Skip to content
Snippets Groups Projects
Commit b8f6622e authored by David Keeler's avatar David Keeler
Browse files

bug 947759 - unconditionally add Google sites to the HSTS preload list r=cviecco DONTBUILD NPOTB

parent cb931af8
No related merge requests found
Hide whitespace changes
Inline Side-by-side
security/manager/tools/getHSTSPreloadList.js
+ 22
4
View file @ b8f6622e
...@@ -100,6 +100,7 @@ function getHosts(rawdata) { ...@@ -100,6 +100,7 @@ function getHosts(rawdata) {
if (entry.mode && entry.mode == "force-https") { if (entry.mode && entry.mode == "force-https") {
if (entry.name) { if (entry.name) {
entry.retries = MAX_RETRIES; entry.retries = MAX_RETRIES;
entry.originalIncludeSubdomains = entry.include_subdomains;
hosts.push(entry); hosts.push(entry);
} else { } else {
throw "ERROR: entry not formatted correctly: no name found"; throw "ERROR: entry not formatted correctly: no name found";
...@@ -137,6 +138,9 @@ function processStsHeader(host, header, status) { ...@@ -137,6 +138,9 @@ function processStsHeader(host, header, status) {
} }
} }
let forceInclude = (host.forceInclude ||
(host.pins == "google" && !host.snionly));
if (error == ERROR_NONE && maxAge.value < MINIMUM_REQUIRED_MAX_AGE) { if (error == ERROR_NONE && maxAge.value < MINIMUM_REQUIRED_MAX_AGE) {
error = ERROR_MAX_AGE_TOO_LOW; error = ERROR_MAX_AGE_TOO_LOW;
} }
...@@ -145,7 +149,9 @@ function processStsHeader(host, header, status) { ...@@ -145,7 +149,9 @@ function processStsHeader(host, header, status) {
maxAge: maxAge.value, maxAge: maxAge.value,
includeSubdomains: includeSubdomains.value, includeSubdomains: includeSubdomains.value,
error: error, error: error,
retries: host.retries - 1 }; retries: host.retries - 1,
forceInclude: forceInclude,
originalIncludeSubdomains: host.originalIncludeSubdomains };
} }
function RedirectStopper() {}; function RedirectStopper() {};
...@@ -213,6 +219,15 @@ function errorToString(status) { ...@@ -213,6 +219,15 @@ function errorToString(status) {
: status.error); : status.error);
} }
function writeEntry(status, outputStream) {
let incSubdomainsBool = (status.forceInclude && status.error != ERROR_NONE
? status.originalIncludeSubdomains
: status.includeSubdomains);
let includeSubdomains = (incSubdomainsBool ? "true" : "false");
writeTo(" { \"" + status.name + "\", " + includeSubdomains + " },\n",
outputStream);
}
function output(sortedStatuses, currentList) { function output(sortedStatuses, currentList) {
try { try {
var file = FileUtils.getFile("CurWorkD", [OUTPUT]); var file = FileUtils.getFile("CurWorkD", [OUTPUT]);
...@@ -237,10 +252,13 @@ function output(sortedStatuses, currentList) { ...@@ -237,10 +252,13 @@ function output(sortedStatuses, currentList) {
status.includeSubdomains = currentList[status.name]; status.includeSubdomains = currentList[status.name];
} }
if (status.maxAge >= MINIMUM_REQUIRED_MAX_AGE) { if (status.maxAge >= MINIMUM_REQUIRED_MAX_AGE || status.forceInclude) {
writeTo(" { \"" + status.name + "\", " + writeEntry(status, fos);
(status.includeSubdomains ? "true" : "false") + " },\n", fos);
dump("INFO: " + status.name + " ON the preload list\n"); dump("INFO: " + status.name + " ON the preload list\n");
if (status.forceInclude && status.error != ERROR_NONE) {
writeTo(status.name + ": " + errorToString(status) + " (error "
+ "ignored - included regardless)\n", eos);
}
} }
else { else {
dump("INFO: " + status.name + " NOT ON the preload list\n"); dump("INFO: " + status.name + " NOT ON the preload list\n");
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment