1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
3 * You can obtain one at http://mozilla.org/MPL/2.0/. */
5 import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";
9 ChromeUtils.defineESModuleGetters(lazy, {
10 Preferences: "resource://gre/modules/Preferences.sys.mjs",
13 XPCOMUtils.defineLazyServiceGetter(
16 "@mozilla.org/ssservice;1",
17 "nsISiteSecurityService"
20 XPCOMUtils.defineLazyServiceGetter(
22 "certOverrideService",
23 "@mozilla.org/security/certoverride;1",
24 "nsICertOverrideService"
27 const CERT_PINNING_ENFORCEMENT_PREF = "security.cert_pinning.enforcement_level";
28 const HSTS_PRELOAD_LIST_PREF = "network.stricttransportsecurity.preloadlist";
31 export const allowAllCerts = {};
34 * Disable all security check and allow all certs.
36 allowAllCerts.enable = function () {
37 // make it possible to register certificate overrides for domains
38 // that use HSTS or HPKP
39 lazy.Preferences.set(HSTS_PRELOAD_LIST_PREF, false);
40 lazy.Preferences.set(CERT_PINNING_ENFORCEMENT_PREF, 0);
42 lazy.certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
48 * Enable all security check.
50 allowAllCerts.disable = function () {
51 lazy.certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
55 lazy.Preferences.reset(HSTS_PRELOAD_LIST_PREF);
56 lazy.Preferences.reset(CERT_PINNING_ENFORCEMENT_PREF);
58 // clear collected HSTS and HPKP state
59 // through the site security service