Closed Bug 1562881 Opened 2 years ago Closed 2 years ago

[Protections Panel] Remove "i" icon and make the shield icon persistent on the URL bar.

Categories

(Firefox :: Site Identity, task, P1)

task

Tracking

()

RESOLVED FIXED
Firefox 70
Tracking Status
relnote-firefox --- 70+
firefox70 --- fixed

People

(Reporter: timhuang, Assigned: timhuang)

References

(Blocks 2 open bugs, Regressed 2 open bugs)

Details

(Keywords: site-compat)

Attachments

(7 files)

We will make the shield icon persistent on the URL bar and removing the "i" icon. The new protections panel will be anchored on the persistent shield icon and the identity panel will be anchored on the lock icon.

Priority: -- → P1
Status: NEW → ASSIGNED
Whiteboard: [privacy-panel][triage]
Duplicate of this bug: 1462556

The patch moves the tracking protection icon out of the identity block,
and making it persistent.

We hide the identity icon if there is a lock icon there. If not, the
identity icon will still be shown.

Depends on D37788

This patch changes the anchor point of the identity popup to the lock
icon from the identity icon. And move the anchor point of the
protections popup to the shield icon container. Also remove the alt key
which is needed to open the protection icon.

In addtion, this also makes these two popups are mutual exclusive.

Depends on D37790

Attachment #9077537 - Attachment description: Bug 1562881 - Part 3: Hide the identity icon if there is a lock icon existing. r?johannh! → Bug 1562881 - Part 3: Merge the identity icon and the lock icon into one icon. r?johannh!
Attachment #9077539 - Attachment description: Bug 1562881 - Part 5: Change the anchor point of the identity popup and the protections popup. r?johannh! → Bug 1562881 - Part 5: Change the anchor point of protections popup to the shield icon container and make identity popup and protection popup mutual exclusive. r?johannh!
Attachment #9077540 - Attachment description: Bug 1562881 - Part 6: Update tests. r?johannh! → Bug 1562881 - Part 6: Update tests and add a test for insuring identity icon loads a correct image. r?johannh!
Keywords: site-compat
Attachment #9078503 - Attachment description: Screenshot 2019-07-12 at 15.25.02.png → Screenshot on HTTP page
Attachment #9077537 - Attachment description: Bug 1562881 - Part 3: Merge the identity icon and the lock icon into one icon. r?johannh! → Bug 1562881 - Part 3: Merge the connection icon and the extension icon into the identity icon. r?johannh!
Summary: [Protections Panel] Removing "i" icon and make the shield icon persistent on the URL bar. → [Protections Panel] Remove "i" icon and make the shield icon persistent on the URL bar.

Just a small question here:
Isn't lock style on HTTP page (as screenshot on comment 8 ) a bit confusing with the one on mix content page?

Pushed by tihuang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/eb7359a95a75
Part 1: Moving the tracking protection icon out of the identity block and making it persistent. r=johannh
https://hg.mozilla.org/integration/autoland/rev/8e1a9e517cfd
Part 2: Hide the tracking protection icon if it is a chrome UI page. r=johannh
https://hg.mozilla.org/integration/autoland/rev/c727ba3536a2
Part 3: Merge the connection icon and the extension icon into the identity icon. r=johannh
https://hg.mozilla.org/integration/autoland/rev/1228703fef68
Part 4: Showing the degraded UI for Http pages by default. r=johannh
https://hg.mozilla.org/integration/autoland/rev/f457b7f300cf
Part 5: Change the anchor point of protections popup to the shield icon container and make identity popup and protection popup mutual exclusive. r=johannh
https://hg.mozilla.org/integration/autoland/rev/c5ba93a2d508
Part 6: Update tests and add a test for insuring identity icon loads a correct image. r=johannh

(In reply to lolipopplus from comment #9)

Just a small question here:
Isn't lock style on HTTP page (as screenshot on comment 8 ) a bit confusing with the one on mix content page?

You're confusing that icon with this one: https://design.firefox.com/icons/viewer/#secure%20mixed
The broken padlock is used for HTTP and broken HTTPS (mixed active content, cert errors etc) but the one with yellow warning icon is used for mixed passive content (images and other media).

Should localhost really be insecure? (See Twitter)

Also will this land in Firefox for Android/Firefox preview?

IMHO, Newbies shouldn't get used to develop applications without built-in TLS: https://github.com/FiloSottile/mkcert
http:// is deprecated, almost like ftp://. gopher:// is already gone.

I'm not sure which Tweet you mean. I've found this recent one: https://twitter.com/spedru/status/1152066665548378112
It's the result of manually changing browser.urlbar.trimURLs to false and security.insecure_connection_text.enabled to true.
I think, at least showing http:// would be a better default as you only need to click into the address bar, add an s (for https://) and press enter.
Today you need to click and then type the whole https:// to try the secure variant of a website - a counterproductive obstacle.
But at the end, http:// should look noticeably ugly while https:// should be hidden and tidy and switching over to it should be a bit easier than today.

I'm not sure which Tweet you mean. I've found this recent one: https://twitter.com/spedru/status/1152066665548378112

Did not mean that one but it had similar content

http:// is deprecated

Local development tools, app (e.g. OAuth) and similar things sill use http on localhost and will probably use it in the next years. I've nothing without https in the public, but my development is still http.
Also this is the only thing to be consistent with the standards, all the secure context apis (like ServiceWorker) only work with https and localhost.

Today you need to click and then type the whole https:// to try the secure variant of a website - a counterproductive obstacle.
But at the end, http:// should look noticeably ugly while https:// should be hidden and tidy and switching over to it should be a bit easier than today.

I'm for integrating something like HTTPS Everywhere's "try encrypted or big red warning" by default into Firefox anyway

Regressions: 1567784
Regressions: 1567185

¡Hola!

FWIW just wanted to point out that the (i) icon is still visible in the about:about page.

¡Gracias!
Alex

(In reply to alex_mayorga from comment #18)

¡Hola!

FWIW just wanted to point out that the (i) icon is still visible in the about:about page.

¡Gracias!
Alex

See bug 1567443.

Depends on: 1568506
No longer depends on: 1568506
Regressions: 1568506
Depends on: 1568749
No longer depends on: 1568749
Regressions: 1570663
Regressions: 1574660
Regressions: 1574669
Depends on: 1575080
No longer depends on: 1575080
Regressions: 1575080
Regressions: 1583229

I have reproduced this bug with Nightly 69.0a1 (2019-07-02)on windows 10, 64 bit!

The fix is now verified on Latest Beta 70.0b9.

Build ID: 20190923154733
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0

QA Whiteboard: [bugday-20191009]
Blocks: 1583229
No longer regressions: 1583229

Adding to release notes as "A new crossed-out lock icon now indicates insecure HTTP"

You need to log in before you can comment on or make changes to this bug.