New option to Warn user about unencrypted connection only when lock is shown




12 years ago
12 years ago


(Reporter: njglin, Unassigned)


Firefox Tracking Flags

(Not tracked)




(1 attachment)



12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20070219 Firefox/
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20070219 Firefox/

When submitting forms currently there are two security settings:
1. No warning about submitting data over unencrypted connection
2. with warning.
Problem is that on some popular sites, for example search engines like google, each submission results in the popup warning.  The only alternative right now is to turn warnings off.

Reproducible: Always

Steps to Reproduce:
1. In Tools->Options->Security->Warning Messages->Settings->Show a warning dialog when:
   check: I submit Information that's not encrypted
   Apply the change
2.access; enter any search word; press "Enter"
3. Observe popup with a warning anout sending information over unencrypted connection

Expected Results:  
Introduce parameter which will allow to have warnings only if connection from
the website to user is encrypted (https), but connection from the user to the website is not encrypted.
This way warning popup will appear only when user expects connection to be secure because lock is shown and address bar turns yellow, but the security is only one way from website to user - connection from user to website is not encrypted.

Current setting results in warning popup unless connection from user to website is secure.  In every day browsing moajority of accesses are over unencrypted connection (web seearches for example).  Acknowledging the popup on connections where user does not expect it to be secure becomes tedious and many will turn the warining off.
Having ability to have warning only when user excpects security will results in many more users actually using the warning which is conditional.

Comment 1

12 years ago
Created attachment 266101 [details]
google search form

Comment 2

12 years ago
As you can see using the attachment (which is hosted on an https site), Firefox already warns for https-to-http form submissions, even if you've disabled the http-to-http form submission dialog.  The https-to-http dialog doesn't even have a checkbox for disabling it.
Last Resolved: 12 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.