Bug 1267493 - Replace `isURIPotentiallyTrustworthy` usage in Push with a testing pref. r=dragana
authorKit Cambridge <kcambridge@mozilla.com>
Mon, 25 Apr 2016 20:53:06 -0700
changeset 333996 4f401a7aee98238409783fb7016108ec5c86347c
parent 333995 a6f40cd906862c88bc010f95cd0f56b058db43e2
child 333997 d7beb35b55c74a5d9f8762a9f178f8e470d1288f
push id6249
push userjlund@mozilla.com
push dateMon, 01 Aug 2016 13:59:36 +0000
treeherdermozilla-beta@bad9d4f5bf7e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdragana
bugs1267493
milestone49.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1267493 - Replace `isURIPotentiallyTrustworthy` usage in Push with a testing pref. r=dragana MozReview-Commit-ID: LrjAyVeNMyI
dom/push/PushService.jsm
dom/push/PushServiceAndroidGCM.jsm
dom/push/PushServiceHttp2.jsm
dom/push/PushServiceWebSocket.jsm
dom/push/test/xpcshell/test_notification_http2.js
dom/push/test/xpcshell/test_register_5xxCode_http2.js
dom/push/test/xpcshell/test_resubscribe_4xxCode_http2.js
dom/push/test/xpcshell/test_resubscribe_5xxCode_http2.js
dom/push/test/xpcshell/test_resubscribe_listening_for_msg_error_http2.js
dom/push/test/xpcshell/test_updateRecordNoEncryptionKeys_http2.js
--- a/dom/push/PushService.jsm
+++ b/dom/push/PushService.jsm
@@ -26,20 +26,16 @@ const CONNECTION_PROTOCOLS = (function()
     const {PushServiceHttp2} = Cu.import("resource://gre/modules/PushServiceHttp2.jsm");
     return [PushServiceWebSocket, PushServiceHttp2];
   } else {
     const {PushServiceAndroidGCM} = Cu.import("resource://gre/modules/PushServiceAndroidGCM.jsm");
     return [PushServiceAndroidGCM];
   }
 })();
 
-XPCOMUtils.defineLazyServiceGetter(this, "gContentSecurityManager",
-                                   "@mozilla.org/contentsecuritymanager;1",
-                                   "nsIContentSecurityManager");
-
 XPCOMUtils.defineLazyServiceGetter(this, "gPushNotifier",
                                    "@mozilla.org/push/Notifier;1",
                                    "nsIPushNotifier");
 
 XPCOMUtils.defineLazyGetter(this, "gDOMBundle", () =>
   Services.strings.createBundle("chrome://global/locale/dom/dom.properties"));
 
 this.EXPORTED_SYMBOLS = ["PushService"];
@@ -395,21 +391,16 @@ this.PushService = {
     try {
       uri = Services.io.newURI(serverURL, null, null);
     } catch (e) {
       console.warn("findService: Error creating valid URI from",
         "dom.push.serverURL", serverURL);
       return [];
     }
 
-    if (!gContentSecurityManager.isURIPotentiallyTrustworthy(uri)) {
-      console.warn("findService: Untrusted server URI", uri.spec);
-      return [];
-    }
-
     for (let connProtocol of CONNECTION_PROTOCOLS) {
       if (connProtocol.validServerURI(uri)) {
         service = connProtocol;
         break;
       }
     }
     return [service, uri];
   },
--- a/dom/push/PushServiceAndroidGCM.jsm
+++ b/dom/push/PushServiceAndroidGCM.jsm
@@ -66,19 +66,19 @@ this.PushServiceAndroidGCM = {
   validServerURI: function(serverURI) {
     if (!serverURI) {
       return false;
     }
 
     if (serverURI.scheme == "https") {
       return true;
     }
-    if (prefs.get("debug") && serverURI.scheme == "http") {
-      // Accept HTTP endpoints when debugging.
-      return true;
+    if (serverURI.scheme == "http") {
+      // Allow insecure server URLs for development and testing.
+      return !!prefs.get("testing.allowInsecureServerURL");
     }
     console.info("Unsupported Android GCM dom.push.serverURL scheme", serverURI.scheme);
     return false;
   },
 
