Confirmed users
954
edits
Extension Manager:Projects:Improve Add-on Installation: Difference between revisions
Extension Manager:Projects:Improve Add-on Installation (view source)
Revision as of 18:51, 26 April 2011
, 26 April 2011→Related Bugs & Dependencies
No edit summary |
|||
| Line 49: | Line 49: | ||
== Related Bugs & Dependencies == | == Related Bugs & Dependencies == | ||
{{Bug|646602}} | * {{bug|416605}} - Reduce security dialog delay from 2 seconds | ||
* {{bug|561177}}- Remove countdown from add-on install dialog | |||
* {{bug|588266}}- Firefox add-on installation dialog should use doorhanger notification | |||
* {{bug|616100}}- Remove redundant install delay (undo fix for Bug 162020) [for non-AMO sites] | |||
* {{bug|646602}}- Installing add-ons from AMO should not invoke the security prompt | |||
* {{bug|643020}}- Implement the new install UI in the content area | |||
== Related Bugs & Dependencies == | |||
* possible changes to add-on dialogs and their impact | |||
* goal improve add-on installation for users | |||
** lengthy steps seem in consistent to users, ex: countdown, and UI differences | |||
** perception on AMO that even AMO is not trusted even when add-on comes from Moz | |||
** implication is this should not be trusted even if linked to by trusted spaces. | |||
* streamline process, make easier, less clicks, possibly reduce or remove countdown | |||
Q: What are the risks entailed in installation and is AMO less risk than other sites? | |||
* Should be clear that AMO is a website that is part of the app, but what if AMO is hacked? Does this neccessarily help? | |||
* If you go to AMO as a website then this is a prefered experience, like the bits in FX | |||
** Desire: AMO having a different status | |||
** Dialoge is needed as click-jacking is still prevalent/possible on AMO | |||
** A site cannot frame the add-on tab, where as getting a click attack on AMO is somewhat trivial | |||
*Need clear dialog for AMO sandbox | |||
mockup: https://people.mozilla.com/%7Ejboriss/dump/flow_chart_for_addon_download2.pdf | |||
suggestions: | |||
* We could lower the delay from 2 noisy seconds to 1 quiet second | |||
* We could show the user-intent-verification first, before the download finishes. Then there aren't 2 separate "waiting" steps as long as the download is fast<br> | |||
** this would require AMO to supply the stuff that's supposed to appear in the dialog, as part of the installtrigger call, but it would make the UI much better. | |||
* We could make it so any link to addons.mozilla.org opens in a new tab, and use browser-side defenses against clickjacking on that tab | |||
* We could deny InstallTrigger if clicked within 1 second of selecting the tab/window, to make clickjacking AMO harder | |||
* Rather than author information, which is never verified, could show AMO status | |||
** (not on AMO; sandboxed; full review; old version) | |||
** popularity | |||
** average review score | |||
Unresolved Questions: | |||
* AMO warnings (slows down firefox? has privacy policy?) | |||
== Designs == | == Designs == | ||