Open Bug 1431043 Opened 8 years ago Updated 3 years ago

webRequest.onHeadersReceived cannot trigger HSTS on cached requests

Categories

(WebExtensions :: Request Handling, defect, P3)

defect

Tracking

(Not tracked)

REOPENED

People

(Reporter: jwkbugzilla, Unassigned)

References

(Depends on 1 open bug)

Details

+++ This bug was initially created as a clone of Bug #1418275 +++ With bug 1418275 fixed, I am still stuck with Enforce Encryption encryption. In order to enable HSTS my extension triggers a request with `cache: "force-cache"` flag - having it hit the network is really undesirable. It then does the following in the onHeadersReceived handler: let headers = details.responseHeaders || []; headers.push({ name: "Strict-Transport-Security", value: "max-age=31536000000" }); return {responseHeaders: headers}; This works in Chrome, the site gets HSTS enabled as the result. In Firefox (tested in 59.0a1 2018-01-15 nightly) it has no effect for cached requests however. Looking into the source code, it seems that no HSTS processing happens for cached requests. This seems wrong: even a cached response should renew HSTS if it happened to expire in the meantime (yes, this is quite some edge case).
It should say "Enforce Encryption extension" in the previous post of course.
Depends on: 1431521
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Actually I wanted to keep this open to keep it in a bug list under webextensions (and thus on my radar)
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
moving to p3 due to external team dependency.
Priority: P2 → P3
Product: Toolkit → WebExtensions
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.