[Protections Panel] Remove "i" icon and make the shield icon persistent on the URL bar.
Categories
(Firefox :: Site Identity, task, P1)
Tracking
()
People
(Reporter: timhuang, Assigned: timhuang)
References
(Blocks 1 open bug, Regressed 1 open bug)
Details
(Keywords: site-compat)
Attachments
(7 files)
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
11.24 KB,
image/png
|
Details |
Screenshot on HTTP page
We will make the shield icon persistent on the URL bar and removing the "i" icon. The new protections panel will be anchored on the persistent shield icon and the identity panel will be anchored on the lock icon.
|
||
Updated•5 years ago
|
|
Assignee | |
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 2•5 years ago
|
||
The patch moves the tracking protection icon out of the identity block,
and making it persistent.
|
|
Assignee | |
Comment 3•5 years ago
|
||
Depends on D37787
|
|
Assignee | |
Comment 4•5 years ago
|
||
We hide the identity icon if there is a lock icon there. If not, the
identity icon will still be shown.
Depends on D37788
|
|
Assignee | |
Comment 5•5 years ago
|
||
Depends on D37789
|
|
Assignee | |
Comment 6•5 years ago
|
||
This patch changes the anchor point of the identity popup to the lock
icon from the identity icon. And move the anchor point of the
protections popup to the shield icon container. Also remove the alt key
which is needed to open the protection icon.
In addtion, this also makes these two popups are mutual exclusive.
Depends on D37790
|
|
Assignee | |
Comment 7•5 years ago
|
||
Depends on D37791
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
||
Comment 8•5 years ago
|
||
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
||
Comment 9•5 years ago
|
||
Just a small question here:
Isn't lock style on HTTP page (as screenshot on comment 8 ) a bit confusing with the one on mix content page?
|
||
Comment 10•5 years ago
|
||
Pushed by tihuang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/eb7359a95a75 Part 1: Moving the tracking protection icon out of the identity block and making it persistent. r=johannh https://hg.mozilla.org/integration/autoland/rev/8e1a9e517cfd Part 2: Hide the tracking protection icon if it is a chrome UI page. r=johannh https://hg.mozilla.org/integration/autoland/rev/c727ba3536a2 Part 3: Merge the connection icon and the extension icon into the identity icon. r=johannh https://hg.mozilla.org/integration/autoland/rev/1228703fef68 Part 4: Showing the degraded UI for Http pages by default. r=johannh https://hg.mozilla.org/integration/autoland/rev/f457b7f300cf Part 5: Change the anchor point of protections popup to the shield icon container and make identity popup and protection popup mutual exclusive. r=johannh https://hg.mozilla.org/integration/autoland/rev/c5ba93a2d508 Part 6: Update tests and add a test for insuring identity icon loads a correct image. r=johannh
|
||
Comment 11•5 years ago
|
||
(In reply to lolipopplus from comment #9)
Just a small question here:
Isn't lock style on HTTP page (as screenshot on comment 8 ) a bit confusing with the one on mix content page?
You're confusing that icon with this one: https://design.firefox.com/icons/viewer/#secure%20mixed
The broken padlock is used for HTTP and broken HTTPS (mixed active content, cert errors etc) but the one with yellow warning icon is used for mixed passive content (images and other media).
|
||
Comment 12•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/eb7359a95a75
https://hg.mozilla.org/mozilla-central/rev/8e1a9e517cfd
https://hg.mozilla.org/mozilla-central/rev/c727ba3536a2
https://hg.mozilla.org/mozilla-central/rev/1228703fef68
https://hg.mozilla.org/mozilla-central/rev/f457b7f300cf
https://hg.mozilla.org/mozilla-central/rev/c5ba93a2d508
|
||
Comment 13•5 years ago
|
||
Should localhost really be insecure? (See Twitter)
|
|
||
Comment 14•5 years ago
|
||
Also will this land in Firefox for Android/Firefox preview?
|
||
Comment 15•5 years ago
|
||
IMHO, Newbies shouldn't get used to develop applications without built-in TLS: https://github.com/FiloSottile/mkcert
http:// is deprecated, almost like ftp://. gopher:// is already gone.
I'm not sure which Tweet you mean. I've found this recent one: https://twitter.com/spedru/status/1152066665548378112
It's the result of manually changing browser.urlbar.trimURLs to false and security.insecure_connection_text.enabled to true.
I think, at least showing http:// would be a better default as you only need to click into the address bar, add an s (for https://) and press enter.
Today you need to click and then type the whole https:// to try the secure variant of a website - a counterproductive obstacle.
But at the end, http:// should look noticeably ugly while https:// should be hidden and tidy and switching over to it should be a bit easier than today.
|
|
||
Comment 16•5 years ago
|
||
I'm not sure which Tweet you mean. I've found this recent one: https://twitter.com/spedru/status/1152066665548378112
Did not mean that one but it had similar content
http://is deprecated
Local development tools, app (e.g. OAuth) and similar things sill use http on localhost and will probably use it in the next years. I've nothing without https in the public, but my development is still http.
Also this is the only thing to be consistent with the standards, all the secure context apis (like ServiceWorker) only work with https and localhost.
Today you need to click and then type the whole https:// to try the secure variant of a website - a counterproductive obstacle.
But at the end, http:// should look noticeably ugly while https:// should be hidden and tidy and switching over to it should be a bit easier than today.
I'm for integrating something like HTTPS Everywhere's "try encrypted or big red warning" by default into Firefox anyway
|
|
||
Comment 17•5 years ago
|
||
Posted site compatibility note: https://www.fxsitecompat.dev/en-CA/docs/2019/firefox-location-bar-now-shows-broken-padlock-icon-for-insecure-sites/
|
||
Comment 18•5 years ago
|
||
¡Hola!
FWIW just wanted to point out that the (i) icon is still visible in the about:about page.
¡Gracias!
Alex
|
|
||
Comment 19•5 years ago
|
||
(In reply to alex_mayorga from comment #18)
¡Hola!
FWIW just wanted to point out that the (i) icon is still visible in the about:about page.
¡Gracias!
Alex
See bug 1567443.
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
||
Comment 20•5 years ago
|
||
I have reproduced this bug with Nightly 69.0a1 (2019-07-02)on windows 10, 64 bit!
The fix is now verified on Latest Beta 70.0b9.
Build ID: 20190923154733
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0
|
|
||
Updated•5 years ago
|
|
||
Comment 21•5 years ago
|
||
Adding to release notes as "A new crossed-out lock icon now indicates insecure HTTP"
Description
•