Closed Bug 1313596 Opened 9 years ago Closed 9 years ago

Increase HSTS priming cache timeout

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla52

Tracking Flags:

Tracking

Status

firefox52

---

fixed

People

(Reporter: kmckinley, Assigned: kmckinley)

References

Details

(Whiteboard: [domsecurity-backlog1] [hsts-priming])

Attachments

(1 file, 1 obsolete file)

Bug 1313596 Increase HSTS Priming default cache timeout 9 years ago Kate McKinley [:kmckinley, :Kate] 58 bytes, text/x-review-board-request	mayhemer : review+	Details
Increase HSTS Priming default cache timeout - fixup patch 9 years ago Kate McKinley [:kmckinley, :Kate] 10.53 KB, patch	kmckinley : review+	Details \| Diff \| Splinter Review

Kate McKinley [:kmckinley, :Kate]

Assignee

Description

•

9 years ago

HSTS priming caches the result of failed priming requests for 24 hours. Increasing this to 7 days will reduce the occurrence of HSTS Priming requests that timeout. This will reduce the number of times users experience long delays with mis-configured sites.

Christoph Kerschbaumer [:ckerschb}

Updated

•

9 years ago

Priority: -- → P3

Whiteboard: [domsecurity-backlog1]

Comment hidden (mozreview-request)

Kate McKinley [:kmckinley, :Kate]

Assignee

Comment 2

•

9 years ago

Using a hardcoded value, but maybe this should be a pref?

Christoph Kerschbaumer [:ckerschb}

Comment 3

•

9 years ago

Comment on attachment 8806248 [details] Bug 1313596 Increase HSTS Priming default cache timeout I don't have a strong opinion. For me using a hardcoded value in this case seems reasonable. I also don't think I should be reviewing those bits. Honza is definitely the right person to ask here.

Attachment #8806248 - Flags: review?(ckerschb) → feedback+

Kate McKinley [:kmckinley, :Kate]

Assignee

Updated

•

9 years ago

Whiteboard: [domsecurity-backlog1] → [domsecurity-backlog1] [hsts-priming]

Honza Bambas (:mayhemer)

Comment 4

•

9 years ago

mozreview-review

Comment on attachment 8806248 [details] Bug 1313596 Increase HSTS Priming default cache timeout https://reviewboard.mozilla.org/r/89752/#review89704 ::: netwerk/protocol/http/nsHttpChannel.cpp:8004 (Diff revision 1) > } > > - // Don't visit again for at least one day > + // Don't visit again for at least HSTS_PRIMING_CACHE_TIMEOUT seconds > nsISiteSecurityService* sss = gHttpHandler->GetSSService(); > NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY); > - nsresult rv = sss->CacheNegativeHSTSResult(mURI, 24 * 60 * 60); > + nsresult rv = sss->CacheNegativeHSTSResult(mURI, HSTS_PRIMING_CACHE_TIMEOUT); please make a preference for this. see https://dxr.mozilla.org/mozilla-central/source/modules/libpref/Preferences.h for some nice and easy to use APIs (AddUintVarCache) add your preference to https://dxr.mozilla.org/mozilla-central/source/modules/libpref/init/all.js I am not sure if this is a gecko (or even necko) feature or it's a browser feature. up to you to decide on the preference prefix (either browser. or network. or something else)

Attachment #8806248 - Flags: review?(honzab.moz) → review-

Comment hidden (mozreview-request)

Honza Bambas (:mayhemer)

Comment 6

•

9 years ago

mozreview-review

Comment on attachment 8806248 [details] Bug 1313596 Increase HSTS Priming default cache timeout https://reviewboard.mozilla.org/r/89752/#review91604 ::: dom/security/nsMixedContentBlocker.h:101 (Diff revision 2) > static bool sBlockMixedDisplay; > + // Do we move HSTS before mixed-content > static bool sUseHSTS; > + // Do we send an HSTS priming request > static bool sSendHSTSPriming; > + // Default HSTS Priming failure timeout // Default HSTS Priming cached failure timeout in seconds ::: dom/security/test/hsts/browser_hsts-priming_cache-timeout.js:1 (Diff revision 2) > + nit: remove the top blank line

Attachment #8806248 - Flags: review?(honzab.moz) → review+

Comment hidden (mozreview-request)

Pulsebot

Comment 10

•

9 years ago

Pushed by kmckinley@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/91d0760b71d4 Increase HSTS Priming default cache timeout r=mayhemer

Pulsebot

Comment 11

•

9 years ago

Backout by cbook@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3e38456aa52a Backed out changeset 91d0760b71d4 on developers request

Kate McKinley [:kmckinley, :Kate]

Assignee

Comment 12

•

9 years ago

Attached patch Increase HSTS Priming default cache timeout - fixup patch — Details — Splinter Review

Fixup pref name. Fixup failing no-duplicates test https://treeherder.mozilla.org/#/jobs?repo=try&revision=3f445f3cff2375335811c8b3a66ba2099b085425

Attachment #8806248 - Attachment is obsolete: true

Attachment #8809308 - Flags: review+

Kate McKinley [:kmckinley, :Kate]

Assignee

Updated

•

9 years ago

Attachment #8809308 - Attachment description: Increase HSTS Priming default cache timeout - fixup patch for missing tests → Increase HSTS Priming default cache timeout - fixup patch

Kate McKinley [:kmckinley, :Kate]

Assignee

Updated

•

9 years ago

Keywords: checkin-needed

Pulsebot

Comment 13

•

9 years ago

Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/817c3befbadc Increase HSTS Priming default cache timeout. r=mayhemer

Keywords: checkin-needed

Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)

Comment 14

•

9 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/817c3befbadc

Status: ASSIGNED → RESOLVED

Closed: 9 years ago

status-firefox52: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla52

You need to log in before you can comment on or make changes to this bug.