Merge mozilla-beta to release. a=merge FENNEC_53_0_BUILD1 FENNEC_53_0_RELEASE
authorRyan VanderMeulen <ryanvm@gmail.com>
Wed, 12 Apr 2017 16:58:42 -0400
changeset 565377 f239279b709072490993b099832fa8c18f07713a
parent 565372 81e6d873a1033156c523129b6d3b25b0913f2fb6 (current diff)
parent 565376 2326a8ab150650a81061c343dabb728f84f91911 (diff)
child 565378 645022d600ebeae1c70fd952e3d40e79248c7c24
push id54835
push userbmo:jlorenzo@mozilla.com
push dateWed, 19 Apr 2017 19:09:18 +0000
reviewersmerge
milestone53.0
Merge mozilla-beta to release. a=merge
netwerk/base/security-prefs.js
--- a/netwerk/base/security-prefs.js
+++ b/netwerk/base/security-prefs.js
@@ -83,17 +83,17 @@ pref("security.pki.name_matching_mode", 
 pref("security.pki.netscape_step_up_policy", 1);
 #else
 pref("security.pki.netscape_step_up_policy", 2);
 #endif
 
 // Configures Certificate Transparency support mode:
 // 0: Fully disabled.
 // 1: Only collect telemetry. CT qualification checks are not performed.
-pref("security.pki.certificate_transparency.mode", 1);
+pref("security.pki.certificate_transparency.mode", 0);
 
 pref("security.webauth.u2f", false);
 pref("security.webauth.u2f_enable_softtoken", false);
 pref("security.webauth.u2f_enable_usbtoken", false);
 
 pref("security.webauth.webauthn", false);
 pref("security.webauth.webauthn_enable_softtoken", false);
 pref("security.webauth.webauthn_enable_usbtoken", false);
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -5586,16 +5586,35 @@ NS_IMETHODIMP nsHttpChannel::CloseSticky
     }
 
     // This turns the IsPersistent() indicator on the connection to false,
     // and makes us throw it away in OnStopRequest.
     conn->DontReuse();
     return NS_OK;
 }
 
+NS_IMETHODIMP nsHttpChannel::ForceNoSpdy()
+{
+    LOG(("nsHttpChannel::ForceNoSpdy this=%p", this));
+
+    MOZ_ASSERT(mTransaction);
+    if (!mTransaction) {
+        return NS_ERROR_UNEXPECTED;
+    }
+
+    mAllowSpdy = 0;
+    mCaps |= NS_HTTP_DISALLOW_SPDY;
+
+    if (!(mTransaction->Caps() & NS_HTTP_DISALLOW_SPDY)) {
+        mTransaction->DisableSpdy();
+    }
+
+    return NS_OK;
+}
+
 //-----------------------------------------------------------------------------
 // nsHttpChannel::nsISupports
 //-----------------------------------------------------------------------------
 
 NS_IMPL_ADDREF_INHERITED(nsHttpChannel, HttpBaseChannel)
 NS_IMPL_RELEASE_INHERITED(nsHttpChannel, HttpBaseChannel)
 
