corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1909681 - Remove mixed content exception button and permission r=freddyb,devtools-reviewers,nchevobbe

Browse Source 
Rationale on this can be found in Bug 1909681.

Differential Revision: https://phabricator.services.mozilla.com/D237065
This commit is contained in:
Malte Jürgens
2025-04-08 12:53:40 +00:00
parent 4eb7114d7f
commit e5437e476c
38 changed files with 24 additions and 1354 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
browser/base/content/browser-siteIdentity.js
View File

@@ -219,12 +219,6 @@ var gIdentityHandler = {
"identity-popup-remove-cert-exception": () => {
this.removeCertException();
},
"identity-popup-disable-mixed-content-blocking": () => {
this.disableMixedContentProtection();
},
"identity-popup-enable-mixed-content-blocking": () => {
this.enableMixedContentProtection();
},
"identity-popup-more-info": event => {
this.handleMoreInfoClick(event);
},
@@ -490,49 +484,6 @@ var gIdentityHandler = {
Services.focus.clearFocus(window);
},
disableMixedContentProtection() {
// Use telemetry to measure how often unblocking happens
const kMIXED_CONTENT_UNBLOCK_EVENT = 2;
Glean.mixedContent.unblockCounter.accumulateSingleSample(
kMIXED_CONTENT_UNBLOCK_EVENT
);
SitePermissions.setForPrincipal(
gBrowser.contentPrincipal,
"mixed-content",
SitePermissions.ALLOW,
SitePermissions.SCOPE_SESSION
);
// Reload the page with the content unblocked
BrowserCommands.reloadWithFlags(
Ci.nsIWebNavigation.LOAD_FLAGS_BYPASS_CACHE
);
if (this._popupInitialized) {
PanelMultiView.hidePopup(this._identityPopup);
}
},
// This is needed for some tests which need the permission reset, but which
// then reuse the browser and would race between the reload and the next
// load.
enableMixedContentProtectionNoReload() {
this.enableMixedContentProtection(false);
},
enableMixedContentProtection(reload = true) {
SitePermissions.removeFromPrincipal(
gBrowser.contentPrincipal,
"mixed-content"
);
if (reload) {
BrowserCommands.reload();
}
if (this._popupInitialized) {
PanelMultiView.hidePopup(this._identityPopup);
}
},
removeCertException() {
if (!this._uriHasHost) {
console.error(

43
browser/base/content/test/siteIdentity/browser.toml
View File

@@ -9,47 +9,6 @@ support-files = [
https_first_disabled = true
support-files = ["open-self-from-frame.html"]
["browser_bug822367.js"]
tags = "mcb"
support-files = [
"file_bug822367_1.html",
"file_bug822367_1.js",
"file_bug822367_2.html",
"file_bug822367_3.html",
"file_bug822367_4.html",
"file_bug822367_4.js",
"file_bug822367_4B.html",
"file_bug822367_5.html",
"file_bug822367_6.html",
]
["browser_bug902156.js"]
tags = "mcb"
support-files = [
"file_bug902156.js",
"file_bug902156_1.html",
"file_bug902156_2.html",
"file_bug902156_3.html",
]
["browser_bug906190.js"]
tags = "mcb"
support-files = [
"file_bug906190_1.html",
"file_bug906190_2.html",
"file_bug906190_3_4.html",
"file_bug906190_redirected.html",
"file_bug906190.js",
"file_bug906190.sjs",
]
["browser_bug1045809.js"]
tags = "mcb"
support-files = [
"file_bug1045809_1.html",
"file_bug1045809_2.html",
]
["browser_check_identity_state.js"]
skip-if = ["os == 'win' && !debug && msix"] # Bug 1895285
https_first_disabled = true
@@ -157,7 +116,7 @@ support-files = ["test-mixedcontent-securityerrors.html"]
tags = "mcb"
support-files = [
"file_mixedPassiveContent.html",
"file_bug1045809_1.html",
"file_mixedActiveContent_1.html",
]
["browser_mixed_passive_content_indicator.js"]

105
browser/base/content/test/siteIdentity/browser_bug1045809.js
View File

@@ -1,105 +0,0 @@
// Test that the Mixed Content Doorhanger Action to re-enable protection works
const PREF_ACTIVE = "security.mixed_content.block_active_content";
const PREF_INSECURE = "security.insecure_connection_icon.enabled";
const TEST_URL =
getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://example.com"
) + "file_bug1045809_1.html";
var origBlockActive;
add_task(async function () {
registerCleanupFunction(function () {
Services.prefs.setBoolPref(PREF_ACTIVE, origBlockActive);
gBrowser.removeCurrentTab();
});
// Store original preferences so we can restore settings after testing
origBlockActive = Services.prefs.getBoolPref(PREF_ACTIVE);
// Make sure mixed content blocking is on
Services.prefs.setBoolPref(PREF_ACTIVE, true);
let tab = (gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser));
// Check with insecure lock disabled
await SpecialPowers.pushPrefEnv({ set: [[PREF_INSECURE, false]] });
await runTests(tab);
// Check with insecure lock disabled
await SpecialPowers.pushPrefEnv({ set: [[PREF_INSECURE, true]] });
await runTests(tab);
});
async function runTests(tab) {
// Test 1: mixed content must be blocked
await promiseTabLoadEvent(tab, TEST_URL);
await test1(gBrowser.getBrowserForTab(tab));
await promiseTabLoadEvent(tab);
// Test 2: mixed content must NOT be blocked
await test2(gBrowser.getBrowserForTab(tab));
// Test 3: mixed content must be blocked again
await promiseTabLoadEvent(tab);
await test3(gBrowser.getBrowserForTab(tab));
}
async function test1(gTestBrowser) {
await assertMixedContentBlockingState(gTestBrowser, {
activeLoaded: false,
activeBlocked: true,
passiveLoaded: false,
});
await SpecialPowers.spawn(gTestBrowser, [], function () {
let iframe = content.document.getElementsByTagName("iframe")[0];
SpecialPowers.spawn(iframe, [], () => {
let container = content.document.getElementById("mixedContentContainer");
is(container, null, "Mixed Content is NOT to be found in Test1");
});
});
// Disable Mixed Content Protection for the page (and reload)
gIdentityHandler.disableMixedContentProtection();
}
async function test2(gTestBrowser) {
await assertMixedContentBlockingState(gTestBrowser, {
activeLoaded: true,
activeBlocked: false,
passiveLoaded: false,
});
await SpecialPowers.spawn(gTestBrowser, [], function () {
let iframe = content.document.getElementsByTagName("iframe")[0];
SpecialPowers.spawn(iframe, [], () => {
let container = content.document.getElementById("mixedContentContainer");
isnot(container, null, "Mixed Content is to be found in Test2");
});
});
// Re-enable Mixed Content Protection for the page (and reload)
gIdentityHandler.enableMixedContentProtection();
}
async function test3(gTestBrowser) {
await assertMixedContentBlockingState(gTestBrowser, {
activeLoaded: false,
activeBlocked: true,
passiveLoaded: false,
});
await SpecialPowers.spawn(gTestBrowser, [], function () {
let iframe = content.document.getElementsByTagName("iframe")[0];
SpecialPowers.spawn(iframe, [], () => {
let container = content.document.getElementById("mixedContentContainer");
is(container, null, "Mixed Content is NOT to be found in Test3");
});
});
}

