New issue
Advanced search Search tips

Issue 837034 link

Starred by 2 users
Status: Fixed
Owner:
est...@chromium.org
Closed: May 2018
Cc:
ios-bugs-priority@chromium.org
ios-bugs@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , iOS , Chrome , Mac
Pri: 1
Type: Bug
Team-Security-UX



Sign in to add a comment

Enable "HTTP-Bad Final" by default on Canary

Project Member Reported by est...@chromium.org, Apr 26 2018 
All http:// pages should show gray Not Secure warnings by default.
Project Member

Comment 1 by bugdroid1@chromium.org, Apr 28 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e86b8ace758379697fe0e82e3a708e227334d0fb

commit e86b8ace758379697fe0e82e3a708e227334d0fb
Author: Emily Stark <estark@google.com>
Date: Sat Apr 28 01:39:23 2018

Enable "HTTP-Bad Final" by default

This CL enables the HTTP-Bad feature by default and sets it to warn on all
http:// pages, and updates tests accordingly.

Bug:  837034 
Cq-Include-Trybots: master.tryserver.chromium.mac:ios-simulator-cronet;master.tryserver.chromium.mac:ios-simulator-full-configs
Change-Id: I470aa09220df9e02833de8f8636ea2e66e2a6b05
Reviewed-on: https://chromium-review.googlesource.com/1029415
Commit-Queue: Emily Stark <estark@chromium.org>
Reviewed-by: Christopher Thompson <cthomp@chromium.org>
Cr-Commit-Position: refs/heads/master@{#554605}
[modify] https://crrev.com/e86b8ace758379697fe0e82e3a708e227334d0fb/chrome/browser/ssl/security_state_tab_helper_unittest.cc
[modify] https://crrev.com/e86b8ace758379697fe0e82e3a708e227334d0fb/components/security_state/core/features.cc
[modify] https://crrev.com/e86b8ace758379697fe0e82e3a708e227334d0fb/components/security_state/core/security_state.cc
[modify] https://crrev.com/e86b8ace758379697fe0e82e3a708e227334d0fb/components/security_state/core/security_state_unittest.cc
[modify] https://crrev.com/e86b8ace758379697fe0e82e3a708e227334d0fb/ios/chrome/browser/ssl/ios_security_state_tab_helper_unittest.mm

Comment 2 by est...@chromium.org, Apr 30 2018

Status: Fixed (was: Assigned)

Comment 3 by yangulo@chromium.org, May 1 2018

Status: Assigned (was: Fixed)
Unable to Verify 
Version: Chrome Canary 68.0.3416.0 
Device: iPhone 6, iPad 4
iOS: 10.3.3, 11.2.6

I am unable to see a gray "Not Secure" warning on http:// pages. As per description this should be enabled by default therefore no flags were used. My understanding per description is that a "Not Secure" grey text will be shown before http://
is this correct?

Screenshots
https://drive.google.com/open?id=1Mh5PUAvV8EjGYFIddFxagQBtd7mq2X8z
https://drive.google.com/open?id=1gRujy80ExOhKjixckgSTONGVTizQYYMp
https://drive.google.com/open?id=10DNsySWcp6_aVq7T88N0pcuQJl5lZsu1

I refered to these document
https://docs.google.com/document/d/1xno6g6OnA7strcyzE-o_drevW8L0Mb6ZBEkjsiwa6x0/edit#heading=h.jefe95ijvod2

https://docs.google.com/presentation/d/1GyWkYHyicSBMZkN2ommkgxaw37OnjDvdi39BcyQJMCU/edit#slide=id.g164c88b886_0_44

And I tried the following
http://www.bing.com
http://tickets.sfzoo.org

Comment 4 by yangulo@chromium.org, May 1 2018

Status: Fixed (was: Assigned)
Ignore previous comment. This seems to be Desktop only

As per https://docs.google.com/document/d/1xno6g6OnA7strcyzE-o_drevW8L0Mb6ZBEkjsiwa6x0/edit#heading=h.jefe95ijvod2

Sign in to add a comment