Steps to reproduce
I’m not sure what settings I changed in the Internet zone, but I tightened the security. I then added *.msnbc.com to Trusted Sites and made the following settings on the Trusted Sites zone:
Prompt - Access data sources across domains
Prompt - Display mixed content
Prompt - Navigate windows and frames across different domains
Prompt - Websites in less privileged web content zone can navigate into this zone
I believe only the last setting “Websites in less privileged web content zone can navigate into this zone” is relevant to my suggestion. If I set it to “Prompt” I get a large number of prompts. If I set it to "Enable", I get no prompts, but then I don’t know when cross-security zone access is occurring and to what host / domain.
I’m sure most people who have attempted to use the “Prompt” feature eventually give up because web browsing becomes too cumbersome, and they probably just set it to "Enable". When this is done, everything works without prompting. However, I think it would be nice to be able to get the prompt so you know that the cross-domain access is occurring, and to what domain, but it would be better if it could be limited to one prompt per session per host or domain.
It would be better to have the prompt in the attached screenshot include a checkbox that says "Don’t prompt again for this (host / domain) during this session".
It might also be good to include a button on the prompt which allows you to add the site from the less trusted zone to the Trusted Sites zone, or, better yet, to a new “Trusted by Proxy” zone. If you added these sites to a new “Trusted by Proxy” zone, then you could create a link where, if someone decided to remove a site from Trusted Sites, it could automatically remove any linked sites from the “Trusted by Proxy” zone. Of course, if multiple Trusted Sites use the same site in the “Trusted by Proxy” zone, then you would have to present a list and say “These Trusted Sites use the following host / domain in the Trusted by Proxy zone. Do you wish to also remove this entry from the Trusted by Proxy zone?”
Adding these features would allow people to take advantage of the “Prompt” feature without making browsing unmanageable. They would be able to be more informed about what hosts and domains are being utilized on a given web page.
Comments and activity
- Microsoft Edge Team
Changed Assigned To to “IPBS P.”
Changed Assigned To from “IPBS P.” to “Bruce M.”
Changed Title from “FEATURE REQUEST: Improving Cross-Domain Security Prompting” to “FEATURE REQUEST: Improving Cross-Zone Security Prompting”
Changed Assigned To to “David W.”
Changed Title from “FEATURE REQUEST: Improving Cross-Zone Security Prompting” to “FEATURE REQUEST: Improving Cross-Zone Prompting”
Changed Assigned To from “David W.” to “IPBS P.”
Changed Status to “Won’t fix”
Changed Assigned To from “IPBS P.” to “Venkat K.”