254
browser/base/content/test/siteIdentity/browser_bug822367.js
View File

@@ -1,254 +0,0 @@
/*
* User Override Mixed Content Block - Tests for Bug 822367
*/
const PREF_DISPLAY = "security.mixed_content.block_display_content";
const PREF_DISPLAY_UPGRADE = "security.mixed_content.upgrade_display_content";
const PREF_ACTIVE = "security.mixed_content.block_active_content";
// We alternate for even and odd test cases to simulate different hosts
const HTTPS_TEST_ROOT = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://example.com"
);
const HTTPS_TEST_ROOT_2 = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://test1.example.com"
);
var gTestBrowser = null;
add_task(async function test() {
await SpecialPowers.pushPrefEnv({
set: [
[PREF_DISPLAY, true],
[PREF_DISPLAY_UPGRADE, false],
[PREF_ACTIVE, true],
],
});
var newTab = BrowserTestUtils.addTab(gBrowser);
gBrowser.selectedTab = newTab;
gTestBrowser = gBrowser.selectedBrowser;
newTab.linkedBrowser.stop();
// Mixed Script Test
var url = HTTPS_TEST_ROOT + "file_bug822367_1.html";
BrowserTestUtils.startLoadingURIString(gTestBrowser, url);
await BrowserTestUtils.browserLoaded(gTestBrowser, false, url);
});
// Mixed Script Test
add_task(async function MixedTest1A() {
await assertMixedContentBlockingState(gTestBrowser, {
activeLoaded: false,
activeBlocked: true,
passiveLoaded: false,
});
gTestBrowser.ownerGlobal.gIdentityHandler.disableMixedContentProtection();
await BrowserTestUtils.browserLoaded(gTestBrowser);
});
add_task(async function MixedTest1B() {
await SpecialPowers.spawn(gTestBrowser, [], async function () {
await ContentTaskUtils.waitForCondition(
() => content.document.getElementById("p1").innerHTML == "hello",
"Waited too long for mixed script to run in Test 1"
);
});
gTestBrowser.ownerGlobal.gIdentityHandler.enableMixedContentProtectionNoReload();
});
// Mixed Display Test - Doorhanger should not appear
add_task(async function MixedTest2() {
var url = HTTPS_TEST_ROOT_2 + "file_bug822367_2.html";
BrowserTestUtils.startLoadingURIString(gTestBrowser, url);
await BrowserTestUtils.browserLoaded(gTestBrowser, false, url);
await assertMixedContentBlockingState(gTestBrowser, {
activeLoaded: false,
activeBlocked: false,
passiveLoaded: false,
});
});
// Mixed Script and Display Test - User Override should cause both the script and the image to load.
add_task(async function MixedTest3() {
var url = HTTPS_TEST_ROOT + "file_bug822367_3.html";
BrowserTestUtils.startLoadingURIString(gTestBrowser, url);
await BrowserTestUtils.browserLoaded(gTestBrowser, false, url);
});
add_task(async function MixedTest3A() {
await assertMixedContentBlockingState(gTestBrowser, {
activeLoaded: false,
activeBlocked: true,
passiveLoaded: false,
});
gTestBrowser.ownerGlobal.gIdentityHandler.disableMixedContentProtection();
await BrowserTestUtils.browserLoaded(gTestBrowser);
});
add_task(async function MixedTest3B() {
await SpecialPowers.spawn(gTestBrowser, [], async function () {
let p1 = ContentTaskUtils.waitForCondition(
() => content.document.getElementById("p1").innerHTML == "hello",
"Waited too long for mixed script to run in Test 3"
);
let p2 = ContentTaskUtils.waitForCondition(
() => content.document.getElementById("p2").innerHTML == "bye",
"Waited too long for mixed image to load in Test 3"
);
await Promise.all([p1, p2]);
});
await assertMixedContentBlockingState(gTestBrowser, {
activeLoaded: true,
activeBlocked: false,
passiveLoaded: true,
});
gTestBrowser.ownerGlobal.gIdentityHandler.enableMixedContentProtectionNoReload();
});
// Location change - User override on one page doesn't propagate to another page after location change.
add_task(async function MixedTest4() {
var url = HTTPS_TEST_ROOT_2 + "file_bug822367_4.html";
BrowserTestUtils.startLoadingURIString(gTestBrowser, url);
await BrowserTestUtils.browserLoaded(gTestBrowser, false, url);
});
let preLocationChangePrincipal = null;
add_task(async function MixedTest4A() {
await assertMixedContentBlockingState(gTestBrowser, {
activeLoaded: false,
activeBlocked: true,
passiveLoaded: false,
});
preLocationChangePrincipal = gTestBrowser.contentPrincipal;
gTestBrowser.ownerGlobal.gIdentityHandler.disableMixedContentProtection();
await BrowserTestUtils.browserLoaded(gTestBrowser);
});
add_task(async function MixedTest4B() {
let url = HTTPS_TEST_ROOT + "file_bug822367_4B.html";
await SpecialPowers.spawn(gTestBrowser, [url], async function (wantedUrl) {
await ContentTaskUtils.waitForCondition(
() => content.document.location == wantedUrl,
"Waited too long for mixed script to run in Test 4"
);
});
});
add_task(async function MixedTest4C() {
await assertMixedContentBlockingState(gTestBrowser, {
activeLoaded: false,
activeBlocked: true,
passiveLoaded: false,
});
await SpecialPowers.spawn(gTestBrowser, [], async function () {
await ContentTaskUtils.waitForCondition(
() => content.document.getElementById("p1").innerHTML == "",
"Mixed script loaded in test 4 after location change!"
);
});
SitePermissions.removeFromPrincipal(
preLocationChangePrincipal,
"mixed-content"
);
});
// Mixed script attempts to load in a document.open()
add_task(async function MixedTest5() {
var url = HTTPS_TEST_ROOT + "file_bug822367_5.html";
BrowserTestUtils.startLoadingURIString(gTestBrowser, url);
await BrowserTestUtils.browserLoaded(gTestBrowser, false, url);
});
add_task(async function MixedTest5A() {
await assertMixedContentBlockingState(gTestBrowser, {
activeLoaded: false,
activeBlocked: true,
passiveLoaded: false,
});
gTestBrowser.ownerGlobal.gIdentityHandler.disableMixedContentProtection();
await BrowserTestUtils.browserLoaded(gTestBrowser);
});
add_task(async function MixedTest5B() {
await SpecialPowers.spawn(gTestBrowser, [], async function () {
await ContentTaskUtils.waitForCondition(
() => content.document.getElementById("p1").innerHTML == "hello",
"Waited too long for mixed script to run in Test 5"
);
});
gTestBrowser.ownerGlobal.gIdentityHandler.enableMixedContentProtectionNoReload();
});
// Mixed script attempts to load in a document.open() that is within an iframe.
add_task(async function MixedTest6() {
var url = HTTPS_TEST_ROOT_2 + "file_bug822367_6.html";
BrowserTestUtils.startLoadingURIString(gTestBrowser, url);
await BrowserTestUtils.browserLoaded(gTestBrowser, false, url);
});
add_task(async function MixedTest6A() {
gTestBrowser.removeEventListener("load", MixedTest6A, true);
let { gIdentityHandler } = gTestBrowser.ownerGlobal;
await TestUtils.waitForCondition(
() =>
gIdentityHandler._identityBox.classList.contains("mixedActiveBlocked"),
"Waited too long for control center to get mixed active blocked state"
);
});
add_task(async function MixedTest6B() {
await assertMixedContentBlockingState(gTestBrowser, {
activeLoaded: false,
activeBlocked: true,
passiveLoaded: false,
});
gTestBrowser.ownerGlobal.gIdentityHandler.disableMixedContentProtection();
await BrowserTestUtils.browserLoaded(gTestBrowser);
});
add_task(async function MixedTest6C() {
await SpecialPowers.spawn(gTestBrowser, [], async function () {
function test() {
try {
return (
content.document
.getElementById("f1")
.contentDocument.getElementById("p1").innerHTML == "hello"
);
} catch (e) {
return false;
}
}
await ContentTaskUtils.waitForCondition(
test,
"Waited too long for mixed script to run in Test 6"
);
});
});
add_task(async function MixedTest6D() {
await assertMixedContentBlockingState(gTestBrowser, {
activeLoaded: true,
activeBlocked: false,
passiveLoaded: false,
});
gTestBrowser.ownerGlobal.gIdentityHandler.enableMixedContentProtectionNoReload();
});
add_task(async function cleanup() {
gBrowser.removeCurrentTab();
});

