Closed Bug 1338160 Opened 8 years ago Closed 8 years ago

Contextual warning to username/password field on HTTP pages not triggered

Categories

(Firefox for Android Graveyard :: General, defect)

Product:
Firefox for Android Graveyard
Component:
General
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox52 affected, firefox54 affected)

Status:
RESOLVED DUPLICATE of bug 1335389
Tracking Flags:
Tracking Status
firefox52 --- affected
firefox54 --- affected

People

(Reporter: u549602, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: qablocker) 

Environment: Beta
Device: Sony Xperia Z2 (Android 5.0.1);
Build: Beta 52.0b4 ;

Steps to reproduce:
1. Open Fennec and go to about:config
2. Set "security.insecure_field_warning.contextual.enabled" - true and "signon.autofillForms.http" - false
3. Go to http://imgur.com/login
4. Tap inside credential box

Expected result:
 "This connection is not secure. Logins entered here could be compromised." message displayed

Actual result:
Notification not triggered

Notes:
Please note that this is also occurring on Sony Xperia Z5 (Android 6.0), (Huawei Honor 8  Android 6.0) (Motorola Nexus 6  Android 7.0)
Flags: needinfo?(MattN+bmo)
(In reply to Mihai Ninu {:Ninu} from comment #0)
> 2. Set "security.insecure_field_warning.contextual.enabled" - true and
> "signon.autofillForms.http" - false

Does the warning appear if you quit the application after changing the preferences? Does the warning appear if there is a saved login for the insecure site?

It's not actually expected to work since nobody tested or intended to implement this yet but some of the code is shared so I thought maybe it would work a bit.

I don't think we need further testing with these pref changes on Android for 52.
Flags: needinfo?(MattN+bmo)
(In reply to Matthew N. [:MattN] (Meetings In Taipei) from comment #1)
> (In reply to Mihai Ninu {:Ninu} from comment #0)
> > 2. Set "security.insecure_field_warning.contextual.enabled" - true and
> > "signon.autofillForms.http" - false
> 
> Does the warning appear if you quit the application after changing the
> preferences? Does the warning appear if there is a saved login for the
> insecure site?

Hi Matt, 
No is the answer, the notification doesn't appear.



> It's not actually expected to work since nobody tested or intended to
> implement this yet but some of the code is shared so I thought maybe it
> would work a bit.
> 
> I don't think we need further testing with these pref changes on Android for
> 52.

@Sebastian: Hey Sebastian, can you please check with Matt if you want to implement this on mobile?
Flags: needinfo?(s.kaspari)
Yeah, I think we should! Redirecting to barbara and joe for roadmap.
Flags: needinfo?(s.kaspari)
Flags: needinfo?(jcheng)
Flags: needinfo?(bbermes)
Actually I saw that it's already on our core browser trello board (and filed: bug 1335389):
https://trello.com/c/ZV6aqy2R/162-inform-users-of-danger-when-entering-password-info-on-non-https-site
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(jcheng)
Flags: needinfo?(bbermes)
Resolution: --- → DUPLICATE
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.