Bug 935753 - Firefox displays the "This is a secure Firefox page" indicator on pages served by addons. r=MattN

2013-11-19 11:11:25 -05:00 · 2013-11-19 11:11:25 -05:00 · c4ce8aeca7
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@ -6338,14 +6338,21 @@ var gIdentityHandler = {
    let nsIWebProgressListener = Ci.nsIWebProgressListener;

    // For some URIs like data: we can't get a host and so can't do
-    // anything useful here. Chrome URIs however get special treatment.
+    // anything useful here.
    let unknown = false;
    try {
      uri.host;
    } catch (e) { unknown = true; }

-    if ((uri.scheme == "chrome" || uri.scheme == "about") &&
-        uri.spec !== "about:blank") {
+    // Chrome URIs however get special treatment. Some chrome URIs are
+    // whitelisted to provide a positive security signal to the user.
+    let chromeWhitelist = ["about:addons", "about:app-manager", "about:config",
+                           "about:crashes", "about:healthreport", "about:home",
+                           "about:newaddon", "about:permissions", "about:preferences",
+                           "about:privatebrowsing", "about:sessionstore",
+                           "about:support", "about:welcomeback"];
+    let lowercaseSpec = uri.spec.toLowerCase();
+    if (chromeWhitelist.some(function(whitelistedSpec) lowercaseSpec.startsWith(whitelistedSpec))) {
      this.setMode(this.IDENTITY_MODE_CHROMEUI);
    } else if (unknown) {
      this.setMode(this.IDENTITY_MODE_UNKNOWN);
--- a/browser/base/content/test/general/browser_bug590206.js
+++ b/browser/base/content/test/general/browser_bug590206.js
@ -61,14 +61,16 @@ function test_blank() {
 function test_chrome() {
  let oldTab = gBrowser.selectedTab;

+  // Since users aren't likely to type in full chrome URLs, we won't show
+  // the positive security indicator on it, but we will show it on about:addons.
  loadNewTab("chrome://mozapps/content/extensions/extensions.xul", function(aNewTab) {
-    is(getIdentityMode(), "chromeUI", "Identity should be chrome");
+    is(getIdentityMode(), "unknownIdentity", "Identity should be chrome");

    gBrowser.selectedTab = oldTab;
    is(getIdentityMode(), "unknownIdentity", "Identity should be unknown");

    gBrowser.selectedTab = aNewTab;
-    is(getIdentityMode(), "chromeUI", "Identity should be chrome");
+    is(getIdentityMode(), "unknownIdentity", "Identity should be chrome");

    gBrowser.removeTab(aNewTab);