Bug 1342178 - Pass origin attributes to isSecureURI in devtools and browser. r=keeler,past

MozReview-Commit-ID: HIOYH8iUUkO --HG-- extra : rebase_source : 2512cb3e403093e0f18b3b979d7b4a10e3d7c42b
2024-10-08 02:14:43 +00:00 · 2017-04-11 10:14:10 +08:00 · 2017-04-11 10:14:10 +08:00 · e5a3b0c533
commit e5a3b0c533
parent 982f32390b
5 changed files with 49 additions and 14 deletions
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@ -3024,7 +3024,8 @@ var BrowserOnClick = {
      case "Browser:CertExceptionError":
        this.onCertError(msg.target, msg.data.elementId,
                         msg.data.isTopFrame, msg.data.location,
-                         msg.data.securityInfoAsString);
+                         msg.data.securityInfoAsString,
+                         msg.data.originAttributesAsString);
      break;
      case "Browser:OpenCaptivePortalPage":
        CaptivePortalWatcher.ensureCaptivePortalTab();
@ -3088,7 +3089,8 @@ var BrowserOnClick = {
                                 uri.host, uri.port);
  },

-  onCertError(browser, elementId, isTopFrame, location, securityInfoAsString) {
+  onCertError(browser, elementId, isTopFrame, location, securityInfoAsString,
+              originAttributesAsString) {
    let secHistogram = Services.telemetry.getHistogramById("SECURITY_UI");
    let securityInfo;

@ -3138,7 +3140,8 @@ var BrowserOnClick = {

        securityInfo = getSecurityInfo(securityInfoAsString);
        let errorInfo = getDetailedCertErrorInfo(location,
-                                                 securityInfo);
+                                                 securityInfo,
+                                                 JSON.parse(originAttributesAsString));
        browser.messageManager.sendAsyncMessage( "CertErrorDetails", {
            code: securityInfo.errorCode,
            info: errorInfo
@ -3150,7 +3153,8 @@ var BrowserOnClick = {
                                    .getService(Ci.nsIClipboardHelper);
        securityInfo = getSecurityInfo(securityInfoAsString);
        let detailedInfo = getDetailedCertErrorInfo(location,
-                                                    securityInfo);
+                                                    securityInfo,
+                                                    JSON.parse(originAttributesAsString));
        gClipboardHelper.copyString(detailedInfo);
        break;

@ -3415,7 +3419,7 @@ function getSecurityInfo(securityInfoAsString) {
 * Returns a string with detailed information about the certificate validation
 * failure from the specified URI that can be used to send a report.
 */
-function getDetailedCertErrorInfo(location, securityInfo) {
+function getDetailedCertErrorInfo(location, securityInfo, originAttributes) {
  if (!securityInfo)
    return "";

@ -3436,8 +3440,8 @@ function getDetailedCertErrorInfo(location, securityInfo) {

  let uri = Services.io.newURI(location);

-  let hasHSTS = sss.isSecureURI(sss.HEADER_HSTS, uri, flags);
-  let hasHPKP = sss.isSecureURI(sss.HEADER_HPKP, uri, flags);
+  let hasHSTS = sss.isSecureURI(sss.HEADER_HSTS, uri, flags, originAttributes);
+  let hasHPKP = sss.isSecureURI(sss.HEADER_HPKP, uri, flags, originAttributes);
  certErrorDetails += "\r\n\r\n" +
                      gNavigatorBundle.getFormattedString("certErrorDetailsHSTS.label",
                                                          [hasHSTS]);
--- a/browser/base/content/content.js
+++ b/browser/base/content/content.js
@ -293,6 +293,14 @@ addMessageListener("DeceptiveBlockedDetails", (message) => {
  });
 });

+function getSerializedOriginAttributes(docShell) {
+  let originAttributes = {};
+  if (docShell.failedChannel) {
+    originAttributes = docShell.failedChannel.loadInfo.originAttributes;
+  }
+  return JSON.stringify(originAttributes);
+}
+
 var AboutNetAndCertErrorListener = {
  init(chromeGlobal) {
    addMessageListener("CertErrorDetails", this);
@ -601,6 +609,7 @@ var ClickEventHandler = {
      elementId: targetElement.getAttribute("id"),
      isTopFrame: (ownerDoc.defaultView.parent === ownerDoc.defaultView),
      securityInfoAsString: getSerializedSecurityInfo(docShell),
+      originAttributesAsString: getSerializedOriginAttributes(docShell),
    });
  },

--- a/browser/base/content/test/general/browser_aboutCertError.js
+++ b/browser/base/content/test/general/browser_aboutCertError.js
@ -259,10 +259,13 @@ add_task(function* checkAdvancedDetails() {
                                .QueryInterface(Ci.nsITransportSecurityInfo)
                                .QueryInterface(Ci.nsISerializable);
    let serializedSecurityInfo = serhelper.serializeToString(serializable);
+    let originAttributes = docShell.failedChannel.loadInfo.originAttributes;
+    let serializedOriginAttributes = JSON.stringify(originAttributes);
    return {
      divDisplay: content.getComputedStyle(div).display,
      text: text.textContent,
-      securityInfoAsString: serializedSecurityInfo
+      securityInfoAsString: serializedSecurityInfo,
+      originAttributesAsString: serializedOriginAttributes,
    };
  });
  isnot(message.divDisplay, "none", "Debug information is visible");
@ -328,10 +331,13 @@ add_task(function* checkAdvancedDetailsForHSTS() {
                                .QueryInterface(Ci.nsITransportSecurityInfo)
                                .QueryInterface(Ci.nsISerializable);
    let serializedSecurityInfo = serhelper.serializeToString(serializable);
+    let originAttributes = docShell.failedChannel.loadInfo.originAttributes;
+    let serializedOriginAttributes = JSON.stringify(originAttributes);
    return {
      divDisplay: content.getComputedStyle(div).display,
      text: text.textContent,
-      securityInfoAsString: serializedSecurityInfo
+      securityInfoAsString: serializedSecurityInfo,
+      originAttributesAsString: serializedOriginAttributes,
    };
  });
  isnot(message.divDisplay, "none", "Debug information is visible");
--- a/devtools/client/debugger/new/debugger.js
+++ b/devtools/client/debugger/new/debugger.js
@ -8940,10 +8940,20 @@ return /******/ (function(modules) { // webpackBootstrap
 	        let flags = (httpActivity.private) ?
 	                      Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;

-	        let host = httpActivity.hostname;
+	        if (!uri) {
+	          // isSecureURI only cares about the host, not the scheme.
+	          let host = httpActivity.hostname;
+	          uri = Services.io.newURI("https://" + host);
+	        }

-	        info.hsts = sss.isSecureHost(sss.HEADER_HSTS, host, flags);
-	        info.hpkp = sss.isSecureHost(sss.HEADER_HPKP, host, flags);
+	        let originAttributes = {};
+	        if (httpActivity.channel) {
+	          originAttributes = httpActivity.channel.loadInfo.originAttributes;
+	        }
+	        info.hsts = sss.isSecureURI(sss.HEADER_HSTS, uri, flags,
+	                                    originAttributes);
+	        info.hpkp = sss.isSecureURI(sss.HEADER_HPKP, uri, flags,
+	                                    originAttributes);
 	      } else {
 	        DevToolsUtils.reportException("NetworkHelper.parseSecurityInfo",
 	          "Could not get HSTS/HPKP status as hostname is not available.");
--- a/devtools/shared/webconsole/network-helper.js
+++ b/devtools/shared/webconsole/network-helper.js
@ -644,8 +644,14 @@ var NetworkHelper = {
          uri = Services.io.newURI("https://" + host);
        }

-        info.hsts = sss.isSecureURI(sss.HEADER_HSTS, uri, flags);
-        info.hpkp = sss.isSecureURI(sss.HEADER_HPKP, uri, flags);
+        let originAttributes = {};
+        if (httpActivity.channel) {
+          originAttributes = httpActivity.channel.loadInfo.originAttributes;
+        }
+        info.hsts = sss.isSecureURI(sss.HEADER_HSTS, uri, flags,
+                                    originAttributes);
+        info.hpkp = sss.isSecureURI(sss.HEADER_HPKP, uri, flags,
+                                    originAttributes);
      } else {
        DevToolsUtils.reportException("NetworkHelper.parseSecurityInfo",
          "Could not get HSTS/HPKP status as hostname is not available.");