diff --git a/browser/base/content/browser-siteIdentity.js b/browser/base/content/browser-siteIdentity.js index 35dfdd2cba3e..2f0d4abf5fd8 100644 --- a/browser/base/content/browser-siteIdentity.js +++ b/browser/base/content/browser-siteIdentity.js @@ -234,10 +234,10 @@ var gIdentityHandler = { "identity-popup-security-httpsonlymode-menulist" )); }, - get _identityPopupHttpsOnlyModeMenuListTempItem() { - delete this._identityPopupHttpsOnlyModeMenuListTempItem; - return (this._identityPopupHttpsOnlyModeMenuListTempItem = - document.getElementById("identity-popup-security-menulist-tempitem")); + get _identityPopupHttpsOnlyModeMenuListOffItem() { + delete this._identityPopupHttpsOnlyModeMenuListOffItem; + return (this._identityPopupHttpsOnlyModeMenuListOffItem = + document.getElementById("identity-popup-security-menulist-off-item")); }, get _identityPopupSecurityEVContentOwner() { delete this._identityPopupSecurityEVContentOwner; @@ -551,12 +551,6 @@ var gIdentityHandler = { return; } - // Permissions set in PMB get deleted anyway, but to make sure, let's make - // the permission session-only. - if (newValue === 1 && PrivateBrowsingUtils.isWindowPrivate(window)) { - newValue = 2; - } - // We always want to set the exception for the HTTP version of the current URI, // since when we check wether we should upgrade a request, we are checking permissons // for the HTTP principal (Bug 1757297). @@ -1054,16 +1048,8 @@ var gIdentityHandler = { // in _getHttpsOnlyPermission let value = this._getHttpsOnlyPermission(); - // Because everything in PBM is temporary anyway, we don't need to make the distinction - if (privateBrowsingWindow) { - if (value === 2) { - value = 1; - } - // Hide "off temporarily" option - this._identityPopupHttpsOnlyModeMenuListTempItem.style.display = "none"; - } else { - this._identityPopupHttpsOnlyModeMenuListTempItem.style.display = ""; - } + this._identityPopupHttpsOnlyModeMenuListOffItem.hidden = + privateBrowsingWindow && value != 1; this._identityPopupHttpsOnlyModeMenuList.value = value; diff --git a/browser/components/controlcenter/content/identityPanel.inc.xhtml b/browser/components/controlcenter/content/identityPanel.inc.xhtml index bfbae94f5043..8bc64faa1ee0 100644 --- a/browser/components/controlcenter/content/identityPanel.inc.xhtml +++ b/browser/components/controlcenter/content/identityPanel.inc.xhtml @@ -68,9 +68,9 @@ oncommand="gIdentityHandler.changeHttpsOnlyPermission();" sizetopopup="none"> - - + + diff --git a/browser/components/preferences/dialogs/permissions.js b/browser/components/preferences/dialogs/permissions.js index d8f888ab527e..8cfa424ece56 100644 --- a/browser/components/preferences/dialogs/permissions.js +++ b/browser/components/preferences/dialogs/permissions.js @@ -38,7 +38,7 @@ const permissionExceptionsL10n = { }, "https-only-load-insecure": { window: "permissions-exceptions-https-only-window2", - description: "permissions-exceptions-https-only-desc", + description: "permissions-exceptions-https-only-desc2", }, install: { window: "permissions-exceptions-addons-window2", diff --git a/browser/components/preferences/privacy.inc.xhtml b/browser/components/preferences/privacy.inc.xhtml index aea4c2691314..0b312476b10f 100644 --- a/browser/components/preferences/privacy.inc.xhtml +++ b/browser/components/preferences/privacy.inc.xhtml @@ -1177,7 +1177,7 @@ permissions-allow.label, permissions-remove.label, permissions-remove-all.label, - permissions-exceptions-https-only-desc, + permissions-exceptions-https-only-desc2, " /> diff --git a/browser/components/preferences/privacy.js b/browser/components/preferences/privacy.js index 922dd4c99cd3..3434cc38deba 100644 --- a/browser/components/preferences/privacy.js +++ b/browser/components/preferences/privacy.js @@ -204,6 +204,7 @@ Preferences.addAll([ { id: "dom.security.https_only_mode", type: "bool" }, { id: "dom.security.https_only_mode_pbm", type: "bool" }, { id: "dom.security.https_first", type: "bool" }, + { id: "dom.security.https_first_pbm", type: "bool" }, // Windows SSO { id: "network.http.windows-sso.enabled", type: "bool" }, @@ -449,6 +450,9 @@ var gPrivacyPane = { let httpsFirstOnPref = Services.prefs.getBoolPref( "dom.security.https_first" ); + let httpsFirstOnPBMPref = Services.prefs.getBoolPref( + "dom.security.https_first_pbm" + ); let httpsOnlyRadioGroup = document.getElementById("httpsOnlyRadioGroup"); let httpsOnlyExceptionButton = document.getElementById( "httpsOnlyExceptionButton" @@ -462,7 +466,11 @@ var gPrivacyPane = { httpsOnlyRadioGroup.value = "disabled"; } - httpsOnlyExceptionButton.disabled = !httpsOnlyOnPref && !httpsFirstOnPref; + httpsOnlyExceptionButton.disabled = + !httpsOnlyOnPref && + !httpsFirstOnPref && + !httpsOnlyOnPBMPref && + !httpsFirstOnPBMPref; if ( Services.prefs.prefIsLocked("dom.security.https_only_mode") || @@ -508,6 +516,9 @@ var gPrivacyPane = { Preferences.get("dom.security.https_first").on("change", () => this.syncFromHttpsOnlyPref() ); + Preferences.get("dom.security.https_first_pbm").on("change", () => + this.syncFromHttpsOnlyPref() + ); }, get