Closed
Bug 1301772
Opened 8 years ago
Closed 8 years ago
Turn on Insecure Password Warning in Firefox Beta
Categories
(Firefox :: Security, defect, P1)
Tracking
()
People
(Reporter: tanvi, Assigned: past)
References
(Blocks 1 open bug)
Details
(Keywords: site-compat, Whiteboard: [fxprivacy])
Attachments
(1 file)
58 bytes,
text/x-review-board-request
|
florian
:
review+
ritu
:
approval-mozilla-aurora+
|
Details |
This bugs is to take the insecure password warning to Beta. It requires a couple line code change here:
https://dxr.mozilla.org/mozilla-central/source/browser/app/profile/firefox.js?q=browser%2Fapp%2Fprofile%2Ffirefox.js&redirect_type=direct#1220
Reporter | ||
Comment 1•8 years ago
|
||
It sounds like the best we can do here is get the first half of the beta release with:
#ifdef EARLY_BETA_OR_EARLIER
Reporter | ||
Comment 2•8 years ago
|
||
If we want this to make Firefox Beta 50, we will have to land this next week and get uplift approval to aurora.
Alternatively, since this is just a pref change, we could go the hotfix route if the uplift doesn't get approved.
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → past
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: [fxprivacy][triage]
Assignee | ||
Updated•8 years ago
|
Whiteboard: [fxprivacy][triage] → [fxprivacy]
Comment hidden (mozreview-request) |
Comment 4•8 years ago
|
||
mozreview-review |
Comment on attachment 8790202 [details]
Bug 1301772 - Turn on Insecure Password Warning in Firefox Beta.
https://reviewboard.mozilla.org/r/78126/#review76606
::: browser/app/profile/firefox.js:1223
(Diff revision 1)
>
> // Block insecure active content on https pages
> pref("security.mixed_content.block_active_content", true);
>
> // Show degraded UI for http pages with password fields.
> // Only for Nightly and Dev Edition for not, not for beta or release.
Please update this comment to no longer say "not for beta".
Attachment #8790202 -
Flags: review?(florian) → review+
Assignee | ||
Comment 5•8 years ago
|
||
Good point, thanks. It's probably a pointless comment, but I've updated it to reflect reality.
Pushed by pastithas@mozilla.com:
https://hg.mozilla.org/integration/fx-team/rev/5d8afbdb3620
Turn on Insecure Password Warning in Firefox Beta. r=florian
Updated•8 years ago
|
Flags: qe-verify?
Updated•8 years ago
|
Iteration: --- → 51.3 - Sep 19
Reporter | ||
Comment 7•8 years ago
|
||
Panos, can you request uplift to aurora? That way, the pref will be turned on for Firefox 50 Beta.
Flags: needinfo?(past)
Assignee | ||
Comment 8•8 years ago
|
||
Sure, I'm just waiting for the patch to land on m-c.
Flags: needinfo?(past)
Comment 9•8 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox51:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 51
Assignee | ||
Updated•8 years ago
|
Flags: qe-verify? → qe-verify+
Assignee | ||
Comment 10•8 years ago
|
||
Comment on attachment 8790202 [details]
Bug 1301772 - Turn on Insecure Password Warning in Firefox Beta.
Approval Request Comment
[Feature/regressing bug #]: feature from bug 1179961
[User impact if declined]: product and engineering want to get more feedback from early beta users, so we want to let this feature ride another train when 50 is merged to beta
[Describe test coverage new/current, TreeHerder]: there are automated tests for this in the tree
[Risks and why]: no risk, just a pref flip
[String/UUID change made/needed]: none
Attachment #8790202 -
Flags: approval-mozilla-aurora?
status-firefox50:
--- → affected
Comment on attachment 8790202 [details]
Bug 1301772 - Turn on Insecure Password Warning in Firefox Beta.
Makes sense, Aurora50+
Attachment #8790202 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 12•8 years ago
|
||
bugherder uplift |
Updated•8 years ago
|
QA Contact: paul.silaghi
Comment 13•8 years ago
|
||
I guess this can only be verified once 50 is merged to beta.
Comment 14•8 years ago
|
||
Updated the site compatibility doc: https://www.fxsitecompat.com/en-CA/docs/2015/non-https-sites-containing-login-form-will-be-marked-insecure/
Will tweet from @FxSiteCompat to get more attention from developers.
Keywords: site-compat
Comment 15•8 years ago
|
||
The lock with a strikethrough is displayed fine on the test pages:
http://people.mozilla.org/~tvyas/password/password_insecure.html
http://people.mozilla.org/~tvyas/password/frame_password.html
Verified fixed FX 50b1, 51.0a2 (2016-09-21) Win 7.
Status: RESOLVED → VERIFIED
Flags: qe-verify+
Comment 16•8 years ago
|
||
Is this going to ride the train to release, or is that a separate bug?
Gerv
Assignee | ||
Comment 17•8 years ago
|
||
(In reply to Gervase Markham [:gerv] from comment #16)
> Is this going to ride the train to release, or is that a separate bug?
It is going to be a separate bug.
You need to log in
before you can comment on or make changes to this bug.
Description
•