corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Backed out changeset 7d26eb9ace6e (bug 1927594) for causing failurfes at iframe-coep-disallow.h2.html. CLOSED TREE

Browse Source
This commit is contained in:
Butkovits Atila
2025-01-10 19:05:02 +02:00
parent f649db2474
commit 573c79c8f0
5 changed files with 81 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
browser/locales/en-US/chrome/overrides/appstrings.properties
View File

@@ -43,5 +43,4 @@ corruptedContentErrorv2=The site at %S has experienced a network protocol violat
sslv3Used=Firefox cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol. sslv3Used=Firefox cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol.
inadequateSecurityError=The website tried to negotiate an inadequate level of security. inadequateSecurityError=The website tried to negotiate an inadequate level of security.
blockedByPolicy=Your organization has blocked access to this page or website. blockedByPolicy=Your organization has blocked access to this page or website.
blockedByCORP=Firefox didnt load this page because it looks like the security configuration doesnt match the previous page.
networkProtocolError=Firefox has experienced a network protocol violation that cannot be repaired. networkProtocolError=Firefox has experienced a network protocol violation that cannot be repaired.

10
docshell/base/nsDocShell.cpp
View File

@@ -3613,17 +3613,11 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
addHostPort = true; addHostPort = true;
break; break;
case NS_ERROR_BLOCKED_BY_POLICY: case NS_ERROR_BLOCKED_BY_POLICY:
case NS_ERROR_DOM_COOP_FAILED:
case NS_ERROR_DOM_COEP_FAILED:
// Page blocked by policy // Page blocked by policy
error = "blockedByPolicy"; error = "blockedByPolicy";
break; break;
case NS_ERROR_DOM_COOP_FAILED:
error = "blockedByCOOP";
errorDescriptionID = "blockedByCORP";
break;
case NS_ERROR_DOM_COEP_FAILED:
error = "blockedByCOEP";
errorDescriptionID = "blockedByCORP";
break;
case NS_ERROR_NET_HTTP2_SENT_GOAWAY: case NS_ERROR_NET_HTTP2_SENT_GOAWAY:
case NS_ERROR_NET_HTTP3_PROTOCOL_ERROR: case NS_ERROR_NET_HTTP3_PROTOCOL_ERROR:
// HTTP/2 or HTTP/3 stack detected a protocol error // HTTP/2 or HTTP/3 stack detected a protocol error

