commit 0f4eb845cab77bf323f497af8cba3d2643c03a6b
parent 587809605b225c874963fc36f40cfb961145599d
Author: Jack Brown <jbrown@mozilla.com>
Date: Thu, 8 Jan 2026 23:31:52 +0000
Bug 2008464 - Doubled connection port on security risk pages - r=niklas,jaws
Differential Revision: https://phabricator.services.mozilla.com/D277916
Diffstat:
4 files changed, 77 insertions(+), 31 deletions(-)
diff --git a/browser/base/content/test/about/browser.toml b/browser/base/content/test/about/browser.toml
@@ -137,3 +137,5 @@ skip-if = [
["browser_bug435325.js"]
["browser_bug633691.js"]
+
+["browser_bug2008464.js"]
diff --git a/browser/base/content/test/about/browser_bug2008464.js b/browser/base/content/test/about/browser_bug2008464.js
@@ -0,0 +1,58 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ */
+
+"use strict";
+
+add_task(async function testHostnameDisplayedCorrectly() {
+ const { HttpServer } = ChromeUtils.importESModule(
+ "resource://testing-common/httpd.sys.mjs"
+ );
+
+ const server = new HttpServer();
+ registerCleanupFunction(() => new Promise(resolve => server.stop(resolve)));
+ server.registerPathHandler("/auth", (request, response) => {
+ response.setStatusLine(request.httpVersion, 401, "Unauthorized");
+ response.setHeader("WWW-Authenticate", 'Basic realm="test"', false);
+ });
+ server.start(-1);
+ const port = server.identity.primaryPort;
+ server.identity.add("http", "localhost", port);
+
+ await SpecialPowers.pushPrefEnv({
+ set: [
+ ["dom.security.https_first", false],
+ ["network.http.basic_http_auth.enabled", false],
+ ["browser.http.blank_page_with_error_response.enabled", true],
+ ["security.certerrors.felt-privacy-v1", true],
+ ],
+ });
+ registerCleanupFunction(() => SpecialPowers.popPrefEnv());
+
+ const url = `http://localhost:${port}/auth`;
+ info(`Checking URL (${url}) against displayed hostname.`);
+ await BrowserTestUtils.withNewTab(
+ { gBrowser, url, waitForLoad: false },
+ async browser => {
+ await BrowserTestUtils.waitForErrorPage(browser);
+ await SpecialPowers.spawn(browser, [port], async p => {
+ const netErrorCard = await ContentTaskUtils.waitForCondition(
+ () =>
+ content.document.querySelector("net-error-card")?.wrappedJSObject
+ );
+ await netErrorCard.getUpdateComplete();
+
+ Assert.equal(
+ netErrorCard.errorInfo.errorCodeString,
+ "NS_ERROR_BASIC_HTTP_AUTH_DISABLED",
+ "Shows HTTP auth disabled error"
+ );
+ Assert.equal(
+ netErrorCard.hostname,
+ `localhost:${p}`,
+ "Hostname includes the port once"
+ );
+ });
+ }
+ );
+});
diff --git a/toolkit/content/aboutNetError.mjs b/toolkit/content/aboutNetError.mjs
@@ -824,16 +824,10 @@ function setNetErrorMessageFromCode() {
console.warn("This error page has no error code in its security info");
}
- let hostname = HOST_NAME;
- const { port } = document.location;
- if (port && port != 443) {
- hostname += ":" + port;
- }
-
const shortDesc = document.getElementById("errorShortDesc");
document.l10n.setAttributes(shortDesc, "cert-error-ssl-connection-error", {
errorMessage: errorMessage ?? errorCode ?? "",
- hostname,
+ hostname: HOST_NAME,
});
}
@@ -1204,12 +1198,6 @@ function setTechnicalDetailsOnCertError(
});
}
- let hostname = HOST_NAME;
- const { port } = document.location;
- if (port && port != 443) {
- hostname += ":" + port;
- }
-
switch (failedCertInfo.overridableErrorCategory) {
case "trust-error":
switch (failedCertInfo.errorCodeString) {
@@ -1220,33 +1208,35 @@ function setTechnicalDetailsOnCertError(
break;
case "SEC_ERROR_UNKNOWN_ISSUER":
addLabel("cert-error-trust-unknown-issuer-intro");
