diff options
| author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-09-05 15:30:32 +0200 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-09-05 18:23:12 +0200 |
| commit | e3c13af9761895a19fb1f58abf920190aa739348 (patch) | |
| tree | f64420fcf74f6124ad53665ccb8a3e781c4b6007 /security/manager/ssl/nsISiteSecurityService.idl | |
| parent | 2b223cce089bb8cbfb1a463fdd42e09eee63c7b2 (diff) | |
| download | UXP-e3c13af9761895a19fb1f58abf920190aa739348.tar UXP-e3c13af9761895a19fb1f58abf920190aa739348.tar.gz UXP-e3c13af9761895a19fb1f58abf920190aa739348.tar.lz UXP-e3c13af9761895a19fb1f58abf920190aa739348.tar.xz UXP-e3c13af9761895a19fb1f58abf920190aa739348.zip | |
Properly implement various HSTS states.
Previously, HSTS preload list values could be overridden temporarily due
to counter-intuitive behavior of the API's removeState function.
This adds an explicit flag to the API for writing knockout values to
the Site Security Service, with the default resetting to whatever the
preload list state is.
Diffstat (limited to 'security/manager/ssl/nsISiteSecurityService.idl')
| -rw-r--r-- | security/manager/ssl/nsISiteSecurityService.idl | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/security/manager/ssl/nsISiteSecurityService.idl b/security/manager/ssl/nsISiteSecurityService.idl index 753f32b57..b61577152 100644 --- a/security/manager/ssl/nsISiteSecurityService.idl +++ b/security/manager/ssl/nsISiteSecurityService.idl @@ -23,7 +23,7 @@ namespace mozilla [ref] native nsCStringTArrayRef(nsTArray<nsCString>); [ref] native mozillaPkixTime(mozilla::pkix::Time); -[scriptable, uuid(275127f8-dbd7-4681-afbf-6df0c6587a01)] +[scriptable, uuid(233908bd-6741-4474-a6e1-f298c6ce9eaf)] interface nsISiteSecurityService : nsISupports { const uint32_t HEADER_HSTS = 0; @@ -98,15 +98,21 @@ interface nsISiteSecurityService : nsISupports * Given a header type, removes state relating to that header of a host, * including the includeSubdomains state that would affect subdomains. * This essentially removes the state for the domain tree rooted at this - * host. + * host. If any preloaded information is present for that host, that + * information will then be used instead of any other previously existing + * state, unless the force parameter is set. + * * @param aType the type of security state in question * @param aURI the URI of the target host * @param aFlags options for this request as defined in nsISocketProvider: * NO_PERMANENT_STORAGE + * @param force if set, forces no-HSTS state by writing a knockout value, + * overriding any preload list state */ void removeState(in uint32_t aType, in nsIURI aURI, - in uint32_t aFlags); + in uint32_t aFlags, + [optional] in boolean force); /** * See isSecureURI |