200
toolkit/content/aboutNetError.mjs
View File

@@ -58,7 +58,6 @@ const KNOWN_ERROR_TITLE_IDS = new Set([
"sslv3Used-title", "sslv3Used-title",
"inadequateSecurityError-title", "inadequateSecurityError-title",
"blockedByPolicy-title", "blockedByPolicy-title",
"blocked-by-corp-headers-title",
"clockSkewError-title", "clockSkewError-title",
"networkProtocolError-title", "networkProtocolError-title",
"nssBadCert-title", "nssBadCert-title",
@@ -71,10 +70,6 @@ const KNOWN_ERROR_TITLE_IDS = new Set([
/* global KNOWN_ERROR_MESSAGE_IDS */ /* global KNOWN_ERROR_MESSAGE_IDS */
const ERROR_MESSAGES_FTL = "toolkit/neterror/nsserrors.ftl"; const ERROR_MESSAGES_FTL = "toolkit/neterror/nsserrors.ftl";
const MDN_DOCS_HEADERS = "https://developer.mozilla.org/docs/Web/HTTP/Headers/";
const COOP_MDN_DOCS = MDN_DOCS_HEADERS + "Cross-Origin-Opener-Policy";
const COEP_MDN_DOCS = MDN_DOCS_HEADERS + "Cross-Origin-Embedder-Policy";
// If the location of the favicon changes, FAVICON_CERTERRORPAGE_URL and/or // If the location of the favicon changes, FAVICON_CERTERRORPAGE_URL and/or
// FAVICON_ERRORPAGE_URL in toolkit/components/places/nsFaviconService.idl // FAVICON_ERRORPAGE_URL in toolkit/components/places/nsFaviconService.idl
// should also be updated. // should also be updated.
@@ -296,9 +291,75 @@ function setResponseStatus(shortDesc) {
} }
} }
// Returns pageTitleId, bodyTitle, bodyTitleId, and longDesc as an object function initPage() {
function initTitleAndBodyIds(baseURL, isTRROnlyFailure) { // We show an offline support page in case of a system-wide error,
let bodyTitle = document.querySelector(".title-text"); // when a user cannot connect to the internet and access the SUMO website.
// For example, clock error, which causes certerrors across the web or
// a security software conflict where the user is unable to connect
// to the internet.
// The URL that prompts us to show an offline support page should have the following
// format: "https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/supportPageSlug",
// so we can extract the support page slug.
let baseURL = RPMGetFormatURLPref("app.support.baseURL");
if (document.location.href.startsWith(baseURL)) {
let supportPageSlug = document.location.pathname.split("/").pop();
RPMSendAsyncMessage("DisplayOfflineSupportPage", {
supportPageSlug,
});
}
const className = getCSSClass();
if (className) {
document.body.classList.add(className);
}
const isTRROnlyFailure = gErrorCode == "dnsNotFound" && RPMIsTRROnlyFailure();
let isNativeFallbackWarning = false;
if (RPMGetBoolPref("network.trr.display_fallback_warning")) {
isNativeFallbackWarning =
gErrorCode == "dnsNotFound" && RPMIsNativeFallbackFailure();
}
const docTitle = document.querySelector("title");
const bodyTitle = document.querySelector(".title-text");
const shortDesc = document.getElementById("errorShortDesc");
if (gIsCertError) {
const isStsError = window !== window.top || gHasSts;
const errArgs = { hostname: HOST_NAME };
if (isCaptive()) {
document.l10n.setAttributes(
docTitle,
"neterror-captive-portal-page-title"
);
document.l10n.setAttributes(bodyTitle, "captivePortal-title");
document.l10n.setAttributes(
shortDesc,
"neterror-captive-portal",
errArgs
);
initPageCaptivePortal();
} else {
if (isStsError) {
document.l10n.setAttributes(docTitle, "certerror-sts-page-title");
document.l10n.setAttributes(bodyTitle, "nssBadCert-sts-title");
document.l10n.setAttributes(shortDesc, "certerror-sts-intro", errArgs);
} else {
document.l10n.setAttributes(docTitle, "certerror-page-title");
document.l10n.setAttributes(bodyTitle, "nssBadCert-title");
document.l10n.setAttributes(shortDesc, "certerror-intro", errArgs);
}
initPageCertError();
}
initCertErrorPageActions();
setTechnicalDetailsOnCertError();
return;
}
document.body.classList.add("neterror");
let longDesc = document.getElementById("errorLongDesc"); let longDesc = document.getElementById("errorLongDesc");
const tryAgain = document.getElementById("netErrorButtonContainer"); const tryAgain = document.getElementById("netErrorButtonContainer");
tryAgain.hidden = false; tryAgain.hidden = false;
@@ -318,13 +379,7 @@ function initTitleAndBodyIds(baseURL, isTRROnlyFailure) {
// For pages blocked by policy, trying again won't help. // For pages blocked by policy, trying again won't help.
tryAgain.hidden = true; tryAgain.hidden = true;
break; break;
case "blockedByCOOP":
case "blockedByCOEP": {
bodyTitleId = "blocked-by-corp-headers-title";
document.body.classList.add("blocked");
tryAgain.hidden = true;
break;
}
case "cspBlocked": case "cspBlocked":
case "xfoBlocked": { case "xfoBlocked": {
bodyTitleId = "csp-xfo-error-title"; bodyTitleId = "csp-xfo-error-title";
@@ -422,88 +477,6 @@ function initTitleAndBodyIds(baseURL, isTRROnlyFailure) {
break; break;
} }
return { pageTitleId, bodyTitle, bodyTitleId, longDesc };
}
function initPage() {
// We show an offline support page in case of a system-wide error,
// when a user cannot connect to the internet and access the SUMO website.
// For example, clock error, which causes certerrors across the web or
// a security software conflict where the user is unable to connect
// to the internet.
// The URL that prompts us to show an offline support page should have the following
// format: "https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/supportPageSlug",
// so we can extract the support page slug.
let baseURL = RPMGetFormatURLPref("app.support.baseURL");
if (document.location.href.startsWith(baseURL)) {
let supportPageSlug = document.location.pathname.split("/").pop();
RPMSendAsyncMessage("DisplayOfflineSupportPage", {
supportPageSlug,
});
}
const className = getCSSClass();
