Issue mcp-graveyard/UXP#1289 - Part 1: Add a pref to disable HPKP header processing.

author: wolfbeast <mcwerewolf@wolfbeast.com> 2019-11-14 12:13:54 +0100
committer: wolfbeast <mcwerewolf@wolfbeast.com> 2019-11-14 12:13:54 +0100
commit: 9659e3209a0bde4d905e730c9930706772d667f5 (patch)
tree: 280dd3616fbf74f767082f882b07bcac9dd790bf /netwerk
parent: d6e23367ed690aa72e8ace0e4e15d4029367000d (diff)
download: uxp-9659e3209a0bde4d905e730c9930706772d667f5.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js
index ef78ddccbb..702315d430 100644
--- a/netwerk/base/security-prefs.js
+++ b/netwerk/base/security-prefs.js
@@ -132,6 +132,14 @@ pref("security.cert_pinning.process_headers_from_non_builtin_roots", false);
 // blacking themselves out by setting a bad pin.  (60 days by default)
 // https://tools.ietf.org/html/rfc7469#section-4.1
 pref("security.cert_pinning.max_max_age_seconds", 5184000);
+// Controls whether or not HPKP (the HTTP Public Key Pinning header) is enabled.
+// If true, the header is processed and collected HPKP information is consulted
+// when looking for pinning information.
+// If false, the header is not processed and collected HPKP information is not
+// consulted when looking for pinning information. Preloaded pins are not
+// affected by this preference.
+// Default: false
+pref("security.cert_pinning.hpkp.enabled", false);
 
 // If a request is mixed-content, send an HSTS priming request to attempt to
 // see if it is available over HTTPS.
author	wolfbeast <mcwerewolf@wolfbeast.com>	2019-11-14 12:13:54 +0100
committer	wolfbeast <mcwerewolf@wolfbeast.com>	2019-11-14 12:13:54 +0100
commit	9659e3209a0bde4d905e730c9930706772d667f5 (patch)
tree	280dd3616fbf74f767082f882b07bcac9dd790bf /netwerk
parent	d6e23367ed690aa72e8ace0e4e15d4029367000d (diff)
download	uxp-9659e3209a0bde4d905e730c9930706772d667f5.tar.gz