From d9aff90f06254a0b724a0ea9c21db39f74ff8fc6 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Sun, 14 Jul 2019 22:41:01 +0200 Subject: Add preference to allow the loading of FTP subresources for corner cases --- dom/security/nsContentSecurityManager.cpp | 3 +++ modules/libpref/init/all.js | 3 +++ netwerk/base/nsIOService.cpp | 9 +++++++++ netwerk/base/nsIOService.h | 4 ++++ 4 files changed, 19 insertions(+) diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp index f2cbc8fcf..12c55e8f6 100644 --- a/dom/security/nsContentSecurityManager.cpp +++ b/dom/security/nsContentSecurityManager.cpp @@ -98,6 +98,9 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel) // We dissallow using FTP resources as a subresource everywhere. // The only valid way to use FTP resources is loading it as // a top level document. + if (!mozilla::net::nsIOService::BlockFTPSubresources()) { + return NS_OK; + } nsCOMPtr loadInfo = aChannel->GetLoadInfo(); if (!loadInfo) { diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index f761c70b9..1aec5f393 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -5440,6 +5440,9 @@ pref("layout.css.servo.enabled", true); // URL-Bar will not be blocked when flipping this pref. pref("security.data_uri.block_toplevel_data_uri_navigations", true); +// If true, all FTP subresource loads will be blocked. +pref("security.block_ftp_subresources", true); + // Disable Storage api in release builds. #ifdef NIGHTLY_BUILD pref("dom.storageManager.enabled", true); diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp index e0dc7d8e8..bd9a4a96f 100644 --- a/netwerk/base/nsIOService.cpp +++ b/netwerk/base/nsIOService.cpp @@ -166,6 +166,7 @@ uint32_t nsIOService::gDefaultSegmentSize = 4096; uint32_t nsIOService::gDefaultSegmentCount = 24; bool nsIOService::sBlockToplevelDataUriNavigations = false; +bool nsIOService::sBlockFTPSubresources = false; //////////////////////////////////////////////////////////////////////////////// @@ -243,6 +244,8 @@ nsIOService::Init() Preferences::AddBoolVarCache(&sBlockToplevelDataUriNavigations, "security.data_uri.block_toplevel_data_uri_navigations", false); + Preferences::AddBoolVarCache(&sBlockFTPSubresources, + "security.block_ftp_subresources", true); Preferences::AddBoolVarCache(&mOfflineMirrorsConnectivity, OFFLINE_MIRRORS_CONNECTIVITY, true); gIOService = this; @@ -1869,5 +1872,11 @@ nsIOService::BlockToplevelDataUriNavigations() return sBlockToplevelDataUriNavigations; } +/*static*/ bool +nsIOService::BlockFTPSubresources() +{ + return sBlockFTPSubresources; +} + } // namespace net } // namespace mozilla diff --git a/netwerk/base/nsIOService.h b/netwerk/base/nsIOService.h index 19eed743a..f3a26f5d2 100644 --- a/netwerk/base/nsIOService.h +++ b/netwerk/base/nsIOService.h @@ -94,6 +94,8 @@ public: static bool BlockToplevelDataUriNavigations(); + static bool BlockFTPSubresources(); + // Used to trigger a recheck of the captive portal status nsresult RecheckCaptivePortal(); private: @@ -175,6 +177,8 @@ private: static bool sBlockToplevelDataUriNavigations; + static bool sBlockFTPSubresources; + // Time a network tearing down started. mozilla::Atomic mNetTearingDownStarted; public: -- cgit v1.2.3