summaryrefslogtreecommitdiffstats
path: root/netwerk
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2020-03-28 01:06:56 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2020-04-14 13:19:41 +0200
commit99bad1726e897a82239e543a7a8e8fea36b797c0 (patch)
treeaf15c93fca2c7052c029e2422e852cd98b82eb8e /netwerk
parentd86349716a9740226d9175b1cf4b60765cb707fc (diff)
downloadUXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar
UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar.gz
UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar.lz
UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar.xz
UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.zip
Issue #1280 - Part 1: Remove HPKP components.
This also removes leftover plumbing for storing preload information in SiteSecurityService since no service still uses it.
Diffstat (limited to 'netwerk')
-rw-r--r--netwerk/base/security-prefs.js21
1 files changed, 0 insertions, 21 deletions
diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js
index 702315d43..973c73123 100644
--- a/netwerk/base/security-prefs.js
+++ b/netwerk/base/security-prefs.js
@@ -120,27 +120,6 @@ pref("security.webauth.u2f_enable_usbtoken", false);
// OCSP must-staple
pref("security.ssl.enable_ocsp_must_staple", true);
-// HPKP settings
-
-// Enable pinning checks by default.
-pref("security.cert_pinning.enforcement_level", 2);
-// Do not process hpkp headers rooted by not built in roots by default.
-// This is to prevent accidental pinning from MITM devices and is used
-// for tests.
-pref("security.cert_pinning.process_headers_from_non_builtin_roots", false);
-// Impose a maximum age on HPKP headers, to avoid sites getting permanently
-// blacking themselves out by setting a bad pin. (60 days by default)
-// https://tools.ietf.org/html/rfc7469#section-4.1
-pref("security.cert_pinning.max_max_age_seconds", 5184000);
-// Controls whether or not HPKP (the HTTP Public Key Pinning header) is enabled.
-// If true, the header is processed and collected HPKP information is consulted
-// when looking for pinning information.
-// If false, the header is not processed and collected HPKP information is not
-// consulted when looking for pinning information. Preloaded pins are not
-// affected by this preference.
-// Default: false
-pref("security.cert_pinning.hpkp.enabled", false);
-
// If a request is mixed-content, send an HSTS priming request to attempt to
// see if it is available over HTTPS.
pref("security.mixed_content.send_hsts_priming", true);