Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Fixed UI for passive (display) mixed content #2168

Closed
luixxiul opened this issue Jun 12, 2016 · 7 comments · Fixed by #7571
Closed

Fixed UI for passive (display) mixed content #2168

luixxiul opened this issue Jun 12, 2016 · 7 comments · Fixed by #7571

Comments

@luixxiul
Copy link
Contributor

luixxiul commented Jun 12, 2016

Test plan

#7571 (comment)


Describe the issue you encountered: I tried to add a class to urlbarIcon on mixed content pages, and noticed that isMixedContent did not seem to be ready yet though it was mentioned here: https://github.com/brave/browser-laptop/blob/master/js/components/siteInfo.js#L18

Because of it the siteInfo panel on https://mixed-script.badssl.com/ says that the site is secure where it should not, though the script is blocked.

@luixxiul luixxiul added security design A design change, especially one which needs input from the design team. labels Jun 12, 2016
@bbondy
Copy link
Member

bbondy commented Jun 12, 2016

This is probably legacy from when we were based on Gecko. cc @diracdeltas

@diracdeltas
Copy link
Member

yup, isMixedContent is not hooked up to anything yet. it's fine that we show https://mixed-script.badssl.com/ as secure since the active mixed content (scripts) is blocked from running by the mixed content blocker. we should show a warning of some kind for passive mixed content though.

@luixxiul luixxiul removed the security label Jun 13, 2016
@luixxiul
Copy link
Contributor Author

luixxiul commented Jun 14, 2016

I see, then how about changing This site is secure to Secure connection on the siteinfo panel as Firefox does?

Also the complete info of cert on the lock icon has been asked for. See: #1248 (comment)

@diracdeltas
Copy link
Member

@luixxiul sure, i would accept that

@bridiver
Copy link
Collaborator

bridiver commented Sep 1, 2016

Related #3447
#3651
Wondering if we should provide a visual notification that mixed content was blocked?

@diracdeltas diracdeltas changed the title isMixedContent not working show some sort of UI for passive (display) mixed content Sep 21, 2016
@ayumi
Copy link
Contributor

ayumi commented Dec 4, 2016

bump

Saw that some amazon product pages (example) load some images over http. It would be sweet to allow blocking of passive mixed content or at least show an icon.

screen shot 2016-12-03 at 20 08 34

screen shot 2016-12-03 at 20 05 51

Chrome – for comparison:
screen shot 2016-12-03 at 20 08 03
screen shot 2016-12-03 at 20 07 54

@diracdeltas
Copy link
Member

chrome shows the insecure UI for passive mixed-content pages. i propose we show the insecure (unlocked) icon but in grey instead of red so it's somewhat less scary.

@diracdeltas diracdeltas self-assigned this Mar 7, 2017
@diracdeltas diracdeltas modified the milestones: 0.13.6, 1.0.0 Mar 8, 2017
diracdeltas added a commit that referenced this issue Mar 8, 2017
fix #2168

Auditors: @darkdh

Test Plan:
1. automated tests related to lockIcon should pass
2. go to mixed.badssl.com; the icon should be a grey unlocked icon
3. clicking on the icon should tell you that the page is partially insecure
@alexwykoff alexwykoff changed the title show some sort of UI for passive (display) mixed content Fixed UI for passive (display) mixed content Mar 28, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

8 participants