- addLabel("cert-error-trust-unknown-issuer", { hostname });
+ addLabel("cert-error-trust-unknown-issuer", { hostname: HOST_NAME });
break;
case "SEC_ERROR_CA_CERT_INVALID":
- addLabel("cert-error-intro", { hostname });
+ addLabel("cert-error-intro", { hostname: HOST_NAME });
addLabel("cert-error-trust-cert-invalid");
break;
case "SEC_ERROR_UNTRUSTED_ISSUER":
- addLabel("cert-error-intro", { hostname });
+ addLabel("cert-error-intro", { hostname: HOST_NAME });
addLabel("cert-error-trust-untrusted-issuer");
break;
case "SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED":
- addLabel("cert-error-intro", { hostname });
+ addLabel("cert-error-intro", { hostname: HOST_NAME });
addLabel("cert-error-trust-signature-algorithm-disabled");
break;
case "SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE":
- addLabel("cert-error-intro", { hostname });
+ addLabel("cert-error-intro", { hostname: HOST_NAME });
addLabel("cert-error-trust-expired-issuer");
break;
case "MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT":
- addLabel("cert-error-intro", { hostname });
+ addLabel("cert-error-intro", { hostname: HOST_NAME });
addLabel("cert-error-trust-self-signed");
break;
case "MOZILLA_PKIX_ERROR_INSUFFICIENT_CERTIFICATE_TRANSPARENCY":
- addLabel("cert-error-trust-certificate-transparency", { hostname });
+ addLabel("cert-error-trust-certificate-transparency", {
+ hostname: HOST_NAME,
+ });
break;
default:
- addLabel("cert-error-intro", { hostname });
+ addLabel("cert-error-intro", { hostname: HOST_NAME });
addLabel("cert-error-untrusted-default");
}
addErrorCodeLink();
@@ -1257,12 +1247,12 @@ function setTechnicalDetailsOnCertError(
const notAfter = failedCertInfo.validNotAfter;
if (notBefore && Date.now() < notAfter) {
addLabel("cert-error-not-yet-valid-now", {
- hostname,
+ hostname: HOST_NAME,
"not-before-local-time": formatter.format(new Date(notBefore)),
});
} else {
addLabel("cert-error-expired-now", {
- hostname,
+ hostname: HOST_NAME,
"not-after-local-time": formatter.format(new Date(notAfter)),
});
}
@@ -1273,11 +1263,11 @@ function setTechnicalDetailsOnCertError(
case "domain-mismatch":
getSubjectAltNames(failedCertInfo).then(subjectAltNames => {
if (!subjectAltNames.length) {
- addLabel("cert-error-domain-mismatch", { hostname });
+ addLabel("cert-error-domain-mismatch", { hostname: HOST_NAME });
} else if (subjectAltNames.length > 1) {
const names = subjectAltNames.join(", ");
addLabel("cert-error-domain-mismatch-multiple", {
- hostname,
+ hostname: HOST_NAME,
"subject-alt-names": names,
});
} else {
@@ -1311,7 +1301,7 @@ function setTechnicalDetailsOnCertError(
*/
HOST_NAME.endsWith("." + okHost);
- const l10nArgs = { hostname, "alt-name": altName };
+ const l10nArgs = { hostname: HOST_NAME, "alt-name": altName };
if (showLink) {
// Set the link if we want it.
const proto = document.location.protocol + "//";
@@ -1370,7 +1360,7 @@ function setTechnicalDetailsOnCertError(
if (failedCertInfo.errorCodeString in nonoverridableErrorCodeToLabelMap) {
addLabel(
nonoverridableErrorCodeToLabelMap[failedCertInfo.errorCodeString],
- { hostname }
+ { hostname: HOST_NAME }
);
addErrorCodeLink();
}
diff --git a/toolkit/content/net-error-card.mjs b/toolkit/content/net-error-card.mjs
@@ -236,10 +236,6 @@ export class NetErrorCard extends MozLitElement {
}
this.hostname = HOST_NAME;
- const { port } = document.location;
- if (port && port != 443) {
- this.hostname += ":" + port;
- }
// We show an offline support page in case of a system-wide error,
// when a user cannot connect to the internet and access the SUMO website.
