mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-17 23:35:34 +00:00
Bug 1721654 - show 'Not Secure' chiclet for certificate errors, r=pbz
This also causes nssFailure2 network errors to be treated as certificate errors in the identity block, and adjusts tests for this new reality. It also readds a test to test a non-cert-related network error to ensure that case doesn't lose coverage. Differential Revision: https://phabricator.services.mozilla.com/D121176
This commit is contained in:
parent
c899d04fbf
commit
c88bc927dc
@ -132,29 +132,28 @@ var gIdentityHandler = {
|
||||
return this._state & Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN;
|
||||
},
|
||||
|
||||
get _isAboutCertErrorPage() {
|
||||
get _isCertErrorPage() {
|
||||
let { documentURI } = gBrowser.selectedBrowser;
|
||||
if (documentURI?.scheme != "about") {
|
||||
return false;
|
||||
}
|
||||
|
||||
return (
|
||||
gBrowser.selectedBrowser.documentURI &&
|
||||
gBrowser.selectedBrowser.documentURI.scheme == "about" &&
|
||||
gBrowser.selectedBrowser.documentURI.pathQueryRef.startsWith("certerror")
|
||||
documentURI.filePath == "certerror" ||
|
||||
(documentURI.filePath == "neterror" &&
|
||||
new URLSearchParams(documentURI.query).get("e") == "nssFailure2")
|
||||
);
|
||||
},
|
||||
|
||||
get _isAboutNetErrorPage() {
|
||||
return (
|
||||
gBrowser.selectedBrowser.documentURI &&
|
||||
gBrowser.selectedBrowser.documentURI.scheme == "about" &&
|
||||
gBrowser.selectedBrowser.documentURI.pathQueryRef.startsWith("neterror")
|
||||
);
|
||||
let { documentURI } = gBrowser.selectedBrowser;
|
||||
return documentURI?.scheme == "about" && documentURI.filePath == "neterror";
|
||||
},
|
||||
|
||||
get _isAboutHttpsOnlyErrorPage() {
|
||||
let { documentURI } = gBrowser.selectedBrowser;
|
||||
return (
|
||||
gBrowser.selectedBrowser.documentURI &&
|
||||
gBrowser.selectedBrowser.documentURI.scheme == "about" &&
|
||||
gBrowser.selectedBrowser.documentURI.pathQueryRef.startsWith(
|
||||
"httpsonlyerror"
|
||||
)
|
||||
documentURI?.scheme == "about" && documentURI.filePath == "httpsonlyerror"
|
||||
);
|
||||
},
|
||||
|
||||
@ -173,17 +172,13 @@ var gIdentityHandler = {
|
||||
!this._isBrokenConnection &&
|
||||
!this._isPDFViewer &&
|
||||
(this._isSecureContext ||
|
||||
(gBrowser.selectedBrowser.documentURI &&
|
||||
gBrowser.selectedBrowser.documentURI.scheme == "chrome"))
|
||||
gBrowser.selectedBrowser.documentURI?.scheme == "chrome")
|
||||
);
|
||||
},
|
||||
|
||||
get _isAboutBlockedPage() {
|
||||
return (
|
||||
gBrowser.selectedBrowser.documentURI &&
|
||||
gBrowser.selectedBrowser.documentURI.scheme == "about" &&
|
||||
gBrowser.selectedBrowser.documentURI.pathQueryRef.startsWith("blocked")
|
||||
);
|
||||
let { documentURI } = gBrowser.selectedBrowser;
|
||||
return documentURI?.scheme == "about" && documentURI.filePath == "blocked";
|
||||
},
|
||||
|
||||
_popupInitialized: false,
|
||||
@ -823,9 +818,11 @@ var gIdentityHandler = {
|
||||
} else {
|
||||
this._identityBox.classList.add("weakCipher");
|
||||
}
|
||||
} else if (this._isAboutCertErrorPage) {
|
||||
// We show a warning lock icon for 'about:certerror' page.
|
||||
this._identityBox.className = "certErrorPage";
|
||||
} else if (this._isCertErrorPage) {
|
||||
// We show a warning lock icon for certificate errors, and
|
||||
// show the "Not Secure" text.
|
||||
this._identityBox.className = "certErrorPage notSecureText";
|
||||
icon_label = gNavigatorBundle.getString("identity.notSecure.label");
|
||||
} else if (this._isAboutHttpsOnlyErrorPage) {
|
||||
// We show a not secure lock icon for 'about:httpsonlyerror' page.