   observe: function(subject, topic, data) {
     if (topic == "nsPref:changed") {
       if (data == "dom.push.debug") {
--- a/dom/push/PushServiceHttp2.jsm
+++ b/dom/push/PushServiceHttp2.jsm
@@ -434,17 +434,20 @@ this.PushServiceHttp2 = {
     return "http2";
   },
 
   hasmainPushService: function() {
     return this._mainPushService !== null;
   },
 
   validServerURI: function(serverURI) {
-    return serverURI.scheme == "http" || serverURI.scheme == "https";
+    if (serverURI.scheme == "http") {
+      return !!prefs.get("testing.allowInsecureServerURL");
+    }
+    return serverURI.scheme == "https";
   },
 
   connect: function(subscriptions) {
     this.startConnections(subscriptions);
   },
 
   isConnected: function() {
     return this._mainPushService != null;
--- a/dom/push/PushServiceWebSocket.jsm
+++ b/dom/push/PushServiceWebSocket.jsm
@@ -252,17 +252,20 @@ this.PushServiceWebSocket = {
     // The most likely reason for a pong or registration request timing out is
     // that the socket has disconnected. Best to reconnect.
     if (requestTimedOut) {
       this._reconnect();
     }
   },
 
   validServerURI: function(serverURI) {
-    return serverURI.scheme == "ws" || serverURI.scheme == "wss";
+    if (serverURI.scheme == "ws") {
+      return !!prefs.get("testing.allowInsecureServerURL");
+    }
+    return serverURI.scheme == "wss";
   },
 
   get _UAID() {
     return prefs.get("userAgentID");
   },
 
   set _UAID(newID) {
     if (typeof(newID) !== "string") {
--- a/dom/push/test/xpcshell/test_notification_http2.js
+++ b/dom/push/test/xpcshell/test_notification_http2.js
@@ -4,51 +4,47 @@
 'use strict';
 
 Cu.import("resource://gre/modules/Services.jsm");
 
 const {PushDB, PushService, PushServiceHttp2} = serviceExports;
 
 var prefs;
 var tlsProfile;
-var pushEnabled;
-var pushConnectionEnabled;
 
 var serverPort = -1;
 
 function run_test() {
   var env = Cc["@mozilla.org/process/environment;1"].getService(Ci.nsIEnvironment);
   serverPort = env.get("MOZHTTP2_PORT");
   do_check_neq(serverPort, null);
   dump("using port " + serverPort + "\n");
 
   do_get_profile();
-  setPrefs();
+  setPrefs({
+    'testing.allowInsecureServerURL': true,
+  });
   prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
 
   tlsProfile = prefs.getBoolPref("network.http.spdy.enforce-tls-profile");
-  pushEnabled = prefs.getBoolPref("dom.push.enabled");
-  pushConnectionEnabled = prefs.getBoolPref("dom.push.connection.enabled");
 
   // Set to allow the cert presented by our H2 server
   var oldPref = prefs.getIntPref("network.http.speculative-parallel-limit");
   prefs.setIntPref("network.http.speculative-parallel-limit", 0);
   prefs.setBoolPref("network.http.spdy.enforce-tls-profile", false);
   prefs.setBoolPref("dom.push.enabled", true);
   prefs.setBoolPref("dom.push.connection.enabled", true);
 
   addCertOverride("localhost", serverPort,
                   Ci.nsICertOverrideService.ERROR_UNTRUSTED |
                   Ci.nsICertOverrideService.ERROR_MISMATCH |
                   Ci.nsICertOverrideService.ERROR_TIME);
 
   prefs.setIntPref("network.http.speculative-parallel-limit", oldPref);
 
