summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--dom/security/nsContentSecurityManager.cpp3
-rw-r--r--modules/libpref/init/all.js3
-rw-r--r--netwerk/base/nsIOService.cpp9
-rw-r--r--netwerk/base/nsIOService.h4
4 files changed, 19 insertions, 0 deletions
diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp
index f2cbc8fcf..12c55e8f6 100644
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -98,6 +98,9 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel)
// We dissallow using FTP resources as a subresource everywhere.
// The only valid way to use FTP resources is loading it as
// a top level document.
+ if (!mozilla::net::nsIOService::BlockFTPSubresources()) {
+ return NS_OK;
+ }
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
if (!loadInfo) {
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
index f761c70b9..1aec5f393 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -5440,6 +5440,9 @@ pref("layout.css.servo.enabled", true);
// URL-Bar will not be blocked when flipping this pref.
pref("security.data_uri.block_toplevel_data_uri_navigations", true);
+// If true, all FTP subresource loads will be blocked.
+pref("security.block_ftp_subresources", true);
+
// Disable Storage api in release builds.
#ifdef NIGHTLY_BUILD
pref("dom.storageManager.enabled", true);
diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
index e0dc7d8e8..bd9a4a96f 100644
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@@ -166,6 +166,7 @@ uint32_t nsIOService::gDefaultSegmentSize = 4096;
uint32_t nsIOService::gDefaultSegmentCount = 24;
bool nsIOService::sBlockToplevelDataUriNavigations = false;
+bool nsIOService::sBlockFTPSubresources = false;
////////////////////////////////////////////////////////////////////////////////
@@ -243,6 +244,8 @@ nsIOService::Init()
Preferences::AddBoolVarCache(&sBlockToplevelDataUriNavigations,
"security.data_uri.block_toplevel_data_uri_navigations", false);
+ Preferences::AddBoolVarCache(&sBlockFTPSubresources,
+ "security.block_ftp_subresources", true);
Preferences::AddBoolVarCache(&mOfflineMirrorsConnectivity, OFFLINE_MIRRORS_CONNECTIVITY, true);
gIOService = this;
@@ -1869,5 +1872,11 @@ nsIOService::BlockToplevelDataUriNavigations()
return sBlockToplevelDataUriNavigations;
}
+/*static*/ bool
+nsIOService::BlockFTPSubresources()
+{
+ return sBlockFTPSubresources;
+}
+
} // namespace net
} // namespace mozilla
diff --git a/netwerk/base/nsIOService.h b/netwerk/base/nsIOService.h
index 19eed743a..f3a26f5d2 100644
--- a/netwerk/base/nsIOService.h
+++ b/netwerk/base/nsIOService.h
@@ -94,6 +94,8 @@ public:
static bool BlockToplevelDataUriNavigations();
+ static bool BlockFTPSubresources();
+
// Used to trigger a recheck of the captive portal status
nsresult RecheckCaptivePortal();
private:
@@ -175,6 +177,8 @@ private:
static bool sBlockToplevelDataUriNavigations;
+ static bool sBlockFTPSubresources;
+
// Time a network tearing down started.
mozilla::Atomic<PRIntervalTime> mNetTearingDownStarted;
public: