diff options
author | Moonchild <mcwerewolf@gmail.com> | 2018-05-30 12:47:56 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-30 12:47:56 +0200 |
commit | 9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed (patch) | |
tree | 7512b05f873bcfe8d0f79c34370d0bebad70a07f /dom/security/nsMixedContentBlocker.cpp | |
parent | 6e8846622a79549542adaca58d741d9263daf686 (diff) | |
parent | bd851735628cd6b07285e87fa60081e9d11a3b7e (diff) | |
download | UXP-9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed.tar UXP-9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed.tar.gz UXP-9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed.tar.lz UXP-9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed.tar.xz UXP-9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed.zip |
Merge pull request #412 from g4jc/hsts_priming_removal_backport
Remove support and tests for HSTS priming from the tree. Fixes #384
Diffstat (limited to 'dom/security/nsMixedContentBlocker.cpp')
-rw-r--r-- | dom/security/nsMixedContentBlocker.cpp | 191 |
1 files changed, 7 insertions, 184 deletions
diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp index 4e80dce3f..7d50a43a3 100644 --- a/dom/security/nsMixedContentBlocker.cpp +++ b/dom/security/nsMixedContentBlocker.cpp @@ -54,13 +54,6 @@ bool nsMixedContentBlocker::sBlockMixedScript = false; // Is mixed display content blocking (images, audio, video, <a ping>) enabled? bool nsMixedContentBlocker::sBlockMixedDisplay = false; -// Do we move HSTS before mixed-content -bool nsMixedContentBlocker::sUseHSTS = false; -// Do we send an HSTS priming request -bool nsMixedContentBlocker::sSendHSTSPriming = false; -// Default HSTS Priming failure timeout to 7 days, in seconds -uint32_t nsMixedContentBlocker::sHSTSPrimingCacheTimeout = (60 * 24 * 7); - // Fired at the document that attempted to load mixed content. The UI could // handle this event, for example, by displaying an info bar that offers the // choice to reload the page with mixed content permitted. @@ -202,18 +195,6 @@ nsMixedContentBlocker::nsMixedContentBlocker() // Cache the pref for mixed display blocking Preferences::AddBoolVarCache(&sBlockMixedDisplay, "security.mixed_content.block_display_content"); - - // Cache the pref for HSTS - Preferences::AddBoolVarCache(&sUseHSTS, - "security.mixed_content.use_hsts"); - - // Cache the pref for sending HSTS priming - Preferences::AddBoolVarCache(&sSendHSTSPriming, - "security.mixed_content.send_hsts_priming"); - - // Cache the pref for HSTS priming failure cache time - Preferences::AddUintVarCache(&sHSTSPrimingCacheTimeout, - "security.mixed_content.hsts_priming_cache_timeout"); } nsMixedContentBlocker::~nsMixedContentBlocker() @@ -343,22 +324,6 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel, return NS_BINDING_FAILED; } - if (nsMixedContentBlocker::sSendHSTSPriming) { - // The LoadInfo passed in is for the original channel, HSTS priming needs to - // be set on the new channel, if required. If the redirect changes - // http->https, or vice-versa, the need for priming may change. - nsCOMPtr<nsILoadInfo> newLoadInfo; - rv = aNewChannel->GetLoadInfo(getter_AddRefs(newLoadInfo)); - NS_ENSURE_SUCCESS(rv, rv); - rv = nsMixedContentBlocker::MarkLoadInfoForPriming(newUri, - requestingContext, - newLoadInfo); - if (NS_FAILED(rv)) { - decision = REJECT_REQUEST; - newLoadInfo->ClearHSTSPriming(); - } - } - // If the channel is about to load mixed content, abort the channel if (!NS_CP_ACCEPTED(decision)) { autoCallback.DontCallback(); @@ -691,12 +656,6 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect, // the parent is https, and the protocol associated with innerContentLocation // doesn't map to the secure URI flags checked above. Assert