|
||||
this._identityBox.className = "httpsOnlyErrorPage";
|
||||
@ -964,7 +961,7 @@ var gIdentityHandler = {
|
||||
} else if (this._isSecureConnection) {
|
||||
connection = "secure";
|
||||
customRoot = this._hasCustomRoot();
|
||||
} else if (this._isAboutCertErrorPage) {
|
||||
} else if (this._isCertErrorPage) {
|
||||
connection = "cert-error-page";
|
||||
} else if (this._isAboutHttpsOnlyErrorPage) {
|
||||
connection = "https-only-error-page";
|
||||
|
@ -379,7 +379,7 @@ async function noCertErrorTest(secureCheck) {
|
||||
await promise;
|
||||
is(
|
||||
getIdentityMode(),
|
||||
"certErrorPage",
|
||||
"certErrorPage notSecureText",
|
||||
"Identity should be the cert error page."
|
||||
);
|
||||
is(
|
||||
@ -394,7 +394,7 @@ async function noCertErrorTest(secureCheck) {
|
||||
gBrowser.selectedTab = newTab;
|
||||
is(
|
||||
getIdentityMode(),
|
||||
"certErrorPage",
|
||||
"certErrorPage notSecureText",
|
||||
"Identity should be the cert error page."
|
||||
);
|
||||
is(
|
||||
@ -481,7 +481,7 @@ async function noCertErrorFromNavigationTest(secureCheck) {
|
||||
);
|
||||
is(
|
||||
getIdentityMode(),
|
||||
"certErrorPage",
|
||||
"certErrorPage notSecureText",
|
||||
"Identity should be the cert error page."
|
||||
);
|
||||
is(
|
||||
@ -500,10 +500,14 @@ add_task(async function test_about_net_error_uri_from_navigation_tab() {
|
||||
await noCertErrorFromNavigationTest(false);
|
||||
});
|
||||
|
||||
add_task(async function netErrorPageTest() {
|
||||
add_task(async function tlsErrorPageTest() {
|
||||
const TLS10_PAGE = "https://tls1.example.com/";
|
||||
Services.prefs.setIntPref("security.tls.version.min", 3);
|
||||
Services.prefs.setIntPref("security.tls.version.max", 4);
|
||||
await SpecialPowers.pushPrefEnv({
|
||||
set: [
|
||||
["security.tls.version.min", 3],
|
||||
["security.tls.version.max", 4],
|
||||
],
|
||||
});
|
||||
|
||||
let browser;
|
||||
let pageLoaded;
|
||||
@ -530,8 +534,8 @@ add_task(async function netErrorPageTest() {
|
||||
|
||||
is(
|
||||
getConnectionState(),
|
||||
"net-error-page",
|
||||
"Connection should be the net error page."
|
||||
"cert-error-page",
|
||||
"Connection state should be the cert error page."
|
||||
);
|
||||
|
||||
BrowserTestUtils.removeTab(gBrowser.selectedTab);
|
||||
@ -539,6 +543,49 @@ add_task(async function netErrorPageTest() {
|
||||
await SpecialPowers.popPrefEnv();
|
||||
});
|
||||
|
||||
add_task(async function netErrorPageTest() {
|
||||
// Connect to a server that rejects all requests, to test network error pages:
|
||||
let { HttpServer } = ChromeUtils.import("resource://testing-common/httpd.js");
|
||||
let server = new HttpServer();
|
||||
server.registerPrefixHandler("/", (req, res) =>
|
||||
res.abort(new Error("Noooope."))
|
||||
);
|
||||
server.start(-1);
|
||||
let port = server.identity.primaryPort;
|
||||
const ERROR_PAGE = `http://localhost:${port}/`;
|
||||
|
||||
let browser;
|
||||
let pageLoaded;
|
||||
await BrowserTestUtils.openNewForegroundTab(
|
||||
gBrowser,
|
||||
() => {
|
||||
gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, ERROR_PAGE);
|
||||
browser = gBrowser.selectedBrowser;
|
||||
pageLoaded = BrowserTestUtils.waitForErrorPage(browser);
|
||||
},
|
||||
false
|
||||
);
|
||||
|
||||
info("Loading and waiting for the net error");
|
||||
await pageLoaded;
|
||||
|
||||
await SpecialPowers.spawn(browser, [], function() {
|
||||
const doc = content.document;
|
||||
ok(
|
||||
doc.documentURI.startsWith("about:neterror"),
|
||||
"Should be showing error page"
|
||||
);
|
||||
});
|
||||
|
||||
is(
|
||||
getConnectionState(),
|
||||
"net-error-page",
|
||||
"Connection should be the net error page."
|
||||
);
|
||||
|
||||
BrowserTestUtils.removeTab(gBrowser.selectedTab);
|
||||
});
|
||||
|
||||
async function aboutBlockedTest(secureCheck) {
|
||||
let url = "http://www.itisatrap.org/firefox/its-an-attack.html";
|
||||
let oldTab = await loadNewTab("about:robots");
|
||||
|
Loading…
Reference in New Issue
Block a user