New issue
Advanced search Search tips

Issue 912045 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Dec 5
Cc:
rhalavati@chromium.org
ios-bugs@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: iOS
Pri: 3
Type: Feature



Sign in to add a comment

Gray triangle icon is displayed in omnibox for http urls

Project Member Reported by rakurati@chromium.org, Dec 5 
App Version: 72.0.3626.0 Canary
iOS Version: 11.4.1, 12.1.1 beta#3
Device: iPhone and iPad                                                                                                                                                                                                                                                                   

Prerequisite: Set ‘Mark non-secure origins as non-secure’ flag to ‘Enabled(mark as actively dangarous)’ in chrome://flags

Steps to reproduce:
1.Launch chrome with the above mentioned flags
2.Load http page like http://http-textarea.badssl.com

Observed results:
Notice that triangle icon is displayed in gray 

Note: In Desktop and Android the danger triangle icon is displayed in correct.

Expected results:
Danger triangle icon should be displayed in red

Number of times you were able to reproduce: 5/5
Bug reproducible after clean install: Yes
Bug reproducible after clearing cache and cookies: Yes
Bug reproducible on Chrome Mobile on Chrome Desktop: No
Bug reproducible on Chrome Mobile on Android: No
Bug reproducible on Safari/Firefox: Firefox: NA, Safari: NA
Bug reproducible on current stable build (App Version, iOS Version): Yes on M70 
Bug reproducible on the current beta channel build (App Version, iOS Version): Yes on M71 Beta 

Link to Video:

Chrome iOS behavior:
https://drive.google.com/file/d/1s3qZu1Uw2Q02DVoGiAYmypBKNZfIR67H/view?usp=sharing

Chrome Android behavior:
https://drive.google.com/file/d/1kPPlY5g3pzbZvtctrm5nt06Q3k1yEMGf/view?usp=sharing

Comment 1 by jdeblasio@chromium.org, Dec 5

Cc: rhalavati@chromium.org
Labels: -Restrict-View-Google -Type-Bug -Pri-2 -found-in-m72 Team-Security-UX FoundIn-71 Pri-3 Type-Feature
Status: Available (was: Untriaged)
This is very similar to bug 901684, but applied to iOS instead of Desktop incognito. Quoting comment #4 from there:

Thanks for the request! 

We've seen that color is less important than having a unique icon shape and communicating with strings, particularly because colors don't mean the same things to everyone, and some people don't see color. https://www.usenix.org/system/files/conference/soups2016/soups2016-paper-porter-felt.pdf

IMO, in a world of limited design & eng resources, this is low priority. Once we roll out /!\ Not Secure to all HTTP, we should instead think about whether we should actually be doing something stronger with UI like a full-page block, etc, that will affect user behavior in a more impactful way.

--

Though I agree that the current behavior isn't ideal, I'm labeling this as a low-priority feature request. I'm also adding rhalavati@, since he was interested in the other bug, although the privacy implications seem likely lesser here.

Comment 2 by cthomp@chromium.org, Dec 5

Status: WontFix (was: Available)
Ah, this is known behavior on iOS actually. The design on iOS was intentional to mimic the design guidelines for that platform.

I'll update the test plan doc for Issue 905451 to clarify this.

Comment 3 by rhalavati@google.com, Dec 6 

#1, Thanks, it seems that we are moving from "HTTM Meh", to "HTTP Bad", but we are not yet at "HTTP Very Bad"!

Sign in to add a comment