if (className) {
document.body.classList.add(className);
}
const isTRROnlyFailure = gErrorCode == "dnsNotFound" && RPMIsTRROnlyFailure();
let isNativeFallbackWarning = false;
if (RPMGetBoolPref("network.trr.display_fallback_warning")) {
isNativeFallbackWarning =
gErrorCode == "dnsNotFound" && RPMIsNativeFallbackFailure();
}
const docTitle = document.querySelector("title");
const shortDesc = document.getElementById("errorShortDesc");
if (gIsCertError) {
const bodyTitle = document.querySelector(".title-text");
const isStsError = window !== window.top || gHasSts;
const errArgs = { hostname: HOST_NAME };
if (isCaptive()) {
document.l10n.setAttributes(
docTitle,
"neterror-captive-portal-page-title"
);
document.l10n.setAttributes(bodyTitle, "captivePortal-title");
document.l10n.setAttributes(
shortDesc,
"neterror-captive-portal",
errArgs
);
initPageCaptivePortal();
} else {
if (isStsError) {
document.l10n.setAttributes(docTitle, "certerror-sts-page-title");
document.l10n.setAttributes(bodyTitle, "nssBadCert-sts-title");
document.l10n.setAttributes(shortDesc, "certerror-sts-intro", errArgs);
} else {
document.l10n.setAttributes(docTitle, "certerror-page-title");
document.l10n.setAttributes(bodyTitle, "nssBadCert-title");
document.l10n.setAttributes(shortDesc, "certerror-intro", errArgs);
}
initPageCertError();
}
initCertErrorPageActions();
setTechnicalDetailsOnCertError();
return;
}
document.body.classList.add("neterror");
const tryAgain = document.getElementById("netErrorButtonContainer");
tryAgain.hidden = false;
const learnMoreLink = document.getElementById("learnMoreLink");
learnMoreLink.setAttribute("href", baseURL + "connection-not-secure");
let { pageTitleId, bodyTitle, bodyTitleId, longDesc } = initTitleAndBodyIds(
baseURL,
isTRROnlyFailure
);
// bodyTitle is set to null if it has already been set in initTitleAndBodyIds
if (!KNOWN_ERROR_TITLE_IDS.has(bodyTitleId)) { if (!KNOWN_ERROR_TITLE_IDS.has(bodyTitleId)) {
console.error("No strings exist for error:", gErrorCode); console.error("No strings exist for error:", gErrorCode);
bodyTitleId = "generic-title"; bodyTitleId = "generic-title";
@@ -515,10 +488,8 @@ function initPage() {
document.body.className = "certerror"; // Shows warning icon document.body.className = "certerror"; // Shows warning icon
pageTitleId = "dns-not-found-trr-only-title2"; pageTitleId = "dns-not-found-trr-only-title2";
document.l10n.setAttributes(docTitle, pageTitleId); document.l10n.setAttributes(docTitle, pageTitleId);
if (bodyTitle) {
bodyTitleId = "dns-not-found-trr-only-title2"; bodyTitleId = "dns-not-found-trr-only-title2";
document.l10n.setAttributes(bodyTitle, bodyTitleId); document.l10n.setAttributes(bodyTitle, bodyTitleId);
}
shortDesc.textContent = ""; shortDesc.textContent = "";
let skipReason = RPMGetTRRSkipReason(); let skipReason = RPMGetTRRSkipReason();
@@ -640,9 +611,7 @@ function initPage() {
} }
document.l10n.setAttributes(docTitle, pageTitleId); document.l10n.setAttributes(docTitle, pageTitleId);
if (bodyTitle) {
document.l10n.setAttributes(bodyTitle, bodyTitleId); document.l10n.setAttributes(bodyTitle, bodyTitleId);
}
shortDesc.textContent = getDescription(); shortDesc.textContent = getDescription();
setFocus("#netErrorButtonContainer > .try-again"); setFocus("#netErrorButtonContainer > .try-again");
@@ -735,20 +704,16 @@ function showNativeFallbackWarning() {
* Builds HTML elements from `parts` and appends them to `parentElement`. * Builds HTML elements from `parts` and appends them to `parentElement`.
* *
* @param {HTMLElement} parentElement * @param {HTMLElement} parentElement
* @param {Array<["li" | "p" | "span" | "a", string, Record<string, string> | undefined]>} parts * @param {Array<["li" | "p" | "span", string, Record<string, string> | undefined]>} parts
*/ */
function setNetErrorMessageFromParts(parentElement, parts) { function setNetErrorMessageFromParts(parentElement, parts) {
let list = null; let list = null;
for (let [tag, l10nId, l10nArgsOrHref] of parts) { for (let [tag, l10nId, l10nArgs] of parts) {
const elem = document.createElement(tag); const elem = document.createElement(tag);
elem.dataset.l10nId = l10nId; elem.dataset.l10nId = l10nId;
if (l10nArgsOrHref) { if (l10nArgs) {
if (tag === "a") { elem.dataset.l10nArgs = JSON.stringify(l10nArgs);
elem.href = l10nArgsOrHref;
} else {
elem.dataset.l10nArgs = JSON.stringify(l10nArgsOrHref);
}
} }
if (tag === "li") { if (tag === "li") {
@@ -770,10 +735,9 @@ function setNetErrorMessageFromParts(parentElement, parts) {
* Returns an array of tuples determining the parts of an error message: * Returns an array of tuples determining the parts of an error message:
* - HTML tag name * - HTML tag name
* - l10n id * - l10n id
* - l10n args (if the tag is not "a", optional) * - l10n args (optional)
* - href (if the tag is "a", optional)
* *
* @returns { Array<["li" | "p" | "span" | "a", string, Record<string, string> | undefined]> } * @returns { Array<["li" | "p" | "span", string, Record<string, string> | undefined]> }
*/ */
function getNetErrorDescParts() { function getNetErrorDescParts() {
switch (gErrorCode) { switch (gErrorCode) {
@@ -793,18 +757,6 @@ function getNetErrorDescParts() {
return errorTags; return errorTags;
} }
case "blockedByCOOP": {
return [
["p", "certerror-blocked-by-corp-headers-description"],
["a", "certerror-coop-learn-more", COOP_MDN_DOCS],
];
}
case "blockedByCOEP": {
return [
["p", "certerror-blocked-by-corp-headers-description"],
["a", "certerror-coep-learn-more", COEP_MDN_DOCS],
];
}
case "blockedByPolicy": case "blockedByPolicy":
case "deniedPortAccess": case "deniedPortAccess":
case "malformedURI": case "malformedURI":

2
toolkit/locales/en-US/toolkit/neterror/certError.ftl
View File

@@ -141,8 +141,6 @@ corruptedContentError-title = Corrupted Content Error
sslv3Used-title = Unable to Connect Securely sslv3Used-title = Unable to Connect Securely
inadequateSecurityError-title = Your connection is not secure inadequateSecurityError-title = Your connection is not secure
blockedByPolicy-title = Blocked Page blockedByPolicy-title = Blocked Page
blocked-by-corp-headers-title = Be careful. Something doesnt look right.
clockSkewError-title = Your Computer Clock is Wrong clockSkewError-title = Your Computer Clock is Wrong
networkProtocolError-title = Network Protocol Error networkProtocolError-title = Network Protocol Error
nssBadCert-title = Warning: Potential Security Risk Ahead nssBadCert-title = Warning: Potential Security Risk Ahead

4
toolkit/locales/en-US/toolkit/neterror/netError.ftl
View File

@@ -179,10 +179,6 @@ certerror-what-should-i-do-bad-sts-cert-explanation = <b>{ $hostname }</b> has a
cert-error-trust-certificate-transparency-what-can-you-do-about-it = Probably nothing, since its likely theres a problem with the site itself. cert-error-trust-certificate-transparency-what-can-you-do-about-it = Probably nothing, since its likely theres a problem with the site itself.
certerror-blocked-by-corp-headers-description = Sometimes websites set up protections for themselves and people like you from unwanted interactions with other sites.
certerror-coop-learn-more = Learn more about Cross Origin Opener Policies (COOP)
certerror-coep-learn-more = Learn more about Cross Origin Embedder Policies (COEP)
# Variables: # Variables:
# $responsestatus (string) - HTTP response status code (e.g., 500). # $responsestatus (string) - HTTP response status code (e.g., 500).
# $responsestatustext (string) - HTTP response status text (e.g., "Internal Server Error"). # $responsestatustext (string) - HTTP response status text (e.g., "Internal Server Error").