Issue metadata
Sign in to add a comment
|
Marking login on HTTP as insecure doesn't work
Reported by
fra...@gmail.com,
Oct 8 2016
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7 Steps to reproduce the problem: 1. Install canary 2. Go to chrome://flags/#mark-non-secure-as, set "Display a verbose state when password or credit card fields are detected on an HTTP page" 3. Restart browser 4. Go to: http://http-password.badssl.com/ What is the expected behavior? The address bar should show "Not Secure": https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html What went wrong? I tried creating pages with both password field on HTTP and with a credit card form - none of them shows the "Not secure" badge. Did this work before? N/A Chrome version: 56.0.2884.0 (Official Build) canary (64-bit) Channel: canary OS Version: OS X 10.11.6 Flash Version: Shockwave Flash 23.0 r0
,
Oct 21 2016
emilyschechter@, can you take a look at this? (I have not tested locally.)
,
Oct 21 2016
Yep, this is a known bug, you actually have to flip two flags currently to get this behavior bc the verbose states (#security-chip) are default off until we get LR approval.
,
Oct 21 2016
,
Oct 21 2016
To the original reporter: in addition to flipping the #security-chip flag, it looks like you'll also need to update Chrome Canary to see the change. It's only available in 56.0.2895 and later. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by mar...@youbuyits.biz
, Oct 8 2016121 KB
121 KB View Download