Contextual warning to username/password field on HTTP pages not triggered

RESOLVED DUPLICATE of bug 1335389

Status

()

Firefox for Android
General
RESOLVED DUPLICATE of bug 1335389
a year ago
a year ago

People

(Reporter: Ninu, Unassigned)

Tracking

(Blocks: 1 bug, {qablocker})

Trunk
ARM
Android
qablocker
Points:
---

Firefox Tracking Flags

(firefox52 affected, firefox54 affected)

Details

(Reporter)

Description

a year ago
Environment: Beta
Device: Sony Xperia Z2 (Android 5.0.1);
Build: Beta 52.0b4 ;

Steps to reproduce:
1. Open Fennec and go to about:config
2. Set "security.insecure_field_warning.contextual.enabled" - true and "signon.autofillForms.http" - false
3. Go to http://imgur.com/login
4. Tap inside credential box

Expected result:
 "This connection is not secure. Logins entered here could be compromised." message displayed

Actual result:
Notification not triggered

Notes:
Please note that this is also occurring on Sony Xperia Z5 (Android 6.0), (Huawei Honor 8  Android 6.0) (Motorola Nexus 6  Android 7.0)
(Reporter)

Updated

a year ago
Flags: needinfo?(MattN+bmo)
(In reply to Mihai Ninu {:Ninu} from comment #0)
> 2. Set "security.insecure_field_warning.contextual.enabled" - true and
> "signon.autofillForms.http" - false

Does the warning appear if you quit the application after changing the preferences? Does the warning appear if there is a saved login for the insecure site?

It's not actually expected to work since nobody tested or intended to implement this yet but some of the code is shared so I thought maybe it would work a bit.

I don't think we need further testing with these pref changes on Android for 52.
Flags: needinfo?(MattN+bmo)
(Reporter)

Comment 2

a year ago
(In reply to Matthew N. [:MattN] (Meetings In Taipei) from comment #1)
> (In reply to Mihai Ninu {:Ninu} from comment #0)
> > 2. Set "security.insecure_field_warning.contextual.enabled" - true and
> > "signon.autofillForms.http" - false
> 
> Does the warning appear if you quit the application after changing the
> preferences? Does the warning appear if there is a saved login for the
> insecure site?

Hi Matt, 
No is the answer, the notification doesn't appear.



> It's not actually expected to work since nobody tested or intended to
> implement this yet but some of the code is shared so I thought maybe it
> would work a bit.
> 
> I don't think we need further testing with these pref changes on Android for
> 52.

@Sebastian: Hey Sebastian, can you please check with Matt if you want to implement this on mobile?
Flags: needinfo?(s.kaspari)
Yeah, I think we should! Redirecting to barbara and joe for roadmap.
Flags: needinfo?(s.kaspari)
Flags: needinfo?(jcheng)
Flags: needinfo?(bbermes)
Actually I saw that it's already on our core browser trello board (and filed: bug 1335389):
https://trello.com/c/ZV6aqy2R/162-inform-users-of-danger-when-entering-password-info-on-non-https-site
Status: NEW → RESOLVED
Last Resolved: a year ago
Flags: needinfo?(jcheng)
Flags: needinfo?(bbermes)
Resolution: --- → DUPLICATE
Duplicate of bug: 1335389
You need to log in before you can comment on or make changes to this bug.