Bug 1422365 - Introduce nsIClearDataService - part 16 - security settings, r=johannh
authorAndrea Marchesini <amarchesini@mozilla.com>
Fri, 01 Jun 2018 14:31:02 +0200
changeset 420885 3725c0472caac21e8c6d60a6097c55548e9a9ff7
parent 420884 144e01c7cfc470c80d422c0dd1202b725021583c
child 420886 9fa43598c248709f0a1ef6f5702821c034ef3e94
push id34083
push userapavel@mozilla.com
push dateSat, 02 Jun 2018 23:03:25 +0000
treeherdermozilla-central@1f62ecdf59b6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjohannh
bugs1422365
milestone62.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1422365 - Introduce nsIClearDataService - part 16 - security settings, r=johannh
browser/modules/Sanitizer.jsm
toolkit/components/cleardata/ClearDataService.js
toolkit/components/cleardata/nsIClearDataService.idl
toolkit/forgetaboutsite/ForgetAboutSite.jsm
--- a/browser/modules/Sanitizer.jsm
+++ b/browser/modules/Sanitizer.jsm
@@ -424,38 +424,23 @@ var Sanitizer = {
         await clearData(range, Ci.nsIClearDataService.CLEAR_AUTH_TOKENS |
                                Ci.nsIClearDataService.CLEAR_AUTH_CACHE);
         TelemetryStopwatch.finish("FX_SANITIZE_SESSIONS", refObj);
       }
     },
 
     siteSettings: {
       async clear(range) {
-        let seenException;
         let refObj = {};
         TelemetryStopwatch.start("FX_SANITIZE_SITESETTINGS", refObj);
-
         await clearData(range, Ci.nsIClearDataService.CLEAR_PERMISSIONS |
                                Ci.nsIClearDataService.CLEAR_PREFERENCES |
-                               Ci.nsIClearDataService.CLEAR_DOM_PUSH_NOTIFICATIONS);
-
-        try {
-          // Clear site security settings - no support for ranges in this
-          // interface either, so we clearAll().
-          let sss = Cc["@mozilla.org/ssservice;1"]
-                      .getService(Ci.nsISiteSecurityService);
-          sss.clearAll();
-        } catch (ex) {
-          seenException = ex;
-        }
-
+                               Ci.nsIClearDataService.CLEAR_DOM_PUSH_NOTIFICATIONS |
+                               Ci.nsIClearDataService.CLEAR_SECURITY_SETTINGS);
         TelemetryStopwatch.finish("FX_SANITIZE_SITESETTINGS", refObj);
-        if (seenException) {
-          throw seenException;
-        }
       }
     },
 
     openWindows: {
       _canCloseWindow(win) {
         if (win.CanCloseWindow()) {
           // We already showed PermitUnload for the window, so let's
           // make sure we don't do it again when we actually close the
--- a/toolkit/components/cleardata/ClearDataService.js
+++ b/toolkit/components/cleardata/ClearDataService.js
@@ -548,16 +548,53 @@ const PreferencesCleaner = {
       let cps2 = Cc["@mozilla.org/content-pref/service;1"]
                    .getService(Ci.nsIContentPrefService2);
       cps2.removeAllDomains(null);
       aResolve();
     });
   },
 };
 
+const SecuritySettingsCleaner = {
+  deleteByHost(aHost, aOriginAttributes) {
+    return new Promise(aResolve => {
+      let sss = Cc["@mozilla.org/ssservice;1"]
+                  .getService(Ci.nsISiteSecurityService);
+      for (let type of [Ci.nsISiteSecurityService.HEADER_HSTS,
+                        Ci.nsISiteSecurityService.HEADER_HPKP]) {
+        // Also remove HSTS/HPKP/OMS information for subdomains by enumerating
+        // the information in the site security service.
+        let enumerator = sss.enumerate(type);
+        while (enumerator.hasMoreElements()) {
+          let entry = enumerator.getNext();
+          let hostname = entry.QueryInterface(Ci.nsISiteSecurityState).hostname;
+          if (hasRootDomain(hostname, aHost)) {
+            // This uri is used as a key to remove the state.
+            let uri = Services.io.newURI("https://" + hostname);
+            sss.removeState(type, uri, 0, entry.originAttributes);
+          }
+        }
+      }
+
+      aResolve();
+    });
+  },
+
+  deleteAll() {
+    return new Promise(aResolve => {
+      // Clear site security settings - no support for ranges in this
+      // interface either, so we clearAll().
+      let sss = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+      sss.clearAll();
+      aResolve();
+    });
+  },
+};
+
 // Here the map of Flags-Cleaner.
 const FLAGS_MAP = [
  { flag: Ci.nsIClearDataService.CLEAR_COOKIES,
    cleaner: CookieCleaner },
 
