summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/nsSiteSecurityService.cpp
diff options
context:
space:
mode:
authorMoonchild <mcwerewolf@wolfbeast.com>2019-01-18 05:28:19 +0100
committerGitHub <noreply@github.com>2019-01-18 05:28:19 +0100
commit01ad6e7451f20f819e4ae3b10c981cc52b65b63d (patch)
treed7fdbdce1cca820e83ff19cb15af143211ab8d39 /security/manager/ssl/nsSiteSecurityService.cpp
parentf6ef8d8ca7ed96d699c28914fc590b0604520fd0 (diff)
parenta74b0934718f3cc442d8118acdecc4e5aa5b5323 (diff)
downloadUXP-01ad6e7451f20f819e4ae3b10c981cc52b65b63d.tar
UXP-01ad6e7451f20f819e4ae3b10c981cc52b65b63d.tar.gz
UXP-01ad6e7451f20f819e4ae3b10c981cc52b65b63d.tar.lz
UXP-01ad6e7451f20f819e4ae3b10c981cc52b65b63d.tar.xz
UXP-01ad6e7451f20f819e4ae3b10c981cc52b65b63d.zip
Merge pull request #931 from Ascrod/master
Fix option for disabling HSTS in Pale Moon
Diffstat (limited to 'security/manager/ssl/nsSiteSecurityService.cpp')
-rw-r--r--security/manager/ssl/nsSiteSecurityService.cpp24
1 files changed, 24 insertions, 0 deletions
diff --git a/security/manager/ssl/nsSiteSecurityService.cpp b/security/manager/ssl/nsSiteSecurityService.cpp
index 1d79844ff..fc38f4e64 100644
--- a/security/manager/ssl/nsSiteSecurityService.cpp
+++ b/security/manager/ssl/nsSiteSecurityService.cpp
@@ -211,6 +211,7 @@ nsSiteSecurityService::nsSiteSecurityService()
: mMaxMaxAge(kSixtyDaysInSeconds)
, mUsePreloadList(true)
, mPreloadListTimeOffset(0)
+ , mUseStsService(true)
{
}
@@ -239,6 +240,10 @@ nsSiteSecurityService::Init()
"network.stricttransportsecurity.preloadlist", true);
mozilla::Preferences::AddStrongObserver(this,
"network.stricttransportsecurity.preloadlist");
+ mUseStsService = mozilla::Preferences::GetBool(
+ "network.stricttransportsecurity.enabled", true);
+ mozilla::Preferences::AddStrongObserver(this,
+ "network.stricttransportsecurity.enabled");
mProcessPKPHeadersFromNonBuiltInRoots = mozilla::Preferences::GetBool(
"security.cert_pinning.process_headers_from_non_builtin_roots", false);
mozilla::Preferences::AddStrongObserver(this,
@@ -335,6 +340,11 @@ nsSiteSecurityService::SetHSTSState(uint32_t aType,
aHSTSState == SecurityPropertyNegative),
"HSTS State must be SecurityPropertySet or SecurityPropertyNegative");
+ // Exit early if STS not enabled
+ if (!mUseStsService) {
+ return NS_OK;
+ }
+
int64_t expiretime = ExpireTimeFromMaxAge(maxage);
SiteHSTSState siteState(expiretime, aHSTSState, includeSubdomains);
nsAutoCString stateString;
@@ -922,6 +932,13 @@ nsSiteSecurityService::IsSecureURI(uint32_t aType, nsIURI* aURI,
nsAutoCString hostname;
nsresult rv = GetHost(aURI, hostname);
NS_ENSURE_SUCCESS(rv, rv);
+
+ // Exit early if STS not enabled
+ if (!mUseStsService) {
+ *aResult = false;
+ return NS_OK;
+ }
+
/* An IP address never qualifies as a secure URI. */
if (HostIsIPAddress(hostname.get())) {
*aResult = false;
@@ -980,6 +997,11 @@ nsSiteSecurityService::IsSecureHost(uint32_t aType, const char* aHost,
*aCached = false;
}
+ // Exit early if checking HSTS and STS not enabled
+ if (!mUseStsService && aType == nsISiteSecurityService::HEADER_HSTS) {
+ return NS_OK;
+ }
+
/* An IP address never qualifies as a secure URI. */
if (HostIsIPAddress(aHost)) {
return NS_OK;
@@ -1282,6 +1304,8 @@ nsSiteSecurityService::Observe(nsISupports *subject,
if (strcmp(topic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
mUsePreloadList = mozilla::Preferences::GetBool(
"network.stricttransportsecurity.preloadlist", true);
+ mUseStsService = mozilla::Preferences::GetBool(
+ "network.stricttransportsecurity.enabled", true);
mPreloadListTimeOffset =
mozilla::Preferences::GetInt("test.currentTimeOffsetSeconds", 0);
mProcessPKPHeadersFromNonBuiltInRoots = mozilla::Preferences::GetBool(