miketaylr
commented
5 years ago Probably something to tackle in Q2.
Open miketaylr opened 6 years ago
miketaylr
commented
5 years ago Probably something to tackle in Q2.
miketaylr
commented
5 years ago Another option, recommended by :mt,
A banner reminding people that ALL this information will be public is probably what you want
martinthomson
commented
5 years ago That might be #2690.
miketaylr
commented
5 years ago I think @magsout expressed interest in working on this.
The idea is that we include a (checked by default) checkbox (somewhere in the form UI...) that says something like "Include console messages and browser config data".
And if it's checked, nothing changes from our current situation. The default behavior works like so:
If the user clicks "report site issue" from mobile or desktop Firefox, the browser sends a POST to the site, which then grabs those details from the form object and stashes the data inside a hidden input in the browser form:
https://github.com/webcompat/webcompat.com/blob/master/webcompat/form.py#L107 https://github.com/webcompat/webcompat.com/blob/master/webcompat/form.py#L122-L127
That ends up looking something like:
<input id="details" name="details" type="hidden" value="{
"mixed active content blocked": false,
"buildID": "20190204181317",
"hasTouchScreen": false,
"tracking content blocked": "false",
"consoleLog": [
"[JavaScript Error: \"Content Security Policy: The pages settings blocked the loading of a resource at inline (script-src).\" {file: \"https://github.com/webcompat/web-bugs/\" line: 1}]",
"[JavaScript Warning: \"Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.github.com/_private/browser/stats. (Reason: CORS request did not succeed).\"]"
],
"gfx.webrender.blob-images": true,
"gfx.webrender.all": false,
"mixed passive content blocked": false,
"gfx.webrender.enabled": false,
"image.mem.shared": true,
"channel": "aurora"
}">So my thinking was if the user unchecks the new checkbox (to not provide this data), we just empty out the contents of input#details, and it will never get sent to GitHub.
Does that make sense @magsout?
miketaylr
commented
5 years ago (and then let's file a follow up so the user can inspect the data to make a more informed decision, or possibly even edit it)
For privacy reasons, it's probably good to provide an escape hatch. Perhaps a pre-selected checkbox, that users can de-select. We probably want to also make console logs visible at report-time somehow, unsure. That could be follow up bug material.