Bug 1422365 - Introduce nsIClearDataService - part 16 - security settings, r=johannh

2018-06-01 14:31:02 +02:00 · 2018-06-01 14:31:02 +02:00 · ebedd40a12
--- a/browser/modules/Sanitizer.jsm
+++ b/browser/modules/Sanitizer.jsm
@ -429,28 +429,13 @@ var Sanitizer = {

    siteSettings: {
      async clear(range) {
-        let seenException;
        let refObj = {};
        TelemetryStopwatch.start("FX_SANITIZE_SITESETTINGS", refObj);
-
        await clearData(range, Ci.nsIClearDataService.CLEAR_PERMISSIONS |
                               Ci.nsIClearDataService.CLEAR_PREFERENCES |
-                               Ci.nsIClearDataService.CLEAR_DOM_PUSH_NOTIFICATIONS);
-
-        try {
-          // Clear site security settings - no support for ranges in this
-          // interface either, so we clearAll().
-          let sss = Cc["@mozilla.org/ssservice;1"]
-                      .getService(Ci.nsISiteSecurityService);
-          sss.clearAll();
-        } catch (ex) {
-          seenException = ex;
-        }
-
+                               Ci.nsIClearDataService.CLEAR_DOM_PUSH_NOTIFICATIONS |
+                               Ci.nsIClearDataService.CLEAR_SECURITY_SETTINGS);
        TelemetryStopwatch.finish("FX_SANITIZE_SITESETTINGS", refObj);
-        if (seenException) {
-          throw seenException;
-        }
      }
    },

--- a/toolkit/components/cleardata/ClearDataService.js
+++ b/toolkit/components/cleardata/ClearDataService.js
@ -553,6 +553,43 @@ const PreferencesCleaner = {
  },
 };

+const SecuritySettingsCleaner = {
+  deleteByHost(aHost, aOriginAttributes) {
+    return new Promise(aResolve => {
+      let sss = Cc["@mozilla.org/ssservice;1"]
+                  .getService(Ci.nsISiteSecurityService);
+      for (let type of [Ci.nsISiteSecurityService.HEADER_HSTS,
+                        Ci.nsISiteSecurityService.HEADER_HPKP]) {
+        // Also remove HSTS/HPKP/OMS information for subdomains by enumerating
+        // the information in the site security service.
+        let enumerator = sss.enumerate(type);
+        while (enumerator.hasMoreElements()) {
+          let entry = enumerator.getNext();
+          let hostname = entry.QueryInterface(Ci.nsISiteSecurityState).hostname;
+          if (hasRootDomain(hostname, aHost)) {
+            // This uri is used as a key to remove the state.
+            let uri = Services.io.newURI("https://" + hostname);
+            sss.removeState(type, uri, 0, entry.originAttributes);
+          }
+        }
+      }
+
+      aResolve();
+    });
+  },
+
+  deleteAll() {
+    return new Promise(aResolve => {
+      // Clear site security settings - no support for ranges in this
+      // interface either, so we clearAll().
+      let sss = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+      sss.clearAll();
+      aResolve();
+    });
+  },
+};
+
 // Here the map of Flags-Cleaner.
 const FLAGS_MAP = [
 { flag: Ci.nsIClearDataService.CLEAR_COOKIES,
@ -605,6 +642,9 @@ const FLAGS_MAP = [

 { flag: Ci.nsIClearDataService.CLEAR_CONTENT_PREFERENCES,
   cleaner: PreferencesCleaner, },
+
+ { flag: Ci.nsIClearDataService.CLEAR_SECURITY_SETTINGS,
+   cleaner: SecuritySettingsCleaner, },
 ];

 this.ClearDataService = function() {};
--- a/toolkit/components/cleardata/nsIClearDataService.idl
+++ b/toolkit/components/cleardata/nsIClearDataService.idl
@ -168,10 +168,13 @@ interface nsIClearDataService : nsISupports
   */
  const uint32_t CLEAR_CONTENT_PREFERENCES = 1 << 16;

+  /**
+   * Secure site settings
+   */
+  const uint32_t CLEAR_SECURITY_SETTINGS = 1 << 17;
+
  /* TODO
  const uint32_t CLEAR_EME = 1 << 4;
-  const uint32_t CLEAR_HSTS = 1 << 12;
-  const uint32_t CLEAR_HPKP = 1 << 13;
  const uint32_t CLEAR_FORMDATA = 1 << 16;
  */

--- a/toolkit/forgetaboutsite/ForgetAboutSite.jsm
+++ b/toolkit/forgetaboutsite/ForgetAboutSite.jsm
@ -31,30 +31,6 @@ var ForgetAboutSite = {
      throw new Error("Exception thrown while clearing Encrypted Media Extensions: " + ex);
    }));

-    // HSTS and HPKP
-    promises.push((async function() {
-      let sss = Cc["@mozilla.org/ssservice;1"].
-                getService(Ci.nsISiteSecurityService);
-      for (let type of [Ci.nsISiteSecurityService.HEADER_HSTS,
-                        Ci.nsISiteSecurityService.HEADER_HPKP]) {
-        // Also remove HSTS/HPKP information for subdomains by enumerating the
-        // information in the site security service.
-        let enumerator = sss.enumerate(type);
-        while (enumerator.hasMoreElements()) {
-          let entry = enumerator.getNext();
-          let hostname = entry.QueryInterface(Ci.nsISiteSecurityState).hostname;
-          // If the hostname is aDomain's subdomain, we remove its state.
-          if (hostname == aDomain || hostname.endsWith("." + aDomain)) {
-            // This uri is used as a key to remove the state.
-            let uri = NetUtil.newURI("https://" + hostname);
-            sss.removeState(type, uri, 0, entry.originAttributes);
-          }
-        }
-      }
-    })().catch(ex => {
-      throw new Error("Exception thrown while clearing HSTS/HPKP: " + ex);
-    }));
-
    let ErrorCount = 0;
    for (let promise of promises) {
      try {