-
-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Browser API: expose SSL info (securitychange event) #8544
Comments
I would add an enum to the Metadata struct, and store this as a field in Document. This would allow it to be updated for mixed content that is added subsequently, and trigger these events. The field of the enum would be set around http://mxr.mozilla.org/servo/source/components/net/http_loader.rs#711 . |
Understood. I'd like to start by implementing
Is it enough to just use: |
No, since that only corresponds to domains included in the HSTS preload list and any domains that have included the Strict-Transport-Settings header in a previous response. It should be enough to check that the scheme of the final request URL is https if there's a successful response received, I believe, since we deal with certificate errors before that. |
ok. I think the event should be dispatched once the document and its resources are all loaded, not once the document page request has loaded, since we will eventually add mixed content information to the event. So probably along the |
What about if mixed content is added after the document's load event occurs? Does a new event get dispatched in that case? |
With gecko, |
I'm trying to bring the load status to it looks like that: https://gist.github.com/paulrouget/852cd69e2830d381f3d3 Does that look right? I could use the metadata field instead, it holds a status value as well ( The patch above doesn't work though. Using
If this approach makes sense, what would be the right way to solve the above issue? |
I'm not convinced that |
Previous approach was wrong. I was trying to rely on the HTTP status code, which makes no sense. Here is a simpler approach: master...paulrouget:securitychange This is basic, but it covers enough for what we need for browser.html. @jdm, can you take a quick look and tell me if this is what you had in mind? You mentioned adding an enum to the Metadata struct. Afaict, metadata are not stored anywhere. I added a simple field to the document. Maybe that's enough. |
Yep, that's more like what I was expecting. I think we should store a value in Document that reflects https://html.spec.whatwg.org/multipage/dom.html#concept-document-https-state instead of secure/broken/insecure and store the brokenness via a separate boolean field. Additionally, instead of inspecting the scheme of the final URL, we should add a field to Metadata and rely on that value. |
mozbrowsersecuritychange event Fixes #8544 No test yet. Is there a way to mock a https connection? Also, I wish I could use the `HTTPSState` enum instead of a `String` when calling `trigger_mozbrowser_event` (https://github.com/servo/servo/compare/master...paulrouget:securitychange?expand=1#diff-30a18e04d7e0b66aafdf192e416cad44R306) but that would require `constellation_msg.rs` to know about `HTTPSState`, which is defined in `document.rs`, which would add a dependency to `components/msg`. I could define `HTTPSState` somewhere else maybe? Or maybe it's fine to use a `String`. But then, should I use the HTTPSState strings (`"modern/deprecated/none"`) or the mozbrowser strings (`"secure/insecure/broken"`) (as it is now) <!-- Reviewable:start --> [<img src="https://reviewable.io/review_button.png" height=40 alt="Review on Reviewable"/>](https://reviewable.io/reviews/servo/servo/9244) <!-- Reviewable:end -->
mozbrowsersecuritychange
properties: https://github.com/paulrouget/mozBrowserAPI/blob/master/BrowserAPI.md#the-mozbrowsersecuritychange-eventCould someone describe what needs to be done to expose SSL information (no ssl, non valid cert, valid cert, mixed content, …)? At least, we'd like to start with basic info: ssl or no ssl.
The text was updated successfully, but these errors were encountered: