Update for "Improving the cert-error pages for Firefox" [Outreachy project, 2018]

154 views
Skip to first unread message

Trisha Gupta

unread,
Aug 14, 2018, 10:21:41 AM8/14/18
to firef...@mozilla.org

Hello all,


I am Trisha Gupta (:trisha), an Outreachy intern for the summer cohort. I have been working on improving the certificate error pages for Firefox along with my mentor, Johann Hofmann (:johannh).


I am extremely pleased to inform you that we have enabled the new cert-error pages by default in Nightly, and we plan to let them ride the trains with Firefox 64.


Project meta bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1463693


The project aimed at: changing the design and copy of the certificate error pages. We also added a clock skew error page for when we are 100% sure about there being a system clock error.


We also had some button behavior changes. For instance, changing the behavior of the “Add exception” button where earlier, a dialog opened up and then could the user add exception. Whereas now, by simply clicking on “Accept the Risk and Add Exception” the user can add an exception to the site.


To revert to the old certificate error experience, you can flip the “browser.security.newcerterrorpage.enabled” pref to false, for now. We plan to remove this pref eventually.


We hope that the new pages are more informative about the error and will enable the user to make an informed browsing choice for an unsafe URL.


The project tasks were as follows:

  • Fork and pref-off the new cert-error pages: 1463748

  • Updating the design of the certificate error pages: 1463755

  • Changing the copy of the certificate error pages: 1463759

  • Implementing a new clock skew error page: 1476509

  • Change the “Add Exception” button behavior: 1474820

  • Update the “Advanced…” button: 1477313

  • Enable the new cert-error pages by default in Nightly: 1477310


We also had some meetings where we have planned to add telemetry for these error pages. This will give us a better idea about how our changes affected the users’ choice to choose safer options. For instance, the clock skew error page is a new page and we would love to see telemetry responses for that!


Today’s officially the last day of my Outreachy internship, and I would like to take this opportunity to thank my mentor, everyone else involved with the project, and the Mozilla community for being extremely helpful. I learnt a lot from this internship and I hope to stick around with Mozilla in future!


Thanks,

Trisha Gupta



Chris Peterson

unread,
Aug 14, 2018, 2:36:06 PM8/14/18
to Trisha Gupta, firef...@mozilla.org
The new error pages look great, Trisha!

People can check them out using the badssl.com test site:

https://badssl.com/
_______________________________________________
firefox-dev mailing list
firef...@mozilla.org
https://mail.mozilla.org/listinfo/firefox-dev

Bram Pitoyo

unread,
Aug 14, 2018, 7:51:42 PM8/14/18
to Trisha Gupta, Firefox Dev, Meridel Walkington
Thanks a lot, Trisha, for working alongside Meridel and me on these error pages!

Thanks to Trisha’s implementation, the design and typography of our SSL error pages now matches our malware warning pages (http://itisatrap.org/firefox/unwanted.html) as well as other in-content pages.
Reply all
Reply to author
Forward
0 new messages