corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Backed out 2 changesets (bug 1927594) for causing wpt failures. CLOSED TREE

Browse Source 
Backed out changeset 46a8e41b53dc (bug 1927594)
Backed out changeset bde1ce0e09eb (bug 1927594)
This commit is contained in:
Sandor Molnar
2025-01-18 07:44:42 +02:00
parent 408ff54ac5
commit 08b7f7de38
10 changed files with 82 additions and 351 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
browser/base/content/test/about/browser.toml
View File

@@ -15,17 +15,6 @@ support-files = [
["browser_aboutCertError_clockSkew.js"]
["browser_aboutCertError_coep.js"]
support-files = [
"sandbox_corp_iframe.sjs",
]
["browser_aboutCertError_coop.js"]
support-files = [
"sandbox_corp_iframe.sjs",
"sandbox_corp_popup.html",
]
["browser_aboutCertError_exception.js"]
["browser_aboutCertError_mitm.js"]

54
browser/base/content/test/about/browser_aboutCertError_coep.js
View File

@@ -1,54 +0,0 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
const AUTH_ROUTE =
"https://example.com/browser/browser/base/content/test/about/sandbox_corp_iframe.sjs";
add_task(async function test_coepError() {
let browser;
let pageLoaded;
const uri = `${AUTH_ROUTE}?error=coep`;
await BrowserTestUtils.openNewForegroundTab(
gBrowser,
() => {
gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, uri);
browser = gBrowser.selectedBrowser;
pageLoaded = BrowserTestUtils.waitForErrorPage(browser);
},
false
);
await pageLoaded;
await SpecialPowers.spawn(browser, [], function () {
// The error is displayed in the iframe for COEP
const doc = content.document.querySelector("iframe").contentDocument;
ok(
doc.documentURI.startsWith("about:neterror"),
"Should be showing error page"
);
const titleEl = doc.querySelector(".title-text");
const actualDataL10nID = titleEl.getAttribute("data-l10n-id");
is(
actualDataL10nID,
"general-body-title",
"Correct error link title (CORP) is set"
);
const anchor = doc.querySelector("a");
const actualAnchorl10nID = anchor.getAttribute("data-l10n-id");
is(
actualAnchorl10nID,
"certerror-coep-learn-more",
"Correct error link is set"
);
});
BrowserTestUtils.removeTab(gBrowser.selectedTab);
});

72
browser/base/content/test/about/browser_aboutCertError_coop.js
View File

@@ -1,72 +0,0 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
const AUTH_ROUTE =
"https://example.com/browser/browser/base/content/test/about/sandbox_corp_iframe.sjs";
/**
* Waits for a single TabOpen event, then attaches waitForErrorPage
* to the newly opened tabs browser. Returns the tab once the error page loads.
*/
function waitForNewTabAndErrorPage() {
let tabLoaded = BrowserTestUtils.waitForEvent(
gBrowser.tabContainer,
"TabOpen"
);
return (async () => {
let event = await tabLoaded;
let newTab = event.target;
let newBrowser = newTab.linkedBrowser;
let errorPageLoaded = BrowserTestUtils.waitForErrorPage(newBrowser);
await errorPageLoaded;
return newTab;
})();
}
add_task(async function test_coopError() {
let iframeTab = await BrowserTestUtils.openNewForegroundTab(
gBrowser,
`${AUTH_ROUTE}?error=coop`
);
let popupTabLoaded = waitForNewTabAndErrorPage();
await SpecialPowers.spawn(iframeTab.linkedBrowser, [], async () => {
let button = content.document
.querySelector("iframe")
.contentDocument.querySelector("#openPopupButton");
if (!button) {
ok(false, "Popup button not found!");
}
button.click();
});
let popUpTab = await popupTabLoaded;
let popUpBrowser = popUpTab.linkedBrowser;
await SpecialPowers.spawn(popUpBrowser, [], function () {
const doc = content.document;
const titleEl = doc.querySelector(".title-text");
const actualDataL10nID = titleEl.getAttribute("data-l10n-id");
is(
actualDataL10nID,
"general-body-title",
"Correct error link title (CORP) is set"
);
const anchor = doc.querySelector("a");
const actualAnchorl10nID = anchor.getAttribute("data-l10n-id");
is(
actualAnchorl10nID,
"certerror-coop-learn-more",
"Correct error link is set"
);
});
BrowserTestUtils.removeTab(iframeTab);
BrowserTestUtils.removeTab(popUpTab);
});

52
browser/base/content/test/about/sandbox_corp_iframe.sjs
View File

@@ -1,52 +0,0 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
function decode(str) {
return decodeURIComponent(str.replace(/\+/g, encodeURIComponent(" ")));
}
function handleRequest(request, response) {
const queryString = request.queryString;
let params = queryString.split("&").reduce((memo, pair) => {
let [key, val] = pair.split("=");
if (!val) {
val = key;
key = "query";
}
try {
memo[decode(key)] = decode(val);
} catch (e) {
memo[key] = val;
}
return memo;
}, {});
response.setHeader("Content-Type", "text/html", false);
let destination = "dummy_page";
switch (params.error) {
case "coop": {
destination = "sandbox_corp_popup";
response.setHeader("Cross-Origin-Opener-Policy", "same-origin", false);
break;
}
case "coep": {
response.setHeader("Cross-Origin-Opener-Policy", "same-origin", false);
response.setHeader("Cross-Origin-Embedder-Policy", "require-corp", false);
break;
}
case "inner_coop": // Only called from popup.html
response.setHeader("Cross-Origin-Opener-Policy", "same-origin", false);
return;
default:
return;
}
let txt = `<html><body><iframe src="https://example.com/browser/browser/base/content/test/about/${destination}.html" width=100% height=100% sandbox="allow-popups allow-scripts allow-same-origin"></iframe></body></html>`;
response.write(txt);
}

19
browser/base/content/test/about/sandbox_corp_popup.html
View File

@@ -1,19 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Popup test page</title>
</head>
<body>
<p>Popup Page</p>
<button id="openPopupButton" type="button">Open Popup</button>
<script>
document.getElementById("openPopupButton").addEventListener("click", () => {
window.open(
"https://example.com/browser/browser/base/content/test/about/sandbox_corp_iframe.sjs?error=inner_coop",
"_blank"
);
});
</script>
</body>
</html>

1
browser/locales/en-US/chrome/overrides/appstrings.properties
View File

@@ -43,5 +43,4 @@ corruptedContentErrorv2=The site at %S has experienced a network protocol violat
sslv3Used=Firefox cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol.
inadequateSecurityError=The website tried to negotiate an inadequate level of security.
blockedByPolicy=Your organization has blocked access to this page or website.
blockedByCORP=Firefox didnt load this page because it looks like the security configuration doesnt match the previous page.
networkProtocolError=Firefox has experienced a network protocol violation that cannot be repaired.

10
docshell/base/nsDocShell.cpp
View File

@@ -3613,17 +3613,11 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
addHostPort = true;
break;
case NS_ERROR_BLOCKED_BY_POLICY:
case NS_ERROR_DOM_COOP_FAILED:
case NS_ERROR_DOM_COEP_FAILED:
// Page blocked by policy
error = "blockedByPolicy";
break;
case NS_ERROR_DOM_COOP_FAILED:
error = "blockedByCOOP";
errorDescriptionID = "blockedByCORP";
break;
case NS_ERROR_DOM_COEP_FAILED:
error = "blockedByCOEP";
errorDescriptionID = "blockedByCORP";
break;
case NS_ERROR_NET_HTTP2_SENT_GOAWAY:
case NS_ERROR_NET_HTTP3_PROTOCOL_ERROR:
// HTTP/2 or HTTP/3 stack detected a protocol error

2
testing/web-platform/meta/loading/early-hints/iframe-coep-disallow.h2.html.ini
View File

@@ -1,4 +1,4 @@
[iframe-coep-disallow.h2.html]
[Early hints for an iframe that violates Cross-Origin-Embedder-Policy should be ignored.]
expected:
if (os == "android"): [PASS, FAIL]
if (os == "android") and not debug: [PASS, FAIL]

