New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 22 users

Issue metadata

Status: WontFix
Owner:
Closed: Dec 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug
Team-Security-UX


Sign in to add a comment
link

Issue 420813: ☂ Security UX for (Web) Developers

Reported by lgar...@chromium.org, Oct 6 2014 Project Member

Issue description

Every once in a while, someone suggests that we should expose certain security information somewhere in dev tools. I don't think anyone currently has an overview of what those should be.

Given that security is a core tenet of Chrome, and that there are lots of interacting security features under development, I think it might even be warranted to introduce a "Security" pane to the Chrome developer tools some day. For now, I just want to keep track of things so that things don't get *less* usable (i.e. related features spread out in different places
 

Comment 1 by lgar...@chromium.org, Oct 7 2014

 https://crbug.com/420774  – Mark insecure resources in network panel (dev tools)

Comment 2 by lgar...@chromium.org, Oct 7 2014

 https://crbug.com/160571  – Indicate when requests are rerouted due to HSTS

Comment 3 by palmer@chromium.org, Oct 7 2014

Blockedon: chromium:160571 chromium:420774
Labels: Cr-Platform-DevTools-UX
Status: Assigned

Comment 4 by lgar...@chromium.org, Oct 7 2014

I'm not aware of many security-specific features in dev tools, but I've started a document to keep track of them:

https://docs.google.com/a/chromium.org/document/d/11-SXwzCGBlk8q1cNtb7peZjb2UjRPrKSFhOfZhTOz24/edit

Comment 5 by lgar...@chromium.org, Oct 7 2014

Blockedon: chromium:365779
Found by Adrienne:

 https://crbug.com/365779  – Notify in console when an API fails because it needs to be called during a user action.

Comment 6 by lgar...@chromium.org, Oct 7 2014

Blockedon: chromium:421248
 https://crbug.com/421248  – Move the Connection Tab info from the Origin Info Bubble into the Dev Tools console

(Thanks to palmer@ for filing 421248 today.)

Comment 7 by lgar...@chromium.org, Oct 8 2014

Summary: Security UX for (Web) Developers (was: Security UX in Dev Tools)

Comment 8 by igrigo...@chromium.org, Oct 14 2014

Cc: igrigo...@chromium.org

Comment 9 Deleted

Comment 10 Deleted

Comment 11 by lgar...@chromium.org, Oct 15 2014

Cc: palmer@chromium.org
From an email thread about "Click to Play" for Flash: we should start notifying web developers if Flash is run from an insecure source.

Comment 12 by paulir...@chromium.org, Oct 16 2014

Labels: Cr-Platform-DevTools

Comment 13 by lgar...@chromium.org, Oct 16 2014

Blockedon: chromium:401386
401386 – 	Provide tools, guidance for web development when security features (such as HTTPS) are in play

(Thanks for CCing me on 401386, Paul!)

Comment 14 by lgar...@chromium.org, Oct 17 2014

Blockedon: chromium:149962
149962 - 	Implement a heuristic to cross out the "HTTPS" in the address bar when auth cookies are not secure.

In order for 149962 to be useful, we need to make it clear to devs what specifically happened, and why it's insecure.

Comment 15 by lgar...@chromium.org, Oct 21 2014

Blockedon: chromium:331110
https://crbug.com/331110 - Improve UI for net-internals#hsts: add way to see all hsts entries

Comment 16 Deleted

Comment 17 Deleted

Comment 18 Deleted

Comment 19 Deleted

Comment 20 Deleted

Comment 21 by lgar...@chromium.org, Oct 24 2014

[For future reference: Two commits were originally added to this issue by accident. I'd normally leave them here to avoid messing with the record, but I've deleted them because I expect this issue to be long-lived.
Their contents have been copied to  https://crbug.com/414843#c17  – A new kind of interstitial for when the clock is wrong]

Comment 22 by lgar...@chromium.org, Nov 17 2014

Related to 365779 and 365779: felt@ found that some permissions are blocked haphazardly on file:// URIs, without a warning on the console. We should:

- Make sure there is *some* universal policy for permissions across all origins (including file:// or data: URIs).
- Clearly display (and explain) failures to developers.

Comment 23 by lgar...@chromium.org, Nov 26 2014

Blockedon: chromium:436917
 https://crbug.com/436917  The inevitable Service Worker / DevTools meta-bug!

(Achievement unlocked: meta-meta bug status!)

Comment 24 by lgar...@chromium.org, Dec 1 2014

Blockedon: chromium:437466
 https://crbug.com/437466  Surface certificate warning root cause in the certificate details menu

Comment 25 by lgar...@chromium.org, Jan 7 2015

Blockedon: chromium:446723
https://crbug.com/446723 Web API Permission Inconsistencies

Comment 26 by lgar...@chromium.org, Jan 8 2015

Blockedon: chromium:445359
 https://crbug.com/445359  DevTools: Add Security Tab

Comment 27 by lgar...@chromium.org, Jan 8 2015

 https://crbug.com/445359  DevTools: Add Security Tab

Comment 28 by lgar...@chromium.org, Jan 14 2015

Blockedon: chromium:442590
 https://crbug.com/442590  Inform developers that support for EME APIs on HTTP origins will be deprecated

Comment 29 by lgar...@chromium.org, Jan 23 2015

Blockedon: chromium:441605
 https://crbug.com/441605  Command line option for whitelisting specific origins to ease development and testing of websites using Secure Origin only features

Comment 30 by lgar...@chromium.org, Jan 28 2015

Blockedon: chromium:282927
 Issue 282927 :	Don't show SSL interstitials for localhost

Comment 31 by lgar...@chromium.org, Jan 29 2015

Labels: Cr-Security-UX-WebDev

Comment 32 by lgar...@chromium.org, Feb 6 2015

Blockedon: chromium:425158
 Issue 425158 :	Detailed connection info on Clank

Comment 33 by lgar...@chromium.org, Mar 31 2015

Blockedon: chromium:472256

Comment 34 by f...@chromium.org, May 19 2015

Summary: ☂ Security UX for (Web) Developers (was: Security UX for (Web) Developers)

Comment 35 by lgar...@chromium.org, Jun 10 2015

Blockedon: chromium:498921

Comment 36 by lgar...@chromium.org, Mar 9 2016

Components: -Security>UX>WebDev
Labels: Hotlist-Security-UX-WebDev

Comment 37 by lgar...@chromium.org, Nov 23 2016

Components: -Platform>DevTools Platform>DevTools>Security

Comment 38 by lgar...@chromium.org, Nov 23 2016

Components: -Security>UX UI>Browser>Bubbles>PageInfo

Comment 39 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 40 by est...@chromium.org, Dec 1 2017

Status: WontFix (was: Assigned)
I think this bug is too broad to be useful, especially now that the devtools security panel has launched which seems to have been the main purpose of this bug.

Sign in to add a comment