diff --git a/browser/base/content/browser-siteIdentity.js b/browser/base/content/browser-siteIdentity.js
index 35dfdd2cba3e..2f0d4abf5fd8 100644
--- a/browser/base/content/browser-siteIdentity.js
+++ b/browser/base/content/browser-siteIdentity.js
@@ -234,10 +234,10 @@ var gIdentityHandler = {
"identity-popup-security-httpsonlymode-menulist"
));
},
- get _identityPopupHttpsOnlyModeMenuListTempItem() {
- delete this._identityPopupHttpsOnlyModeMenuListTempItem;
- return (this._identityPopupHttpsOnlyModeMenuListTempItem =
- document.getElementById("identity-popup-security-menulist-tempitem"));
+ get _identityPopupHttpsOnlyModeMenuListOffItem() {
+ delete this._identityPopupHttpsOnlyModeMenuListOffItem;
+ return (this._identityPopupHttpsOnlyModeMenuListOffItem =
+ document.getElementById("identity-popup-security-menulist-off-item"));
},
get _identityPopupSecurityEVContentOwner() {
delete this._identityPopupSecurityEVContentOwner;
@@ -551,12 +551,6 @@ var gIdentityHandler = {
return;
}
- // Permissions set in PMB get deleted anyway, but to make sure, let's make
- // the permission session-only.
- if (newValue === 1 && PrivateBrowsingUtils.isWindowPrivate(window)) {
- newValue = 2;
- }
-
// We always want to set the exception for the HTTP version of the current URI,
// since when we check wether we should upgrade a request, we are checking permissons
// for the HTTP principal (Bug 1757297).
@@ -1054,16 +1048,8 @@ var gIdentityHandler = {
// in _getHttpsOnlyPermission
let value = this._getHttpsOnlyPermission();
- // Because everything in PBM is temporary anyway, we don't need to make the distinction
- if (privateBrowsingWindow) {
- if (value === 2) {
- value = 1;
- }
- // Hide "off temporarily" option
- this._identityPopupHttpsOnlyModeMenuListTempItem.style.display = "none";
- } else {
- this._identityPopupHttpsOnlyModeMenuListTempItem.style.display = "";
- }
+ this._identityPopupHttpsOnlyModeMenuListOffItem.hidden =
+ privateBrowsingWindow && value != 1;
this._identityPopupHttpsOnlyModeMenuList.value = value;
diff --git a/browser/components/controlcenter/content/identityPanel.inc.xhtml b/browser/components/controlcenter/content/identityPanel.inc.xhtml
index bfbae94f5043..8bc64faa1ee0 100644
--- a/browser/components/controlcenter/content/identityPanel.inc.xhtml
+++ b/browser/components/controlcenter/content/identityPanel.inc.xhtml
@@ -68,9 +68,9 @@
oncommand="gIdentityHandler.changeHttpsOnlyPermission();" sizetopopup="none">
-
-
+
+
diff --git a/browser/components/preferences/privacy.js b/browser/components/preferences/privacy.js
index 922dd4c99cd3..3434cc38deba 100644
--- a/browser/components/preferences/privacy.js
+++ b/browser/components/preferences/privacy.js
@@ -204,6 +204,7 @@ Preferences.addAll([
{ id: "dom.security.https_only_mode", type: "bool" },
{ id: "dom.security.https_only_mode_pbm", type: "bool" },
{ id: "dom.security.https_first", type: "bool" },
+ { id: "dom.security.https_first_pbm", type: "bool" },
// Windows SSO
{ id: "network.http.windows-sso.enabled", type: "bool" },
@@ -449,6 +450,9 @@ var gPrivacyPane = {
let httpsFirstOnPref = Services.prefs.getBoolPref(
"dom.security.https_first"
);
+ let httpsFirstOnPBMPref = Services.prefs.getBoolPref(
+ "dom.security.https_first_pbm"
+ );
let httpsOnlyRadioGroup = document.getElementById("httpsOnlyRadioGroup");
let httpsOnlyExceptionButton = document.getElementById(
"httpsOnlyExceptionButton"
@@ -462,7 +466,11 @@ var gPrivacyPane = {
httpsOnlyRadioGroup.value = "disabled";
}
- httpsOnlyExceptionButton.disabled = !httpsOnlyOnPref && !httpsFirstOnPref;
+ httpsOnlyExceptionButton.disabled =
+ !httpsOnlyOnPref &&
+ !httpsFirstOnPref &&
+ !httpsOnlyOnPBMPref &&
+ !httpsFirstOnPBMPref;
if (
Services.prefs.prefIsLocked("dom.security.https_only_mode") ||
@@ -508,6 +516,9 @@ var gPrivacyPane = {
Preferences.get("dom.security.https_first").on("change", () =>
this.syncFromHttpsOnlyPref()
);
+ Preferences.get("dom.security.https_first_pbm").on("change", () =>
+ this.syncFromHttpsOnlyPref()
+ );
},
get dnsOverHttpsResolvers() {
diff --git a/browser/components/preferences/tests/browser_https_only_exceptions.js b/browser/components/preferences/tests/browser_https_only_exceptions.js
index 579f4208f41e..34534ed5f84c 100644
--- a/browser/components/preferences/tests/browser_https_only_exceptions.js
+++ b/browser/components/preferences/tests/browser_https_only_exceptions.js
@@ -6,8 +6,9 @@
* Checks if buttons are disabled/enabled and visible/hidden correctly.
