Bug 1647336 - Fixed incorrect icon and site-identity information on HTTPS-Only Error Page. r=nhnt11

Differential Revision: https://phabricator.services.mozilla.com/D83134

browser/base/content/browser-siteIdentity.js

@@ -139,6 +139,16 @@ var gIdentityHandler = {
     );
   },
 
+  get _isAboutHttpsOnlyErrorPage() {
+    return (
+      gBrowser.selectedBrowser.documentURI &&
+      gBrowser.selectedBrowser.documentURI.scheme == "about" &&
+      gBrowser.selectedBrowser.documentURI.pathQueryRef.startsWith(
+        "httpsonlyerror"
+      )
+    );
+  },
+
   get _isPotentiallyTrustworthy() {
     return (
       !this._isBrokenConnection &&
@@ -756,6 +766,9 @@ var gIdentityHandler = {
     } else if (this._isAboutCertErrorPage) {
       // We show a warning lock icon for 'about:certerror' page.
       this._identityBox.className = "certErrorPage";
+    } else if (this._isAboutHttpsOnlyErrorPage) {
+      // We show a not secure lock icon for 'about:httpsonlyerror' page.
+      this._identityBox.className = "httpsOnlyErrorPage";
     } else if (this._isAboutNetErrorPage || this._isAboutBlockedPage) {
       // Network errors and blocked pages get a more neutral icon
       this._identityBox.className = "unknownIdentity";
@@ -940,6 +953,8 @@ var gIdentityHandler = {
       customRoot = this._hasCustomRoot();
     } else if (this._isAboutCertErrorPage) {
       connection = "cert-error-page";
+    } else if (this._isAboutHttpsOnlyErrorPage) {
+      connection = "https-only-error-page";
     } else if (this._isAboutNetErrorPage || this._isAboutBlockedPage) {
       connection = "not-secure";
     } else if (this._isPotentiallyTrustworthy) {

browser/base/content/pageinfo/pageInfo.js

@@ -388,7 +388,8 @@ async function onNonMediaPageInfoLoad(browser, pageInfoData, imageInfo) {
   await makeGeneralTab(pageInfoData.metaViewRows, docInfo);
   if (
     uri.spec.startsWith("about:neterror") ||
-    uri.spec.startsWith("about:certerror")
+    uri.spec.startsWith("about:certerror") ||
+    uri.spec.startsWith("about:httpsonlyerror")
   ) {
     uri = browser.currentURI;
     principal = Services.scriptSecurityManager.createContentPrincipal(

browser/base/content/test/siteIdentity/browser_check_identity_state.js

@@ -407,6 +407,49 @@ add_task(async function test_about_net_error_uri() {
   await noCertErrorTest(false);
 });
 
+add_task(async function httpsOnlyErrorTest() {
+  let oldTab = await loadNewTab("about:robots");
+  await SpecialPowers.pushPrefEnv({
+    set: [["dom.security.https_only_mode", true]],
+  });
+  let newTab = BrowserTestUtils.addTab(gBrowser);
+  gBrowser.selectedTab = newTab;
+
+  let promise = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser);
+  BrowserTestUtils.loadURI(gBrowser, "http://nocert.example.com/");
+  await promise;
+  is(
+    getIdentityMode(),
+    "httpsOnlyErrorPage",
+    "Identity should be the https-only mode error page."
+  );
+  is(
+    getConnectionState(),
+    "https-only-error-page",
+    "Connection should be the https-only mode error page."
+  );
+
+  gBrowser.selectedTab = oldTab;
+  is(getIdentityMode(), "localResource", "Identity should be localResource");
+
+  gBrowser.selectedTab = newTab;
+  is(
+    getIdentityMode(),
+    "httpsOnlyErrorPage",
+    "Identity should be the https-only mode error page."
+  );
+  is(
+    getConnectionState(),
+    "https-only-error-page",
+    "Connection should be the https-only mode page."
+  );
+
+  gBrowser.removeTab(newTab);
+  gBrowser.removeTab(oldTab);
+
+  await SpecialPowers.popPrefEnv();
+});
+
 async function noCertErrorFromNavigationTest(secureCheck) {
   await SpecialPowers.pushPrefEnv({ set: [[INSECURE_ICON_PREF, secureCheck]] });
   let newTab = await loadNewTab("http://example.com/" + DUMMY);

