corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Backed out 2 changesets (bug 1927594) for causing bc failures at browser_aboutCertError_corp.js on a CLOSED TREE

Browse Source 
Backed out changeset 839a0b0afda8 (bug 1927594)
Backed out changeset 69b747cc13d1 (bug 1927594)
This commit is contained in:
Cristina Horotan
2025-01-17 02:03:35 +02:00
parent 31d9b30189
commit 5986f62c76
10 changed files with 82 additions and 331 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
browser/base/content/test/about/browser.toml
View File

@@ -15,18 +15,6 @@ support-files = [
["browser_aboutCertError_clockSkew.js"]
["browser_aboutCertError_corp.js"]
support-files = [
"sandbox_corp_iframe.sjs",
"sandbox_corp_popup.html",
]
skip-if = [
# Intermittent on Debug and TSAN
"verify && debug && os == 'linux'",
"verify && tsan && os == 'linux'",
"verify && debug && os == 'win'",
]
["browser_aboutCertError_exception.js"]
["browser_aboutCertError_mitm.js"]

111
browser/base/content/test/about/browser_aboutCertError_corp.js
View File

@@ -1,111 +0,0 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
const AUTH_ROUTE =
"https://example.com/browser/browser/base/content/test/about/sandbox_corp_iframe.sjs";
const inChaosMode = !!parseInt(Services.env.get("MOZ_CHAOSMODE"), 16);
add_task(async function test_coopError() {
// Can be intermittent on chaos mode
if (inChaosMode) {
return;
}
let browser;
let pageLoaded;
const uri = `${AUTH_ROUTE}?error=coop`;
await BrowserTestUtils.openNewForegroundTab(
gBrowser,
() => {
gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, uri);
browser = gBrowser.selectedBrowser;
pageLoaded = BrowserTestUtils.browserLoaded(browser, true);
},
false
);
await pageLoaded;
// The error is displayed in the newly opened document for COOP
let lastTab = gBrowser.tabs.at(-1);
browser = lastTab.linkedBrowser;
await SpecialPowers.spawn(browser, [], function () {
const doc = content.document;
ok(
doc.documentURI.startsWith("about:neterror"),
"Should be showing error page"
);
const titleEl = doc.querySelector(".title-text");
const actualDataL10nID = titleEl.getAttribute("data-l10n-id");
is(
actualDataL10nID,
"blocked-by-corp-headers-title",
"Correct error link title (CORP) is set"
);
const anchor = doc.querySelector("a");
const actualAnchorl10nID = anchor.getAttribute("data-l10n-id");
is(
actualAnchorl10nID,
"certerror-coop-learn-more",
"Correct error link is set"
);
});
BrowserTestUtils.removeTab(lastTab);
BrowserTestUtils.removeTab(gBrowser.selectedTab);
});
add_task(async function test_coepError() {
let browser;
let pageLoaded;
const uri = `${AUTH_ROUTE}?error=coep`;
await BrowserTestUtils.openNewForegroundTab(
gBrowser,
() => {
gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, uri);
browser = gBrowser.selectedBrowser;
pageLoaded = BrowserTestUtils.waitForErrorPage(browser);
},
false
);
await pageLoaded;
await SpecialPowers.spawn(browser, [], function () {
// The error is displayed in the iframe for COEP
const doc = content.document.querySelector("iframe").contentDocument;
ok(
doc.documentURI.startsWith("about:neterror"),
"Should be showing error page"
);
const titleEl = doc.querySelector(".title-text");
const actualDataL10nID = titleEl.getAttribute("data-l10n-id");
is(
actualDataL10nID,
"blocked-by-corp-headers-title",
"Correct error link title (CORP) is set"
);
const anchor = doc.querySelector("a");
const actualAnchorl10nID = anchor.getAttribute("data-l10n-id");
is(
actualAnchorl10nID,
"certerror-coep-learn-more",
"Correct error link is set"
);
});
BrowserTestUtils.removeTab(gBrowser.selectedTab);
});

