bug 800882 - make about:certerror clear as to why overrides don't work on HSTS sites r=dao ui-r=phlsa
authorDavid Keeler <dkeeler@mozilla.com>
Tue, 26 Aug 2014 11:31:34 -0700
changeset 201727 6753df2aec08b6bf5b0b115839e7897563e23ece
parent 201726 efd173e4cc23b316c60e0df7b6df3291dc59ece2
child 201728 b5ccef6b01ec74942ae4eb4cc26b6846f1d1ae5c
push id27380
push userkwierso@gmail.com
push dateWed, 27 Aug 2014 00:50:11 +0000
treeherdermozilla-central@83289be2cd12 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdao, phlsa
bugs800882
milestone34.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 800882 - make about:certerror clear as to why overrides don't work on HSTS sites r=dao ui-r=phlsa
browser/base/content/aboutcerterror/aboutCertError.xhtml
browser/locales/en-US/chrome/browser/aboutCertError.dtd
--- a/browser/base/content/aboutcerterror/aboutCertError.xhtml
+++ b/browser/base/content/aboutcerterror/aboutCertError.xhtml
@@ -75,26 +75,31 @@
           if (node.textContent == "#1")
             node.textContent = location.host;
           else
             for(var i = 0; i < node.childNodes.length; i++)
               replaceWithHost(node.childNodes[i]);
         };
         replaceWithHost(intro);
 
-        if (getCSSClass() == "expertBadCert") {
+        var cssClass = getCSSClass();
+        if (cssClass == "expertBadCert") {
           toggle('technicalContent');
           toggle('expertContent');
         }
 
         // Disallow overrides if this is a Strict-Transport-Security
         // host and the cert is bad (STS Spec section 7.3) or if the
         // certerror is in a frame (bug 633691).
-        if (getCSSClass() == "badStsCert" || window != top)
+        if (cssClass == "badStsCert" || window != top) {
           document.getElementById("expertContent").setAttribute("hidden", "true");
+        }
+        if (cssClass != "badStsCert") {
+          document.getElementById("badStsCertExplanation").setAttribute("hidden", "true");
+        }
 
         var tech = document.getElementById("technicalContentText");
         if (tech)
           tech.textContent = getDescription();
 
         addDomainErrorLink();
       }
 
@@ -209,16 +214,17 @@
           <p id="introContentP1">&certerror.introPara1;</p>
           <p>&certerror.introPara2;</p>
         </div>
 
         <div id="whatShouldIDoContent">
           <h2>&certerror.whatShouldIDo.heading;</h2>
           <div id="whatShouldIDoContentText">
             <p>&certerror.whatShouldIDo.content;</p>
+            <p id="badStsCertExplanation">&certerror.whatShouldIDo.badStsCertExplanation;</p>
             <button id='getMeOutOfHereButton'>&certerror.getMeOutOfHere.label;</button>
           </div>
         </div>
 
         <!-- The following sections can be unhidden by default by setting the
              "browser.xul.error_pages.expert_bad_cert" pref to true -->
         <h2 id="technicalContent" class="expander" collapsed="true">
           <button onclick="toggle('technicalContent');">&certerror.technical.heading;</button>
--- a/browser/locales/en-US/chrome/browser/aboutCertError.dtd
+++ b/browser/locales/en-US/chrome/browser/aboutCertError.dtd
@@ -21,16 +21,20 @@ securely to <b>#1</b>, but we can't conf
 <!ENTITY certerror.introPara2 "Normally, when you try to connect securely,
 sites will present trusted identification to prove that you are
 going to the right place. However, this site's identity can't be verified.">
 
 <!ENTITY certerror.whatShouldIDo.heading "What Should I Do?">
 <!ENTITY certerror.whatShouldIDo.content "If you usually connect to
 this site without problems, this error could mean that someone is
 trying to impersonate the site, and you shouldn't continue.">
+<!ENTITY certerror.whatShouldIDo.badStsCertExplanation "This site uses HTTP
+Strict Transport Security (HSTS) to specify that &brandShortName; only connect
+to it securely. As a result, it is not possible to add an exception for this
+certificate.">
 <!ENTITY certerror.getMeOutOfHere.label "Get me out of here!">
 
 <!ENTITY certerror.expert.heading "I Understand the Risks">
 <!ENTITY certerror.expert.content "If you understand what's going on, you
 can tell &brandShortName; to start trusting this site's identification.
 <b>Even if you trust the site, this error could mean that someone is
 tampering with your connection.</b>">
 <!ENTITY certerror.expert.contentPara2 "Don't add an exception unless