bug 887052 - rename nsIStrictTransportSecurityService to nsISiteSecur…

…ityService for refactoring r=cviecco r=mcmanus r=jst sr=jst

content/base/test/test_websocket.html

@@ -1230,14 +1230,14 @@
         const Ci = Components.interfaces;
         var ios = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService);
         var thehost = ios.newURI("http://example.com", null, null);
-        var stss = Cc["@mozilla.org/stsservice;1"].getService(Ci.nsIStrictTransportSecurityService);
+        var sss = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService);
         var loadContext = window.QueryInterface(Ci.nsIInterfaceRequestor)
                                 .getInterface(Ci.nsIWebNavigation)
                                 .QueryInterface(Ci.nsILoadContext);
         var flags = 0;
         if (loadContext.usePrivateBrowsing)
           flags |= Ci.nsISocketProvider.NO_PERMANENT_STORAGE;
-        stss.removeStsState(thehost, flags);
+        sss.removeStsState(thehost, flags);
         doTest(42);
        }
      }

docshell/base/nsDocShell.cpp

@@ -135,7 +135,7 @@
 #include "nsIDOMHTMLAnchorElement.h"
 #include "nsIWebBrowserChrome3.h"
 #include "nsITabChild.h"
-#include "nsIStrictTransportSecurityService.h"
+#include "nsISiteSecurityService.h"
 #include "nsStructuredCloneContainer.h"
 #include "nsIStructuredCloneContainer.h"
 #ifdef MOZ_PLACES
@@ -4266,14 +4266,14 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI *aURI,
 
                 // if this is a Strict-Transport-Security host and the cert
                 // is bad, don't allow overrides (STS Spec section 7.3).
-                nsCOMPtr<nsIStrictTransportSecurityService> stss =
-                          do_GetService(NS_STSSERVICE_CONTRACTID, &rv);
+                nsCOMPtr<nsISiteSecurityService> sss =
+                          do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
                 NS_ENSURE_SUCCESS(rv, rv);
                 uint32_t flags =
                   mInPrivateBrowsing ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
 
                 bool isStsHost = false;
-                rv = stss->IsStsURI(aURI, flags, &isStsHost);
+                rv = sss->IsStsURI(aURI, flags, &isStsHost);
                 NS_ENSURE_SUCCESS(rv, rv);
 
                 uint32_t bucketId;

netwerk/base/public/moz.build

@@ -85,6 +85,7 @@ XPIDL_SOURCES += [
     'nsISerializationHelper.idl',
     'nsIServerSocket.idl',
     'nsISimpleStreamListener.idl',
+    'nsISiteSecurityService.idl',
     'nsISocketTransport.idl',
     'nsISocketTransportService.idl',
     'nsISpeculativeConnect.idl',
@@ -93,7 +94,6 @@ XPIDL_SOURCES += [
     'nsIStreamListenerTee.idl',
     'nsIStreamLoader.idl',
     'nsIStreamTransportService.idl',
-    'nsIStrictTransportSecurityService.idl',
     'nsISyncStreamListener.idl',
     'nsISystemProxySettings.idl',
     'nsIThreadRetargetableRequest.idl',

netwerk/base/public/nsIStrictTransportSecurityService.idl → netwerk/base/public/nsISiteSecurityService.idl

@@ -8,8 +8,8 @@ interface nsIURI;
 interface nsIObserver;
 interface nsIHttpChannel;
 
-[scriptable, uuid(c6138514-f212-4747-98c2-7abfce3be293)]
-interface nsIStrictTransportSecurityService : nsISupports
+[scriptable, uuid(1ca9de3d-26b8-4e0c-9641-62c380bdd9c7)]
+interface nsISiteSecurityService : nsISupports
 {
     /**
      * Parses a given HTTP header and records the results internally.
@@ -80,7 +80,7 @@ interface nsIStrictTransportSecurityService : nsISupports
 };
 
 %{C++
-#define NS_STSSERVICE_CONTRACTID "@mozilla.org/stsservice;1"
+#define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1"
 
 #define STS_PERMISSION "sts/use"
 #define STS_SUBDOMAIN_PERMISSION "sts/subd"

netwerk/protocol/http/nsHttpChannel.cpp

@@ -378,12 +378,12 @@ nsHttpChannel::Connect()
 
     if (!usingSSL) {
         // enforce Strict-Transport-Security
-        nsIStrictTransportSecurityService* stss = gHttpHandler->GetSTSService();
-        NS_ENSURE_TRUE(stss, NS_ERROR_OUT_OF_MEMORY);
+        nsISiteSecurityService* sss = gHttpHandler->GetSSService();
+        NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
 
         bool isStsHost = false;
         uint32_t flags = mPrivateBrowsing ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
-        rv = stss->IsStsURI(mURI, flags, &isStsHost);
+        rv = sss->IsStsURI(mURI, flags, &isStsHost);
 
         // if STS fails, there's no reason to cancel the load, but it's
         // worrisome.
@@ -1143,8 +1143,8 @@ nsHttpChannel::ProcessSTSHeader()
     if (PR_SUCCESS == PR_StringToNetAddr(asciiHost.get(), &hostAddr))
         return NS_OK;
 
-    nsIStrictTransportSecurityService* stss = gHttpHandler->GetSTSService();
-    NS_ENSURE_TRUE(stss, NS_ERROR_OUT_OF_MEMORY);
+    nsISiteSecurityService* sss = gHttpHandler->GetSSService();
+    NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
 
     // mSecurityInfo may not always be present, and if it's not then it is okay
     // to just disregard any STS headers since we know nothing about the
@@ -1155,7 +1155,7 @@ nsHttpChannel::ProcessSTSHeader()
     // If there are certificate errors, we still load the data, we just ignore
     // any STS headers that are present.
     bool tlsIsBroken = false;
-    rv = stss->ShouldIgnoreStsHeader(mSecurityInfo, &tlsIsBroken);
+    rv = sss->ShouldIgnoreStsHeader(mSecurityInfo, &tlsIsBroken);
     NS_ENSURE_SUCCESS(rv, NS_OK);
 
     // If this was already an STS host, the connection should have been aborted
@@ -1166,7 +1166,7 @@ nsHttpChannel::ProcessSTSHeader()
     bool wasAlreadySTSHost;
     uint32_t flags =
       NS_UsePrivateBrowsing(this) ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
-    rv = stss->IsStsURI(mURI, flags, &wasAlreadySTSHost);
+    rv = sss->IsStsURI(mURI, flags, &wasAlreadySTSHost);
     // Failure here means STS is broken.  Don't prevent the load, but this
     // shouldn't fail.
     NS_ENSURE_SUCCESS(rv, NS_OK);
@@ -1194,7 +1194,7 @@ nsHttpChannel::ProcessSTSHeader()
     // All other failures are fatal.
     NS_ENSURE_SUCCESS(rv, rv);
 
-    rv = stss->ProcessStsHeader(mURI, stsHeader.get(), flags, NULL, NULL);
+    rv = sss->ProcessStsHeader(mURI, stsHeader.get(), flags, NULL, NULL);
     if (NS_FAILED(rv)) {
         AddSecurityMessage(NS_LITERAL_STRING("InvalidSTSHeaders"),
                 NS_LITERAL_STRING("Invalid HSTS Headers"));

netwerk/protocol/http/nsHttpHandler.cpp

@@ -475,12 +475,12 @@ nsHttpHandler::GetStreamConverterService(nsIStreamConverterService **result)
     return NS_OK;
 }
 
-nsIStrictTransportSecurityService*
-nsHttpHandler::GetSTSService()
+nsISiteSecurityService*
+nsHttpHandler::GetSSService()
 {
-    if (!mSTSService)
-      mSTSService = do_GetService(NS_STSSERVICE_CONTRACTID);
-    return mSTSService;
+    if (!mSSService)
+      mSSService = do_GetService(NS_SSSERVICE_CONTRACTID);
+    return mSSService;
 }
 
 nsICookieService *
@@ -1830,17 +1830,17 @@ NS_IMETHODIMP
 nsHttpHandler::SpeculativeConnect(nsIURI *aURI,
                                   nsIInterfaceRequestor *aCallbacks)
 {
-    nsIStrictTransportSecurityService* stss = gHttpHandler->GetSTSService();
+    nsISiteSecurityService* sss = gHttpHandler->GetSSService();
     bool isStsHost = false;
-    if (!stss)
+    if (!sss)
         return NS_OK;
 
