corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug 887052 - refactor nsISiteSecurityService for multiple headers r=cviecco r=mcmanus r=jst sr=jst

Browse Source
This commit is contained in:
David Keeler
2013-08-02 16:23:18 -07:00
parent 55fb9d787e
commit d985c7e89f
14 changed files with 213 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
netwerk/protocol/http/nsHttpChannel.cpp
View File

@@ -383,12 +383,13 @@ nsHttpChannel::Connect()
bool isStsHost = false;
uint32_t flags = mPrivateBrowsing ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
rv = sss->IsStsURI(mURI, flags, &isStsHost);
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, mURI, flags,
&isStsHost);
// if STS fails, there's no reason to cancel the load, but it's
// if SSS fails, there's no reason to cancel the load, but it's
// worrisome.
NS_ASSERTION(NS_SUCCEEDED(rv),
"Something is wrong with STS: IsStsURI failed.");
"Something is wrong with SSS: IsSecureURI failed.");
if (NS_SUCCEEDED(rv) && isStsHost) {
LOG(("nsHttpChannel::Connect() STS permissions found\n"));
@@ -1155,7 +1156,7 @@ nsHttpChannel::ProcessSTSHeader()
// If there are certificate errors, we still load the data, we just ignore
// any STS headers that are present.
bool tlsIsBroken = false;
rv = sss->ShouldIgnoreStsHeader(mSecurityInfo, &tlsIsBroken);
rv = sss->ShouldIgnoreHeaders(mSecurityInfo, &tlsIsBroken);
NS_ENSURE_SUCCESS(rv, NS_OK);
// If this was already an STS host, the connection should have been aborted
@@ -1166,7 +1167,8 @@ nsHttpChannel::ProcessSTSHeader()
bool wasAlreadySTSHost;
uint32_t flags =
NS_UsePrivateBrowsing(this) ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
rv = sss->IsStsURI(mURI, flags, &wasAlreadySTSHost);
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, mURI, flags,
&wasAlreadySTSHost);
// Failure here means STS is broken. Don't prevent the load, but this
// shouldn't fail.
NS_ENSURE_SUCCESS(rv, NS_OK);
@@ -1194,7 +1196,8 @@ nsHttpChannel::ProcessSTSHeader()
// All other failures are fatal.
NS_ENSURE_SUCCESS(rv, rv);
rv = sss->ProcessStsHeader(mURI, stsHeader.get(), flags, NULL, NULL);
rv = sss->ProcessHeader(nsISiteSecurityService::HEADER_HSTS, mURI,
stsHeader.get(), flags, NULL, NULL);
if (NS_FAILED(rv)) {
AddSecurityMessage(NS_LITERAL_STRING("InvalidSTSHeaders"),
NS_LITERAL_STRING("Invalid HSTS Headers"));