Closed
Bug 447885
Opened 16 years ago
Closed 16 years ago
Self signed cert. exception UI requires JS to be enabled
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: mcepl, Assigned: johnath)
Details
(Whiteboard: requires NoScript w/non-default settings?)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1 Build Identifier: xulrunner-0:1.9-1.fc9.x86_64 If you goto a page like: https://lists.dulug.duke.edu/pipermail/yum/2007-August/010136.html ...then galeon/firefox/etc. will display a page telling you the SSL cert. is self signed etc. ... however the UI to fix this requires you have JS enabled. It also seems retarded that you can't say "just enable for this session/30m or whatever". Reproducible: Always Steps to Reproduce: 1.see above 2. 3.
|
||
Comment 1•16 years ago
|
||
Confirming the need for script -- do we need a <NOSCRIPT> section? Should we just remove the "click link to get buttons" bit (as in the expert mode)?
> It also seems retarded that you can't say "just enable for this session/30m
> or whatever".
You can: uncheck the "permanently store this exception" box and you get the cert enabled for just that session. For a site you visit more than once it is safer to remember the exception because then you will notice if someone is trying to intercept your connection with a different cert (this is analogous to SSH).
The fact that it takes four clicks to add the exception is being discussed elsewhere, I'm limiting this bug strictly to the undeniable problem that the SSL error dialog doesn't work if Javascript is disabled.Assignee: nobody → johnath
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.9.0.2?
|
||
Comment 3•16 years ago
|
||
johnath: Any update here? We can't block on it for 1.9.0.2, but we'd love a fix for 1.9.0.3.
Flags: wanted1.9.0.x+
Flags: blocking1.9.0.3?
Flags: blocking1.9.0.2?
Flags: blocking1.9.0.2-
Keywords: access
|
|
||
Updated•16 years ago
|
Flags: blocking1.9.0.4? → blocking1.9.0.4+
|
|
||
Updated•16 years ago
|
|
Assignee | |
Comment 4•16 years ago
|
||
tbh, I'm a little surprised to see this blocking branch. I mean, we should definitely fix it; the alternative right now is to go through the cert manager, which is annoyingly-more-complicated. But I can't get the behaviour described even by unchecking the "Enable Javascript" pref, I had to install NoScript and then override its default and tell it to block JS on neterror. So maybe there is a more common path that I'm missing here? You can also toggle the "browser.xul.error_pages.expert_bad_cert" pref to show the add exception block, of course, as Dan hints at. None of which is meant to suggest that this isn't a real bug that we should fix, just that I'm not clear on why it rises to the level of branch-blocker. Sam, Dan, what am I missing?
|
|
||
Comment 5•16 years ago
|
||
Hm, I think my assumption was that this affected accessibility at the time. I honestly don't remember why we plussed it though. Renominating so we can look at it during our triage today.
Flags: blocking1.9.0.4+ → blocking1.9.0.4?
Keywords: 4xp
|
|
||
Updated•16 years ago
|
|
|
||
Comment 6•16 years ago
|
||
I must've had NoScript in the restrictive mode described by Johnathan, I can't reproduce this with a fresh profile with javascript disabled. Works fine.
Status: NEW → RESOLVED
Closed: 16 years ago
Flags: wanted1.9.1?
Flags: blocking1.9.1?
Keywords: access
Resolution: --- → WORKSFORME
Whiteboard: requires NoScript w/non-default settings?
You need to log in
before you can comment on or make changes to this bug.
Description
•