From d9aff90f06254a0b724a0ea9c21db39f74ff8fc6 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@wolfbeast.com>
Date: Sun, 14 Jul 2019 22:41:01 +0200
Subject: Add preference to allow the loading of FTP subresources for corner
 cases

---
 dom/security/nsContentSecurityManager.cpp | 3 +++
 modules/libpref/init/all.js               | 3 +++
 netwerk/base/nsIOService.cpp              | 9 +++++++++
 netwerk/base/nsIOService.h                | 4 ++++
 4 files changed, 19 insertions(+)

diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp
index f2cbc8fcf..12c55e8f6 100644
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -98,6 +98,9 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel)
   // We dissallow using FTP resources as a subresource everywhere.
   // The only valid way to use FTP resources is loading it as
   // a top level document.
+  if (!mozilla::net::nsIOService::BlockFTPSubresources()) {
+    return NS_OK;
+  }
 
   nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
   if (!loadInfo) {
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
index f761c70b9..1aec5f393 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -5440,6 +5440,9 @@ pref("layout.css.servo.enabled", true);
 // URL-Bar will not be blocked when flipping this pref.
 pref("security.data_uri.block_toplevel_data_uri_navigations", true);
 
+// If true, all FTP subresource loads will be blocked.
+pref("security.block_ftp_subresources", true);
+
 // Disable Storage api in release builds.
 #ifdef NIGHTLY_BUILD
 pref("dom.storageManager.enabled", true);
diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
index e0dc7d8e8..bd9a4a96f 100644
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@@ -166,6 +166,7 @@ uint32_t   nsIOService::gDefaultSegmentSize = 4096;
 uint32_t   nsIOService::gDefaultSegmentCount = 24;
 
 bool nsIOService::sBlockToplevelDataUriNavigations = false;
+bool nsIOService::sBlockFTPSubresources = false;
 
 ////////////////////////////////////////////////////////////////////////////////
 
@@ -243,6 +244,8 @@ nsIOService::Init()
 
     Preferences::AddBoolVarCache(&sBlockToplevelDataUriNavigations,
                                  "security.data_uri.block_toplevel_data_uri_navigations", false);
+    Preferences::AddBoolVarCache(&sBlockFTPSubresources,
+                                 "security.block_ftp_subresources", true);
     Preferences::AddBoolVarCache(&mOfflineMirrorsConnectivity, OFFLINE_MIRRORS_CONNECTIVITY, true);
 
     gIOService = this;
@@ -1869,5 +1872,11 @@ nsIOService::BlockToplevelDataUriNavigations()
   return sBlockToplevelDataUriNavigations;
 }
 
+/*static*/ bool
+nsIOService::BlockFTPSubresources()
+{
+  return sBlockFTPSubresources;
+}
+
 } // namespace net
 } // namespace mozilla
diff --git a/netwerk/base/nsIOService.h b/netwerk/base/nsIOService.h
index 19eed743a..f3a26f5d2 100644
--- a/netwerk/base/nsIOService.h
+++ b/netwerk/base/nsIOService.h
@@ -94,6 +94,8 @@ public:
 
     static bool BlockToplevelDataUriNavigations();
 
+    static bool BlockFTPSubresources();
+
     // Used to trigger a recheck of the captive portal status
     nsresult RecheckCaptivePortal();
 private:
@@ -175,6 +177,8 @@ private:
 
     static bool                          sBlockToplevelDataUriNavigations;
 
+    static bool                          sBlockFTPSubresources;
+
     // Time a network tearing down started.
     mozilla::Atomic<PRIntervalTime> mNetTearingDownStarted;
 public:
-- 
cgit v1.2.3