Users should be clear they are using a prototype

[edwardhorsford]

There's a couple issues it would be good to address around running the kit:

• Users should never mistake the kit for being the "real" GOV.UK - especially when a prototype is running on the web.
• Users should consider carefully before entering personal data in to prototypes. This may be ok in some situations, but the kit looking like GOV.UK might imply it has the same security - which it doesn't.

An idea / suggestion:

A lightbox that displays on first load of the prototype, and can be dismissed. The lightbox is hidden using a cookie, so users won't keep seeing it. This ensures that every time a new users comes across a prototype, they see this warning at least once.

Some considerations: are there seperate needs around a warning displayed online, vs one potentially displayed during user research, vs one displayed running locally.

[timpaul]

Also, we currently publish the kit to Heroku so we can link to the example pages from their associated design patterns. Do we want to trigger this warning for those? If not, we'll need to be able to disable it with an environment variable.

[edwardhorsford]

Agreed - this isn't needed on the site we publish examples / documentation on. Perhaps another reason that whatever's published on govuk-prototype-kit.herokuapp.com doesn't have to be exactly the same as what you run if you download the kit.

Talking with Stephen Gill, it sounds like some services might like to display a persistent banner - which might be more suitable for docs, etc?

[edwardhorsford]

Minimum viable prototype - what do people think?

This just a prototype - we'd want a good accessible version before releasing.

[timpaul]

Hmm,

I get the popup each time I refresh the page. Should we also consider just
using a dismissible banner - in the same way we do the cookies banner?

On 15 February 2016 at 11:05, Ed Horsford [email protected] wrote:

Minimum viable prototype
http://govuk-prototype-kit-warning.herokuapp.com/ - what do people
think?

This just a prototype - we'd want a good accessible version before
releasing.

—
Reply to this email directly or view it on GitHub
#146 (comment)
.

[edwardhorsford]

@timpaul the intention would be that it's hidden via cookie. However that makes it hard to demo, so the prototype shows on every page.

IMHO we want to be more prominent than a banner in this case - we want to be very explicit that this is not GOV.UK

[edwardhorsford]

I've updated my prototype to use the dialog element with polyfill. It stores a record of the user having seen the message in a cookie.

Try the prototype (open in incognito window to try again)

Next steps are to get this in to the accessibility sandbox and get it tested. Chris Moore has already said it works well with the screen reader he tried.

[joelanman]

idea - support a query string to suppress the warning, so you can link from one prototype to another without an extra warning at the point of linking

[joelanman]

Idea for a banner:

[joelanman]

from slack:

Alex Torrance [2:50 PM]
maybe over engineering, but could you sandbox prototypes using a standard log in screen (as opposed to basic auth pop up) and put the username and password on the page.

[2:50]
would stop search engines but still be open

[2:50]
or maybe even have some kind of capture style mechanism so you can only proceed with a cookie set

Joe Lanman [2:52 PM]
sounds like it could work

[2:53]
it would be a basic captcha

[2:53]
so, you have to be signed in (session) to see any page (edited)

[2:54]
the sign in page has yadda yadda this is a prototype, and the password is ABC

[ruthhammond]

Closed as password page works well