From 512f78874adfd1de407d087fc2e15716ef9fcfe2 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Mon, 5 Nov 2018 15:48:49 +0100 Subject: #863 Part 1: Make sending of http upgrade-insecure-requests optional Defaults to false if not configured. --- netwerk/protocol/http/nsHttpChannel.cpp | 9 +++++++-- netwerk/protocol/http/nsHttpChannel.h | 4 ++++ 2 files changed, 11 insertions(+), 2 deletions(-) (limited to 'netwerk') diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp index bb0b3ca77..be5539a02 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp @@ -313,11 +313,15 @@ nsHttpChannel::nsHttpChannel() , mPushedStream(nullptr) , mLocalBlocklist(false) , mWarningReporter(nullptr) + , mSendUpgradeRequest(false) , mDidReval(false) { LOG(("Creating nsHttpChannel [this=%p]\n", this)); mChannelCreationTime = PR_Now(); mChannelCreationTimestamp = TimeStamp::Now(); + + mSendUpgradeRequest = + Preferences::GetBool("network.http.upgrade-insecure-requests", false); } nsHttpChannel::~nsHttpChannel() @@ -377,8 +381,9 @@ nsHttpChannel::Connect() mLoadInfo->GetExternalContentPolicyType() : nsIContentPolicy::TYPE_OTHER; - if (type == nsIContentPolicy::TYPE_DOCUMENT || - type == nsIContentPolicy::TYPE_SUBDOCUMENT) { + if (mSendUpgradeRequest && + (type == nsIContentPolicy::TYPE_DOCUMENT || + type == nsIContentPolicy::TYPE_SUBDOCUMENT)) { rv = SetRequestHeader(NS_LITERAL_CSTRING("Upgrade-Insecure-Requests"), NS_LITERAL_CSTRING("1"), false); NS_ENSURE_SUCCESS(rv, rv); diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h index 2e24d6e81..152cf1503 100644 --- a/netwerk/protocol/http/nsHttpChannel.h +++ b/netwerk/protocol/http/nsHttpChannel.h @@ -597,6 +597,10 @@ private: HttpChannelSecurityWarningReporter* mWarningReporter; RefPtr mParentChannel; + + // Whether we send opportunistic encryption requests. + bool mSendUpgradeRequest; + protected: virtual void DoNotifyListenerCleanup() override; -- cgit v1.2.3