--- a/toolkit/components/extensions/parent/ext-webRequest.js
+++ b/toolkit/components/extensions/parent/ext-webRequest.js
@@ -94,15 +94,23 @@ this.webRequest = class extends Extensio
onBeforeSendHeaders: new WebRequestEventManager(context, "onBeforeSendHeaders").api(),
onSendHeaders: new WebRequestEventManager(context, "onSendHeaders").api(),
onHeadersReceived: new WebRequestEventManager(context, "onHeadersReceived").api(),
onAuthRequired: new WebRequestEventManager(context, "onAuthRequired").api(),
onBeforeRedirect: new WebRequestEventManager(context, "onBeforeRedirect").api(),
onResponseStarted: new WebRequestEventManager(context, "onResponseStarted").api(),
onErrorOccurred: new WebRequestEventManager(context, "onErrorOccurred").api(),
onCompleted: new WebRequestEventManager(context, "onCompleted").api(),
+ getSecurityInfo: function(requestId, options = {}) {
+ return WebRequest.getSecurityInfo({
+ id: requestId,
+ extension: context.extension.policy,
+ tabParent: context.xulBrowser.frameLoader.tabParent,
+ options,
+ });
+ },
handlerBehaviorChanged: function() {
// TODO: Flush all caches.
},
},
};
}
};
--- a/toolkit/components/extensions/schemas/web_request.json
+++ b/toolkit/components/extensions/schemas/web_request.json
@@ -172,16 +172,198 @@
"properties": {
"username": {"type": "string"},
"password": {"type": "string"}
}
}
}
},
{
+ "id": "nsIASN1Object",
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "value": {
+ "type": "string"
+ },
+ "children": {
+ "optional": true,
+ "type": "array",
+ "items": { "$ref": "nsIASN1Object" }
+ }
+ }
+ },
+ {
+ "id": "CertificateInfo",
+ "type": "object",
+ "description": "Contains the certificate properties of the request if it is a secure request.",
+ "properties": {
+ "subject": {
+ "type": "object",
+ "properties": {
+ "name": { "type": "string" },
+ "commonName": { "type": "string" },
+ "organization": { "type": "string" },
+ "organizationalUnit": { "type": "string" }
+ }
+ },
+ "issuer": {
+ "type": "object",
+ "properties": {
+ "commonName": { "type": "string" },
+ "organization": { "type": "string" },
+ "organizationalUnit": { "type": "string" }
+ }
+ },
+ "validity": {
+ "type": "object",
+ "description": "Contains start and end dates in GMT.",
+ "properties": {
+ "startGMT": { "type": "string" },
+ "endGMT": { "type": "string" }
+ }
+ },
+ "fingerprint": {
+ "type": "object",
+ "properties": {
+ "sha1": { "type": "string" },
+ "sha256": { "type": "string" }
+ }
+ },
+ "serialNumber": {
+ "type": "string"
+ },
+ "isBuiltInRoot": {
+ "type": "boolean"
+ },
+ "isSelfSigned": {
+ "type": "boolean"
+ },
+ "certType": {
+ "type": "string",
+ "enum": [ "unknown", "ca", "user", "email", "server", "any" ]
+ },
+ "subjectPublicKeyInfoDigest": {
+ "type": "object",
+ "properties": {
+ "sha256": { "type": "string" }
+ }
+ },
+ "keyUsages": {
+ "type": "string"
+ },
+ "rawDER": {
+ "optional": true,
+ "type": "array",
+ "items": {
+ "type": "integer"
+ }
+ },
+ "ASN1Objects": {
+ "optional": true,
+ "type": "array",
+ "items": { "$ref": "nsIASN1Object" }
+ }
+ }
+ },
+ {
+ "id": "CertificateTransparencyStatus",
+ "type": "string",
+ "enum": ["not_applicable", "policy_compliant", "policy_not_enough_scts", "policy_not_diverse_scts"]
+ },
+ {
+ "id": "TransportWeaknessReasons",
+ "type": "string",
+ "enum": ["cipher"]
+ },
+ {
+ "id": "SecurityInfo",
+ "type": "object",
+ "description": "Contains the security properties of the request (ie. SSL/TLS information).",
+ "properties": {
+ "state": {
+ "type": "string",
+ "enum": [
+ "insecure",
+ "weak",
+ "broken",
+ "secure"
+ ]
+ },
+ "errorMessage": {
+ "type": "string",
+ "description": "Error message if state is \"broken\"",
+ "optional": true
+ },
+ "protocolVersion": {
+ "type": "string",
+ "description": "Protocol version if state is \"secure\"",
+ "enum": [
+ "TLSv1",
+ "TLSv1.1",
+ "TLSv1.2",
+ "TLSv1.3",
+ "unknown"
+ ],
+ "optional": true
+ },
+ "cipherSuite": {
+ "type": "string",
+ "description": "The cipher suite used in this request if state is \"secure\".",
+ "optional": true
+ },
+ "certificates": {
+ "description": "Certificate data if state is \"secure\". Will only contain one entry unless <code>certificateTree</code> is passed as an option.",
+ "type": "array",
+ "items": { "$ref": "CertificateInfo" }
+ },
+ "isDomainMismatch": {
+ "description": "The domain name does not match the certificate domain.",
+ "type": "boolean",
+ "optional": true
+ },
+ "isExtendedValidation": {
+ "type": "boolean",
+ "optional": true
+ },
+ "isNotValidAtThisTime": {
+ "description": "The certificate is either expired or is not yet valid. See <code>CertificateInfo.validity</code> for start and end dates.",
+ "type": "boolean",
+ "optional": true
+ },
+ "isUntrusted": {
+ "type": "boolean",
+ "optional": true
+ },
+ "certificateTransparencyStatus": {
+ "description": "Certificate transparency compliance per RFC 6962. See <code>https://www.certificate-transparency.org/what-is-ct</code> for more information.",
+ "$ref": "CertificateTransparencyStatus",
+ "optional": true
+ },
+ "hsts": {
+ "type": "boolean",
+ "description": "True if host uses Strict Transport Security and state is \"secure\".",
+ "optional": true
+ },
+ "hpkp": {
+ "type": "string",
+ "description": "True if host uses Public Key Pinning and state is \"secure\".",
+ "optional": true
+ },
+ "weaknessReasons": {
+ "type": "array",
+ "items": { "$ref": "TransportWeaknessReasons" },
+ "description": "list of reasons that cause the request to be considered weak, if state is \"weak\"",
+ "optional": true
+ }
+ }
+ },
+ {
"id": "UploadData",
"type": "object",
"properties": {
"bytes": {
"type": "any",
"optional": true,
"description": "An ArrayBuffer with a copy of the data."
},
@@ -220,16 +402,54 @@
"type": "string"
}
],
"returns": {
"type": "object",
"additionalProperties": {"type": "any"},
"isInstanceOf": "StreamFilter"
}
+ },
+ {
+ "name": "getSecurityInfo",
+ "type": "function",
+ "async": true,
+ "description": "Retrieves the security information for the request.",
+ "parameters": [
+ {
+ "name": "requestId",
+ "type": "string"
+ },
+ {
+ "name": "options",
+ "optional": true,
+ "type": "object",
+ "properties": {
+ "certificateTree": {
+ "type": "boolean",
+ "description": "Include the entire certificate tree.",
+ "optional": true
+ },
+ "rawDER": {
+ "type": "boolean",
+ "description": "Include raw certificate data for processing by the extension.",
+ "optional": true
+ },
+ "ASN1Sequence": {
+ "type": "boolean",
+ "description": "Include all ASN1 fields in the certificate.",
+ "optional": true
+ }
+ }
+ }
+ ],
+ "returns": {
+ "$ref": "SecurityInfo",
+ "description": "Security information for this request."
+ }
}
],
"events": [
{
"name": "onBeforeRequest",
"type": "function",
"description": "Fired when a request is about to occur.",
"parameters": [
--- a/toolkit/components/extensions/test/mochitest/test_ext_webrequest_hsts.html
+++ b/toolkit/components/extensions/test/mochitest/test_ext_webrequest_hsts.html
@@ -20,19 +20,33 @@ function getExtension() {
browser.test.assertEq(expect.shift(), "onBeforeRequest");
}, {urls}, ["blocking"]);
browser.webRequest.onBeforeSendHeaders.addListener(details => {
browser.test.assertEq(expect.shift(), "onBeforeSendHeaders");
}, {urls}, ["blocking", "requestHeaders"]);
browser.webRequest.onSendHeaders.addListener(details => {
browser.test.assertEq(expect.shift(), "onSendHeaders");
}, {urls}, ["requestHeaders"]);
- browser.webRequest.onHeadersReceived.addListener(details => {
+ browser.webRequest.onHeadersReceived.addListener(async (details) => {
browser.test.assertEq(expect.shift(), "onHeadersReceived");
+ // We exepect all requests to have been upgraded at this point.
