Bug 1501680 - Don't send credentials in ssl error reports. r=Gijs
authorJohann Hofmann <jhofmann@mozilla.com>
Thu, 01 Nov 2018 18:49:11 +0000
changeset 443954 104801e66fb269dbf5363efc0bd48851906c4f69
parent 443953 2ee0d0fec9d50aeaefe3d40f55dabbd200f27177
child 443955 afbdda6211c983f585cc06796fed22a76fe22316
push id34976
push userdvarga@mozilla.com
push dateThu, 01 Nov 2018 22:26:55 +0000
treeherdermozilla-central@b953c577afe2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersGijs
bugs1501680
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1501680 - Don't send credentials in ssl error reports. r=Gijs Differential Revision: https://phabricator.services.mozilla.com/D10594
security/manager/ssl/tests/unit/test_toolkit_securityreporter.js
toolkit/components/securityreporter/SecurityReporter.js
--- a/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js
+++ b/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js
@@ -39,16 +39,17 @@ var server;
 // expected.
 function getReportCheck(expectReport, expectedError) {
   return function sendReportWithInfo(transportSecurityInfo) {
     // register a path handler on the server
     server.registerPathHandler("/submit/sslreports",
                               function(request, response) {
       if (expectReport) {
         let report = JSON.parse(readDataFromRequest(request));
+        Assert.equal(request.getHeader("Cookie"), "", "No cookie sent.");
         Assert.equal(report.errorCode, expectedError);
         response.setStatusLine(null, 201, "Created");
         response.write("Created");
       } else {
         do_throw("No report should have been received");
       }
     });
 
@@ -82,16 +83,25 @@ function run_test() {
   let port = server.identity.primaryPort;
 
   // Set the reporting URL to ensure any reports are sent to the test server
   Services.prefs.setCharPref("security.ssl.errorReporting.url",
                              `http://localhost:${port}/submit/sslreports`);
   // set strict-mode pinning enforcement so we can cause connection failures.
   Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
 
+  // Add a cookie so that we can assert it's not sent along with the report.
+  Services.cookies.add("localhost", "/", "foo", "bar",
+                       false, false, false, Date.now() + 24000 * 60 * 60, {},
+                       Ci.nsICookie2.SAMESITE_UNSET);
+
+  registerCleanupFunction(() => {
+    Services.cookies.removeAll();
+  });
+
   // start a TLS server
   add_tls_server_setup("BadCertServer", "bad_certs");
 
   // Add a user-specified trust anchor.
   addCertFromFile(certdb, "bad_certs/other-test-ca.pem", "CTu,u,u");
 
 
   // Cause a reportable condition with error reporting disabled. No report
--- a/toolkit/components/securityreporter/SecurityReporter.js
+++ b/toolkit/components/securityreporter/SecurityReporter.js
@@ -78,16 +78,17 @@ SecurityReporter.prototype = {
       build: Services.appinfo.appBuildID,
       product: Services.appinfo.name,
       channel: UpdateUtils.UpdateChannel,
     };
 
     fetch(endpoint, {
       method: "POST",
       body: JSON.stringify(report),
+      credentials: "omit",
       headers: {
         "Content-Type": "application/json",
       },
     }).then(function(aResponse) {
       if (!aResponse.ok) {
         // request returned non-success status
         Services.telemetry.getHistogramById(HISTOGRAM_ID)
           .add(TLS_ERROR_REPORT_TELEMETRY_FAILURE);