bug 1049946 - don't expose the "Add Exception" button in about:certerror for HSTS sites when browser.xul.error_pages.expert_bad_cert is set r=jst

2024-09-13 09:24:08 -07:00 · 2014-08-07 11:00:00 -07:00 · 2014-08-07 11:00:00 -07:00 · 74d894febe
commit 74d894febe
parent 0ec5de40b0
1 changed files with 7 additions and 6 deletions
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@ -4621,6 +4621,13 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI *aURI,
                  cc->SendIsSecureURI(type, uri, flags, &isStsHost);
                }

+                if (Preferences::GetBool(
+                        "browser.xul.error_pages.expert_bad_cert", false)) {
+                    cssClass.AssignLiteral("expertBadCert");
+                }
+
+                // HSTS takes precedence over the expert bad cert pref. We
+                // never want to show the "Add Exception" button for HSTS sites.
                uint32_t bucketId;
                if (isStsHost) {
                  cssClass.AssignLiteral("badStsCert");
@ -4631,12 +4638,6 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI *aURI,
                  bucketId = nsISecurityUITelemetry::WARNING_BAD_CERT_TOP;
                }

-
-                if (Preferences::GetBool(
-                        "browser.xul.error_pages.expert_bad_cert", false)) {
-                    cssClass.AssignLiteral("expertBadCert");
-                }
-
                // See if an alternate cert error page is registered
                nsAdoptingCString alternateErrorPage =
                    Preferences::GetCString(