171
browser/base/content/test/siteIdentity/browser_bug902156.js
View File

@@ -1,171 +0,0 @@
/*
* Description of the Tests for
* - Bug 902156: Persist "disable protection" option for Mixed Content Blocker
*
* 1. Navigate to the same domain via document.location
* - Load a html page which has mixed content
* - Control Center button to disable protection appears - we disable it
* - Load a new page from the same origin using document.location
* - Control Center button should not appear anymore!
*
* 2. Navigate to the same domain via simulateclick for a link on the page
* - Load a html page which has mixed content
* - Control Center button to disable protection appears - we disable it
* - Load a new page from the same origin simulating a click
* - Control Center button should not appear anymore!
*
* 3. Navigate to a differnet domain and show the content is still blocked
* - Load a different html page which has mixed content
* - Control Center button to disable protection should appear again because
* we navigated away from html page where we disabled the protection.
*
* Note, for all tests we set gHttpTestRoot to use 'https'.
*/
const PREF_ACTIVE = "security.mixed_content.block_active_content";
// We alternate for even and odd test cases to simulate different hosts.
const HTTPS_TEST_ROOT_1 = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://test1.example.com"
);
const HTTPS_TEST_ROOT_2 = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://test2.example.com"
);
add_setup(async function () {
await SpecialPowers.pushPrefEnv({ set: [[PREF_ACTIVE, true]] });
});
add_task(async function test1() {
let url = HTTPS_TEST_ROOT_1 + "file_bug902156_1.html";
await BrowserTestUtils.withNewTab(url, async function (browser) {
await assertMixedContentBlockingState(browser, {
activeLoaded: false,
activeBlocked: true,
passiveLoaded: false,
});
// Disable Mixed Content Protection for the page (and reload)
let browserLoaded = BrowserTestUtils.browserLoaded(browser, false, url);
let { gIdentityHandler } = browser.ownerGlobal;
gIdentityHandler.disableMixedContentProtection();
await browserLoaded;
await SpecialPowers.spawn(browser, [], async function () {
let expected = "Mixed Content Blocker disabled";
await ContentTaskUtils.waitForCondition(
() =>
content.document.getElementById("mctestdiv").innerHTML == expected,
"Error: Waited too long for mixed script to run in Test 1"
);
let actual = content.document.getElementById("mctestdiv").innerHTML;
is(
actual,
"Mixed Content Blocker disabled",
"OK: Executed mixed script in Test 1"
);
});
// The Script loaded after we disabled the page, now we are going to reload the
// page and see if our decision is persistent
url = HTTPS_TEST_ROOT_1 + "file_bug902156_2.html";
browserLoaded = BrowserTestUtils.browserLoaded(browser, false, url);
BrowserTestUtils.startLoadingURIString(browser, url);
await browserLoaded;
// The Control Center button should appear but isMixedContentBlocked should be NOT true,
// because our decision of disabling the mixed content blocker is persistent.
await assertMixedContentBlockingState(browser, {
activeLoaded: true,
activeBlocked: false,
passiveLoaded: false,
});
await SpecialPowers.spawn(browser, [], function () {
let actual = content.document.getElementById("mctestdiv").innerHTML;
is(
actual,
"Mixed Content Blocker disabled",
"OK: Executed mixed script in Test 1"
);
});
gIdentityHandler.enableMixedContentProtection();
});
});
// ------------------------ Test 2 ------------------------------
add_task(async function test2() {
let url = HTTPS_TEST_ROOT_2 + "file_bug902156_2.html";
await BrowserTestUtils.withNewTab(url, async function (browser) {
await assertMixedContentBlockingState(browser, {
activeLoaded: false,
activeBlocked: true,
passiveLoaded: false,
});
// Disable Mixed Content Protection for the page (and reload)
let browserLoaded = BrowserTestUtils.browserLoaded(browser, false, url);
let { gIdentityHandler } = browser.ownerGlobal;
gIdentityHandler.disableMixedContentProtection();
await browserLoaded;
await SpecialPowers.spawn(browser, [], async function () {
let expected = "Mixed Content Blocker disabled";
await ContentTaskUtils.waitForCondition(
() =>
content.document.getElementById("mctestdiv").innerHTML == expected,
"Error: Waited too long for mixed script to run in Test 2"
);
let actual = content.document.getElementById("mctestdiv").innerHTML;
is(
actual,
"Mixed Content Blocker disabled",
"OK: Executed mixed script in Test 2"
);
});
// The Script loaded after we disabled the page, now we are going to reload the
// page and see if our decision is persistent
url = HTTPS_TEST_ROOT_2 + "file_bug902156_1.html";
browserLoaded = BrowserTestUtils.browserLoaded(browser, false, url);
// reload the page using the provided link in the html file
await SpecialPowers.spawn(browser, [], function () {
let mctestlink = content.document.getElementById("mctestlink");
mctestlink.click();
});
await browserLoaded;
// The Control Center button should appear but isMixedContentBlocked should be NOT true,
// because our decision of disabling the mixed content blocker is persistent.
await assertMixedContentBlockingState(browser, {
activeLoaded: true,
activeBlocked: false,
passiveLoaded: false,
});
await SpecialPowers.spawn(browser, [], function () {
let actual = content.document.getElementById("mctestdiv").innerHTML;
is(
actual,
"Mixed Content Blocker disabled",
"OK: Executed mixed script in Test 2"
);
});
gIdentityHandler.enableMixedContentProtection();
});
});
add_task(async function test3() {
let url = HTTPS_TEST_ROOT_1 + "file_bug902156_3.html";
await BrowserTestUtils.withNewTab(url, async function (browser) {
await assertMixedContentBlockingState(browser, {
activeLoaded: false,
activeBlocked: true,
passiveLoaded: false,
});
});
});

