Make client certificate dialog tab modal
Categories
(Core :: Security: PSM, enhancement, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox119 | --- | fixed |
People
(Reporter: pabs3, Assigned: keeler)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-clientauth])
Attachments
(2 files, 1 obsolete file)
Having a modal dialog whenever one visits a site that uses client-side certificates is unusable for many users. The option of automatically selecting the right certificate unfortunately has privacy issues: https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/ If it would work similar to how saving passwords does then it would be much better. A small window in the upper left where users could select "Create new client cert for this site", "Login in with client cert foo {once,automatically}", "Never login automatically on this site" etc.
Updated•7 years ago
|
Assignee | ||
Updated•7 years ago
|
Updated•4 years ago
|
Updated•4 years ago
|
Comment 1•4 years ago
•
|
||
Here is a screenshot of the client cert request prompt.
It is shown in a window with the main browser window as parent.
While it could be tab modal, I'm not sure if it would improve UX much. It certainly can't be abused for DoS attacks by websites, which is good.
Comment 3•4 years ago
|
||
As noted in bug 1659119 , sometimes this dialog appears detached from the FF window it "belongs" to, and sometimes even as a modal dialog to another FF window. "Tying" it to the originating tab would be very welcome. (to the tab only, leaving other tabs in the same window free)
The problem is that due to above the dialog is sometimes not visible, as it is under the actual FF window or somewhere else. So it seems the tab is just hung. Also all other tabs are hung, as the single network thread is blocked waiting for the dialog to be closed.
Assignee | ||
Comment 4•2 years ago
|
||
Updated•2 years ago
|
Assignee | ||
Comment 6•9 months ago
|
||
Updated•9 months ago
|
Updated•9 months ago
|
My bug 1846981 got closed as a duplicate although I disagree, mine is a bug (a critical one to me), this is an enhancement and therefore this might get a lower priority (this has already been open for 6 years).
Please note that I have to switch to a different browser than Firefox as I am unable to use Firefox to access internal websites that require client certificate authentication (freeze of Firefox). Video of the bug: http://floyd.li/trigger-ui-freezes-nothing-clickable.mp4
Please consider reopening my bug or giving this a different priority.
Comment 11•8 months ago
|
||
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/16c71fac6426 make the client auth certificate selection dialog tab modal r=jschanck,necko-reviewers,bolsson,kershaw,valentin
Comment 12•8 months ago
•
|
||
Backed out for causing SocketControl related fuzzing build bustages.
Failure log:
- bustages - https://treeherder.mozilla.org/logviewer?job_id=427408236&repo=autoland
- TV on browser_clientAuthRememberService.js - https://treeherder.mozilla.org/logviewer?job_id=427410331&repo=autoland
Backout link: https://hg.mozilla.org/integration/autoland/rev/3ca228ef6edf9142f1d1ea66a043ddbd927ce9fc
Assignee | ||
Updated•8 months ago
|
Comment 13•8 months ago
|
||
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9d1733984f18 make the client auth certificate selection dialog tab modal r=jschanck,necko-reviewers,bolsson,kershaw,valentin
Comment 14•8 months ago
|
||
bugherder |
Description
•