Closed Bug 951405 Opened 11 years ago Closed 11 years ago

re-work certificate error page loading so that child processes never need nsISiteSecurityService (even remotely)

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 989875

People

(Reporter: keeler, Unassigned)

References

Details

See also bug 948574. It would be best if child processes never needed nsISiteSecurityService, even via remote (reducing attack surface). Currently the docshell uses nsISiteSecurityService when presenting a certificate error page. My plan was to push the use of nsISSS to inside the error page and have that page be loaded as a privileged page by the parent process. However, as far as I can tell, the child process' docshell just goes ahead and loads the error page directly, without checking to see if the parent should load it instead.
Note for the future: if bug 948574 lands (remoting nsISiteSecurityService::IsSecureURI), back it out when this bug gets fixed.
This looks like a dupe of bug 989875, based on your comments in that bug.
Flags: needinfo?(dkeeler)
Yep.
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: needinfo?(dkeeler)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.