From 4a188c7b99a2cb7bbc335ef838d2d47f67810715 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Sun, 4 Nov 2018 16:05:27 +0100
Subject: Make opportunistic encryption configurable.

This adds a pref "network.http.opportunistic-encryption" that controls whether
we send an "Upgrade-Insecure-Requests : 1" header on document navigation or not.
This patch modifies the platform network parts. Default for the platform is "true".
Part 1 for #863
---
 netwerk/protocol/http/nsHttpChannel.cpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'netwerk/protocol/http/nsHttpChannel.cpp')

diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
index bb0b3ca77..cfc2ee261 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -313,11 +313,15 @@ nsHttpChannel::nsHttpChannel()
     , mPushedStream(nullptr)
     , mLocalBlocklist(false)
     , mWarningReporter(nullptr)
+    , mSendUpgradeRequest(false)
     , mDidReval(false)
 {
     LOG(("Creating nsHttpChannel [this=%p]\n", this));
     mChannelCreationTime = PR_Now();
     mChannelCreationTimestamp = TimeStamp::Now();
+    
+    mSendUpgradeRequest = 
+      Preferences::GetBool("network.http.opportunistic-encryption", false);
 }
 
 nsHttpChannel::~nsHttpChannel()
@@ -377,8 +381,9 @@ nsHttpChannel::Connect()
                                mLoadInfo->GetExternalContentPolicyType() :
                                nsIContentPolicy::TYPE_OTHER;
 
-    if (type == nsIContentPolicy::TYPE_DOCUMENT ||
-        type == nsIContentPolicy::TYPE_SUBDOCUMENT) {
+    if (mSendUpgradeRequest &&
+        (type == nsIContentPolicy::TYPE_DOCUMENT ||
+         type == nsIContentPolicy::TYPE_SUBDOCUMENT)) {
         rv = SetRequestHeader(NS_LITERAL_CSTRING("Upgrade-Insecure-Requests"),
                               NS_LITERAL_CSTRING("1"), false);
         NS_ENSURE_SUCCESS(rv, rv);
-- 
cgit v1.2.3


From 79487a1a05a9e912c63d7a5259db2eccfc59af2b Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Sun, 4 Nov 2018 23:39:37 +0100
Subject: Backout opportunistic encryption changes.

Apparently there is some functional and naming confusion here.
Backing out to re-land after evaluation and possible changes.
Tag #863.
---
 netwerk/protocol/http/nsHttpChannel.cpp | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

(limited to 'netwerk/protocol/http/nsHttpChannel.cpp')

diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
index cfc2ee261..bb0b3ca77 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -313,15 +313,11 @@ nsHttpChannel::nsHttpChannel()
     , mPushedStream(nullptr)
     , mLocalBlocklist(false)
     , mWarningReporter(nullptr)
-    , mSendUpgradeRequest(false)
     , mDidReval(false)
 {
     LOG(("Creating nsHttpChannel [this=%p]\n", this));
     mChannelCreationTime = PR_Now();
     mChannelCreationTimestamp = TimeStamp::Now();
-    
-    mSendUpgradeRequest = 
-      Preferences::GetBool("network.http.opportunistic-encryption", false);
 }
 
 nsHttpChannel::~nsHttpChannel()
@@ -381,9 +377,8 @@ nsHttpChannel::Connect()
                                mLoadInfo->GetExternalContentPolicyType() :
                                nsIContentPolicy::TYPE_OTHER;
 
-    if (mSendUpgradeRequest &&
-        (type == nsIContentPolicy::TYPE_DOCUMENT ||
-         type == nsIContentPolicy::TYPE_SUBDOCUMENT)) {
+    if (type == nsIContentPolicy::TYPE_DOCUMENT ||
+        type == nsIContentPolicy::TYPE_SUBDOCUMENT) {
         rv = SetRequestHeader(NS_LITERAL_CSTRING("Upgrade-Insecure-Requests"),
                               NS_LITERAL_CSTRING("1"), false);
         NS_ENSURE_SUCCESS(rv, rv);
-- 
cgit v1.2.3


From 512f78874adfd1de407d087fc2e15716ef9fcfe2 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Mon, 5 Nov 2018 15:48:49 +0100
Subject: #863 Part 1: Make sending of http upgrade-insecure-requests optional

Defaults to false if not configured.
---
 netwerk/protocol/http/nsHttpChannel.cpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'netwerk/protocol/http/nsHttpChannel.cpp')

diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
index bb0b3ca77..be5539a02 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -313,11 +313,15 @@ nsHttpChannel::nsHttpChannel()
     , mPushedStream(nullptr)
     , mLocalBlocklist(false)
     , mWarningReporter(nullptr)
+    , mSendUpgradeRequest(false)
     , mDidReval(false)
 {
     LOG(("Creating nsHttpChannel [this=%p]\n", this));
     mChannelCreationTime = PR_Now();
     mChannelCreationTimestamp = TimeStamp::Now();
+    
+    mSendUpgradeRequest = 
+      Preferences::GetBool("network.http.upgrade-insecure-requests", false);
 }
 
 nsHttpChannel::~nsHttpChannel()
@@ -377,8 +381,9 @@ nsHttpChannel::Connect()
                                mLoadInfo->GetExternalContentPolicyType() :
                                nsIContentPolicy::TYPE_OTHER;
 
-    if (type == nsIContentPolicy::TYPE_DOCUMENT ||
-        type == nsIContentPolicy::TYPE_SUBDOCUMENT) {
+    if (mSendUpgradeRequest &&
+        (type == nsIContentPolicy::TYPE_DOCUMENT ||
+         type == nsIContentPolicy::TYPE_SUBDOCUMENT)) {
         rv = SetRequestHeader(NS_LITERAL_CSTRING("Upgrade-Insecure-Requests"),
                               NS_LITERAL_CSTRING("1"), false);
         NS_ENSURE_SUCCESS(rv, rv);
-- 
cgit v1.2.3