summaryrefslogtreecommitdiffstats
path: root/dom/security/nsMixedContentBlocker.cpp
diff options
context:
space:
mode:
authorMoonchild <mcwerewolf@gmail.com>2018-05-30 12:47:56 +0200
committerGitHub <noreply@github.com>2018-05-30 12:47:56 +0200
commit9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed (patch)
tree7512b05f873bcfe8d0f79c34370d0bebad70a07f /dom/security/nsMixedContentBlocker.cpp
parent6e8846622a79549542adaca58d741d9263daf686 (diff)
parentbd851735628cd6b07285e87fa60081e9d11a3b7e (diff)
downloadUXP-9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed.tar
UXP-9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed.tar.gz
UXP-9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed.tar.lz
UXP-9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed.tar.xz
UXP-9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed.zip
Merge pull request #412 from g4jc/hsts_priming_removal_backport
Remove support and tests for HSTS priming from the tree. Fixes #384
Diffstat (limited to 'dom/security/nsMixedContentBlocker.cpp')
-rw-r--r--dom/security/nsMixedContentBlocker.cpp191
1 files changed, 7 insertions, 184 deletions
diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp
index 4e80dce3f..7d50a43a3 100644
--- a/dom/security/nsMixedContentBlocker.cpp
+++ b/dom/security/nsMixedContentBlocker.cpp
@@ -54,13 +54,6 @@ bool nsMixedContentBlocker::sBlockMixedScript = false;
// Is mixed display content blocking (images, audio, video, <a ping>) enabled?
bool nsMixedContentBlocker::sBlockMixedDisplay = false;
-// Do we move HSTS before mixed-content
-bool nsMixedContentBlocker::sUseHSTS = false;
-// Do we send an HSTS priming request
-bool nsMixedContentBlocker::sSendHSTSPriming = false;
-// Default HSTS Priming failure timeout to 7 days, in seconds
-uint32_t nsMixedContentBlocker::sHSTSPrimingCacheTimeout = (60 * 24 * 7);
-
// Fired at the document that attempted to load mixed content. The UI could
// handle this event, for example, by displaying an info bar that offers the
// choice to reload the page with mixed content permitted.
@@ -202,18 +195,6 @@ nsMixedContentBlocker::nsMixedContentBlocker()
// Cache the pref for mixed display blocking
Preferences::AddBoolVarCache(&sBlockMixedDisplay,
"security.mixed_content.block_display_content");
-
- // Cache the pref for HSTS
- Preferences::AddBoolVarCache(&sUseHSTS,
- "security.mixed_content.use_hsts");
-
- // Cache the pref for sending HSTS priming
- Preferences::AddBoolVarCache(&sSendHSTSPriming,
- "security.mixed_content.send_hsts_priming");
-
- // Cache the pref for HSTS priming failure cache time
- Preferences::AddUintVarCache(&sHSTSPrimingCacheTimeout,
- "security.mixed_content.hsts_priming_cache_timeout");
}
nsMixedContentBlocker::~nsMixedContentBlocker()
@@ -343,22 +324,6 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel,
return NS_BINDING_FAILED;
}
- if (nsMixedContentBlocker::sSendHSTSPriming) {
- // The LoadInfo passed in is for the original channel, HSTS priming needs to
- // be set on the new channel, if required. If the redirect changes
- // http->https, or vice-versa, the need for priming may change.
- nsCOMPtr<nsILoadInfo> newLoadInfo;
- rv = aNewChannel->GetLoadInfo(getter_AddRefs(newLoadInfo));
- NS_ENSURE_SUCCESS(rv, rv);
- rv = nsMixedContentBlocker::MarkLoadInfoForPriming(newUri,
- requestingContext,
- newLoadInfo);
- if (NS_FAILED(rv)) {
- decision = REJECT_REQUEST;
- newLoadInfo->ClearHSTSPriming();
- }
- }
-
// If the channel is about to load mixed content, abort the channel
if (!NS_CP_ACCEPTED(decision)) {
autoCallback.DontCallback();
@@ -691,12 +656,6 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
// the parent is https, and the protocol associated with innerContentLocation
// doesn't map to the secure URI flags checked above. Assert this for
// sanity's sake
-#ifdef DEBUG
- bool isHttpsScheme = false;
- rv = innerContentLocation->SchemeIs("https", &isHttpsScheme);
- NS_ENSURE_SUCCESS(rv, rv);
- MOZ_ASSERT(!isHttpsScheme);
-#endif
*aDecision = REJECT_REQUEST;
return NS_OK;
}
@@ -836,34 +795,6 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
}
nsresult stateRV = securityUI->GetState(&state);
- bool doHSTSPriming = false;
- if (isHttpScheme) {
- bool hsts = false;
- bool cached = false;
- nsCOMPtr<nsISiteSecurityService> sss =
- do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
- NS_ENSURE_SUCCESS(rv, rv);
- rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aContentLocation,
- 0, &cached, &hsts);
- NS_ENSURE_SUCCESS(rv, rv);
-
- if (hsts && sUseHSTS) {
- // assume we will be upgraded later
- *aDecision = ACCEPT;
- return NS_OK;
- }
-
- // Send a priming request if the result is not already cached and priming
- // requests are allowed
- if (!cached && sSendHSTSPriming) {
- // add this URI as a priming location
- doHSTSPriming = true;
- document->AddHSTSPrimingLocation(innerContentLocation,
- HSTSPrimingState::eHSTS_PRIMING_ALLOW);
- *aDecision = ACCEPT;
- }
- }
-
// At this point we know that the request is mixed content, and the only
// question is whether we block it. Record telemetry at this point as to
// whether HSTS would have fixed things by making the content location
@@ -879,14 +810,14 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
bool active = (classification == eMixedScript);
if (!aHadInsecureImageRedirect) {
if (XRE_IsParentProcess()) {
- AccumulateMixedContentHSTS(innerContentLocation, active, doHSTSPriming);
+ AccumulateMixedContentHSTS(innerContentLocation, active);
} else {
// Ask the parent process to do the same call
mozilla::dom::ContentChild* cc = mozilla::dom::ContentChild::GetSingleton();
if (cc) {
mozilla::ipc::URIParams uri;
SerializeURI(innerContentLocation, uri);
- cc->SendAccumulateMixedContentHSTS(uri, active, doHSTSPriming);
+ cc->SendAccumulateMixedContentHSTS(uri, active);
}
}
}
@@ -929,13 +860,7 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
}
}
} else {
- if (doHSTSPriming) {
- document->AddHSTSPrimingLocation(innerContentLocation,
- HSTSPrimingState::eHSTS_PRIMING_BLOCK);
- *aDecision = nsIContentPolicy::ACCEPT;
- } else {
- *aDecision = nsIContentPolicy::REJECT_REQUEST;
- }
+ *aDecision = nsIContentPolicy::REJECT_REQUEST;
LogMixedContentMessage(classification, aContentLocation, rootDoc, eBlocked);
if (!rootDoc->GetHasMixedDisplayContentBlocked() && NS_SUCCEEDED(stateRV)) {
rootDoc->SetHasMixedDisplayContentBlocked(true);
@@ -981,13 +906,7 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
}
} else {
//User has not overriden the pref by Disabling protection. Reject the request and update the security state.
- if (doHSTSPriming) {
- document->AddHSTSPrimingLocation(innerContentLocation,
- HSTSPrimingState::eHSTS_PRIMING_BLOCK);
- *aDecision = nsIContentPolicy::ACCEPT;
- } else {
- *aDecision = nsIContentPolicy::REJECT_REQUEST;
- }
+ *aDecision = nsIContentPolicy::REJECT_REQUEST;
LogMixedContentMessage(classification, aContentLocation, rootDoc, eBlocked);
// See if the pref will change here. If it will, only then do we need to call OnSecurityChange() to update the UI.
if (rootDoc->GetHasMixedActiveContentBlocked()) {
@@ -1052,24 +971,10 @@ enum MixedContentHSTSState {
MCB_HSTS_ACTIVE_WITH_HSTS = 3
};
-// Similar to the existing mixed-content HSTS, except MCB_HSTS_*_NO_HSTS is
-// broken into two distinct states, indicating whether we plan to send a priming
-// request or not. If we decided not go send a priming request, it could be
-// because it is a type we do not support, or because we cached a previous
-// negative response.
