summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-11-04 16:05:27 +0100
committerwolfbeast <mcwerewolf@gmail.com>2018-11-04 16:05:27 +0100
commit4a188c7b99a2cb7bbc335ef838d2d47f67810715 (patch)
tree5559b7d934b85539724e08533bb619dd0170b5cf
parent7eae711faa4897a928a6a278173e527bc54e6e5b (diff)
downloaduxp-4a188c7b99a2cb7bbc335ef838d2d47f67810715.tar.gz
Make opportunistic encryption configurable.
This adds a pref "network.http.opportunistic-encryption" that controls whether we send an "Upgrade-Insecure-Requests : 1" header on document navigation or not. This patch modifies the platform network parts. Default for the platform is "true". Part 1 for #863
-rw-r--r--modules/libpref/init/all.js3
-rw-r--r--netwerk/protocol/http/nsHttpChannel.cpp9
-rw-r--r--netwerk/protocol/http/nsHttpChannel.h4
3 files changed, 14 insertions, 2 deletions
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
index 957affa795..4fb112567d 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -1374,6 +1374,9 @@ pref("network.tickle-wifi.delay", 16);
// Turn off interprocess security checks. Needed to run xpcshell tests.
pref("network.disable.ipc.security", false);
+// Send upgrade-insecure-requests HTTP header
+pref("network.http.opportunistic-encryption", true);
+
// Default action for unlisted external protocol handlers
pref("network.protocol-handler.external-default", true); // OK to load
pref("network.protocol-handler.warn-external-default", true); // warn before load
diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
index bb0b3ca774..cfc2ee2610 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -313,11 +313,15 @@ nsHttpChannel::nsHttpChannel()
, mPushedStream(nullptr)
, mLocalBlocklist(false)
, mWarningReporter(nullptr)
+ , mSendUpgradeRequest(false)
, mDidReval(false)
{
LOG(("Creating nsHttpChannel [this=%p]\n", this));
mChannelCreationTime = PR_Now();
mChannelCreationTimestamp = TimeStamp::Now();
+
+ mSendUpgradeRequest =
+ Preferences::GetBool("network.http.opportunistic-encryption", false);
}
nsHttpChannel::~nsHttpChannel()
@@ -377,8 +381,9 @@ nsHttpChannel::Connect()
mLoadInfo->GetExternalContentPolicyType() :
nsIContentPolicy::TYPE_OTHER;
- if (type == nsIContentPolicy::TYPE_DOCUMENT ||
- type == nsIContentPolicy::TYPE_SUBDOCUMENT) {
+ if (mSendUpgradeRequest &&
+ (type == nsIContentPolicy::TYPE_DOCUMENT ||
+ type == nsIContentPolicy::TYPE_SUBDOCUMENT)) {
rv = SetRequestHeader(NS_LITERAL_CSTRING("Upgrade-Insecure-Requests"),
NS_LITERAL_CSTRING("1"), false);
NS_ENSURE_SUCCESS(rv, rv);
diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
index 2e24d6e81c..152cf1503d 100644
--- a/netwerk/protocol/http/nsHttpChannel.h
+++ b/netwerk/protocol/http/nsHttpChannel.h
@@ -597,6 +597,10 @@ private:
HttpChannelSecurityWarningReporter* mWarningReporter;
RefPtr<ADivertableParentChannel> mParentChannel;
+
+ // Whether we send opportunistic encryption requests.
+ bool mSendUpgradeRequest;
+
protected:
virtual void DoNotifyListenerCleanup() override;