1 files changed, 31 insertions, 14 deletions

diff --git a/security/manager/ssl/ClientAuthDialogService.sys.mjs b/security/manager/ssl/ClientAuthDialogService.sys.mjs
index 7019dcc5cd..2405822079 100644
--- a/security/manager/ssl/ClientAuthDialogService.sys.mjs
+++ b/security/manager/ssl/ClientAuthDialogService.sys.mjs
@@ -8,6 +8,12 @@
 // that resulted in the request for the client authentication certificate.
 export function ClientAuthDialogService() {}
 
+const lazy = {};
+
+ChromeUtils.defineESModuleGetters(lazy, {
+  PromptUtils: "resource://gre/modules/PromptUtils.sys.mjs",
+});
+
 // Given a loadContext (CanonicalBrowsingContext), attempts to return a
 // TabDialogBox for the browser corresponding to loadContext.
 function getTabDialogBoxForLoadContext(loadContext) {
@@ -35,34 +41,45 @@ ClientAuthDialogService.prototype = {
   ) {
     const clientAuthAskURI = "chrome://pippki/content/clientauthask.xhtml";
     let retVals = { cert: null, rememberDecision: false };
+    let args = lazy.PromptUtils.objectToPropBag({
+      hostname,
+      certArray,
+      retVals,
+    });
+
     // First attempt to find a TabDialogBox for the loadContext. This allows
     // for a tab-modal dialog specific to the tab causing the load, which is a
     // better user experience.
     let tabDialogBox = getTabDialogBoxForLoadContext(loadContext);
     if (tabDialogBox) {
-      tabDialogBox
-        .open(clientAuthAskURI, {}, { hostname, certArray, retVals })
-        .closedPromise.then(() => {
-          callback.certificateChosen(retVals.cert, retVals.rememberDecision);
-        });
+      tabDialogBox.open(clientAuthAskURI, {}, args).closedPromise.then(() => {
+        callback.certificateChosen(retVals.cert, retVals.rememberDecision);
+      });
       return;
     }
     // Otherwise, attempt to open a window-modal dialog on the window that at
     // least has the tab the load is occurring in.
     let browserWindow = loadContext?.topFrameElement?.ownerGlobal;
     // Failing that, open a window-modal dialog on the most recent window.
-    if (!browserWindow) {
+    if (!browserWindow?.gDialogBox) {
       browserWindow = Services.wm.getMostRecentBrowserWindow();
     }
-    if (browserWindow) {
-      browserWindow.gDialogBox
-        .open(clientAuthAskURI, { hostname, certArray, retVals })
-        .then(() => {
-          callback.certificateChosen(retVals.cert, retVals.rememberDecision);
-        });
+
+    if (browserWindow?.gDialogBox) {
+      browserWindow.gDialogBox.open(clientAuthAskURI, args).then(() => {
+        callback.certificateChosen(retVals.cert, retVals.rememberDecision);
+      });
       return;
     }
-    // Otherwise, continue the connection with no certificate.
-    callback.certificateChosen(null, false);
+
+    let mostRecentWindow = Services.wm.getMostRecentWindow("");
+    Services.ww.openWindow(
+      mostRecentWindow,
+      clientAuthAskURI,
+      "_blank",
+      "centerscreen,chrome,modal,titlebar",
+      args
+    );
+    callback.certificateChosen(retVals.cert, retVals.rememberDecision);
   },
 };