207
toolkit/content/aboutNetError.mjs
View File

@@ -58,13 +58,11 @@ const KNOWN_ERROR_TITLE_IDS = new Set([
"sslv3Used-title",
"inadequateSecurityError-title",
"blockedByPolicy-title",
"blocked-by-corp-headers-title",
"clockSkewError-title",
"networkProtocolError-title",
"nssBadCert-title",
"nssBadCert-sts-title",
"certerror-mitm-title",
"general-body-title",
]);
/* The error message IDs from nsserror.ftl get processed into
@@ -72,10 +70,6 @@ const KNOWN_ERROR_TITLE_IDS = new Set([
/* global KNOWN_ERROR_MESSAGE_IDS */
const ERROR_MESSAGES_FTL = "toolkit/neterror/nsserrors.ftl";
const MDN_DOCS_HEADERS = "https://developer.mozilla.org/docs/Web/HTTP/Headers/";
const COOP_MDN_DOCS = MDN_DOCS_HEADERS + "Cross-Origin-Opener-Policy";
const COEP_MDN_DOCS = MDN_DOCS_HEADERS + "Cross-Origin-Embedder-Policy";
// If the location of the favicon changes, FAVICON_CERTERRORPAGE_URL and/or
// FAVICON_ERRORPAGE_URL in toolkit/components/places/nsFaviconService.idl
// should also be updated.
@@ -297,9 +291,75 @@ function setResponseStatus(shortDesc) {
}
}
// Returns pageTitleId, bodyTitle, bodyTitleId, and longDesc as an object
function initTitleAndBodyIds(baseURL, isTRROnlyFailure) {
let bodyTitle = document.querySelector(".title-text");
function initPage() {
// We show an offline support page in case of a system-wide error,
// when a user cannot connect to the internet and access the SUMO website.
// For example, clock error, which causes certerrors across the web or
// a security software conflict where the user is unable to connect
// to the internet.
// The URL that prompts us to show an offline support page should have the following
// format: "https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/supportPageSlug",
// so we can extract the support page slug.
let baseURL = RPMGetFormatURLPref("app.support.baseURL");
if (document.location.href.startsWith(baseURL)) {
let supportPageSlug = document.location.pathname.split("/").pop();
RPMSendAsyncMessage("DisplayOfflineSupportPage", {
supportPageSlug,
});
}
const className = getCSSClass();
if (className) {
document.body.classList.add(className);
}
const isTRROnlyFailure = gErrorCode == "dnsNotFound" && RPMIsTRROnlyFailure();
let isNativeFallbackWarning = false;
if (RPMGetBoolPref("network.trr.display_fallback_warning")) {
isNativeFallbackWarning =
gErrorCode == "dnsNotFound" && RPMIsNativeFallbackFailure();
}
const docTitle = document.querySelector("title");
const bodyTitle = document.querySelector(".title-text");
const shortDesc = document.getElementById("errorShortDesc");
if (gIsCertError) {
const isStsError = window !== window.top || gHasSts;
const errArgs = { hostname: HOST_NAME };
if (isCaptive()) {
document.l10n.setAttributes(
docTitle,
"neterror-captive-portal-page-title"
);
document.l10n.setAttributes(bodyTitle, "captivePortal-title");
document.l10n.setAttributes(
shortDesc,
"neterror-captive-portal",
errArgs
);
initPageCaptivePortal();
} else {
if (isStsError) {
document.l10n.setAttributes(docTitle, "certerror-sts-page-title");
document.l10n.setAttributes(bodyTitle, "nssBadCert-sts-title");
document.l10n.setAttributes(shortDesc, "certerror-sts-intro", errArgs);
} else {
document.l10n.setAttributes(docTitle, "certerror-page-title");
document.l10n.setAttributes(bodyTitle, "nssBadCert-title");
document.l10n.setAttributes(shortDesc, "certerror-intro", errArgs);
}
initPageCertError();
}
initCertErrorPageActions();
setTechnicalDetailsOnCertError();
return;
}
document.body.classList.add("neterror");
let longDesc = document.getElementById("errorLongDesc");
