зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1422365 - Introduce nsIClearDataService - part 16 - security settings, r=johannh
This commit is contained in:
Родитель
18aa82d9fc
Коммит
ebedd40a12
|
@ -429,28 +429,13 @@ var Sanitizer = {
|
|||
|
||||
siteSettings: {
|
||||
async clear(range) {
|
||||
let seenException;
|
||||
let refObj = {};
|
||||
TelemetryStopwatch.start("FX_SANITIZE_SITESETTINGS", refObj);
|
||||
|
||||
await clearData(range, Ci.nsIClearDataService.CLEAR_PERMISSIONS |
|
||||
Ci.nsIClearDataService.CLEAR_PREFERENCES |
|
||||
Ci.nsIClearDataService.CLEAR_DOM_PUSH_NOTIFICATIONS);
|
||||
|
||||
try {
|
||||
// Clear site security settings - no support for ranges in this
|
||||
// interface either, so we clearAll().
|
||||
let sss = Cc["@mozilla.org/ssservice;1"]
|
||||
.getService(Ci.nsISiteSecurityService);
|
||||
sss.clearAll();
|
||||
} catch (ex) {
|
||||
seenException = ex;
|
||||
}
|
||||
|
||||
Ci.nsIClearDataService.CLEAR_DOM_PUSH_NOTIFICATIONS |
|
||||
Ci.nsIClearDataService.CLEAR_SECURITY_SETTINGS);
|
||||
TelemetryStopwatch.finish("FX_SANITIZE_SITESETTINGS", refObj);
|
||||
if (seenException) {
|
||||
throw seenException;
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
|
|
|
@ -553,6 +553,43 @@ const PreferencesCleaner = {
|
|||
},
|
||||
};
|
||||
|
||||
const SecuritySettingsCleaner = {
|
||||
deleteByHost(aHost, aOriginAttributes) {
|
||||
return new Promise(aResolve => {
|
||||
let sss = Cc["@mozilla.org/ssservice;1"]
|
||||
.getService(Ci.nsISiteSecurityService);
|
||||
for (let type of [Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
Ci.nsISiteSecurityService.HEADER_HPKP]) {
|
||||
// Also remove HSTS/HPKP/OMS information for subdomains by enumerating
|
||||
// the information in the site security service.
|
||||
let enumerator = sss.enumerate(type);
|
||||
while (enumerator.hasMoreElements()) {
|
||||
let entry = enumerator.getNext();
|
||||
let hostname = entry.QueryInterface(Ci.nsISiteSecurityState).hostname;
|
||||
if (hasRootDomain(hostname, aHost)) {
|
||||
// This uri is used as a key to remove the state.
|
||||
let uri = Services.io.newURI("https://" + hostname);
|
||||
sss.removeState(type, uri, 0, entry.originAttributes);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
aResolve();
|
||||
});
|
||||
},
|
||||
|
||||
deleteAll() {
|
||||
return new Promise(aResolve => {
|
||||
// Clear site security settings - no support for ranges in this
|
||||
// interface either, so we clearAll().
|
||||
let sss = Cc["@mozilla.org/ssservice;1"]
|
||||
.getService(Ci.nsISiteSecurityService);
|
||||
sss.clearAll();
|
||||
aResolve();
|
||||
});
|
||||
},
|
||||
};
|
||||
|
||||
// Here the map of Flags-Cleaner.
|
||||
const FLAGS_MAP = [
|
||||
{ flag: Ci.nsIClearDataService.CLEAR_COOKIES,
|
||||
|
@ -605,6 +642,9 @@ const FLAGS_MAP = [
|
|||
|
||||
{ flag: Ci.nsIClearDataService.CLEAR_CONTENT_PREFERENCES,
|
||||
cleaner: PreferencesCleaner, },
|
||||
|
||||
{ flag: Ci.nsIClearDataService.CLEAR_SECURITY_SETTINGS,
|
||||
cleaner: SecuritySettingsCleaner, },
|
||||
];
|
||||
|
||||
this.ClearDataService = function() {};
|
||||
|
|
|
@ -168,10 +168,13 @@ interface nsIClearDataService : nsISupports
|
|||
*/
|
||||
const uint32_t CLEAR_CONTENT_PREFERENCES = 1 << 16;
|
||||
|
||||
/**
|
||||
* Secure site settings
|
||||
*/
|
||||
const uint32_t CLEAR_SECURITY_SETTINGS = 1 << 17;
|
||||
|
||||
/* TODO
|
||||
const uint32_t CLEAR_EME = 1 << 4;
|
||||
const uint32_t CLEAR_HSTS = 1 << 12;
|
||||
const uint32_t CLEAR_HPKP = 1 << 13;
|
||||
const uint32_t CLEAR_FORMDATA = 1 << 16;
|
||||
*/
|
||||
|
||||
|
|
|
@ -31,30 +31,6 @@ var ForgetAboutSite = {
|
|||
throw new Error("Exception thrown while clearing Encrypted Media Extensions: " + ex);
|
||||
}));
|
||||
|
||||
// HSTS and HPKP
|
||||
promises.push((async function() {
|
||||
let sss = Cc["@mozilla.org/ssservice;1"].
|
||||
getService(Ci.nsISiteSecurityService);
|
||||
for (let type of [Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
Ci.nsISiteSecurityService.HEADER_HPKP]) {
|
||||
// Also remove HSTS/HPKP information for subdomains by enumerating the
|
||||
// information in the site security service.
|
||||
let enumerator = sss.enumerate(type);
|
||||
while (enumerator.hasMoreElements()) {
|
||||
let entry = enumerator.getNext();
|
||||
let hostname = entry.QueryInterface(Ci.nsISiteSecurityState).hostname;
|
||||
// If the hostname is aDomain's subdomain, we remove its state.
|
||||
if (hostname == aDomain || hostname.endsWith("." + aDomain)) {
|
||||
// This uri is used as a key to remove the state.
|
||||
let uri = NetUtil.newURI("https://" + hostname);
|
||||
sss.removeState(type, uri, 0, entry.originAttributes);
|
||||
}
|
||||
}
|
||||
}
|
||||
})().catch(ex => {
|
||||
throw new Error("Exception thrown while clearing HSTS/HPKP: " + ex);
|
||||
}));
|
||||
|
||||
let ErrorCount = 0;
|
||||
for (let promise of promises) {
|
||||
try {
|
||||
|
|
Загрузка…
Ссылка в новой задаче