Bug 1634246 - Add option to disallow connections to localhost while in offline mode. r=necko-reviewers,valentin

Differential Revision: https://phabricator.services.mozilla.com/D116466

modules/libpref/init/StaticPrefList.yaml

@@ -9363,6 +9363,12 @@
   value: false
   mirror: always
 
+# If set to true, disallow localhost connections when offline.
+- name: network.disable-localhost-when-offline
+  type: RelaxedAtomicBool
+  value: false
+  mirror: always
+
 # Enables the predictive service.
 - name: network.predictor.enabled
   type: bool

netwerk/base/nsSocketTransport2.cpp

@@ -1204,7 +1204,9 @@ nsresult nsSocketTransport::InitiateSocket() {
     return NS_ERROR_ABORT;
   }
   if (gIOService->IsOffline()) {
-    if (!isLocal) return NS_ERROR_OFFLINE;
+    if (StaticPrefs::network_disable_localhost_when_offline() || !isLocal) {
+      return NS_ERROR_OFFLINE;
+    }
   } else if (!isLocal) {
 #ifdef DEBUG
     // all IP networking has to be done from the parent

netwerk/base/nsUDPSocket.cpp

@@ -31,6 +31,7 @@
 #include "nsICancelable.h"
 #include "nsWrapperCacheInlines.h"
 #include "HttpConnectionUDP.h"
+#include "mozilla/StaticPrefs_network.h"
 
 namespace mozilla {
 namespace net {
@@ -72,7 +73,9 @@ static nsresult CheckIOStatus(const NetAddr* aAddr) {
     return NS_ERROR_FAILURE;
   }
 
-  if (gIOService->IsOffline() && !aAddr->IsLoopbackAddr()) {
+  if (gIOService->IsOffline() &&
+      (StaticPrefs::network_disable_localhost_when_offline() ||
+       !aAddr->IsLoopbackAddr())) {
     return NS_ERROR_OFFLINE;
   }
 

netwerk/test/unit/test_localhost_offline.js

@@ -0,0 +1,59 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.import("resource://testing-common/httpd.js");
+var httpServer = null;
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE;
+  chan.loadFlags |= Ci.nsIRequest.INHIBIT_CACHING;
+  return chan;
+}
+
+function makeURL(host) {
+  return `http://${host}:${httpServer.identity.primaryPort}/`;
+}
+
+add_task(async function test_localhost_offline() {
+  Services.io.offline = true;
+  Services.prefs.setBoolPref("network.disable-localhost-when-offline", false);
+  let chan = makeChan(makeURL("127.0.0.1"));
+  await new Promise(resolve => {
+    chan.asyncOpen(new ChannelListener(resolve));
+  });
+
+  chan = makeChan(makeURL("localhost"));
+  await new Promise(resolve => {
+    chan.asyncOpen(new ChannelListener(resolve));
+  });
+
+  Services.prefs.setBoolPref("network.disable-localhost-when-offline", true);
+
+  chan = makeChan(makeURL("127.0.0.1"));
+  await new Promise(resolve => {
+    chan.asyncOpen(new ChannelListener(resolve, null, CL_EXPECT_FAILURE));
+  });
+  chan = makeChan(makeURL("localhost"));
+  await new Promise(resolve => {
+    chan.asyncOpen(new ChannelListener(resolve, null, CL_EXPECT_FAILURE));
+  });
+
+  Services.prefs.clearUserPref("network.disable-localhost-when-offline");
+  Services.io.offline = false;
+});
+
+function run_test() {
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/", response => {
+    response.seizePower();
+    response.write("HTTP/1.1 200 OK\r\n");
+    response.write("\r\n");
+    response.write("Hello, world!");
+    response.finish();
+  });
+  httpServer.start(-1);
+  run_next_test();
+}

netwerk/test/unit/test_udpsocket_offline.js

@@ -76,6 +76,23 @@ add_test(function test_ipv4_loopback() {
     Assert.ok(false, "unexpected exception: " + e);
   }
 
+  // Now with localhost connections disabled in offline mode.
+  Services.prefs.setBoolPref("network.disable-localhost-when-offline", true);
+  socket = Cc["@mozilla.org/network/udp-socket;1"].createInstance(
+    Ci.nsIUDPSocket
+  );
+
+  Assert.throws(() => {
+    socket.init2(
+      "127.0.0.1",
+      -1,
+      Services.scriptSecurityManager.getSystemPrincipal(),
+      true
+    );
+  }, /NS_ERROR_OFFLINE/);
+
+  Services.prefs.setBoolPref("network.disable-localhost-when-offline", false);
+
   run_next_test();
 });
 
@@ -95,14 +112,33 @@ add_test(function test_ipv6_loopback() {
     Assert.ok(false, "unexpected exception: " + e);
   }
 
+  // Now with localhost connections disabled in offline mode.
+  Services.prefs.setBoolPref("network.disable-localhost-when-offline", true);
+  socket = Cc["@mozilla.org/network/udp-socket;1"].createInstance(
+    Ci.nsIUDPSocket
+  );
+
+  Assert.throws(() => {
+    socket.init2(
+      "::1",
+      -1,
+      Services.scriptSecurityManager.getSystemPrincipal(),
+      true
+    );
+  }, /NS_ERROR_OFFLINE/);
+
+  Services.prefs.setBoolPref("network.disable-localhost-when-offline", false);
+
   run_next_test();
 });
 
 function run_test() {
   // jshint ignore:line
   Services.io.offline = true;
+  Services.prefs.setBoolPref("network.disable-localhost-when-offline", false);
   registerCleanupFunction(() => {
     Services.io.offline = false;
+    Services.prefs.clearUserPref("network.disable-localhost-when-offline");
   });
   run_next_test();
 }

netwerk/test/unit/xpcshell.ini

@@ -243,6 +243,7 @@ skip-if = (toolkit != 'gtk')
 [test_idna2008.js]
 [test_immutable.js]
 run-sequentially = node server exceptions dont replay well
+[test_localhost_offline.js]
 [test_localstreams.js]
 [test_large_port.js]
 [test_mismatch_last-modified.js]