Closed Bug 1082791 Opened 10 years ago Closed 10 years ago

About:certerror should be loaded remotely

Categories

(Core :: General, defect)

defect
Not set
normal
Points:
1

Tracking

()

RESOLVED FIXED
mozilla36
Iteration:
36.1
Tracking Status
e10s m4+ ---

People

(Reporter: Felipe, Assigned: Felipe)

References

Details

Attachments

(1 file)

Attached patch PatchSplinter Review
The certerror page should be allowed to be loaded remotely in order to keep the association with the original docShell that attempted a load, so that things like docShell.failedChannel and the linked certs don't get lost due to a remote->non-remote transition.

We need to add it to the whitelist from bug 999239.

Marking for e10s-m4+ as that's what's marked for bug 1053456 (which this blocks).
Attachment #8504974 - Flags: review?(dtownsend+bugmail)
Flags: firefox-backlog+
But, on the other hand, if about:certerror weren't loaded remotely, we wouldn't need to do the remote->non-remote translation, since the information we care about (the certificates presented by the server) is already known to the parent process, because that's where networking happens. From a security perspective, this is the preferable situation, since we shouldn't trust the child process to faithfully report this information.
Flags: qe-verify?
Attachment #8504974 - Flags: review?(dtownsend+bugmail) → review+
Marking as QE- because bug 1053456 is already marked for QE verification
Flags: qe-verify? → qe-verify-
sorry had to back this out for test failures like https://tbpl.mozilla.org/php/getParsedLog.php?id=50231233&tree=Fx-Team
Comment on attachment 8504974 [details] [diff] [review]
Patch

Review of attachment 8504974 [details] [diff] [review]:
-----------------------------------------------------------------

::: browser/modules/E10SUtils.jsm
@@ +18,5 @@
>  
>      if (aURL.startsWith("about:") &&
>          aURL.toLowerCase() != "about:home" &&
>          aURL.toLowerCase() != "about:blank" &&
> +        !aURL.toLowerCase().startsWith("about:neterror")

missing '&&' here.
https://hg.mozilla.org/mozilla-central/rev/af47efe07009
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
You need to log in before you can comment on or make changes to this bug.