Closed Bug 469848 Opened 17 years ago Closed 16 years ago

Add bad certificate exceptions without showing a separate UI

Categories

(Firefox for Android Graveyard :: General, defect)

defect
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED
fennec1.0b5

People

(Reporter: mfinkle, Assigned: mfinkle)

References

Details

(Whiteboard: [fennec l10n])

Attachments

(8 files)

Even running full screen, the dialog is too large to see the buttons at the bottom. We could use an overlay to tweak the content and/or style of the dialog
Keywords: uiwanted
Blocks: 482816
tracking-fennec: --- → ?
tracking-fennec: ? → 1.0b2+
OS: Windows XP → All
Hardware: x86 → All
tracking-fennec: 1.0b2+ → 1.0b3+
Assignee: nobody → mark.finkle
This is a duplicate of bug 436076
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
Status: VERIFIED → REOPENED
Resolution: DUPLICATE → ---
Not a dupe of bug 436076
Status: REOPENED → ASSIGNED
Just to be sure what's needed to do : When I go to https://mozilla.org, I first get a spontaneous popup dialog (#1) titled "Secure Connection Failed" and that displays just the same information as the web page, and has two buttons : "View Certificate" and "Cancel". Do we need this dialog at all ? Choosing "Or you can add an exception..." and "Add Exception...", the dialog (#2) is "Add Security Exception", and the "View..." button opens the certificate details dialog which is way too big (#3). On fennec would this be acceptable : - get rid of #1 - #2 : rework to blend in fennec UI (eg. using our own dialogs) - #3 rework or suppress ? At least the "Details" tab doesn't seem very usable on a mobile device.
All previous screenshots have been captured after opening https://mozilla.org/
* Dialog #1, we'd like to remove from Fennec * Dialog #2, I'd like to discuss whether we need it, or can we just add the exception without a UI If we need Dialog #2, we'll need to discuss the need for Dialog (#3 & #4)
We removed Dialog #1 with bug 515188 We decided to remove Dialog #2 as well and we can use this bug to do it. The plan now is to add a third button to the webcontent page to add a permanent exception. Adding an exception, temporary or permanent, would silently add the exception. No other UI would be displayed. We need to determine the final text for the buttons. I believe the current thinking is: [Get me out of here] [Allow once] [Always allow]
Summary: View Certificate dialog is too tall for n810 → Add bad certificate exceptions without showing a separate UI
It would also be a good idea to use (as the starting point) the improved version of the exception screen now in Firefox. See attachment for the new proposed buttons in context.
Revised text for the buttons: "View site" and "Add permanent exception"
Blocks: 477628
Keywords: uiwanted
Whiteboard: [fennec l10n]
Attached patch patchSplinter Review
This patch creates a copy of the aboutCertError system from Firefox in Fennec. The aboutCertError.xhtml has an additional button and new label in the DTD file. This patch does not silently add the temporary or permanent exception. I'll add that in a followup patch.
Attachment #399549 - Flags: review?(gavin.sharp)
Comment on attachment 399549 [details] [diff] [review] patch I'd like to have a diff between the netError.xhtml and the certError.xhtml page to check the l10n-impact changes here more easily. Technical bug I found, getURIFlags doesn't have a return anymore. The comment in mobile.js doesn't match the pref, about:neterror vs certerror.
Comment on attachment 399549 [details] [diff] [review] patch >diff --git a/components/AboutRedirector.js b/components/AboutRedirector.js >+ certerror: { >+ uri: "chrome://browser/content/aboutCertError.xhtml", >+ privileged: true > } Seems like this page doesn't actually need to be privileged, so try removing this? > getURIFlags: function(aURI) { >- return Ci.nsIAboutModule.ALLOW_SCRIPT; >+ let flags = Ci.nsIAboutModule.ALLOW_SCRIPT; >+ if (this._getModuleInfo(aURI).privileged) >+ flags |= Ci.nsIAboutModule.URI_SAFE_FOR_UNTRUSTED_CONTENT; > }, Don't think we need this change, as discussed on IRC. >diff --git a/themes/hildon/aboutCertError.css b/themes/hildon/aboutCertError.css >diff --git a/themes/wince/aboutCertError.css b/themes/wince/aboutCertError.css >+ background : url("chrome://browser/skin/section_expanded.png") left 0 no-repeat; >+ background-image: url("chrome://browser/skin/section_collapsed.png"); Need a bug on file for these, I guess? r=me with that.
Attachment #399549 - Flags: review?(gavin.sharp) → review+
Depends on: 514732
(In reply to comment #16) > (From update of attachment 399549 [details] [diff] [review]) > I'd like to have a diff between the netError.xhtml and the certError.xhtml page > to check the l10n-impact changes here more easily. Here is a diff between Firefox'x aboutCertError.xhtml and the Fennec aboutCertError.xhmtl: --- /home/mfinkle/Source/mozilla-trunk/mozilla/mobile/chrome/content/aboutCertError.xhtml +++ /home/mfinkle/Source/mozilla-trunk/mozilla/browser/components/certerror/content/aboutCertError.xhtml @@ -58,7 +58,7 @@ <head> <title>&certerror.pagetitle;</title> <link rel="stylesheet" href="chrome://browser/skin/aboutCertError.css" type="text/css" media="all" /> - <link rel="stylesheet" href="chrome://browser/content/aboutCertError.css" type="text/css" media="all" /> + <link rel="stylesheet" href="chrome://browser/content/certerror/aboutCertError.css" type="text/css" media="all" /> <!-- This page currently uses the same favicon as neterror.xhtml. If the location of the favicon is changed for both pages, the FAVICON_ERRORPAGE_URL symbol in toolkit/components/places/src/nsFaviconService.h @@ -262,8 +262,7 @@ <div> <p>&certerror.expert.content;</p> <p>&certerror.expert.contentPara2;</p> - <xul:button xmlns:xul='http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul' id='temporaryExceptionButton' label='&certerror.addTemporaryException.label;'/> - <xul:button xmlns:xul='http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul' id='permanentExceptionButton' label='&certerror.addPermanentException.label;'/> + <xul:button xmlns:xul='http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul' id='exceptionDialogButton' label='&certerror.addException.label;'/> </div> </div> </div> > Technical bug I found, getURIFlags doesn't have a return anymore. Reverted the method > The comment in mobile.js doesn't match the pref, about:neterror vs certerror. No, the comment is right. Without the pref, neterror is used.
(In reply to comment #17) > (From update of attachment 399549 [details] [diff] [review]) > >diff --git a/components/AboutRedirector.js b/components/AboutRedirector.js > > >+ certerror: { > >+ uri: "chrome://browser/content/aboutCertError.xhtml", > >+ privileged: true > > } > > Seems like this page doesn't actually need to be privileged, so try removing > this? I tried it, but we need it for the chrome:// css files. We could go contentaccessible=yes in the future > > getURIFlags: function(aURI) { > >- return Ci.nsIAboutModule.ALLOW_SCRIPT; > >+ let flags = Ci.nsIAboutModule.ALLOW_SCRIPT; > >+ if (this._getModuleInfo(aURI).privileged) > >+ flags |= Ci.nsIAboutModule.URI_SAFE_FOR_UNTRUSTED_CONTENT; > > }, > > Don't think we need this change, as discussed on IRC. Reverted > >diff --git a/themes/hildon/aboutCertError.css b/themes/hildon/aboutCertError.css > >diff --git a/themes/wince/aboutCertError.css b/themes/wince/aboutCertError.css > > >+ background : url("chrome://browser/skin/section_expanded.png") left 0 no-repeat; > > >+ background-image: url("chrome://browser/skin/section_collapsed.png"); > > Need a bug on file for these, I guess? Oops. I just threw them into the patch
pushed: https://hg.mozilla.org/mobile-browser/rev/957598191057 this is only the cert error page part, needed for string freeze. we still need to add the code to silently add the temporary or permanent exception. leaving open for now.
I really don't like these meta bugs as its really hard to file, track and then verify. If a patch has been pushed, can we create new bugs for the temp and perm exception patches?
Blocks: 518358
This patch uses code from exceptionDialog.js to add the correct type of SSL exception after one of the buttons is pressed. The functionality is in a new class in sslException.js which is used from the event handler in browser.js Some stuff I'd especially like to hear your opinion on: - "browser.ssl_override_behavior" is used to change the behaviour of the exception dialog. I'm not sure if and how this applies to Fennec, currently the code is still commented out - I was not able to get the certificate to create the override from the connetion info available. So I did what the dialog was doing and fetched the certificate with a new XmlHttpRequest. Is there a better way to get the certificate? - The handling of the private browsing state to prevent permanent exceptions.
Attachment #408361 - Flags: review?(mark.finkle)
Attachment #408361 - Flags: review?(mark.finkle) → review+
* Removed the commented code about "browser.ssl_override_behavior" pref. Ignoring it seems the best solution for now. * XMLHttpRequest ssems to work well. Might be another way, but I don't know it off-hand. We can always make it better later. * The PB check looks OK for now. Fennec currently doesn't support PB, so we get a message in the error console (on purpose), which we might decide to remove. pushed: https://hg.mozilla.org/mobile-browser/rev/d357a17b17c8 Thanks Steffen
Status: ASSIGNED → RESOLVED
Closed: 16 years ago16 years ago
Resolution: --- → FIXED
Target Milestone: --- → B5
verified FIXED on builds: Mozilla/5.0 (X11; U; Linux armv7l; Nokia N900; en-US; rv:1.9.2b2pre) Gecko/20091104 Firefox/3.6b2pre Fennec/1.0b5 and Mozilla/5.0 (X11; U; Linux armv6l; Nokia N8xx; en-US; rv:1.9.3a1pre) Gecko/20091104 Firefox/3.7a1pre Fennec/1.0b5
Status: RESOLVED → VERIFIED
Flags: in-litmus?
Blocks: 515438
I'm reassigning this to myself for adding litmus testcases for this (aakashd discussed this on irc with blassey and ted on #mobile).
Assignee: mark.finkle → martijn.martijn
Assignee: martijn.martijn → mark.finkle
Flags: in-litmus? → in-litmus?(martijn.martijn)
tracking-fennec: 1.0b3+ → ---
Flags: in-litmus?(martijn.martijn)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: