Closed Bug 1401466 Opened 7 years ago Closed 11 months ago

Make client certificate dialog tab modal

Categories

(Core :: Security: PSM, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
119 Branch
Tracking Status
firefox119 --- fixed

People

(Reporter: pabs3, Assigned: keeler)

References

(Blocks 1 open bug)

Details

(Whiteboard: [psm-clientauth])

Attachments

(2 files, 1 obsolete file)

Having a modal dialog whenever one visits a site that uses client-side certificates is unusable for many users.

The option of automatically selecting the right certificate unfortunately has privacy issues:

https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/

If it would work similar to how saving passwords does then it would be much better. A small window in the upper left where users could select "Create new client cert for this site", "Login in with client cert foo {once,automatically}", "Never login automatically on this site" etc.
Component: General → Security: PSM
Product: Firefox → Core
Priority: -- → P3
Whiteboard: [psm-clientauth]
See Also: → 1617504
Blocks: 616843
Status: UNCONFIRMED → NEW
Ever confirmed: true
See Also: 1617504
Summary: improve the usability of client-side certificates → Make client certificate dialog tab modal
Attached image client-cert-prompt.png

Here is a screenshot of the client cert request prompt.
It is shown in a window with the main browser window as parent.

While it could be tab modal, I'm not sure if it would improve UX much. It certainly can't be abused for DoS attacks by websites, which is good.

As noted in bug 1659119 , sometimes this dialog appears detached from the FF window it "belongs" to, and sometimes even as a modal dialog to another FF window. "Tying" it to the originating tab would be very welcome. (to the tab only, leaving other tabs in the same window free)
The problem is that due to above the dialog is sometimes not visible, as it is under the actual FF window or somewhere else. So it seems the tab is just hung. Also all other tabs are hung, as the single network thread is blocked waiting for the dialog to be closed.

Severity: normal → S3
Duplicate of this bug: 1809131
Duplicate of this bug: 1833908
Attachment #9283854 - Attachment is obsolete: true
Assignee: nobody → dkeeler
Attachment #9344249 - Attachment description: WIP: Bug 1401466 - make the client auth certificate selection dialog tab modal r?jschanck → Bug 1401466 - make the client auth certificate selection dialog tab modal r?jschanck
Status: NEW → ASSIGNED
Duplicate of this bug: 1846981

My bug 1846981 got closed as a duplicate although I disagree, mine is a bug (a critical one to me), this is an enhancement and therefore this might get a lower priority (this has already been open for 6 years).

Please note that I have to switch to a different browser than Firefox as I am unable to use Firefox to access internal websites that require client certificate authentication (freeze of Firefox). Video of the bug: http://floyd.li/trigger-ui-freezes-nothing-clickable.mp4

Please consider reopening my bug or giving this a different priority.

Flags: needinfo?(dkeeler)

I'm working on this bug.

Flags: needinfo?(dkeeler)
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/16c71fac6426
make the client auth certificate selection dialog tab modal r=jschanck,necko-reviewers,bolsson,kershaw,valentin
Flags: needinfo?(dkeeler)
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9d1733984f18
make the client auth certificate selection dialog tab modal r=jschanck,necko-reviewers,bolsson,kershaw,valentin
Status: ASSIGNED → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → 119 Branch
Duplicate of this bug: 1850957
Duplicate of this bug: 1657588
Duplicate of this bug: 1246563
Regressions: 1888751
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: