Closed Bug 1776334 Opened 3 years ago Closed 2 years ago

Create exposed UX for overriding https-first (an escape hatch to use on broken sites)

Categories

(Core :: DOM: Security, enhancement, P3)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
117 Branch
Tracking Flags:
Tracking Status
firefox117 --- fixed

People

(Reporter: dveditz, Assigned: maltejur)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active])

The point of https-first is to opportunistically upgrade http: connections without bothering the user, and it has a set of heuristics on when it backs off. We've had a series of bugs on sites that do unexpected things, and it's likely there will always be surprises. We need an "escape hatch" for users to use on these sites.

I don't have a clear idea for what will work, but here are some initial thoughts to get the ball rolling.

  • http-first should respect exceptions set for https-only. When we eventually make https-first a "default on" feature, some users will try https-only and might then turn it off if they don't like the experience. If they've set exceptions in that time those exceptions would still be useful if they later revert to https-first.
  • Allow use of the "Manage Exceptions" dialog whether https-only is enabled or not. This will help users manage the first point manually
  • Add the https-only exception option to the site identity pane for all http: documents if https-first is enabled (we do this for https-only already). If we opened an http: document then either we've already got a setting, or we've granted a temporary exception based on heuristics. The user may need continued exceptions on that site! See bug 1754982, for example (although we could probably solve that specific one with more heuristics)
  • If we've upgraded a URL because of https-first we should show the exception toggle on the site identity bar (as we do with https-only). This 1) lets a user know we did upgrade the connection (in case something is wrong) and 2) gives them a chance to turn it of from there if the upgrading took them somewhere useless (like a page saying "secure version of site coming soon!" -- an error page that didn't return an error status).

The text of the site identity panel currently says "HTTPS-mode". We might need to duplicate the string for HTTPS-first, or maybe come up with something that makes sense in "plain language". For example "Automatic upgrade to a secure connection" with the options "On", "Off", and "Off Temporarily" makes sense in English and likely could be localized OK. It's a tiny bit long? Some people might not know what a "secure connection" means in practical terms? Could also use something like "Automatic upgrade to https:" which most users should be able to connect to the URL they type. The panel already says "Connection secure" (or insecure) elsewhere.

Note: in private browsing mode https-only does not allow you to save any permanent exceptions. I believe it does not use any set in non-private browsing because of possible privacy leakage (though maybe that case could be argued). https-FIRST in private browsing should be consistent with whatever was decided for https-ONLY.

Summary: Create exposed UX for overriding https-first → Create exposed UX for overriding https-first (an escape hatch to use on broken sites)
See Also: → 1754982
See Also: → 1729618

I had earlier suggested some of this in bug 1729618 comment 4

Severity: -- → S3
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Duplicate of this bug: 1799711
Depends on: 1799708
Depends on: 1835792
Depends on: 1838183
Assignee: nobody → mjurgens
Status: NEW → ASSIGNED
Whiteboard: [domsecurity-backlog1] → [domsecurity-active]
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
status-firefox117: --- → fixed
Target Milestone: --- → 117 Branch
Blocks: 1859850
You need to log in before you can comment on or make changes to this bug.