Opened 8 months ago

Closed 8 months ago

Last modified 8 months ago

#22025 closed defect (fixed)

TBB 7.0a3 doesn't properly show HTTPS warning

Reported by: qbi Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff52-esr, tbb-usability, GeorgKoppen201704, TorBrowserTeam201704R
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When visiting a website with a "bad" certificate the browser usually shows a warning. With TBB7.0a3 I get a basically white window with a back back and an advanced button which does not work (see screenshot). I could reproduce this with several sites (https://pads.ccc.de https://www.geonames.org etc.).

Child Tickets

Attachments (1)

a.png (4.2 KB) - added by qbi 8 months ago.
Screenshot

Download all attachments as: .zip

Change History (8)

Changed 8 months ago by qbi

Attachment: a.png added

Screenshot

comment:1 Changed 8 months ago by arma

It works better for me. I'm on Linux 64-bit English.

Which platform are you on? Looks like you're using the Deutsch version?

comment:2 Changed 8 months ago by qbi

It is the german/deutsch 64 Bit version

comment:3 Changed 8 months ago by gk

Keywords: ff52-esr tbb-usability GeorgKoppen201704 TorBrowserTeam201704R added
Status: newneeds_review

Well, the problem is similar to the one in #21887: on higher security levels there is no JavaScript whitelisted for about:certerror pages. It seems we need that now. See: bug_22025 (https://gitweb.torproject.org/user/gk/tor-browser-bundle.git/commit/?h=bug_22025&id=59c8d12dad8ca01ddf8e21634448b0edb1c761f9) for a fix. qbi: If you look at the patch, you can fix that issue locally by adding about:certerror to the respective keys in your about:config.

comment:4 Changed 8 months ago by qbi

I did it and the certerror page works as expected. Thanks.

comment:5 Changed 8 months ago by mcs

r=mcs
This patch looks fine to me.

It would be great if there was a way for us to avoid overriding a default NoScript pref (and therefore to avoid this kind of problem in the future). But I guess we would need support in NoScript for one or more prefs that allow us to add to the list instead of replacing it.

comment:6 in reply to:  5 Changed 8 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

Replying to mcs:

r=mcs
This patch looks fine to me.

That's commit bf51814f82a93a2f26322a3eea7e31ef061edc6d on master now, thanks.

It would be great if there was a way for us to avoid overriding a default NoScript pref (and therefore to avoid this kind of problem in the future). But I guess we would need support in NoScript for one or more prefs that allow us to add to the list instead of replacing it.

Yes. So far there is no really good solution to this problem.

comment:7 Changed 8 months ago by bugzilla

Maybe, ask Maone?

Note: See TracTickets for help on using tickets.