dnsOverHttpsResolvers() { diff --git a/browser/components/preferences/tests/browser_https_only_exceptions.js b/browser/components/preferences/tests/browser_https_only_exceptions.js index 579f4208f41e..34534ed5f84c 100644 --- a/browser/components/preferences/tests/browser_https_only_exceptions.js +++ b/browser/components/preferences/tests/browser_https_only_exceptions.js @@ -6,8 +6,9 @@ * Checks if buttons are disabled/enabled and visible/hidden correctly. */ add_task(async function testButtons() { - // Let's make sure HTTPS-Only Mode is off. + // Let's make sure HTTPS-Only and HTTPS-First Mode is off. await setHttpsOnlyPref("off"); + await setHttpsFirstPref("off"); // Open the privacy-pane in about:preferences await openPreferencesViaOpenPreferencesAPI("panePrivacy", { @@ -28,8 +29,8 @@ add_task(async function testButtons() { await setHttpsOnlyPref("private"); is( exceptionButton.disabled, - true, - "HTTPS-Only exception button should be disabled when HTTPS-Only Mode is only enabled in private browsing." + false, + "HTTPS-Only exception button should be enabled when HTTPS-Only Mode is only enabled in private browsing." ); await setHttpsOnlyPref("everywhere"); @@ -40,11 +41,17 @@ add_task(async function testButtons() { ); await setHttpsOnlyPref("off"); - await setHttpsFirstPref("private"); is( exceptionButton.disabled, true, - "HTTPS-Only exception button should be disabled when HTTPS-Only Mode is disabled and HTTPS-First Mode is only enabled in private browsing." + "Turning off HTTPS-Only should disable the exception button again." + ); + + await setHttpsFirstPref("private"); + is( + exceptionButton.disabled, + false, + "HTTPS-Only exception button should be enabled when HTTPS-Only Mode is disabled and HTTPS-First Mode is only enabled in private browsing." ); await setHttpsFirstPref("everywhere"); diff --git a/browser/locales/en-US/browser/preferences/permissions.ftl b/browser/locales/en-US/browser/preferences/permissions.ftl index fff18caa9ba7..8694c74b0f34 100644 --- a/browser/locales/en-US/browser/preferences/permissions.ftl +++ b/browser/locales/en-US/browser/preferences/permissions.ftl @@ -109,7 +109,7 @@ permissions-exceptions-cookie-desc = You can specify which websites are always o permissions-exceptions-https-only-window2 = .title = Exceptions - HTTPS-Only Mode .style = { permissions-window2.style } -permissions-exceptions-https-only-desc = You can turn off HTTPS-Only Mode for specific websites. { -brand-short-name } won’t attempt to upgrade the connection to secure HTTPS for those sites. Exceptions do not apply to private windows. +permissions-exceptions-https-only-desc2 = You can turn off HTTPS-Only Mode for specific websites. { -brand-short-name } won’t attempt to upgrade the connection to secure HTTPS for those sites. ## Exceptions - Pop-ups diff --git a/extensions/permissions/PermissionManager.cpp b/extensions/permissions/PermissionManager.cpp index 70c13fd19ba0..6780b3992051 100644 --- a/extensions/permissions/PermissionManager.cpp +++ b/extensions/permissions/PermissionManager.cpp @@ -132,7 +132,7 @@ static const nsLiteralCString kPreloadPermissions[] = { // interception when a user has disabled storage for a specific site. Once // service worker interception moves to the parent process this should be // removed. See bug 1428130. - "cookie"_ns}; + "cookie"_ns, "https-only-load-insecure"_ns}; // NOTE: nullptr can be passed as aType - if it is this function will return // "false" unconditionally. @@ -156,8 +156,8 @@ bool IsPreloadPermission(const nsACString& aType) { // This is because perms are sent to the content process in bulk by perm key. // Non-preloaded, but OA stripped permissions would not be accessible by sites // in private browsing / non-default user context. -static constexpr std::array kStripOAPermissions = { - {"cookie"_ns}}; +static constexpr std::array kStripOAPermissions = { + {"cookie"_ns, "https-only-load-insecure"_ns}}; bool IsOAForceStripPermission(const nsACString& aType) { if (aType.IsEmpty()) { diff --git a/extensions/permissions/test/unit/test_permmanager_oa_strip.js b/extensions/permissions/test/unit/test_permmanager_oa_strip.js index d6c15bd807a5..01f035ad0dc1 100644 --- a/extensions/permissions/test/unit/test_permmanager_oa_strip.js +++ b/extensions/permissions/test/unit/test_permmanager_oa_strip.js @@ -8,7 +8,7 @@ const TEST_PERMISSION3 = "test/oastrip3"; // List of permissions which are not isolated by private browsing or user context // as per array kStripOAPermissions in PermissionManager.cpp -const STRIPPED_PERMS = ["cookie"]; +const STRIPPED_PERMS = ["cookie", "https-only-load-insecure"]; let principal = Services.scriptSecurityManager.createContentPrincipal( TEST_URI, @@ -204,10 +204,10 @@ function testOAIsolation(permIsolateUserContext, permIsolatePrivateBrowsing) { ) ); } - }); - // Cleanup - pm.removeAll(); + // Cleanup + pm.removeAll(); + }); } add_task(async function do_test() {