зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1614713, move neterror actor over to the actor-based RemotePageChild, and move neterror-specific functions to the NetErrorChild subclass so that they cannot be accessed via other pages, r=johannh,mossop
Differential Revision: https://phabricator.services.mozilla.com/D65335 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Neil Deakin
Родитель
8d97cadc7f
Коммит
e4f91a3e2e
|
|
@ -5,11 +5,12 @@
|
|||
|
||||
var EXPORTED_SYMBOLS = ["NetErrorChild"];
|
||||
|
||||
const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
|
||||
const { XPCOMUtils } = ChromeUtils.import(
|
||||
"resource://gre/modules/XPCOMUtils.jsm"
|
||||
);
|
||||
const { ChildMessagePort } = ChromeUtils.import(
|
||||
"resource://gre/modules/remotepagemanager/RemotePageManagerChild.jsm"
|
||||
const { RemotePageChild } = ChromeUtils.import(
|
||||
"resource://gre/actors/RemotePageChild.jsm"
|
||||
);
|
||||
|
||||
XPCOMUtils.defineLazyServiceGetter(
|
||||
|
|
@ -19,9 +20,16 @@ XPCOMUtils.defineLazyServiceGetter(
|
|||
"nsISerializationHelper"
|
||||
);
|
||||
|
||||
class NetErrorChild extends JSWindowActorChild {
|
||||
class NetErrorChild extends RemotePageChild {
|
||||
actorCreated() {
|
||||
this.messagePort = new ChildMessagePort(this, this.contentWindow);
|
||||
super.actorCreated();
|
||||
|
||||
const exportableFunctions = [
|
||||
"RPMGetAppBuildID",
|
||||
"RPMPrefIsLocked",
|
||||
"RPMAddToHistogram",
|
||||
];
|
||||
this.exportFunctions(exportableFunctions);
|
||||
}
|
||||
|
||||
getSerializedSecurityInfo(docShell) {
|
||||
|
|
@ -37,10 +45,6 @@ class NetErrorChild extends JSWindowActorChild {
|
|||
return gSerializationHelper.serializeToString(securityInfo);
|
||||
}
|
||||
|
||||
receiveMessage(aMessage) {
|
||||
this.messagePort.handleMessage(aMessage);
|
||||
}
|
||||
|
||||
handleEvent(aEvent) {
|
||||
// Documents have a null ownerDocument.
|
||||
let doc = aEvent.originalTarget.ownerDocument || aEvent.originalTarget;
|
||||
|
|
@ -49,6 +53,7 @@ class NetErrorChild extends JSWindowActorChild {
|
|||
case "click":
|
||||
let elem = aEvent.originalTarget;
|
||||
if (elem.id == "viewCertificate") {
|
||||
// Call through the superclass to avoid the security check.
|
||||
this.sendAsyncMessage("Browser:CertExceptionError", {
|
||||
location: doc.location.href,
|
||||
elementId: elem.id,
|
||||
|
|
@ -60,4 +65,16 @@ class NetErrorChild extends JSWindowActorChild {
|
|||
break;
|
||||
}
|
||||
}
|
||||
|
||||
RPMGetAppBuildID() {
|
||||
return Services.appinfo.appBuildID;
|
||||
}
|
||||
|
||||
RPMPrefIsLocked(aPref) {
|
||||
return Services.prefs.prefIsLocked(aPref);
|
||||
}
|
||||
|
||||
RPMAddToHistogram(histID, bin) {
|
||||
Services.telemetry.getHistogramById(histID).add(bin);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,39 +37,6 @@ ChromeUtils.defineModuleGetter(
|
|||
*/
|
||||
let RPMAccessManager = {
|
||||
accessMap: {
|
||||
"about:certerror": {
|
||||
getFormatURLPref: ["app.support.baseURL"],
|
||||
getBoolPref: [
|
||||
"security.certerrors.mitm.priming.enabled",
|
||||
"security.certerrors.permanentOverride",
|
||||
"security.enterprise_roots.auto-enabled",
|
||||
"security.certerror.hideAddException",
|
||||
"security.ssl.errorReporting.automatic",
|
||||
"security.ssl.errorReporting.enabled",
|
||||
],
|
||||
setBoolPref: ["security.ssl.errorReporting.automatic"],
|
||||
getIntPref: [
|
||||
"services.settings.clock_skew_seconds",
|
||||
"services.settings.last_update_seconds",
|
||||
],
|
||||
getAppBuildID: ["yes"],
