[IMPROVEMENT] Show msg that WM ext only supports HTTPS sites

[tselit]

Current behaviour

When visiting a monetized website that has a valid link tag, but where the website does not have an SSL certificate (e.g. the URL doesn't have an HTTPS prefix or the page's SSL certificate has expired), then WM extension displays this message "This website is not monetized".

Describe the feature you would like to request

When a web site or page is monetized but it doesn't have a valid SSL certificate (i.e. the URL doesn't have the HTTPS prefix), then let the extension display a more informative and accurate message, to indicate that the extension does not work on site/page.

To do

When a user of the extension visits a website or page that isn't HTTPS compliant, do the following:

• Show the active icon of the extension.
• When opening the extension, show a message that Web Monetization only works on secure sites.

Acceptance criteria

When a user navigates to a non-HTTPS compliant website:

1. The icon of the extension should appear as the default, active icon (i.e. without any green tick, or a red X, or an orange exclamation point).

2. Show this message when the user opens the extension: Unable to start Web Monetization. Web Monetization only works on secure sites.

3. For all non-HTTPS compliant sites or pages, the above points 1 and 2 should always apply, regardless of the monetization status.

Additional context

Related to issue logged #572

[sidvishnoi]

Would like if the messaging reflects that we cannot monetized empty tabs, about:/chrome:///file:/// (local files) pages as well.

[sidvishnoi]

This is what react devtools extension does: https://github.com/facebook/react/blob/main/packages/react-devtools-extensions/popups/restricted.html

[RabebOthmani]

How about : This is a non supported page. For more details about the Web Monetization usage, check out [link]' This way it's generic enough to cover the different cases you mentioned @sidvishnoi and we can add the explanation in the getting started doc ? cc @tselit @melissahenderson

[tselit]

Cool, this sounds good to me @RabebOthmani.

[melissahenderson]

Is this messaging for testers or is it what we're planning on having in v1? Including "for more details...about usage..." is for developers, not your average user. The average user can't do anything to make a site secure.

In any case, a phrasing suggestion I have is: Unable to start Web Monetization. Web Monetization only works on secure sites.

I don't particularly like "start", but something along those lines.

[RabebOthmani]

@melissahenderson about usage is related to using the extension not how to make a site secure. Basically if they want to know why they can't use WM, they can read somewhere all the exceptions that Sid mentioned above

[sidvishnoi]

Reasons why a site is not monetized where we can show a message to user:

1. new tab page
2. browser internal page
3. unsupported_scheme (http://, file://, ftp:// and many others)
4. no monetization links on page peered with connected wallet
5. no monetization links on the page

We can :

• handle first 3 in a single message, and link to docs, or
• handle first 3 in a single message, no link to docs, or
• let user know within extension using 3 different but related messages. e.g.
  • You can't monetize empty tabs
  • You can't monetize browser's internal pages OR the extension can't access browser's internal pages
  • Web Monetization only works with https:// websites

[RabebOthmani]

Third option seems the clearest.