commit e5d9f3de48cf1118cda5726f6e20d93b9a7ba0eb
parent 53600157c00452353a56c0710addf1d0f46f7563
Author: agoloman <agoloman@mozilla.com>
Date: Wed, 15 Oct 2025 17:13:37 +0300
Revert "Bug 1988152 - support enterprise policy for domain based filtering for LNA. r=necko-reviewers,jesup,mkaply" for causing build bustages @TestLocalNetworkAccess.cpp.
This reverts commit fd3c32ffc06af01a6b6e773ac6a243d44265c87b.
Revert "Bug 1988152 - support configuration to skip LNA checks target domains. r=necko-reviewers,valentin"
This reverts commit 0c1efe49759aff467d31238ea10851c30bf83315.
Diffstat:
10 files changed, 0 insertions(+), 566 deletions(-)
diff --git a/browser/components/enterprisepolicies/Policies.sys.mjs b/browser/components/enterprisepolicies/Policies.sys.mjs
@@ -1867,16 +1867,6 @@ export var Policies = {
);
}
}
-
- // Handle SkipDomains separately (can be set independently of Enabled)
- if ("SkipDomains" in param && Array.isArray(param.SkipDomains)) {
- let skipDomainsValue = param.SkipDomains.join(",");
- PoliciesUtils.setDefaultPref(
- "network.lna.skip-domains",
- skipDomainsValue,
- param.Locked
- );
- }
},
},
diff --git a/browser/components/enterprisepolicies/schemas/policies-schema.json b/browser/components/enterprisepolicies/schemas/policies-schema.json
@@ -1011,12 +1011,6 @@
"EnablePrompting": {
"type": "boolean"
},
- "SkipDomains": {
- "type": "array",
- "items": {
- "type": "string"
- }
- },
"Locked": {
"type": "boolean"
}
diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_local_network_access.js b/browser/components/enterprisepolicies/tests/xpcshell/test_local_network_access.js
@@ -417,90 +417,3 @@ add_task(async function test_local_network_access_policy_enforcement() {
"Preference should still be locked"
);
});
-
-add_task(async function test_local_network_access_skip_domains() {
- // Test SkipDomains policy
- await setupPolicyEngineWithJson({
- policies: {
- LocalNetworkAccess: {
- SkipDomains: ["example.com", "*.local", "localhost"],
- },
- },
- });
-
- equal(
- Services.prefs.getCharPref("network.lna.skip-domains"),
- "example.com,*.local,localhost",
- "network.lna.skip-domains should be set correctly"
- );
-
- equal(
- Services.prefs.prefIsLocked("network.lna.skip-domains"),
- false,
- "network.lna.skip-domains should not be locked when Locked is not specified"
- );
-});
-
-add_task(async function test_local_network_access_skip_domains_locked() {
- // Test SkipDomains policy with locking
- await setupPolicyEngineWithJson({
- policies: {
- LocalNetworkAccess: {
- SkipDomains: ["*.example.com", "server.local"],
- Locked: true,
- },
- },
- });
-
- equal(
- Services.prefs.getCharPref("network.lna.skip-domains"),
- "*.example.com,server.local",
- "network.lna.skip-domains should be set correctly"
- );
-
- equal(
- Services.prefs.prefIsLocked("network.lna.skip-domains"),
- true,
- "network.lna.skip-domains should be locked when Locked: true is specified"
- );
-});
-
-add_task(async function test_local_network_access_enabled_with_skip_domains() {
- // Test combining Enabled with SkipDomains
- await setupPolicyEngineWithJson({
- policies: {
- LocalNetworkAccess: {
- Enabled: true,
- SkipDomains: ["*"],
- },
- },
- });
-
- equal(
- Services.prefs.getBoolPref("network.lna.enabled"),
- true,
- "network.lna.enabled should be true"
- );
- equal(
- Services.prefs.getCharPref("network.lna.skip-domains"),
- "*",
- 'network.lna.skip-domains should be "*" to skip all domains'
- );
-});
-
-add_task(async function test_local_network_access_skip_domains_empty_array() {
- // Test SkipDomains with empty array
- await setupPolicyEngineWithJson({
- policies: {
- LocalNetworkAccess: {
- SkipDomains: [],
- },
- },
- });
-
- equal(
- Services.prefs.getCharPref("network.lna.skip-domains"),
- "",
- "network.lna.skip-domains should be empty string for empty array"
- );
-});
diff --git a/modules/libpref/init/StaticPrefList.yaml b/modules/libpref/init/StaticPrefList.yaml
@@ -14493,13 +14493,6 @@
value: true
mirror: always
-# Comma-separated list of domains to skip LNA checks for.
