зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1667965 - Do not mark PDFs served via plain HTTP as trustworthy in siteIdentity. r=johannh
With this patch we skip the isSecureContext check for pdf.js principals. This fixes the bug, but has the side-effect that we will show secure, non-HTTPS contexts as insecure. Differential Revision: https://phabricator.services.mozilla.com/D108969
This commit is contained in:
Родитель
abe02307ff
Коммит
1bf7bbf9fb
|
@ -158,9 +158,20 @@ var gIdentityHandler = {
|
||||||
);
|
);
|
||||||
},
|
},
|
||||||
|
|
||||||
|
get _isPDFViewer() {
|
||||||
|
return gBrowser.contentPrincipal?.originNoSuffix == "resource://pdf.js";
|
||||||
|
},
|
||||||
|
|
||||||
get _isPotentiallyTrustworthy() {
|
get _isPotentiallyTrustworthy() {
|
||||||
|
// For PDF viewer pages (pdf.js) we can't rely on the isSecureContext
|
||||||
|
// field. The backend will return isSecureContext = true, because the
|
||||||
|
// content principal has a resource:// URI. Since we don't check
|
||||||
|
// isSecureContext for PDF viewer pages anymore, otherwise secure
|
||||||
|
// contexts, such as a localhost, will me marked as insecure when showing
|
||||||
|
// PDFs.
|
||||||
return (
|
return (
|
||||||
!this._isBrokenConnection &&
|
!this._isBrokenConnection &&
|
||||||
|
!this._isPDFViewer &&
|
||||||
(this._isSecureContext ||
|
(this._isSecureContext ||
|
||||||
(gBrowser.selectedBrowser.documentURI &&
|
(gBrowser.selectedBrowser.documentURI &&
|
||||||
gBrowser.selectedBrowser.documentURI.scheme == "chrome"))
|
gBrowser.selectedBrowser.documentURI.scheme == "chrome"))
|
||||||
|
|
|
@ -111,6 +111,8 @@ tags = mcb
|
||||||
support-files =
|
support-files =
|
||||||
test_no_mcb_for_onions.html
|
test_no_mcb_for_onions.html
|
||||||
[browser_check_identity_state.js]
|
[browser_check_identity_state.js]
|
||||||
|
support-files =
|
||||||
|
file_pdf.pdf
|
||||||
[browser_iframe_navigation.js]
|
[browser_iframe_navigation.js]
|
||||||
support-files =
|
support-files =
|
||||||
iframe_navigation.html
|
iframe_navigation.html
|
||||||
|
|
|
@ -704,3 +704,32 @@ add_task(async function test_pb_mode() {
|
||||||
];
|
];
|
||||||
await pbModeTest(prefs, false);
|
await pbModeTest(prefs, false);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests that sites opened via the PDF viewer have the correct identity state.
|
||||||
|
*/
|
||||||
|
add_task(async function test_pdf() {
|
||||||
|
const PDF_URI_NOSCHEME =
|
||||||
|
getRootDirectory(gTestPath).replace(
|
||||||
|
"chrome://mochitests/content",
|
||||||
|
"example.com"
|
||||||
|
) + "file_pdf.pdf";
|
||||||
|
|
||||||
|
const PDF_URI_SECURE = "https://" + PDF_URI_NOSCHEME;
|
||||||
|
const PDF_URI_INSECURE = "http://" + PDF_URI_NOSCHEME;
|
||||||
|
|
||||||
|
await BrowserTestUtils.withNewTab(PDF_URI_INSECURE, async () => {
|
||||||
|
is(
|
||||||
|
getIdentityMode(),
|
||||||
|
"notSecure",
|
||||||
|
"Identity should be notSecure for a PDF served via HTTP."
|
||||||
|
);
|
||||||
|
});
|
||||||
|
await BrowserTestUtils.withNewTab(PDF_URI_SECURE, async () => {
|
||||||
|
is(
|
||||||
|
getIdentityMode(),
|
||||||
|
"verifiedDomain",
|
||||||
|
"Identity should be verifiedDomain for a PDF served via HTTPS."
|
||||||
|
);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
%PDF-1.0
|
||||||
|
1 0 obj<</Type/Catalog/Pages 2 0 R>>endobj 2 0 obj<</Type/Pages/Kids[3 0 R]/Count 1>>endobj 3 0 obj<</Type/Page/MediaBox[0 0 3 3]>>endobj
|
||||||
|
xref
|
||||||
|
0 4
|
||||||
|
0000000000 65535 f
|
||||||
|
0000000010 00000 n
|
||||||
|
0000000053 00000 n
|
||||||
|
0000000102 00000 n
|
||||||
|
trailer<</Size 4/Root 1 0 R>>
|
||||||
|
startxref
|
||||||
|
149
|
||||||
|
%EOF
|
Загрузка…
Ссылка в новой задаче