 NS_INTERFACE_MAP_BEGIN(nsHttpChannel)
--- a/netwerk/protocol/http/nsHttpChannel.h
+++ b/netwerk/protocol/http/nsHttpChannel.h
@@ -106,16 +106,17 @@ public:
     NS_IMETHOD GetServerResponseHeader(nsACString & aServerResponseHeader) override;
     NS_IMETHOD GetProxyChallenges(nsACString & aChallenges) override;
     NS_IMETHOD GetWWWChallenges(nsACString & aChallenges) override;
     NS_IMETHOD SetProxyCredentials(const nsACString & aCredentials) override;
     NS_IMETHOD SetWWWCredentials(const nsACString & aCredentials) override;
     NS_IMETHOD OnAuthAvailable() override;
     NS_IMETHOD OnAuthCancelled(bool userCancel) override;
     NS_IMETHOD CloseStickyConnection() override;
+    NS_IMETHOD ForceNoSpdy() override;
     // Functions we implement from nsIHttpAuthenticableChannel but are
     // declared in HttpBaseChannel must be implemented in this class. We
     // just call the HttpBaseChannel:: impls.
     NS_IMETHOD GetLoadFlags(nsLoadFlags *aLoadFlags) override;
     NS_IMETHOD GetURI(nsIURI **aURI) override;
     NS_IMETHOD GetNotificationCallbacks(nsIInterfaceRequestor **aCallbacks) override;
     NS_IMETHOD GetLoadGroup(nsILoadGroup **aLoadGroup) override;
     NS_IMETHOD GetRequestMethod(nsACString& aMethod) override;
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
@@ -812,16 +812,20 @@ nsHttpChannelAuthProvider::GetCredential
           //   as non-valid and we would ask the user again ; clearing it forces
           //   use of the cached identity and not asking the user again
           mProxyIdent.Clear();
         }
         mConnectionBased = false;
     }
 
     mConnectionBased = !!(authFlags & nsIHttpAuthenticator::CONNECTION_BASED);
+    if (mConnectionBased) {
+        rv = mAuthChannel->ForceNoSpdy();
+        MOZ_ASSERT(NS_SUCCEEDED(rv));
+    }
 
     if (identityInvalid) {
         if (entry) {
             if (ident->Equals(entry->Identity())) {
                 if (!identFromURI) {
                     LOG(("  clearing bad auth cache entry\n"));
                     // ok, we've already tried this user identity, so clear the
                     // corresponding entry from the auth cache.
--- a/netwerk/protocol/http/nsHttpTransaction.cpp
+++ b/netwerk/protocol/http/nsHttpTransaction.cpp
@@ -2011,16 +2011,21 @@ void
 nsHttpTransaction::CheckForStickyAuthScheme()
 {
   LOG(("nsHttpTransaction::CheckForStickyAuthScheme this=%p"));
 
   MOZ_ASSERT(mHaveAllHeaders);
   MOZ_ASSERT(mResponseHead);
   MOZ_ASSERT(PR_GetCurrentThread() == gSocketThread);
 
+  if (mClosed) {
+      LOG(("  closed, not checking"));
+      return;
+  }
+
   CheckForStickyAuthSchemeAt(nsHttp::WWW_Authenticate);
   CheckForStickyAuthSchemeAt(nsHttp::Proxy_Authenticate);
 }
 
 void
 nsHttpTransaction::CheckForStickyAuthSchemeAt(nsHttpAtom const& header)
 {
   if (mCaps & NS_HTTP_STICKY_CONNECTION) {
--- a/netwerk/protocol/http/nsHttpTransaction.h
+++ b/netwerk/protocol/http/nsHttpTransaction.h
@@ -129,16 +129,18 @@ public:
     bool UsesPipelining() const { return mCaps & NS_HTTP_ALLOW_PIPELINING; }
 
     // overload of nsAHttpTransaction::RequestContext()
     nsIRequestContext *RequestContext() override { return mRequestContext.get(); }
     void SetRequestContext(nsIRequestContext *aRequestContext);
     void DispatchedAsBlocking();
     void RemoveDispatchedAsBlocking();
 
+    void DisableSpdy() override;
+
     nsHttpTransaction *QueryHttpTransaction() override { return this; }
 
     Http2PushedStream *GetPushedStream() { return mPushedStream; }
     Http2PushedStream *TakePushedStream()
     {
         Http2PushedStream *r = mPushedStream;
         mPushedStream = nullptr;
         return r;
@@ -193,17 +195,16 @@ private:
                                        uint32_t, uint32_t, uint32_t *);
     static nsresult WritePipeSegment(nsIOutputStream *, void *, char *,
                                      uint32_t, uint32_t, uint32_t *);
 
     bool TimingEnabled() const { return mCaps & NS_HTTP_TIMING_ENABLED; }
 
     bool ResponseTimeoutEnabled() const final;
 