-# Supports suffix wildcard patterns (*.example.com)
-- name: network.lna.skip-domains
- type: String
- value: ""
- mirror: never
-
# The proxy type. See nsIProtocolProxyService.idl
# PROXYCONFIG_DIRECT = 0
# PROXYCONFIG_MANUAL = 1
diff --git a/netwerk/base/LNAPermissionRequest.cpp b/netwerk/base/LNAPermissionRequest.cpp
@@ -13,8 +13,6 @@
#include "mozilla/glean/NetwerkMetrics.h"
#include "mozilla/dom/WindowGlobalParent.h"
-#include "nsIIOService.h"
-#include "nsIOService.h"
namespace mozilla::net {
@@ -109,18 +107,6 @@ nsresult LNAPermissionRequest::RequestPermission() {
return Cancel();
}
- // Check if the domain should skip LNA checks
- if (mPrincipal && gIOService) {
- nsAutoCString origin;
- nsresult rv = mPrincipal->GetAsciiHost(origin);
- if (NS_SUCCEEDED(rv) && !origin.IsEmpty()) {
- if (gIOService->ShouldSkipDomainForLNA(origin)) {
- // Domain is in the skip list, grant permission automatically
- return Allow(JS::UndefinedHandleValue);
- }
- }
- }
-
PromptResult pr = CheckPromptPrefs();
if (pr == PromptResult::Granted) {
return Allow(JS::UndefinedHandleValue);
diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
@@ -105,7 +105,6 @@ using mozilla::dom::ServiceWorkerDescriptor;
#define PREF_LNA_IP_ADDR_SPACE_PRIVATE \
"network.lna.address_space.private.override"
#define PREF_LNA_IP_ADDR_SPACE_LOCAL "network.lna.address_space.local.override"
-#define PREF_LNA_SKIP_DOMAINS "network.lna.skip-domains"
nsIOService* gIOService;
static bool gCaptivePortalEnabled = false;
@@ -235,7 +234,6 @@ static const char* gCallbackPrefs[] = {
PREF_LNA_IP_ADDR_SPACE_PUBLIC,
PREF_LNA_IP_ADDR_SPACE_PRIVATE,
PREF_LNA_IP_ADDR_SPACE_LOCAL,
- PREF_LNA_SKIP_DOMAINS,
nullptr,
};
@@ -1664,10 +1662,6 @@ void nsIOService::PrefsChanged(const char* pref) {
UpdateAddressSpaceOverrideList(PREF_LNA_IP_ADDR_SPACE_LOCAL,
mLocalAddressSpaceOverrideList);
}
- if (!pref || strncmp(pref, PREF_LNA_SKIP_DOMAINS,
- strlen(PREF_LNA_SKIP_DOMAINS)) == 0) {
- UpdateSkipDomainsList();
- }
}
void nsIOService::UpdateAddressSpaceOverrideList(
@@ -1686,52 +1680,6 @@ void nsIOService::UpdateAddressSpaceOverrideList(
aTargetList = std::move(addressSpaceOverridesArray);
}
-void nsIOService::UpdateSkipDomainsList() {
- nsAutoCString skipDomains;
- Preferences::GetCString(PREF_LNA_SKIP_DOMAINS, skipDomains);
-
- nsTArray<nsCString> skipDomainsArray;
- nsCCharSeparatedTokenizer tokenizer(skipDomains, ',');
- while (tokenizer.hasMoreTokens()) {
- nsAutoCString token(tokenizer.nextToken());
- token.StripWhitespace();
- if (!token.IsEmpty()) {
- skipDomainsArray.AppendElement(token);
- }
- }
-
- AutoWriteLock lock(mLock);
- mLNASkipDomainsList = std::move(skipDomainsArray);
-}
-
-bool nsIOService::ShouldSkipDomainForLNA(const nsACString& aDomain) {
- AutoReadLock lock(mLock);
-
- // Check each domain pattern
- for (const auto& pattern : mLNASkipDomainsList) {
- // Special case: plain "*" matches all domains
- if (pattern.Equals("*"_ns)) {
- return true;
- }
-
- // Suffix wildcard pattern (starts with *.)
