User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:220.127.116.11) Gecko/20070219 Firefox/18.104.22.168 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:22.214.171.124) Gecko/20070219 Firefox/126.96.36.199 When submitting forms currently there are two security settings: 1. No warning about submitting data over unencrypted connection 2. with warning. Problem is that on some popular sites, for example search engines like google, each submission results in the popup warning. The only alternative right now is to turn warnings off. Reproducible: Always Steps to Reproduce: 1. In Tools->Options->Security->Warning Messages->Settings->Show a warning dialog when: check: I submit Information that's not encrypted Apply the change 2.access google.com; enter any search word; press "Enter" 3. Observe popup with a warning anout sending information over unencrypted connection Expected Results: ENHANCEMENT Introduce parameter which will allow to have warnings only if connection from the website to user is encrypted (https), but connection from the user to the website is not encrypted. This way warning popup will appear only when user expects connection to be secure because lock is shown and address bar turns yellow, but the security is only one way from website to user - connection from user to website is not encrypted. Current setting results in warning popup unless connection from user to website is secure. In every day browsing moajority of accesses are over unencrypted connection (web seearches for example). Acknowledging the popup on connections where user does not expect it to be secure becomes tedious and many will turn the warining off. Having ability to have warning only when user excpects security will results in many more users actually using the warning which is conditional.
As you can see using the attachment (which is hosted on an https site), Firefox already warns for https-to-http form submissions, even if you've disabled the http-to-http form submission dialog. The https-to-http dialog doesn't even have a checkbox for disabling it.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.