summaryrefslogtreecommitdiffstats
path: root/docshell
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2020-03-31 09:44:30 +0200
committerwolfbeast <mcwerewolf@wolfbeast.com>2020-03-31 09:44:30 +0200
commita205ee7040b74ff67717ba44723abbdc0dab02e1 (patch)
tree72517c9cb8a2662bf61548cff52ff70ed0d20132 /docshell
parent3bc5d67c982cc4acdc4db2be1c1b517816401d54 (diff)
downloadUXP-a205ee7040b74ff67717ba44723abbdc0dab02e1.tar
UXP-a205ee7040b74ff67717ba44723abbdc0dab02e1.tar.gz
UXP-a205ee7040b74ff67717ba44723abbdc0dab02e1.tar.lz
UXP-a205ee7040b74ff67717ba44723abbdc0dab02e1.tar.xz
UXP-a205ee7040b74ff67717ba44723abbdc0dab02e1.zip
Issue #1280 - Un-bust certerror pages and ForgetAboutSite
Diffstat (limited to 'docshell')
-rw-r--r--docshell/base/nsDocShell.cpp17
1 files changed, 4 insertions, 13 deletions
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index 6104ebfa7..f53d89e81 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -4943,13 +4943,11 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
if (errorClass == nsINSSErrorsService::ERROR_CLASS_BAD_CERT) {
error.AssignLiteral("nssBadCert");
- // If this is an HTTP Strict Transport Security host or a pinned host
- // and the certificate is bad, don't allow overrides (RFC 6797 section
- // 12.1, HPKP draft spec section 2.6).
+ // If this is an HTTP Strict Transport Security host, don't allow
+ // overrides (RFC 6797 section 12.1).
uint32_t flags =
UsePrivateBrowsing() ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
bool isStsHost = false;
- bool isPinnedHost = false;
if (XRE_IsParentProcess()) {
nsCOMPtr<nsISiteSecurityService> sss =
do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
@@ -4957,9 +4955,6 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI,
flags, nullptr, &isStsHost);
NS_ENSURE_SUCCESS(rv, rv);
- rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HPKP, aURI,
- flags, nullptr, &isPinnedHost);
- NS_ENSURE_SUCCESS(rv, rv);
} else {
mozilla::dom::ContentChild* cc =
mozilla::dom::ContentChild::GetSingleton();
@@ -4967,8 +4962,6 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
SerializeURI(aURI, uri);
cc->SendIsSecureURI(nsISiteSecurityService::HEADER_HSTS, uri, flags,
&isStsHost);
- cc->SendIsSecureURI(nsISiteSecurityService::HEADER_HPKP, uri, flags,
- &isPinnedHost);
}
if (Preferences::GetBool(
@@ -4976,11 +4969,9 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
cssClass.AssignLiteral("expertBadCert");
}
- // HSTS/pinning takes precedence over the expert bad cert pref. We
+ // HSTS takes precedence over the expert bad cert pref. We
// never want to show the "Add Exception" button for these sites.
- // In the future we should differentiate between an HSTS host and a
- // pinned host and display a more informative message to the user.
- if (isStsHost || isPinnedHost) {
+ if (isStsHost) {
cssClass.AssignLiteral("badStsCert");
}