Closed Bug 978803 Opened 12 years ago Closed 9 years ago

Site identity button in Firefox OS browser app incorrectly presents a green padlock for https web pages whose certificate has been overridden by the user

Categories

(Firefox OS Graveyard :: General, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: bshas3, Unassigned)

References

Details

(Keywords: ux-consistency)

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 (Beta/Release) Build ID: 20140218140359 Steps to reproduce: Build Identifier: 20140212121108 Device: Peak 1. Visit https://summitbook.mozilla.org/ in the browser in the browser app 2. Override the certificate error temporarily by clicking visit page. 3. The page loads with a green padlock icon. Actual results: The page whose certificate has been temporarily overridden loads with a green padlock. Expected results: To be consistent with the desktop browser, the page should load with a gray padlock. Caveat: The desktop browser has an additional security dialog that pops-up on clicking the site identity button. This dialog which tells the user about a manual certificate override is absent on the Firefox OS browser app. Suggestion: For intuitive user experience, present a broken padlock for pages loaded after a certificate override.
Component: Gaia::Browser → General
Keywords: ux-consistency
This is known behavior, but I agree it would be better to make it consistent with desktop. I believe RocketBar was to provide the solution to this issue, but I'm not sure if this is planned for 1.4 or 1.5 at the moment. This bug is almost certainly a dupe, since we have many other SSL bugs on file, but Im not going to dupe it until I can make sure someone is actually thinking about this. See also bug 941178 which seems related though not sure if this includes this specific change. For now Ill mark depends but it is maybe a dupe.
Status: UNCONFIRMED → NEW
Depends on: 941178
Ever confirmed: true
>> See also bug 941178 which seems related though not sure if this includes this specific change. The padlock does turn green if connection is over SSL. Turning green for overrides however, is a false positive. FWIW: Gecko SHA-ID: dcea739f1565d630c32e166fb17cc440d6e4640b The secure browser UI is picking the state of the lock from the transport security info service in gecko/security/manager/ssl/src/TransportSecurityInfo.cpp:123 where Cert overrides are possibly mapped to a secure state. So ensuring that transport security info service maintains a state for cert overrides, one that maps to STATE_IS_BROKEN would be good. STATE_IS_BROKEN should display a broken gray padlock for overrides which is inutitive specially since the security info dialog cannot be factored in on mobile.
Ben, are there any plans to improve the SSL indicator as part of migrating browser app to be part of the Firefox OS system?
Flags: needinfo?(bfrancis)
The Browser API exposes three security states via the securitychange event: * secure * broken * insecure The browser app displays different icons accordingly: * secure - green icon * broken - grey icon with a line through it * insecure - no icon https://github.com/mozilla-b2g/gaia/blob/master/apps/browser/style/browser.css#L316 If there is a bug then it is in the mappings of these values in the platform, as suggested in comment 2, so please file a bug for that. As far as I know there are no improvements planned as part of the Rocketbar implementation. In fact all the Rocketbar specification has to say about the padlock icon is: "An SSL icon is shown if the page the user is visiting is served over HTTPS/SSL." (Page 59) https://mozilla.app.box.com/s/2tix674298wtc4e4hewh/1/1399872384/16451967037/1 If implemented literally, this would actually have less features than the current browser app as it doesn't mention the "broken" icon. If you think there are ways this specification could be improved then please file a bug under the Gaia::System::Browser Chrome component with your recommendations and add the uiwanted and productwanted keywords. Thanks :)
Flags: needinfo?(bfrancis)
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.