*/
add_task(async function testButtons() {
- // Let's make sure HTTPS-Only Mode is off.
+ // Let's make sure HTTPS-Only and HTTPS-First Mode is off.
await setHttpsOnlyPref("off");
+ await setHttpsFirstPref("off");
// Open the privacy-pane in about:preferences
await openPreferencesViaOpenPreferencesAPI("panePrivacy", {
@@ -28,8 +29,8 @@ add_task(async function testButtons() {
await setHttpsOnlyPref("private");
is(
exceptionButton.disabled,
- true,
- "HTTPS-Only exception button should be disabled when HTTPS-Only Mode is only enabled in private browsing."
+ false,
+ "HTTPS-Only exception button should be enabled when HTTPS-Only Mode is only enabled in private browsing."
);
await setHttpsOnlyPref("everywhere");
@@ -40,11 +41,17 @@ add_task(async function testButtons() {
);
await setHttpsOnlyPref("off");
- await setHttpsFirstPref("private");
is(
exceptionButton.disabled,
true,
- "HTTPS-Only exception button should be disabled when HTTPS-Only Mode is disabled and HTTPS-First Mode is only enabled in private browsing."
+ "Turning off HTTPS-Only should disable the exception button again."
+ );
+
+ await setHttpsFirstPref("private");
+ is(
+ exceptionButton.disabled,
+ false,
+ "HTTPS-Only exception button should be enabled when HTTPS-Only Mode is disabled and HTTPS-First Mode is only enabled in private browsing."
);
await setHttpsFirstPref("everywhere");
diff --git a/browser/locales/en-US/browser/preferences/permissions.ftl b/browser/locales/en-US/browser/preferences/permissions.ftl
index fff18caa9ba7..8694c74b0f34 100644
--- a/browser/locales/en-US/browser/preferences/permissions.ftl
+++ b/browser/locales/en-US/browser/preferences/permissions.ftl
@@ -109,7 +109,7 @@ permissions-exceptions-cookie-desc = You can specify which websites are always o
permissions-exceptions-https-only-window2 =
.title = Exceptions - HTTPS-Only Mode
.style = { permissions-window2.style }
-permissions-exceptions-https-only-desc = You can turn off HTTPS-Only Mode for specific websites. { -brand-short-name } won’t attempt to upgrade the connection to secure HTTPS for those sites. Exceptions do not apply to private windows.
+permissions-exceptions-https-only-desc2 = You can turn off HTTPS-Only Mode for specific websites. { -brand-short-name } won’t attempt to upgrade the connection to secure HTTPS for those sites.
## Exceptions - Pop-ups
diff --git a/extensions/permissions/PermissionManager.cpp b/extensions/permissions/PermissionManager.cpp
index 70c13fd19ba0..6780b3992051 100644
--- a/extensions/permissions/PermissionManager.cpp
+++ b/extensions/permissions/PermissionManager.cpp
@@ -132,7 +132,7 @@ static const nsLiteralCString kPreloadPermissions[] = {
// interception when a user has disabled storage for a specific site. Once
// service worker interception moves to the parent process this should be
// removed. See bug 1428130.
- "cookie"_ns};
+ "cookie"_ns, "https-only-load-insecure"_ns};
// NOTE: nullptr can be passed as aType - if it is this function will return
// "false" unconditionally.
@@ -156,8 +156,8 @@ bool IsPreloadPermission(const nsACString& aType) {
// This is because perms are sent to the content process in bulk by perm key.
// Non-preloaded, but OA stripped permissions would not be accessible by sites
// in private browsing / non-default user context.
-static constexpr std::array kStripOAPermissions = {
- {"cookie"_ns}};
+static constexpr std::array kStripOAPermissions = {
+ {"cookie"_ns, "https-only-load-insecure"_ns}};
bool IsOAForceStripPermission(const nsACString& aType) {
if (aType.IsEmpty()) {
diff --git a/extensions/permissions/test/unit/test_permmanager_oa_strip.js b/extensions/permissions/test/unit/test_permmanager_oa_strip.js
index d6c15bd807a5..01f035ad0dc1 100644
--- a/extensions/permissions/test/unit/test_permmanager_oa_strip.js
+++ b/extensions/permissions/test/unit/test_permmanager_oa_strip.js
@@ -8,7 +8,7 @@ const TEST_PERMISSION3 = "test/oastrip3";
// List of permissions which are not isolated by private browsing or user context
// as per array kStripOAPermissions in PermissionManager.cpp
-const STRIPPED_PERMS = ["cookie"];
+const STRIPPED_PERMS = ["cookie", "https-only-load-insecure"];
let principal = Services.scriptSecurityManager.createContentPrincipal(
TEST_URI,
@@ -204,10 +204,10 @@ function testOAIsolation(permIsolateUserContext, permIsolatePrivateBrowsing) {
)
);
}
- });
- // Cleanup
- pm.removeAll();
+ // Cleanup
+ pm.removeAll();
+ });
}
add_task(async function do_test() {