roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-06-01 14:39:26 +00:00
Code Issues Projects Releases Wiki Activity

Remove preloading of domain PKPins Part 2

Browse Source 
- Remove security.cert_pinning.process_headers_from_non_builtin_roots

Tag #925
This commit is contained in:
Pale Moon
2017-04-23 20:01:23 +02:00
committed by roytam1
parent 972b14bd7b
commit dce17a6724
2 changed files with 0 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/libpref/init/all.js
-4
View File
@@ -2121,10 +2121,6 @@ pref("security.mixed_content.block_display_content", false);
// Disable pinning checks by default.
pref("security.cert_pinning.enforcement_level", 0);
// Do not process hpkp headers rooted by not built in roots by default.
// This is to prevent accidental pinning from MITM devices and is used
// for tests.
pref("security.cert_pinning.process_headers_from_non_builtin_roots", false);
// Modifier key prefs: default to Windows settings,
// menu access key = alt, accelerator key = control.
security/manager/boot/src/nsSiteSecurityService.cpp
-10
View File
@@ -249,10 +249,6 @@ nsSiteSecurityService::Init()
"network.stricttransportsecurity.enabled", true);
mozilla::Preferences::AddStrongObserver(this,
"network.stricttransportsecurity.enabled");
mProcessPKPHeadersFromNonBuiltInRoots = mozilla::Preferences::GetBool(
"security.cert_pinning.process_headers_from_non_builtin_roots", false);
mozilla::Preferences::AddStrongObserver(this,
"security.cert_pinning.process_headers_from_non_builtin_roots");
mPreloadListTimeOffset = mozilla::Preferences::GetInt(
"test.currentTimeOffsetSeconds", 0);
mozilla::Preferences::AddStrongObserver(this,
@@ -706,10 +702,6 @@ nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI,
return NS_ERROR_FAILURE;
}
if (!isBuiltIn && !mProcessPKPHeadersFromNonBuiltInRoots) {
return NS_OK;
}
// if maxAge == 0 we must delete all state, for now no hole-punching
if (maxAge == 0) {
return RemoveState(aType, aSourceURI, aFlags);
@@ -1128,8 +1120,6 @@ nsSiteSecurityService::Observe(nsISupports *subject,
"network.stricttransportsecurity.preloadlist", true);
mPreloadListTimeOffset =
mozilla::Preferences::GetInt("test.currentTimeOffsetSeconds", 0);
mProcessPKPHeadersFromNonBuiltInRoots = mozilla::Preferences::GetBool(
"security.cert_pinning.process_headers_from_non_builtin_roots", false);
}
return NS_OK;