- if (StringBeginsWith(pattern, "*."_ns)) {
- nsDependentCSubstring suffix(Substring(pattern, 2));
- nsDependentCSubstring suffixWithDot(Substring(pattern, 1));
- if (aDomain == suffix || StringEndsWith(aDomain, suffixWithDot)) {
- return true;
- }
- }
-
- // Exact match
- if (pattern == aDomain) {
- return true;
- }
- }
-
- return false;
-}
-
void nsIOService::ParsePortList(const char* pref, bool remove) {
nsAutoCString portList;
nsTArray<int32_t> restrictedPortList;
diff --git a/netwerk/base/nsIOService.h b/netwerk/base/nsIOService.h
@@ -158,8 +158,6 @@ class nsIOService final : public nsIIOService,
NS_IMETHODIMP GetOverridenIpAddressSpace(
nsILoadInfo::IPAddressSpace* aIpAddressSpace, const NetAddr& aAddr);
- bool ShouldSkipDomainForLNA(const nsACString& aDomain);
-
private:
// These shouldn't be called directly:
// - construct using GetInstance
@@ -215,7 +213,6 @@ class nsIOService final : public nsIIOService,
void UpdateAddressSpaceOverrideList(const char* aPrefName,
nsTArray<nsCString>& aTargetList);
- void UpdateSkipDomainsList();
private:
mozilla::Atomic<bool, mozilla::Relaxed> mOffline{true};
@@ -250,7 +247,6 @@ class nsIOService final : public nsIIOService,
nsTArray<nsCString> mPublicAddressSpaceOverridesList MOZ_GUARDED_BY(mLock);
nsTArray<nsCString> mPrivateAddressSpaceOverridesList MOZ_GUARDED_BY(mLock);
nsTArray<nsCString> mLocalAddressSpaceOverrideList MOZ_GUARDED_BY(mLock);
- nsTArray<nsCString> mLNASkipDomainsList MOZ_GUARDED_BY(mLock);
nsTHashMap<nsCString, RuntimeProtocolHandler> mRuntimeProtocolHandlers
MOZ_GUARDED_BY(mLock);
diff --git a/netwerk/protocol/http/nsHttpTransaction.cpp b/netwerk/protocol/http/nsHttpTransaction.cpp
@@ -63,7 +63,6 @@
#include "nsTransportUtils.h"
#include "sslerr.h"
#include "SpeculativeTransaction.h"
-#include "mozilla/Preferences.h"
//-----------------------------------------------------------------------------
@@ -3738,17 +3737,10 @@ nsILoadInfo::IPAddressSpace nsHttpTransaction::GetTargetIPAddressSpace() {
bool nsHttpTransaction::AllowedToConnectToIpAddressSpace(
nsILoadInfo::IPAddressSpace aTargetIpAddressSpace) {
// skip checks if LNA feature is disabled
-
if (!StaticPrefs::network_lna_enabled()) {
return true;
}
- // Skip LNA checks if domain is in skip list
- if (mConnInfo && gIOService &&
- gIOService->ShouldSkipDomainForLNA(mConnInfo->GetOrigin())) {
- return true;
- }
-
// store targetIpAddress space which is required later by nsHttpChannel for
// permission prompts
{
diff --git a/netwerk/test/gtest/TestLocalNetworkAccess.cpp b/netwerk/test/gtest/TestLocalNetworkAccess.cpp
@@ -8,8 +8,6 @@
#include "mozilla/StaticPrefs_network.h"
#include "mozilla/Preferences.h"
#include "mozilla/net/DNS.h"
-#include "nsNetUtil.h"
-#include "nsIOService.h"
TEST(TestNetAddrLNAUtil, IPAddressSpaceCategorization)
{
@@ -152,115 +150,3 @@ TEST(TestNetAddrLNAUtil, DefaultAndOverrideTransitions)
<< "Expected reset back to default space for " << tc.ip;
}
}
-
-TEST(TestNetAddrLNAUtil, ShouldSkipDomainForLNA)
-{
- using mozilla::Preferences;
-
- // Get nsIOService instance
- nsIOService* ioService = gIOService;
- ASSERT_NE(ioService, nullptr);
-
- // Test with empty preference (should not skip any domains)
- Preferences::SetCString("network.lna.skip-domains", ""_ns);
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("example.com"_ns));
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("test.example.com"_ns));
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("localhost"_ns));
-
- // Test exact domain matching
- Preferences::SetCString("network.lna.skip-domains",
- "example.com,test.org"_ns);
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("example.com"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("test.org"_ns));
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("sub.example.com"_ns));
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("example.org"_ns));
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("notexample.com"_ns));
-
- // Test wildcard domain matching
- Preferences::SetCString("network.lna.skip-domains",
- "*.example.com,*.test.org"_ns);
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("sub.example.com"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("deep.sub.example.com"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("api.test.org"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA(
- "example.com"_ns)); // Should match exact domain too
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA(
- "test.org"_ns)); // Should match exact domain too
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("example.net"_ns));
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("notexample.com"_ns));
-
- // Test more suffix wildcard patterns
- Preferences::SetCString("network.lna.skip-domains",
- "*.local,*.internal,*.test"_ns);
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("server.local"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("api.internal"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("service.test"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("deep.subdomain.local"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA(
- "local"_ns)); // Should match exact domain too
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA(
- "internal"_ns)); // Should match exact domain too
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("local.example.com"_ns));
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("localhost"_ns));
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("example.com"_ns));
-
- // Test mixed patterns (exact and suffix wildcard)
- Preferences::SetCString(
- "network.lna.skip-domains",
- "localhost,*.dev.local,*.staging.com,production.example.com"_ns);
- // Exact matches
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("localhost"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("production.example.com"_ns));
- // Suffix wildcard matches
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("api.dev.local"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("web.dev.local"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("dev.local"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("test.staging.com"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("api.staging.com"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("staging.com"_ns));
- // Non-matches
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("example.com"_ns));
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("dev.example.com"_ns));
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("staging.example.com"_ns));
-
- // Test with whitespace and empty entries
- Preferences::SetCString(
- "network.lna.skip-domains",
- " example.com , , *.test.local , admin.internal "_ns);
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("example.com"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("api.test.local"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("admin.internal"_ns));
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("test.com"_ns));
-
- // Test invalid patterns (unknown patterns treated as exact match)
- Preferences::SetCString("network.lna.skip-domains",
- "example.com,invalid.pattern"_ns);
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA(
- "example.com"_ns)); // Valid exact match
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA(
- "invalid.pattern"_ns)); // Treated as exact match
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA("test.com"_ns)); // No match
-
- // Test case sensitivity
- Preferences::SetCString("network.lna.skip-domains",
- "Example.COM,*.Test.ORG"_ns);
- EXPECT_TRUE(
- ioService->ShouldSkipDomainForLNA("Example.COM"_ns)); // Exact case match
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA(
- "example.com"_ns)); // Different case (no match)
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA(
- "api.Test.ORG"_ns)); // Wildcard case match
- EXPECT_FALSE(ioService->ShouldSkipDomainForLNA(
- "api.test.org"_ns)); // Different case (no match)
-
