2020-03-17 22:24:31 +03:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
2021-02-18 16:26:31 +03:00
|
|
|
#include "mozilla/Components.h"
|
2020-09-25 14:23:56 +03:00
|
|
|
#include "mozilla/ClearOnShutdown.h"
|
2020-08-12 15:57:22 +03:00
|
|
|
#include "mozilla/NullPrincipal.h"
|
2020-03-17 22:24:31 +03:00
|
|
|
#include "mozilla/StaticPrefs_dom.h"
|
2020-04-29 18:52:19 +03:00
|
|
|
#include "mozilla/net/DNS.h"
|
2020-03-17 22:24:31 +03:00
|
|
|
#include "nsContentUtils.h"
|
2020-05-26 14:45:21 +03:00
|
|
|
#include "nsHTTPSOnlyUtils.h"
|
2020-03-17 22:24:31 +03:00
|
|
|
#include "nsIConsoleService.h"
|
2020-08-10 11:51:44 +03:00
|
|
|
#include "nsIHttpChannel.h"
|
2020-10-13 17:06:28 +03:00
|
|
|
#include "nsIHttpChannelInternal.h"
|
2020-07-08 15:06:02 +03:00
|
|
|
#include "nsIHttpsOnlyModePermission.h"
|
|
|
|
#include "nsIPermissionManager.h"
|
2020-08-12 15:57:22 +03:00
|
|
|
#include "nsIPrincipal.h"
|
2021-03-11 21:02:27 +03:00
|
|
|
#include "nsIRedirectHistoryEntry.h"
|
2020-03-17 22:24:31 +03:00
|
|
|
#include "nsIScriptError.h"
|
2021-03-29 15:56:33 +03:00
|
|
|
#include "nsIURIMutator.h"
|
|
|
|
#include "nsNetUtil.h"
|
2020-04-29 18:52:19 +03:00
|
|
|
#include "prnetdb.h"
|
|
|
|
|
2020-07-06 11:52:02 +03:00
|
|
|
/* static */
|
|
|
|
bool nsHTTPSOnlyUtils::IsHttpsOnlyModeEnabled(bool aFromPrivateWindow) {
|
|
|
|
// if the general pref is set to true, then we always return
|
|
|
|
if (mozilla::StaticPrefs::dom_security_https_only_mode()) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
// otherwise we check if executing in private browsing mode and return true
|
|
|
|
// if the PBM pref for HTTPS-Only is set.
|
|
|
|
if (aFromPrivateWindow &&
|
|
|
|
mozilla::StaticPrefs::dom_security_https_only_mode_pbm()) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
2020-03-17 22:24:31 +03:00
|
|
|
|
2021-04-13 20:43:12 +03:00
|
|
|
/* static */
|
2021-04-14 14:10:39 +03:00
|
|
|
bool nsHTTPSOnlyUtils::IsHttpsFirstModeEnabled(bool aFromPrivateWindow) {
|
|
|
|
// if the general pref is set to true, then we always return
|
2021-04-21 13:56:54 +03:00
|
|
|
if (mozilla::StaticPrefs::dom_security_https_first()) {
|
2021-04-14 14:10:39 +03:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
// otherwise we check if executing in private browsing mode and return true
|
|
|
|
// if the PBM pref for HTTPS-First is set.
|
|
|
|
if (aFromPrivateWindow &&
|
2021-04-21 13:56:54 +03:00
|
|
|
mozilla::StaticPrefs::dom_security_https_first_pbm()) {
|
2021-04-14 14:10:39 +03:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return false;
|
2021-04-13 20:43:12 +03:00
|
|
|
}
|
|
|
|
|
2020-08-12 15:57:22 +03:00
|
|
|
/* static */
|
|
|
|
void nsHTTPSOnlyUtils::PotentiallyFireHttpRequestToShortenTimout(
|
|
|
|
mozilla::net::DocumentLoadListener* aDocumentLoadListener) {
|
2020-09-07 12:23:06 +03:00
|
|
|
// only send http background request to counter timeouts if the
|
|
|
|
// pref allows us to do that.
|
|
|
|
if (!mozilla::StaticPrefs::
|
|
|
|
dom_security_https_only_mode_send_http_background_request()) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2020-08-12 15:57:22 +03:00
|
|
|
nsCOMPtr<nsIChannel> channel = aDocumentLoadListener->GetChannel();
|
|
|
|
if (!channel) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
|
|
|
|
bool isPrivateWin = loadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
|
|
|
|
|
2021-04-13 20:43:12 +03:00
|
|
|
// if neither HTTPS-Only nor HTTPS-First mode is enabled, then there is
|
|
|
|
// nothing to do here.
|
2021-04-14 14:10:39 +03:00
|
|
|
if (!IsHttpsOnlyModeEnabled(isPrivateWin) &&
|
|
|
|
!IsHttpsFirstModeEnabled(isPrivateWin)) {
|
2020-08-12 15:57:22 +03:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// if we are not dealing with a top-level load, then there is nothing to do
|
|
|
|
// here.
|
|
|
|
if (loadInfo->GetExternalContentPolicyType() !=
|
2021-01-15 15:07:16 +03:00
|
|
|
ExtContentPolicy::TYPE_DOCUMENT) {
|
2020-08-12 15:57:22 +03:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// if the load is exempt, then there is nothing to do here.
|
|
|
|
uint32_t httpsOnlyStatus = loadInfo->GetHttpsOnlyStatus();
|
|
|
|
if (httpsOnlyStatus & nsILoadInfo::nsILoadInfo::HTTPS_ONLY_EXEMPT) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// if it's not an http channel, then there is nothing to do here.
|
|
|
|
nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(channel));
|
|
|
|
if (!httpChannel) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// if it's not a GET method, then there is nothing to do here either.
|
|
|
|
nsAutoCString method;
|
2020-10-06 03:34:55 +03:00
|
|
|
mozilla::Unused << httpChannel->GetRequestMethod(method);
|
2020-08-12 15:57:22 +03:00
|
|
|
if (!method.EqualsLiteral("GET")) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// if it's already an https channel, then there is nothing to do here.
|
|
|
|
nsCOMPtr<nsIURI> channelURI;
|
|
|
|
channel->GetURI(getter_AddRefs(channelURI));
|
2020-12-01 18:36:30 +03:00
|
|
|
if (!channelURI->SchemeIs("http")) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check for general exceptions
|
|
|
|
if (OnionException(channelURI) || LoopbackOrLocalException(channelURI)) {
|
2020-08-12 15:57:22 +03:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
RefPtr<nsIRunnable> task =
|
|
|
|
new TestHTTPAnswerRunnable(channelURI, aDocumentLoadListener);
|
|
|
|
NS_DispatchToMainThread(task.forget());
|
|
|
|
}
|
|
|
|
|
2020-03-17 22:24:31 +03:00
|
|
|
/* static */
|
|
|
|
bool nsHTTPSOnlyUtils::ShouldUpgradeRequest(nsIURI* aURI,
|
|
|
|
nsILoadInfo* aLoadInfo) {
|
2020-04-29 18:52:19 +03:00
|
|
|
// 1. Check if the HTTPS-Only Mode is even enabled, before we do anything else
|
2020-07-06 11:52:02 +03:00
|
|
|
bool isPrivateWin = aLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
|
|
|
|
if (!IsHttpsOnlyModeEnabled(isPrivateWin)) {
|
2020-03-17 22:24:31 +03:00
|
|
|
return false;
|
|
|
|
}
|
2020-04-29 18:52:19 +03:00
|
|
|
|
|
|
|
// 2. Check for general exceptions
|
|
|
|
if (OnionException(aURI) || LoopbackOrLocalException(aURI)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// 3. Check if NoUpgrade-flag is set in LoadInfo
|
2020-03-27 20:09:15 +03:00
|
|
|
uint32_t httpsOnlyStatus = aLoadInfo->GetHttpsOnlyStatus();
|
|
|
|
if (httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_EXEMPT) {
|
|
|
|
AutoTArray<nsString, 1> params = {
|
2020-03-17 22:24:31 +03:00
|
|
|
NS_ConvertUTF8toUTF16(aURI->GetSpecOrDefault())};
|
2020-07-06 11:52:02 +03:00
|
|
|
nsHTTPSOnlyUtils::LogLocalizedString("HTTPSOnlyNoUpgradeException", params,
|
2020-08-14 03:22:59 +03:00
|
|
|
nsIScriptError::infoFlag, aLoadInfo,
|
|
|
|
aURI);
|
2020-03-17 22:24:31 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2020-09-25 14:23:56 +03:00
|
|
|
// All subresources of an exempt triggering principal are also exempt
|
|
|
|
if (aLoadInfo->GetExternalContentPolicyType() !=
|
2021-01-15 15:07:16 +03:00
|
|
|
ExtContentPolicy::TYPE_DOCUMENT) {
|
2020-09-25 14:23:56 +03:00
|
|
|
if (!aLoadInfo->TriggeringPrincipal()->IsSystemPrincipal() &&
|
|
|
|
TestIfPrincipalIsExempt(aLoadInfo->TriggeringPrincipal())) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-04-29 18:52:19 +03:00
|
|
|
// We can upgrade the request - let's log it to the console
|
|
|
|
// Appending an 's' to the scheme for the logging. (http -> https)
|
2020-03-17 22:24:31 +03:00
|
|
|
nsAutoCString scheme;
|
|
|
|
aURI->GetScheme(scheme);
|
|
|
|
scheme.AppendLiteral("s");
|
|
|
|
NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault());
|
|
|
|
NS_ConvertUTF8toUTF16 reportScheme(scheme);
|
|
|
|
|
|
|
|
AutoTArray<nsString, 2> params = {reportSpec, reportScheme};
|
2020-08-14 03:22:59 +03:00
|
|
|
nsHTTPSOnlyUtils::LogLocalizedString("HTTPSOnlyUpgradeRequest", params,
|
|
|
|
nsIScriptError::warningFlag, aLoadInfo,
|
|
|
|
aURI);
|
2020-03-17 22:24:31 +03:00
|
|
|
|
2020-03-27 20:09:15 +03:00
|
|
|
// If the status was not determined before, we now indicate that the request
|
|
|
|
// will get upgraded, but no event-listener has been registered yet.
|
|
|
|
if (httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_UNINITIALIZED) {
|
|
|
|
httpsOnlyStatus ^= nsILoadInfo::HTTPS_ONLY_UNINITIALIZED;
|
|
|
|
httpsOnlyStatus |= nsILoadInfo::HTTPS_ONLY_UPGRADED_LISTENER_NOT_REGISTERED;
|
|
|
|
aLoadInfo->SetHttpsOnlyStatus(httpsOnlyStatus);
|
|
|
|
}
|
2020-04-29 18:52:19 +03:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* static */
|
|
|
|
bool nsHTTPSOnlyUtils::ShouldUpgradeWebSocket(nsIURI* aURI,
|
2020-08-11 14:19:28 +03:00
|
|
|
nsILoadInfo* aLoadInfo) {
|
2020-04-29 18:52:19 +03:00
|
|
|
// 1. Check if the HTTPS-Only Mode is even enabled, before we do anything else
|
2020-08-11 14:19:28 +03:00
|
|
|
bool isPrivateWin = aLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
|
|
|
|
if (!IsHttpsOnlyModeEnabled(isPrivateWin)) {
|
2020-04-29 18:52:19 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// 2. Check for general exceptions
|
|
|
|
if (OnionException(aURI) || LoopbackOrLocalException(aURI)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// 3. Check if NoUpgrade-flag is set in LoadInfo
|
2020-08-11 14:19:28 +03:00
|
|
|
uint32_t httpsOnlyStatus = aLoadInfo->GetHttpsOnlyStatus();
|
|
|
|
if (httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_EXEMPT) {
|
2020-04-29 18:52:19 +03:00
|
|
|
// Let's log to the console, that we didn't upgrade this request
|
|
|
|
AutoTArray<nsString, 1> params = {
|
|
|
|
NS_ConvertUTF8toUTF16(aURI->GetSpecOrDefault())};
|
2020-08-11 14:19:28 +03:00
|
|
|
nsHTTPSOnlyUtils::LogLocalizedString("HTTPSOnlyNoUpgradeException", params,
|
2020-08-14 03:22:59 +03:00
|
|
|
nsIScriptError::infoFlag, aLoadInfo,
|
|
|
|
aURI);
|
2020-04-29 18:52:19 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// We can upgrade the request - let's log it to the console
|
|
|
|
// Appending an 's' to the scheme for the logging. (ws -> wss)
|
|
|
|
nsAutoCString scheme;
|
|
|
|
aURI->GetScheme(scheme);
|
|
|
|
scheme.AppendLiteral("s");
|
|
|
|
NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault());
|
|
|
|
NS_ConvertUTF8toUTF16 reportScheme(scheme);
|
|
|
|
|
|
|
|
AutoTArray<nsString, 2> params = {reportSpec, reportScheme};
|
2020-08-11 14:19:28 +03:00
|
|
|
nsHTTPSOnlyUtils::LogLocalizedString("HTTPSOnlyUpgradeRequest", params,
|
2020-08-14 03:22:59 +03:00
|
|
|
nsIScriptError::warningFlag, aLoadInfo,
|
|
|
|
aURI);
|
2020-03-17 22:24:31 +03:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2021-03-11 21:02:27 +03:00
|
|
|
/* static */
|
2021-06-22 17:56:44 +03:00
|
|
|
bool nsHTTPSOnlyUtils::IsUpgradeDowngradeEndlessLoop(
|
|
|
|
nsIURI* aURI, nsILoadInfo* aLoadInfo,
|
|
|
|
const mozilla::EnumSet<UpgradeDowngradeEndlessLoopOptions>& aOptions) {
|
|
|
|
// 1. Check if the HTTPS-Only/HTTPS-First is even enabled, before doing
|
|
|
|
// anything else
|
2021-03-11 21:02:27 +03:00
|
|
|
bool isPrivateWin = aLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
|
2021-06-22 17:56:44 +03:00
|
|
|
bool enforceForHTTPSOnlyMode =
|
|
|
|
IsHttpsOnlyModeEnabled(isPrivateWin) &&
|
|
|
|
aOptions.contains(
|
|
|
|
UpgradeDowngradeEndlessLoopOptions::EnforceForHTTPSOnlyMode);
|
|
|
|
bool enforceForHTTPSFirstMode =
|
|
|
|
IsHttpsFirstModeEnabled(isPrivateWin) &&
|
|
|
|
aOptions.contains(
|
|
|
|
UpgradeDowngradeEndlessLoopOptions::EnforceForHTTPSFirstMode);
|
2021-06-24 12:27:54 +03:00
|
|
|
bool enforceForHTTPSRR =
|
|
|
|
aOptions.contains(UpgradeDowngradeEndlessLoopOptions::EnforceForHTTPSRR);
|
|
|
|
if (!enforceForHTTPSOnlyMode && !enforceForHTTPSFirstMode &&
|
|
|
|
!enforceForHTTPSRR) {
|
2021-03-11 21:02:27 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// 2. Check if the upgrade downgrade pref even wants us to try to break the
|
2021-06-24 12:27:54 +03:00
|
|
|
// cycle. In the case that HTTPS RR is presented, we ignore this pref.
|
2021-03-11 21:02:27 +03:00
|
|
|
if (!mozilla::StaticPrefs::
|
2021-06-24 12:27:54 +03:00
|
|
|
dom_security_https_only_mode_break_upgrade_downgrade_endless_loop() &&
|
|
|
|
!enforceForHTTPSRR) {
|
2021-03-11 21:02:27 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// 3. If it's not a top-level load, then there is nothing to do here either.
|
|
|
|
if (aLoadInfo->GetExternalContentPolicyType() !=
|
|
|
|
ExtContentPolicy::TYPE_DOCUMENT) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// 4. If the load is exempt, then it's defintely not related to https-only
|
|
|
|
uint32_t httpsOnlyStatus = aLoadInfo->GetHttpsOnlyStatus();
|
2021-06-24 12:27:54 +03:00
|
|
|
if ((httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_EXEMPT) &&
|
|
|
|
!enforceForHTTPSRR) {
|
2021-03-11 21:02:27 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2021-06-24 12:27:54 +03:00
|
|
|
// 5. If the URI to be loaded is not http, then it's defnitely no endless
|
2021-03-11 21:02:27 +03:00
|
|
|
// loop caused by https-only.
|
|
|
|
if (!aURI->SchemeIs("http")) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsAutoCString uriHost;
|
|
|
|
aURI->GetAsciiHost(uriHost);
|
|
|
|
|
2021-06-24 12:27:54 +03:00
|
|
|
// 6. Check actual redirects. If the Principal that kicked off the
|
2021-03-11 21:02:27 +03:00
|
|
|
// load/redirect is not https, then it's definitely not a redirect cause by
|
|
|
|
// https-only. If the scheme of the principal however is https and the
|
|
|
|
// asciiHost of the URI to be loaded and the asciiHost of the Principal are
|
|
|
|
// identical, then we are dealing with an upgrade downgrade scenario and we
|
|
|
|
// have to break the cycle.
|
|
|
|
if (!aLoadInfo->RedirectChain().IsEmpty()) {
|
|
|
|
nsCOMPtr<nsIPrincipal> redirectPrincipal;
|
|
|
|
for (nsIRedirectHistoryEntry* entry : aLoadInfo->RedirectChain()) {
|
|
|
|
entry->GetPrincipal(getter_AddRefs(redirectPrincipal));
|
|
|
|
if (redirectPrincipal && redirectPrincipal->SchemeIs("https")) {
|
|
|
|
nsAutoCString redirectHost;
|
|
|
|
redirectPrincipal->GetAsciiHost(redirectHost);
|
|
|
|
if (uriHost.Equals(redirectHost)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-06-24 12:27:54 +03:00
|
|
|
// 7. Meta redirects and JS based redirects (win.location). If the security
|
2021-03-11 21:02:27 +03:00
|
|
|
// context that triggered the load is not https, then it's defnitely no
|
|
|
|
// endless loop caused by https-only. If the scheme is http however and the
|
|
|
|
// asciiHost of the URI to be loaded matches the asciiHost of the Principal,
|
|
|
|
// then we are dealing with an upgrade downgrade scenario and we have to break
|
|
|
|
// the cycle.
|
|
|
|
nsCOMPtr<nsIPrincipal> triggeringPrincipal = aLoadInfo->TriggeringPrincipal();
|
|
|
|
if (!triggeringPrincipal->SchemeIs("https")) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
nsAutoCString triggeringHost;
|
|
|
|
triggeringPrincipal->GetAsciiHost(triggeringHost);
|
|
|
|
return uriHost.Equals(triggeringHost);
|
|
|
|
}
|
|
|
|
|
2021-04-13 20:43:12 +03:00
|
|
|
/* static */
|
|
|
|
bool nsHTTPSOnlyUtils::ShouldUpgradeHttpsFirstRequest(nsIURI* aURI,
|
|
|
|
nsILoadInfo* aLoadInfo) {
|
|
|
|
// 1. Check if HTTPS-First Mode is enabled
|
2021-04-14 14:10:39 +03:00
|
|
|
bool isPrivateWin = aLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
|
|
|
|
if (!IsHttpsFirstModeEnabled(isPrivateWin)) {
|
2021-04-13 20:43:12 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// 2. HTTPS-First only upgrades top-level loads
|
|
|
|
if (aLoadInfo->GetExternalContentPolicyType() !=
|
|
|
|
ExtContentPolicy::TYPE_DOCUMENT) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2021-04-30 11:35:19 +03:00
|
|
|
// 3. Check for general exceptions
|
|
|
|
if (OnionException(aURI) || LoopbackOrLocalException(aURI)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// 4. Don't upgrade if upgraded previously or exempt from upgrades
|
2021-04-13 20:43:12 +03:00
|
|
|
uint32_t httpsOnlyStatus = aLoadInfo->GetHttpsOnlyStatus();
|
|
|
|
if (httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_UPGRADED_HTTPS_FIRST ||
|
|
|
|
httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_EXEMPT) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2021-05-11 10:50:25 +03:00
|
|
|
// 5. HTTPS-First Mode only upgrades default ports - do not upgrade the
|
|
|
|
// request to https if port is specified and not the default port of 80.
|
|
|
|
MOZ_ASSERT(aURI->SchemeIs("http"), "how come the request is not 'http'?");
|
|
|
|
int defaultPortforScheme = NS_GetDefaultPort("http");
|
|
|
|
// If no port is specified, then the API returns -1 to indicate the default
|
|
|
|
// port.
|
|
|
|
int32_t port = 0;
|
|
|
|
nsresult rv = aURI->GetPort(&port);
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
if (port != defaultPortforScheme && port != -1) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2021-06-22 17:56:44 +03:00
|
|
|
// https-first needs to account for breaking upgrade-downgrade endless
|
|
|
|
// loops at this point because this function is called before we
|
|
|
|
// check the redirect limit in HttpBaseChannel. If we encounter
|
|
|
|
// a same-origin server side downgrade from e.g https://example.com
|
|
|
|
// to http://example.com then we simply not annotating the loadinfo
|
|
|
|
// and returning false from within this function. Please note that
|
|
|
|
// the handling for https-only mode is different from https-first mode,
|
|
|
|
// because https-only mode results in an exception page in case
|
|
|
|
// we encounter and endless upgrade downgrade loop.
|
|
|
|
bool isUpgradeDowngradeEndlessLoop = IsUpgradeDowngradeEndlessLoop(
|
|
|
|
aURI, aLoadInfo,
|
|
|
|
{UpgradeDowngradeEndlessLoopOptions::EnforceForHTTPSFirstMode});
|
|
|
|
if (isUpgradeDowngradeEndlessLoop) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2021-04-13 20:43:12 +03:00
|
|
|
// We can upgrade the request - let's log to the console and set the status
|
|
|
|
// so we know that we upgraded the request.
|
|
|
|
nsAutoCString scheme;
|
|
|
|
aURI->GetScheme(scheme);
|
|
|
|
scheme.AppendLiteral("s");
|
|
|
|
NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault());
|
|
|
|
NS_ConvertUTF8toUTF16 reportScheme(scheme);
|
|
|
|
|
|
|
|
AutoTArray<nsString, 2> params = {reportSpec, reportScheme};
|
|
|
|
nsHTTPSOnlyUtils::LogLocalizedString("HTTPSOnlyUpgradeRequest", params,
|
|
|
|
nsIScriptError::warningFlag, aLoadInfo,
|
|
|
|
aURI, true);
|
|
|
|
|
|
|
|
// Set flag so we know that we upgraded the request
|
|
|
|
httpsOnlyStatus |= nsILoadInfo::HTTPS_ONLY_UPGRADED_HTTPS_FIRST;
|
|
|
|
aLoadInfo->SetHttpsOnlyStatus(httpsOnlyStatus);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* static */
|
|
|
|
already_AddRefed<nsIURI>
|
|
|
|
nsHTTPSOnlyUtils::PotentiallyDowngradeHttpsFirstRequest(nsIChannel* aChannel,
|
2021-06-02 11:35:22 +03:00
|
|
|
nsresult aStatus) {
|
2021-04-13 20:43:12 +03:00
|
|
|
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
|
|
|
|
uint32_t httpsOnlyStatus = loadInfo->GetHttpsOnlyStatus();
|
|
|
|
// Only downgrade if we this request was upgraded using HTTPS-First Mode
|
|
|
|
if (!(httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_UPGRADED_HTTPS_FIRST)) {
|
|
|
|
return nullptr;
|
|
|
|
}
|
2021-06-02 11:35:22 +03:00
|
|
|
// Once loading is in progress we set that flag so that timeout counter
|
|
|
|
// measures do not kick in.
|
2021-04-13 20:43:12 +03:00
|
|
|
loadInfo->SetHttpsOnlyStatus(
|
|
|
|
httpsOnlyStatus | nsILoadInfo::HTTPS_ONLY_TOP_LEVEL_LOAD_IN_PROGRESS);
|
|
|
|
|
2021-06-02 11:35:22 +03:00
|
|
|
nsresult status = aStatus;
|
|
|
|
// Since 4xx and 5xx errors return NS_OK instead of NS_ERROR_*, we need
|
|
|
|
// to check each NS_OK for those errors.
|
|
|
|
// Only downgrade an NS_OK status if it is an 4xx or 5xx error.
|
|
|
|
if (NS_SUCCEEDED(aStatus)) {
|
|
|
|
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
|
|
|
|
// If no httpChannel exists we have nothing to do here.
|
|
|
|
if (!httpChannel) {
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
uint32_t responseStatus = 0;
|
|
|
|
if (NS_FAILED(httpChannel->GetResponseStatus(&responseStatus))) {
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
|
|
|
|
// In case we found one 4xx or 5xx error we need to log it later on,
|
|
|
|
// for that reason we flip the nsresult 'status' from 'NS_OK' to the
|
|
|
|
// corresponding NS_ERROR_*.
|
|
|
|
// To do so we convert the response status to an nsresult error
|
|
|
|
// Every NS_OK that is NOT an 4xx or 5xx error code won't get downgraded.
|
|
|
|
if (responseStatus >= 400 && responseStatus < 512) {
|
|
|
|
// HttpProxyResponseToErrorCode() maps 400 and 404 on
|
|
|
|
// the same error as a 500 status which would lead to no downgrade
|
|
|
|
// later on. For that reason we explicit filter for 400 and 404 status
|
|
|
|
// codes to log them correctly and to downgrade them if possible.
|
|
|
|
switch (responseStatus) {
|
|
|
|
case 400:
|
|
|
|
status = NS_ERROR_PROXY_BAD_REQUEST;
|
|
|
|
break;
|
|
|
|
case 404:
|
|
|
|
status = NS_ERROR_PROXY_NOT_FOUND;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
status = mozilla::net::HttpProxyResponseToErrorCode(responseStatus);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (NS_SUCCEEDED(status)) {
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-13 20:43:12 +03:00
|
|
|
// We're only downgrading if it's possible that the error was
|
|
|
|
// caused by the upgrade.
|
2021-06-02 11:35:22 +03:00
|
|
|
if (HttpsUpgradeUnrelatedErrorCode(status)) {
|
2021-04-13 20:43:12 +03:00
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsCOMPtr<nsIURI> uri;
|
|
|
|
nsresult rv = aChannel->GetURI(getter_AddRefs(uri));
|
|
|
|
NS_ENSURE_SUCCESS(rv, nullptr);
|
|
|
|
|
|
|
|
// Only downgrade if the current scheme is HTTPS
|
|
|
|
if (!uri->SchemeIs("https")) {
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Change the scheme to http
|
|
|
|
nsCOMPtr<nsIURI> newURI;
|
|
|
|
mozilla::Unused << NS_MutateURI(uri).SetScheme("http"_ns).Finalize(
|
|
|
|
getter_AddRefs(newURI));
|
|
|
|
|
|
|
|
// Log downgrade to console
|
|
|
|
NS_ConvertUTF8toUTF16 reportSpec(uri->GetSpecOrDefault());
|
|
|
|
AutoTArray<nsString, 1> params = {reportSpec};
|
|
|
|
nsHTTPSOnlyUtils::LogLocalizedString("HTTPSOnlyFailedDowngradeAgain", params,
|
|
|
|
nsIScriptError::warningFlag, loadInfo,
|
|
|
|
uri, true);
|
|
|
|
|
|
|
|
return newURI.forget();
|
|
|
|
}
|
|
|
|
|
2020-05-26 14:45:21 +03:00
|
|
|
/* static */
|
2020-08-05 18:18:01 +03:00
|
|
|
bool nsHTTPSOnlyUtils::CouldBeHttpsOnlyError(nsIChannel* aChannel,
|
|
|
|
nsresult aError) {
|
|
|
|
// If there is no failed channel, then there is nothing to do here.
|
|
|
|
if (!aChannel) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If HTTPS-Only Mode is not enabled, then there is nothing to do here.
|
|
|
|
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
|
|
|
|
bool isPrivateWin = loadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
|
|
|
|
if (!IsHttpsOnlyModeEnabled(isPrivateWin)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2020-08-26 18:22:40 +03:00
|
|
|
// If the load is exempt or did not get upgraded,
|
|
|
|
// then there is nothing to do here.
|
2020-09-22 20:41:32 +03:00
|
|
|
uint32_t httpsOnlyStatus = loadInfo->GetHttpsOnlyStatus();
|
2020-08-26 18:22:40 +03:00
|
|
|
if (httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_EXEMPT ||
|
|
|
|
httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_UNINITIALIZED) {
|
2020-08-05 18:18:01 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If it's one of those errors, then most likely it's not a HTTPS-Only error
|
|
|
|
// (This list of errors is largely drawn from nsDocShell::DisplayLoadError())
|
2021-04-13 20:43:12 +03:00
|
|
|
return !HttpsUpgradeUnrelatedErrorCode(aError);
|
2020-05-26 14:45:21 +03:00
|
|
|
}
|
|
|
|
|
2020-09-25 14:23:56 +03:00
|
|
|
/* static */
|
|
|
|
bool nsHTTPSOnlyUtils::TestIfPrincipalIsExempt(nsIPrincipal* aPrincipal) {
|
|
|
|
static nsCOMPtr<nsIPermissionManager> sPermMgr;
|
|
|
|
if (!sPermMgr) {
|
2021-02-18 16:26:31 +03:00
|
|
|
sPermMgr = mozilla::components::PermissionManager::Service();
|
2020-09-25 14:23:56 +03:00
|
|
|
mozilla::ClearOnShutdown(&sPermMgr);
|
|
|
|
}
|
|
|
|
NS_ENSURE_TRUE(sPermMgr, false);
|
|
|
|
|
|
|
|
uint32_t perm;
|
|
|
|
nsresult rv = sPermMgr->TestExactPermissionFromPrincipal(
|
|
|
|
aPrincipal, "https-only-load-insecure"_ns, &perm);
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
|
|
|
|
return perm == nsIHttpsOnlyModePermission::LOAD_INSECURE_ALLOW ||
|
|
|
|
perm == nsIHttpsOnlyModePermission::LOAD_INSECURE_ALLOW_SESSION;
|
|
|
|
}
|
|
|
|
|
2020-07-08 15:06:02 +03:00
|
|
|
/* static */
|
2020-08-10 11:51:44 +03:00
|
|
|
void nsHTTPSOnlyUtils::TestSitePermissionAndPotentiallyAddExemption(
|
|
|
|
nsIChannel* aChannel) {
|
|
|
|
NS_ENSURE_TRUE_VOID(aChannel);
|
|
|
|
|
|
|
|
// if https-only mode is not enabled, then there is nothing to do here.
|
|
|
|
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
|
|
|
|
bool isPrivateWin = loadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
|
|
|
|
if (!IsHttpsOnlyModeEnabled(isPrivateWin)) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// if it's not a top-level load then there is nothing to here.
|
2021-01-15 15:07:16 +03:00
|
|
|
ExtContentPolicyType type = loadInfo->GetExternalContentPolicyType();
|
|
|
|
if (type != ExtContentPolicy::TYPE_DOCUMENT) {
|
2020-08-10 11:51:44 +03:00
|
|
|
return;
|
2020-08-07 15:50:31 +03:00
|
|
|
}
|
|
|
|
|
2020-08-10 11:51:44 +03:00
|
|
|
// it it's not an http channel, then there is nothing to do here.
|
|
|
|
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
|
|
|
|
if (!httpChannel) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsCOMPtr<nsIPrincipal> principal;
|
|
|
|
nsresult rv = nsContentUtils::GetSecurityManager()->GetChannelResultPrincipal(
|
|
|
|
aChannel, getter_AddRefs(principal));
|
|
|
|
NS_ENSURE_SUCCESS_VOID(rv);
|
|
|
|
|
|
|
|
// We explicitly add or also remove the exemption flag, because this
|
|
|
|
// function is also consulted after redirects.
|
|
|
|
uint32_t httpsOnlyStatus = loadInfo->GetHttpsOnlyStatus();
|
2020-09-25 14:23:56 +03:00
|
|
|
if (TestIfPrincipalIsExempt(principal)) {
|
2020-08-10 11:51:44 +03:00
|
|
|
httpsOnlyStatus |= nsILoadInfo::HTTPS_ONLY_EXEMPT;
|
|
|
|
} else {
|
|
|
|
httpsOnlyStatus &= ~nsILoadInfo::HTTPS_ONLY_EXEMPT;
|
|
|
|
}
|
|
|
|
loadInfo->SetHttpsOnlyStatus(httpsOnlyStatus);
|
2020-07-08 15:06:02 +03:00
|
|
|
}
|
|
|
|
|
2020-08-17 19:35:09 +03:00
|
|
|
/* static */
|
|
|
|
bool nsHTTPSOnlyUtils::IsSafeToAcceptCORSOrMixedContent(
|
|
|
|
nsILoadInfo* aLoadInfo) {
|
|
|
|
// Check if the request is exempt from upgrades
|
|
|
|
if ((aLoadInfo->GetHttpsOnlyStatus() & nsILoadInfo::HTTPS_ONLY_EXEMPT)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
// Check if HTTPS-Only Mode is enabled for this request
|
|
|
|
bool isPrivateWin = aLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
|
|
|
|
return nsHTTPSOnlyUtils::IsHttpsOnlyModeEnabled(isPrivateWin);
|
|
|
|
}
|
|
|
|
|
2021-04-13 20:43:12 +03:00
|
|
|
/* static */
|
|
|
|
bool nsHTTPSOnlyUtils::HttpsUpgradeUnrelatedErrorCode(nsresult aError) {
|
|
|
|
return NS_ERROR_UNKNOWN_PROTOCOL == aError ||
|
|
|
|
NS_ERROR_FILE_NOT_FOUND == aError ||
|
|
|
|
NS_ERROR_FILE_ACCESS_DENIED == aError ||
|
|
|
|
NS_ERROR_UNKNOWN_HOST == aError || NS_ERROR_PHISHING_URI == aError ||
|
|
|
|
NS_ERROR_MALWARE_URI == aError || NS_ERROR_UNWANTED_URI == aError ||
|
|
|
|
NS_ERROR_HARMFUL_URI == aError || NS_ERROR_CONTENT_CRASHED == aError ||
|
|
|
|
NS_ERROR_FRAME_CRASHED == aError;
|
|
|
|
}
|
|
|
|
|
2020-04-29 18:52:19 +03:00
|
|
|
/* ------ Logging ------ */
|
2020-03-17 22:24:31 +03:00
|
|
|
|
|
|
|
/* static */
|
2020-08-14 03:22:59 +03:00
|
|
|
void nsHTTPSOnlyUtils::LogLocalizedString(const char* aName,
|
|
|
|
const nsTArray<nsString>& aParams,
|
|
|
|
uint32_t aFlags,
|
2021-04-13 20:43:12 +03:00
|
|
|
nsILoadInfo* aLoadInfo, nsIURI* aURI,
|
|
|
|
bool aUseHttpsFirst) {
|
2020-03-17 22:24:31 +03:00
|
|
|
nsAutoString logMsg;
|
|
|
|
nsContentUtils::FormatLocalizedString(nsContentUtils::eSECURITY_PROPERTIES,
|
|
|
|
aName, aParams, logMsg);
|
2021-04-13 20:43:12 +03:00
|
|
|
LogMessage(logMsg, aFlags, aLoadInfo, aURI, aUseHttpsFirst);
|
2020-03-17 22:24:31 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/* static */
|
|
|
|
void nsHTTPSOnlyUtils::LogMessage(const nsAString& aMessage, uint32_t aFlags,
|
2021-04-13 20:43:12 +03:00
|
|
|
nsILoadInfo* aLoadInfo, nsIURI* aURI,
|
|
|
|
bool aUseHttpsFirst) {
|
2020-08-14 03:22:59 +03:00
|
|
|
// do not log to the console if the loadinfo says we should not!
|
|
|
|
uint32_t httpsOnlyStatus = aLoadInfo->GetHttpsOnlyStatus();
|
|
|
|
if (httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_DO_NOT_LOG_TO_CONSOLE) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2020-03-17 22:24:31 +03:00
|
|
|
// Prepending HTTPS-Only to the outgoing console message
|
|
|
|
nsString message;
|
2021-04-13 20:43:12 +03:00
|
|
|
message.Append(aUseHttpsFirst ? u"HTTPS-First Mode: "_ns
|
|
|
|
: u"HTTPS-Only Mode: "_ns);
|
2020-03-17 22:24:31 +03:00
|
|
|
message.Append(aMessage);
|
|
|
|
|
|
|
|
// Allow for easy distinction in devtools code.
|
2021-04-13 20:43:12 +03:00
|
|
|
nsCString category(aUseHttpsFirst ? "HTTPSFirst" : "HTTPSOnly");
|
2020-03-17 22:24:31 +03:00
|
|
|
|
2020-08-14 03:22:59 +03:00
|
|
|
uint32_t innerWindowId = aLoadInfo->GetInnerWindowID();
|
|
|
|
if (innerWindowId > 0) {
|
2020-03-17 22:24:31 +03:00
|
|
|
// Send to content console
|
|
|
|
nsContentUtils::ReportToConsoleByWindowID(message, aFlags, category,
|
2020-08-14 03:22:59 +03:00
|
|
|
innerWindowId, aURI);
|
2020-03-17 22:24:31 +03:00
|
|
|
} else {
|
|
|
|
// Send to browser console
|
2020-08-14 03:22:59 +03:00
|
|
|
bool isPrivateWin = aLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
|
|
|
|
nsContentUtils::LogSimpleConsoleError(message, category.get(), isPrivateWin,
|
|
|
|
true /* from chrome context */,
|
|
|
|
aFlags);
|
2020-03-17 22:24:31 +03:00
|
|
|
}
|
|
|
|
}
|
2020-04-29 18:52:19 +03:00
|
|
|
|
|
|
|
/* ------ Exceptions ------ */
|
|
|
|
|
|
|
|
/* static */
|
|
|
|
bool nsHTTPSOnlyUtils::OnionException(nsIURI* aURI) {
|
|
|
|
// Onion-host exception can get disabled with a pref
|
|
|
|
if (mozilla::StaticPrefs::dom_security_https_only_mode_upgrade_onion()) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
nsAutoCString host;
|
|
|
|
aURI->GetHost(host);
|
|
|
|
return StringEndsWith(host, ".onion"_ns);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* static */
|
|
|
|
bool nsHTTPSOnlyUtils::LoopbackOrLocalException(nsIURI* aURI) {
|
|
|
|
nsAutoCString asciiHost;
|
|
|
|
nsresult rv = aURI->GetAsciiHost(asciiHost);
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
|
2020-08-05 18:18:01 +03:00
|
|
|
// Let's make a quick check if the host matches these loopback strings
|
|
|
|
// before we do anything else
|
2020-04-29 18:52:19 +03:00
|
|
|
if (asciiHost.EqualsLiteral("localhost") || asciiHost.EqualsLiteral("::1")) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2021-05-10 12:26:01 +03:00
|
|
|
mozilla::net::NetAddr addr;
|
|
|
|
if (NS_FAILED(addr.InitFromString(asciiHost))) {
|
2020-04-29 18:52:19 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
// Loopback IPs are always exempt
|
2020-09-15 13:39:56 +03:00
|
|
|
if (addr.IsLoopbackAddr()) {
|
2020-04-29 18:52:19 +03:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Local IP exception can get disabled with a pref
|
|
|
|
bool upgradeLocal =
|
|
|
|
mozilla::StaticPrefs::dom_security_https_only_mode_upgrade_local();
|
2020-09-15 13:39:56 +03:00
|
|
|
return (!upgradeLocal && addr.IsIPAddrLocal());
|
2020-04-29 18:52:19 +03:00
|
|
|
}
|
2020-08-12 15:57:22 +03:00
|
|
|
|
2021-03-29 15:56:33 +03:00
|
|
|
/* static */
|
|
|
|
bool nsHTTPSOnlyUtils::IsEqualURIExceptSchemeAndRef(nsIURI* aHTTPSSchemeURI,
|
|
|
|
nsIURI* aOtherURI,
|
|
|
|
nsILoadInfo* aLoadInfo) {
|
|
|
|
// 1. Check if one of parameters is null then webpage can't be loaded yet
|
|
|
|
// and no further inspections are needed
|
|
|
|
if (!aHTTPSSchemeURI || !aOtherURI || !aLoadInfo) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// 2. If the URI to be loaded is not http, then same origin will be detected
|
|
|
|
// already
|
|
|
|
if (!mozilla::net::SchemeIsHTTP(aOtherURI)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// 3. Check if the HTTPS-Only Mode is even enabled, before we do anything else
|
|
|
|
bool isPrivateWin = aLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
|
2021-05-10 20:20:28 +03:00
|
|
|
if (!IsHttpsOnlyModeEnabled(isPrivateWin) &&
|
|
|
|
!IsHttpsFirstModeEnabled(isPrivateWin)) {
|
2021-03-29 15:56:33 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// 4. If the load is exempt, then it's defintely not related to https-only
|
|
|
|
uint32_t httpsOnlyStatus = aLoadInfo->GetHttpsOnlyStatus();
|
|
|
|
if (httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_EXEMPT) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// 5. Create a new target URI with 'https' instead of 'http' and compare it
|
|
|
|
// to the current URI
|
|
|
|
int32_t port = 0;
|
|
|
|
nsresult rv = aOtherURI->GetPort(&port);
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
// a port of -1 indicates the default port, hence we upgrade from port 80 to
|
|
|
|
// port 443
|
|
|
|
// otherwise we keep the port.
|
|
|
|
if (port == -1) {
|
|
|
|
port = NS_GetDefaultPort("https");
|
|
|
|
}
|
|
|
|
nsCOMPtr<nsIURI> newHTTPSchemeURI;
|
|
|
|
rv = NS_MutateURI(aOtherURI)
|
|
|
|
.SetScheme("https"_ns)
|
|
|
|
.SetPort(port)
|
|
|
|
.Finalize(newHTTPSchemeURI);
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
|
|
|
|
bool uriEquals = false;
|
|
|
|
if (NS_FAILED(
|
|
|
|
aHTTPSSchemeURI->EqualsExceptRef(newHTTPSchemeURI, &uriEquals))) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return uriEquals;
|
|
|
|
}
|
|
|
|
|
2020-08-12 15:57:22 +03:00
|
|
|
/////////////////////////////////////////////////////////////////////
|
|
|
|
// Implementation of TestHTTPAnswerRunnable
|
|
|
|
|
|
|
|
NS_IMPL_ISUPPORTS_INHERITED(TestHTTPAnswerRunnable, mozilla::Runnable,
|
|
|
|
nsIStreamListener, nsIInterfaceRequestor,
|
|
|
|
nsITimerCallback)
|
|
|
|
|
|
|
|
TestHTTPAnswerRunnable::TestHTTPAnswerRunnable(
|
|
|
|
nsIURI* aURI, mozilla::net::DocumentLoadListener* aDocumentLoadListener)
|
|
|
|
: mozilla::Runnable("TestHTTPAnswerRunnable"),
|
|
|
|
mURI(aURI),
|
|
|
|
mDocumentLoadListener(aDocumentLoadListener) {}
|
|
|
|
|
2021-04-26 14:45:20 +03:00
|
|
|
/* static */
|
|
|
|
bool TestHTTPAnswerRunnable::IsBackgroundRequestRedirected(
|
|
|
|
nsIHttpChannel* aChannel) {
|
2021-05-11 15:27:51 +03:00
|
|
|
// If there is no background request (aChannel), then there is nothing
|
|
|
|
// to do here.
|
|
|
|
if (!aChannel) {
|
|
|
|
return false;
|
|
|
|
}
|
2021-04-26 14:45:20 +03:00
|
|
|
// If the request was not redirected, then there is nothing to do here.
|
|
|
|
nsCOMPtr<nsILoadInfo> loadinfo = aChannel->LoadInfo();
|
|
|
|
if (loadinfo->RedirectChain().IsEmpty()) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the final URI is not targeting an https scheme, then we definitely not
|
|
|
|
// dealing with a 'same-origin' redirect.
|
|
|
|
nsCOMPtr<nsIURI> finalURI;
|
|
|
|
nsresult rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(finalURI));
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
if (!finalURI->SchemeIs("https")) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the background request was not http, then there is nothing to do here.
|
|
|
|
nsCOMPtr<nsIPrincipal> firstURIPrincipal;
|
|
|
|
loadinfo->RedirectChain()[0]->GetPrincipal(getter_AddRefs(firstURIPrincipal));
|
|
|
|
if (!firstURIPrincipal || !firstURIPrincipal->SchemeIs("http")) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// By now we have verified that the inital background request was http and
|
|
|
|
// that the redirected scheme is https. We want to find the following case
|
|
|
|
// where the background channel redirects to the https version of the
|
|
|
|
// top-level request.
|
|
|
|
// --> background channel: http://example.com
|
|
|
|
// |--> redirects to: https://example.com
|
|
|
|
// Now we have to check that the hosts are 'same-origin'.
|
|
|
|
nsAutoCString redirectHost;
|
|
|
|
nsAutoCString finalHost;
|
|
|
|
firstURIPrincipal->GetAsciiHost(redirectHost);
|
|
|
|
finalURI->GetAsciiHost(finalHost);
|
|
|
|
return finalHost.Equals(redirectHost);
|
|
|
|
}
|
|
|
|
|
2020-08-12 15:57:22 +03:00
|
|
|
NS_IMETHODIMP
|
|
|
|
TestHTTPAnswerRunnable::OnStartRequest(nsIRequest* aRequest) {
|
|
|
|
// If the request status is not OK, it means it encountered some
|
|
|
|
// kind of error in which case we do not want to do anything.
|
|
|
|
nsresult requestStatus;
|
|
|
|
aRequest->GetStatus(&requestStatus);
|
|
|
|
if (requestStatus != NS_OK) {
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check if the original top-level channel which https-only is trying
|
2020-10-13 17:06:28 +03:00
|
|
|
// to upgrade is already in progress or if the channel is an auth channel.
|
|
|
|
// If it is in progress or Auth is in progress, then all good, if not
|
2020-08-12 15:57:22 +03:00
|
|
|
// then let's cancel that channel so we can dispaly the exception page.
|
2020-10-19 12:05:12 +03:00
|
|
|
nsCOMPtr<nsIChannel> docChannel = mDocumentLoadListener->GetChannel();
|
|
|
|
nsCOMPtr<nsIHttpChannel> httpsOnlyChannel = do_QueryInterface(docChannel);
|
2020-08-12 15:57:22 +03:00
|
|
|
if (httpsOnlyChannel) {
|
|
|
|
nsCOMPtr<nsILoadInfo> loadInfo = httpsOnlyChannel->LoadInfo();
|
2020-10-13 17:06:28 +03:00
|
|
|
uint32_t topLevelLoadInProgress =
|
|
|
|
loadInfo->GetHttpsOnlyStatus() &
|
|
|
|
nsILoadInfo::HTTPS_ONLY_TOP_LEVEL_LOAD_IN_PROGRESS;
|
|
|
|
|
|
|
|
nsCOMPtr<nsIHttpChannelInternal> httpChannelInternal =
|
|
|
|
do_QueryInterface(httpsOnlyChannel);
|
|
|
|
bool isAuthChannel = false;
|
2020-11-10 00:03:52 +03:00
|
|
|
mozilla::Unused << httpChannelInternal->GetIsAuthChannel(&isAuthChannel);
|
2021-04-26 14:45:20 +03:00
|
|
|
// some server configurations need a long time to respond to an https
|
|
|
|
// connection, but also redirect any http connection to the https version of
|
|
|
|
// it. If the top-level load has not started yet, but the http background
|
|
|
|
// request redirects to https, then do not show the error page, but keep
|
|
|
|
// waiting for the https response of the upgraded top-level request.
|
|
|
|
if (!topLevelLoadInProgress) {
|
|
|
|
nsCOMPtr<nsIHttpChannel> backgroundHttpChannel =
|
|
|
|
do_QueryInterface(aRequest);
|
|
|
|
topLevelLoadInProgress =
|
|
|
|
IsBackgroundRequestRedirected(backgroundHttpChannel);
|
|
|
|
}
|
2020-10-13 17:06:28 +03:00
|
|
|
if (!topLevelLoadInProgress && !isAuthChannel) {
|
2020-08-12 15:57:22 +03:00
|
|
|
// Only really cancel the original top-level channel if it's
|
|
|
|
// status is still NS_OK, otherwise it might have already
|
|
|
|
// encountered some other error and was cancelled.
|
|
|
|
nsresult httpsOnlyChannelStatus;
|
|
|
|
httpsOnlyChannel->GetStatus(&httpsOnlyChannelStatus);
|
|
|
|
if (httpsOnlyChannelStatus == NS_OK) {
|
2021-02-08 14:46:51 +03:00
|
|
|
httpsOnlyChannel->Cancel(NS_ERROR_NET_TIMEOUT_EXTERNAL);
|
2020-08-12 15:57:22 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Cancel this http request because it has reached the end of it's
|
|
|
|
// lifetime at this point.
|
|
|
|
aRequest->Cancel(NS_ERROR_ABORT);
|
|
|
|
return NS_ERROR_ABORT;
|
|
|
|
}
|
|
|
|
|
|
|
|
NS_IMETHODIMP
|
|
|
|
TestHTTPAnswerRunnable::OnDataAvailable(nsIRequest* aRequest,
|
|
|
|
nsIInputStream* aStream,
|
|
|
|
uint64_t aOffset, uint32_t aCount) {
|
|
|
|
// TestHTTPAnswerRunnable only cares about ::OnStartRequest which
|
|
|
|
// will also cancel the request, so we should in fact never even
|
|
|
|
// get here.
|
|
|
|
MOZ_ASSERT(false, "how come we get to ::OnDataAvailable");
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
NS_IMETHODIMP
|
|
|
|
TestHTTPAnswerRunnable::OnStopRequest(nsIRequest* aRequest,
|
|
|
|
nsresult aStatusCode) {
|
|
|
|
// TestHTTPAnswerRunnable only cares about ::OnStartRequest
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
NS_IMETHODIMP
|
|
|
|
TestHTTPAnswerRunnable::GetInterface(const nsIID& aIID, void** aResult) {
|
|
|
|
return QueryInterface(aIID, aResult);
|
|
|
|
}
|
|
|
|
|
|
|
|
NS_IMETHODIMP
|
|
|
|
TestHTTPAnswerRunnable::Run() {
|
|
|
|
// Wait N milliseconds to give the original https request a heads start
|
2021-06-23 14:46:50 +03:00
|
|
|
// before firing up this http request in the background. By default the
|
|
|
|
// timer is set to 3 seconds. If the https request has not received
|
|
|
|
// any signal from the server during that time, than it's almost
|
|
|
|
// certain the upgraded request will result in time out.
|
|
|
|
uint32_t background_timer_ms = mozilla::StaticPrefs::
|
|
|
|
dom_security_https_only_fire_http_request_background_timer_ms();
|
|
|
|
|
2020-08-12 15:57:22 +03:00
|
|
|
return NS_NewTimerWithCallback(getter_AddRefs(mTimer), this,
|
2021-06-23 14:46:50 +03:00
|
|
|
background_timer_ms, nsITimer::TYPE_ONE_SHOT);
|
2020-08-12 15:57:22 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
NS_IMETHODIMP
|
|
|
|
TestHTTPAnswerRunnable::Notify(nsITimer* aTimer) {
|
|
|
|
if (mTimer) {
|
|
|
|
mTimer->Cancel();
|
|
|
|
mTimer = nullptr;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the original channel has already started loading at this point
|
|
|
|
// then there is no need to do the dance.
|
|
|
|
nsCOMPtr<nsIChannel> origChannel = mDocumentLoadListener->GetChannel();
|
|
|
|
nsCOMPtr<nsILoadInfo> origLoadInfo = origChannel->LoadInfo();
|
|
|
|
uint32_t origHttpsOnlyStatus = origLoadInfo->GetHttpsOnlyStatus();
|
|
|
|
if ((origHttpsOnlyStatus &
|
|
|
|
nsILoadInfo::HTTPS_ONLY_TOP_LEVEL_LOAD_IN_PROGRESS)) {
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2020-10-06 03:34:55 +03:00
|
|
|
mozilla::OriginAttributes attrs = origLoadInfo->GetOriginAttributes();
|
2020-08-12 15:57:22 +03:00
|
|
|
RefPtr<nsIPrincipal> nullPrincipal =
|
|
|
|
mozilla::NullPrincipal::CreateWithInheritedAttributes(attrs);
|
|
|
|
|
|
|
|
uint32_t loadFlags =
|
|
|
|
nsIRequest::LOAD_ANONYMOUS | nsIRequest::INHIBIT_CACHING |
|
|
|
|
nsIRequest::INHIBIT_PERSISTENT_CACHING | nsIRequest::LOAD_BYPASS_CACHE |
|
|
|
|
nsIChannel::LOAD_BYPASS_SERVICE_WORKER;
|
|
|
|
|
2020-09-07 12:23:06 +03:00
|
|
|
// No need to connect to the URI including the path because we only care about
|
|
|
|
// the round trip time if a server responds to an http request.
|
|
|
|
nsCOMPtr<nsIURI> backgroundChannelURI;
|
|
|
|
nsAutoCString prePathStr;
|
|
|
|
nsresult rv = mURI->GetPrePath(prePathStr);
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
rv = NS_NewURI(getter_AddRefs(backgroundChannelURI), prePathStr);
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
2020-08-12 15:57:22 +03:00
|
|
|
// we are using TYPE_OTHER because TYPE_DOCUMENT might have side effects
|
|
|
|
nsCOMPtr<nsIChannel> testHTTPChannel;
|
2020-09-07 12:23:06 +03:00
|
|
|
rv = NS_NewChannel(getter_AddRefs(testHTTPChannel), backgroundChannelURI,
|
|
|
|
nullPrincipal,
|
|
|
|
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
|
|
|
nsIContentPolicy::TYPE_OTHER, nullptr, nullptr, nullptr,
|
|
|
|
nullptr, loadFlags);
|
2020-08-12 15:57:22 +03:00
|
|
|
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
// We have exempt that load from HTTPS-Only to avoid getting upgraded
|
2020-08-14 03:22:59 +03:00
|
|
|
// to https as well. Additonally let's not log that request to the console
|
|
|
|
// because it might confuse end users.
|
2020-08-12 15:57:22 +03:00
|
|
|
nsCOMPtr<nsILoadInfo> loadInfo = testHTTPChannel->LoadInfo();
|
|
|
|
uint32_t httpsOnlyStatus = loadInfo->GetHttpsOnlyStatus();
|
2020-08-14 03:22:59 +03:00
|
|
|
httpsOnlyStatus |= nsILoadInfo::HTTPS_ONLY_EXEMPT |
|
|
|
|
nsILoadInfo::HTTPS_ONLY_DO_NOT_LOG_TO_CONSOLE;
|
2020-08-12 15:57:22 +03:00
|
|
|
loadInfo->SetHttpsOnlyStatus(httpsOnlyStatus);
|
|
|
|
|
|
|
|
testHTTPChannel->SetNotificationCallbacks(this);
|
|
|
|
testHTTPChannel->AsyncOpen(this);
|
|
|
|
return NS_OK;
|
|
|
|
}
|