New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 677291 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Feb 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug
Team-Security-UX



Sign in to add a comment

Measure form submissions after showing "Not secure" or Form-Not-Secure warnings are shown

Project Member Reported by est...@chromium.org, Dec 28 2016

Issue description

It would be interesting to see whether there is a drop in form submissions for forms that show that "Not Secure" and/or form-not-secure warnings. This would help indicate whether the warnings are influencing user behavior.
 
Owner: est...@chromium.org
Status: Started (was: Available)
Project Member

Comment 2 by bugdroid1@chromium.org, Feb 2 2017

Labels: Merge-Request-57
Verified the commit in comment 2 on canary.
Project Member

Comment 4 by sheriffbot@chromium.org, Feb 6 2017

Labels: -Merge-Request-57 Hotlist-Merge-Approved Merge-Approved-57
Your change meets the bar and is auto-approved for M57. Please go ahead and merge the CL to branch 2987 manually. Please contact milestone owner if you have questions.
Owners: amineer@(clank), cmasso@(bling), ketakid@(cros), govind@(desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Please merge your change to M57 branch 2987 before 5:00 PM PT, Monday (02/06/) so we can pick it up for next Beta release. Thank you.
Project Member

Comment 6 by bugdroid1@chromium.org, Feb 6 2017

Labels: -merge-approved-57 merge-merged-2987
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9fc74678d1552a00425b8a591b540464ccd0f82c

commit 9fc74678d1552a00425b8a591b540464ccd0f82c
Author: Emily Stark <estark@google.com>
Date: Mon Feb 06 19:08:14 2017

Add HTTP-specific metrics for password forms

These metrics will help us track the effect of the Form-Not-Secure warnings
(which show a "Login not secure" message in the autofill dropdown on HTTP
pages).

BUG= 677291 

Review-Url: https://codereview.chromium.org/2667983006
Cr-Commit-Position: refs/heads/master@{#447867}
(cherry picked from commit 0cd28be01ef0b1f4a51d2806c4601264a53d4c53)

Review-Url: https://codereview.chromium.org/2675133004 .
Cr-Commit-Position: refs/branch-heads/2987@{#338}
Cr-Branched-From: ad51088c0e8776e8dcd963dbe752c4035ba6dab6-refs/heads/master@{#444943}

[modify] https://crrev.com/9fc74678d1552a00425b8a591b540464ccd0f82c/chrome/browser/password_manager/chrome_password_manager_client.cc
[modify] https://crrev.com/9fc74678d1552a00425b8a591b540464ccd0f82c/chrome/browser/password_manager/chrome_password_manager_client.h
[modify] https://crrev.com/9fc74678d1552a00425b8a591b540464ccd0f82c/components/password_manager/core/browser/password_form_manager.cc
[modify] https://crrev.com/9fc74678d1552a00425b8a591b540464ccd0f82c/components/password_manager/core/browser/password_form_manager.h
[modify] https://crrev.com/9fc74678d1552a00425b8a591b540464ccd0f82c/components/password_manager/core/browser/password_manager_client.cc
[modify] https://crrev.com/9fc74678d1552a00425b8a591b540464ccd0f82c/components/password_manager/core/browser/password_manager_client.h
[modify] https://crrev.com/9fc74678d1552a00425b8a591b540464ccd0f82c/tools/metrics/histograms/histograms.xml

Cc: brajkumar@chromium.org
Labels: Needs-Feedback
estark@ Could you please let us know is there any manual repro steps available to verify this issue from Chrome-TE end?

Thanks!
Re #7: no manual testing is necessary, thanks.
Project Member

Comment 9 by bugdroid1@chromium.org, Feb 9 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/57464d6c82bea1c759874da3101135e1ae1494eb

commit 57464d6c82bea1c759874da3101135e1ae1494eb
Author: estark <estark@chromium.org>
Date: Thu Feb 09 20:50:02 2017

Record Autofill form events specially for nonsecure pages

The Form-Not-Secure experiment shows special "Payment not secure" warnings for
credit card forms on HTTP pages. This CL records credit card autofill form
events in a special histogram broken out for nonsecure pages, to measure the
impact of these "Payment not secure" warnings on form interactions.

To do so, the FormEventLogger needs to know whether the main frame URL is
secure, at a point at which it doesn't have access to a form origin URL. iOS is
the only platform on which IsContextSecure used the form_origin parameter, and
there was an existing TODO to fix that (https://crbug.com/505388). So this CL
removes the form_origin parameter from IsContextSecure, fixes the iOS TODO, and
uses the resulting IsContextSecure method to record nonsecure form metrics.