52
browser/base/content/test/about/sandbox_corp_iframe.sjs
View File

@@ -1,52 +0,0 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
function decode(str) {
return decodeURIComponent(str.replace(/\+/g, encodeURIComponent(" ")));
}
function handleRequest(request, response) {
const queryString = request.queryString;
let params = queryString.split("&").reduce((memo, pair) => {
let [key, val] = pair.split("=");
if (!val) {
val = key;
key = "query";
}
try {
memo[decode(key)] = decode(val);
} catch (e) {
memo[key] = val;
}
return memo;
}, {});
response.setHeader("Content-Type", "text/html", false);
let destination = "dummy_page";
switch (params.error) {
case "coop": {
destination = "sandbox_corp_popup";
response.setHeader("Cross-Origin-Opener-Policy", "same-origin", false);
break;
}
case "coep": {
response.setHeader("Cross-Origin-Opener-Policy", "same-origin", false);
response.setHeader("Cross-Origin-Embedder-Policy", "require-corp", false);
break;
}
case "inner_coop": // Only called from popup.html
response.setHeader("Cross-Origin-Opener-Policy", "same-origin", false);
return;
default:
return;
}
let txt = `<html><body><iframe src="https://example.com/browser/browser/base/content/test/about/${destination}.html" width=100% height=100% sandbox="allow-popups allow-scripts allow-same-origin"></iframe></body></html>`;
response.write(txt);
}

13
browser/base/content/test/about/sandbox_corp_popup.html
View File

@@ -1,13 +0,0 @@
<html>
<head>
<title>Popup test page</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
</meta>
<script>
window.open('https://example.com/browser/browser/base/content/test/about/sandbox_corp_iframe.sjs?error=inner_coop', '_blank');
</script>
</head>
<body>
<p>Popup Page</p>
</body>
</html>

1
browser/locales/en-US/chrome/overrides/appstrings.properties
View File

@@ -43,5 +43,4 @@ corruptedContentErrorv2=The site at %S has experienced a network protocol violat
sslv3Used=Firefox cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol.
inadequateSecurityError=The website tried to negotiate an inadequate level of security.
blockedByPolicy=Your organization has blocked access to this page or website.
blockedByCORP=Firefox didnt load this page because it looks like the security configuration doesnt match the previous page.
networkProtocolError=Firefox has experienced a network protocol violation that cannot be repaired.

10
docshell/base/nsDocShell.cpp
View File

@@ -3613,17 +3613,11 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
addHostPort = true;
break;
case NS_ERROR_BLOCKED_BY_POLICY:
case NS_ERROR_DOM_COOP_FAILED:
case NS_ERROR_DOM_COEP_FAILED:
// Page blocked by policy
error = "blockedByPolicy";
break;
case NS_ERROR_DOM_COOP_FAILED:
error = "blockedByCOOP";
errorDescriptionID = "blockedByCORP";
break;
case NS_ERROR_DOM_COEP_FAILED:
error = "blockedByCOEP";
errorDescriptionID = "blockedByCORP";
break;
case NS_ERROR_NET_HTTP2_SENT_GOAWAY:
case NS_ERROR_NET_HTTP3_PROTOCOL_ERROR:
// HTTP/2 or HTTP/3 stack detected a protocol error

2
testing/web-platform/meta/loading/early-hints/iframe-coep-disallow.h2.html.ini
View File

@@ -1,4 +1,4 @@
[iframe-coep-disallow.h2.html]
[Early hints for an iframe that violates Cross-Origin-Embedder-Policy should be ignored.]
expected:
if (os == "android"): [PASS, FAIL]
if (os == "android") and not debug: [PASS, FAIL]

