Closed Bug 1095602 Opened 5 years ago Closed 11 months ago

remove the STATE_SECURE_HIGH, STATE_SECURE_MEDIUM, STATE_SECURE_LOW distinction from nsIWebProgressListener


(Core :: DOM: Navigation, defect, P2)




Tracking Status
firefox66 --- fixed


(Reporter: keeler, Assigned: qdot)


(Depends on 1 open bug, Blocks 1 open bug)



(1 file)

According to the documentation in nsIWebProgressListener.idl, if the state is STATE_IS_SECURE, the level of security is described by one of STATE_SECURE_HIGH, STATE_SECURE_MEDIUM, or STATE_SECURE_LOW. However, in the actual implementation, we only ever use STATE_SECURE_HIGH. In any case, the distinction is unhelpful; either you're using strong, known-secure encryption and we can reasonably say a connection is secure, or you're not, and we can't say it's secure at all. We should just remove any classification of this sort and rely on STATE_IS_SECURE vs. STATE_IS_INSECURE vs. STATE_IS_BROKEN (which, again, the implementation actually already does).
I think we're almost out of these state flag values when bug 1504728 lands, so fixing this could be a nice way to get three more flag values back...
Only STATE_SECURE_HIGH is used, and that's only in instances where
STATE_IS_SECURE is also used, so we can remove the security level
flags and just assume STATE_IS_SECURE is also STATE_SECURE_HIGH.
Was doing some docshell triage and saw this, and it fits in with my work on bug 1503630, so figured I'd take care of it real quick.
Assignee: nobody → kyle
Priority: -- → P2
Pushed by
Remove STATE_SECURE flags from nsIWebProgressListener; r=Ehsan
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66

comm-central is based on an earlier import of mozilla-central, so I don't think it has this change yet.

Sorry the link was mentioning comm-central, but the file is in mozilla-central (and c-c does always contain an up to date copy of m-c). Anyway, the question was purely for m-c as the comment still mentions the now removed constants.

Blocks: 1525834

Ah, I see. Thanks.

You need to log in before you can comment on or make changes to this bug.