Bug 1667965 - Do not mark PDFs served via plain HTTP as trustworthy in siteIdentity. r=johannh

With this patch we skip the isSecureContext check for pdf.js principals.
This fixes the bug, but has the side-effect that we will show secure,
non-HTTPS contexts as insecure.

Differential Revision: https://phabricator.services.mozilla.com/D108969

browser/base/content/browser-siteIdentity.js

@@ -158,9 +158,20 @@ var gIdentityHandler = {
     );
   },
 
+  get _isPDFViewer() {
+    return gBrowser.contentPrincipal?.originNoSuffix == "resource://pdf.js";
+  },
+
   get _isPotentiallyTrustworthy() {
+    // For PDF viewer pages (pdf.js) we can't rely on the isSecureContext
+    // field. The backend will return isSecureContext = true, because the
+    // content principal has a resource:// URI. Since we don't check
+    // isSecureContext for PDF viewer pages anymore, otherwise secure
+    // contexts, such as a localhost, will me marked as insecure when showing
+    // PDFs.
     return (
       !this._isBrokenConnection &&
+      !this._isPDFViewer &&
       (this._isSecureContext ||
         (gBrowser.selectedBrowser.documentURI &&
           gBrowser.selectedBrowser.documentURI.scheme == "chrome"))

browser/base/content/test/siteIdentity/browser.ini

@@ -111,6 +111,8 @@ tags = mcb
 support-files =
   test_no_mcb_for_onions.html
 [browser_check_identity_state.js]
+support-files =
+  file_pdf.pdf
 [browser_iframe_navigation.js]
 support-files =
   iframe_navigation.html

browser/base/content/test/siteIdentity/browser_check_identity_state.js

@@ -704,3 +704,32 @@ add_task(async function test_pb_mode() {
   ];
   await pbModeTest(prefs, false);
 });
+
+/**
+ * Tests that sites opened via the PDF viewer have the correct identity state.
+ */
+add_task(async function test_pdf() {
+  const PDF_URI_NOSCHEME =
+    getRootDirectory(gTestPath).replace(
+      "chrome://mochitests/content",
+      "example.com"
+    ) + "file_pdf.pdf";
+
+  const PDF_URI_SECURE = "https://" + PDF_URI_NOSCHEME;
+  const PDF_URI_INSECURE = "http://" + PDF_URI_NOSCHEME;
+
+  await BrowserTestUtils.withNewTab(PDF_URI_INSECURE, async () => {
+    is(
+      getIdentityMode(),
+      "notSecure",
+      "Identity should be notSecure for a PDF served via HTTP."
+    );
+  });
+  await BrowserTestUtils.withNewTab(PDF_URI_SECURE, async () => {
+    is(
+      getIdentityMode(),
+      "verifiedDomain",
+      "Identity should be verifiedDomain for a PDF served via HTTPS."
+    );
+  });
+});

browser/base/content/test/siteIdentity/file_pdf.pdf

@@ -0,0 +1,12 @@
+%PDF-1.0
+1 0 obj<</Type/Catalog/Pages 2 0 R>>endobj 2 0 obj<</Type/Pages/Kids[3 0 R]/Count 1>>endobj 3 0 obj<</Type/Page/MediaBox[0 0 3 3]>>endobj
+xref
+0 4
+0000000000 65535 f
+0000000010 00000 n
+0000000053 00000 n
+0000000102 00000 n
+trailer<</Size 4/Root 1 0 R>>
+startxref
+149
+%EOF