     nsCOMPtr<nsILoadContext> loadContext = do_GetInterface(aCallbacks);
     uint32_t flags = 0;
     if (loadContext && loadContext->UsePrivateBrowsing())
         flags |= nsISocketProvider::NO_PERMANENT_STORAGE;
     nsCOMPtr<nsIURI> clone;
-    if (NS_SUCCEEDED(stss->IsStsURI(aURI, flags, &isStsHost)) && isStsHost) {
+    if (NS_SUCCEEDED(sss->IsStsURI(aURI, flags, &isStsHost)) && isStsHost) {
         if (NS_SUCCEEDED(aURI->Clone(getter_AddRefs(clone)))) {
             clone->SetScheme(NS_LITERAL_CSTRING("https"));
             aURI = clone.get();

netwerk/protocol/http/nsHttpHandler.h

@@ -26,7 +26,7 @@
 #include "nsICacheSession.h"
 #include "nsICookieService.h"
 #include "nsITimer.h"
-#include "nsIStrictTransportSecurityService.h"
+#include "nsISiteSecurityService.h"
 #include "nsISpeculativeConnect.h"
 
 class nsHttpConnectionInfo;
@@ -196,7 +196,7 @@ class nsHttpHandler : public nsIHttpProtocolHandler
     nsresult GetStreamConverterService(nsIStreamConverterService **);
     nsresult GetIOService(nsIIOService** service);
     nsICookieService * GetCookieService(); // not addrefed
-    nsIStrictTransportSecurityService * GetSTSService();
+    nsISiteSecurityService * GetSSService();
 
     // callable from socket thread only
     uint32_t Get32BitsOfPseudoRandom();
@@ -308,7 +308,7 @@ class nsHttpHandler : public nsIHttpProtocolHandler
     nsCOMPtr<nsIStreamConverterService> mStreamConvSvc;
     nsCOMPtr<nsIObserverService>        mObserverService;
     nsCOMPtr<nsICookieService>          mCookieService;
-    nsCOMPtr<nsIStrictTransportSecurityService> mSTSService;
+    nsCOMPtr<nsISiteSecurityService>    mSSService;
 
     // the authentication credentials cache
     nsHttpAuthCache mAuthCache;

netwerk/test/TestSTSParser.cpp

@@ -9,7 +9,7 @@
 #include "plstr.h"
 #include "nsNetUtil.h"
 #include "nsStringGlue.h"
-#include "nsIStrictTransportSecurityService.h"
+#include "nsISiteSecurityService.h"
 #include "nsIPermissionManager.h"
 
 #define EXPECT_SUCCESS(rv, ...) \
@@ -40,7 +40,7 @@
 bool
 TestSuccess(const char* hdr, bool extraTokens,
             uint64_t expectedMaxAge, bool expectedIncludeSubdomains,
-            nsIStrictTransportSecurityService* stss,
+            nsISiteSecurityService* sss,
             nsIPermissionManager* pm)
 {
   nsCOMPtr<nsIURI> dummyUri;
@@ -49,7 +49,7 @@ TestSuccess(const char* hdr, bool extraTokens,
 
   uint64_t maxAge = 0;
   bool includeSubdomains = false;
-  rv = stss->ProcessStsHeader(dummyUri, hdr, 0, &maxAge, &includeSubdomains);
+  rv = sss->ProcessStsHeader(dummyUri, hdr, 0, &maxAge, &includeSubdomains);
   EXPECT_SUCCESS(rv, "Failed to process valid header: %s", hdr);
 
   REQUIRE_EQUAL(maxAge, expectedMaxAge, "Did not correctly parse maxAge");
@@ -67,14 +67,14 @@ TestSuccess(const char* hdr, bool extraTokens,
 }
 
 bool TestFailure(const char* hdr,
-                   nsIStrictTransportSecurityService* stss,
-                   nsIPermissionManager* pm)
+                 nsISiteSecurityService* sss,
+                 nsIPermissionManager* pm)
 {
   nsCOMPtr<nsIURI> dummyUri;
   nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html");
   EXPECT_SUCCESS(rv, "Failed to create URI");
 
-  rv = stss->ProcessStsHeader(dummyUri, hdr, 0, NULL, NULL);
+  rv = sss->ProcessStsHeader(dummyUri, hdr, 0, NULL, NULL);
   EXPECT_FAILURE(rv, "Parsed invalid header: %s", hdr);
   passed(hdr);
   return true;
@@ -96,8 +96,8 @@ main(int32_t argc, char *argv[])
     }
 
     // grab handle to the service
-    nsCOMPtr<nsIStrictTransportSecurityService> stss;
-    stss = do_GetService("@mozilla.org/stsservice;1", &rv);
+    nsCOMPtr<nsISiteSecurityService> sss;
+    sss = do_GetService("@mozilla.org/ssservice;1", &rv);
     NS_ENSURE_SUCCESS(rv, -1);
 
     nsCOMPtr<nsIPermissionManager> pm;
@@ -112,42 +112,42 @@ main(int32_t argc, char *argv[])
     printf("*** Attempting to parse valid STS headers ...\n");
 
     // SHOULD SUCCEED:
-    rvs.AppendElement(TestSuccess("max-age=100", false, 100, false, stss, pm));
-    rvs.AppendElement(TestSuccess("max-age  =100", false, 100, false, stss, pm));
-    rvs.AppendElement(TestSuccess(" max-age=100", false, 100, false, stss, pm));
-    rvs.AppendElement(TestSuccess("max-age = 100 ", false, 100, false, stss, pm));
-    rvs.AppendElement(TestSuccess("max-age = \"100\" ", false, 100, false, stss, pm));
-    rvs.AppendElement(TestSuccess("max-age=\"100\"", false, 100, false, stss, pm));
-    rvs.AppendElement(TestSuccess(" max-age =\"100\" ", false, 100, false, stss, pm));
-    rvs.AppendElement(TestSuccess("\tmax-age\t=\t\"100\"\t", false, 100, false, stss, pm));
-    rvs.AppendElement(TestSuccess("max-age  =       100             ", false, 100, false, stss, pm));
-
-    rvs.AppendElement(TestSuccess("maX-aGe=100", false, 100, false, stss, pm));
-    rvs.AppendElement(TestSuccess("MAX-age  =100", false, 100, false, stss, pm));
-    rvs.AppendElement(TestSuccess("max-AGE=100", false, 100, false, stss, pm));
-    rvs.AppendElement(TestSuccess("Max-Age = 100 ", false, 100, false, stss, pm));
-    rvs.AppendElement(TestSuccess("MAX-AGE = 100 ", false, 100, false, stss, pm));
-
-    rvs.AppendElement(TestSuccess("max-age=100;includeSubdomains", false, 100, true, stss, pm));
-    rvs.AppendElement(TestSuccess("max-age=100\t; includeSubdomains", false, 100, true, stss, pm));
-    rvs.AppendElement(TestSuccess(" max-age=100; includeSubdomains", false, 100, true, stss, pm));
-    rvs.AppendElement(TestSuccess("max-age = 100 ; includeSubdomains", false, 100, true, stss, pm));
-    rvs.AppendElement(TestSuccess("max-age  =       100             ; includeSubdomains", false, 100, true, stss, pm));
-
-    rvs.AppendElement(TestSuccess("maX-aGe=100; includeSUBDOMAINS", false, 100, true, stss, pm));
-    rvs.AppendElement(TestSuccess("MAX-age  =100; includeSubDomains", false, 100, true, stss, pm));
-    rvs.AppendElement(TestSuccess("max-AGE=100; iNcLuDeSuBdoMaInS", false, 100, true, stss, pm));
-    rvs.AppendElement(TestSuccess("Max-Age = 100; includesubdomains ", false, 100, true, stss, pm));
-    rvs.AppendElement(TestSuccess("INCLUDESUBDOMAINS;MaX-AgE = 100 ", false, 100, true, stss, pm));
+    rvs.AppendElement(TestSuccess("max-age=100", false, 100, false, sss, pm));
+    rvs.AppendElement(TestSuccess("max-age  =100", false, 100, false, sss, pm));
+    rvs.AppendElement(TestSuccess(" max-age=100", false, 100, false, sss, pm));
+    rvs.AppendElement(TestSuccess("max-age = 100 ", false, 100, false, sss, pm));
+    rvs.AppendElement(TestSuccess("max-age = \"100\" ", false, 100, false, sss, pm));
+    rvs.AppendElement(TestSuccess("max-age=\"100\"", false, 100, false, sss, pm));
+    rvs.AppendElement(TestSuccess(" max-age =\"100\" ", false, 100, false, sss, pm));
+    rvs.AppendElement(TestSuccess("\tmax-age\t=\t\"100\"\t", false, 100, false, sss, pm));
+    rvs.AppendElement(TestSuccess("max-age  =       100             ", false, 100, false, sss, pm));
+
+    rvs.AppendElement(TestSuccess("maX-aGe=100", false, 100, false, sss, pm));
+    rvs.AppendElement(TestSuccess("MAX-age  =100", false, 100, false, sss, pm));
+    rvs.AppendElement(TestSuccess("max-AGE=100", false, 100, false, sss, pm));
+    rvs.AppendElement(TestSuccess("Max-Age = 100 ", false, 100, false, sss, pm));
+    rvs.AppendElement(TestSuccess("MAX-AGE = 100 ", false, 100, false, sss, pm));
+
+    rvs.AppendElement(TestSuccess("max-age=100;includeSubdomains", false, 100, true, sss, pm));
+    rvs.AppendElement(TestSuccess("max-age=100\t; includeSubdomains", false, 100, true, sss, pm));
+    rvs.AppendElement(TestSuccess(" max-age=100; includeSubdomains", false, 100, true, sss, pm));
+    rvs.AppendElement(TestSuccess("max-age = 100 ; includeSubdomains", false, 100, true, sss, pm));
+    rvs.AppendElement(TestSuccess("max-age  =       100             ; includeSubdomains", false, 100, true, sss, pm));
+
+    rvs.AppendElement(TestSuccess("maX-aGe=100; includeSUBDOMAINS", false, 100, true, sss, pm));
+    rvs.AppendElement(TestSuccess("MAX-age  =100; includeSubDomains", false, 100, true, sss, pm));
+    rvs.AppendElement(TestSuccess("max-AGE=100; iNcLuDeSuBdoMaInS", false, 100, true, sss, pm));
+    rvs.AppendElement(TestSuccess("Max-Age = 100; includesubdomains ", false, 100, true, sss, pm));
+    rvs.AppendElement(TestSuccess("INCLUDESUBDOMAINS;MaX-AgE = 100 ", false, 100, true, sss, pm));
     // Turns out, the actual directive is entirely optional (hence the
     // trailing semicolon)
-    rvs.AppendElement(TestSuccess("max-age=100;includeSubdomains;", true, 100, true, stss, pm));
+    rvs.AppendElement(TestSuccess("max-age=100;includeSubdomains;", true, 100, true, sss, pm));
 