|
||||
isWindowPrivate: ["yes"],
|
||||
recordTelemetryEvent: ["yes"],
|
||||
addToHistogram: ["yes"],
|
||||
},
|
||||
"about:neterror": {
|
||||
getFormatURLPref: ["app.support.baseURL"],
|
||||
getBoolPref: [
|
||||
"security.certerror.hideAddException",
|
||||
"security.ssl.errorReporting.automatic",
|
||||
"security.ssl.errorReporting.enabled",
|
||||
"security.tls.version.enable-deprecated",
|
||||
"security.certerrors.tls.version.show-override",
|
||||
],
|
||||
setBoolPref: ["security.ssl.errorReporting.automatic"],
|
||||
prefIsLocked: ["security.tls.version.min"],
|
||||
addToHistogram: ["yes"],
|
||||
},
|
||||
"about:privatebrowsing": {
|
||||
// "sendAsyncMessage": handled within AboutPrivateBrowsingHandler.jsm
|
||||
getFormatURLPref: ["app.support.baseURL"],
|
||||
|
|
@ -460,16 +427,6 @@ class MessagePort {
|
|||
);
|
||||
}
|
||||
|
||||
getAppBuildID() {
|
||||
let doc = this.window.document;
|
||||
if (!RPMAccessManager.checkAllowAccess(doc, "getAppBuildID", "yes")) {
|
||||
throw new Error(
|
||||
"RPMAccessManager does not allow access to getAppBuildID"
|
||||
);
|
||||
}
|
||||
return Services.appinfo.appBuildID;
|
||||
}
|
||||
|
||||
getIntPref(aPref, defaultValue) {
|
||||
let doc = this.window.document;
|
||||
if (!RPMAccessManager.checkAllowAccess(doc, "getIntPref", aPref)) {
|
||||
|
|
@ -510,14 +467,6 @@ class MessagePort {
|
|||
return this.wrapPromise(AsyncPrefs.set(aPref, aVal));
|
||||
}
|
||||
|
||||
prefIsLocked(aPref) {
|
||||
let doc = this.window.document;
|
||||
if (!RPMAccessManager.checkAllowAccess(doc, "prefIsLocked", aPref)) {
|
||||
throw new Error("RPMAccessManager does not allow access to prefIsLocked");
|
||||
}
|
||||
return Services.prefs.prefIsLocked(aPref);
|
||||
}
|
||||
|
||||
getFormatURLPref(aFormatURL) {
|
||||
let doc = this.window.document;
|
||||
if (
|
||||
|
|
@ -580,15 +529,4 @@ class MessagePort {
|
|||
extra
|
||||
);
|
||||
}
|
||||
|
||||
addToHistogram(histID, bin) {
|
||||
let doc = this.window.document;
|
||||
if (!RPMAccessManager.checkAllowAccess(doc, "addToHistogram", "yes")) {
|
||||
throw new Error(
|
||||
"RPMAccessManager does not allow access to addToHistogram"
|
||||
);
|
||||
}
|
||||
|
||||
Services.telemetry.getHistogramById(histID).add(bin);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,9 +32,6 @@ class ChildMessagePort extends MessagePort {
|
|||
defineAs: "RPMRemoveMessageListener",
|
||||
allowCallbacks: true,
|
||||
});
|
||||
Cu.exportFunction(this.getAppBuildID.bind(this), window, {
|
||||
defineAs: "RPMGetAppBuildID",
|
||||
});
|
||||
Cu.exportFunction(this.getIntPref.bind(this), window, {
|
||||
defineAs: "RPMGetIntPref",
|
||||
});
|
||||
|
|
@ -47,9 +44,6 @@ class ChildMessagePort extends MessagePort {
|
|||
Cu.exportFunction(this.setBoolPref.bind(this), window, {
|
||||
defineAs: "RPMSetBoolPref",
|
||||
});
|
||||
Cu.exportFunction(this.prefIsLocked.bind(this), window, {
|
||||
defineAs: "RPMPrefIsLocked",
|
||||
});
|
||||
Cu.exportFunction(this.getFormatURLPref.bind(this), window, {
|
||||
defineAs: "RPMGetFormatURLPref",
|
||||
});
|
||||
|
|
@ -65,9 +59,6 @@ class ChildMessagePort extends MessagePort {
|
|||
Cu.exportFunction(this.recordTelemetryEvent.bind(this), window, {
|
||||
defineAs: "RPMRecordTelemetryEvent",
|
||||
});
|
||||
Cu.exportFunction(this.addToHistogram.bind(this), window, {
|
||||
defineAs: "RPMAddToHistogram",
|
||||
});
|
||||
|
||||
// The actor form only needs the functions set up above. The actor
|
||||
// will send and receive messages directly.
|
||||
|
|
|
|||
|
|
@ -29,7 +29,70 @@ let RemotePageAccessManager = {
|
|||
* function must match one of the keys. If keys is an array with a
|
||||
* single asterisk element ["*"], then all values are permitted.
|
||||
*/
|
||||
accessMap: {},
|
||||
accessMap: {
|
||||
"about:certerror": {
|
||||
RPMSendAsyncMessage: [
|
||||
"Browser:EnableOnlineMode",
|
||||
"Browser:ResetSSLPreferences",
|
||||
"GetChangedCertPrefs",
|
||||
"ReportTLSError",
|
||||
"Browser:OpenCaptivePortalPage",
|
||||
"Browser:SSLErrorGoBack",
|
||||
"Browser:PrimeMitm",
|
||||
"Browser:ResetEnterpriseRootsPref",
|
||||
],
|
||||
RPMAddMessageListener: ["*"],
|
||||
RPMRemoveMessageListener: ["*"],
|
||||
RPMGetFormatURLPref: ["app.support.baseURL"],
|
||||
RPMGetBoolPref: [
|
||||
"security.certerrors.mitm.priming.enabled",
|
||||
"security.certerrors.permanentOverride",
|
||||
"security.enterprise_roots.auto-enabled",
|
||||
"security.certerror.hideAddException",
|
||||
"security.ssl.errorReporting.automatic",
|
||||
"security.ssl.errorReporting.enabled",
|
||||
],
|
||||
RPMSetBoolPref: [
|
||||
"security.ssl.errorReporting.automatic",
|
||||
"security.tls.version.enable-deprecated",
|
||||
],
|
||||
RPMGetIntPref: [
|
||||
"services.settings.clock_skew_seconds",
|
||||
"services.settings.last_update_seconds",
|
||||
],
|
||||
RPMGetAppBuildID: ["*"],
|
||||
RPMIsWindowPrivate: ["*"],
|
||||
RPMAddToHistogram: ["*"],
|
||||
},
|
||||
"about:neterror": {
|
||||
RPMSendAsyncMessage: [
|
||||
"Browser:EnableOnlineMode",
|
||||
"Browser:ResetSSLPreferences",
|
||||
"GetChangedCertPrefs",
|
||||
"ReportTLSError",
|
||||
"Browser:OpenCaptivePortalPage",
|
||||
"Browser:SSLErrorGoBack",
|
||||
"Browser:PrimeMitm",
|
||||
"Browser:ResetEnterpriseRootsPref",
|
||||
],
|
||||
RPMAddMessageListener: ["*"],
|
||||
RPMRemoveMessageListener: ["*"],
|
||||
RPMGetFormatURLPref: ["app.support.baseURL"],
|
||||
RPMGetBoolPref: [
|
||||
"security.certerror.hideAddException",
|
||||
"security.ssl.errorReporting.automatic",
|
||||
"security.ssl.errorReporting.enabled",
|
||||
"security.tls.version.enable-deprecated",
|
||||
"security.certerrors.tls.version.show-override",
|
||||
],
|
||||
RPMSetBoolPref: [
|
||||
"security.ssl.errorReporting.automatic",
|
||||
"security.tls.version.enable-deprecated",
|
||||
],
|
||||
RPMPrefIsLocked: ["security.tls.version.min"],
|
||||
RPMAddToHistogram: ["*"],
|
||||
},
|
||||
},
|
||||
|
||||
/**
|
||||
* Check if access is allowed to the given feature for a given document.
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче