Bug 1525943 - Add associated to the identity UI - r=pbz,Gijs,nika,flod

Differential Revision: https://phabricator.services.mozilla.com/D193806

browser/base/content/browser-siteIdentity.js

@@ -91,6 +91,10 @@ var gIdentityHandler = {
     );
   },
 
+  get _isAssociatedIdentity() {
+    return this._state & Ci.nsIWebProgressListener.STATE_IDENTITY_ASSOCIATED;
+  },
+
   get _isMixedActiveContentLoaded() {
     return (
       this._state & Ci.nsIWebProgressListener.STATE_LOADED_MIXED_ACTIVE_CONTENT
@@ -872,8 +876,13 @@ var gIdentityHandler = {
     } else if (this._isAboutHttpsOnlyErrorPage) {
       // We show a not secure lock icon for 'about:httpsonlyerror' page.
       this._identityBox.className = "httpsOnlyErrorPage";
-    } else if (this._isAboutNetErrorPage || this._isAboutBlockedPage) {
+    } else if (
-      // Network errors and blocked pages get a more neutral icon
+      this._isAboutNetErrorPage ||
+      this._isAboutBlockedPage ||
+      this._isAssociatedIdentity
+    ) {
+      // Network errors, blocked pages, and pages associated
+      // with another page get a more neutral icon
       this._identityBox.className = "unknownIdentity";
     } else if (this._isPotentiallyTrustworthy) {
       // This is a local resource (and shouldn't be marked insecure).
@@ -986,6 +995,8 @@ var gIdentityHandler = {
       connection = "not-secure";
     } else if (this._isAboutNetErrorPage) {
       connection = "net-error-page";
+    } else if (this._isAssociatedIdentity) {
+      connection = "associated";
     } else if (this._isPotentiallyTrustworthy) {
       connection = "file";
     }
@@ -1150,6 +1161,14 @@ var gIdentityHandler = {
       }
     );
 
+    document.l10n.setAttributes(
+      this._identityPopupMainViewHeaderLabel,
+      "identity-site-information",
+      {
+        host,
+      }
+    );
+
     this._identityPopupSecurityEVContentOwner.textContent =
       gNavigatorBundle.getFormattedString("identity.ev.contentOwner2", [owner]);
 

browser/base/content/browser.js

@@ -5582,7 +5582,11 @@ var XULBrowserWindow = {
 
     // Update the identity panel, making sure we use the precursorPrincipal's
     // URI where appropriate, for example about:blank windows.
-    uri = this._securityURIOverride(gBrowser.selectedBrowser) ?? uri;
+    let uriOverride = this._securityURIOverride(gBrowser.selectedBrowser);
+    if (uriOverride) {
+      uri = uriOverride;
+      this._state |= Ci.nsIWebProgressListener.STATE_IDENTITY_ASSOCIATED;
+    }
 
     try {
       uri = Services.io.createExposableURI(uri);

browser/base/content/test/siteIdentity/browser_about_blank_same_document_tabswitch.js

@@ -76,9 +76,7 @@ add_task(async function test_identityBlock_inherited_blank() {
     );
     is(
       identityBox.className,
-      Services.prefs.getBoolPref("security.insecure_connection_text.enabled")
+      "unknownIdentity",
-        ? "notSecure notSecureText"
-        : "notSecure",
       "Identity box should have been updated."
     );
 

browser/components/controlcenter/content/identityPanel.inc.xhtml

@@ -36,6 +36,7 @@
                         when-connection="net-error-page" data-l10n-id="identity-connection-failure"></label>
             <label when-connection="chrome" data-l10n-id="identity-connection-internal"></label>
             <label when-connection="file" data-l10n-id="identity-connection-file"></label>
+            <label when-connection="associated" data-l10n-id="identity-connection-associated"></label>
             <label when-connection="extension" data-l10n-id="identity-extension-page"></label>
             <label class="identity-popup-connection-secure upgraded" when-httpsonlystatus="upgraded failed-sub"
               data-l10n-id="identity-https-only-connection-upgraded"></label>

browser/locales/en-US/browser/browser.ftl

@@ -377,6 +377,7 @@ identity-connection-secure = Connection secure
 identity-connection-failure = Connection failure
 identity-connection-internal = This is a secure { -brand-short-name } page.
 identity-connection-file = This page is stored on your computer.
+identity-connection-associated = This page is loaded from another page.
 identity-extension-page = This page is loaded from an extension.
 identity-active-blocked = { -brand-short-name } has blocked parts of this page that are not secure.
 identity-custom-root = Connection verified by a certificate issuer that is not recognized by Mozilla.

browser/themes/shared/controlcenter/panel.css

@@ -43,6 +43,7 @@
 #identity-popup[connection=secure] [when-connection~=secure],
 #identity-popup[connection=chrome] [when-connection~=chrome],
 #identity-popup[connection=file] [when-connection~=file],
+#identity-popup[connection=associated] [when-connection~=associated],
 #identity-popup[connection=extension] [when-connection~=extension],
 #identity-popup[connection=cert-error-page] [when-connection~=cert-error-page],
 #identity-popup[connection=net-error-page] [when-connection~=net-error-page],
@@ -215,6 +216,10 @@
   list-style-image: url(chrome://global/skin/icons/page-portrait.svg);
 }
 
+#identity-popup[connection=associated] .identity-popup-security-connection {
+  list-style-image: url(chrome://global/skin/icons/info.svg);
+}
+
 #identity-popup[connection^=secure] .identity-popup-security-connection {
   list-style-image: url(chrome://global/skin/icons/security.svg);
 }

uriloader/base/nsIWebProgressListener.idl

@@ -223,6 +223,17 @@ interface nsIWebProgressListener : nsISupports
 
   const unsigned long STATE_IDENTITY_EV_TOPLEVEL    = 0x00100000;
 
+  /***
+   * Associated state flag
+   *
+   * This flag is used to if a page is inheriting its security context.
+   *
+   * STATE_IDENTITY_ASSOCIATED
+   *   This document doesn't have an identity of its own, and instead
+   *   uses its predecessor's identity.
+   */
+   const unsigned long STATE_IDENTITY_ASSOCIATED    = 0x00200000;
+
   /**
     * Broken state flags
     *