Javaun, I can't remember - were you planning to file a user story for the
> web developer documentation or should Will / I file one?

Hi Brian, no worries we'll take care of it.  We'll have this bug and Bug 1177194 block the new story.  Thanks.
Flags: needinfo?(jmoradi)

Updated

3 years ago
Blocks: 1177261
Aside: we do this already for CORS errors, see bug 1121824. We are also considering linkifying other sorts of messages like JS Engine errors that refer to MDN pages that explain the messages in depth.

Updated

3 years ago
Rank: 23

Updated

3 years ago
Priority: P1 → P2

Updated

3 years ago
Rank: 23 → 22

Updated

3 years ago
Rank: 22

Updated

3 years ago
Points: --- → 3

Updated

3 years ago
Flags: qe-verify?

Updated

3 years ago
Assignee: nobody → bgrinstead
Status: NEW → ASSIGNED
Iteration: --- → 42.3 - Aug 10
Priority: P2 → P1
Hi Brian, does this bug require QA verification?
Flags: needinfo?(bgrinstead)

Updated

3 years ago
Whiteboard: [fxprivacy] → [fxprivacy] [campaign]
(Assignee)

Updated

3 years ago
Flags: qe-verify?
Flags: qe-verify+
Flags: needinfo?(bgrinstead)

Updated

3 years ago
QA Contact: mwobensmith
(Assignee)

Comment 7

3 years ago
Will, do you know what the URL will be for the MDN page on Tracking Protection?
Flags: needinfo?(wbamberg)
(Assignee)

Comment 8

3 years ago
Created attachment 8640589 [details] [diff] [review]
tp-webconsole-message.patch

Nick, Can you please have a look at the webconsole changes?  Note: the actual URL for 'learn more' is subject to change based on Will's work.

Steve, this patch updates nsChannelClassifier to increase the severity of the Tracking Protection messages in the web console to match those from Mixed Content Blocking (https://dxr.mozilla.org/mozilla-central/source/dom/security/nsMixedContentBlocker.cpp#175).  Is that alright?
Attachment #8640589 - Flags: review?(sworkman)
Attachment #8640589 - Flags: review?(nfitzgerald)
This sounds fine to me, but I want to make sure. Tanvi and Francois: it should be fine to have TP Blocking reported as an error to the Web Console, just like Mixed Content Blocking, right?
Flags: needinfo?(tanvi)
Flags: needinfo?(francois)
I'm not sure about the severity. It's not really "broken" in the same way as mixed content is (and needs to be fixed by the developer). In the case of TP, it's pointing out that the user has decided to block this tracking content. It feels kind of different to me.
Flags: needinfo?(francois)
(Assignee)

Comment 11

3 years ago
(In reply to François Marier [:francois] from comment #10)
> I'm not sure about the severity. It's not really "broken" in the same way as
> mixed content is (and needs to be fixed by the developer). In the case of
> TP, it's pointing out that the user has decided to block this tracking
> content. It feels kind of different to me.

That's an interesting point about MCB and TP being different wrt the level of brokenness.  I'm OK with leaving it as a warning if that's intentional.  My thinking in making the change was (a) that a developer may be looking at the console because they saw some breakage on the page so having it be severe might help draw attention to it, and (b) it happened to be different from MCB messages for no particular reason.

Comment 12

3 years ago
I think it is very useful to have Tracking Protection messages in the webconsole with a learn more link.  I agree that it should be a warning instead of an error, because there is not something wrong with the site that the developer needs to fix.  But just something the developer should be aware of when developing their site; some users will have Tracking Protection enabled and some third party resources will be blocked.

Visually, I'm not sure it even makes a big difference whether its a warning or an error.  The red triangle for a warning sets a tone similar to the red x for an error.
Flags: needinfo?(tanvi)
Comment on attachment 8640589 [details] [diff] [review]
tp-webconsole-message.patch

Review of attachment 8640589 [details] [diff] [review]:
-----------------------------------------------------------------

LGTM
Attachment #8640589 - Flags: review?(nfitzgerald) → review+
The URL should be: https://developer.mozilla.org/Firefox/Privacy/Tracking_Protection

There is some extra work to do to make sure redirects work properly in all locales. I'll file a separate bug for that.

Javaun: when do we need the actual page to be in place at that URL?
Flags: needinfo?(wbamberg) → needinfo?(jmoradi)
Depends on: 1189065
(Assignee)

Comment 15

3 years ago
Created attachment 8640740 [details] [diff] [review]
tp-webconsole-message.patch

Thanks everyone for the feedback.  This new patch keeps the message as a warning and updates the URL to the correct one.  Try push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=b0672e4df120
Attachment #8640589 - Attachment is obsolete: true
Attachment #8640589 - Flags: review?(sworkman)
Attachment #8640740 - Flags: review+
https://hg.mozilla.org/mozilla-central/rev/c6f672a41983
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
status-firefox42: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 42
Hi Will, is it possible to have something (A stub? ) in there by uplift? 8/11 this hits DevEdition, and if ever there was a crowd for this link, it's them. A page in progress (labeled as such) is better than nothing

I realize that's not much time. If that's too much a stretch, let's go before beta in 9/21 uplift.
Flags: needinfo?(jmoradi)
Javaun: yes, it's totally possible to have the page in place by 8/11. Since the thing is already drafted, it's just a matter of copying it into MDN. I just needed to know when it should be there, so as to fit into our overall plans for communicating this feature.
Verified fixed FF 42.0a2 (2015-08-25) Win 7, Ubuntu 14.04, OS X 10.10.
Status: RESOLVED → VERIFIED
status-firefox42: fixed → verified

Updated

4 months ago
Product: Firefox → DevTools
You need to log in before you can comment on or make changes to this bug.