339
browser/base/content/test/siteIdentity/browser_bug906190.js
View File

@@ -1,339 +0,0 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
/*
* Tests the persistence of the "disable protection" option for Mixed Content
* Blocker in child tabs (bug 906190).
*/
requestLongerTimeout(2);
// We use the different urls for testing same origin checks before allowing
// mixed content on child tabs.
const HTTPS_TEST_ROOT_1 = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://test1.example.com"
);
const HTTPS_TEST_ROOT_2 = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://test2.example.com"
);
/**
* For all tests, we load the pages over HTTPS and test both:
* - |CTRL+CLICK|
* - |RIGHT CLICK -> OPEN LINK IN TAB|
*/
async function doTest(
parentTabSpec,
childTabSpec,
testTaskFn,
waitForMetaRefresh
) {
await BrowserTestUtils.withNewTab(
{
gBrowser,
url: parentTabSpec,
},
async function (browser) {
// As a sanity check, test that active content has been blocked as expected.
await assertMixedContentBlockingState(gBrowser, {
activeLoaded: false,
activeBlocked: true,
passiveLoaded: false,
});
// Disable the Mixed Content Blocker for the page, which reloads it.
let promiseReloaded = BrowserTestUtils.browserLoaded(browser);
let principal = gBrowser.contentPrincipal;
gIdentityHandler.disableMixedContentProtection();
await promiseReloaded;
// Wait for the script in the page to update the contents of the test div.
await SpecialPowers.spawn(
browser,
[childTabSpec],
async childTabSpecContent => {
let testDiv = content.document.getElementById("mctestdiv");
await ContentTaskUtils.waitForCondition(
() => testDiv.innerHTML == "Mixed Content Blocker disabled"
);
// Add the link for the child tab to the page.
let mainDiv = content.document.createElement("div");
mainDiv.innerHTML =
'<p><a id="linkToOpenInNewTab" href="' +
childTabSpecContent +
'">Link</a></p>';
content.document.body.appendChild(mainDiv);
}
);
// Execute the test in the child tabs with the two methods to open it.
for (let openFn of [simulateCtrlClick, simulateContextMenuOpenInTab]) {
let promiseTabLoaded = waitForSomeTabToLoad();
openFn(browser);
await promiseTabLoaded;
gBrowser.selectTabAtIndex(2);
if (waitForMetaRefresh) {
await waitForSomeTabToLoad();
}
await testTaskFn();
gBrowser.removeCurrentTab();
}
SitePermissions.removeFromPrincipal(principal, "mixed-content");
}
);
}
function simulateCtrlClick(browser) {
BrowserTestUtils.synthesizeMouseAtCenter(
"#linkToOpenInNewTab",
{ ctrlKey: true, metaKey: true },
browser
);
}
function simulateContextMenuOpenInTab(browser) {
BrowserTestUtils.waitForEvent(document, "popupshown", false, event => {
// These are operations that must be executed synchronously with the event.
document.getElementById("context-openlinkintab").doCommand();
event.target.hidePopup();
return true;
});
BrowserTestUtils.synthesizeMouseAtCenter(
"#linkToOpenInNewTab",
{ type: "contextmenu", button: 2 },
browser
);
}
// Waits for a load event somewhere in the browser but ignore events coming
// from <xul:browser>s without a tab assigned. That are most likely browsers
// that preload the new tab page.
function waitForSomeTabToLoad() {
return BrowserTestUtils.firstBrowserLoaded(window, true, browser => {
let tab = gBrowser.getTabForBrowser(browser);
return !!tab;
});
}
/**
* Ensure the Mixed Content Blocker is enabled.
*/
add_task(async function test_initialize() {
await SpecialPowers.pushPrefEnv({
set: [
["security.mixed_content.block_active_content", true],
// We need to disable the dFPI heuristic. So, we won't have unnecessary
// 3rd party cookie permission that could affect following tests because
// it will create a permission icon on the URL bar.
["privacy.restrict3rdpartystorage.heuristic.recently_visited", false],
],
});
});
/**
* 1. - Load a html page which has mixed content
* - Doorhanger to disable protection appears - we disable it
* - Load a subpage from the same origin in a new tab simulating a click
* - Doorhanger should >> NOT << appear anymore!
*/
add_task(async function test_same_origin() {
await doTest(
HTTPS_TEST_ROOT_1 + "file_bug906190_1.html",
HTTPS_TEST_ROOT_1 + "file_bug906190_2.html",
async function () {
// The doorhanger should appear but activeBlocked should be >> NOT << true,
// because our decision of disabling the mixed content blocker is persistent
// across tabs.
await assertMixedContentBlockingState(gBrowser, {
activeLoaded: true,
activeBlocked: false,
passiveLoaded: false,
});
await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async () => {
Assert.equal(
content.document.getElementById("mctestdiv").innerHTML,
"Mixed Content Blocker disabled",
"OK: Executed mixed script"
);
});
}
);
});
/**
* 2. - Load a html page which has mixed content
* - Doorhanger to disable protection appears - we disable it
* - Load a new page from a different origin in a new tab simulating a click
* - Doorhanger >> SHOULD << appear again!
*/
add_task(async function test_different_origin() {
await doTest(
HTTPS_TEST_ROOT_1 + "file_bug906190_2.html",
HTTPS_TEST_ROOT_2 + "file_bug906190_2.html",
async function () {
// The doorhanger should appear and activeBlocked should be >> TRUE <<,
// because our decision of disabling the mixed content blocker should only
// persist if pages are from the same domain.
await assertMixedContentBlockingState(gBrowser, {
activeLoaded: false,
activeBlocked: true,
passiveLoaded: false,
});
await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async () => {
Assert.equal(
content.document.getElementById("mctestdiv").innerHTML,
"Mixed Content Blocker enabled",
"OK: Blocked mixed script"
);
});
}
);
});
/**
* 3. - Load a html page which has mixed content
* - Doorhanger to disable protection appears - we disable it
* - Load a new page from the same origin in a new tab simulating a click
* - Redirect to another page from the same origin using meta-refresh
* - Doorhanger should >> NOT << appear again!
*/
add_task(async function test_same_origin_metarefresh_same_origin() {
// file_bug906190_3_4.html redirects to page test1.example.com/* using meta-refresh
await doTest(
HTTPS_TEST_ROOT_1 + "file_bug906190_1.html",
HTTPS_TEST_ROOT_1 + "file_bug906190_3_4.html",
async function () {
// The doorhanger should appear but activeBlocked should be >> NOT << true!
await assertMixedContentBlockingState(gBrowser, {
activeLoaded: true,
activeBlocked: false,
passiveLoaded: false,
});
await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async () => {
Assert.equal(
content.document.getElementById("mctestdiv").innerHTML,
"Mixed Content Blocker disabled",
"OK: Executed mixed script"
);
});
},
true
);
});
/**
* 4. - Load a html page which has mixed content
* - Doorhanger to disable protection appears - we disable it
* - Load a new page from the same origin in a new tab simulating a click
* - Redirect to another page from a different origin using meta-refresh
* - Doorhanger >> SHOULD << appear again!
*/
add_task(async function test_same_origin_metarefresh_different_origin() {
await doTest(
HTTPS_TEST_ROOT_2 + "file_bug906190_1.html",
HTTPS_TEST_ROOT_2 + "file_bug906190_3_4.html",
async function () {
// The doorhanger should appear and activeBlocked should be >> TRUE <<.
await assertMixedContentBlockingState(gBrowser, {
activeLoaded: false,
activeBlocked: true,
passiveLoaded: false,
});
await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async () => {
Assert.equal(
content.document.getElementById("mctestdiv").innerHTML,
"Mixed Content Blocker enabled",
"OK: Blocked mixed script"
);
});
},
true
);
});
/**
* 5. - Load a html page which has mixed content
* - Doorhanger to disable protection appears - we disable it
* - Load a new page from the same origin in a new tab simulating a click
* - Redirect to another page from the same origin using 302 redirect
*/
add_task(async function test_same_origin_302redirect_same_origin() {
// the sjs files returns a 302 redirect- note, same origins
await doTest(
HTTPS_TEST_ROOT_1 + "file_bug906190_1.html",
HTTPS_TEST_ROOT_1 + "file_bug906190.sjs",
async function () {
// The doorhanger should appear but activeBlocked should be >> NOT << true.
// Currently it is >> TRUE << - see follow up bug 914860
ok(
!gIdentityHandler._identityBox.classList.contains("mixedActiveBlocked"),
"OK: Mixed Content is NOT being blocked"
);
await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async () => {
Assert.equal(
content.document.getElementById("mctestdiv").innerHTML,
"Mixed Content Blocker disabled",
"OK: Executed mixed script"
);
});
}
);
});
/**
* 6. - Load a html page which has mixed content
* - Doorhanger to disable protection appears - we disable it
* - Load a new page from the same origin in a new tab simulating a click
* - Redirect to another page from a different origin using 302 redirect
*/
add_task(async function test_same_origin_302redirect_different_origin() {
// the sjs files returns a 302 redirect - note, different origins
await doTest(
HTTPS_TEST_ROOT_2 + "file_bug906190_1.html",
HTTPS_TEST_ROOT_2 + "file_bug906190.sjs",
async function () {
// The doorhanger should appear and activeBlocked should be >> TRUE <<.
await assertMixedContentBlockingState(gBrowser, {
activeLoaded: false,
activeBlocked: true,
passiveLoaded: false,
});
await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async () => {
Assert.equal(
content.document.getElementById("mctestdiv").innerHTML,
"Mixed Content Blocker enabled",
"OK: Blocked mixed script"
);
});
}
);
});
/**
* 7. - Test memory leak issue on redirection error. See Bug 1269426.
*/
add_task(async function test_bad_redirection() {
// the sjs files returns a 302 redirect - note, different origins
await doTest(
HTTPS_TEST_ROOT_2 + "file_bug906190_1.html",
HTTPS_TEST_ROOT_2 + "file_bug906190.sjs?bad-redirection=1",
function () {
// Nothing to do. Just see if memory leak is reported in the end.
ok(true, "Nothing to do");
}
);
});

