New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 763442 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Sep 2017
Cc:
sandeepkumars@chromium.org
fgor...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 3
Type: Bug
Team-Security-UX



Sign in to add a comment

Security chip not showing in some HTTPS pages with mixed content

Project Member Reported by carlosk@chromium.org, Sep 8 2017 
Chrome Version: 61.0.3163.81
OS: Android Oreo

What steps will reproduce the problem?
(1) Navigate to https://badssl.com/
(2) Navigate to each of the pages under "Mixed Content"
(3) All but the first "Mixed Script" don't show any security chip

The same happens for me when browsing https://m.facebook.com where I noticed it. And this seems to only happen on "small" Android devices (phones, not tablets).

This stops long-press on the omnibox from working too. One can still access to the functionality provided by tapping the chip or long-pressing by -- as I just learned -- tapping the 3-dot-menu and then the "i" icon.

What is the expected result?
I'm unsure if this is a bug or WAI. But it feels weird that a) an HTTPS site doesn't show a chip and b) that a page with mixed content doesn't show a chip.

What happens instead?
IMO a security chip should be presented for all/most of these cases.

Comment 1 by sandeepkumars@chromium.org, Sep 11 2017

Cc: sandeepkumars@chromium.org
Labels: Needs-triage-Mobile Needs-Feedback
Tested the issue using #61.0.3163.81 on Pixel Android Oreo 8.0.0 as per the steps mentioned in comment #0.

Observed on clicking lock icon a security chip is seen. Could you please provide us the sample screenshot or screencast to better understanding of the issue.

Thanks!!

Comment 2 by elawrence@chromium.org, Sep 19 2017

Labels: -Needs-Feedback
Status: WontFix (was: Untriaged)
This is working as intended.

// On some (mobile) form factors, the security indicator icon is hidden to save
// UI space. This returns whether the icon should always be shown for the given
// |security_level|, i.e. whether to override the hiding behaviour.
bool ShouldAlwaysShowIcon(SecurityLevel security_level);

In the case of passive mixed content, the icon is suppressed because the security state is NONE; it remains available in the overflow menu.

On Tablet and Desktop form factors, the security indicator icon is not suppressed.

Sign in to add a comment