The secure padlock is unnecessarily shown on Orion 1.3.14 (4) when Show Full URLs is enabled

laiz

Steps to reproduce the issue:

Install Orion 1.3.14 (6) (Testflight)
Toggle on Show Full URLs in the settings
Go to any website with an SSL certificate, I'm using https://news.ycombinator.com/ as an example in the pictures below
Look at the address bar
Notice that the padlock is shown despite the https telling the user the same thing
Revert back to 1.3.14 (2)
The padlock behaves as expected, i.e. it is only shown when Show Full URLs is toggled off.

Expected behavior:

This is the expected behavior and what was decided on before: https://orionfeedback.org/d/8509-padlock-showing-algorithm-on-insecure-websites/9

Orion and iOS versions:

1.3.14 (6) (Testflight)

Michal

No this is wrong and a security issue. Thank you for the context I was not at Kagi in August yet.

The page may have mixed content in which it shows https but the website is not secure, for example https://very.badssl.com/

Also desktop shows the padlock with full url to me.

Browsers nowadays went away from showing the lock icon for securite sites completely so maybe we can consider it and show it only on insecure websites in both full and domain only modes.

laiz

Michal Also desktop shows the padlock with full url to me.

Desktop has far more screen real estate than a phone does. That is the main reason why there is a group of users so adamantly wanting to have those extra pixels for the URL over the lock icon. I understand the edge cases of mixed content pages but I'd consider the whole Full URL feature a feature for advanced users who hopefully understand what they are doing.

laiz

The change was reverted in the latest RC build. This is nowDone @Vlad