diff options
author | Gaming4JC <g4jc@bulletmail.org> | 2018-05-26 15:00:01 -0400 |
---|---|---|
committer | Gaming4JC <g4jc@bulletmail.org> | 2018-05-26 15:42:45 -0400 |
commit | bd851735628cd6b07285e87fa60081e9d11a3b7e (patch) | |
tree | c4a2831c9188f2d68e57c3b379bf86e7ff54cf93 /netwerk/protocol/http/nsHttpChannel.cpp | |
parent | 8f354e52d09d1bf2fadfbbfc141d4f32241599a4 (diff) | |
download | UXP-bd851735628cd6b07285e87fa60081e9d11a3b7e.tar UXP-bd851735628cd6b07285e87fa60081e9d11a3b7e.tar.gz UXP-bd851735628cd6b07285e87fa60081e9d11a3b7e.tar.lz UXP-bd851735628cd6b07285e87fa60081e9d11a3b7e.tar.xz UXP-bd851735628cd6b07285e87fa60081e9d11a3b7e.zip |
Remove support and tests for HSTS priming from the tree. Fixes #384
Diffstat (limited to 'netwerk/protocol/http/nsHttpChannel.cpp')
-rw-r--r-- | netwerk/protocol/http/nsHttpChannel.cpp | 143 |
1 files changed, 1 insertions, 142 deletions
diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp index 9107b16e8..7bcec146d 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp @@ -100,7 +100,6 @@ #include "mozilla/net/Predictor.h" #include "CacheControlParser.h" #include "nsMixedContentBlocker.h" -#include "HSTSPrimerListener.h" #include "CacheStorageService.h" namespace mozilla { namespace net { @@ -465,50 +464,12 @@ nsHttpChannel::Connect() // otherwise, let's just proceed without using the cache. } - return TryHSTSPriming(); -} - -nsresult -nsHttpChannel::TryHSTSPriming() -{ - if (mLoadInfo) { - // HSTS priming requires the LoadInfo provided with AsyncOpen2 - bool requireHSTSPriming = - mLoadInfo->GetForceHSTSPriming(); - - if (requireHSTSPriming && - nsMixedContentBlocker::sSendHSTSPriming && - mInterceptCache == DO_NOT_INTERCEPT) { - bool isHttpsScheme; - nsresult rv = mURI->SchemeIs("https", &isHttpsScheme); - NS_ENSURE_SUCCESS(rv, rv); - if (!isHttpsScheme) { - rv = HSTSPrimingListener::StartHSTSPriming(this, this); - - if (NS_FAILED(rv)) { - CloseCacheEntry(false); - return rv; - } - - return NS_OK; - } - - // The request was already upgraded, for example by - // upgrade-insecure-requests or a prior successful priming request - Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING_RESULT, - HSTSPrimingResult::eHSTS_PRIMING_ALREADY_UPGRADED); - mLoadInfo->ClearHSTSPriming(); - } - } - return ContinueConnect(); } nsresult nsHttpChannel::ContinueConnect() { - // If we have had HSTS priming, we need to reevaluate whether we need - // a CORS preflight. Bug: 1272440 // If we need to start a CORS preflight, do it now! // Note that it is important to do this before the early returns below. if (!mIsCorsPreflightDone && mRequireCORSPreflight && @@ -4283,7 +4244,7 @@ nsHttpChannel::OnCacheEntryAvailableInternal(nsICacheEntry *entry, return NS_OK; } - return TryHSTSPriming(); + return ContinueConnect(); } nsresult @@ -5699,7 +5660,6 @@ NS_INTERFACE_MAP_BEGIN(nsHttpChannel) NS_INTERFACE_MAP_ENTRY(nsIDNSListener) NS_INTERFACE_MAP_ENTRY(nsISupportsWeakReference) NS_INTERFACE_MAP_ENTRY(nsICorsPreflightCallback) - NS_INTERFACE_MAP_ENTRY(nsIHstsPrimingCallback) NS_INTERFACE_MAP_ENTRY(nsIChannelWithDivertableParentListener) // we have no macro that covers this case. if (aIID.Equals(NS_GET_IID(nsHttpChannel)) ) { @@ -8186,107 +8146,6 @@ nsHttpChannel::OnPreflightFailed(nsresult aError) } //----------------------------------------------------------------------------- -// nsIHstsPrimingCallback functions -//----------------------------------------------------------------------------- - -/* - * May be invoked synchronously if HSTS priming has already been performed - * for the host. - */ -nsresult -nsHttpChannel::OnHSTSPrimingSucceeded(bool aCached) -{ - if (nsMixedContentBlocker::sUseHSTS) { - // redirect the channel to HTTPS if the pref - // "security.mixed_content.use_hsts" is true - LOG(("HSTS Priming succeeded, redirecting to HTTPS [this=%p]", this)); - Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING_RESULT, - (aCached) ? HSTSPrimingResult::eHSTS_PRIMING_CACHED_DO_UPGRADE : - HSTSPrimingResult::eHSTS_PRIMING_SUCCEEDED); - return AsyncCall(&nsHttpChannel::HandleAsyncRedirectChannelToHttps); - } - - // If "security.mixed_content.use_hsts" is false, record the result of - // HSTS priming and block or proceed with the load as required by - // mixed-content blocking - bool wouldBlock = mLoadInfo->GetMixedContentWouldBlock(); - - // preserve the mixed-content-before-hsts order and block if required - if (wouldBlock) { - LOG(("HSTS Priming succeeded, blocking for mixed-content [this=%p]", - this)); - Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING_RESULT, - HSTSPrimingResult::eHSTS_PRIMING_SUCCEEDED_BLOCK); - CloseCacheEntry(false); - return AsyncAbort(NS_ERROR_CONTENT_BLOCKED); - } - - LOG(("HSTS Priming succeeded, loading insecure: [this=%p]", this)); - Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING_RESULT, - HSTSPrimingResult::eHSTS_PRIMING_SUCCEEDED_HTTP); - - nsresult rv = ContinueConnect(); - if (NS_FAILED(rv)) { - CloseCacheEntry(false); - return AsyncAbort(rv); - } - - return NS_OK; -} - -/* - * May be invoked synchronously if HSTS priming has already been performed - * for the host. - */ -nsresult -nsHttpChannel::OnHSTSPrimingFailed(nsresult aError, bool aCached) -{ - bool wouldBlock = mLoadInfo->GetMixedContentWouldBlock(); - - LOG(("HSTS Priming Failed [this=%p], %s the load", this, - (wouldBlock) ? "blocking" : "allowing")); - if (aCached) { - // Between the time we marked for priming and started the priming request, - // the host was found to not allow the upgrade, probably from another - // priming request. - Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING_RESULT, - (wouldBlock) ? HSTSPrimingResult::eHSTS_PRIMING_CACHED_BLOCK : - HSTSPrimingResult::eHSTS_PRIMING_CACHED_NO_UPGRADE); - } else { - // A priming request was sent, and no HSTS header was found that allows - // the upgrade. - Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING_RESULT, - (wouldBlock) ? HSTSPrimingResult::eHSTS_PRIMING_FAILED_BLOCK : - HSTSPrimingResult::eHSTS_PRIMING_FAILED_ACCEPT); - } - - // Don't visit again for at least - // security.mixed_content.hsts_priming_cache_timeout seconds. - nsISiteSecurityService* sss = gHttpHandler->GetSSService(); - NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY); - nsresult rv = sss->CacheNegativeHSTSResult(mURI, - nsMixedContentBlocker::sHSTSPrimingCacheTimeout); - if (NS_FAILED(rv)) { - NS_ERROR("nsISiteSecurityService::CacheNegativeHSTSResult failed"); - } - - // If we would block, go ahead and abort with the error provided - if (wouldBlock) { - CloseCacheEntry(false); - return AsyncAbort(aError); - } - - // we can continue the load and the UI has been updated as mixed content - rv = ContinueConnect(); - if (NS_FAILED(rv)) { - CloseCacheEntry(false); - return AsyncAbort(rv); - } - - return NS_OK; -} - -//----------------------------------------------------------------------------- // AChannelHasDivertableParentChannelAsListener internal functions //----------------------------------------------------------------------------- |