Create a services client for augmenting the STS preload list between releases

RESOLVED FIXED in Firefox 53

Status

()

P1
normal
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: mgoodwin, Assigned: mgoodwin)

Tracking

unspecified
mozilla53
Points:
---

Firefox Tracking Flags

(firefox53 fixed)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 attachment)

(Assignee)

Description

2 years ago
The services blocklist client provides a mechanism we can use to get Strict Transport Security preloads to the browser between releases.

Let's build a client to do this.
Priority: -- → P1
Whiteboard: [psm-assigned]
Does this include HPKP preloads as well, or is there a separate bug for that?
Flags: needinfo?(mgoodwin)
(Assignee)

Comment 2

2 years ago
(In reply to Daniel Veditz [:dveditz] from comment #1)
> Does this include HPKP preloads as well, or is there a separate bug for that?

The work I've done so far only relates to STS - We should file a separate bug.
Flags: needinfo?(mgoodwin)
(Assignee)

Updated

2 years ago
See Also: → bug 1306470
(Assignee)

Comment 3

2 years ago
(In reply to Mark Goodwin [:mgoodwin] from comment #2)
> (In reply to Daniel Veditz [:dveditz] from comment #1)
> > Does this include HPKP preloads as well, or is there a separate bug for that?
> 
> The work I've done so far only relates to STS - We should file a separate
> bug.

Bug 1306470
(Assignee)

Updated

2 years ago
Depends on: 1321780
Comment hidden (mozreview-request)

Comment 5

2 years ago
mozreview-review
Comment on attachment 8820702 [details]
Bug 1283109 - Create a services client for augmenting the STS preload list between releases.

https://reviewboard.mozilla.org/r/100162/#review100656

::: services/common/tests/unit/test_blocklist_pinning.js:161
(Diff revision 1)
>    Services.prefs.setCharPref("services.settings.server",
>                               `http://localhost:${server.identity.primaryPort}/v1`);
>    yield PinningPreloadClient.maybeSync(5000, Date.now());
> +
> +  // Check that five.example.com is now has includeSubdomains set
> +  ok(sss.isSecureHost(sss.HEADER_HSTS, "subdomain.five.example.com", 0));

When looking at the diff it is rather obvious, but I think we could make it even more explicit with a comment that an update to this same STS entry with `last_modified=5000` now has `includeSubdomains=true`.

Comment 6

2 years ago
mozreview-review
Comment on attachment 8820702 [details]
Bug 1283109 - Create a services client for augmenting the STS preload list between releases.

https://reviewboard.mozilla.org/r/100162/#review100658

Comment 7

2 years ago
mozreview-review
Comment on attachment 8820702 [details]
Bug 1283109 - Create a services client for augmenting the STS preload list between releases.

https://reviewboard.mozilla.org/r/100164/#review100662
Attachment #8820702 - Flags: review?(mathieu) → review-

Comment 8

2 years ago
mozreview-review
Comment on attachment 8820702 [details]
Bug 1283109 - Create a services client for augmenting the STS preload list between releases.

https://reviewboard.mozilla.org/r/100164/#review100664
Attachment #8820702 - Flags: review- → review+
Comment hidden (mozreview-request)

Comment 11

2 years ago
Pushed by mgoodwin@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e7181e3b6f3e
Create a services client for augmenting the STS preload list between releases. r=leplatrem

Comment 12

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/e7181e3b6f3e
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox53: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
You need to log in before you can comment on or make changes to this bug.