Closed Bug 918730 Opened 11 years ago Closed 11 years ago

Firefox should offer CTP per element again.

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Version:
24 Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 886792

People

(Reporter: gerhard.grossmann, Unassigned)

References

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0 (Beta/Release)
Build ID: 20130911164256

Steps to reproduce:

Since Firefox 24 the behaviour of the experimental Click to Play feature (CTP) has changed. It’s visible when the user has activated the plugins.click_to_play in about:config and set a plug to “ask to activate” on about:addons > plugins.

Before FF24 if you loaded a website with an element that needed the “blocked” plugin, you could click that element. At the first click the element started to run and a doorhanger opened to ask if you would like to activate the plugin for the whole domain. The decision was remembered by the browser. That behaviour was fine for example to stop YouTube videos from auto-playing in a background tab. But it missed the option to revert your decision easily.


Actual results:

In FF26 CTP shall be activated by default. In usability tests [https://mail.mozilla.org/pipermail/firefox-dev/attachments/20130701/86725128/attachment-0001.pdf] the developer team found out, that users didn’t like this security feature, especially when they had to activate every single element with a click. I don’t know how the test were in detail but obviously the users often couldn’t find the “always allow” setting for plugins and – as stated by the linked PDF – also didn’t like that setting when they found it (because of a feeling of unsecurity?).

So the developers opted for the solution which is implemented at the moment: All elements of a domain are blocked. If I click one element, it doesn’t play (!) but a doorhanger opens and asks if I want “allow now” the plugin for the domain or “allow now and remember”.

Result: Every single element with this plugin is activated on this domain – either for some time or forever. The option to activate only one element is gone.


Expected results:

MY SUGGESTION:

Offer a different choice. Ask: “Allow example.com to run ‘Example plugin’?” But then there should be the options “only clicked element” and “all elements” (standard). Below the question there should be a checkbox “Decide again in XX Minutes” (checked; depends on the setting plugin.sessionPermissionNow.intervalInMinutes in about:config).

So you won’t loose a CTP option and still offer users a simple way to avoid the CTP blocking in a secure way.
Blocks: click-to-play
Component: Untriaged → Plug-ins
Product: Firefox → Core
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.