New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 771941 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner:
Last visit > 30 days ago
Closed: Oct 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows
Pri: 1
Type: Bug



Sign in to add a comment

On clicking "Site is legitimate” , the url didn't turn into secure and still shows as Not Secure.

Project Member Reported by hdodda@chromium.org, Oct 5 2017

Issue description

Chrome Version: M63 #63.0.3232/33.0
OS: windows 10 , ubuntu 14.04

What steps will reproduce the problem?
(1) Follow the steps for the usecase 3 from the test plan (https://docs.google.com/document/d/1xzqL49WhF56Vum3vQMOt5K29aRpAp7zMLrAnDe0cY_M/edit#)
(2) Observe that on clicking the "site is legitimate" , the url is not turned to secure and is in Not secure state.

What is the expected result?
On clicking "Site is legitimate” , the url should turn into secure state
What happens instead?
On clicking "Site is legitimate” , the url didn't turn into secure and still shows as Not Secure.

Please use labels and text to provide additional information.


Couldn't attach screencast as once the site is legitimate is clicked , the scary warning didn't show up again and tried in different machines.


 
Status: WontFix (was: Assigned)
hdodda@, thanks for reporting and the detailed repro steps.
This is actually working as intended. 

Let me explain the 3 security states we care about here:

DANGEROUS [red]:  There is known malicious content on the page (e.g. password phishing)
SECURE [green]: Page has no malicious content and using https
NOT SECURE [grey]: Page has no malicious content but is using http

Based on your previous screencast, you're using the http:// version of the testing page (i.e. when you first visit the testing page, it has a NOT SECURE state). 

When the scary warning is triggered, the security state changes to DANGEROUS [red]. And after you clicking "sige is legitimate", "DANGEROUS" security state disappears, it should returns to the original security state, (a.k.a "NOT SECURE").

The screenshots in testing plan is taken on https:// version of the testing page. I have added a note to the testing plan to indicate that if test is done on the http version of testing page, NOT SECURE should be shown for test case C. 

Sign in to add a comment