Opened 9 years ago

Closed 3 years ago

#3837 closed enhancement (fixed)

Better dialog for 3rd party auth

Reported by: mikeperry Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-usability, ff52-esr-will-have
Cc: gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The mechanism used in #3748 to disable 3rd party auth currently will cause the browser to repeatedly throw http auth prompts at the user if a site attempts to use auth.

My view is that while this is confusing, at least it is better than sites silently failing. At least it might clue users into filing bugs.

We should try to find a way to replace/augment this dialog for the 3rd party case though.

Child Tickets

Change History (11)

comment:1 Changed 9 years ago by gk

Cc: g.koppen@… added

comment:2 Changed 9 years ago by gk

One additional problem with getting always a modal dialog locking your normal browser session is the possibility that users are entering real authentication tokens due to confusion. Thus, we should avoid showing a modal dialog here at all. Rather a notification box indicating the problem and including a button to show the auth request would be optimal here. As a side effect: This setup would help as well to include a respective feature in an anon test as it wouldn't disrupt it any longer as the modal dialog does at the moment.

comment:3 Changed 9 years ago by mikeperry

Milestone: TorBrowserBundle 2.3.x-stable

comment:4 Changed 9 years ago by gk

comment:5 Changed 9 years ago by mikeperry

Keywords: MikePerry201205 added

Adding keyword to keep this on my radar for next month.

comment:6 Changed 9 years ago by gk

See lines 99-167 in safeCache.jsm linked to above now. I had to add a small bugfix to avoid some false positives.

comment:7 Changed 8 years ago by gk

A fix for another corner case got added. See lines 98-185 now.

comment:8 Changed 8 years ago by mikeperry

Priority: majornormal
Status: newneeds_revision

Every time I think about doing this, I decide there is something more important to do instead. I think it primarily qualifies as a UI/Usability issue.

However, since there is an implementation of a fix that just needs some banging on to get it into Torbutton, I'm also going to flag it as needs_revision. Hopefully that will keep it from being ignored forever.

comment:9 Changed 8 years ago by mikeperry

Keywords: MikePerry201205 removed

comment:10 Changed 3 years ago by cypherpunks

Component: TorBrowserButtonApplications/Tor Browser
Keywords: tbb-usability added
Milestone: TorBrowserBundle 2.3.x-stable
Owner: changed from mikeperry to tbb-team
Severity: Normal
Status: needs_revisionassigned

Fixed or some concerns in comment:2 should be addressed?

comment:11 Changed 3 years ago by gk

Cc: gk added; g.koppen@… removed
Keywords: ff52-esr-will-have added
Resolution: fixed
Status: assignedclosed

Made more or less obsolete with the switch to first-party isolation for HTTP auth.

Note: See TracTickets for help on using tickets.