diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-11-04 16:05:27 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-11-04 16:05:27 +0100 |
commit | 4a188c7b99a2cb7bbc335ef838d2d47f67810715 (patch) | |
tree | 5559b7d934b85539724e08533bb619dd0170b5cf | |
parent | 7eae711faa4897a928a6a278173e527bc54e6e5b (diff) | |
download | uxp-4a188c7b99a2cb7bbc335ef838d2d47f67810715.tar.gz |
Make opportunistic encryption configurable.
This adds a pref "network.http.opportunistic-encryption" that controls whether
we send an "Upgrade-Insecure-Requests : 1" header on document navigation or not.
This patch modifies the platform network parts. Default for the platform is "true".
Part 1 for #863
-rw-r--r-- | modules/libpref/init/all.js | 3 | ||||
-rw-r--r-- | netwerk/protocol/http/nsHttpChannel.cpp | 9 | ||||
-rw-r--r-- | netwerk/protocol/http/nsHttpChannel.h | 4 |
3 files changed, 14 insertions, 2 deletions
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index 957affa795..4fb112567d 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -1374,6 +1374,9 @@ pref("network.tickle-wifi.delay", 16); // Turn off interprocess security checks. Needed to run xpcshell tests. pref("network.disable.ipc.security", false); +// Send upgrade-insecure-requests HTTP header +pref("network.http.opportunistic-encryption", true); + // Default action for unlisted external protocol handlers pref("network.protocol-handler.external-default", true); // OK to load pref("network.protocol-handler.warn-external-default", true); // warn before load diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp index bb0b3ca774..cfc2ee2610 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp @@ -313,11 +313,15 @@ nsHttpChannel::nsHttpChannel() , mPushedStream(nullptr) , mLocalBlocklist(false) , mWarningReporter(nullptr) + , mSendUpgradeRequest(false) , mDidReval(false) { LOG(("Creating nsHttpChannel [this=%p]\n", this)); mChannelCreationTime = PR_Now(); mChannelCreationTimestamp = TimeStamp::Now(); + + mSendUpgradeRequest = + Preferences::GetBool("network.http.opportunistic-encryption", false); } nsHttpChannel::~nsHttpChannel() @@ -377,8 +381,9 @@ nsHttpChannel::Connect() mLoadInfo->GetExternalContentPolicyType() : nsIContentPolicy::TYPE_OTHER; - if (type == nsIContentPolicy::TYPE_DOCUMENT || - type == nsIContentPolicy::TYPE_SUBDOCUMENT) { + if (mSendUpgradeRequest && + (type == nsIContentPolicy::TYPE_DOCUMENT || + type == nsIContentPolicy::TYPE_SUBDOCUMENT)) { rv = SetRequestHeader(NS_LITERAL_CSTRING("Upgrade-Insecure-Requests"), NS_LITERAL_CSTRING("1"), false); NS_ENSURE_SUCCESS(rv, rv); diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h index 2e24d6e81c..152cf1503d 100644 --- a/netwerk/protocol/http/nsHttpChannel.h +++ b/netwerk/protocol/http/nsHttpChannel.h @@ -597,6 +597,10 @@ private: HttpChannelSecurityWarningReporter* mWarningReporter; RefPtr<ADivertableParentChannel> mParentChannel; + + // Whether we send opportunistic encryption requests. + bool mSendUpgradeRequest; + protected: virtual void DoNotifyListenerCleanup() override; |