+ browser.test.assertTrue(details.url.startsWith("https"), "connection is https");
+
+ let securityInfo = await browser.webRequest.getSecurityInfo(details.requestId, {
+ certificateTree: true,
+ rawDER: true,
+ ASN1Sequence: true,
+ });
+ browser.test.assertTrue(securityInfo.certificates.length > 0, "have certificate tree");
+ browser.test.assertTrue(securityInfo && securityInfo.state == "secure",
+ "security info reflects https");
+ browser.test.assertTrue(securityInfo.certificates[0].rawDER.length > 0, "have rawDER");
+ browser.test.assertTrue(securityInfo.certificates[0].ASN1Objects.length > 0, "have ASN1Objects");
+
let headers = details.responseHeaders || [];
for (let header of headers) {
if (header.name.toLowerCase() === "strict-transport-security") {
return;
}
}
headers.push({
new file mode 100644
--- /dev/null
+++ b/toolkit/modules/addons/SecurityInfo.jsm
@@ -0,0 +1,370 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const EXPORTED_SYMBOLS = ["SecurityInfo"];
+
+ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
+
+const wpl = Ci.nsIWebProgressListener;
+XPCOMUtils.defineLazyServiceGetter(this, "NSSErrorsService",
+ "@mozilla.org/nss_errors_service;1",
+ "nsINSSErrorsService");
+XPCOMUtils.defineLazyServiceGetter(this, "sss",
+ "@mozilla.org/ssservice;1",
+ "nsISiteSecurityService");
+
+// NOTE: SecurityInfo is largly copied from the devtools NetworkHelper with some
+// minor differences.
+
+const SecurityInfo = {
+ /**
+ * Extracts security information from nsIChannel.securityInfo.
+ *
+ * @param {nsIChannel} channel
+ * If null channel is assumed to be insecure.
+ * @param {Object} options
+ *
+ * @returns {Object}
+ * Returns an object containing following members:
+ * - state: The security of the connection used to fetch this
+ * request. Has one of following string values:
+ * * "insecure": the connection was not secure (only http)
+ * * "weak": the connection has minor security issues
+ * * "broken": secure connection failed (e.g. expired cert)
+ * * "secure": the connection was properly secured.
+ * If state == broken:
+ * - errorMessage: full error message from
+ * nsITransportSecurityInfo.
+ * If state == secure:
+ * - protocolVersion: one of TLSv1, TLSv1.1, TLSv1.2, TLSv1.3.
+ * - cipherSuite: the cipher suite used in this connection.
+ * - cert: information about certificate used in this connection.
+ * See parseCertificateInfo for the contents.
+ * - hsts: true if host uses Strict Transport Security,
+ * false otherwise
+ * - hpkp: true if host uses Public Key Pinning, false otherwise
+ * If state == weak: Same as state == secure and
+ * - weaknessReasons: list of reasons that cause the request to be
+ * considered weak. See getReasonsForWeakness.
+ */
+ getSecurityInfo(channel, options = {}) {
+ const info = {
+ state: "insecure",
+ };
+
+ if (!channel) {
+ return info;
+ }
+
+ /**
+ * Different scenarios to consider here and how they are handled:
+ * - request is HTTP, the connection is not secure
+ * => securityInfo is null
+ * => state === "insecure"
+ *
+ * - request is HTTPS, the connection is secure
+ * => .securityState has STATE_IS_SECURE flag
+ * => state === "secure"
+ *
+ * - request is HTTPS, the connection has security issues
+ * => .securityState has STATE_IS_INSECURE flag
+ * => .errorCode is an NSS error code.
+ * => state === "broken"
+ *
+ * - request is HTTPS, the connection was terminated before the security
+ * could be validated
+ * => .securityState has STATE_IS_INSECURE flag
+ * => .errorCode is NOT an NSS error code.
+ * => .errorMessage is not available.
+ * => state === "insecure"
+ *
+ * - request is HTTPS but it uses a weak cipher or old protocol, see
+ * https://hg.mozilla.org/mozilla-central/annotate/def6ed9d1c1a/
+ * security/manager/ssl/nsNSSCallbacks.cpp#l1233
+ * - request is mixed content (which makes no sense whatsoever)
+ * => .securityState has STATE_IS_BROKEN flag
+ * => .errorCode is NOT an NSS error code
+ * => .errorMessage is not available
+ * => state === "weak"
+ */
+
+ let securityInfo = channel.securityInfo;
+ if (!securityInfo) {
+ return info;
+ }
+
+ securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
+ securityInfo.QueryInterface(Ci.nsISSLStatusProvider);
+
+ const SSLStatus = securityInfo.SSLStatus;
+ if (NSSErrorsService.isNSSErrorCode(securityInfo.errorCode)) {
+ // The connection failed.
