Bug 1310447 - Add a pref to display a negative indicator in the URL bar for non-secure sites
This patch adds a boolean pref "security.non-secure-warning.ui.enabled". If
this pref is enabled, then a non-secure warning will be shown for URLs wthat
have a host, but are not secure (including "http:" URLs). The pref is off by
default.
MozReview-Commit-ID: EtheUQkowLr
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1224,16 +1224,19 @@ pref("security.mixed_content.block_activ
// Show degraded UI for http pages with password fields.
// Only for Nightly, Dev Edition and early beta, not for late beta or release.
#ifdef EARLY_BETA_OR_EARLIER
pref("security.insecure_password.ui.enabled", true);
#else
pref("security.insecure_password.ui.enabled", false);
#endif
+// Show degraded UI for http pages; disabled for now
+pref("security.not_secure_connection_icon.enabled", true);
+
// 1 = allow MITM for certificate pinning checks.
pref("security.cert_pinning.enforcement_level", 1);
// Override the Gecko-default value of false for Firefox.
pref("plain_text.wrap_long_lines", true);
// If this turns true, Moz*Gesture events are not called stopPropagation()
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -7010,18 +7010,22 @@ var gIdentityHandler = {
if (this._isMixedActiveContentBlocked) {
this._identityBox.classList.add("mixedActiveBlocked");
}
if (!this._isCertUserOverridden) {
// It's a normal cert, verifier is the CA Org.
tooltip = gNavigatorBundle.getFormattedString("identity.identified.verifier",
[this.getIdentityData().caOrg]);
}
+ } else if (!this._uriHasHost) {
+ this._identityBox.className = "unknownIdentity";
} else {
- this._identityBox.className = "unknownIdentity";
+ let warnOnNonSecure = Services.prefs.getBoolPref("security.not_secure_connection_icon.enabled")
+ this._identityBox.className = (warnOnNotSecure)? "notSecure" : "unknownIdentity";
+
if (this._isBroken) {
if (this._isMixedActiveContentLoaded) {
this._identityBox.classList.add("mixedActiveContent");
} else if (this._isMixedActiveContentBlocked) {
this._identityBox.classList.add("mixedDisplayContentLoadedActiveBlocked");
} else if (this._isMixedPassiveContentLoaded) {
this._identityBox.classList.add("mixedDisplayContent");
} else {
--- a/browser/base/content/test/general/browser_bug590206.js
+++ b/browser/base/content/test/general/browser_bug590206.js
@@ -77,16 +77,38 @@ add_task(function* test_https() {
is(getIdentityMode(), "unknownIdentity", "Identity should be unknown");
gBrowser.selectedTab = newTab;
is(getIdentityMode(), "verifiedDomain", "Identity should be verified");
gBrowser.removeTab(newTab);
});
+add_task(function* test_not_secure() {
+ let oldTab = gBrowser.selectedTab;
+
+ let prefName = "security.not_secure_connection_icon.enabled"
+ yield new Promise(r => SpecialPowers.pushPrefEnv({set:
+ [[prefName, true]]}, r));
+
+ let newTab = yield loadNewTab("http://example.com/" + DUMMY);
+ is(getIdentityMode(), "notSecure", "Identity should be not secure");
+
+ gBrowser.selectedTab = oldTab;
+ is(getIdentityMode(), "unknownIdentity", "Identity should be unknown");
+
+ gBrowser.selectedTab = newTab;
+ is(getIdentityMode(), "notSecure", "Identity should be not secure");
+
+ Services.prefs.setBoolPref(prefName, prefValue);
+ gBrowser.removeTab(newTab);
+
+ yeild new Promise(r => SpecialPowers.popPrefEnv(r));
+});
+
add_task(function* test_addons() {
let oldTab = gBrowser.selectedTab;
let newTab = yield loadNewTab("about:addons");
is(getIdentityMode(), "chromeUI", "Identity should be chrome");
gBrowser.selectedTab = oldTab;
is(getIdentityMode(), "unknownIdentity", "Identity should be unknown");
--- a/browser/themes/shared/identity-block/icons.inc.css
+++ b/browser/themes/shared/identity-block/icons.inc.css
@@ -43,16 +43,17 @@
visibility: visible;
}
@selectorPrefix@#urlbar[pageproxystate="valid"] > #identity-box.certUserOverridden > #connection-icon@selectorSuffix@ {
list-style-image: url(chrome://browser/skin/connection-mixed-passive-loaded.svg#icon@iconVariant@);
visibility: visible;
}
+@selectorPrefix@#urlbar[pageproxystate="valid"] > #identity-box.notSecure > #connection-icon@selectorSuffix@,
@selectorPrefix@#urlbar[pageproxystate="valid"] > #identity-box.insecureLoginForms > #connection-icon@selectorSuffix@,
@selectorPrefix@#urlbar[pageproxystate="valid"] > #identity-box.mixedActiveContent > #connection-icon@selectorSuffix@ {
list-style-image: url(chrome://browser/skin/connection-mixed-active-loaded.svg#icon@iconVariant@);
visibility: visible;
}
@selectorPrefix@#urlbar[pageproxystate="valid"] > #identity-box.weakCipher > #connection-icon@selectorSuffix@,
@selectorPrefix@#urlbar[pageproxystate="valid"] > #identity-box.mixedDisplayContent > #connection-icon@selectorSuffix@,