diff options
Diffstat (limited to 'netwerk/base')
28 files changed, 345 insertions, 276 deletions
diff --git a/netwerk/base/LoadInfo.cpp b/netwerk/base/LoadInfo.cpp index 42fdea4a1..ebe9d4703 100644 --- a/netwerk/base/LoadInfo.cpp +++ b/netwerk/base/LoadInfo.cpp @@ -7,6 +7,7 @@ #include "mozilla/LoadInfo.h" #include "mozilla/Assertions.h" +#include "mozilla/dom/TabChild.h" #include "mozilla/dom/ToJSValue.h" #include "mozIThirdPartyUtil.h" #include "nsFrameLoader.h" @@ -47,12 +48,14 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, aTriggeringPrincipal : mLoadingPrincipal.get()) , mPrincipalToInherit(nullptr) , mLoadingContext(do_GetWeakReference(aLoadingContext)) + , mContextForTopLevelLoad(nullptr) , mSecurityFlags(aSecurityFlags) , mInternalContentPolicyType(aContentPolicyType) , mTainting(LoadTainting::Basic) , mUpgradeInsecureRequests(false) , mVerifySignedContent(false) , mEnforceSRI(false) + , mForceAllowDataURI(false) , mForceInheritPrincipalDropped(false) , mInnerWindowID(0) , mOuterWindowID(0) @@ -63,8 +66,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, , mIsThirdPartyContext(false) , mForcePreflight(false) , mIsPreflight(false) - , mForceHSTSPriming(false) - , mMixedContentWouldBlock(false) + , mLoadTriggeredFromExternal(false) { MOZ_ASSERT(mLoadingPrincipal); MOZ_ASSERT(mTriggeringPrincipal); @@ -79,7 +81,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, // This constructor shouldn't be used for TYPE_DOCUMENT loads that don't // have a loadingPrincipal - MOZ_ASSERT(skipContentTypeCheck || + MOZ_ASSERT(skipContentTypeCheck || mLoadingPrincipal || mInternalContentPolicyType != nsIContentPolicy::TYPE_DOCUMENT); // TODO(bug 1259873): Above, we initialize mIsThirdPartyContext to false meaning @@ -215,16 +217,19 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, */ LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow, nsIPrincipal* aTriggeringPrincipal, + nsISupports* aContextForTopLevelLoad, nsSecurityFlags aSecurityFlags) : mLoadingPrincipal(nullptr) , mTriggeringPrincipal(aTriggeringPrincipal) , mPrincipalToInherit(nullptr) + , mContextForTopLevelLoad(do_GetWeakReference(aContextForTopLevelLoad)) , mSecurityFlags(aSecurityFlags) , mInternalContentPolicyType(nsIContentPolicy::TYPE_DOCUMENT) , mTainting(LoadTainting::Basic) , mUpgradeInsecureRequests(false) , mVerifySignedContent(false) , mEnforceSRI(false) + , mForceAllowDataURI(false) , mForceInheritPrincipalDropped(false) , mInnerWindowID(0) , mOuterWindowID(0) @@ -235,8 +240,7 @@ LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow, , mIsThirdPartyContext(false) // NB: TYPE_DOCUMENT implies not third-party. , mForcePreflight(false) , mIsPreflight(false) - , mForceHSTSPriming(false) - , mMixedContentWouldBlock(false) + , mLoadTriggeredFromExternal(false) { // Top-level loads are never third-party // Grab the information we can out of the window. @@ -276,12 +280,14 @@ LoadInfo::LoadInfo(const LoadInfo& rhs) , mTriggeringPrincipal(rhs.mTriggeringPrincipal) , mPrincipalToInherit(rhs.mPrincipalToInherit) , mLoadingContext(rhs.mLoadingContext) + , mContextForTopLevelLoad(rhs.mContextForTopLevelLoad) , mSecurityFlags(rhs.mSecurityFlags) , mInternalContentPolicyType(rhs.mInternalContentPolicyType) , mTainting(rhs.mTainting) , mUpgradeInsecureRequests(rhs.mUpgradeInsecureRequests) , mVerifySignedContent(rhs.mVerifySignedContent) , mEnforceSRI(rhs.mEnforceSRI) + , mForceAllowDataURI(rhs.mForceAllowDataURI) , mForceInheritPrincipalDropped(rhs.mForceInheritPrincipalDropped) , mInnerWindowID(rhs.mInnerWindowID) , mOuterWindowID(rhs.mOuterWindowID) @@ -297,8 +303,7 @@ LoadInfo::LoadInfo(const LoadInfo& rhs) , mCorsUnsafeHeaders(rhs.mCorsUnsafeHeaders) , mForcePreflight(rhs.mForcePreflight) , mIsPreflight(rhs.mIsPreflight) - , mForceHSTSPriming(rhs.mForceHSTSPriming) - , mMixedContentWouldBlock(rhs.mMixedContentWouldBlock) + , mLoadTriggeredFromExternal(rhs.mLoadTriggeredFromExternal) { } @@ -311,6 +316,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, bool aUpgradeInsecureRequests, bool aVerifySignedContent, bool aEnforceSRI, + bool aForceAllowDataURI, bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID, uint64_t aOuterWindowID, @@ -325,8 +331,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, const nsTArray<nsCString>& aCorsUnsafeHeaders, bool aForcePreflight, bool aIsPreflight, - bool aForceHSTSPriming, - bool aMixedContentWouldBlock) + bool aLoadTriggeredFromExternal) : mLoadingPrincipal(aLoadingPrincipal) , mTriggeringPrincipal(aTriggeringPrincipal) , mPrincipalToInherit(aPrincipalToInherit) @@ -336,6 +341,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, , mUpgradeInsecureRequests(aUpgradeInsecureRequests) , mVerifySignedContent(aVerifySignedContent) , mEnforceSRI(aEnforceSRI) + , mForceAllowDataURI(aForceAllowDataURI) , mForceInheritPrincipalDropped(aForceInheritPrincipalDropped) , mInnerWindowID(aInnerWindowID) , mOuterWindowID(aOuterWindowID) @@ -348,8 +354,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, , mCorsUnsafeHeaders(aCorsUnsafeHeaders) , mForcePreflight(aForcePreflight) , mIsPreflight(aIsPreflight) - , mForceHSTSPriming (aForceHSTSPriming) - , mMixedContentWouldBlock(aMixedContentWouldBlock) + , mLoadTriggeredFromExternal(aLoadTriggeredFromExternal) { // Only top level TYPE_DOCUMENT loads can have a null loadingPrincipal MOZ_ASSERT(mLoadingPrincipal || aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT); @@ -477,6 +482,38 @@ LoadInfo::LoadingNode() return node; } +nsISupports* +LoadInfo::ContextForTopLevelLoad() +{ + // Most likely you want to query