browser/components/controlcenter/content/identityPanel.inc.xhtml

@@ -30,7 +30,7 @@
 
           <vbox class="identity-popup-security-connection">
             <description class="identity-popup-connection-not-secure"
-                         when-connection="not-secure secure-cert-user-overridden secure-custom-root cert-error-page" data-l10n-id="identity-connection-not-secure"></description>
+                         when-connection="not-secure secure-cert-user-overridden secure-custom-root cert-error-page https-only-error-page" data-l10n-id="identity-connection-not-secure"></description>
             <description class="identity-popup-connection-secure"
                          when-connection="secure secure-ev" data-l10n-id="identity-connection-secure"></description>
             <description when-connection="chrome" data-l10n-id="identity-connection-internal"></description>
@@ -56,13 +56,13 @@
         </vbox>
         <button id="identity-popup-security-expander"
                 class="identity-popup-expander"
-                when-connection="not-secure secure secure-ev secure-cert-user-overridden cert-error-page"
+                when-connection="not-secure secure secure-ev secure-cert-user-overridden cert-error-page https-only-error-page"
                 oncommand="gIdentityHandler.showSecuritySubView();"/>
       </hbox>
 
       <!-- Permissions Section -->
       <hbox class="identity-popup-section"
-            when-connection="not-secure secure secure-ev secure-cert-user-overridden file extension cert-error-page">
+            when-connection="not-secure secure secure-ev secure-cert-user-overridden file extension cert-error-page https-only-error-page">
         <vbox id="identity-popup-permissions-content" flex="1" role="group"
               aria-labelledby="identity-popup-permissions-headline">
           <hbox id="identity-popup-permissions-header" align="center">
@@ -93,7 +93,7 @@
       <vbox class="identity-popup-security-content">
         <vbox class="identity-popup-security-connection">
           <description class="identity-popup-connection-not-secure"
-                       when-connection="not-secure secure-cert-user-overridden cert-error-page" data-l10n-id="identity-connection-not-secure-security-view"></description>
+                       when-connection="not-secure secure-cert-user-overridden cert-error-page https-only-error-page" data-l10n-id="identity-connection-not-secure-security-view"></description>
           <description class="identity-popup-connection-secure"
                        when-connection="secure secure-ev" data-l10n-id="identity-connection-verified"></description>
         </vbox>
@@ -122,7 +122,7 @@
                 oncommand="gIdentityHandler.removeCertException()"/>
 
         <!-- Connection is Not Secure -->
-        <description when-connection="not-secure cert-error-page"
+        <description when-connection="not-secure cert-error-page https-only-error-page"
                      data-l10n-id="identity-description-insecure"></description>
 
         <!-- Weak Cipher -->

browser/themes/shared/controlcenter/panel.inc.css

@@ -62,6 +62,7 @@
 #identity-popup[connection=file] [when-connection~=file],
 #identity-popup[connection=extension] [when-connection~=extension],
 #identity-popup[connection=cert-error-page] [when-connection~=cert-error-page],
+#identity-popup[connection=https-only-error-page] [when-connection~=https-only-error-page],
 /* Show weak cipher messages when needed. */
 #identity-popup[ciphers=weak] [when-ciphers~=weak],
 /* Show mixed content warnings when needed */

browser/themes/shared/identity-block/identity-block.inc.css

@@ -162,7 +162,8 @@
 }
 
 #identity-box[pageproxystate="valid"].notSecure > #identity-icon,
-#identity-box[pageproxystate="valid"].mixedActiveContent > #identity-icon {
+#identity-box[pageproxystate="valid"].mixedActiveContent > #identity-icon,
+#identity-box[pageproxystate="valid"].httpsOnlyErrorPage > #identity-icon {
   list-style-image: url(chrome://browser/skin/connection-mixed-active-loaded.svg);
 }