Bug 1674343 - Check for secure context when deciding to intercept r=asuth,nika,ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D96179

dom/base/nsContentUtils.cpp

@@ -9068,8 +9068,9 @@ bool nsContentUtils::ComputeIsSecureContext(nsIChannel* aChannel) {
     return false;
   }
 
+  const RefPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
+
   if (principal->IsSystemPrincipal()) {
-    nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
     // If the load would've been sandboxed, treat this load as an untrusted
     // load, as system code considers sandboxed resources insecure.
     return !loadInfo->GetLoadingSandboxed();
@@ -9079,6 +9080,13 @@ bool nsContentUtils::ComputeIsSecureContext(nsIChannel* aChannel) {
     return false;
   }
 
+  if (const RefPtr<WindowContext> windowContext =
+          WindowContext::GetById(loadInfo->GetInnerWindowID())) {
+    if (!windowContext->GetIsSecureContext()) {
+      return false;
+    }
+  }
+
   return principal->GetIsOriginPotentiallyTrustworthy();
 }
 

dom/serviceworkers/ServiceWorkerInterceptController.cpp

@@ -76,6 +76,11 @@ ServiceWorkerInterceptController::ShouldPrepareForIntercept(
     return NS_OK;
   }
 
+  // Check if we're in a secure context
+  if (!nsContentUtils::ComputeIsSecureContext(aChannel)) {
+    return NS_OK;
+  }
+
   // Then check to see if we are allowed to control the window.
   // It is important to check for the availability of the service worker first
   // to avoid showing warnings about the use of third-party cookies in the UI