154616 - No redirect warning as in Nav 4.79

Status: RESOLVED WONTFIX

(Core Graveyard :: Security: UI, defect, P1)

Description

[John Unruh]

6/26 branch. 1.) Visit http://finance.yahoo.com/fundstransfer
2.) Click on the Get Started Now button.
What happens: I get a warning that I am sending unencrypted data.
What is expected: As with 4.79 "Warning!  Your connection has been redirected to 
a different site.  You may not be connected to the site that you originally 
tried to reach."

Comment 1

[John Unruh]

*** Bug 36435 has been marked as a duplicate of this bug. ***

Comment 2

[Kai Engert (:KaiE:)]

I agree, but showing the different warning is not enough.

4.x also allowed you to cancel the connection when you are being redirected to a
different site.

We need to implement 62178 before we can fix this one.

Comment 3

[John G. Myers]

Mass reassign ssaux bugs to nobody

Comment 4

[Nelson Bolyard (seldom reads bugmail)]

Mass change "Future" target milestone to "--" on bugs that now are assigned to
nobody.  Those targets reflected the prioritization of past PSM management.
Many of these should be marked invalid or wontfix, I think.

Comment 5

[steve]

Is this bug here still valid? The URL for testing no longer exists.

Comment 6

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

I suggest WONTFIX. If this has been the behavior for over 10 years there's probably too many backward-compatibility issues. We've gotten rid of all active HTTPS-related security prompts like this (e.g. the ones that warn about switching from HTTPS to HTTP and vice versa via clicking on links), and I'm not keen to add one back without a clear explanation of why it is necessary.

Comment 7

[Justin Dolske [:Dolske]]

Agreed. At the very least, if someone feels super strongly about this, open a new bug (feel free to refer to this one) with a compelling rationale for why this is relevant on the modern web.