6
browser/base/content/test/siteIdentity/browser_mixed_content_cert_override.js
View File

@@ -45,12 +45,6 @@ add_task(async function () {
await loadBadCertPage(MIXED_CONTENT_URL);
checkIdentityPopup("security-warning.svg");
// check that the crossed out icon is shown when disabling mixed content protection
gIdentityHandler.disableMixedContentProtection();
await BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
checkIdentityPopup("security-broken.svg");
// check that a warning is shown even without mixed content
BrowserTestUtils.startLoadingURIString(
gBrowser.selectedBrowser,

2
browser/base/content/test/siteIdentity/browser_mixed_content_with_navigation.js
View File

@@ -22,7 +22,7 @@ const kTestcases = [
expectedIdentityMode: "mixedDisplayContent",
},
{
uri: kBaseURI + "file_bug1045809_1.html",
uri: kBaseURI + "file_mixedActiveContent_1.html",
expectErrorPage: false,
expectedIdentityMode: "mixedActiveBlocked",
},

15
browser/base/content/test/siteIdentity/browser_mixedcontent_securityflags.js
View File

@@ -7,8 +7,6 @@
// loaded) we load the page and check the flags.
// * We change the about:config prefs (mixed active blocked, mixed display
// blocked), reload the page, and check the flags again.
// * We override protection so all mixed content can load and check the
// flags again.
const TEST_URI =
getRootDirectory(gTestPath).replace(
@@ -56,16 +54,3 @@ add_task(async function blockMixedActiveContentTest() {
passiveLoaded: false,
});
});
add_task(async function overrideMCB() {
// Disable mixed content blocking (reloads page) and retest
let { gIdentityHandler } = gTestBrowser.ownerGlobal;
gIdentityHandler.disableMixedContentProtection();
await BrowserTestUtils.browserLoaded(gTestBrowser);
await assertMixedContentBlockingState(gTestBrowser, {
activeLoaded: true,
activeBlocked: false,
passiveLoaded: true,
});
});

