Bug 1333140 - Require SecureContext for WebCrypto r=bholley,keeler,baku

Adds [SecureContext] for crypto.subtle, CryptoKey, and SubtleCrypto, retiring the WebCrypto WPT overrides for WebCryptoAPI/historical.any.js. Rebased on https://phabricator.services.mozilla.com/D58743 Differential Revision: https://phabricator.services.mozilla.com/D58555 --HG-- extra : moz-landing-system : lando
2024-10-08 10:44:56 +00:00 · 2020-02-11 09:25:09 +00:00 · 2020-02-11 09:25:09 +00:00 · ac5dfc4597
commit ac5dfc4597
parent 6b88e5889a
10 changed files with 14 additions and 32 deletions
--- a/dom/crypto/test/mochitest.ini
+++ b/dom/crypto/test/mochitest.ini
@ -1,4 +1,5 @@
 [DEFAULT]
+scheme = https
 support-files =
  file_indexedDB.html
  test-array.js
--- a/dom/crypto/test/test_indexedDB.html
+++ b/dom/crypto/test/test_indexedDB.html
@ -15,7 +15,7 @@
     */
    "use strict";

-    const TEST_URI = "http://www.example.com/tests/" +
+    const TEST_URI = "https://example.com/tests/" +
                     "dom/crypto/test/file_indexedDB.html";

    SimpleTest.waitForExplicitFinish();
--- a/dom/indexedDB/test/mochitest.ini
+++ b/dom/indexedDB/test/mochitest.ini
@ -267,5 +267,6 @@ support-files =
 [test_transaction_ordering.html]
 [test_unique_index_update.html]
 [test_upgrade_add_index.html]
+scheme = https
 [test_view_put_get_values.html]
 [test_wasm_put_get_values.html]
--- a/dom/push/test/mochitest.ini
+++ b/dom/push/test/mochitest.ini
@ -14,6 +14,7 @@ support-files =
 [test_register.html]
 skip-if = os == "win" # Bug 1373346
 [test_register_key.html]
+scheme = https
 [test_multiple_register.html]
 [test_multiple_register_during_service_activation.html]
 skip-if = (os == "win") || (os == "linux") || (os == "mac") #Bug 1274773
@ -23,6 +24,7 @@ skip-if = (os == "win") || (os == "linux") || (os == "mac") #Bug 1274773
 skip-if = os == "win" # Bug 1373346
 [test_data.html]
 skip-if = os == "win" # Bug 1373346
+scheme = https
 [test_try_registering_offline_disabled.html]
 skip-if = os == "win" # Bug 1373346
 [test_serviceworker_lifetime.html]
--- a/dom/tests/mochitest/general/test_interfaces.js
+++ b/dom/tests/mochitest/general/test_interfaces.js
@ -237,7 +237,7 @@ var interfaceNamesInGlobalScope = [
  // IMPORTANT: Do not change this list without review from a DOM peer!
  { name: "Crypto", insecureContext: true },
  // IMPORTANT: Do not change this list without review from a DOM peer!
-  { name: "CryptoKey", insecureContext: true },
+  { name: "CryptoKey" },
  // IMPORTANT: Do not change this list without review from a DOM peer!
  { name: "CSS", insecureContext: true },
  // IMPORTANT: Do not change this list without review from a DOM peer!
@ -1050,7 +1050,7 @@ var interfaceNamesInGlobalScope = [
  // IMPORTANT: Do not change this list without review from a DOM peer!
  { name: "StyleSheetList", insecureContext: true },
  // IMPORTANT: Do not change this list without review from a DOM peer!
-  { name: "SubtleCrypto", insecureContext: true },
+  { name: "SubtleCrypto" },
  // IMPORTANT: Do not change this list without review from a DOM peer!
  { name: "SubmitEvent", insecureContext: true },
  // IMPORTANT: Do not change this list without review from a DOM peer!
--- a/dom/webidl/Crypto.webidl
+++ b/dom/webidl/Crypto.webidl
@ -14,6 +14,7 @@ interface mixin GlobalCrypto {

 [Exposed=(Window,Worker)]
 interface Crypto {
+  [SecureContext]
  readonly attribute SubtleCrypto subtle;

  [Throws]
--- a/dom/webidl/SubtleCrypto.webidl
+++ b/dom/webidl/SubtleCrypto.webidl
@ -162,6 +162,7 @@ dictionary JsonWebKey {
 /***** The Main API *****/

 [Serializable,
+ SecureContext,
 Exposed=Window]
 interface CryptoKey {
  readonly attribute KeyType type;
@ -179,7 +180,8 @@ dictionary CryptoKeyPair {
 typedef DOMString KeyFormat;
 typedef (object or DOMString) AlgorithmIdentifier;

-[Exposed=(Window,Worker)]
+[Exposed=(Window,Worker),
+ SecureContext]
 interface SubtleCrypto {
  [Throws]
  Promise<any> encrypt(AlgorithmIdentifier algorithm,
--- a/dom/workers/test/test_worker_interfaces.js
+++ b/dom/workers/test/test_worker_interfaces.js
@ -235,7 +235,7 @@ var interfaceNamesInGlobalScope = [
  // IMPORTANT: Do not change this list without review from a DOM peer!
  { name: "StorageManager", fennec: false },
  // IMPORTANT: Do not change this list without review from a DOM peer!
-  { name: "SubtleCrypto", insecureContext: true },
+  { name: "SubtleCrypto" },
  // IMPORTANT: Do not change this list without review from a DOM peer!
  { name: "TextDecoder", insecureContext: true },
  // IMPORTANT: Do not change this list without review from a DOM peer!
--- a/js/xpconnect/tests/unit/test_crypto.js
+++ b/js/xpconnect/tests/unit/test_crypto.js
@ -4,7 +4,8 @@
 function run_test() {
  let sb = new Cu.Sandbox('https://www.example.com',
                          { wantGlobalProperties:
-                            ["crypto", "TextEncoder", "TextDecoder"]
+                            ["crypto", "TextEncoder", "TextDecoder", "isSecureContext"],
+                            forceSecureContext: true,
                          });
  sb.ok = ok;
  Cu.evalInSandbox('ok(this.crypto);', sb);
--- a/testing/web-platform/meta/WebCryptoAPI/historical.any.js.ini
+++ b/testing/web-platform/meta/WebCryptoAPI/historical.any.js.ini
@ -1,26 +0,0 @@
-[historical.any.html]
-  [Non-secure context window does not have access to crypto.subtle]
-    expected: FAIL
-
-  [Non-secure context window does not have access to SubtleCrypto]
-    expected: FAIL
-
-  [Non-secure context window does not have access to CryptoKey]
-    expected: FAIL
-
-
-[historical.any.worker.html]
-  [Non-secure context window does not have access to crypto.subtle]
-    expected: FAIL
-
-  [Non-secure context window does not have access to SubtleCrypto]
-    expected: FAIL
-
-
-[historical.any.sharedworker.html]
-  [Non-secure context window does not have access to crypto.subtle]
-    expected: FAIL
-
-  [Non-secure context window does not have access to SubtleCrypto]
-    expected: FAIL
-