summaryrefslogtreecommitdiffstats
path: root/remote/cdp/domains/parent/Security.sys.mjs
diff options
context:
space:
mode:
Diffstat (limited to 'remote/cdp/domains/parent/Security.sys.mjs')
-rw-r--r--remote/cdp/domains/parent/Security.sys.mjs58
1 files changed, 58 insertions, 0 deletions
diff --git a/remote/cdp/domains/parent/Security.sys.mjs b/remote/cdp/domains/parent/Security.sys.mjs
new file mode 100644
index 0000000000..ab3987fc66
--- /dev/null
+++ b/remote/cdp/domains/parent/Security.sys.mjs
@@ -0,0 +1,58 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";
+
+import { Domain } from "chrome://remote/content/cdp/domains/Domain.sys.mjs";
+
+const lazy = {};
+
+ChromeUtils.defineESModuleGetters(lazy, {
+ Preferences: "resource://gre/modules/Preferences.sys.mjs",
+});
+
+XPCOMUtils.defineLazyServiceGetters(lazy, {
+ sss: ["@mozilla.org/ssservice;1", "nsISiteSecurityService"],
+ certOverrideService: [
+ "@mozilla.org/security/certoverride;1",
+ "nsICertOverrideService",
+ ],
+});
+
+const CERT_PINNING_ENFORCEMENT_PREF = "security.cert_pinning.enforcement_level";
+const HSTS_PRELOAD_LIST_PREF = "network.stricttransportsecurity.preloadlist";
+
+export class Security extends Domain {
+ destructor() {
+ this.setIgnoreCertificateErrors({ ignore: false });
+ }
+
+ /**
+ * Enable/disable whether all certificate errors should be ignored
+ *
+ * @param {object} options
+ * @param {boolean=} options.ignore
+ * if true, all certificate errors will be ignored.
+ */
+ setIgnoreCertificateErrors(options = {}) {
+ const { ignore } = options;
+
+ if (ignore) {
+ // make it possible to register certificate overrides for domains
+ // that use HSTS or HPKP
+ lazy.Preferences.set(HSTS_PRELOAD_LIST_PREF, false);
+ lazy.Preferences.set(CERT_PINNING_ENFORCEMENT_PREF, 0);
+ } else {
+ lazy.Preferences.reset(HSTS_PRELOAD_LIST_PREF);
+ lazy.Preferences.reset(CERT_PINNING_ENFORCEMENT_PREF);
+
+ // clear collected HSTS and HPKP state
+ lazy.sss.clearAll();
+ }
+
+ lazy.certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+ ignore
+ );
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 18:29:45 +0000