diff options
-rw-r--r-- | dom/security/nsContentSecurityManager.cpp | 3 | ||||
-rw-r--r-- | modules/libpref/init/all.js | 3 | ||||
-rw-r--r-- | netwerk/base/nsIOService.cpp | 9 | ||||
-rw-r--r-- | netwerk/base/nsIOService.h | 4 |
4 files changed, 19 insertions, 0 deletions
diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp index f2cbc8fcf..12c55e8f6 100644 --- a/dom/security/nsContentSecurityManager.cpp +++ b/dom/security/nsContentSecurityManager.cpp @@ -98,6 +98,9 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel) // We dissallow using FTP resources as a subresource everywhere. // The only valid way to use FTP resources is loading it as // a top level document. + if (!mozilla::net::nsIOService::BlockFTPSubresources()) { + return NS_OK; + } nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo(); if (!loadInfo) { diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index f761c70b9..1aec5f393 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -5440,6 +5440,9 @@ pref("layout.css.servo.enabled", true); // URL-Bar will not be blocked when flipping this pref. pref("security.data_uri.block_toplevel_data_uri_navigations", true); +// If true, all FTP subresource loads will be blocked. +pref("security.block_ftp_subresources", true); + // Disable Storage api in release builds. #ifdef NIGHTLY_BUILD pref("dom.storageManager.enabled", true); diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp index e0dc7d8e8..bd9a4a96f 100644 --- a/netwerk/base/nsIOService.cpp +++ b/netwerk/base/nsIOService.cpp @@ -166,6 +166,7 @@ uint32_t nsIOService::gDefaultSegmentSize = 4096; uint32_t nsIOService::gDefaultSegmentCount = 24; bool nsIOService::sBlockToplevelDataUriNavigations = false; +bool nsIOService::sBlockFTPSubresources = false; //////////////////////////////////////////////////////////////////////////////// @@ -243,6 +244,8 @@ nsIOService::Init() Preferences::AddBoolVarCache(&sBlockToplevelDataUriNavigations, "security.data_uri.block_toplevel_data_uri_navigations", false); + Preferences::AddBoolVarCache(&sBlockFTPSubresources, + "security.block_ftp_subresources", true); Preferences::AddBoolVarCache(&mOfflineMirrorsConnectivity, OFFLINE_MIRRORS_CONNECTIVITY, true); gIOService = this; @@ -1869,5 +1872,11 @@ nsIOService::BlockToplevelDataUriNavigations() return sBlockToplevelDataUriNavigations; } +/*static*/ bool +nsIOService::BlockFTPSubresources() +{ + return sBlockFTPSubresources; +} + } // namespace net } // namespace mozilla diff --git a/netwerk/base/nsIOService.h b/netwerk/base/nsIOService.h index 19eed743a..f3a26f5d2 100644 --- a/netwerk/base/nsIOService.h +++ b/netwerk/base/nsIOService.h @@ -94,6 +94,8 @@ public: static bool BlockToplevelDataUriNavigations(); + static bool BlockFTPSubresources(); + // Used to trigger a recheck of the captive portal status nsresult RecheckCaptivePortal(); private: @@ -175,6 +177,8 @@ private: static bool sBlockToplevelDataUriNavigations; + static bool sBlockFTPSubresources; + // Time a network tearing down started. mozilla::Atomic<PRIntervalTime> mNetTearingDownStarted; public: |