Opened 14 years ago
Closed 2 weeks ago
#15394 closed defect (bug) (duplicate)
Ancient "Are you sure you want to do this" now confusing
Reported by: | ozh | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | minor | Version: | 3.1 |
Component: | Security | Keywords: | needs-patch dev-feedback |
Focuses: | Cc: |
Description
The default failing nonce message did not pass the wife test. Asking "Are you sure you want to do this?" now that there is no longer "OK" and "Cancel" buttons is confusing and my wife just asked me "How do I tell I'm sure?"
Not sure about the best wording, I took the same approach as Twitter's expired OAuth token links with a message that does not let user think there is something to confirm.
Attachments (2)
Change History (25)
#5
@
14 years ago
The "Link has expired" message is better than "Are you sure" but IMHO still quite vague for the average user. Perhaps it can be "This action has failed" as suggested in http://core.trac.wordpress.org/ticket/8552#comment:3.
Also it doesn't offer an action for the user to continue. As far as I can see nearly all legitimate nonce errors are caused by expired user login. Perhaps we can add a link to [site]/wp-admin (needs to be audited) or even go further and check if the user is logged in when generating the "nonce failed" message and show alternate explanation:
User logged in: "This action has failed. [Back to WordPress admin]
Login expired: "Your login has expired. Please [log in] again.
#6
@
14 years ago
"That Request has expired and is not valid any longer. Please go back and start over."
If a login expires, isn't the user redirected to the login form already? "Reauth"
Related: #14060
#9
@
12 years ago
- Keywords needs-patch added; has-patch ays removed
As azaozz said, the wording in the current patch isn't too much of an improvement. It can be shown when submitting a form, for instance.
I don't think we need to provide any link. The Back button should be good enough.
#12
@
11 years ago
It sounds like we have two ways to go here.
We go down the rabbit hole, and attempt to give the user as much detail as we can about the issue. Whether they're logged in, whether the nonce failed, perhaps even what nonce, etc.
We give a blanket "this thing broke" error, and point them in the right direction of where to go from here.
#14
@
9 years ago
- Keywords dev-feedback added; 3.2-early removed
- Severity changed from trivial to minor
#16
follow-up:
↓ 20
@
8 years ago
The question to the end is totally senseless here. It's senseless because it's a listing of errors, nothing to choose (yes/no), and even if I could, which one would I choose :) ?
#17
@
8 years ago
As far as possible giving an actual thing you can do or next action is far better than a blanket message. The 'are you sure you want to do this' has always felt weird to me. We lead users to second guess and that's really not cool. I'm commenting to try and get some progress on this and see if we can get this worked on again.
This ticket was mentioned in Slack in #core-customize by paaljoachim. View the logs.
7 years ago
This ticket was mentioned in Slack in #design by karmatosed. View the logs.
6 years ago
#20
in reply to:
↑ 16
@
6 years ago
We discussed this ticket today in the WordPress design team and agree that the message is senseless. However, to bring up a suggestion to improve this message, it would help to figure out where and when the message appears. Is it possible to give us some steps taken to get to this message?
Replying to Presskopp:
The question to the end is totally senseless here. It's senseless because it's a listing of errors, nothing to choose (yes/no), and even if I could, which one would I choose :) ?
This ticket was mentioned in Slack in #design by karmatosed. View the logs.
6 years ago
#22
@
6 years ago
- Keywords ux-feedback removed
In this case, as design feedback has been given, let's remove that keyword for now.
+1.