     // these are weird tests, but are testing that some extended syntax is
     // still allowed (but it is ignored)
-    rvs.AppendElement(TestSuccess("max-age=100 ; includesubdomainsSomeStuff", true, 100, false, stss, pm));
-    rvs.AppendElement(TestSuccess("\r\n\t\t    \tcompletelyUnrelated = foobar; max-age= 34520103    \t \t; alsoUnrelated;asIsThis;\tincludeSubdomains\t\t \t", true, 34520103, true, stss, pm));
-    rvs.AppendElement(TestSuccess("max-age=100; unrelated=\"quoted \\\"thingy\\\"\"", true, 100, false, stss, pm));
+    rvs.AppendElement(TestSuccess("max-age=100 ; includesubdomainsSomeStuff", true, 100, false, sss, pm));
+    rvs.AppendElement(TestSuccess("\r\n\t\t    \tcompletelyUnrelated = foobar; max-age= 34520103    \t \t; alsoUnrelated;asIsThis;\tincludeSubdomains\t\t \t", true, 34520103, true, sss, pm));
+    rvs.AppendElement(TestSuccess("max-age=100; unrelated=\"quoted \\\"thingy\\\"\"", true, 100, false, sss, pm));
 
     rv0 = rvs.Contains(false) ? 1 : 0;
     if (rv0 == 0)
@@ -158,37 +158,37 @@ main(int32_t argc, char *argv[])
     // SHOULD FAIL:
     printf("*** Attempting to parse invalid STS headers (should not parse)...\n");
     // invalid max-ages
-    rvs.AppendElement(TestFailure("max-age", stss, pm));
-    rvs.AppendElement(TestFailure("max-age ", stss, pm));
-    rvs.AppendElement(TestFailure("max-age=p", stss, pm));
-    rvs.AppendElement(TestFailure("max-age=*1p2", stss, pm));
-    rvs.AppendElement(TestFailure("max-age=.20032", stss, pm));
-    rvs.AppendElement(TestFailure("max-age=!20032", stss, pm));
-    rvs.AppendElement(TestFailure("max-age==20032", stss, pm));
+    rvs.AppendElement(TestFailure("max-age", sss, pm));
+    rvs.AppendElement(TestFailure("max-age ", sss, pm));
+    rvs.AppendElement(TestFailure("max-age=p", sss, pm));
+    rvs.AppendElement(TestFailure("max-age=*1p2", sss, pm));
+    rvs.AppendElement(TestFailure("max-age=.20032", sss, pm));
+    rvs.AppendElement(TestFailure("max-age=!20032", sss, pm));
+    rvs.AppendElement(TestFailure("max-age==20032", sss, pm));
 
     // invalid headers
-    rvs.AppendElement(TestFailure("foobar", stss, pm));
-    rvs.AppendElement(TestFailure("maxage=100", stss, pm));
-    rvs.AppendElement(TestFailure("maxa-ge=100", stss, pm));
-    rvs.AppendElement(TestFailure("max-ag=100", stss, pm));
-    rvs.AppendElement(TestFailure("includesubdomains", stss, pm));
-    rvs.AppendElement(TestFailure(";", stss, pm));
-    rvs.AppendElement(TestFailure("max-age=\"100", stss, pm));
+    rvs.AppendElement(TestFailure("foobar", sss, pm));
+    rvs.AppendElement(TestFailure("maxage=100", sss, pm));
+    rvs.AppendElement(TestFailure("maxa-ge=100", sss, pm));
+    rvs.AppendElement(TestFailure("max-ag=100", sss, pm));
+    rvs.AppendElement(TestFailure("includesubdomains", sss, pm));
+    rvs.AppendElement(TestFailure(";", sss, pm));
+    rvs.AppendElement(TestFailure("max-age=\"100", sss, pm));
     // The max-age directive here doesn't conform to the spec, so it MUST
     // be ignored. Consequently, the REQUIRED max-age directive is not
     // present in this header, and so it is invalid.
-    rvs.AppendElement(TestFailure("max-age=100, max-age=200; includeSubdomains", stss, pm));
-    rvs.AppendElement(TestFailure("max-age=100 includesubdomains", stss, pm));
-    rvs.AppendElement(TestFailure("max-age=100 bar foo", stss, pm));
-    rvs.AppendElement(TestFailure("max-age=100randomstuffhere", stss, pm));
+    rvs.AppendElement(TestFailure("max-age=100, max-age=200; includeSubdomains", sss, pm));
+    rvs.AppendElement(TestFailure("max-age=100 includesubdomains", sss, pm));
+    rvs.AppendElement(TestFailure("max-age=100 bar foo", sss, pm));
+    rvs.AppendElement(TestFailure("max-age=100randomstuffhere", sss, pm));
     // All directives MUST appear only once in an STS header field.
-    rvs.AppendElement(TestFailure("max-age=100; max-age=200", stss, pm));
-    rvs.AppendElement(TestFailure("includeSubdomains; max-age=200; includeSubdomains", stss, pm));
-    rvs.AppendElement(TestFailure("max-age=200; includeSubdomains; includeSubdomains", stss, pm));
+    rvs.AppendElement(TestFailure("max-age=100; max-age=200", sss, pm));
+    rvs.AppendElement(TestFailure("includeSubdomains; max-age=200; includeSubdomains", sss, pm));
+    rvs.AppendElement(TestFailure("max-age=200; includeSubdomains; includeSubdomains", sss, pm));
     // The includeSubdomains directive is valueless.
-    rvs.AppendElement(TestFailure("max-age=100; includeSubdomains=unexpected", stss, pm));
+    rvs.AppendElement(TestFailure("max-age=100; includeSubdomains=unexpected", sss, pm));
     // LWS must have at least one space or horizontal tab
-    rvs.AppendElement(TestFailure("\r\nmax-age=200", stss, pm));
+    rvs.AppendElement(TestFailure("\r\nmax-age=200", sss, pm));
 
     rv1 = rvs.Contains(false) ? 1 : 0;
     if (rv1 == 0)