2 files changed, 11 insertions, 2 deletions

diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
index bb0b3ca77..cfc2ee261 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -313,11 +313,15 @@ nsHttpChannel::nsHttpChannel()
     , mPushedStream(nullptr)
     , mLocalBlocklist(false)
     , mWarningReporter(nullptr)
+    , mSendUpgradeRequest(false)
     , mDidReval(false)
 {
     LOG(("Creating nsHttpChannel [this=%p]\n", this));
     mChannelCreationTime = PR_Now();
     mChannelCreationTimestamp = TimeStamp::Now();
+    
+    mSendUpgradeRequest = 
+      Preferences::GetBool("network.http.opportunistic-encryption", false);
 }
 
 nsHttpChannel::~nsHttpChannel()
@@ -377,8 +381,9 @@ nsHttpChannel::Connect()
                                mLoadInfo->GetExternalContentPolicyType() :
                                nsIContentPolicy::TYPE_OTHER;
 
-    if (type == nsIContentPolicy::TYPE_DOCUMENT ||
-        type == nsIContentPolicy::TYPE_SUBDOCUMENT) {
+    if (mSendUpgradeRequest &&
+        (type == nsIContentPolicy::TYPE_DOCUMENT ||
+         type == nsIContentPolicy::TYPE_SUBDOCUMENT)) {
         rv = SetRequestHeader(NS_LITERAL_CSTRING("Upgrade-Insecure-Requests"),
                               NS_LITERAL_CSTRING("1"), false);
         NS_ENSURE_SUCCESS(rv, rv);
diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
index 2e24d6e81..152cf1503 100644
--- a/netwerk/protocol/http/nsHttpChannel.h
+++ b/netwerk/protocol/http/nsHttpChannel.h
@@ -597,6 +597,10 @@ private:
     HttpChannelSecurityWarningReporter* mWarningReporter;
 
     RefPtr<ADivertableParentChannel> mParentChannel;
+    
+    // Whether we send opportunistic encryption requests.
+    bool mSendUpgradeRequest;
+
 protected:
     virtual void DoNotifyListenerCleanup() override;