FEATURE REQUEST: Improving Cross-Zone Prompting

Won’t fix Issue #101538

Details

Created
Apr 27, 2014
Privacy
This issue is public.
Found in build #
0.0011
Reports
Reported by 0 people

Sign in to watch or report this issue.

Steps to reproduce

URL =

URL:

Repro Steps:

I’m not sure what settings I changed in the Internet zone, but I tightened the security. I then added *.msnbc.com to Trusted Sites and made the following settings on the Trusted Sites zone:

Prompt - Access data sources across domains
Prompt - Display mixed content
Prompt - Navigate windows and frames across different domains
Prompt - Websites in less privileged web content zone can navigate into this zone

I believe only the last setting “Websites in less privileged web content zone can navigate into this zone” is relevant to my suggestion. If I set it to “Prompt” I get a large number of prompts. If I set it to "Enable", I get no prompts, but then I don’t know when cross-security zone access is occurring and to what host / domain.

Example URL:

http://www.msnbc.com/rachel-maddow-show/watch/gop-big-spender-gets-attention-to-pet-issue-209862723656

Expected Results:

I’m sure most people who have attempted to use the “Prompt” feature eventually give up because web browsing becomes too cumbersome, and they probably just set it to "Enable". When this is done, everything works without prompting. However, I think it would be nice to be able to get the prompt so you know that the cross-domain access is occurring, and to what domain, but it would be better if it could be limited to one prompt per session per host or domain.

It would be better to have the prompt in the attached screenshot include a checkbox that says "Don’t prompt again for this (host / domain) during this session".

It might also be good to include a button on the prompt which allows you to add the site from the less trusted zone to the Trusted Sites zone, or, better yet, to a new “Trusted by Proxy” zone. If you added these sites to a new “Trusted by Proxy” zone, then you could create a link where, if someone decided to remove a site from Trusted Sites, it could automatically remove any linked sites from the “Trusted by Proxy” zone. Of course, if multiple Trusted Sites use the same site in the “Trusted by Proxy” zone, then you would have to present a list and say “These Trusted Sites use the following host / domain in the Trusted by Proxy zone. Do you wish to also remove this entry from the Trusted by Proxy zone?”

Adding these features would allow people to take advantage of the “Prompt” feature without making browsing unmanageable. They would be able to be more informed about what hosts and domains are being utilized on a given web page.

Actual Results:

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “IPBS P.”

      Changed Assigned To from “IPBS P.” to “Bruce M.”

      Changed Title from “FEATURE REQUEST: Improving Cross-Domain Security Prompting” to “FEATURE REQUEST: Improving Cross-Zone Security Prompting”

      Changed Assigned To to “David W.”

      Changed Title from “FEATURE REQUEST: Improving Cross-Zone Security Prompting” to “FEATURE REQUEST: Improving Cross-Zone Prompting”

      Changed Assigned To from “David W.” to “IPBS P.”

      Changed Status to “Won’t fix”

      Changed Assigned To from “IPBS P.” to “Venkat K.”

    You need to sign in to your Microsoft account to add a comment.

    Sign in