diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-03-31 09:44:30 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-04-14 13:20:35 +0200 |
commit | 2407845ec187fc0bddcf061f41a5791c7041d9ff (patch) | |
tree | d367a246976a3f7e72842a4120b29d975d566b5d /docshell/base | |
parent | 3f09b298b0d3b737e88115c869af8393a75bfd31 (diff) | |
download | UXP-2407845ec187fc0bddcf061f41a5791c7041d9ff.tar UXP-2407845ec187fc0bddcf061f41a5791c7041d9ff.tar.gz UXP-2407845ec187fc0bddcf061f41a5791c7041d9ff.tar.lz UXP-2407845ec187fc0bddcf061f41a5791c7041d9ff.tar.xz UXP-2407845ec187fc0bddcf061f41a5791c7041d9ff.zip |
Issue #1280 - Un-bust certerror pages and ForgetAboutSite
Diffstat (limited to 'docshell/base')
-rw-r--r-- | docshell/base/nsDocShell.cpp | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index 6104ebfa7..f53d89e81 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -4943,13 +4943,11 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI, if (errorClass == nsINSSErrorsService::ERROR_CLASS_BAD_CERT) { error.AssignLiteral("nssBadCert"); - // If this is an HTTP Strict Transport Security host or a pinned host - // and the certificate is bad, don't allow overrides (RFC 6797 section - // 12.1, HPKP draft spec section 2.6). + // If this is an HTTP Strict Transport Security host, don't allow + // overrides (RFC 6797 section 12.1). uint32_t flags = UsePrivateBrowsing() ? nsISocketProvider::NO_PERMANENT_STORAGE : 0; bool isStsHost = false; - bool isPinnedHost = false; if (XRE_IsParentProcess()) { nsCOMPtr<nsISiteSecurityService> sss = do_GetService(NS_SSSERVICE_CONTRACTID, &rv); @@ -4957,9 +4955,6 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI, rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI, flags, nullptr, &isStsHost); NS_ENSURE_SUCCESS(rv, rv); - rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HPKP, aURI, - flags, nullptr, &isPinnedHost); - NS_ENSURE_SUCCESS(rv, rv); } else { mozilla::dom::ContentChild* cc = mozilla::dom::ContentChild::GetSingleton(); @@ -4967,8 +4962,6 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI, SerializeURI(aURI, uri); cc->SendIsSecureURI(nsISiteSecurityService::HEADER_HSTS, uri, flags, &isStsHost); - cc->SendIsSecureURI(nsISiteSecurityService::HEADER_HPKP, uri, flags, - &isPinnedHost); } if (Preferences::GetBool( @@ -4976,11 +4969,9 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI, cssClass.AssignLiteral("expertBadCert"); } - // HSTS/pinning takes precedence over the expert bad cert pref. We + // HSTS takes precedence over the expert bad cert pref. We // never want to show the "Add Exception" button for these sites. - // In the future we should differentiate between an HSTS host and a - // pinned host and display a more informative message to the user. - if (isStsHost || isPinnedHost) { + if (isStsHost) { cssClass.AssignLiteral("badStsCert"); } |