diff options
Diffstat (limited to '')
-rw-r--r-- | remote/domains/parent/Security.jsm | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/remote/domains/parent/Security.jsm b/remote/domains/parent/Security.jsm new file mode 100644 index 0000000000..5114dd1069 --- /dev/null +++ b/remote/domains/parent/Security.jsm @@ -0,0 +1,55 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +var EXPORTED_SYMBOLS = ["Security"]; + +const { Domain } = ChromeUtils.import( + "chrome://remote/content/domains/Domain.jsm" +); + +const { Preferences } = ChromeUtils.import( + "resource://gre/modules/Preferences.jsm" +); +const { XPCOMUtils } = ChromeUtils.import( + "resource://gre/modules/XPCOMUtils.jsm" +); + +XPCOMUtils.defineLazyServiceGetters(this, { + sss: ["@mozilla.org/ssservice;1", "nsISiteSecurityService"], + certOverrideService: [ + "@mozilla.org/security/certoverride;1", + "nsICertOverrideService", + ], +}); + +const CERT_PINNING_ENFORCEMENT_PREF = "security.cert_pinning.enforcement_level"; +const HSTS_PRELOAD_LIST_PREF = "network.stricttransportsecurity.preloadlist"; + +class Security extends Domain { + destructor() { + this.setIgnoreCertificateErrors({ ignore: false }); + } + + setIgnoreCertificateErrors({ ignore }) { + if (ignore) { + // make it possible to register certificate overrides for domains + // that use HSTS or HPKP + Preferences.set(HSTS_PRELOAD_LIST_PREF, false); + Preferences.set(CERT_PINNING_ENFORCEMENT_PREF, 0); + } else { + Preferences.reset(HSTS_PRELOAD_LIST_PREF); + Preferences.reset(CERT_PINNING_ENFORCEMENT_PREF); + + // clear collected HSTS and HPKP state + sss.clearAll(); + sss.clearPreloads(); + } + + certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData( + ignore + ); + } +} |