-  servicePrefs.set('testing.notifyWorkers', false);
-
   run_next_test();
 }
 
 add_task(function* test_pushNotifications() {
 
   // /pushNotifications/subscription1 will send a message with no rs and padding
   // length 1.
   // /pushNotifications/subscription2 will send a message with no rs and padding
@@ -188,11 +184,9 @@ add_task(function* test_pushNotification
     db
   });
 
   yield notifyPromise;
 });
 
 add_task(function* test_complete() {
   prefs.setBoolPref("network.http.spdy.enforce-tls-profile", tlsProfile);
-  prefs.setBoolPref("dom.push.enabled", pushEnabled);
-  prefs.setBoolPref("dom.push.connection.enabled", pushConnectionEnabled);
 });
--- a/dom/push/test/xpcshell/test_register_5xxCode_http2.js
+++ b/dom/push/test/xpcshell/test_register_5xxCode_http2.js
@@ -48,16 +48,17 @@ httpServer = new HttpServer();
 httpServer.registerPathHandler("/subscribe5xxCode", subscribe5xxCodeHandler);
 httpServer.registerPathHandler("/subscription", listenSuccessHandler);
 httpServer.start(-1);
 
 function run_test() {
 
   do_get_profile();
   setPrefs({
+    'testing.allowInsecureServerURL': true,
     'http2.retryInterval': 1000,
     'http2.maxRetries': 2
   });
 
   run_next_test();
 }
 
 add_task(function* test1() {
--- a/dom/push/test/xpcshell/test_resubscribe_4xxCode_http2.js
+++ b/dom/push/test/xpcshell/test_resubscribe_4xxCode_http2.js
@@ -46,18 +46,21 @@ httpServer.registerPathHandler("/subscri
 httpServer.registerPathHandler("/subscribe", resubscribeHandler);
 httpServer.registerPathHandler("/newSubscription", listenSuccessHandler);
 httpServer.start(-1);
 
 function run_test() {
 
   do_get_profile();
 
-  servicePrefs.set('testing.notifyWorkers', false);
-  setPrefs();
+  setPrefs({
+    'testing.allowInsecureServerURL': true,
+    'testing.notifyWorkers': false,
+    'testing.notifyAllObservers': true,
+  });
 
   run_next_test();
 }
 
 add_task(function* test1() {
 
   let db = PushServiceHttp2.newPushDB();
   do_register_cleanup(() => {
--- a/dom/push/test/xpcshell/test_resubscribe_5xxCode_http2.js
+++ b/dom/push/test/xpcshell/test_resubscribe_5xxCode_http2.js
@@ -50,16 +50,17 @@ httpServer.registerPathHandler("/subscri
 httpServer.registerPathHandler("/subscribe", resubscribeHandler);
 httpServer.registerPathHandler("/newSubscription", listenSuccessHandler);
 httpServer.start(-1);
 
 function run_test() {
 
   do_get_profile();
   setPrefs({
+    'testing.allowInsecureServerURL': true,
     'http2.retryInterval': 1000,
     'http2.maxRetries': 2
   });
 
   run_next_test();
 }
 
 add_task(function* test1() {
--- a/dom/push/test/xpcshell/test_resubscribe_listening_for_msg_error_http2.js
+++ b/dom/push/test/xpcshell/test_resubscribe_listening_for_msg_error_http2.js
@@ -39,16 +39,17 @@ httpServer = new HttpServer();
 httpServer.registerPathHandler("/subscribe", resubscribeHandler);
 httpServer.registerPathHandler("/newSubscription", listenSuccessHandler);
 httpServer.start(-1);
 
 function run_test() {
 
   do_get_profile();
   setPrefs({
+    'testing.allowInsecureServerURL': true,
     'http2.retryInterval': 1000,
     'http2.maxRetries': 2
   });
 
   run_next_test();
 }
 
 add_task(function* test1() {
--- a/dom/push/test/xpcshell/test_updateRecordNoEncryptionKeys_http2.js
+++ b/dom/push/test/xpcshell/test_updateRecordNoEncryptionKeys_http2.js
@@ -24,16 +24,17 @@ function listenHandler(metadata, respons
 httpServer = new HttpServer();
 httpServer.registerPathHandler("/subscriptionNoKey", listenHandler);
 httpServer.start(-1);
 
 function run_test() {
 
   do_get_profile();
   setPrefs({
+    'testing.allowInsecureServerURL': true,
     'http2.retryInterval': 1000,
     'http2.maxRetries': 2
   });
 
   run_next_test();
 }
 
 add_task(function* test1() {