зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1335134 - pref security.mixed_content.send_hsts_priming to false r=mayhemer
MozReview-Commit-ID: DKPmIrEhyo0 --HG-- extra : rebase_source : 3023ae737d7013eab3b149c320e3f1072fb19e88
This commit is contained in:
Родитель
4c289030c1
Коммит
931d2ffa10
|
@ -5544,14 +5544,15 @@ pref("layout.css.servo.enabled", true);
|
||||||
// HSTS Priming
|
// HSTS Priming
|
||||||
// If a request is mixed-content, send an HSTS priming request to attempt to
|
// If a request is mixed-content, send an HSTS priming request to attempt to
|
||||||
// see if it is available over HTTPS.
|
// see if it is available over HTTPS.
|
||||||
pref("security.mixed_content.send_hsts_priming", true);
|
|
||||||
#ifdef RELEASE_OR_BETA
|
#ifdef RELEASE_OR_BETA
|
||||||
// Don't change the order of evaluation of mixed-content and HSTS upgrades in
|
// Don't change the order of evaluation of mixed-content and HSTS upgrades in
|
||||||
// order to be most compatible with current standards
|
// order to be most compatible with current standards
|
||||||
|
pref("security.mixed_content.send_hsts_priming", false);
|
||||||
pref("security.mixed_content.use_hsts", false);
|
pref("security.mixed_content.use_hsts", false);
|
||||||
#else
|
#else
|
||||||
// Change the order of evaluation so HSTS upgrades happen before
|
// Change the order of evaluation so HSTS upgrades happen before
|
||||||
// mixed-content blocking
|
// mixed-content blocking
|
||||||
|
pref("security.mixed_content.send_hsts_priming", true);
|
||||||
pref("security.mixed_content.use_hsts", true);
|
pref("security.mixed_content.use_hsts", true);
|
||||||
#endif
|
#endif
|
||||||
// Approximately 1 week default cache for HSTS priming failures, in seconds
|
// Approximately 1 week default cache for HSTS priming failures, in seconds
|
||||||
|
|
|
@ -107,14 +107,22 @@ pref("security.ssl.errorReporting.automatic", false);
|
||||||
// https://tools.ietf.org/html/rfc7469#section-4.1
|
// https://tools.ietf.org/html/rfc7469#section-4.1
|
||||||
pref("security.cert_pinning.max_max_age_seconds", 5184000);
|
pref("security.cert_pinning.max_max_age_seconds", 5184000);
|
||||||
|
|
||||||
|
// HSTS Priming
|
||||||
// If a request is mixed-content, send an HSTS priming request to attempt to
|
// If a request is mixed-content, send an HSTS priming request to attempt to
|
||||||
// see if it is available over HTTPS.
|
// see if it is available over HTTPS.
|
||||||
pref("security.mixed_content.send_hsts_priming", true);
|
|
||||||
#ifdef RELEASE_OR_BETA
|
#ifdef RELEASE_OR_BETA
|
||||||
// Don't change the order of evaluation of mixed-content and HSTS upgrades
|
// Don't change the order of evaluation of mixed-content and HSTS upgrades in
|
||||||
|
// order to be most compatible with current standards
|
||||||
|
pref("security.mixed_content.send_hsts_priming", false);
|
||||||
pref("security.mixed_content.use_hsts", false);
|
pref("security.mixed_content.use_hsts", false);
|
||||||
#else
|
#else
|
||||||
// Change the order of evaluation so HSTS upgrades happen before
|
// Change the order of evaluation so HSTS upgrades happen before
|
||||||
// mixed-content blocking
|
// mixed-content blocking
|
||||||
|
pref("security.mixed_content.send_hsts_priming", true);
|
||||||
pref("security.mixed_content.use_hsts", true);
|
pref("security.mixed_content.use_hsts", true);
|
||||||
#endif
|
#endif
|
||||||
|
// Approximately 1 week default cache for HSTS priming failures, in seconds
|
||||||
|
pref ("security.mixed_content.hsts_priming_cache_timeout", 10080);
|
||||||
|
// Force the channel to timeout in 3 seconds if we have not received
|
||||||
|
// expects a time in milliseconds
|
||||||
|
pref ("security.mixed_content.hsts_priming_request_timeout", 3000);
|
||||||
|
|
Загрузка…
Ссылка в новой задаче