This removes nsIX509Cert.subjectAltNames and reduces potential attack surface
by avoiding parsing subject alternative names in C/C++. It also reduces PSM
reliance on NSS types.
Differential Revision: https://phabricator.services.mozilla.com/D101418
TLS error report sending was disabled by default in bug 1579906. The server
that ingested these reports has been decommissioned as well, so this patch
removes this dead code.
Differential Revision: https://phabricator.services.mozilla.com/D99405
This is to prevent issues with parsing the correct hostname for displaying and adding
exceptions for urls like view-source:.
Differential Revision: https://phabricator.services.mozilla.com/D94421
This is to prevent issues with parsing the correct hostname for displaying and adding
exceptions for urls like view-source:.
Differential Revision: https://phabricator.services.mozilla.com/D94421
After user ticks the checkbox of allowing error reporting, we will
report the error through the telemetry event. The event includes the
error type, XFO policy, CSP policy, the frame uri and the top-level uri.
Differential Revision: https://phabricator.services.mozilla.com/D82332
This patch adds the UI for allowing users to enable reporting XFO error.
The reporting UI will be displayed in the error page if the error is a
XFO error.
Differential Revision: https://phabricator.services.mozilla.com/D82331
Add a document.addCertException function to about:certerror pages, and use it on the desktop certerror page.
Also, as the CallerIsTrusted* functions expect URLs like about:certerror, but GeckoView error pages are data URLs, and so need to be handled differently for these special error-page methods to be exposed on their documents.
Example usage of document.addCertException:
document.addCertException(
true|false /* true == temporary, false == permanent */
).then(
() => {
location.reload();
},
err => {
console.error(err);
}
);
Differential Revision: https://phabricator.services.mozilla.com/D56974
--HG--
extra : moz-landing-system : lando
Add a document.addCertException function to about:certerror pages, and use it on the desktop certerror page.
Also, as the CallerIsTrusted* functions expect URLs like about:certerror, but GeckoView error pages are data URLs, and so need to be handled differently for these special error-page methods to be exposed on their documents.
Example usage of document.addCertException:
document.addCertException(
true|false /* true == temporary, false == permanent */
).then(
() => {
location.reload();
},
err => {
console.error(err);
}
);
Differential Revision: https://phabricator.services.mozilla.com/D56974
--HG--
extra : moz-landing-system : lando
As it turns out, there are some sites that generate this error. It's a small
number, but enough to justify the change.
No new tests because we can't generate this condition in our test setup.
Differential Revision: https://phabricator.services.mozilla.com/D50396
--HG--
extra : moz-landing-system : lando
BrowserTestUtils.waitForErrorPage may resolve slightly earlier than it did
before, so we may arrive at an about:neterror page that hasn't been completely
initialized. We should only dispatch the AboutNetErrorLoad event when we're done
making changes to the page.
Differential Revision: https://phabricator.services.mozilla.com/D51439
--HG--
extra : moz-landing-system : lando
BrowserTestUtils.waitForErrorPage may resolve slightly earlier than it did
before, so we may arrive at an about:neterror page that hasn't been completely
initialized. We should only dispatch the AboutNetErrorLoad event when we're done
making changes to the page.
Differential Revision: https://phabricator.services.mozilla.com/D51439
--HG--
extra : moz-landing-system : lando
BrowserTestUtils.waitForErrorPage may resolve slightly earlier than it did
before, so we may arrive at an about:neterror page that hasn't been completely
initialized. We should only dispatch the AboutNetErrorLoad event when we're done
making changes to the page.
Differential Revision: https://phabricator.services.mozilla.com/D51439
--HG--
extra : moz-landing-system : lando
As it turns out, there are some sites that generate this error. It's a small
number, but enough to justify the change.
No new tests because we can't generate this condition in our test setup.
Differential Revision: https://phabricator.services.mozilla.com/D50396
--HG--
extra : moz-landing-system : lando
document.l10n.formatValues seems to have changed and now not throw an error but instead
return `undefined` when no string was found. This broke the implementation which relied
on try..catch to detect non-existent error strings.
Differential Revision: https://phabricator.services.mozilla.com/D49873
--HG--
extra : moz-landing-system : lando