  { flag: Ci.nsIClearDataService.CLEAR_NETWORK_CACHE,
    cleaner: NetworkCacheCleaner },
 
@@ -600,16 +637,19 @@ const FLAGS_MAP = [
  { flag: Ci.nsIClearDataService.CLEAR_AUTH_CACHE,
    cleaner: AuthCacheCleaner, },
 
  { flag: Ci.nsIClearDataService.CLEAR_PERMISSIONS,
    cleaner: PermissionsCleaner, },
 
  { flag: Ci.nsIClearDataService.CLEAR_CONTENT_PREFERENCES,
    cleaner: PreferencesCleaner, },
+
+ { flag: Ci.nsIClearDataService.CLEAR_SECURITY_SETTINGS,
+   cleaner: SecuritySettingsCleaner, },
 ];
 
 this.ClearDataService = function() {};
 
 ClearDataService.prototype = Object.freeze({
   classID: Components.ID("{0c06583d-7dd8-4293-b1a5-912205f779aa}"),
   QueryInterface: ChromeUtils.generateQI([Ci.nsIClearDataService]),
   _xpcom_factory: XPCOMUtils.generateSingletonFactory(ClearDataService),
--- a/toolkit/components/cleardata/nsIClearDataService.idl
+++ b/toolkit/components/cleardata/nsIClearDataService.idl
@@ -163,20 +163,23 @@ interface nsIClearDataService : nsISuppo
    */
   const uint32_t CLEAR_PERMISSIONS = 1 << 15;
 
   /**
    * Site preferences
    */
   const uint32_t CLEAR_CONTENT_PREFERENCES = 1 << 16;
 
+  /**
+   * Secure site settings
+   */
+  const uint32_t CLEAR_SECURITY_SETTINGS = 1 << 17;
+
   /* TODO
   const uint32_t CLEAR_EME = 1 << 4;
-  const uint32_t CLEAR_HSTS = 1 << 12;
-  const uint32_t CLEAR_HPKP = 1 << 13;
   const uint32_t CLEAR_FORMDATA = 1 << 16;
   */
 
   /**
    * Use this value to delete all the data.
    */
   const uint32_t CLEAR_ALL = 0xFFFF;
 
--- a/toolkit/forgetaboutsite/ForgetAboutSite.jsm
+++ b/toolkit/forgetaboutsite/ForgetAboutSite.jsm
@@ -26,40 +26,16 @@ var ForgetAboutSite = {
     promises.push((async function() {
       let mps = Cc["@mozilla.org/gecko-media-plugin-service;1"].
                 getService(Ci.mozIGeckoMediaPluginChromeService);
       mps.forgetThisSite(aDomain, JSON.stringify({}));
     })().catch(ex => {
       throw new Error("Exception thrown while clearing Encrypted Media Extensions: " + ex);
     }));
 
-    // HSTS and HPKP
-    promises.push((async function() {
-      let sss = Cc["@mozilla.org/ssservice;1"].
-                getService(Ci.nsISiteSecurityService);
-      for (let type of [Ci.nsISiteSecurityService.HEADER_HSTS,
-                        Ci.nsISiteSecurityService.HEADER_HPKP]) {
-        // Also remove HSTS/HPKP information for subdomains by enumerating the
-        // information in the site security service.
-        let enumerator = sss.enumerate(type);
-        while (enumerator.hasMoreElements()) {
-          let entry = enumerator.getNext();
-          let hostname = entry.QueryInterface(Ci.nsISiteSecurityState).hostname;
-          // If the hostname is aDomain's subdomain, we remove its state.
-          if (hostname == aDomain || hostname.endsWith("." + aDomain)) {
-            // This uri is used as a key to remove the state.
-            let uri = NetUtil.newURI("https://" + hostname);
-            sss.removeState(type, uri, 0, entry.originAttributes);
-          }
-        }
-      }
-    })().catch(ex => {
-      throw new Error("Exception thrown while clearing HSTS/HPKP: " + ex);
-    }));
-
     let ErrorCount = 0;
     for (let promise of promises) {
       try {
         await promise;
       } catch (ex) {
         Cu.reportError(ex);
         ErrorCount++;
       }