Open Bug 1280458 Opened 8 years ago Updated 2 months ago

Make "Parts of this page are not secure" warning more useful (link to blocked content, or instructions on how to find them)

Categories

(Firefox :: Security, enhancement, P3)

Product:
Firefox
Component:
Security
Version:
47 Branch
Type:
enhancement

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: mozilla, Unassigned)

Details

If a https pages references some elements which are served over https, the warning "Parts of this page are not secure" warning shows up.

However, without saying *which* are those parts, this is utterly useless, especially if parts of the contents are generated dynamically using javascript.

The warning box *does* have links to "learn more" and "more information", but neither of them shows the bad URLs that are supposedly referenced.
In the case of active mixed content (e.g https://mixed-script.badssl.com/ , not specifying which type of content is blocked), the connection is still displayed as "secure". This is the only hint in the UI telling that some content is not secure, I don’t think it should be removed.

Web developers can still access the full list of blocked URLs in the web console (Dev tools > Web Console), so that they can fix their website. This list wouldn’t be that useful to end users IMHO.
(In reply to Théo Chevalier [:tchevalier] from comment #1)
> In the case of active mixed content (e.g https://mixed-script.badssl.com/ ,
> not specifying which type of content is blocked), the connection is still
> displayed as "secure". This is the only hint in the UI telling that some
> content is not secure, I don’t think it should be removed.

My point was not to remove it, but rather to actually make it useful.

> 
> Web developers can still access the full list of blocked URLs in the web
> console (Dev tools > Web Console), so that they can fix their website.

Good to know.

> This
> list wouldn’t be that useful to end users IMHO.

Are you aware just how patronizing this sounds? "Hey there's something wrong, but we aren't going to tell you what because you're just too damn stupid..."

One fix already would be to include a pointer to the Web console into the small window that I mentioned, which currently contains 2 useless (wrong?) pointers...
Severity: normal → enhancement
Priority: -- → P3
Summary: Useless "Parts of this page are not secure" warning → Make "Parts of this page are not secure" warning more useful (link to blocked content, or instructions on how to find them)
Severity: normal → S3
Flags: needinfo?(apksgets)
You need to log in before you can comment on or make changes to this bug.