Evict HSTS entries when a max-age of 0 is seen

components/net/resource_task.rs

@@ -214,7 +214,7 @@ impl HSTSEntry {
     pub fn is_expired(&self) -> bool {
         match (self.max_age, self.timestamp) {
             (Some(max_age), Some(timestamp)) => {
-                (time::get_time().sec as u64) - timestamp > max_age
+                (time::get_time().sec as u64) - timestamp >= max_age
             },
 
             _ => false

tests/unit/net/resource_task.rs

@@ -80,6 +80,17 @@ fn test_hsts_entry_cant_be_created_with_ipv4_address_as_host() {
     }
 }
 
+#[test]
+fn test_push_entry_with_0_max_age_evicts_entry_from_list() {
+    let mut list = HSTSList {
+        entries: vec!(HSTSEntry::new("mozilla.org".to_string(), false, Some(500000u64)).unwrap())
+    };
+
+    list.push(HSTSEntry::new("mozilla.org".to_string(), false, Some(0)).unwrap());
+
+    assert!(list.is_host_secure("mozilla.org") == false)
+}
+
 #[test]
 fn test_push_entry_to_hsts_list_should_not_add_subdomains_whose_superdomain_is_already_matched() {
     let mut list = HSTSList {