Get rid of security.insecure_password.ui.enabled
Categories
(Firefox :: Site Identity, task, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox76 | --- | fixed |
People
(Reporter: johannh, Assigned: scientistartist, Mentored)
References
Details
Attachments
(1 file)
With bug 1562881 we have started showing the insecure indicator on all http pages, thus we can remove the logic behind the security.insecure_password.ui.enabled pref that marked pages with login forms as insecure.
|
||
Comment 1•5 years ago
|
||
So far, Firefox warns blatantly (bug 1555317 comment 28) on http://http-login.badssl.com/ while Chrome merely shows "Not secure" without a broken padlock.
(IMHO) If you switched security.insecure_connection_text.enabled to true at the same time, removal couldn't really be considered as regression as Firefox would still warn a bit stronger than Chrome. But considering bug 1562881 landed in 70, should this rather be done in 71 to boil the frog slowly?
|
Reporter | |
Comment 2•5 years ago
|
||
The point is that having any indication of insecure login forms in the identity section comes with a perf hit. Showing the insecure text would be the same thing, just different UI.
I don't think this can be seen as a regression in any case, we're simply removing the explicit mention of login fields from the identity popup, so it's a slight copy change at best. The user has an abundance of warnings about the insecure state of the site, in the identity block, the identity popup and the in-content warning on insecure form fields, so I wouldn't worry about it and just get rid of this.
|
|
||
Comment 3•5 years ago
|
||
My mistake, I thought this would remove in-content warnings, too.
|
|
Reporter | |
Updated•5 years ago
|
|
|
Reporter | |
Comment 4•4 years ago
|
||
I think what's left to do here is to remove all code that sets the loginforms attribute on the identity box, this query should be a relatively complete list of what needs to be removed or modified: https://searchfox.org/mozilla-central/search?q=loginforms&case=false®exp=false&path=browser%2F
This pref also needs to be removed: https://searchfox.org/mozilla-central/rev/f36cb2af46edd2659f446b7acdb2154e230ee445/browser/app/profile/firefox.js#1369
|
|
Reporter | |
Updated•4 years ago
|
|
Assignee | |
Comment 5•4 years ago
|
||
Depends on D66863
|
||
Updated•4 years ago
|
|
|
||
Updated•4 years ago
|
Pushed by rgurzau@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4340bb31d707 Get rid of security.insecure_password.ui.enabled r=johannh
|
||
Comment 7•4 years ago
|
||
| bugherder | ||
Description
•