BUG= 677291 , 687823 ,505388

Review-Url: https://codereview.chromium.org/2672623005
Cr-Commit-Position: refs/heads/master@{#449402}

[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/android_webview/native/aw_autofill_client.cc
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/android_webview/native/aw_autofill_client.h
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/chrome/browser/ui/autofill/chrome_autofill_client.cc
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/chrome/browser/ui/autofill/chrome_autofill_client.h
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/components/autofill/core/browser/autofill_assistant.cc
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/components/autofill/core/browser/autofill_client.h
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/components/autofill/core/browser/autofill_manager.cc
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/components/autofill/core/browser/autofill_manager_unittest.cc
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/components/autofill/core/browser/autofill_metrics.cc
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/components/autofill/core/browser/autofill_metrics.h
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/components/autofill/core/browser/autofill_metrics_unittest.cc
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/components/autofill/core/browser/test_autofill_client.cc
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/components/autofill/core/browser/test_autofill_client.h
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/components/password_manager/core/browser/password_autofill_manager.cc
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/ios/chrome/browser/autofill/autofill_controller.mm
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/ios/chrome/browser/ui/autofill/BUILD.gn
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/ios/chrome/browser/ui/autofill/autofill_client_ios.h
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/ios/chrome/browser/ui/autofill/autofill_client_ios.mm
[modify] https://crrev.com/57464d6c82bea1c759874da3101135e1ae1494eb/tools/metrics/histograms/histograms.xml

Project Member

Comment 10 by bugdroid1@chromium.org, Feb 10 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c

commit 6a75ce0ed0fc234ac83451d91d96e77e01a9e84c
Author: Emily Stark <estark@google.com>
Date: Fri Feb 10 19:33:27 2017

Record Autofill form events specially for nonsecure pages

The Form-Not-Secure experiment shows special "Payment not secure" warnings for
credit card forms on HTTP pages. This CL records credit card autofill form
events in a special histogram broken out for nonsecure pages, to measure the
impact of these "Payment not secure" warnings on form interactions.

To do so, the FormEventLogger needs to know whether the main frame URL is
secure, at a point at which it doesn't have access to a form origin URL. iOS is
the only platform on which IsContextSecure used the form_origin parameter, and
there was an existing TODO to fix that (https://crbug.com/505388). So this CL
removes the form_origin parameter from IsContextSecure, fixes the iOS TODO, and
uses the resulting IsContextSecure method to record nonsecure form metrics.

BUG= 677291 , 687823 ,505388

Review-Url: https://codereview.chromium.org/2672623005
Cr-Commit-Position: refs/heads/master@{#449402}
(cherry picked from commit 57464d6c82bea1c759874da3101135e1ae1494eb)

Review-Url: https://codereview.chromium.org/2688053003 .
Cr-Commit-Position: refs/branch-heads/2987@{#445}
Cr-Branched-From: ad51088c0e8776e8dcd963dbe752c4035ba6dab6-refs/heads/master@{#444943}

[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/android_webview/native/aw_autofill_client.cc
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/android_webview/native/aw_autofill_client.h
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/chrome/browser/ui/autofill/chrome_autofill_client.cc
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/chrome/browser/ui/autofill/chrome_autofill_client.h
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/components/autofill/core/browser/autofill_assistant.cc
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/components/autofill/core/browser/autofill_client.h
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/components/autofill/core/browser/autofill_manager.cc
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/components/autofill/core/browser/autofill_metrics.cc
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/components/autofill/core/browser/autofill_metrics.h
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/components/autofill/core/browser/autofill_metrics_unittest.cc
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/components/autofill/core/browser/test_autofill_client.cc
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/components/autofill/core/browser/test_autofill_client.h
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/components/password_manager/core/browser/password_autofill_manager.cc
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/ios/chrome/browser/autofill/autofill_controller.mm
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/ios/chrome/browser/ui/autofill/BUILD.gn
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/ios/chrome/browser/ui/autofill/autofill_client_ios.h
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/ios/chrome/browser/ui/autofill/autofill_client_ios.mm
[modify] https://crrev.com/6a75ce0ed0fc234ac83451d91d96e77e01a9e84c/tools/metrics/histograms/histograms.xml

Status: Fixed (was: Started)

Sign in to add a comment