this for // sanity's sake -#ifdef DEBUG - bool isHttpsScheme = false; - rv = innerContentLocation->SchemeIs("https", &isHttpsScheme); - NS_ENSURE_SUCCESS(rv, rv); - MOZ_ASSERT(!isHttpsScheme); -#endif *aDecision = REJECT_REQUEST; return NS_OK; } @@ -836,34 +795,6 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect, } nsresult stateRV = securityUI->GetState(&state); - bool doHSTSPriming = false; - if (isHttpScheme) { - bool hsts = false; - bool cached = false; - nsCOMPtr<nsISiteSecurityService> sss = - do_GetService(NS_SSSERVICE_CONTRACTID, &rv); - NS_ENSURE_SUCCESS(rv, rv); - rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aContentLocation, - 0, &cached, &hsts); - NS_ENSURE_SUCCESS(rv, rv); - - if (hsts && sUseHSTS) { - // assume we will be upgraded later - *aDecision = ACCEPT; - return NS_OK; - } - - // Send a priming request if the result is not already cached and priming - // requests are allowed - if (!cached && sSendHSTSPriming) { - // add this URI as a priming location - doHSTSPriming = true; - document->AddHSTSPrimingLocation(innerContentLocation, - HSTSPrimingState::eHSTS_PRIMING_ALLOW); - *aDecision = ACCEPT; - } - } - // At this point we know that the request is mixed content, and the only // question is whether we block it. Record telemetry at this point as to // whether HSTS would have fixed things by making the content location @@ -879,14 +810,14 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect, bool active = (classification == eMixedScript); if (!aHadInsecureImageRedirect) { if (XRE_IsParentProcess()) { - AccumulateMixedContentHSTS(innerContentLocation, active, doHSTSPriming); + AccumulateMixedContentHSTS(innerContentLocation, active); } else { // Ask the parent process to do the same call mozilla::dom::ContentChild* cc = mozilla::dom::ContentChild::GetSingleton(); if (cc) { mozilla::ipc::URIParams uri; SerializeURI(innerContentLocation, uri); - cc->SendAccumulateMixedContentHSTS(uri, active, doHSTSPriming); + cc->SendAccumulateMixedContentHSTS(uri, active); } } } @@ -929,13 +860,7 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect, } } } else { - if (doHSTSPriming) { - document->AddHSTSPrimingLocation(innerContentLocation, - HSTSPrimingState::eHSTS_PRIMING_BLOCK); - *aDecision = nsIContentPolicy::ACCEPT; - } else { - *aDecision = nsIContentPolicy::REJECT_REQUEST; - } + *aDecision = nsIContentPolicy::REJECT_REQUEST; LogMixedContentMessage(classification, aContentLocation, rootDoc, eBlocked); if (!rootDoc->GetHasMixedDisplayContentBlocked() && NS_SUCCEEDED(stateRV)) { rootDoc->SetHasMixedDisplayContentBlocked(true); @@ -981,13 +906,7 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect, } } else { //User has not overriden the pref by Disabling protection. Reject the request and update the security state. - if (doHSTSPriming) { - document->AddHSTSPrimingLocation(innerContentLocation, - HSTSPrimingState::eHSTS_PRIMING_BLOCK); - *aDecision = nsIContentPolicy::ACCEPT; - } else { - *aDecision = nsIContentPolicy::REJECT_REQUEST; - } + *aDecision = nsIContentPolicy::REJECT_REQUEST; LogMixedContentMessage(classification, aContentLocation, rootDoc, eBlocked); // See if the pref will change here. If it will, only then do we need to call OnSecurityChange() to update the UI. if (rootDoc->GetHasMixedActiveContentBlocked()) { @@ -1052,24 +971,10 @@ enum MixedContentHSTSState { MCB_HSTS_ACTIVE_WITH_HSTS = 3 }; -// Similar to the existing mixed-content HSTS, except MCB_HSTS_*_NO_HSTS is -// broken into two distinct states, indicating whether we plan to send a priming -// request or not. If we decided not go send a priming request, it could be -// because it is a type we do not support, or because we cached a previous -// negative