LoadingNode() instead of + // ContextForTopLevelLoad() if this assertion fires. + MOZ_ASSERT(mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT, + "should only query this context for top level document loads"); + nsCOMPtr<nsISupports> context = do_QueryReferent(mContextForTopLevelLoad); + return context; +} + +already_AddRefed<nsISupports> +LoadInfo::GetLoadingContext() +{ + nsCOMPtr<nsISupports> context; + if (mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT) { + context = ContextForTopLevelLoad(); + } + else { + context = LoadingNode(); + } + return context.forget(); +} + +NS_IMETHODIMP +LoadInfo::GetLoadingContextXPCOM(nsISupports** aResult) +{ + nsCOMPtr<nsISupports> context = GetLoadingContext(); + context.forget(aResult); + return NS_OK; +} + NS_IMETHODIMP LoadInfo::GetSecurityFlags(nsSecurityFlags* aResult) { @@ -648,6 +685,23 @@ LoadInfo::GetEnforceSRI(bool* aResult) } NS_IMETHODIMP +LoadInfo::SetForceAllowDataURI(bool aForceAllowDataURI) +{ + MOZ_ASSERT(!mForceAllowDataURI || + mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT, + "can only allow data URI navigation for TYPE_DOCUMENT"); + mForceAllowDataURI = aForceAllowDataURI; + return NS_OK; +} + +NS_IMETHODIMP +LoadInfo::GetForceAllowDataURI(bool* aForceAllowDataURI) +{ + *aForceAllowDataURI = mForceAllowDataURI; + return NS_OK; +} + +NS_IMETHODIMP LoadInfo::GetForceInheritPrincipalDropped(bool* aResult) { *aResult = mForceInheritPrincipalDropped; @@ -873,33 +927,22 @@ LoadInfo::GetIsPreflight(bool* aIsPreflight) } NS_IMETHODIMP -LoadInfo::GetForceHSTSPriming(bool* aForceHSTSPriming) +LoadInfo::SetLoadTriggeredFromExternal(bool aLoadTriggeredFromExternal) { - *aForceHSTSPriming = mForceHSTSPriming; + MOZ_ASSERT(!aLoadTriggeredFromExternal || + mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT, + "can only set load triggered from external for TYPE_DOCUMENT"); + mLoadTriggeredFromExternal = aLoadTriggeredFromExternal; return NS_OK; } NS_IMETHODIMP -LoadInfo::GetMixedContentWouldBlock(bool *aMixedContentWouldBlock) +LoadInfo::GetLoadTriggeredFromExternal(bool* aLoadTriggeredFromExternal) { - *aMixedContentWouldBlock = mMixedContentWouldBlock; + *aLoadTriggeredFromExternal = mLoadTriggeredFromExternal; return NS_OK; } -void -LoadInfo::SetHSTSPriming(bool aMixedContentWouldBlock) -{ - mForceHSTSPriming = true; - mMixedContentWouldBlock = aMixedContentWouldBlock; -} - -void -LoadInfo::ClearHSTSPriming() -{ - mForceHSTSPriming = false; - mMixedContentWouldBlock = false; -} - NS_IMETHODIMP LoadInfo::GetTainting(uint32_t* aTaintingOut) { diff --git a/netwerk/base/LoadInfo.h b/netwerk/base/LoadInfo.h index 3e1b92ff4..2b1e8c9e8 100644 --- a/netwerk/base/LoadInfo.h +++ b/netwerk/base/LoadInfo.h @@ -59,10 +59,12 @@ public: nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType); - // Constructor used for TYPE_DOCUMENT loads which have no reasonable - // loadingNode or loadingPrincipal + // Constructor used for TYPE_DOCUMENT loads which have a different + // loadingContext than other loads. This ContextForTopLevelLoad is + // only used for content policy checks. LoadInfo(nsPIDOMWindowOuter* aOuterWindow, nsIPrincipal* aTriggeringPrincipal, + nsISupports* aContextForTopLevelLoad, nsSecurityFlags aSecurityFlags); // create an exact copy of the loadinfo @@ -94,6 +96,7 @@ private: bool aUpgradeInsecureRequests, bool aVerifySignedContent, bool aEnforceSRI, + bool aForceAllowDataURI, bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID, uint64_t aOuterWindowID, @@ -108,8 +111,7 @@ private: const nsTArray<nsCString>& aUnsafeHeaders, bool aForcePreflight, bool aIsPreflight, - bool aForceHSTSPriming, - bool aMixedContentWouldBlock); + bool aLoadTriggeredFromExternal); LoadInfo(const LoadInfo& rhs); friend nsresult @@ -132,12 +134,14 @@ private: nsCOMPtr<nsIPrincipal> mTriggeringPrincipal; nsCOMPtr<nsIPrincipal> mPrincipalToInherit; nsWeakPtr mLoadingContext; + nsWeakPtr mContextForTopLevelLoad; nsSecurityFlags mSecurityFlags; nsContentPolicyType mInternalContentPolicyType; LoadTainting mTainting; bool mUpgradeInsecureRequests; bool mVerifySignedContent; bool mEnforceSRI; + bool mForceAllowDataURI; bool mForceInheritPrincipalDropped; uint64_t mInnerWindowID; uint64_t mOuterWindowID; @@ -152,9 +156,7 @@ private: nsTArray<nsCString> mCorsUnsafeHeaders; bool mForcePreflight; bool mIsPreflight; - - bool mForceHSTSPriming : 1; - bool mMixedContentWouldBlock : 1; + bool mLoadTriggeredFromExternal; }; } // namespace net diff --git a/netwerk/base/TLSServerSocket.cpp b/netwerk/base/TLSServerSocket.cpp index b32a9a188..257a7f5da 100644 --- a/netwerk/base/TLSServerSocket.cpp +++ b/netwerk/base/TLSServerSocket.cpp @@ -419,6 +419,13 @@ TLSServerConnectionInfo::GetCipherName(nsACString& aCipherName) } NS_IMETHODIMP +TLSServerConnectionInfo::GetCipherSuite(nsACString& aCipherSuite) +{ + aCipherSuite.Assign(mCipherSuite); + return NS_OK; +} + +NS_IMETHODIMP TLSServerConnectionInfo::GetKeyLength(uint32_t* aKeyLength) { if (NS_WARN_IF(!aKeyLength)) { @@ -490,7 +497,8 @@ TLSServerConnectionInfo::HandshakeCallback(PRFileDesc* aFD) if (NS_FAILED(rv)) { return rv; } - mCipherName.Assign(cipherInfo.cipherSuiteName); + mCipherName.Assign(cipherInfo.symCipherName); + mCipherSuite.Assign(cipherInfo.cipherSuiteName); mKeyLength = cipherInfo.effectiveKeyBits; mMacLength = cipherInfo.macBits; diff --git a/netwerk/base/TLSServerSocket.h b/netwerk/base/TLSServerSocket.h index 9fb57e0cc..fd47fc918 100644 --- a/netwerk/base/TLSServerSocket.h +++ b/netwerk/base/TLSServerSocket.h @@ -68,6 +68,7 @@ private: nsCOMPtr<nsIX509Cert> mPeerCert; int16_t mTlsVersionUsed; nsCString mCipherName; + nsCString mCipherSuite; uint32_t mKeyLength; uint32_t mMacLength; // lock protects access to mSecurityObserver diff --git a/netwerk/base/Tickler.h b/netwerk/base/Tickler.h index 573fe6e76..63353a924 100644 --- a/netwerk/base/Tickler.h +++ b/netwerk/base/Tickler.h @@ -27,7 +27,7 @@ // The tickler only applies to wifi on mobile right now. Hopefully it // can also be restricted to particular handset models in the future. -#if defined(ANDROID) && !defined(MOZ_B2G) +#if defined(ANDROID) #define MOZ_USE_WIFI_TICKLER #endif diff --git a/netwerk/base/moz.build b/netwerk/base/moz.build index 3b731db10..3198d746c 100644 --- a/netwerk/base/moz.build +++ b/netwerk/base/moz.build @@ -132,7 +132,6 @@ XPIDL_SOURCES += [ 'nsIURIClassifier.idl', 'nsIURIWithBlobImpl.idl', 'nsIURIWithPrincipal.idl', - 'nsIURIWithQuery.idl', 'nsIURL.idl', 'nsIURLParser.idl', 'nsPILoadGroupInternal.idl', @@ -183,11 +182,6 @@ EXPORTS.mozilla.net += [ 'ReferrerPolicy.h', ] -if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'gonk': - EXPORTS += [ - 'NetStatistics.h', - ] - UNIFIED_SOURCES += [ 'ArrayBufferInputStream.cpp', 'BackgroundFileSaver.cpp', diff --git a/netwerk/base/nsBufferedStreams.h b/netwerk/base/nsBufferedStreams.h index 93a770beb..fee55695a 100644 --- a/netwerk/base/nsBufferedStreams.h +++ b/netwerk/base/nsBufferedStreams.h @@ -88,10 +88,10 @@ protected: //////////////////////////////////////////////////////////////////////////////// -class nsBufferedOutputStream final : public nsBufferedStream, - public nsISafeOutputStream, - public nsIBufferedOutputStream, - public nsIStreamBufferAccess +class nsBufferedOutputStream : public nsBufferedStream, + public nsISafeOutputStream, + public nsIBufferedOutputStream, + public nsIStreamBufferAccess { public: NS_DECL_ISUPPORTS_INHERITED diff --git a/netwerk/base/nsILoadGroup.idl b/netwerk/base/nsILoadGroup.idl index 4f89bd0e3..d0cad5ece 100644 --- a/netwerk/base/nsILoadGroup.idl +++ b/netwerk/base/nsILoadGroup.idl @@ -95,10 +95,4 @@ interface nsILoadGroup : nsIRequest * the docShell has created the default request.) */ attribute nsLoadFlags defaultLoadFlags; - - /** - * The cached user agent override created by UserAgentOverrides.jsm. Used - * for all sub-resource requests in the loadgroup. - */ - attribute ACString userAgentOverrideCache; }; diff --git a/netwerk/base/nsILoadInfo.idl b/netwerk/base/nsILoadInfo.idl index 78433c8b8..bc609c317 100644 --- a/netwerk/base/nsILoadInfo.idl +++ b/netwerk/base/nsILoadInfo.idl @@ -10,7 +10,7 @@ interface nsIDOMDocument; interface nsINode; interface nsIPrincipal; - +native LoadContextRef(already_AddRefed<nsISupports>); %{C++ #include "nsTArray.h" #include "mozilla/BasePrincipal.h" @@ -324,6 +324,31 @@ interface nsILoadInfo : nsISupports nsINode binaryLoadingNode(); /** + * A C++ friendly version of the loadingContext for toplevel loads. + * Most likely you want to query the ownerDocument or LoadingNode + * and not this context only available for TYPE_DOCUMENT loads. + * Please note that except for loads of TYPE_DOCUMENT, this + * ContextForTopLevelLoad will always return null. + */ + [noscript, notxpcom, nostdcall, binaryname(ContextForTopLevelLoad)] + nsISupports binaryContextForTopLevelLoad(); + + /** + * For all loads except loads of TYPE_DOCUMENT, the loadingContext + * simply returns the loadingNode. For loads of TYPE_DOCUMENT this + * will return the context available for top-level loads which + * do not have a loadingNode. + */ + [binaryname(LoadingContextXPCOM)] + readonly attribute nsISupports loadingContext; + + /** + * A C++ friendly version of the loadingContext. + */ + [noscript, notxpcom, nostdcall, binaryname(GetLoadingContext)] + LoadContextRef binaryGetLoadingContext(); + + /** * The securityFlags of that channel. */ readonly attribute nsSecurityFlags securityFlags; @@ -470,6 +495,11 @@ interface nsILoadInfo : nsISupports [infallible] attribute boolean enforceSRI; /** + * If true, toplevel data: URI navigation is allowed + */ + [infallible] attribute boolean forceAllowDataURI; + + /** * The SEC_FORCE_INHERIT_PRINCIPAL flag may be dropped when a load info * object is created. Specifically, it will be dropped if the SEC_SANDBOXED * flag is also present. This flag is set if SEC_FORCE_INHERIT_PRINCIPAL was @@ -575,6 +605,13 @@ interface nsILoadInfo : nsISupports [infallible] attribute boolean initialSecurityCheckDone; /** + * Returns true if the load was triggered from an external application + * (e.g. Thunderbird). Please note that this flag will only ever be true + * if the load is of TYPE_DOCUMENT. + */ + [infallible] attribute boolean loadTriggeredFromExternal; + + /** * Whenever a channel gets redirected, append the principal of the * channel [before the channels got redirected] to the loadinfo, * so that at every point this array lets us reason about all the @@ -649,32 +686,6 @@ interface nsILoadInfo : nsISupports [infallible] readonly attribute boolean isPreflight; /** - * When this request would be mixed-content and we do not have an - * entry in the HSTS cache, we send an HSTS priming request to - * determine if it is ok to upgrade the request to HTTPS. - */ - /** - * True if this is a mixed-content load and HSTS priming request will be sent. - */ - [noscript, infallible] readonly attribute boolean forceHSTSPriming; - /** - * Carry the decision whether this load would be blocked by mixed content so - * that if HSTS priming fails, the correct decision can be made. - */ - [noscript, infallible] readonly attribute boolean mixedContentWouldBlock; - - /** - * Mark this LoadInfo