Closed Bug 1188481 Opened 6 years ago Closed 6 years ago

[userstory] Cert Warnings: Untrusted connection

Categories

(Firefox :: General, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: MarcoM, Unassigned)

References

()

Details

(Whiteboard: [fxprivacy] [userstory])

User Story

Summary:
* As a User, I want Firefox to warn me when a site has security problems that I wouldn’t be able to notice so that I don’t trust a site that could leak my information.

Acceptance Criteria: 
* Styled as per design
* Broken lock icon displays
* Headline: “Your connection is not secure”
body copy: “The owner of expired.badssl.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.”
* “Learn more” link goes to SUMO page: https://support.mozilla.org/en-US/kb/tls-error-reports
* Checkbox “Report errors like this to Mozilla” is checked. ( UNCLEAR WHAT THIS IS. DOES NOT SEEM TO BE EXISTING FUNCTIONALITY
* “Return to prior” page button (NEW FUNCTIONALITY? CURRENT “Get me out of here!” BUTTON GOES TO ABOUT:HOME)
* “Advanced” button reveals technical details about invalid cert
** After clicking “Advanced”, user sees a styled warning and has the ability to add a manual exception for the site.

Attachments

(1 file)

No description provided.
Flags: firefox-backlog+
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INCOMPLETE
Status: RESOLVED → REOPENED
User Story: (updated)
Flags: firefox-backlog+
Resolution: INCOMPLETE → ---
Summary: [userstory] Certificate warning (invalid cert) → [userstory] Cert Warnings: Untrusted connection
Status: REOPENED → NEW
Depends on: 1202490
The user story mentions adding "a manual exception for the site". I understood that as "temporarily override the check for the duration of the session". Is that correct, or do we want to set the override forever (or something else)?
Flags: needinfo?(jmoradi)
The current code shows a modal prompt for setting a permanent exception, but from the mockup I get the impression that this is not what we want.
Depends on: 1212456
We had a couple of discussions about this point last week and the consensus was to move forward with the existing modal dialog for the time being (v1) and then use an approach more similar to the mockup (v2). We agreed that it’s important to offer the ability to make these exceptions permanent in the warning notification.

April suggested that if we are going to have a persistent warning bar on the screen for sites that have had security exceptions, then that would be the perfect place to offer a link for people to revoke their trust.

Bram liked this approach a lot, and has updated his mockup to match:
http://brampitoyo.github.io/fx-untrusted-connection/untrusted-connection-warning-ui.png

The behaviour is as follows:

- When clicking the “Proceed” link, the modal dialogue to add exception doesn’t appear anymore
- Instead, we set exception to permanent by default, and load the site that the user wants to load
- However, when a site have had security exception, we also show a persistent warning bar that tells user to be careful
- This warning bar makes it easy to revoke permanent exception
Flags: needinfo?(jmoradi)
Depends on: 1219088
Depends on: 1218971
Depends on: 1220781
Depends on: 1221084
Status: NEW → RESOLVED
Closed: 6 years ago6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.