Provide filter in developer tools to audit secure context warnings




Developer Tools: Console
a month ago
6 days ago


(Reporter: jkt, Unassigned)


(Blocks: 1 bug)

57 Branch

Firefox Tracking Flags

(Not tracked)




a month ago
Given the increase in isSecureContext warnings caused by Bug 1335586 we should give developers a way to filter these messages like we do for warning etc.
Victoria, since you are thinking about the toolbars in console at the moment, I guess this should be something to take into account.
I am guessing here, but I think those warnings can be filtered with the warning filter, but, what if you still want to see "your" warnings ?
In the old console, security messages had their own filter, but adding it again here will grow the filter bar. 
Maybe this could go into the menu you're designing ("Hide security warnings").
Maybe we could have a button or something directly next to those message to allow hiding them.
Should we have the same label than for other filters when they are off ?

I guess we could also think about if we should treat those as the other ones. Maybe if the user want to hide those, we should hide them only for this session ? or only for this origin ?

Jonathan, would you have a test URL where we can see those security messages ? I think it would help us.
Flags: needinfo?(victoria)
Flags: needinfo?(jkt)
Priority: -- → P3

Comment 2

a month ago
Hey Nicolas,

You can visit: and click location in HTTP this produces the following:

A Geolocation request can only be fulfilled in a secure context.

However the outcome of Bug 1410368 will produce a whole set of further warnings.
This might mean we will need to specify some form of property or type for these messages when they are raised:
Flags: needinfo?(jkt)

Comment 3

a month ago
We could perhaps hide this filter/section when isSecureContext is true.
I don't think they are in the same category as CSP/HKPK/HSTS errors either so perhaps we could have a "HTTPS migration" tab instead for these errors and resources to help?
Some questions I wrote this in slack that lost in the fray:

I'm having some trouble understanding this bug, First, the comments refer to security "warnings," but this seems to actually be about security errors? There seems to be a concern that the user will want to only see "their" own warnings/errors and not want to see these security errors? I need to understand this distinction better: Is there a more general need to separate "one's own" messages vs. ...other messages? 

Adding an extra filter button wouldn't be the end of the world, but there seems to be a bit of complication here that I don't understand.
Flags: needinfo?(victoria)
You need to log in before you can comment on or make changes to this bug.