зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1667965 - Do not mark PDFs served via plain HTTP as trustworthy in siteIdentity. r=johannh
With this patch we skip the isSecureContext check for pdf.js principals. This fixes the bug, but has the side-effect that we will show secure, non-HTTPS contexts as insecure. Differential Revision: https://phabricator.services.mozilla.com/D108969
This commit is contained in:
Родитель
abe02307ff
Коммит
1bf7bbf9fb
|
@ -158,9 +158,20 @@ var gIdentityHandler = {
|
|||
);
|
||||
},
|
||||
|
||||
get _isPDFViewer() {
|
||||
return gBrowser.contentPrincipal?.originNoSuffix == "resource://pdf.js";
|
||||
},
|
||||
|
||||
get _isPotentiallyTrustworthy() {
|
||||
// For PDF viewer pages (pdf.js) we can't rely on the isSecureContext
|
||||
// field. The backend will return isSecureContext = true, because the
|
||||
// content principal has a resource:// URI. Since we don't check
|
||||
// isSecureContext for PDF viewer pages anymore, otherwise secure
|
||||
// contexts, such as a localhost, will me marked as insecure when showing
|
||||
// PDFs.
|
||||
return (
|
||||
!this._isBrokenConnection &&
|
||||
!this._isPDFViewer &&
|
||||
(this._isSecureContext ||
|
||||
(gBrowser.selectedBrowser.documentURI &&
|
||||
gBrowser.selectedBrowser.documentURI.scheme == "chrome"))
|
||||
|
|
|
@ -111,6 +111,8 @@ tags = mcb
|
|||
support-files =
|
||||
test_no_mcb_for_onions.html
|
||||
[browser_check_identity_state.js]
|
||||
support-files =
|
||||
file_pdf.pdf
|
||||
[browser_iframe_navigation.js]
|
||||
support-files =
|
||||
iframe_navigation.html
|
||||
|
|
|
@ -704,3 +704,32 @@ add_task(async function test_pb_mode() {
|
|||
];
|
||||
await pbModeTest(prefs, false);
|
||||
});
|
||||
|
||||
/**
|
||||
* Tests that sites opened via the PDF viewer have the correct identity state.
|
||||
*/
|
||||
add_task(async function test_pdf() {
|
||||
const PDF_URI_NOSCHEME =
|
||||
getRootDirectory(gTestPath).replace(
|
||||
"chrome://mochitests/content",
|
||||
"example.com"
|
||||
) + "file_pdf.pdf";
|
||||
|
||||
const PDF_URI_SECURE = "https://" + PDF_URI_NOSCHEME;
|
||||
const PDF_URI_INSECURE = "http://" + PDF_URI_NOSCHEME;
|
||||
|
||||
await BrowserTestUtils.withNewTab(PDF_URI_INSECURE, async () => {
|
||||
is(
|
||||
getIdentityMode(),
|
||||
"notSecure",
|
||||
"Identity should be notSecure for a PDF served via HTTP."
|
||||
);
|
||||
});
|
||||
await BrowserTestUtils.withNewTab(PDF_URI_SECURE, async () => {
|
||||
is(
|
||||
getIdentityMode(),
|
||||
"verifiedDomain",
|
||||
"Identity should be verifiedDomain for a PDF served via HTTPS."
|
||||
);
|
||||
});
|
||||
});
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
%PDF-1.0
|
||||
1 0 obj<</Type/Catalog/Pages 2 0 R>>endobj 2 0 obj<</Type/Pages/Kids[3 0 R]/Count 1>>endobj 3 0 obj<</Type/Page/MediaBox[0 0 3 3]>>endobj
|
||||
xref
|
||||
0 4
|
||||
0000000000 65535 f
|
||||
0000000010 00000 n
|
||||
0000000053 00000 n
|
||||
0000000102 00000 n
|
||||
trailer<</Size 4/Root 1 0 R>>
|
||||
startxref
|
||||
149
|
||||
%EOF
|
Загрузка…
Ссылка в новой задаче