18
browser/base/content/test/siteIdentity/file_bug822367_1.html
View File

@@ -1,18 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
Test 1 for Mixed Content Blocker User Override - Mixed Script
https://bugzilla.mozilla.org/show_bug.cgi?id=822367
-->
<head>
<meta charset="utf-8">
<title>Test 1 for Bug 822367</title>
</head>
<body>
<div id="testContent">
<p id="p1"></p>
</div>
<script src="http://example.com/browser/browser/base/content/test/siteIdentity/file_bug822367_1.js">
</script>
</body>
</html>

1
browser/base/content/test/siteIdentity/file_bug822367_1.js
View File

@@ -1 +0,0 @@
document.getElementById("p1").innerHTML = "hello";

16
browser/base/content/test/siteIdentity/file_bug822367_2.html
View File

@@ -1,16 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
Test 2 for Mixed Content Blocker User Override - Mixed Display
https://bugzilla.mozilla.org/show_bug.cgi?id=822367
-->
<head>
<meta charset="utf-8">
<title>Test 2 for Bug 822367 - Mixed Display</title>
</head>
<body>
<div id="testContent">
<img src="http://example.com/tests/image/test/mochitest/blue.png">
</div>
</body>
</html>

27
browser/base/content/test/siteIdentity/file_bug822367_3.html
View File

@@ -1,27 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
Test 3 for Mixed Content Blocker User Override - Mixed Script and Display
https://bugzilla.mozilla.org/show_bug.cgi?id=822367
-->
<head>
<meta charset="utf-8">
<title>Test 3 for Bug 822367</title>
<script>
function foo() {
var x = document.createElement("p");
x.setAttribute("id", "p2");
x.innerHTML = "bye";
document.getElementById("testContent").appendChild(x);
}
</script>
</head>
<body>
<div id="testContent">
<p id="p1"></p>
<img src="http://example.com/tests/image/test/mochitest/blue.png" onload="foo()">
</div>
<script src="http://example.com/browser/browser/base/content/test/siteIdentity/file_bug822367_1.js">
</script>
</body>
</html>

18
browser/base/content/test/siteIdentity/file_bug822367_4.html
View File

@@ -1,18 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
Test 4 for Mixed Content Blocker User Override - Mixed Script and Display
https://bugzilla.mozilla.org/show_bug.cgi?id=822367
-->
<head>
<meta charset="utf-8">
<title>Test 4 for Bug 822367</title>
</head>
<body>
<div id="testContent">
<p id="p1"></p>
</div>
<script src="http://example.com/browser/browser/base/content/test/siteIdentity/file_bug822367_4.js">
</script>
</body>
</html>

2
browser/base/content/test/siteIdentity/file_bug822367_4.js
View File

@@ -1,2 +0,0 @@
document.location =
"https://example.com/browser/browser/base/content/test/siteIdentity/file_bug822367_4B.html";

18
browser/base/content/test/siteIdentity/file_bug822367_4B.html
View File

@@ -1,18 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
Test 4B for Mixed Content Blocker User Override - Location Changed
https://bugzilla.mozilla.org/show_bug.cgi?id=822367
-->
<head>
<meta charset="utf-8">
<title>Test 4B Location Change for Bug 822367</title>
</head>
<body>
<div id="testContent">
<p id="p1"></p>
</div>
<script src="http://example.com/browser/browser/base/content/test/siteIdentity/file_bug822367_1.js">
</script>
</body>
</html>

23
browser/base/content/test/siteIdentity/file_bug822367_5.html
View File

@@ -1,23 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
Test 5 for Mixed Content Blocker User Override - Mixed Script in document.open()
https://bugzilla.mozilla.org/show_bug.cgi?id=822367
-->
<head>
<meta charset="utf-8">
<title>Test 5 for Bug 822367</title>
<script>
function createDoc() {
var doc = document.open("text/html", "replace");
doc.write('<!DOCTYPE html><html><body><p id="p1">This is some content</p><script src="http://example.com/browser/browser/base/content/test/siteIdentity/file_bug822367_1.js">\<\/script\>\<\/body>\<\/html>');
doc.close();
}
</script>
</head>
<body>
<div id="testContent">
<img src="https://example.com/tests/image/test/mochitest/blue.png" onload="createDoc()">
</div>
</body>
</html>

16
browser/base/content/test/siteIdentity/file_bug822367_6.html
View File

@@ -1,16 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
Test 6 for Mixed Content Blocker User Override - Mixed Script in document.open() within an iframe
https://bugzilla.mozilla.org/show_bug.cgi?id=822367
-->
<head>
<meta charset="utf-8">
<title>Test 6 for Bug 822367</title>
</head>
<body>
<div id="testContent">
<iframe name="f1" id="f1" src="https://example.com/browser/browser/base/content/test/siteIdentity/file_bug822367_5.html"></iframe>
</div>
</body>
</html>

6
browser/base/content/test/siteIdentity/file_bug902156.js
View File

@@ -1,6 +0,0 @@
/*
* Once the mixed content blocker is disabled for the page, this scripts loads
* and updates the text inside the div container.
*/
document.getElementById("mctestdiv").innerHTML =
"Mixed Content Blocker disabled";

15
browser/base/content/test/siteIdentity/file_bug902156_1.html
View File

@@ -1,15 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
Test 1 for Bug 902156 - See file browser_bug902156.js for description.
https://bugzilla.mozilla.org/show_bug.cgi?id=902156
-->
<head>
<meta charset="utf-8">
<title>Test 1 for Bug 902156</title>
</head>
<body>
<div id="mctestdiv">Mixed Content Blocker enabled</div>
<script src="http://test1.example.com/browser/browser/base/content/test/siteIdentity/file_bug902156.js" ></script>
</body>
</html>

17
browser/base/content/test/siteIdentity/file_bug902156_2.html
View File

@@ -1,17 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
Test 2 for Bug 902156 - See file browser_bug902156.js for description.
https://bugzilla.mozilla.org/show_bug.cgi?id=902156
-->
<head>
<meta charset="utf-8">
<title>Test 2 for Bug 902156</title>
</head>
<body>
<div id="mctestdiv">Mixed Content Blocker enabled</div>
<a href="https://test2.example.com/browser/browser/base/content/test/siteIdentity/file_bug902156_1.html"
id="mctestlink" target="_top">Go to http site</a>
<script src="http://test2.example.com/browser/browser/base/content/test/siteIdentity/file_bug902156.js" ></script>
</body>
</html>