206
toolkit/content/aboutNetError.mjs
View File

@@ -58,7 +58,6 @@ const KNOWN_ERROR_TITLE_IDS = new Set([
"sslv3Used-title",
"inadequateSecurityError-title",
"blockedByPolicy-title",
"blocked-by-corp-headers-title",
"clockSkewError-title",
"networkProtocolError-title",
"nssBadCert-title",
@@ -71,10 +70,6 @@ const KNOWN_ERROR_TITLE_IDS = new Set([
/* global KNOWN_ERROR_MESSAGE_IDS */
const ERROR_MESSAGES_FTL = "toolkit/neterror/nsserrors.ftl";
const MDN_DOCS_HEADERS = "https://developer.mozilla.org/docs/Web/HTTP/Headers/";
const COOP_MDN_DOCS = MDN_DOCS_HEADERS + "Cross-Origin-Opener-Policy";
const COEP_MDN_DOCS = MDN_DOCS_HEADERS + "Cross-Origin-Embedder-Policy";
// If the location of the favicon changes, FAVICON_CERTERRORPAGE_URL and/or
// FAVICON_ERRORPAGE_URL in toolkit/components/places/nsFaviconService.idl
// should also be updated.
@@ -296,9 +291,75 @@ function setResponseStatus(shortDesc) {
}
}
// Returns pageTitleId, bodyTitle, bodyTitleId, and longDesc as an object
function initTitleAndBodyIds(baseURL, isTRROnlyFailure) {
let bodyTitle = document.querySelector(".title-text");
function initPage() {
// We show an offline support page in case of a system-wide error,
// when a user cannot connect to the internet and access the SUMO website.
// For example, clock error, which causes certerrors across the web or
// a security software conflict where the user is unable to connect
// to the internet.
// The URL that prompts us to show an offline support page should have the following
// format: "https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/supportPageSlug",
// so we can extract the support page slug.
let baseURL = RPMGetFormatURLPref("app.support.baseURL");
if (document.location.href.startsWith(baseURL)) {
let supportPageSlug = document.location.pathname.split("/").pop();
RPMSendAsyncMessage("DisplayOfflineSupportPage", {
supportPageSlug,
});
}
const className = getCSSClass();
if (className) {
document.body.classList.add(className);
}
const isTRROnlyFailure = gErrorCode == "dnsNotFound" && RPMIsTRROnlyFailure();
let isNativeFallbackWarning = false;
if (RPMGetBoolPref("network.trr.display_fallback_warning")) {
isNativeFallbackWarning =
gErrorCode == "dnsNotFound" && RPMIsNativeFallbackFailure();
}
const docTitle = document.querySelector("title");
const bodyTitle = document.querySelector(".title-text");
const shortDesc = document.getElementById("errorShortDesc");
if (gIsCertError) {
const isStsError = window !== window.top || gHasSts;
const errArgs = { hostname: HOST_NAME };
if (isCaptive()) {
document.l10n.setAttributes(
docTitle,
"neterror-captive-portal-page-title"
);
document.l10n.setAttributes(bodyTitle, "captivePortal-title");
document.l10n.setAttributes(
shortDesc,
"neterror-captive-portal",
errArgs
);
initPageCaptivePortal();
} else {
if (isStsError) {
document.l10n.setAttributes(docTitle, "certerror-sts-page-title");
document.l10n.setAttributes(bodyTitle, "nssBadCert-sts-title");
document.l10n.setAttributes(shortDesc, "certerror-sts-intro", errArgs);
} else {
document.l10n.setAttributes(docTitle, "certerror-page-title");
document.l10n.setAttributes(bodyTitle, "nssBadCert-title");
document.l10n.setAttributes(shortDesc, "certerror-intro", errArgs);
}
initPageCertError();
}
initCertErrorPageActions();
setTechnicalDetailsOnCertError();
return;
}
document.body.classList.add("neterror");
let longDesc = document.getElementById("errorLongDesc");
const tryAgain = document.getElementById("netErrorButtonContainer");
tryAgain.hidden = false;
@@ -318,13 +379,7 @@ function initTitleAndBodyIds(baseURL, isTRROnlyFailure) {
// For pages blocked by policy, trying again won't help.
tryAgain.hidden = true;
break;
case "blockedByCOOP":
case "blockedByCOEP": {
bodyTitleId = "blocked-by-corp-headers-title";
document.body.classList.add("blocked");
tryAgain.hidden = true;
break;
}
case "cspBlocked":
case "xfoBlocked": {
bodyTitleId = "csp-xfo-error-title";
@@ -409,88 +464,6 @@ function initTitleAndBodyIds(baseURL, isTRROnlyFailure) {
break;
}
return { pageTitleId, bodyTitle, bodyTitleId, longDesc };
}
function initPage() {
// We show an offline support page in case of a system-wide error,
// when a user cannot connect to the internet and access the SUMO website.
// For example, clock error, which causes certerrors across the web or
// a security software conflict where the user is unable to connect
// to the internet.
// The URL that prompts us to show an offline support page should have the following
// format: "https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/supportPageSlug",
// so we can extract the support page slug.
let baseURL = RPMGetFormatURLPref("app.support.baseURL");
if (document.location.href.startsWith(baseURL)) {