-enum MixedContentHSTSPrimingState {
- eMCB_HSTS_PASSIVE_WITH_HSTS = 0,
- eMCB_HSTS_ACTIVE_WITH_HSTS = 1,
- eMCB_HSTS_PASSIVE_NO_PRIMING = 2,
- eMCB_HSTS_PASSIVE_DO_PRIMING = 3,
- eMCB_HSTS_ACTIVE_NO_PRIMING = 4,
- eMCB_HSTS_ACTIVE_DO_PRIMING = 5
-};
-
// Record information on when HSTS would have made mixed content not mixed
// content (regardless of whether it was actually blocked)
void
-nsMixedContentBlocker::AccumulateMixedContentHSTS(nsIURI* aURI, bool aActive, bool aHasHSTSPriming)
+nsMixedContentBlocker::AccumulateMixedContentHSTS(nsIURI* aURI, bool aActive)
{
// This method must only be called in the parent, because
// nsSiteSecurityService is only available in the parent
@@ -1089,108 +994,26 @@ nsMixedContentBlocker::AccumulateMixedContentHSTS(nsIURI* aURI, bool aActive, bo
return;
}
- // states: would upgrade, would prime, hsts info cached
+ // states: would upgrade, hsts info cached
// active, passive
//
if (!aActive) {
if (!hsts) {
Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS,
MCB_HSTS_PASSIVE_NO_HSTS);
- if (aHasHSTSPriming) {
- Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING,
- eMCB_HSTS_PASSIVE_DO_PRIMING);
- } else {
- Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING,
- eMCB_HSTS_PASSIVE_NO_PRIMING);
- }
}
else {
Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS,
MCB_HSTS_PASSIVE_WITH_HSTS);
- Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING,
- eMCB_HSTS_PASSIVE_WITH_HSTS);
}
} else {
if (!hsts) {
Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS,
MCB_HSTS_ACTIVE_NO_HSTS);
- if (aHasHSTSPriming) {
- Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING,
- eMCB_HSTS_ACTIVE_DO_PRIMING);
- } else {
- Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING,
- eMCB_HSTS_ACTIVE_NO_PRIMING);
- }
}
else {
Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS,
MCB_HSTS_ACTIVE_WITH_HSTS);
- Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING,
- eMCB_HSTS_ACTIVE_WITH_HSTS);
}
}
-}
-
-//static
-nsresult
-nsMixedContentBlocker::MarkLoadInfoForPriming(nsIURI* aURI,
- nsISupports* aRequestingContext,
- nsILoadInfo* aLoadInfo)
-{
- nsresult rv;
- bool sendPriming = false;
- bool mixedContentWouldBlock = false;
- rv = GetHSTSPrimingFromRequestingContext(aURI,
- aRequestingContext,
- &sendPriming,
- &mixedContentWouldBlock);
- NS_ENSURE_SUCCESS(rv, rv);
-
- if (sendPriming) {
- aLoadInfo->SetHSTSPriming(mixedContentWouldBlock);
- }
-
- return NS_OK;
-}
-
-//static
-nsresult
-nsMixedContentBlocker::GetHSTSPrimingFromRequestingContext(nsIURI* aURI,
- nsISupports* aRequestingContext,
- bool* aSendPrimingRequest,
- bool* aMixedContentWouldBlock)
-{
- *aSendPrimingRequest = false;
- *aMixedContentWouldBlock = false;
- // If we marked for priming, we used the innermost URI, so get that
- nsCOMPtr<nsIURI> innerURI = NS_GetInnermostURI(aURI);
- if (!innerURI) {
- NS_ERROR("Can't get innerURI from aContentLocation");
- return NS_ERROR_CONTENT_BLOCKED;
- }
-
- bool isHttp = false;
- innerURI->SchemeIs("http", &isHttp);
- if (!isHttp) {
- // there is nothign to do
- return NS_OK;
- }
-
- // If the DocShell was marked for HSTS priming, propagate that to the LoadInfo
- nsCOMPtr<nsIDocShell> docShell = NS_CP_GetDocShellFromContext(aRequestingContext);
- if (!docShell) {
- return NS_OK;
- }
- nsCOMPtr<nsIDocument> document = docShell->GetDocument();
- if (!document) {
- return NS_OK;
- }
-
- HSTSPrimingState status = document->GetHSTSPrimingStateForLocation(innerURI);
- if (status != HSTSPrimingState::eNO_HSTS_PRIMING) {
- *aSendPrimingRequest = (status != HSTSPrimingState::eNO_HSTS_PRIMING);
- *aMixedContentWouldBlock = (status == HSTSPrimingState::eHSTS_PRIMING_BLOCK);
- }
-
- return NS_OK;
-}
+} \ No newline at end of file