15
browser/base/content/test/siteIdentity/file_bug902156_3.html
View File

@@ -1,15 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
Test 3 for Bug 902156 - See file browser_bug902156.js for description.
https://bugzilla.mozilla.org/show_bug.cgi?id=902156
-->
<head>
<meta charset="utf-8">
<title>Test 3 for Bug 902156</title>
</head>
<body>
<div id="mctestdiv">Mixed Content Blocker enabled</div>
<script src="http://test1.example.com/browser/browser/base/content/test/siteIdentity/file_bug902156.js" ></script>
</body>
</html>

6
browser/base/content/test/siteIdentity/file_bug906190.js
View File

@@ -1,6 +0,0 @@
/*
* Once the mixed content blocker is disabled for the page, this scripts loads
* and updates the text inside the div container.
*/
document.getElementById("mctestdiv").innerHTML =
"Mixed Content Blocker disabled";

18
browser/base/content/test/siteIdentity/file_bug906190.sjs
View File

@@ -1,18 +0,0 @@
function handleRequest(request, response) {
var page = "<!DOCTYPE html><html><body>bug 906190</body></html>";
var path =
"https://test1.example.com/browser/browser/base/content/test/siteIdentity/";
var url;
if (request.queryString.includes("bad-redirection=1")) {
url = path + "this_page_does_not_exist.html";
} else {
url = path + "file_bug906190_redirected.html";
}
response.setHeader("Cache-Control", "no-cache", false);
response.setHeader("Content-Type", "text/html", false);
response.setStatusLine(request.httpVersion, "302", "Found");
response.setHeader("Location", url, false);
response.write(page);
}

15
browser/base/content/test/siteIdentity/file_bug906190_1.html
View File

@@ -1,15 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
Test 1 for Bug 906190 - See file browser_bug902156.js for description.
https://bugzilla.mozilla.org/show_bug.cgi?id=906190
-->
<head>
<meta charset="utf-8">
<title>Test 1 for Bug 906190</title>
</head>
<body>
<div id="mctestdiv">Mixed Content Blocker enabled</div>
<script src="http://test1.example.com/browser/browser/base/content/test/siteIdentity/file_bug906190.js" ></script>
</body>
</html>

15
browser/base/content/test/siteIdentity/file_bug906190_2.html
View File

@@ -1,15 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
Test 2 for Bug 906190 - See file browser_bug902156.js for description.
https://bugzilla.mozilla.org/show_bug.cgi?id=906190
-->
<head>
<meta charset="utf-8">
<title>Test 2 for Bug 906190</title>
</head>
<body>
<div id="mctestdiv">Mixed Content Blocker enabled</div>
<script src="http://test2.example.com/browser/browser/base/content/test/siteIdentity/file_bug906190.js" ></script>
</body>
</html>

14
browser/base/content/test/siteIdentity/file_bug906190_3_4.html
View File

@@ -1,14 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
Test 3 and 4 for Bug 906190 - See file browser_bug902156.js for description.
https://bugzilla.mozilla.org/show_bug.cgi?id=906190
-->
<head>
<meta charset="utf-8">
<meta http-equiv="refresh" content="0; url=https://test1.example.com/browser/browser/base/content/test/siteIdentity/file_bug906190_redirected.html">
<title>Test 3 and 4 for Bug 906190</title>
</head>
<body>
</body>
</html>

15
browser/base/content/test/siteIdentity/file_bug906190_redirected.html
View File

@@ -1,15 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
Redirected Page of Test 3 to 6 for Bug 906190 - See file browser_bug902156.js for description.
https://bugzilla.mozilla.org/show_bug.cgi?id=906190
-->
<head>
<meta charset="utf-8">
<title>Redirected Page for Bug 906190</title>
</head>
<body>
<div id="mctestdiv">Mixed Content Blocker enabled</div>
<script src="http://test1.example.com/browser/browser/base/content/test/siteIdentity/file_bug906190.js" ></script>
</body>
</html>

0
browser/base/content/test/siteIdentity/file_bug1045809_1.html → browser/base/content/test/siteIdentity/file_mixedActiveContent_1.html
View File

0
browser/base/content/test/siteIdentity/file_bug1045809_2.html → browser/base/content/test/siteIdentity/file_mixedActiveContent_2.html
View File

11
browser/components/controlcenter/content/identityPanel.inc.xhtml
View File

@@ -179,17 +179,6 @@
<html:a is="moz-support-link" when-mixedcontent="active-loaded"
and-when-loginforms="secure" class="identity-popup-mcb-learn-more" support-page="mixed-content"/>
</hbox>
<!-- Buttons to enable/disable mixed content blocking. -->
<button id="identity-popup-disable-mixed-content-blocking"
when-mixedcontent="active-blocked"
data-l10n-id="identity-disable-mixed-content-blocking"
class="panel-button"/>
<button id="identity-popup-enable-mixed-content-blocking"
when-mixedcontent="active-loaded"
data-l10n-id="identity-enable-mixed-content-blocking"
class="panel-button"/>
</vbox>
</vbox>

6
browser/locales/en-US/browser/browser.ftl
View File

@@ -454,12 +454,6 @@ identity-description-passive-loaded-insecure2 = This website contains content th
identity-description-passive-loaded-mixed2 = Although { -brand-short-name } has blocked some content, there is still content on the page that is not secure (such as images).
identity-description-active-loaded = This website contains content that is not secure (such as scripts) and your connection to it is not private.
identity-description-active-loaded-insecure = Information you share with this site could be viewed by others (like passwords, messages, credit cards, etc.).
identity-disable-mixed-content-blocking =
.label = Disable protection for now
.accesskey = D
identity-enable-mixed-content-blocking =
.label = Enable protection
.accesskey = E
identity-more-info-link-text =
.label = More information

34
browser/tools/mozscreenshots/mozscreenshots/extension/configurations/ControlCenter.sys.mjs
View File

@@ -179,40 +179,6 @@ export var ControlCenter = {
},
},
mixedActiveUnblocked: {
selectors: CC_SELECTORS,
async applyConfig() {
let browserWindow =
Services.wm.getMostRecentWindow("navigator:browser");
let gBrowser = browserWindow.gBrowser;
await loadPage(MIXED_ACTIVE_CONTENT_URL);
gBrowser.ownerGlobal.gIdentityHandler.disableMixedContentProtection();
await BrowserTestUtils.browserLoaded(
gBrowser.selectedBrowser,
false,
MIXED_ACTIVE_CONTENT_URL
);
await openIdentityPopup();
},
},
mixedActiveUnblockedSubView: {
selectors: CC_SELECTORS,
async applyConfig() {
let browserWindow =
Services.wm.getMostRecentWindow("navigator:browser");
let gBrowser = browserWindow.gBrowser;
await loadPage(MIXED_ACTIVE_CONTENT_URL);
gBrowser.ownerGlobal.gIdentityHandler.disableMixedContentProtection();
await BrowserTestUtils.browserLoaded(
gBrowser.selectedBrowser,
false,
MIXED_ACTIVE_CONTENT_URL
);
await openIdentityPopup(true);
},
},
httpPassword: {
selectors: CC_SELECTORS,
async applyConfig() {

