diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:29:10 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:29:10 +0000 |
| commit | 2aa4a82499d4becd2284cdb482213d541b8804dd (patch) | |
| tree | b80bf8bf13c3766139fbacc530efd0dd9d54394c /remote/domains/parent/Security.jsm | |
| parent | Initial commit. (diff) | |
| download | firefox-upstream.tar.xz firefox-upstream.zip | |
Adding upstream version 86.0.1.upstream/86.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'remote/domains/parent/Security.jsm')
| -rw-r--r-- | remote/domains/parent/Security.jsm | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/remote/domains/parent/Security.jsm b/remote/domains/parent/Security.jsm new file mode 100644 index 0000000000..5114dd1069 --- /dev/null +++ b/remote/domains/parent/Security.jsm @@ -0,0 +1,55 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +var EXPORTED_SYMBOLS = ["Security"]; + +const { Domain } = ChromeUtils.import( + "chrome://remote/content/domains/Domain.jsm" +); + +const { Preferences } = ChromeUtils.import( + "resource://gre/modules/Preferences.jsm" +); +const { XPCOMUtils } = ChromeUtils.import( + "resource://gre/modules/XPCOMUtils.jsm" +); + +XPCOMUtils.defineLazyServiceGetters(this, { + sss: ["@mozilla.org/ssservice;1", "nsISiteSecurityService"], + certOverrideService: [ + "@mozilla.org/security/certoverride;1", + "nsICertOverrideService", + ], +}); + +const CERT_PINNING_ENFORCEMENT_PREF = "security.cert_pinning.enforcement_level"; +const HSTS_PRELOAD_LIST_PREF = "network.stricttransportsecurity.preloadlist"; + +class Security extends Domain { + destructor() { + this.setIgnoreCertificateErrors({ ignore: false }); + } + + setIgnoreCertificateErrors({ ignore }) { + if (ignore) { + // make it possible to register certificate overrides for domains + // that use HSTS or HPKP + Preferences.set(HSTS_PRELOAD_LIST_PREF, false); + Preferences.set(CERT_PINNING_ENFORCEMENT_PREF, 0); + } else { + Preferences.reset(HSTS_PRELOAD_LIST_PREF); + Preferences.reset(CERT_PINNING_ENFORCEMENT_PREF); + + // clear collected HSTS and HPKP state + sss.clearAll(); + sss.clearPreloads(); + } + + certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData( + ignore + ); + } +} |