Closed
Bug 1077891
Opened 10 years ago
Closed 10 years ago
HSTS preload update removed everything, because the update script is broken
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla35
Tracking | Status | |
---|---|---|
firefox34 | --- | unaffected |
firefox35 | + | fixed |
People
(Reporter: philor, Assigned: keeler)
References
Details
(Keywords: regression)
Attachments
(1 file)
(deleted),
patch
|
mmc
:
review+
|
Details | Diff | Splinter Review |
https://hg.mozilla.org/mozilla-central/rev/b3fb5bdc588c
Prolly should have written those bug 905852 tests, somehow, or set up that cronjob to run it Friday afternoon and mail the results to you, or added code to make it abort if a sanity-check hits an unexpected error, or to make it abort if it's going to remove everything.
Comment 2•10 years ago
|
||
This looks like a regression from the extra parameter added in https://hg.mozilla.org/mozilla-central/rev/aeacfe204b8d .
[Tracking Requested - why for this release]:
I'm not sure how bad this is; hoping somebody else can comment.
Blocks: hpkp
status-firefox34:
--- → unaffected
status-firefox35:
--- → affected
tracking-firefox35:
--- → ?
Updated•10 years ago
|
Keywords: regression
Assignee | ||
Comment 3•10 years ago
|
||
I forgot that this script uses nsISiteSecurityService to parse HSTS headers when we updated the interface for HPKP.
Note that the situation is not as bad as the summary indicates. Due to the mechanism that doesn't remove sites from the list unless we can connect to them and see that they either don't send the header anymore or send it with max-age:0, no hosts that still send the header were actually removed from the list as a result of this failure (robteix.com was removed because it doesn't send the header, as far as I can see).
Updated•10 years ago
|
Attachment #8500586 -
Flags: review?(mmc) → review+
Assignee | ||
Comment 4•10 years ago
|
||
Updated•10 years ago
|
Comment 5•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla35
You need to log in
before you can comment on or make changes to this bug.
Description
•