Review the changes to about:logins

Our patch to change about:logins doesn't work anymore as expected.

The "New login" button is still visible even when nocertdb is true because of various refactors.

mentioned in issue #42616 (closed)

added 14.0 stable Backlog Task UX FF128-esr labels

added Desktop label

marked this issue as related to #42751 (closed)

mentioned in issue #42751 (closed)

removed Backlog label

added Next label

This is working in Mullvad Browser, should upstream the about:* page removal patches to Tor Browser?

Torbutton used to force nocertdb to false when always-on PBM was disabled.

So, while we don't support disabling always-on PBM by default (anymore), killing the page means former users will lose access to the data they created.

Trying to add a password will fail if nocertdb is true, and you won't see any password.

So, I think we could add a page state to tell that password manager is disabled by default to prevent disk leaks.

However, we'd need some guidance from UX for this (/cc @donuts).

Propagating nocertdb to the main page is easy:

diff --git a/browser/components/aboutlogins/AboutLoginsChild.sys.mjs b/browser/components/aboutlogins/AboutLoginsChild.sys.mjs
index c7059d8f40e5..0dfc9811283b 100644
--- a/browser/components/aboutlogins/AboutLoginsChild.sys.mjs
+++ b/browser/components/aboutlogins/AboutLoginsChild.sys.mjs
@@ -145,6 +145,7 @@ export class AboutLoginsChild extends JSWindowActorChild {
       // Default to enabled just in case a search is attempted before we get a response.
       primaryPasswordEnabled: true,
       passwordRevealVisible: true,
+      nocertdb: Services.prefs.getBoolPref("security.nocertdb"),
     };
     waivedContent.AboutLoginsUtils = Cu.cloneInto(
       AboutLoginsUtils,

However then it needs to be propagated to the custom elements (and I don't know how to do it as I've never worked with custom elements But I can investigate that if we want to avoid errors in 14.0).

So, I think we could add a page state to tell that password manager is disabled by default to prevent disk leaks.

It would be good to do a review of all features like these (which are available but "unsupported" due to various reasons), perhaps in conjunction with #27605.

assigned to @pierov

added Needs Information label

removed Next label

unassigned @pierov

removed 14.0 stable label

removed Needs Information label

added 14.5 stable Roadmap::Future labels

removed esr-128 label

removed the relation with #42751 (closed)

removed 14.5 stable label

added Apps::Type::Audit label

added Apps::Impact::Unknown label