| author | Johann Hofmann <jhofmann@mozilla.com> |
| Thu, 01 Nov 2018 18:49:11 +0000 | |
| changeset 443954 | 104801e66fb269dbf5363efc0bd48851906c4f69 |
| parent 443953 | 2ee0d0fec9d50aeaefe3d40f55dabbd200f27177 |
| child 443955 | afbdda6211c983f585cc06796fed22a76fe22316 |
| push id | 34976 |
| push user | dvarga@mozilla.com |
| push date | Thu, 01 Nov 2018 22:26:55 +0000 |
| treeherder | mozilla-central@b953c577afe2 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | Gijs |
| bugs | 1501680 |
| milestone | 65.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js +++ b/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js @@ -39,16 +39,17 @@ var server; // expected. function getReportCheck(expectReport, expectedError) { return function sendReportWithInfo(transportSecurityInfo) { // register a path handler on the server server.registerPathHandler("/submit/sslreports", function(request, response) { if (expectReport) { let report = JSON.parse(readDataFromRequest(request)); + Assert.equal(request.getHeader("Cookie"), "", "No cookie sent."); Assert.equal(report.errorCode, expectedError); response.setStatusLine(null, 201, "Created"); response.write("Created"); } else { do_throw("No report should have been received"); } }); @@ -82,16 +83,25 @@ function run_test() { let port = server.identity.primaryPort; // Set the reporting URL to ensure any reports are sent to the test server Services.prefs.setCharPref("security.ssl.errorReporting.url", `http://localhost:${port}/submit/sslreports`); // set strict-mode pinning enforcement so we can cause connection failures. Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2); + // Add a cookie so that we can assert it's not sent along with the report. + Services.cookies.add("localhost", "/", "foo", "bar", + false, false, false, Date.now() + 24000 * 60 * 60, {}, + Ci.nsICookie2.SAMESITE_UNSET); + + registerCleanupFunction(() => { + Services.cookies.removeAll(); + }); + // start a TLS server add_tls_server_setup("BadCertServer", "bad_certs"); // Add a user-specified trust anchor. addCertFromFile(certdb, "bad_certs/other-test-ca.pem", "CTu,u,u"); // Cause a reportable condition with error reporting disabled. No report
--- a/toolkit/components/securityreporter/SecurityReporter.js +++ b/toolkit/components/securityreporter/SecurityReporter.js @@ -78,16 +78,17 @@ SecurityReporter.prototype = { build: Services.appinfo.appBuildID, product: Services.appinfo.name, channel: UpdateUtils.UpdateChannel, }; fetch(endpoint, { method: "POST", body: JSON.stringify(report), + credentials: "omit", headers: { "Content-Type": "application/json", }, }).then(function(aResponse) { if (!aResponse.ok) { // request returned non-success status Services.telemetry.getHistogramById(HISTOGRAM_ID) .add(TLS_ERROR_REPORT_TELEMETRY_FAILURE);