Some addons (namely the Google Widevine EME Content Decryption Module) are
served from web servers that don't send Content-Length headers, and
nsIIncrementalDownload can't handle such downloads.
Also, change ProductAddonChecker to create XHRs used to download XML through a layer of indirection.
This ensures that test_GMPInstallManager can change the XHR response for the
update.xml requests without affecting the XHR requests to download the test
GMP.
Also add more error handlers on the addon download XHR.
The system add-on update checks will use the same update.xml format as GMP so
this splits out the code for parsing and downloading files into a standalone
module that both can reuse.
The GMP manager uses a copy of the update service's url formatting code and has
since fallen out of sync. We'll also want to use the same formatting code for
the system add-on update checks so this just exposes it in a shared API.
I've moved the contents of UpdateChannel.jsm to UpdateUtils.jsm and exposed
formatUpdateURL there as well as a few properties that the update service still
needs access to.
UpdateUtils.UpdateChannel is intended to be a lazy getter but isn't for now
since tests expect to be able to change the update channel at runtime.
The system add-on update checks will use the same update.xml format as GMP so
this splits out the code for parsing and downloading files into a standalone
module that both can reuse.
The GMP manager uses a copy of the update service's url formatting code and has
since fallen out of sync. We'll also want to use the same formatting code for
the system add-on update checks so this just exposes it in a shared API.
I've moved the contents of UpdateChannel.jsm to UpdateUtils.jsm and exposed
formatUpdateURL there as well as a few properties that the update service still
needs access to.
UpdateUtils.UpdateChannel is intended to be a lazy getter but isn't for now
since tests expect to be able to change the update channel at runtime.
Prior to this patch, a Man in the Middle (MITM) attack on SSL could cause GMPInstallManager to fail during the check for updates, which in turn would cause a crash during shutdown. This was observed in the wild by users of recent versions of Avast, which performs such attacks on SSL as part of its "HTTPS scanning" feature. With this patch, errors are handled more gracefully. The attack still prevents any update (including the install of OpenH264) but at least it does not cause a crash anymore.