37
devtools/client/webconsole/test/browser/browser_webconsole_block_mixedcontent_securityerrors.js
View File

@@ -6,9 +6,9 @@
// It then checks that the blocked mixed content warning messages
// are logged to the console and have the correct "Learn More"
// url appended to them. After the first test finishes, it invokes
// a second test that overrides the mixed content blocker settings
// by clicking on the doorhanger shield and validates that the
// appropriate messages are logged to console.
// a second test that disables the mixed content blocker by prefs
// and validates that the appropriate messages are logged to
// console.
// Bug 875456 - Log mixed content messages from the Mixed Content
// Blocker to the Security Pane in the Web Console.
@@ -35,7 +35,13 @@ const displayContentText =
"secure page";
add_task(async function () {
await pushPrefEnv();
await SpecialPowers.pushPrefEnv({
set: [
["security.mixed_content.block_active_content", true],
["security.mixed_content.block_display_content", true],
["security.mixed_content.upgrade_display_content", false],
],
});
const hud = await openNewTabAndConsole(TEST_URI);
@@ -68,8 +74,15 @@ add_task(async function () {
gIdentityHandler._identityBox.classList.contains("mixedActiveBlocked"),
"Mixed Active Content state appeared on identity box"
);
// Disabe mixed content protection.
gIdentityHandler.disableMixedContentProtection();
await SpecialPowers.pushPrefEnv({
set: [
["security.mixed_content.block_active_content", false],
["security.mixed_content.block_display_content", false],
["security.mixed_content.upgrade_display_content", false],
],
});
const waitForWarningMessage = text =>
waitFor(() => findWarningMessage(hud, text), undefined, 100);
@@ -77,6 +90,8 @@ add_task(async function () {
const onMixedActiveContent = waitForWarningMessage(activeContentText);
const onMixedDisplayContent = waitForWarningMessage(displayContentText);
gBrowser.reload();
await onMixedDisplayContent;
ok(true, "Mixed display content warning message is visible");
@@ -91,16 +106,4 @@ add_task(async function () {
LEARN_MORE_URI,
`Clicking the provided link opens ${response.link}`
);
gIdentityHandler.enableMixedContentProtectionNoReload();
});
function pushPrefEnv() {
const prefs = [
["security.mixed_content.block_active_content", true],
["security.mixed_content.block_display_content", true],
["security.mixed_content.upgrade_display_content", false],
];
return Promise.all(prefs.map(([pref, value]) => pushPref(pref, value)));
}

6
docshell/base/WindowContext.cpp
View File

@@ -239,12 +239,6 @@ bool WindowContext::CanSet(FieldIndex<IDX_IsSecure>, const bool& aIsSecure,
return CheckOnlyOwningProcessCanSet(aSource);
}
bool WindowContext::CanSet(FieldIndex<IDX_AllowMixedContent>,
const bool& aAllowMixedContent,
ContentParent* aSource) {
return CheckOnlyOwningProcessCanSet(aSource);
}
bool WindowContext::CanSet(FieldIndex<IDX_HasBeforeUnload>,
const bool& aHasBeforeUnload,
ContentParent* aSource) {

5
docshell/base/WindowContext.h
View File

@@ -62,9 +62,6 @@ class BrowsingContextGroup;
/* Mixed-Content: If the corresponding documentURI is https, \
* then this flag is true. */ \
FIELD(IsSecure, bool) \
/* Whether the user has overriden the mixed content blocker to allow \
* mixed content loads to happen */ \
FIELD(AllowMixedContent, bool) \
/* Whether this window has registered a "beforeunload" event \
* handler */ \
FIELD(HasBeforeUnload, bool) \
@@ -274,8 +271,6 @@ class WindowContext : public nsISupports, public nsWrapperCache {
// Overload `CanSet` to get notifications for a particular field being set.
bool CanSet(FieldIndex<IDX_IsSecure>, const bool& aIsSecure,
ContentParent* aSource);
bool CanSet(FieldIndex<IDX_AllowMixedContent>, const bool& aAllowMixedContent,
ContentParent* aSource);
bool CanSet(FieldIndex<IDX_HasBeforeUnload>, const bool& aHasBeforeUnload,
ContentParent* aSource);

13
dom/ipc/WindowGlobalActor.cpp
View File

@@ -121,19 +121,6 @@ WindowGlobalInit WindowGlobalActor::WindowInitializer(
// Initialize top level permission fields
if (aWindow->GetBrowsingContext()->IsTop()) {
fields.Get<Indexes::IDX_AllowMixedContent>() = [&] {
uint32_t permit = nsIPermissionManager::UNKNOWN_ACTION;
nsCOMPtr<nsIPermissionManager> permissionManager =
components::PermissionManager::Service();
if (permissionManager) {
permissionManager->TestPermissionFromPrincipal(
init.principal(), "mixed-content"_ns, &permit);
}
return permit == nsIPermissionManager::ALLOW_ACTION;
}();
fields.Get<Indexes::IDX_ShortcutsPermission>() =
nsGlobalWindowInner::GetShortcutsPermission(init.principal());
}

7
dom/security/nsMixedContentBlocker.cpp
View File

@@ -824,7 +824,6 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
// Content
WindowContext* topWC = requestingWindow->TopWindowContext();
bool rootHasSecureConnection = topWC->GetIsSecure();
bool allowMixedContent = topWC->GetAllowMixedContent();
// When navigating an iframe, the iframe may be https but its parents may not
// be. Check the parents to see if any of them are https. If none of the
@@ -897,8 +896,7 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
// If the content is display content, and the pref says display content should
// be blocked, block it.
if (classification == eMixedDisplay) {
if (!StaticPrefs::security_mixed_content_block_display_content() ||
allowMixedContent) {
if (!StaticPrefs::security_mixed_content_block_display_content()) {
*aDecision = nsIContentPolicy::ACCEPT;
// User has overriden the pref and the root is not https;
// mixed display content was allowed on an https subframe.
@@ -916,8 +914,7 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
MOZ_ASSERT(classification == eMixedScript);
// If the content is active content, and the pref says active content should
// be blocked, block it unless the user has choosen to override the pref
if (!StaticPrefs::security_mixed_content_block_active_content() ||
allowMixedContent) {
if (!StaticPrefs::security_mixed_content_block_active_content()) {
*aDecision = nsIContentPolicy::ACCEPT;
// User has already overriden the pref and the root is not https;
// mixed active content was allowed on an https subframe.