1401466 - Make client certificate dialog tab modal

Status: RESOLVED FIXED

(Core :: Security: PSM, enhancement, P3)

Description

[Paul Wise]

Having a modal dialog whenever one visits a site that uses client-side certificates is unusable for many users.

The option of automatically selecting the right certificate unfortunately has privacy issues:

https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/

If it would work similar to how saving passwords does then it would be much better. A small window in the upper left where users could select "Create new client cert for this site", "Login in with client cert foo {once,automatically}", "Never login automatically on this site" etc.

Comment 1

[Paul Zühlcke [:pbz]]

Attachment: client-cert-prompt.png

Here is a screenshot of the client cert request prompt.
It is shown in a window with the main browser window as parent.

While it could be tab modal, I'm not sure if it would improve UX much. It certainly can't be abused for DoS attacks by websites, which is good.

Comment 3

[David Balažic]

As noted in bug 1659119 , sometimes this dialog appears detached from the FF window it "belongs" to, and sometimes even as a modal dialog to another FF window. "Tying" it to the originating tab would be very welcome. (to the tab only, leaving other tabs in the same window free)
The problem is that due to above the dialog is sometimes not visible, as it is under the actual FF window or somewhere else. So it seems the tab is just hung. Also all other tabs are hung, as the single network thread is blocked waiting for the dialog to be closed.

Comment 4

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

Attachment: WIP: Bug 1401466 - make front-end responsible for presenting client auth cert selection ui

Comment 6

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

Attachment: Bug 1401466 - make the client auth certificate selection dialog tab modal r?jschanck

Comment 9

[floyd]

My bug 1846981 got closed as a duplicate although I disagree, mine is a bug (a critical one to me), this is an enhancement and therefore this might get a lower priority (this has already been open for 6 years).

Please note that I have to switch to a different browser than Firefox as I am unable to use Firefox to access internal websites that require client certificate authentication (freeze of Firefox). Video of the bug: http://floyd.li/trigger-ui-freezes-nothing-clickable.mp4

Please consider reopening my bug or giving this a different priority.

Comment 10

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

I'm working on this bug.

Comment 11

[Pulsebot]

Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/16c71fac6426
make the client auth certificate selection dialog tab modal r=jschanck,necko-reviewers,bolsson,kershaw,valentin

Comment 12

[Cosmin Sabou [:CosminS]]

Backed out for causing SocketControl related fuzzing build bustages.

Push with failures: https://treeherder.mozilla.org/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception%2Cretry%2Cusercancel&revision=16c71fac642647b97c85d086e54342a5addaaf13&selectedTaskRun=NoCMv-HARymMHExAIVZpkQ.0

Failure log:

• bustages - https://treeherder.mozilla.org/logviewer?job_id=427408236&repo=autoland
• TV on browser_clientAuthRememberService.js - https://treeherder.mozilla.org/logviewer?job_id=427410331&repo=autoland

Backout link: https://hg.mozilla.org/integration/autoland/rev/3ca228ef6edf9142f1d1ea66a043ddbd927ce9fc

Comment 13

[Pulsebot]

Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9d1733984f18
make the client auth certificate selection dialog tab modal r=jschanck,necko-reviewers,bolsson,kershaw,valentin

Comment 14

[Norisz Fay [:noriszfay]]

https://hg.mozilla.org/mozilla-central/rev/9d1733984f18