const tryAgain = document.getElementById("netErrorButtonContainer");
tryAgain.hidden = false;
@@ -319,13 +379,7 @@ function initTitleAndBodyIds(baseURL, isTRROnlyFailure) {
// For pages blocked by policy, trying again won't help.
tryAgain.hidden = true;
break;
case "blockedByCOOP":
case "blockedByCOEP": {
bodyTitleId = "general-body-title";
document.body.classList.add("blocked");
tryAgain.hidden = true;
break;
}
case "cspBlocked":
case "xfoBlocked": {
bodyTitleId = "csp-xfo-error-title";
@@ -410,88 +464,6 @@ function initTitleAndBodyIds(baseURL, isTRROnlyFailure) {
break;
}
return { pageTitleId, bodyTitle, bodyTitleId, longDesc };
}
function initPage() {
// We show an offline support page in case of a system-wide error,
// when a user cannot connect to the internet and access the SUMO website.
// For example, clock error, which causes certerrors across the web or
// a security software conflict where the user is unable to connect
// to the internet.
// The URL that prompts us to show an offline support page should have the following
// format: "https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/supportPageSlug",
// so we can extract the support page slug.
let baseURL = RPMGetFormatURLPref("app.support.baseURL");
if (document.location.href.startsWith(baseURL)) {
let supportPageSlug = document.location.pathname.split("/").pop();
RPMSendAsyncMessage("DisplayOfflineSupportPage", {
supportPageSlug,
});
}
const className = getCSSClass();
if (className) {
document.body.classList.add(className);
}
const isTRROnlyFailure = gErrorCode == "dnsNotFound" && RPMIsTRROnlyFailure();
let isNativeFallbackWarning = false;
if (RPMGetBoolPref("network.trr.display_fallback_warning")) {
isNativeFallbackWarning =
gErrorCode == "dnsNotFound" && RPMIsNativeFallbackFailure();
}
const docTitle = document.querySelector("title");
const shortDesc = document.getElementById("errorShortDesc");
if (gIsCertError) {
const bodyTitle = document.querySelector(".title-text");
const isStsError = window !== window.top || gHasSts;
const errArgs = { hostname: HOST_NAME };
if (isCaptive()) {
document.l10n.setAttributes(
docTitle,
"neterror-captive-portal-page-title"
);
document.l10n.setAttributes(bodyTitle, "captivePortal-title");
document.l10n.setAttributes(
shortDesc,
"neterror-captive-portal",
errArgs
);
initPageCaptivePortal();
} else {
if (isStsError) {
document.l10n.setAttributes(docTitle, "certerror-sts-page-title");
document.l10n.setAttributes(bodyTitle, "nssBadCert-sts-title");
document.l10n.setAttributes(shortDesc, "certerror-sts-intro", errArgs);
} else {
document.l10n.setAttributes(docTitle, "certerror-page-title");
document.l10n.setAttributes(bodyTitle, "nssBadCert-title");
document.l10n.setAttributes(shortDesc, "certerror-intro", errArgs);
}
initPageCertError();
}
initCertErrorPageActions();
setTechnicalDetailsOnCertError();
return;
}
document.body.classList.add("neterror");
const tryAgain = document.getElementById("netErrorButtonContainer");
tryAgain.hidden = false;
const learnMoreLink = document.getElementById("learnMoreLink");
learnMoreLink.setAttribute("href", baseURL + "connection-not-secure");
let { pageTitleId, bodyTitle, bodyTitleId, longDesc } = initTitleAndBodyIds(
baseURL,
isTRROnlyFailure
);
// bodyTitle is set to null if it has already been set in initTitleAndBodyIds
if (!KNOWN_ERROR_TITLE_IDS.has(bodyTitleId)) {
console.error("No strings exist for error:", gErrorCode);
bodyTitleId = "generic-title";
@@ -503,10 +475,8 @@ function initPage() {
document.body.className = "certerror"; // Shows warning icon
pageTitleId = "dns-not-found-trr-only-title2";