let supportPageSlug = document.location.pathname.split("/").pop();
RPMSendAsyncMessage("DisplayOfflineSupportPage", {
supportPageSlug,
});
}
const className = getCSSClass();
if (className) {
document.body.classList.add(className);
}
const isTRROnlyFailure = gErrorCode == "dnsNotFound" && RPMIsTRROnlyFailure();
let isNativeFallbackWarning = false;
if (RPMGetBoolPref("network.trr.display_fallback_warning")) {
isNativeFallbackWarning =
gErrorCode == "dnsNotFound" && RPMIsNativeFallbackFailure();
}
const docTitle = document.querySelector("title");
const shortDesc = document.getElementById("errorShortDesc");
if (gIsCertError) {
const bodyTitle = document.querySelector(".title-text");
const isStsError = window !== window.top || gHasSts;
const errArgs = { hostname: HOST_NAME };
if (isCaptive()) {
document.l10n.setAttributes(
docTitle,
"neterror-captive-portal-page-title"
);
document.l10n.setAttributes(bodyTitle, "captivePortal-title");
document.l10n.setAttributes(
shortDesc,
"neterror-captive-portal",
errArgs
);
initPageCaptivePortal();
} else {
if (isStsError) {
document.l10n.setAttributes(docTitle, "certerror-sts-page-title");
document.l10n.setAttributes(bodyTitle, "nssBadCert-sts-title");
document.l10n.setAttributes(shortDesc, "certerror-sts-intro", errArgs);
} else {
document.l10n.setAttributes(docTitle, "certerror-page-title");
document.l10n.setAttributes(bodyTitle, "nssBadCert-title");
document.l10n.setAttributes(shortDesc, "certerror-intro", errArgs);
}
initPageCertError();
}
initCertErrorPageActions();
setTechnicalDetailsOnCertError();
return;
}
document.body.classList.add("neterror");
const tryAgain = document.getElementById("netErrorButtonContainer");
tryAgain.hidden = false;
const learnMoreLink = document.getElementById("learnMoreLink");
learnMoreLink.setAttribute("href", baseURL + "connection-not-secure");
let { pageTitleId, bodyTitle, bodyTitleId, longDesc } = initTitleAndBodyIds(
baseURL,
isTRROnlyFailure
);
// bodyTitle is set to null if it has already been set in initTitleAndBodyIds
if (!KNOWN_ERROR_TITLE_IDS.has(bodyTitleId)) {
console.error("No strings exist for error:", gErrorCode);
bodyTitleId = "generic-title";
@@ -502,10 +475,8 @@ function initPage() {
document.body.className = "certerror"; // Shows warning icon
pageTitleId = "dns-not-found-trr-only-title2";
document.l10n.setAttributes(docTitle, pageTitleId);
if (bodyTitle) {
bodyTitleId = "dns-not-found-trr-only-title2";
document.l10n.setAttributes(bodyTitle, bodyTitleId);
}
bodyTitleId = "dns-not-found-trr-only-title2";
document.l10n.setAttributes(bodyTitle, bodyTitleId);
shortDesc.textContent = "";
let skipReason = RPMGetTRRSkipReason();
@@ -627,9 +598,7 @@ function initPage() {
}
document.l10n.setAttributes(docTitle, pageTitleId);
if (bodyTitle) {
document.l10n.setAttributes(bodyTitle, bodyTitleId);
}
document.l10n.setAttributes(bodyTitle, bodyTitleId);
shortDesc.textContent = getDescription();
setFocus("#netErrorButtonContainer > .try-again");
@@ -722,20 +691,16 @@ function showNativeFallbackWarning() {
* Builds HTML elements from `parts` and appends them to `parentElement`.
*
* @param {HTMLElement} parentElement
* @param {Array<["li" | "p" | "span" | "a", string, Record<string, string> | undefined]>} parts
* @param {Array<["li" | "p" | "span", string, Record<string, string> | undefined]>} parts
*/
function setNetErrorMessageFromParts(parentElement, parts) {
let list = null;
for (let [tag, l10nId, l10nArgsOrHref] of parts) {
for (let [tag, l10nId, l10nArgs] of parts) {
const elem = document.createElement(tag);
elem.dataset.l10nId = l10nId;
if (l10nArgsOrHref) {
if (tag === "a") {
elem.href = l10nArgsOrHref;
} else {
elem.dataset.l10nArgs = JSON.stringify(l10nArgsOrHref);
}
if (l10nArgs) {
elem.dataset.l10nArgs = JSON.stringify(l10nArgs);
}
if (tag === "li") {
@@ -757,10 +722,9 @@ function setNetErrorMessageFromParts(parentElement, parts) {
* Returns an array of tuples determining the parts of an error message:
* - HTML tag name
* - l10n id
* - l10n args (if the tag is not "a", optional)
* - href (if the tag is "a", optional)
* - l10n args (optional)
*
* @returns { Array<["li" | "p" | "span" | "a", string, Record<string, string> | undefined]> }
* @returns { Array<["li" | "p" | "span", string, Record<string, string> | undefined]> }
*/
function getNetErrorDescParts() {
switch (gErrorCode) {
@@ -780,18 +744,6 @@ function getNetErrorDescParts() {
return errorTags;
}
case "blockedByCOOP": {
return [
["p", "certerror-blocked-by-corp-headers-description"],
["a", "certerror-coop-learn-more", COOP_MDN_DOCS],
];
}
case "blockedByCOEP": {
return [
["p", "certerror-blocked-by-corp-headers-description"],
["a", "certerror-coep-learn-more", COEP_MDN_DOCS],
];
}
case "blockedByPolicy":
case "deniedPortAccess":
case "malformedURI":