+ info.state = "broken";
+ info.errorMessage = securityInfo.errorMessage;
+ return info;
+ }
+
+ const state = securityInfo.securityState;
+
+ let uri = channel.URI;
+ if (uri && !uri.schemeIs("https") && !uri.schemeIs("wss")) {
+ // it is not enough to look at the transport security info -
+ // schemes other than https and wss are subject to
+ // downgrade/etc at the scheme level and should always be
+ // considered insecure.
+ // Leave info.state = "insecure";
+ } else if (state & wpl.STATE_IS_SECURE) {
+ // The connection is secure if the scheme is sufficient
+ info.state = "secure";
+ } else if (state & wpl.STATE_IS_BROKEN) {
+ // The connection is not secure, there was no error but there's some
+ // minor security issues.
+ info.state = "weak";
+ info.weaknessReasons = this.getReasonsForWeakness(state);
+ } else if (state & wpl.STATE_IS_INSECURE) {
+ // This was most likely an https request that was aborted before
+ // validation. Return info as info.state = insecure.
+ return info;
+ } else {
+ // No known STATE_IS_* flags.
+ return info;
+ }
+
+ // Cipher suite.
+ info.cipherSuite = SSLStatus.cipherName;
+
+ // Key exchange group name.
+ info.keaGroupName = SSLStatus.keaGroupName;
+
+ // Certificate signature scheme.
+ info.signatureSchemeName = SSLStatus.signatureSchemeName;
+
+ info.isDomainMismatch = SSLStatus.isDomainMismatch;
+ info.isExtendedValidation = SSLStatus.isExtendedValidation;
+ info.isNotValidAtThisTime = SSLStatus.isNotValidAtThisTime;
+ info.isUntrusted = SSLStatus.isUntrusted;
+
+ info.certificateTransparencyStatus = this.getTransparencyStatus(SSLStatus.certificateTransparencyStatus);
+
+ // Protocol version.
+ info.protocolVersion =
+ this.formatSecurityProtocol(SSLStatus.protocolVersion);
+
+ if (options.certificateTree) {
+ info.certificates = this.getCertificateTree(channel, options);
+ } else {
+ info.certificates = [this.parseCertificateInfo(SSLStatus.serverCert, options)];
+ }
+
+ // HSTS and HPKP if available.
+ if (uri && uri.host) {
+ // SiteSecurityService uses different storage if the channel is
+ // private. Thus we must give isSecureURI correct flags or we
+ // might get incorrect results.
+ let flags = channel instanceof Ci.nsIPrivateBrowsingChannel && channel.isChannelPrivate ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
+
+ info.hsts = sss.isSecureURI(sss.HEADER_HSTS, uri, flags);
+ info.hpkp = sss.isSecureURI(sss.HEADER_HPKP, uri, flags);
+ } else {
+ info.hsts = false;
+ info.hpkp = false;
+ }
+
+ return info;
+ },
+
+ getCertificateTree(channel, options = {}) {
+ if (!channel || !channel.securityInfo) {
+ return [];
+ }
+ const securityInfo = channel.securityInfo;
+ const SSLStatus = securityInfo.SSLStatus;
+ if (NSSErrorsService.isNSSErrorCode(securityInfo.errorCode)) {
+ return [];
+ }
+
+ let certificates = [];
+ let certChain = SSLStatus.serverCert.getChain();
+ for (let cert of XPCOMUtils.IterSimpleEnumerator(certChain.enumerate(), Ci.nsIX509Cert)) {
+ certificates.push(this.parseCertificateInfo(cert, options));
+ }
+ return certificates;
+ },
+
+ /**
+ * Takes an nsIX509Cert and returns an object with certificate information.
+ *
+ * @param {nsIX509Cert} cert
+ * The certificate to extract the information from.
+ * @param {Object} options
+ * @returns {Object}
+ * An object with following format:
+ * {
+ * subject: { commonName, organization, organizationalUnit },
+ * issuer: { commonName, organization, organizationUnit },
+ * validity: { start, end },
+ * fingerprint: { sha1, sha256 }
+ * }
+ */
+ parseCertificateInfo(cert, options = {}) {
+ if (!cert) {
+ return {};
+ }
+
+ let certData = {
+ subject: {
+ name: cert.subjectName,
+ commonName: cert.commonName,
+ organization: cert.organization,
+ organizationalUnit: cert.organizationalUnit,
+ },
+ issuer: {
+ commonName: cert.issuerCommonName,
+ organization: cert.issuerOrganization,
+ organizationUnit: cert.issuerOrganizationUnit,
+ },
+ validity: {
+ startGMT: cert.validity.notBeforeGMT,
+ endGMT: cert.validity.notAfterGMT,
+ },
+ fingerprint: {
+ sha1: cert.sha1Fingerprint,
+ sha256: cert.sha256Fingerprint,
+ },
+ serialNumber: cert.serialNumber,
+ isBuiltInRoot: cert.isBuiltInRoot,
+ certType: this.getCertType(cert.certType),
+ isSelfSigned: cert.isSelfSigned,
+ subjectPublicKeyInfoDigest: {
+ sha256: cert.sha256SubjectPublicKeyInfoDigest,
+ },
+ keyUsages: cert.keyUsages,
+ };
+ if (options.rawDER) {
+ certData.rawDER = cert.getRawDER({});
+ }
+ if (options.ASN1Sequence) {
+ certData.ASN1Objects = this.getCertASN1Structure(cert.ASN1Structure);
+ }
+ return certData;
+ },
+
+ // Bug 1355903 Transparency is currently disbled using security.pki.certificate_transparency.mode
+ getTransparencyStatus(status) {
+ switch (status) {
+ case Ci.nsISSLStatus.CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE:
+ return "not_applicable";
+ case Ci.nsISSLStatus.CERTIFICATE_TRANSPARENCY_POLICY_COMPLIANT:
+ return "policy_compliant";
+ case Ci.nsISSLStatus.CERTIFICATE_TRANSPARENCY_POLICY_NOT_ENOUGH_SCTS:
+ return "policy_not_enough_scts";
+ case Ci.nsISSLStatus.CERTIFICATE_TRANSPARENCY_POLICY_NOT_DIVERSE_SCTS:
+ return "policy_not_diverse_scts";
+ }
+ return "unknown";
+ },
+
+ getCertType(type) {
+ switch (type) {
+ case Ci.nsIX509Cert.CA_CERT:
+ return "ca";
+ case Ci.nsIX509Cert.USER_CERT:
+ return "user";
+ case Ci.nsIX509Cert.EMAIL_CERT:
+ return "email";
+ case Ci.nsIX509Cert.SERVER_CERT:
+ return "server";
+ case Ci.nsIX509Cert.ANY_CERT:
+ return "any";
+ }
+ return "unknown";
+ },
+
+ /**
+ * Takes protocolVersion of SSLStatus object and returns human readable
+ * description.
+ *
+ * @param {number} version
+ * One of nsISSLStatus version constants.
+ * @returns {string}
+ * One of TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 if version
+ * is valid, Unknown otherwise.
+ */
+ formatSecurityProtocol(version) {
+ switch (version) {
+ case Ci.nsISSLStatus.TLS_VERSION_1:
+ return "TLSv1";
+ case Ci.nsISSLStatus.TLS_VERSION_1_1:
+ return "TLSv1.1";
+ case Ci.nsISSLStatus.TLS_VERSION_1_2:
+ return "TLSv1.2";
+ case Ci.nsISSLStatus.TLS_VERSION_1_3:
+ return "TLSv1.3";
+ }
+ return "unknown";
+ },
+
+ /**
+ * Takes the securityState bitfield and returns reasons for weak connection
+ * as an array of strings.
+ *
+ * @param {number} state
+ * nsITransportSecurityInfo.securityState.
+ *
+ * @returns {array<string>}
+ * List of weakness reasons. A subset of { cipher } where
+ * * cipher: The cipher suite is consireded to be weak (RC4).
+ */
+ getReasonsForWeakness(state) {
+ // If there's non-fatal security issues the request has STATE_IS_BROKEN
+ // flag set. See https://hg.mozilla.org/mozilla-central/file/44344099d119
+ // /security/manager/ssl/nsNSSCallbacks.cpp#l1233
+ let reasons = [];
+
+ if (state & wpl.STATE_IS_BROKEN) {
+ if (state & wpl.STATE_USES_WEAK_CRYPTO) {
+ reasons.push("cipher");
+ }
+ }
+
+ return reasons;
+ },
+
+ /**
+ * Creates array of objects for each element of a certificate.
