New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 717567 link

Starred by 1 user
Status: Duplicate
Merged: issue 504499
Owner:
lgar...@chromium.org
Last visit > 30 days ago
Closed: May 2017
Cc:
jmukthavaram@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Regression
Team-Security-UX



Sign in to add a comment

DevTools security panel "Not secure" summary not helpful on HTTP/403 NetError page

Reported by bry...@gmail.com, May 2 2017 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3087.0 Safari/537.36

Steps to reproduce the problem:
1. Visit website that has 'security' issue
2. Open dev tools, go to security tab
3. security overview just says 'page is not secure' with no good explanation of what's wrong/ 

What is the expected behavior?
As with Stable channel 58, expect dev tools to show why there is a security problem and details on this

What went wrong?
Not showing why Chrome thinks the page is insecure or details to troubleshoot

Did this work before? Yes 58

Chrome version: 60.0.3087.0  Channel: canary
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: 

I realize canary is bleeding edge, but wanted to make sure it's going to be difficult to resolve security issues if we cant see details.

Comment 1 by eostroukhov@chromium.org, May 2 2017

Owner: lgar...@chromium.org

Comment 2 by lgar...@chromium.org, May 2 2017

Components: -Platform>DevTools Platform>DevTools>Security
I can't reproduce this; perhaps you're encountering a net error rather than an SSL interstitial.

Could you let me know what URLs you're having issues with?

Comment 3 by jmukthavaram@chromium.org, May 3 2017

Cc: jmukthavaram@chromium.org
Labels: Needs-Feedback
brysow@,
Could you please respond on comment#2 with the URLs you're having issues to triage further.
Thank you..!!

Comment 4 by bry...@gmail.com, May 3 2017 

This URL is an internal one, that i was testing for checking SHA-1 cert errors. So I can't share it, but here are the steps.

Visit site that redirected to SHA-1 site from SHA-2 site
See error regarding SHA-1 as  expected
Click continue under advanced to advance to new page
Click back to site that sprayed the error
In this case it is displaying a 403 error
When error 403 is displayed, it seems to just say insecure in dev tools but no details as normal

So it's sort of like a net error like Igar mentions, i.e. when you look at a site but you've lost network, but in this case it's if the site is giving back a 403 unauthorized error. When I revisit the same site later, when it does not generate a 403 error, I see the details. I can duplicate this in Chrome 58 as well. So Igar is kind of right, it behaves like this with a net error, but only when the site is giving a 403 error. Yesterday I did not correlate this only occurring when the site was giving back an http error code.
Project Member

Comment 5 by sheriffbot@chromium.org, May 3 2017

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "jmukthavaram@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by jmukthavaram@chromium.org, May 4 2017

Labels: TE-NeedsTriageHelp

Comment 7 by lgar...@chromium.org, May 4 2017

Mergedinto: 504499
Status: Duplicate (was: Unconfirmed)
Indeed, this is similar to the net error case.
We want to improve it, but normal pages are a priority.
Screen Shot 2017-05-04 at 13.56.13.png
198 KB View Download

Comment 8 by elawrence@chromium.org, May 4 2017

Summary: DevTools security panel "Not secure" summary not helpful on HTTP/403 NetError page (was: Canary build not showing security summary if Chrome says site is insecure)

Sign in to add a comment