Bug 1450761 - Add pref to disable the Add Exception button on certificate error pages. r=jaws
MozReview-Commit-ID: 4RoFTvyIWXK
--- a/browser/base/content/aboutNetError.xhtml
+++ b/browser/base/content/aboutNetError.xhtml
@@ -364,16 +364,19 @@
var options = JSON.parse(event.detail);
if (options && options.enabled) {
// Display error reporting UI
document.getElementById("certificateErrorReporting").style.display = "block";
// set the checkbox
checkbox.checked = !!options.automatic;
}
+ if (options && options.hideAddExceptionButton) {
+ document.querySelector(".exceptionDialogButtonContainer").hidden = true;
+ }
}, true, true);
let event = new CustomEvent("AboutNetErrorLoad", {bubbles: true});
document.getElementById("advancedButton").dispatchEvent(event);
}
/* Only do autofocus if we're the toplevel frame; otherwise we
don't want to call attention to ourselves! The key part is
--- a/browser/base/content/content.js
+++ b/browser/base/content/content.js
@@ -648,18 +648,22 @@ var AboutNetAndCertErrorListener = {
}
return msg;
},
onPageLoad(originalTarget, win) {
// Values for telemtery bins: see TLS_ERROR_REPORT_UI in Histograms.json
const TLS_ERROR_REPORT_TELEMETRY_UI_SHOWN = 0;
+ let hideAddExceptionButton = false;
+
if (this.isAboutCertError(win.document)) {
ClickEventHandler.onCertError(originalTarget, win);
+ hideAddExceptionButton =
+ Services.prefs.getBoolPref("security.certerror.hideAddException", false);
}
if (this.isAboutNetError(win.document)) {
let docShell = win.document.docShell;
if (docShell) {
let {securityInfo} = docShell.failedChannel;
// We don't have a securityInfo when this is for example a DNS error.
if (securityInfo) {
securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
@@ -671,17 +675,18 @@ var AboutNetAndCertErrorListener = {
}
}
let automatic = Services.prefs.getBoolPref("security.ssl.errorReporting.automatic");
win.dispatchEvent(new win.CustomEvent("AboutNetErrorOptions", {
detail: JSON.stringify({
enabled: Services.prefs.getBoolPref("security.ssl.errorReporting.enabled"),
changedCertPrefs: this.changedCertPrefs(),
- automatic
+ automatic,
+ hideAddExceptionButton,
})
}));
sendAsyncMessage("Browser:SSLErrorReportTelemetry",
{reportStatus: TLS_ERROR_REPORT_TELEMETRY_UI_SHOWN});
},
openCaptivePortalPage(evt) {
@@ -729,17 +734,17 @@ var ClickEventHandler = {
let originalTarget = event.originalTarget;
let ownerDoc = originalTarget.ownerDocument;
if (!ownerDoc) {
return;
}
// Handle click events from about pages
- if (event.button == 0) {
+ if (event.button == 0 && !originalTarget.disabled) {
if (AboutNetAndCertErrorListener.isAboutCertError(ownerDoc)) {
this.onCertError(originalTarget, ownerDoc.defaultView);
return;
} else if (ownerDoc.documentURI.startsWith("about:blocked")) {
this.onAboutBlocked(originalTarget, ownerDoc);
return;
} else if (AboutNetAndCertErrorListener.isAboutNetError(ownerDoc)) {
this.onAboutNetError(event, ownerDoc.documentURI);
--- a/browser/base/content/test/about/browser_aboutCertError.js
+++ b/browser/base/content/test/about/browser_aboutCertError.js
@@ -285,16 +285,19 @@ add_task(async function checkAdvancedDet
let message = await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
let doc = frame ? content.document.querySelector("iframe").contentDocument : content.document;
let shortDescText = doc.getElementById("errorShortDescText");
info("Main error text: " + shortDescText.textContent);
ok(shortDescText.textContent.includes("expired.example.com"),
"Should list hostname in error message.");
+ let exceptionButton = doc.getElementById("exceptionDialogButton");
+ ok(!exceptionButton.disabled, "Exception button is not disabled by default.");
+
let advancedButton = doc.getElementById("advancedButton");
advancedButton.click();
let el = doc.getElementById("errorCode");
return { textContent: el.textContent, tagName: el.tagName };
});
is(message.textContent, "SEC_ERROR_EXPIRED_CERTIFICATE",
"Correct error message found");
is(message.tagName, "a", "Error message is a link");
@@ -329,16 +332,37 @@ add_task(async function checkAdvancedDet
"Correct HPKP value found");
let certChain = getCertChain(message.securityInfoAsString);
ok(message.text.includes(certChain), "Found certificate chain");
BrowserTestUtils.removeTab(gBrowser.selectedTab);
}
});
+add_task(async function checkhideAddExceptionButton() {
+ info("Loading a bad cert page and verifying the pref security.certerror.hideAddException");
+ Services.prefs.setBoolPref("security.certerror.hideAddException", true);
+
+ for (let useFrame of [false, true]) {
+ let tab = await openErrorPage(BAD_CERT, useFrame);
+ let browser = tab.linkedBrowser;
+
+ await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
+ let doc = frame ? content.document.querySelector("iframe").contentDocument : content.document;
+
+ let exceptionButton = doc.querySelector(".exceptionDialogButtonContainer");
+ ok(exceptionButton.hidden, "Exception button is hidden.");
+ });
+
+ BrowserTestUtils.removeTab(gBrowser.selectedTab);
+ }
+
+ Services.prefs.clearUserPref("security.certerror.hideAddException");
+});
+
add_task(async function checkAdvancedDetailsForHSTS() {
info("Loading a bad STS cert page and verifying the advanced details section");
for (let useFrame of [false, true]) {
let tab = await openErrorPage(BAD_STS_CERT, useFrame);
let browser = tab.linkedBrowser;
let message = await ContentTask.spawn(browser, {frame: useFrame}, async function({frame}) {
let doc = frame ? content.document.querySelector("iframe").contentDocument : content.document;
--- a/browser/themes/shared/aboutNetError.css
+++ b/browser/themes/shared/aboutNetError.css
@@ -156,16 +156,20 @@ span#hostname {
.exceptionDialogButtonContainer {
background-color: var(--exception-button-container-background);
display: flex;
justify-content: end;
padding: 10px;
}
+.exceptionDialogButtonContainer[hidden] {
+ display: none;
+}
+
.illustrated #errorPageContainer {
min-height: 300px;
display: flex;
flex-direction: column;
background-position: left center;
}
.illustrated[dir="rtl"] #errorPageContainer {