Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

download from file:/// does not show 'Not Secure' - follow up to 1269 #1590

Closed
LaurenWags opened this issue Oct 15, 2018 · 7 comments
Closed

download from file:/// does not show 'Not Secure' - follow up to 1269 #1590

LaurenWags opened this issue Oct 15, 2018 · 7 comments
Labels
closed/invalid

Comments

@LaurenWags
Copy link
Member

Description

Found while testing #1269

Scenario 3 from test plan on brave/brave-core#597 does not show the unlock icon/'Not Secure' on hover when downloading from text file.

Steps to Reproduce

Download from a file://:

  1. Drag and drop a text file onto the browser.
  2. Right-click on the content and choose "Save as...".
  3. Select destination if asked.
  4. Observe download item appear in the download shelf on the bottom of the browser. --> Download item does not show the unlocked lock icon but the origin URL is file:///
  5. Point mouse to the download item and wait for the tool tip to appear. --> Tool tip does not contain the words "Not secure"

Actual result:

Download item missing unlock icon:
screen shot 2018-10-15 at 4 02 35 pm

Hover tool tip does not contain 'Not Secure':
screen shot 2018-10-15 at 4 03 03 pm

Expected result:

Unlock icon on download item and hover tool tip with 'Not Secure' text

Reproduces how often:

easily

Brave version (chrome://version info)

Brave 0.55.14 Chromium: 70.0.3538.54 (Official Build) beta(64-bit)
Revision 4f8e578b6680574714e9ed3bb9f02922b4dde40d-refs/branch-heads/3538@{#937}
OS Mac OS X

Reproducible on current release:

  • Does it reproduce on brave-browser dev/beta builds? yes reproduced on beta
  • Does it reproduce on browser-laptop? n/a

Website problems only:

  • Does the issue resolve itself when disabling Brave Shields?
  • Is the issue reproducible on the latest version of Chrome?

Additional Information

cc @diracdeltas
@LaurenWags LaurenWags added this to the 0.56.x milestone Oct 15, 2018
@LaurenWags LaurenWags mentioned this issue Oct 15, 2018
Closed
@diracdeltas
Copy link
Member

this is actually expected behavior; file:/// is considered a secure origin. cc @mkarolin

@srirambv
Copy link
Contributor

Muon showed the same but was late renamed to Local File. brave/browser-laptop#8786. Should probably do the same here as well.

@mkarolin
Copy link
Contributor

Yes, sorry, in the original implementation file:/// wasn't considered a secure source, but then on @diracdeltas' suggestion I switched to using an API function that's more sophisticated than just checking for https. file:/// is considered a secure source by that API (as well as about: and even http://localhost, if you ever test those).

@LaurenWags
Copy link
Member Author

@diracdeltas @mkarolin should scenario 3 on test plan in brave/brave-core#597 be updated?

@mkarolin
Copy link
Contributor

@LaurenWags yes, I'll update.

@mkarolin
Copy link
Contributor

Updated.

@LaurenWags
Copy link
Member Author

thanks - will close this issue out!

@LaurenWags LaurenWags modified the milestones: 0.56.x, Dupe / Invalid / Not actionable Oct 15, 2018
@bbondy bbondy removed this from the Dupe / Invalid / Not actionable milestone May 30, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closed/invalid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@diracdeltas @bbondy @srirambv @LaurenWags @mkarolin