-    void DisableSpdy() override;
     void ReuseConnectionOnRestartOK(bool reuseOk) override { mReuseOnRestart = reuseOk; }
 
     // Called right after we parsed the response head.  Checks for connection based
     // authentication schemes in reponse headers for WWW and Proxy authentication.
     // If such is found in any of them, NS_HTTP_STICKY_CONNECTION is set in mCaps.
     // We need the sticky flag be set early to keep the connection from very start
     // of the authentication process.
     void CheckForStickyAuthScheme();
--- a/netwerk/protocol/http/nsIHttpAuthenticableChannel.idl
+++ b/netwerk/protocol/http/nsIHttpAuthenticableChannel.idl
@@ -107,9 +107,15 @@ interface nsIHttpAuthenticableChannel : 
     void onAuthCancelled(in boolean userCancel);
 
     /**
      * Tells the channel to drop and close any sticky connection, since this
      * connection oriented schema cannot be negotiated second time on
      * the same connection.
      */
     void closeStickyConnection();
+
+    /**
+     * Tells the channel to not use SPDY-like protocols, since this will be
+     * using connection-oriented auth.
+     */
+    void forceNoSpdy();
 };
--- a/testing/marionette/session.js
+++ b/testing/marionette/session.js
@@ -48,33 +48,31 @@ session.Timeouts = class {
     };
   }
 
   static fromJSON (json) {
     assert.object(json);
     let t = new session.Timeouts();
 
     for (let [typ, ms] of Object.entries(json)) {
-      assert.positiveInteger(ms);
-
       switch (typ) {
         case "implicit":
-          t.implicit = ms;
+          t.implicit = assert.positiveInteger(ms);
           break;
 
         case "script":
-          t.script = ms;
+          t.script = assert.positiveInteger(ms);
           break;
 
         case "pageLoad":
-          t.pageLoad = ms;
+          t.pageLoad = assert.positiveInteger(ms);
           break;
 
         default:
-          throw new InvalidArgumentError();
+          throw new InvalidArgumentError("Unrecognised timeout: " + typ);
       }
     }
 
     return t;
   }
 };
 
 /** Enum of page loading strategies. */
--- a/testing/marionette/test_session.js
+++ b/testing/marionette/test_session.js
@@ -43,16 +43,53 @@ add_test(function test_Timeouts_fromJSON
   let ts = session.Timeouts.fromJSON(json);
   equal(ts.implicit, json.implicit);
   equal(ts.pageLoad, json.pageLoad);
   equal(ts.script, json.script);
 
   run_next_test();
 });
 
+add_test(function test_Timeouts_fromJSON_unrecognised_field() {
+  let json = {
+    sessionId: "foobar",
+    script: 42,
+  };
+  try {
+    session.Timeouts.fromJSON(json);
+  } catch (e) {
+    equal(e.name, InvalidArgumentError.name);
+    equal(e.message, "Unrecognised timeout: sessionId");
+  }
+
+  run_next_test();
+});
+
+add_test(function test_Timeouts_fromJSON_invalid_type() {
+  try {
+    session.Timeouts.fromJSON({script: "foobar"});
+  } catch (e) {
+    equal(e.name, InvalidArgumentError.name);
+    equal(e.message, "Expected [object String] \"foobar\" to be an integer");
+  }
+
+  run_next_test();
+});
+
+add_test(function test_Timeouts_fromJSON_bounds() {
+  try {
+    session.Timeouts.fromJSON({script: -42});
+  } catch (e) {
+    equal(e.name, InvalidArgumentError.name);
+    equal(e.message, "Expected [object Number] -42 to be >= 0");
+  }
+
+  run_next_test();
+});
+
 add_test(function test_PageLoadStrategy() {
   equal(session.PageLoadStrategy.None, "none");
   equal(session.PageLoadStrategy.Eager, "eager");
   equal(session.PageLoadStrategy.Normal, "normal");
 
   run_next_test();
 });