+ *
+ * @param {nsIASN1Object} sequence
+ *
+ * @returns {Array}
+ * A list of objects with following format:
+ * {
+ * name: displayed name of the element
+ * value: the actual value of the element
+ * children: array of child objects
+ * }
+ */
+ getCertASN1Structure(sequence) {
+ // Get the ASN1Sequence below the current one, bail if it is invalid.
+ if (!sequence || !(sequence instanceof Ci.nsIASN1Sequence) || !sequence.isValidContainer) {
+ return [];
+ }
+
+ let ASN1Objects = [];
+ for (let element of XPCOMUtils.IterSimpleEnumerator(sequence.ASN1Objects.enumerate(), Ci.nsIASN1Object)) {
+ let entry = {
+ name: element.displayName,
+ value: element.displayValue,
+ };
+ if (element.isExpanded || element.displayValue == "") {
+ // Push all elements seen deeper in the tree to the list of the current branch
+ // until everything is in the topmost array.
+ entry.children = this.getCertASN1Structure(element);
+ }
+ ASN1Objects.push(entry);
+ }
+ return ASN1Objects;
+ },
+};
--- a/toolkit/modules/addons/WebRequest.jsm
+++ b/toolkit/modules/addons/WebRequest.jsm
@@ -16,16 +16,18 @@ ChromeUtils.import("resource://gre/modul
ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
ChromeUtils.defineModuleGetter(this, "ExtensionUtils",
"resource://gre/modules/ExtensionUtils.jsm");
ChromeUtils.defineModuleGetter(this, "WebRequestCommon",
"resource://gre/modules/WebRequestCommon.jsm");
ChromeUtils.defineModuleGetter(this, "WebRequestUpload",
"resource://gre/modules/WebRequestUpload.jsm");
+ChromeUtils.defineModuleGetter(this, "SecurityInfo",
+ "resource://gre/modules/SecurityInfo.jsm");
XPCOMUtils.defineLazyGetter(this, "ExtensionError", () => ExtensionUtils.ExtensionError);
function runLater(job) {
Services.tm.dispatchToMainThread(job);
}
function parseFilter(filter) {
@@ -175,18 +177,19 @@ class ResponseHeaderChanger extends Head
}
}
const MAYBE_CACHED_EVENTS = new Set([
"onResponseStarted", "onHeadersReceived", "onBeforeRedirect", "onCompleted", "onErrorOccurred",
]);
const OPTIONAL_PROPERTIES = [
- "requestHeaders", "responseHeaders", "statusCode", "statusLine", "error", "redirectUrl",
- "requestBody", "scheme", "realm", "isProxy", "challenger", "proxyInfo", "ip", "frameAncestors",
+ "requestHeaders", "responseHeaders", "statusCode", "statusLine", "error",
+ "redirectUrl", "requestBody", "scheme", "realm", "isProxy",
+ "challenger", "proxyInfo", "ip", "frameAncestors",
];
function serializeRequestData(eventName) {
let data = {
requestId: this.requestId,
url: this.url,
originUrl: this.originUrl,
documentUrl: this.documentUrl,
@@ -995,11 +998,16 @@ var WebRequest = {
// OnStartRequest channel listener.
onResponseStarted: onResponseStarted,
// OnStopRequest channel listener.
onCompleted: onCompleted,
// nsIHttpActivityObserver.
onErrorOccurred: onErrorOccurred,
+
+ getSecurityInfo: (details) => {
+ let channel = ChannelWrapper.getRegisteredChannel(details.id, details.extension, details.tabParent);
+ return SecurityInfo.getSecurityInfo(channel.channel, details.options);
+ }
};
Services.ppmm.loadProcessScript("resource://gre/modules/WebRequestContent.js", true);
--- a/toolkit/modules/moz.build
+++ b/toolkit/modules/moz.build
@@ -162,16 +162,17 @@ TESTING_JS_MODULES += [
SPHINX_TREES['toolkit_modules'] = 'docs'
with Files('docs/**'):
SCHEDULES.exclusive = ['docs']
EXTRA_JS_MODULES += [
'addons/MatchURLFilters.jsm',
+ 'addons/SecurityInfo.jsm',
'addons/WebNavigation.jsm',
'addons/WebNavigationContent.js',
'addons/WebNavigationFrames.jsm',
'addons/WebRequest.jsm',
'addons/WebRequestCommon.jsm',
'addons/WebRequestContent.js',
'addons/WebRequestUpload.jsm',
'AppMenuNotifications.jsm',