as needing HSTS Priming - * - * @param wouldBlock Carry the decision of Mixed Content Blocking to be - * applied when HSTS priming is complete. - */ - [noscript, notxpcom, nostdcall] - void setHSTSPriming(in boolean mixeContentWouldBlock); - [noscript, notxpcom, nostdcall] - void clearHSTSPriming(); - - /** * Constants reflecting the channel tainting. These are mainly defined here * for script. Internal C++ code should use the enum defined in LoadTainting.h. * See LoadTainting.h for documentation. diff --git a/netwerk/base/nsINetworkInterceptController.idl b/netwerk/base/nsINetworkInterceptController.idl index 17d27de42..721b7a334 100644 --- a/netwerk/base/nsINetworkInterceptController.idl +++ b/netwerk/base/nsINetworkInterceptController.idl @@ -14,12 +14,16 @@ interface nsIURI; %{C++ #include "nsIConsoleReportCollector.h" namespace mozilla { +class TimeStamp; + namespace dom { class ChannelInfo; } } %} +native TimeStamp(mozilla::TimeStamp); + [ptr] native ChannelInfo(mozilla::dom::ChannelInfo); /** @@ -97,6 +101,30 @@ interface nsIInterceptedChannel : nsISupports [noscript] readonly attribute nsIConsoleReportCollector consoleReportCollector; + /** + * Save the timestamps of various service worker interception phases. + */ + [noscript] + void SetLaunchServiceWorkerStart(in TimeStamp aTimeStamp); + + [noscript] + void SetLaunchServiceWorkerEnd(in TimeStamp aTimeStamp); + + [noscript] + void SetDispatchFetchEventStart(in TimeStamp aTimeStamp); + + [noscript] + void SetDispatchFetchEventEnd(in TimeStamp aTimeStamp); + + [noscript] + void SetHandleFetchEventStart(in TimeStamp aTimeStamp); + + [noscript] + void SetHandleFetchEventEnd(in TimeStamp aTimeStamp); + + [noscript] + void SaveTimeStampsToUnderlyingChannel(); + %{C++ already_AddRefed<nsIConsoleReportCollector> GetConsoleReportCollector() diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp index 0da79c18a..e13541acf 100644 --- a/netwerk/base/nsIOService.cpp +++ b/netwerk/base/nsIOService.cpp @@ -59,11 +59,6 @@ #include "nsContentUtils.h" #include "xpcpublic.h" -#ifdef MOZ_WIDGET_GONK -#include "nsINetworkManager.h" -#include "nsINetworkInterface.h" -#endif - namespace mozilla { namespace net { @@ -173,6 +168,8 @@ uint32_t nsIOService::gDefaultSegmentCount = 24; bool nsIOService::sTelemetryEnabled = false; +bool nsIOService::sBlockToplevelDataUriNavigations = false; + //////////////////////////////////////////////////////////////////////////////// nsIOService::nsIOService() @@ -251,6 +248,8 @@ nsIOService::Init() NS_WARNING("failed to get observer service"); Preferences::AddBoolVarCache(&sTelemetryEnabled, "toolkit.telemetry.enabled", false); + Preferences::AddBoolVarCache(&sBlockToplevelDataUriNavigations, + "security.data_uri.block_toplevel_data_uri_navigations", false); Preferences::AddBoolVarCache(&mOfflineMirrorsConnectivity, OFFLINE_MIRRORS_CONNECTIVITY, true); gIOService = this; @@ -1876,5 +1875,11 @@ nsIOService::SpeculativeAnonymousConnect2(nsIURI *aURI, return SpeculativeConnectInternal(aURI, aPrincipal, aCallbacks, true); } +/*static*/ bool +nsIOService::BlockToplevelDataUriNavigations() +{ + return sBlockToplevelDataUriNavigations; +} + } // namespace net } // namespace mozilla diff --git a/netwerk/base/nsIOService.h b/netwerk/base/nsIOService.h index 7ac23b791..e592c4d1c 100644 --- a/netwerk/base/nsIOService.h +++ b/netwerk/base/nsIOService.h @@ -95,6 +95,8 @@ public: bool IsLinkUp(); + static bool BlockToplevelDataUriNavigations(); + // Used to trigger a recheck of the captive portal status nsresult RecheckCaptivePortal(); private: @@ -176,6 +178,8 @@ private: static bool sTelemetryEnabled; + static bool sBlockToplevelDataUriNavigations; + // These timestamps are needed for collecting telemetry on PR_Connect, // PR_ConnectContinue and PR_Close blocking time. If we spend very long // time in any of these functions we want to know if and what network diff --git a/netwerk/base/nsITLSServerSocket.idl b/netwerk/base/nsITLSServerSocket.idl index 9a03c2ead..57485357f 100644 --- a/netwerk/base/nsITLSServerSocket.idl +++ b/netwerk/base/nsITLSServerSocket.idl @@ -94,7 +94,7 @@ interface nsITLSServerSocket : nsIServerSocket * method of the security observer has been called (see * |nsITLSServerSecurityObserver| below). */ -[scriptable, uuid(19668ea4-e5ad-4182-9698-7e890d48f327)] +[scriptable, uuid(205e273d-2439-449b-bfc5-fc555c87dbc4)] interface nsITLSClientStatus : nsISupports { /** @@ -125,11 +125,19 @@ interface nsITLSClientStatus : nsISupports /** * cipherName * + * Name of the symetric cipher used, such as + * "AES-GCM" or "CAMELLIA". + */ + readonly attribute ACString cipherName; + + /** + * cipherSuite + * * Name of the cipher suite used, such as * "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256". * See security/nss/lib/ssl/sslinfo.c for the possible values. */ - readonly attribute ACString cipherName; + readonly attribute ACString cipherSuite; /** * keyLength diff --git a/netwerk/base/nsITimedChannel.idl b/netwerk/base/nsITimedChannel.idl index 13b65e7b8..83670a11e 100644 --- a/netwerk/base/nsITimedChannel.idl +++ b/netwerk/base/nsITimedChannel.idl @@ -21,7 +21,8 @@ interface nsITimedChannel : nsISupports { attribute boolean timingEnabled; // The number of redirects - attribute uint16_t redirectCount; + attribute uint8_t redirectCount; + attribute uint8_t internalRedirectCount; [noscript] readonly attribute TimeStamp channelCreation; [noscript] readonly attribute TimeStamp asyncOpen; @@ -37,6 +38,15 @@ interface nsITimedChannel : nsISupports { [noscript] readonly attribute TimeStamp responseStart; [noscript] readonly