indicate that the current origin is allowed through different color flag icon #22
Comments
The idea make sense: indicate that it's an allowed origin so the user doesn't forget and lose security/privacy because they assume that there's just no cross-site requests. However, it's greatly complicated by the existence of "other origin" cross-site requests. How would the icon indicate in this case that all requests from the current origin are allowed but there are still blocked requests? I guess it would still turn red in that case. That might run the risk of a user seeing red and thinking that cross-site requests are blocked, including all requests from the origin, even though they aren't. However, that's probably the same risk as with how things are right now and, really, "other origin" requests aren't very common outside of youtube.com and a small number of other domains. I think this needs some more thought but, at the moment, I like the idea. One hesitation I have is to wonder if there may be other situations that we'll discover in the coming year that green might be better suited for. Also, I wonder if green is ok as it might indicate a feeling of trust when part of the goal is to lightly warn the user. On the other hand, as it would turn green right after they choose to trust the origin, I think it would be clear what it stands for. There also aren't many other colors to choose from. |
See also #98, which proposes further revision and additional colors for other states. |
It would be nice to have an indication that the webpage one is at is in the "allowed" origins whitelist so people realize that every request from this page is being allowed. I suggest turning the flag green when this is the case.
The text was updated successfully, but these errors were encountered: