Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
2016-09-27 18:27:00 +03:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
|
|
#include "nsISupports.idl"
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* HSTS priming attempts to prevent mixed-content by looking for the
|
|
|
|
|
* Strict-Transport-Security header as a signal from the server that it is
|
|
|
|
|
* safe to upgrade HTTP to HTTPS.
|
|
|
|
|
*
|
|
|
|
|
* Since mixed-content blocking happens very early in the process in AsyncOpen2,
|
|
|
|
|
* the status of mixed-content blocking is stored in the LoadInfo and then used
|
|
|
|
|
* to determine whether to send a priming request or not.
|
|
|
|
|
*
|
|
|
|
|
* This interface is implemented by nsHttpChannel so that it can receive the
|
|
|
|
|
* result of HSTS priming.
|
|
|
|
|
*/
|
|
|
|
|
[builtinclass, uuid(eca6daca-3f2a-4a2a-b3bf-9f24f79bc999)]
|
|
|
|
|
interface nsIHstsPrimingCallback : nsISupports
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* HSTS priming has succeeded with an STS header, and the site asserts it is
|
|
|
|
|
* safe to upgrade the request from HTTP to HTTPS. The request may still be
|
|
|
|
|
* blocked based on the user's preferences.
|
|
|
|
|
*
|
|
|
|
|
* May be invoked synchronously if HSTS priming has already been performed
|
|
|
|
|
* for the host.
|
|
|
|
|
*
|
|
|
|
|
* @param aCached whether the result was already in the HSTS cache
|
|
|
|
|
*/
|
2016-12-27 10:22:07 +03:00
|
|
|
[noscript, nostdcall, must_use]
|
Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
2016-09-27 18:27:00 +03:00
|
|
|
void onHSTSPrimingSucceeded(in bool aCached);
|
2016-12-09 00:07:55 +03:00
|
|
|
|
Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
2016-09-27 18:27:00 +03:00
|
|
|
/**
|
|
|
|
|
* HSTS priming has seen no STS header, the request itself has failed,
|
|
|
|
|
* or some other failure which does not constitute a positive signal that the
|
|
|
|
|
* site can be upgraded safely to HTTPS. The request may still be allowed
|
|
|
|
|
* based on the user's preferences.
|
|
|
|
|
*
|
|
|
|
|
* May be invoked synchronously if HSTS priming has already been performed
|
|
|
|
|
* for the host.
|
|
|
|
|
*
|
|
|
|
|
* @param aError The error which caused this failure, or NS_ERROR_CONTENT_BLOCKED
|
|
|
|
|
* @param aCached whether the result was already in the HSTS cache
|
|
|
|
|
*/
|
2016-12-27 10:22:07 +03:00
|
|
|
[noscript, nostdcall, must_use]
|
Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
2016-09-27 18:27:00 +03:00
|
|
|
void onHSTSPrimingFailed(in nsresult aError, in bool aCached);
|
|
|
|
|
};
|