attribute TimeStamp responseEnd; + // The following are only set when the request is intercepted by a service + // worker no matter the response is synthesized. + [noscript] attribute TimeStamp launchServiceWorkerStart; + [noscript] attribute TimeStamp launchServiceWorkerEnd; + [noscript] attribute TimeStamp dispatchFetchEventStart; + [noscript] attribute TimeStamp dispatchFetchEventEnd; + [noscript] attribute TimeStamp handleFetchEventStart; + [noscript] attribute TimeStamp handleFetchEventEnd; + // The redirect attributes timings must be writeble, se we can transfer // the data from one channel to the redirected channel. [noscript] attribute TimeStamp redirectStart; @@ -67,6 +77,12 @@ interface nsITimedChannel : nsISupports { // All following are PRTime versions of the above. readonly attribute PRTime channelCreationTime; readonly attribute PRTime asyncOpenTime; + readonly attribute PRTime launchServiceWorkerStartTime; + readonly attribute PRTime launchServiceWorkerEndTime; + readonly attribute PRTime dispatchFetchEventStartTime; + readonly attribute PRTime dispatchFetchEventEndTime; + readonly attribute PRTime handleFetchEventStartTime; + readonly attribute PRTime handleFetchEventEndTime; readonly attribute PRTime domainLookupStartTime; readonly attribute PRTime domainLookupEndTime; readonly attribute PRTime connectStartTime; diff --git a/netwerk/base/nsIURI.idl b/netwerk/base/nsIURI.idl index 2384c5fd9..ef163813a 100644 --- a/netwerk/base/nsIURI.idl +++ b/netwerk/base/nsIURI.idl @@ -10,18 +10,18 @@ * provides accessors to set and query the most basic components of an URI. * Subclasses, including nsIURL, impose greater structure on the URI. * - * This interface follows Tim Berners-Lee's URI spec (RFC2396) [1], where the + * This interface follows Tim Berners-Lee's URI spec (RFC3986) [1], where the * basic URI components are defined as such: * <pre> - * ftp://username:password@hostname:portnumber/pathname#ref - * \ / \ / \ / \ /\ \ / - * - --------------- ------ -------- | - - * | | | | | | - * | | | | | Ref - * | | | Port \ / - * | | Host / -------- - * | UserPass / | - * Scheme / Path + * ftp://username:password@hostname:portnumber/pathname?query#ref + * \ / \ / \ / \ /\ / \ / \ / + * - --------------- ------ -------- ------- --- - + * | | | | | | | + * | | | | FilePath Query Ref + * | | | Port \ / + * | | Host / ------------ + * | UserPass / | + * Scheme / Path * \ / * -------------------------------- * | @@ -30,13 +30,9 @@ * The definition of the URI components has been extended to allow for * internationalized domain names [2] and the more generic IRI structure [3]. * - * Note also that the RFC defines #-separated fragment identifiers as being - * "not part of the URI". Despite this, we bundle them as part of the URI, for - * convenience. - * - * [1] http://www.ietf.org/rfc/rfc2396.txt - * [2] http://www.ietf.org/internet-drafts/draft-ietf-idn-idna-06.txt - * [3] http://www.ietf.org/internet-drafts/draft-masinter-url-i18n-08.txt + * [1] https://tools.ietf.org/html/rfc3986 + * [2] https://tools.ietf.org/html/rfc5890 + * [3] https://tools.ietf.org/html/rfc3987 */ %{C++ @@ -116,7 +112,7 @@ interface nsIURI : nsISupports /** * The Scheme is the protocol to which this URI refers. The scheme is - * restricted to the US-ASCII charset per RFC2396. Setting this is + * restricted to the US-ASCII charset per RFC3986. Setting this is * highly discouraged outside of a protocol handler implementation, since * that will generally lead to incorrect results. */ @@ -174,6 +170,9 @@ interface nsIURI : nsISupports * empty, depending on the protocol). * * Some characters may be escaped. + * + * This attribute contains query and ref parts for historical reasons. + * Use the 'filePath' attribute if you do not want those parts included. */ attribute AUTF8String path; @@ -281,10 +280,31 @@ interface nsIURI : nsISupports /** * returns a string for the current URI with the ref element cleared. */ - readonly attribute AUTF8String specIgnoringRef; + readonly attribute AUTF8String specIgnoringRef; /** * Returns if there is a reference portion (the part after the "#") of the URI. */ - readonly attribute boolean hasRef; + readonly attribute boolean hasRef; + + /************************************************************************ + * Additional attributes added for .query support: + */ + + /** + * Returns a path including the directory and file portions of a + * URL. For example, the filePath of "http://host/foo/bar.html#baz" + * is "/foo/bar.html". + * + * Some characters may be escaped. + */ + attribute AUTF8String filePath; + + /** + * Returns the query portion (the part after the "?") of the URL. + * If there isn't one, an empty string is returned. + * + * Some characters may be escaped. + */ + attribute AUTF8String query; }; diff --git a/netwerk/base/nsIURIWithQuery.idl b/netwerk/base/nsIURIWithQuery.idl deleted file mode 100644 index 749b2773d..000000000 --- a/netwerk/base/nsIURIWithQuery.idl +++ /dev/null @@ -1,30 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#include "nsIURI.idl" - -/** - * nsIURIWithQuery is implemented by URIs which have a query parameter. - * This is useful for the URL API. - */ -[scriptable, uuid(367510ee-8556-435a-8f99-b5fd357e08cc)] -interface nsIURIWithQuery : nsIURI -{ - /** - * Returns a path including the directory and file portions of a - * URL. For example, the filePath of "http://host/foo/bar.html#baz" - * is "/foo/bar.html". - * - * Some characters may be escaped. - */ - attribute AUTF8String filePath; - - /** - * Returns the query portion (the part after the "?") of the URL. - * If there isn't one, an empty string is returned. - * - * Some characters may be escaped. - */ - attribute AUTF8String query; -}; diff --git a/netwerk/base/nsIURL.idl b/netwerk/base/nsIURL.idl index aeaa3f694..9ff6c3dcd 100644 --- a/netwerk/base/nsIURL.idl +++ b/netwerk/base/nsIURL.idl @@ -3,7 +3,7 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#include "nsIURIWithQuery.idl" +#include "nsIURI.idl" /** * The nsIURL interface provides convenience methods that further @@ -20,7 +20,7 @@ * filePath */ [scriptable, uuid(86adcd89-0b70-47a2-b0fe-5bb2c5f37e31)] -interface nsIURL : nsIURIWithQuery +interface nsIURL : nsIURI { /************************************************************************* * The URL path is broken down into the following principal components: @@ -28,7 +28,7 @@ interface nsIURL : nsIURIWithQuery * attribute AUTF8String filePath; * attribute AUTF8String query; * - * These are inherited from nsIURIWithQuery. + * These are inherited from nsIURI. */ /************************************************************************* diff --git a/netwerk/base/nsIncrementalDownload.cpp b/netwerk/base/nsIncrementalDownload.cpp index 42cd6faa5..47f7cb98b 100644 --- a/netwerk/base/nsIncrementalDownload.cpp +++ b/netwerk/base/nsIncrementalDownload.cpp @@ -49,27 +49,6 @@ WriteToFile(nsIFile *lf, const char *data, uint32_t len, int32_t flags) PRFileDesc *fd; int32_t mode = 0600; nsresult rv; -#if defined(MOZ_WIDGET_GONK) - // The sdcard on a B2G phone looks like: - // d---rwx--- system sdcard_rw 1970-01-01 01:00:00 sdcard - // On the emulator, xpcshell fails when using 0600 mode to open the file, - // and 0660 works. - nsCOMPtr<nsIFile> parent; - rv = lf->GetParent(getter_AddRefs(parent)); - if (NS_FAILED(rv)) { - return rv; - } - uint32_t parentPerm; - rv = parent->GetPermissions(&parentPerm); - if (NS_FAILED(rv)) { - return rv; - } - if ((parentPerm & 0700) == 0) { - // Parent directory has no owner-write, so try to use group permissions - // instead of owner permissions. - mode = 0660; - } -#endif rv = lf->OpenNSPRFileDesc(flags, mode, &fd); if (NS_FAILED(rv)) return rv; diff --git a/netwerk/base/nsLoadGroup.cpp b/netwerk/base/nsLoadGroup.cpp index 7b75f7942..51d5a9ca7 100644 --- a/netwerk/base/nsLoadGroup.cpp +++ b/netwerk/base/nsLoadGroup.cpp @@ -809,20 +809,6 @@ nsLoadGroup::SetDefaultLoadFlags(uint32_t aFlags) return NS_OK; } -NS_IMETHODIMP -nsLoadGroup::GetUserAgentOverrideCache(nsACString & aUserAgentOverrideCache) -{ - aUserAgentOverrideCache = mUserAgentOverrideCache; - return NS_OK; -} - -NS_IMETHODIMP -nsLoadGroup::SetUserAgentOverrideCache(const nsACString & aUserAgentOverrideCache) -{ - mUserAgentOverrideCache = aUserAgentOverrideCache; - return NS_OK; -} - //////////////////////////////////////////////////////////////////////////////// diff --git a/netwerk/base/nsLoadGroup.h b/netwerk/base/nsLoadGroup.h index da89ca1b3..20dd94cf9 100644 --- a/netwerk/base/nsLoadGroup.h +++ b/netwerk/base/nsLoadGroup.h @@ -95,8 +95,6 @@ protected: /* For nsPILoadGroupInternal */ uint32_t mTimedNonCachedRequestsUntilOnEndPageLoad; - - nsCString mUserAgentOverrideCache; }; } // namespace net diff --git a/netwerk/base/nsNetUtil.cpp b/netwerk/base/nsNetUtil.cpp index 8ff3e788f..d60c909c5 100644 --- a/netwerk/base/nsNetUtil.cpp +++ b/netwerk/base/nsNetUtil.cpp @@ -71,11 +71,6 @@ #include "nsHttpHandler.h" #include "nsNSSComponent.h" -#ifdef MOZ_WIDGET_GONK -#include "nsINetworkManager.h" -#include "nsThreadUtils.h" // for NS_IsMainThread -#endif - #include <limits> using namespace mozilla; @@ -1285,16 +1280,10 @@ NS_HasBeenCrossOrigin(nsIChannel* aChannel, bool aReport) nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo(); MOZ_RELEASE_ASSERT(loadInfo, "Origin tracking only works for channels created with a loadinfo"); -#ifdef DEBUG - // Don't enforce TYPE_DOCUMENT assertions for loads - // initiated by javascript tests. - bool skipContentTypeCheck = false; - skipContentTypeCheck = Preferences::GetBool("network.loadinfo.skip_type_assertion"); -#endif - - MOZ_ASSERT(skipContentTypeCheck || - loadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_DOCUMENT, - "calling NS_HasBeenCrossOrigin on a top level load"); + // TYPE_DOCUMENT loads have a null LoadingPrincipal and can not be cross origin. + if (!loadInfo->LoadingPrincipal()) { + return false; + } // Always treat tainted channels as cross-origin. if (loadInfo->GetTainting() != LoadTainting::Basic) { diff --git a/netwerk/base/nsSimpleURI.cpp b/netwerk/base/nsSimpleURI.cpp index ae5c51a1e..dbc0dc817 100644 --- a/netwerk/base/nsSimpleURI.cpp +++ b/netwerk/base/nsSimpleURI.cpp @@ -48,7 +48,7 @@ nsSimpleURI::~nsSimpleURI() NS_IMPL_ADDREF(nsSimpleURI) NS_IMPL_RELEASE(nsSimpleURI) NS_INTERFACE_TABLE_HEAD(nsSimpleURI) -NS_INTERFACE_TABLE(nsSimpleURI, nsIURI, nsIURIWithQuery, nsISerializable, +NS_INTERFACE_TABLE(nsSimpleURI, nsIURI, nsISerializable, nsIClassInfo, nsIMutable, nsIIPCSerializableURI) NS_INTERFACE_TABLE_TO_MAP_SEGUE if (aIID.Equals(kThisSimpleURIImplementationCID)) @@ -784,10 +784,6 @@ nsSimpleURI::SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const { return aMallocSizeOf(this) + SizeOfExcludingThis(aMallocSizeOf); } -//---------------------------------------------------------------------------- -// nsSimpleURI::nsIURIWithQuery -//---------------------------------------------------------------------------- - NS_IMETHODIMP nsSimpleURI::GetFilePath(nsACString& aFilePath) { diff --git a/netwerk/base/nsSimpleURI.h b/netwerk/base/nsSimpleURI.h index 29bc9b313..842136ed6 100644 --- a/netwerk/base/nsSimpleURI.h +++ b/netwerk/base/nsSimpleURI.h @@ -8,7 +8,6 @@ #include "mozilla/MemoryReporting.h" #include "nsIURI.h" -#include "nsIURIWithQuery.h" #include "nsISerializable.h" #include "nsString.h" #include "nsIClassInfo.h" @@ -28,7 +27,7 @@ namespace net { } class nsSimpleURI - : public nsIURIWithQuery + : public nsIURI , public nsISerializable , public nsIClassInfo , public nsIMutable @@ -41,7 +40,6 @@ protected: public: NS_DECL_ISUPPORTS NS_DECL_NSIURI - NS_DECL_NSIURIWITHQUERY NS_DECL_NSISERIALIZABLE NS_DECL_NSICLASSINFO NS_DECL_NSIMUTABLE diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp index bc1350f28..dff4ecbc0 100644 --- a/netwerk/base/nsStandardURL.cpp +++ b/netwerk/base/nsStandardURL.cpp @@ -781,11 +781,13 @@ nsStandardURL::BuildNormalizedSpec(const char *spec) i = AppendSegmentToBuf(buf, i, spec, username, mUsername, &encUsername, useEncUsername, &diff); ShiftFromPassword(diff); - if (password.mLen >= 0) { + if (password.mLen > 0) { buf[i++] = ':'; i = AppendSegmentToBuf(buf, i, spec, password, mPassword, &encPassword, useEncPassword, &diff); ShiftFromHost(diff); + } else { + mPassword.mLen = -1; } buf[i++] = '@'; } @@ -1180,7 +1182,6 @@ NS_IMPL_RELEASE(nsStandardURL) NS_INTERFACE_MAP_BEGIN(nsStandardURL) NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIStandardURL) NS_INTERFACE_MAP_ENTRY(nsIURI) - NS_INTERFACE_MAP_ENTRY(nsIURIWithQuery) NS_INTERFACE_MAP_ENTRY(nsIURL) NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIFileURL, mSupportsFileURL) NS_INTERFACE_MAP_ENTRY(nsIStandardURL) @@ -1483,6 +1484,11 @@ nsStandardURL::SetSpec(const nsACString &input) rv = BuildNormalizedSpec(spec); } + // Make sure that a URLTYPE_AUTHORITY has a non-empty hostname. + if (mURLType == URLTYPE_AUTHORITY && mHost.mLen == -1) { + rv = NS_ERROR_MALFORMED_URI; + } + if (NS_FAILED(rv)) { Clear(); // If parsing the spec has failed, restore the old URL @@ -1616,7 +1622,7 @@ nsStandardURL::SetUserPass(const nsACString &input) usernameLen), esc_Username | esc_AlwaysCopy, buf, ignoredOut); - if (passwordLen >= 0) { + if (passwordLen > 0) { buf.Append(':'); passwordLen = encoder.EncodeSegmentCount(userpass.get(), URLSegment(passwordPos, @@ -1624,6 +1630,8 @@ nsStandardURL::SetUserPass(const nsACString &input) esc_Password | esc_AlwaysCopy, buf, ignoredOut); + } else { + passwordLen = -1; } if (mUsername.mLen < 0) buf.Append('@'); @@ -1654,8 +1662,10 @@ nsStandardURL::SetUserPass(const nsACString &input) // update positions and lengths mUsername.mLen = usernameLen; mPassword.mLen = passwordLen; - if (passwordLen) + if (passwordLen > 0) { mPassword.mPos = mUsername.mPos + mUsername.mLen + 1; + } + return NS_OK; } @@ -3092,20 +3102,26 @@ nsStandardURL::SetFile(nsIFile *file) rv = net_GetURLSpecFromFile(file, url); if (NS_FAILED(rv)) return rv; - SetSpec(url); + uint32_t oldURLType = mURLType; + uint32_t oldDefaultPort = mDefaultPort; + rv = Init(nsIStandardURL::URLTYPE_NO_AUTHORITY, -1, url, nullptr, nullptr); - rv = Init(mURLType, mDefaultPort, url, nullptr, nullptr); + if (NS_FAILED(rv)) { + // Restore the old url type and default port if the call to Init fails. + mURLType = oldURLType; + mDefaultPort = oldDefaultPort; + return rv; + } // must clone |file| since its value is not guaranteed to remain constant - if (NS_SUCCEEDED(rv)) { - InvalidateCache(); - if (NS_FAILED(file->Clone(getter_AddRefs(mFile)))) { - NS_WARNING("nsIFile::Clone failed"); - // failure to clone is not fatal (GetFile will generate mFile) - mFile = nullptr; - } + InvalidateCache(); + if (NS_FAILED(file->Clone(getter_AddRefs(mFile)))) { + NS_WARNING("nsIFile::Clone failed"); + // failure to clone is not fatal (GetFile will generate mFile) + mFile = nullptr; } - return rv; + + return NS_OK; } //---------------------------------------------------------------------------- @@ -3425,10 +3441,31 @@ ToIPCSegment(const nsStandardURL::URLSegment& aSegment) } inline -nsStandardURL::URLSegment -FromIPCSegment(const ipc::StandardURLSegment& aSegment) +MOZ_MUST_USE bool +FromIPCSegment(const nsACString& aSpec, const ipc::StandardURLSegment& aSegment, nsStandardURL::URLSegment& aTarget) { - return nsStandardURL::URLSegment(aSegment.position(), aSegment.length()); + // This seems to be just an empty segment. + if (aSegment.length() == -1) { + aTarget = nsStandardURL::URLSegment(); + return true; + } + + // A value of -1 means an empty segment, but < -1 is undefined. + if (NS_WARN_IF(aSegment.length() < -1)) { + return false; + } + + CheckedInt<uint32_t> segmentLen = aSegment.position(); + segmentLen += aSegment.length(); + // Make sure the segment does not extend beyond the spec. + if (NS_WARN_IF(!segmentLen.isValid() || segmentLen.value() > aSpec.Length())) { + return false; + } + + aTarget.mPos = aSegment.position(); + aTarget.mLen = aSegment.length(); + + return true; } void @@ -3503,23 +3540,38 @@ nsStandardURL::Deserialize(const URIParams& aParams) mPort = params.port(); mDefaultPort = params.defaultPort(); mSpec = params.spec(); - mScheme = FromIPCSegment(params.scheme()); - mAuthority = FromIPCSegment(params.authority()); - mUsername = FromIPCSegment(params.username()); - mPassword = FromIPCSegment(params.password()); - mHost = FromIPCSegment(params.host()); - mPath = FromIPCSegment(params.path()); - mFilepath = FromIPCSegment(params.filePath()); - mDirectory = FromIPCSegment(params.directory()); - mBasename = FromIPCSegment(params.baseName()); - mExtension = FromIPCSegment(params.extension()); - mQuery = FromIPCSegment(params.query()); - mRef = FromIPCSegment(params.ref()); + + NS_ENSURE_TRUE(mSpec.Length() <= (uint32_t) net_GetURLMaxLength(), false); + NS_ENSURE_TRUE(FromIPCSegment(mSpec, params.scheme(), mScheme), false); + NS_ENSURE_TRUE(FromIPCSegment(mSpec, params.authority(), mAuthority), false); + NS_ENSURE_TRUE(FromIPCSegment(mSpec, params.username(), mUsername), false); + NS_ENSURE_TRUE(FromIPCSegment(mSpec, params.password(), mPassword), false); + NS_ENSURE_TRUE(FromIPCSegment(mSpec, params.host(), mHost), false); + NS_ENSURE_TRUE(FromIPCSegment(mSpec, params.path(), mPath), false); + NS_ENSURE_TRUE(FromIPCSegment(mSpec, params.filePath(), mFilepath), false); + NS_ENSURE_TRUE(FromIPCSegment(mSpec, params.directory(), mDirectory), false); + NS_ENSURE_TRUE(FromIPCSegment(mSpec, params.baseName(), mBasename), false); + NS_ENSURE_TRUE(FromIPCSegment(mSpec, params.extension(), mExtension), false); + NS_ENSURE_TRUE(FromIPCSegment(mSpec, params.query(), mQuery), false); + NS_ENSURE_TRUE(FromIPCSegment(mSpec, params.ref(), mRef), false); + mOriginCharset = params.originCharset(); mMutable = params.isMutable(); mSupportsFileURL = params.supportsFileURL(); mHostEncoding = params.hostEncoding(); + // Some sanity checks + NS_ENSURE_TRUE(mScheme.mPos == 0, false); + NS_ENSURE_TRUE(mScheme.mLen > 0, false); + // Make sure scheme is followed by :// (3 characters) + NS_ENSURE_TRUE(mScheme.mLen < INT32_MAX - 3, false); // avoid overflow + NS_ENSURE_TRUE(mSpec.Length() >= (uint32_t) mScheme.mLen + 3, false); + NS_ENSURE_TRUE(nsDependentCSubstring(mSpec, mScheme.mLen, 3).EqualsLiteral("://"), false); + NS_ENSURE_TRUE(mPath.mLen != -1 && mSpec.CharAt(mPath.mPos) == '/', false); + NS_ENSURE_TRUE(mPath.mPos == mFilepath.mPos, false); + NS_ENSURE_TRUE(mQuery.mLen == -1 || mSpec.CharAt(mQuery.mPos - 1) == '?', false); + NS_ENSURE_TRUE(mRef.mLen == -1 || mSpec.CharAt(mRef.mPos - 1) == '#', false); + // mSpecEncoding and mHostA are just caches that can be recovered as needed. return true; } diff --git a/netwerk/base/nsStandardURL.h b/netwerk/base/nsStandardURL.h index 90f7f7db2..0ca345572 100644 --- a/netwerk/base/nsStandardURL.h +++ b/netwerk/base/nsStandardURL.h @@ -54,7 +54,6 @@ protected: public: NS_DECL_ISUPPORTS NS_DECL_NSIURI - NS_DECL_NSIURIWITHQUERY NS_DECL_NSIURL NS_DECL_NSIFILEURL NS_DECL_NSISTANDARDURL diff --git a/netwerk/base/nsUDPSocket.cpp b/netwerk/base/nsUDPSocket.cpp index 84f6b8ea5..5973a205d 100644 --- a/netwerk/base/nsUDPSocket.cpp +++ b/netwerk/base/nsUDPSocket.cpp @@ -31,10 +31,6 @@ #include "nsIDNSService.h" #include "nsICancelable.h" -#ifdef MOZ_WIDGET_GONK -#include "NetStatistics.h" -#endif - namespace mozilla { namespace net { @@ -626,15 +622,6 @@ nsUDPSocket::InitWithAddress(const NetAddr *aAddr, nsIPrincipal *aPrincipal, aPrincipal->GetIsInIsolatedMozBrowserElement(); } -#ifdef MOZ_WIDGET_GONK - if (mAppId != NECKO_UNKNOWN_APP_ID) { - nsCOMPtr<nsINetworkInfo> activeNetworkInfo; - GetActiveNetworkInfo(activeNetworkInfo); - mActiveNetworkInfo = - new nsMainThreadPtrHolder<nsINetworkInfo>(activeNetworkInfo); - } -#endif - uint16_t port; if (NS_FAILED(net::GetPort(aAddr, &port))) { NS_WARNING("invalid bind address"); @@ -770,29 +757,7 @@ nsUDPSocket::GetLocalAddr(nsINetAddr * *aResult) void nsUDPSocket::SaveNetworkStats(bool aEnforce) { -#ifdef MOZ_WIDGET_GONK - if (!mActiveNetworkInfo || mAppId == NECKO_UNKNOWN_APP_ID) { - return; - } - - if (mByteReadCount == 0 && mByteWriteCount == 0) { - return; - } - - uint64_t total = mByteReadCount + mByteWriteCount; - if (aEnforce || total > NETWORK_STATS_THRESHOLD) { - // Create the event to save the network statistics. - // the event is then dispathed to the main thread. - RefPtr<Runnable> event = - new SaveNetworkStatsEvent(mAppId, mIsInIsolatedMozBrowserElement, mActiveNetworkInfo, - mByteReadCount, mByteWriteCount, false); - NS_DispatchToMainThread(event); - - // Reset the counters after saving. - mByteReadCount = 0; - mByteWriteCount = 0; - } -#endif + /*** STUB ***/ } void diff --git a/netwerk/base/nsUDPSocket.h b/netwerk/base/nsUDPSocket.h index 4ddff4248..f8ae87cee 100644 --- a/netwerk/base/nsUDPSocket.h +++ b/netwerk/base/nsUDPSocket.h @@ -12,11 +12,6 @@ #include "nsAutoPtr.h" #include "nsCycleCollectionParticipant.h" -#ifdef MOZ_WIDGET_GONK -#include "nsINetworkInterface.h" -#include "nsProxyRelease.h" -#endif - //----------------------------------------------------------------------------- namespace mozilla { @@ -76,9 +71,6 @@ private: uint64_t mByteReadCount; uint64_t mByteWriteCount; -#ifdef MOZ_WIDGET_GONK - nsMainThreadPtrHandle<nsINetworkInfo> mActiveNetworkInfo; -#endif }; //----------------------------------------------------------------------------- diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index d1b56ce35..cfbbf4a45 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -111,6 +111,17 @@ pref("security.ssl.errorReporting.enabled", true); pref("security.ssl.errorReporting.url", "https://incoming.telemetry.mozilla.org/submit/sslreports/"); pref("security.ssl.errorReporting.automatic", false); +// OCSP must-staple +pref("security.ssl.enable_ocsp_must_staple", true); + +// HPKP settings + +// Enable pinning checks by default. +pref("security.cert_pinning.enforcement_level", 2); +// Do not process hpkp headers rooted by not built in roots by default. +// This is to prevent accidental pinning from MITM devices and is used +// for tests. +pref("security.cert_pinning.process_headers_from_non_builtin_roots", false); // Impose a maximum age on HPKP headers, to avoid sites getting permanently // blacking themselves out by setting a bad pin. (60 days by default) // https://tools.ietf.org/html/rfc7469#section-4.1 |