- // Test plain "*" matches all domains
- Preferences::SetCString("network.lna.skip-domains", "*"_ns);
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("example.com"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("test.org"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("localhost"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("any.domain.here"_ns));
- EXPECT_TRUE(ioService->ShouldSkipDomainForLNA("server.local"_ns));
-
- // Reset preference for cleanup
- Preferences::SetCString("network.lna.skip-domains", ""_ns);
-}
diff --git a/netwerk/test/unit/test_local_network_access.js b/netwerk/test/unit/test_local_network_access.js
@@ -7,10 +7,6 @@ const { NodeHTTP2Server } = ChromeUtils.importESModule(
"resource://testing-common/NodeServer.sys.mjs"
);
-const override = Cc["@mozilla.org/network/native-dns-override;1"].getService(
- Ci.nsINativeDNSResolverOverride
-);
-
function makeChannel(url) {
let uri2 = NetUtil.newURI(url);
// by default system principal is used, which cannot be used for permission based tests
@@ -54,22 +50,6 @@ ChromeUtils.defineLazyGetter(this, "H2_URL", function () {
return "https://localhost:" + server.port();
});
-ChromeUtils.defineLazyGetter(this, "H1_EXAMPLE_URL", function () {
- return "http://example.com:" + httpServer.identity.primaryPort;
-});
-
-ChromeUtils.defineLazyGetter(this, "H1_TEST_EXAMPLE_URL", function () {
- return "http://test.example.com:" + httpServer.identity.primaryPort;
-});
-
-ChromeUtils.defineLazyGetter(this, "H1_SERVER_LOCAL_URL", function () {
- return "http://server.local:" + httpServer.identity.primaryPort;
-});
-
-ChromeUtils.defineLazyGetter(this, "H1_API_DEV_LOCAL_URL", function () {
- return "http://api.dev.local:" + httpServer.identity.primaryPort;
-});
-
let httpServer = null;
let server = new NodeHTTP2Server();
function pathHandler(metadata, response) {
@@ -93,11 +73,6 @@ add_setup(async () => {
httpServer = new HttpServer();
httpServer.registerPathHandler("/test_lna", pathHandler);
httpServer.start(-1);
- // Add domain identities for testing domain skip patterns
- httpServer.identity.add("http", "example.com", 80);
- httpServer.identity.add("http", "test.example.com", 80);
- httpServer.identity.add("http", "server.local", 80);
- httpServer.identity.add("http", "api.dev.local", 80);
// H2 Server
let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
@@ -335,242 +310,3 @@ add_task(async function lna_blocking_tests_local_network() {
}
}
});
-
-// Test the network.lna.skip-domains preference
-add_task(async function lna_domain_skip_tests() {
- // Add DNS overrides to map test domains to 127.0.0.1
- override.clearOverrides();
- Services.dns.clearCache(true);
-
- override.addIPOverride("example.com", "127.0.0.1");
- override.addIPOverride("test.example.com", "127.0.0.1");
- override.addIPOverride("server.local", "127.0.0.1");
- override.addIPOverride("api.dev.local", "127.0.0.1");
-
- // Add override such that target servers are considered as local network (and not localhost)
- // This includes all the domains we're testing with
- var override_value =
- "127.0.0.1" +
- ":" +
- httpServer.identity.primaryPort +
- "," +
- "127.0.0.1" +
- ":" +
- server.port();
-
- Services.prefs.setCharPref(
- "network.lna.address_space.private.override",
- override_value
- );
-
- const domainSkipTestCases = [
- // [skipDomains, parentSpace, expectedStatus, baseURL, description]
- // Exact domain match
- [
- "localhost",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_URL,
- "exact domain match - localhost",
- ],
- [
- "localhost",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H2_URL,
- "exact domain match - localhost H2",
- ],
- [
- "example.com",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_EXAMPLE_URL,
- "exact domain match - example.com",
- ],
-
- // Wildcard domain match
- [
- "*.localhost",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_URL,
- "wildcard domain match - *.localhost matches localhost",
- ],
- [