2
toolkit/locales/en-US/toolkit/neterror/certError.ftl
View File

@@ -139,8 +139,6 @@ corruptedContentError-title = Corrupted Content Error
sslv3Used-title = Unable to Connect Securely
inadequateSecurityError-title = Your connection is not secure
blockedByPolicy-title = Blocked Page
blocked-by-corp-headers-title = Be careful. Something doesnt look right.
clockSkewError-title = Your Computer Clock is Wrong
networkProtocolError-title = Network Protocol Error
nssBadCert-title = Warning: Potential Security Risk Ahead

4
toolkit/locales/en-US/toolkit/neterror/netError.ftl
View File

@@ -178,10 +178,6 @@ certerror-what-should-i-do-bad-sts-cert-explanation = <b>{ $hostname }</b> has a
cert-error-trust-certificate-transparency-what-can-you-do-about-it = Probably nothing, since its likely theres a problem with the site itself.
certerror-blocked-by-corp-headers-description = Sometimes websites set up protections for themselves and people like you from unwanted interactions with other sites.
certerror-coop-learn-more = Learn more about Cross Origin Opener Policies (COOP)
certerror-coep-learn-more = Learn more about Cross Origin Embedder Policies (COEP)
# Variables:
# $responsestatus (string) - HTTP response status code (e.g., 500).
# $responsestatustext (string) - HTTP response status text (e.g., "Internal Server Error").