Closed
Bug 1283109
Opened 9 years ago
Closed 8 years ago
Create a services client for augmenting the STS preload list between releases
Categories
(Core :: Security: PSM, defect, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla53
| Tracking | Status | |
|---|---|---|
| firefox53 | --- | fixed |
People
(Reporter: mgoodwin, Assigned: mgoodwin)
References
Details
(Whiteboard: [psm-assigned])
Attachments
(1 file)
The services blocklist client provides a mechanism we can use to get Strict Transport Security preloads to the browser between releases.
Let's build a client to do this.
|
||
Updated•9 years ago
|
Priority: -- → P1
Whiteboard: [psm-assigned]
|
||
Comment 1•9 years ago
|
||
Does this include HPKP preloads as well, or is there a separate bug for that?
Flags: needinfo?(mgoodwin)
|
Assignee | |
Comment 2•9 years ago
|
||
(In reply to Daniel Veditz [:dveditz] from comment #1)
> Does this include HPKP preloads as well, or is there a separate bug for that?
The work I've done so far only relates to STS - We should file a separate bug.
Flags: needinfo?(mgoodwin)
|
|
Assignee | |
Comment 3•9 years ago
|
||
(In reply to Mark Goodwin [:mgoodwin] from comment #2)
> (In reply to Daniel Veditz [:dveditz] from comment #1)
> > Does this include HPKP preloads as well, or is there a separate bug for that?
>
> The work I've done so far only relates to STS - We should file a separate
> bug.
Bug 1306470
| Comment hidden (mozreview-request) |
|
||
Comment 5•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8820702 [details]
Bug 1283109 - Create a services client for augmenting the STS preload list between releases.
https://reviewboard.mozilla.org/r/100162/#review100656
::: services/common/tests/unit/test_blocklist_pinning.js:161
(Diff revision 1)
> Services.prefs.setCharPref("services.settings.server",
> `http://localhost:${server.identity.primaryPort}/v1`);
> yield PinningPreloadClient.maybeSync(5000, Date.now());
> +
> + // Check that five.example.com is now has includeSubdomains set
> + ok(sss.isSecureHost(sss.HEADER_HSTS, "subdomain.five.example.com", 0));
When looking at the diff it is rather obvious, but I think we could make it even more explicit with a comment that an update to this same STS entry with `last_modified=5000` now has `includeSubdomains=true`.
|
|
||
Comment 6•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8820702 [details]
Bug 1283109 - Create a services client for augmenting the STS preload list between releases.
https://reviewboard.mozilla.org/r/100162/#review100658
|
|
||
Comment 7•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8820702 [details]
Bug 1283109 - Create a services client for augmenting the STS preload list between releases.
https://reviewboard.mozilla.org/r/100164/#review100662
Attachment #8820702 -
Flags: review?(mathieu) → review-
|
|
||
Comment 8•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8820702 [details]
Bug 1283109 - Create a services client for augmenting the STS preload list between releases.
https://reviewboard.mozilla.org/r/100164/#review100664
Attachment #8820702 -
Flags: review- → review+
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Comment 10•8 years ago
|
||
|
||
Comment 11•8 years ago
|
||
Pushed by mgoodwin@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e7181e3b6f3e
Create a services client for augmenting the STS preload list between releases. r=leplatrem
|
||
Comment 12•8 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox53:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
You need to log in
before you can comment on or make changes to this bug.
Description
•