- "*.example.com",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_TEST_EXAMPLE_URL,
- "wildcard domain match - *.example.com matches test.example.com",
- ],
- [
- "*.example.com",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_EXAMPLE_URL,
- "wildcard domain match - *.example.com matches example.com",
- ],
- [
- "*.test.com",
- Ci.nsILoadInfo.Public,
- Cr.NS_ERROR_LOCAL_NETWORK_ACCESS_DENIED,
- H1_EXAMPLE_URL,
- "wildcard no match - *.test.com doesn't match example.com",
- ],
-
- // Multiple domains (comma-separated)
- [
- "example.com,localhost,test.org",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_URL,
- "multiple domains - localhost match",
- ],
- [
- "example.com,localhost,test.org",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_EXAMPLE_URL,
- "multiple domains - example.com match",
- ],
- [
- "foo.com,test.org",
- Ci.nsILoadInfo.Public,
- Cr.NS_ERROR_LOCAL_NETWORK_ACCESS_DENIED,
- H1_EXAMPLE_URL,
- "multiple domains no match - example.com not in list",
- ],
-
- // Empty skip domains (should apply normal LNA rules)
- [
- "",
- Ci.nsILoadInfo.Public,
- Cr.NS_ERROR_LOCAL_NETWORK_ACCESS_DENIED,
- H1_URL,
- "empty skip domains - should block",
- ],
-
- // .local domain tests
- [
- "*.local",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_SERVER_LOCAL_URL,
- "wildcard .local - *.local matches server.local",
- ],
- [
- "*.local",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_API_DEV_LOCAL_URL,
- "wildcard .local - *.local matches api.dev.local",
- ],
- [
- "*.dev.local",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_API_DEV_LOCAL_URL,
- "wildcard subdomain .local - *.dev.local matches api.dev.local",
- ],
- [
- "server.local",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_SERVER_LOCAL_URL,
- "exact match .local - server.local matches server.local",
- ],
- [
- "*.local",
- Ci.nsILoadInfo.Public,
- Cr.NS_ERROR_LOCAL_NETWORK_ACCESS_DENIED,
- H1_URL,
- "wildcard .local - *.local doesn't match localhost",
- ],
-
- // localhost variations
- [
- "localhost,*.local,*.internal",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_URL,
- "combined patterns - localhost matches localhost",
- ],
- [
- "localhost,*.local,*.internal",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_SERVER_LOCAL_URL,
- "combined patterns - *.local matches server.local",
- ],
-
- // Plain "*" wildcard matches all domains
- [
- "*",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_URL,
- "wildcard all - * matches localhost",
- ],
- [
- "*",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_EXAMPLE_URL,
- "wildcard all - * matches example.com",
- ],
- [
- "*",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_SERVER_LOCAL_URL,
- "wildcard all - * matches server.local",
- ],
- [
- "*",
- Ci.nsILoadInfo.Public,
- Cr.NS_OK,
- H1_TEST_EXAMPLE_URL,
- "wildcard all - * matches test.example.com",
- ],
- ];
-
- for (let [
- skipDomains,
- parentSpace,
- expectedStatus,
- url,
- description,
- ] of domainSkipTestCases) {
- info(`Testing domain skip: ${description} - domains: "${skipDomains}"`);
-
- // Set the domain skip preference
- Services.prefs.setCharPref("network.lna.skip-domains", skipDomains);
-
- // Disable prompt simulation for clean testing
- Services.prefs.setBoolPref("network.localhost.prompt.testing.allow", false);
-
- let chan = makeChannel(url + "/test_lna");
- chan.loadInfo.parentIpAddressSpace = parentSpace;
-
- let expectFailure = expectedStatus !== Cr.NS_OK ? CL_EXPECT_FAILURE : 0;
-
- await new Promise(resolve => {
- chan.asyncOpen(new ChannelListener(resolve, null, expectFailure));
- });
-
- Assert.equal(
- chan.status,
- expectedStatus,
- `Status should match for: ${description}`
- );
- if (expectedStatus === Cr.NS_OK) {
- Assert.equal(chan.protocolVersion, url === H2_URL ? "h2" : "http/1.1");
- }
- }
-
- // Cleanup
- Services.prefs.clearUserPref("network.lna.skip-domains");
- Services.prefs.clearUserPref("network.lna.address_space.private.override");
- override.clearOverrides();
- Services.dns.clearCache(true);
-});
