Closed Bug 1567827 Opened 2 years ago Closed 1 year ago

Get rid of security.insecure_password.ui.enabled

Categories

(Firefox :: Site Identity, task, P2)

Product:
Firefox
Component:
Site Identity
Version:
66 Branch
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 76
Tracking Flags:
Tracking Status
firefox76 --- fixed

People

(Reporter: johannh, Assigned: scientistartist, Mentored)

References

Details

Attachments

(1 file)

Bug 1567827 Get rid of security.insecure_password.ui.enabled
47 bytes, text/x-phabricator-request
Details | Review

With bug 1562881 we have started showing the insecure indicator on all http pages, thus we can remove the logic behind the security.insecure_password.ui.enabled pref that marked pages with login forms as insecure.

See Also: → 1555317

So far, Firefox warns blatantly (bug 1555317 comment 28) on http://http-login.badssl.com/ while Chrome merely shows "Not secure" without a broken padlock.
(IMHO) If you switched security.insecure_connection_text.enabled to true at the same time, removal couldn't really be considered as regression as Firefox would still warn a bit stronger than Chrome. But considering bug 1562881 landed in 70, should this rather be done in 71 to boil the frog slowly?

The point is that having any indication of insecure login forms in the identity section comes with a perf hit. Showing the insecure text would be the same thing, just different UI.

I don't think this can be seen as a regression in any case, we're simply removing the explicit mention of login fields from the identity popup, so it's a slight copy change at best. The user has an abundance of warnings about the insecure state of the site, in the identity block, the identity popup and the in-content warning on insecure form fields, so I wouldn't worry about it and just get rid of this.

My mistake, I thought this would remove in-content warnings, too.

Priority: P3 → P2
Depends on: 1527828

I think what's left to do here is to remove all code that sets the loginforms attribute on the identity box, this query should be a relatively complete list of what needs to be removed or modified: https://searchfox.org/mozilla-central/search?q=loginforms&case=false&regexp=false&path=browser%2F

This pref also needs to be removed: https://searchfox.org/mozilla-central/rev/f36cb2af46edd2659f446b7acdb2154e230ee445/browser/app/profile/firefox.js#1369

Mentor: jhofmann, prathikshaprasadsuman
Assignee: nobody → scientistartist
Status: NEW → ASSIGNED

Depends on D66863

Attachment #9133903 - Attachment description: Bug 1567827 Get rid of security.insecure_password.ui.enabled → Bug 1567827 Get rid of security.insecure_password.ui.enabled- revision
Attachment #9133903 - Attachment description: Bug 1567827 Get rid of security.insecure_password.ui.enabled- revision → Bug 1567827 Get rid of security.insecure_password.ui.enabled
Pushed by rgurzau@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4340bb31d707
Get rid of security.insecure_password.ui.enabled r=johannh

https://hg.mozilla.org/mozilla-central/rev/4340bb31d707

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox76: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 76
You need to log in before you can comment on or make changes to this bug.