response. -enum MixedContentHSTSPrimingState { - eMCB_HSTS_PASSIVE_WITH_HSTS = 0, - eMCB_HSTS_ACTIVE_WITH_HSTS = 1, - eMCB_HSTS_PASSIVE_NO_PRIMING = 2, - eMCB_HSTS_PASSIVE_DO_PRIMING = 3, - eMCB_HSTS_ACTIVE_NO_PRIMING = 4, - eMCB_HSTS_ACTIVE_DO_PRIMING = 5 -}; - // Record information on when HSTS would have made mixed content not mixed // content (regardless of whether it was actually blocked) void -nsMixedContentBlocker::AccumulateMixedContentHSTS(nsIURI* aURI, bool aActive, bool aHasHSTSPriming) +nsMixedContentBlocker::AccumulateMixedContentHSTS(nsIURI* aURI, bool aActive) { // This method must only be called in the parent, because // nsSiteSecurityService is only available in the parent @@ -1089,108 +994,26 @@ nsMixedContentBlocker::AccumulateMixedContentHSTS(nsIURI* aURI, bool aActive, bo return; } - // states: would upgrade, would prime, hsts info cached + // states: would upgrade, hsts info cached // active, passive // if (!aActive) { if (!hsts) { Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS, MCB_HSTS_PASSIVE_NO_HSTS); - if (aHasHSTSPriming) { - Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING, - eMCB_HSTS_PASSIVE_DO_PRIMING); - } else { - Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING, - eMCB_HSTS_PASSIVE_NO_PRIMING); - } } else { Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS, MCB_HSTS_PASSIVE_WITH_HSTS); - Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING, - eMCB_HSTS_PASSIVE_WITH_HSTS); } } else { if (!hsts) { Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS, MCB_HSTS_ACTIVE_NO_HSTS); - if (aHasHSTSPriming) { - Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING, - eMCB_HSTS_ACTIVE_DO_PRIMING); - } else { - Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING, - eMCB_HSTS_ACTIVE_NO_PRIMING); - } } else { Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS, MCB_HSTS_ACTIVE_WITH_HSTS); - Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING, - eMCB_HSTS_ACTIVE_WITH_HSTS); } } -} - -//static -nsresult -nsMixedContentBlocker::MarkLoadInfoForPriming(nsIURI* aURI, - nsISupports* aRequestingContext, - nsILoadInfo* aLoadInfo) -{ - nsresult rv; - bool sendPriming = false; - bool mixedContentWouldBlock = false; - rv = GetHSTSPrimingFromRequestingContext(aURI, - aRequestingContext, - &sendPriming, - &mixedContentWouldBlock); - NS_ENSURE_SUCCESS(rv, rv); - - if (sendPriming) { - aLoadInfo->SetHSTSPriming(mixedContentWouldBlock); - } - - return NS_OK; -} - -//static -nsresult -nsMixedContentBlocker::GetHSTSPrimingFromRequestingContext(nsIURI* aURI, - nsISupports* aRequestingContext, - bool* aSendPrimingRequest, - bool* aMixedContentWouldBlock) -{ - *aSendPrimingRequest = false; - *aMixedContentWouldBlock = false; - // If we marked for priming, we used the innermost URI, so get that - nsCOMPtr<nsIURI> innerURI = NS_GetInnermostURI(aURI); - if (!innerURI) { - NS_ERROR("Can't get innerURI from aContentLocation"); - return NS_ERROR_CONTENT_BLOCKED; - } - - bool isHttp = false; - innerURI->SchemeIs("http", &isHttp); - if (!isHttp) { - // there is nothign to do - return NS_OK; - } - - // If the DocShell was marked for HSTS priming, propagate that to the LoadInfo - nsCOMPtr<nsIDocShell> docShell = NS_CP_GetDocShellFromContext(aRequestingContext); - if (!docShell) { - return NS_OK; - } - nsCOMPtr<nsIDocument> document = docShell->GetDocument(); - if (!document) { - return NS_OK; - } - - HSTSPrimingState status = document->GetHSTSPrimingStateForLocation(innerURI); - if (status != HSTSPrimingState::eNO_HSTS_PRIMING) { - *aSendPrimingRequest = (status != HSTSPrimingState::eNO_HSTS_PRIMING); - *aMixedContentWouldBlock = (status == HSTSPrimingState::eHSTS_PRIMING_BLOCK); - } - - return NS_OK; -} +}
\ No newline at end of file |