document.l10n.setAttributes(docTitle, pageTitleId);
if (bodyTitle) {
bodyTitleId = "dns-not-found-trr-only-title2";
document.l10n.setAttributes(bodyTitle, bodyTitleId);
}
bodyTitleId = "dns-not-found-trr-only-title2";
document.l10n.setAttributes(bodyTitle, bodyTitleId);
shortDesc.textContent = "";
let skipReason = RPMGetTRRSkipReason();
@@ -628,9 +598,7 @@ function initPage() {
}
document.l10n.setAttributes(docTitle, pageTitleId);
if (bodyTitle) {
document.l10n.setAttributes(bodyTitle, bodyTitleId);
}
document.l10n.setAttributes(bodyTitle, bodyTitleId);
shortDesc.textContent = getDescription();
setFocus("#netErrorButtonContainer > .try-again");
@@ -723,20 +691,16 @@ function showNativeFallbackWarning() {
* Builds HTML elements from `parts` and appends them to `parentElement`.
*
* @param {HTMLElement} parentElement
* @param {Array<["li" | "p" | "span" | "a", string, Record<string, string> | undefined]>} parts
* @param {Array<["li" | "p" | "span", string, Record<string, string> | undefined]>} parts
*/
function setNetErrorMessageFromParts(parentElement, parts) {
let list = null;
for (let [tag, l10nId, l10nArgsOrHref] of parts) {
for (let [tag, l10nId, l10nArgs] of parts) {
const elem = document.createElement(tag);
elem.dataset.l10nId = l10nId;
if (l10nArgsOrHref) {
if (tag === "a") {
elem.href = l10nArgsOrHref;
} else {
elem.dataset.l10nArgs = JSON.stringify(l10nArgsOrHref);
}
if (l10nArgs) {
elem.dataset.l10nArgs = JSON.stringify(l10nArgs);
}
if (tag === "li") {
@@ -758,10 +722,9 @@ function setNetErrorMessageFromParts(parentElement, parts) {
* Returns an array of tuples determining the parts of an error message:
* - HTML tag name
* - l10n id
* - l10n args (if the tag is not "a", optional)
* - href (if the tag is "a", optional)
* - l10n args (optional)
*
* @returns { Array<["li" | "p" | "span" | "a", string, Record<string, string> | undefined]> }
* @returns { Array<["li" | "p" | "span", string, Record<string, string> | undefined]> }
*/
function getNetErrorDescParts() {
switch (gErrorCode) {
@@ -781,18 +744,6 @@ function getNetErrorDescParts() {
return errorTags;
}
case "blockedByCOOP": {
return [
["p", "certerror-blocked-by-corp-headers-description"],
["a", "certerror-coop-learn-more", COOP_MDN_DOCS],
];
}
case "blockedByCOEP": {
return [
["p", "certerror-blocked-by-corp-headers-description"],
["a", "certerror-coep-learn-more", COEP_MDN_DOCS],
];
}
case "blockedByPolicy":
case "deniedPortAccess":
case "malformedURI":

5
toolkit/locales/en-US/toolkit/neterror/netError.ftl
View File

@@ -11,7 +11,6 @@ neterror-blocked-by-policy-page-title = Blocked Page
neterror-captive-portal-page-title = Log in to network
neterror-dns-not-found-title = Server Not Found
neterror-malformed-uri-page-title = Invalid URL
general-body-title = Be careful. Something doesnt look right.
## Error page actions
@@ -179,10 +178,6 @@ certerror-what-should-i-do-bad-sts-cert-explanation = <b>{ $hostname }</b> has a
cert-error-trust-certificate-transparency-what-can-you-do-about-it = Probably nothing, since its likely theres a problem with the site itself.
certerror-blocked-by-corp-headers-description = Sometimes websites set up protections for themselves and people like you from unwanted interactions with other sites.
certerror-coop-learn-more = Learn more about Cross Origin Opener Policies (COOP)
certerror-coep-learn-more = Learn more about Cross Origin Embedder Policies (COEP)
# Variables:
# $responsestatus (string) - HTTP response status code (e.g., 500).
# $responsestatustext (string) - HTTP response status text (e.g., "Internal Server Error").