Closed Bug 1269568 Opened 9 years ago Closed 8 years ago

Remove LoginManagerContent's isDocumentSecure function in favor of Window.isSecureContext

Categories

(Toolkit :: Password Manager, defect, P3)

Product:
Toolkit
Component:
Password Manager
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla52
Tracking Flags:
Tracking Status
firefox52 --- fixed

People

(Reporter: jwatt, Assigned: MattN)

References

Details

(Whiteboard: [passwords:tech-debt])

Attachments

(2 files)

Bug 1269568 - Remove LoginManagerContent's isDocumentSecure function in favor of Window.isSecureContext.
(deleted), text/x-review-board-request
johannh
: review+
Details
Bug 1269568 - Update browser_webconsole_bug_762593_... to check for the more accurate frame message.
(deleted), text/x-review-board-request
MattN
: review+
Details
LoginManagerContent has an isDocumentSecure function that tries to provide a rough approximation of whether or not a document creates a Secure Context, aka: https://w3c.github.io/webappsec-secure-contexts/ Now that bug 1162772 has landed this code should be removed in favor of Window.isSecureContext. Note that the hasInsecureLoginForms function in LoginManagerContent.jsm no longer needs the parentIsInsecure argument since Window.isSecureContext takes that into account. Similarly _checkForInsecureNestedDocuments is not needed since all it does is walk the parent chain checking if each document is secure. Note that Window.isSecureContext also takes into account the security of opener windows, so switching to Window.isSecureContext does involve a change in behavior to become more restrict in that regard.
(gScriptSecurityManager can also be removed from LoginManagerContent.jsm since isDocumentSecure is the only consumer.)
Yeah, I was planning on switching this out after bug 1261234 lands. It seems like we would still need isOriginPotentiallyTrustworthy in InsecurePasswordUtils for the form @action attribute.
Depends on: 1261234
MattN: Should this be assigned to you?
No as I have no time to work on it this quarter and it doesn't seem like a high priority. If Sean or you want to figure it out I can review but I'm not sure what the urgency is since I don't think we'll ever be able to remove isOriginPotentiallyTrustworthy.
Whiteboard: [passwords:tech-debt]
This mess of differing security checks was getting in the way of bug 1302474 so I'm putting up a patch. Bug 1302474 will clean up the security checks even more.
Assignee: nobody → MattN+bmo
Blocks: 1302474
Status: NEW → ASSIGNED
Priority: -- → P3
Comment on attachment 8798695 [details] Bug 1269568 - Remove LoginManagerContent's isDocumentSecure function in favor of Window.isSecureContext. https://reviewboard.mozilla.org/r/84114/#review83114 Looks good, thanks!
Attachment #8798695 - Flags: review?(jhofmann) → review+
Pushed by mozilla@noorenberghe.ca: https://hg.mozilla.org/integration/autoland/rev/084f217c4d49 Remove LoginManagerContent's isDocumentSecure function in favor of Window.isSecureContext. r=johannh
Comment on attachment 8799540 [details] Bug 1269568 - Update browser_webconsole_bug_762593_... to check for the more accurate frame message. https://reviewboard.mozilla.org/r/84686/#review83276
Attachment #8799540 - Flags: review?(MattN+bmo) → review+
Pushed by mozilla@noorenberghe.ca: https://hg.mozilla.org/integration/autoland/rev/2919296c48c0 Update browser_webconsole_bug_762593_... to check for the more accurate frame message. r=me
https://hg.mozilla.org/mozilla-central/rev/084f217c4d49 https://hg.mozilla.org/mozilla-central/rev/2919296c48c0
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox52: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Depends on: 1329940
Depends on: 1334201
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: