607124 - Combine strict-transport-security (STS) PermissionManager types into one

Status: RESOLVED WONTFIX

(Core :: Networking, defect)

Description

[Daniel Veditz [:dveditz]]

Currently the Strict-Transportation-Security feature uses two different types in the permissions.sqlite moz_hosts table. "sts/use" governs whether STS is enabled for the site, and "sts/subd" indicates whether the "includeSubdomains" token was specified in the header. We don't need to duplicate an entire row for this one bit of information, instead we should use different permission values in the same row. For example, see cookie permissions which have Allow, Deny, and Allow-for-session values.

This will make it much easier for add-on tools trying to help people manage their STS permissions. Depending on the code we could be like cookies and use a random unused value (e.g. '3') to mean "on and include subdomains", or it may be easier to treat it as a bit field.

Comment 1

[Daniel Veditz [:dveditz]]

If we're going to make this change we need to do it before Beta 8.

Comment 2

[Daniel Veditz [:dveditz]]

"Data Manager" https://addons.mozilla.org/en-US/firefox/addon/162068/ will expose these settings and allow users to change the allow/block setting, but it's just trolling through the database and doesn't have any code that deals with sts specifically. This change shouldn't be a problem.

Comment 3

[Johnny Stenback (:jst)]

Not blocking, but I'd approve a safe patch.

Comment 4

[Sid Stamm [:geekboy or :sstamm]]

We're going to be moving the HSTS data out of nsIPermissionManager and into a different storage mechanism (which will eventually be common to more site security settings). That will make this bug unnecessary.  I'm marking this WONTFIX because it's extra work that we eventually won't need.

See bug 775370.