From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- remote/cdp/domains/parent/Security.sys.mjs | 58 ++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 remote/cdp/domains/parent/Security.sys.mjs (limited to 'remote/cdp/domains/parent/Security.sys.mjs') diff --git a/remote/cdp/domains/parent/Security.sys.mjs b/remote/cdp/domains/parent/Security.sys.mjs new file mode 100644 index 0000000000..ab3987fc66 --- /dev/null +++ b/remote/cdp/domains/parent/Security.sys.mjs @@ -0,0 +1,58 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs"; + +import { Domain } from "chrome://remote/content/cdp/domains/Domain.sys.mjs"; + +const lazy = {}; + +ChromeUtils.defineESModuleGetters(lazy, { + Preferences: "resource://gre/modules/Preferences.sys.mjs", +}); + +XPCOMUtils.defineLazyServiceGetters(lazy, { + sss: ["@mozilla.org/ssservice;1", "nsISiteSecurityService"], + certOverrideService: [ + "@mozilla.org/security/certoverride;1", + "nsICertOverrideService", + ], +}); + +const CERT_PINNING_ENFORCEMENT_PREF = "security.cert_pinning.enforcement_level"; +const HSTS_PRELOAD_LIST_PREF = "network.stricttransportsecurity.preloadlist"; + +export class Security extends Domain { + destructor() { + this.setIgnoreCertificateErrors({ ignore: false }); + } + + /** + * Enable/disable whether all certificate errors should be ignored + * + * @param {object} options + * @param {boolean=} options.ignore + * if true, all certificate errors will be ignored. + */ + setIgnoreCertificateErrors(options = {}) { + const { ignore } = options; + + if (ignore) { + // make it possible to register certificate overrides for domains + // that use HSTS or HPKP + lazy.Preferences.set(HSTS_PRELOAD_LIST_PREF, false); + lazy.Preferences.set(CERT_PINNING_ENFORCEMENT_PREF, 0); + } else { + lazy.Preferences.reset(HSTS_PRELOAD_LIST_PREF); + lazy.Preferences.reset(CERT_PINNING_ENFORCEMENT_PREF); + + // clear collected HSTS and HPKP state + lazy.sss.clearAll(); + } + + lazy.certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData( + ignore + ); + } +} -- cgit v1.2.3