mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Backed out changeset dbffee5cbf0d (bug 1722489) for failures on browser_iframe_test.js. CLOSED TREE

This commit is contained in:
Csoregi Natalia 2021-10-06 00:34:43 +03:00
Родитель a637fc38f5
Коммит 21bae7d190
4 изменённых файлов: 126 добавлений и 257 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
dom/security/test/https-only/browser.ini
Просмотреть файл

@ -20,6 +20,3 @@ support-files =
[browser_user_gesture.js] [browser_user_gesture.js]
support-files = support-files =
file_user_gesture.html file_user_gesture.html
[browser_hsts_host.js]
support-files =
hsts_headers.sjs

88
dom/security/test/https-only/browser_hsts_host.js
Просмотреть файл

@ -1,88 +0,0 @@
// Bug 1722489 - HTTPS-Only Mode - Tests evaluation order
// https://bugzilla.mozilla.org/show_bug.cgi?id=1722489
// This test ensures that an http request to an hsts host
// gets upgraded by hsts and not by https-only.
"use strict";
// Test Cases
// description: Description of what the tests expects.
let tests = [
{
description: "Top-Level upgrade shouldn't get logged",
},
];
let readMessage = false;
function observer(subject, topic, state) {
info("observer called with " + topic);
if (topic == "http-on-examine-response") {
onExamineResponse(subject);
}
}
function onExamineResponse(subject) {
let channel = subject.QueryInterface(Ci.nsIHttpChannel);
info("onExamineResponse with " + channel.URI.spec);
try {
let hsts = channel.getResponseHeader("Strict-Transport-Security");
let csp = channel.getResponseHeader("Content-Security-Policy");
// Check that HSTS and CSP upgrade headers are set
is(hsts, "max-age=300", "HSTS header is set");
is(csp, "upgrade-insecure-requests", "CSP header is set");
} catch (e) {
ok(false, "No header set");
}
readMessage = true;
}
// Visit a secure site that sends an HSTS header to set up the rest of the
// test.
add_task(async function see_hsts_header() {
let setHstsUrl =
getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://example.com"
) + "hsts_headers.sjs";
Services.obs.addObserver(observer, "http-on-examine-response");
await BrowserTestUtils.loadURI(gBrowser.selectedBrowser, setHstsUrl);
await BrowserTestUtils.waitForCondition(() => readMessage);
// Clean up
Services.obs.removeObserver(observer, "http-on-examine-response");
});
// Test that HTTPS_Only is not performed if HSTS host is visited.
add_task(async function() {
// A longer timeout is necessary for this test than the plain mochitests
// due to opening a new tab with the web console.
requestLongerTimeout(4);
// Enable HTTPS-Only Mode and register console-listener
await SpecialPowers.pushPrefEnv({
set: [["dom.security.https_only_mode", true]],
});
Services.console.registerListener(on_new_message);
const RESOURCE_LINK =
getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"http://example.com"
) + "hsts_headers.sjs";
// 1. Upgrade page to https://
await BrowserTestUtils.loadURI(gBrowser.selectedBrowser, RESOURCE_LINK);
await BrowserTestUtils.waitForCondition(() => tests.length === 0);
// Clean up
Services.console.unregisterListener(on_new_message);
});
function on_new_message(msgObj) {
const message = msgObj.message;
// ensure that request is not upgraded HTTPS-Only.
if (message.includes("Upgrading insecure request")) {
ok(false, tests[0].description);
tests.splice(0, 1);
} else if (gBrowser.selectedBrowser.currentURI.scheme === "https") {
ok(true, tests[0].description);
tests.splice(0, 1);
}
}

17
dom/security/test/https-only/hsts_headers.sjs
Просмотреть файл

@ -1,17 +0,0 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
function handleRequest(request, response) {
let hstsHeader = "max-age=300";
response.setHeader("Strict-Transport-Security", hstsHeader);
response.setHeader("Cache-Control", "no-cache", false);
response.setHeader("Content-Type", "text/html", false);
// Set header for csp upgrade
response.setHeader(
"Content-Security-Policy",
"upgrade-insecure-requests",
false
);
response.setStatusLine(request.httpVersion, 200);
response.write("<!DOCTYPE html><html><body><h1>Ok!</h1></body></html>");
}

269
netwerk/base/nsNetUtil.cpp
Просмотреть файл

@ -2867,7 +2867,7 @@ bool NS_IsSrcdocChannel(nsIChannel* aChannel) {
return false; return false;
} }
// helper function for NS_ShouldSecureUpgrade for checking HSTS // helper function for NS_ShouldHSTSUpgrade
bool handleResultFunc(bool aAllowSTS, bool aIsStsHost, uint32_t aHstsSource) { bool handleResultFunc(bool aAllowSTS, bool aIsStsHost, uint32_t aHstsSource) {
if (aIsStsHost) { if (aIsStsHost) {
LOG(("nsHttpChannel::Connect() STS permissions found\n")); LOG(("nsHttpChannel::Connect() STS permissions found\n"));
@ -2897,82 +2897,75 @@ bool handleResultFunc(bool aAllowSTS, bool aIsStsHost, uint32_t aHstsSource) {
} }
return false; return false;
}; };
// That function is a helper function of NS_ShouldSecureUpgrade to check if
// CSP upgrade-insecure-requests, Mixed content auto upgrading or HTTPs-Only/-
// First should upgrade the given request.
static bool ShouldSecureUpgradeNoHSTS(nsIURI* aURI, nsILoadInfo* aLoadInfo) {
// 2. CSP upgrade-insecure-requests
if (aLoadInfo->GetUpgradeInsecureRequests()) {
// let's log a message to the console that we are upgrading a request
nsAutoCString scheme;
aURI->GetScheme(scheme);
// append the additional 's' for security to the scheme :-)
scheme.AppendLiteral("s");
NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault());
NS_ConvertUTF8toUTF16 reportScheme(scheme);
AutoTArray<nsString, 2> params = {reportSpec, reportScheme};
uint32_t innerWindowId = aLoadInfo->GetInnerWindowID();
CSP_LogLocalizedStr("upgradeInsecureRequest", params,
u""_ns, // aSourceFile
u""_ns, // aScriptSample
0, // aLineNumber
0, // aColumnNumber
nsIScriptError::warningFlag,
"upgradeInsecureRequest"_ns, innerWindowId,
!!aLoadInfo->GetOriginAttributes().mPrivateBrowsingId);
Telemetry::AccumulateCategorical(
Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::CSP);
return true;
}
// 3. Mixed content auto upgrading
if (aLoadInfo->GetBrowserUpgradeInsecureRequests()) {
// let's log a message to the console that we are upgrading a request
nsAutoCString scheme;
aURI->GetScheme(scheme);
// append the additional 's' for security to the scheme :-)
scheme.AppendLiteral("s");
NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault());
NS_ConvertUTF8toUTF16 reportScheme(scheme);
AutoTArray<nsString, 2> params = {reportSpec, reportScheme};
nsAutoString localizedMsg; nsresult NS_ShouldHSTSUpgrade(
nsContentUtils::FormatLocalizedString(nsContentUtils::eSECURITY_PROPERTIES, nsIURI* aURI, bool aPrivateBrowsing, bool aAllowSTS,
"MixedContentAutoUpgrade", params, const mozilla::OriginAttributes& aOriginAttributes, bool& aShouldUpgrade,
localizedMsg); std::function<void(bool, nsresult)>&& aResultCallback,
bool& aWillCallback) {
MOZ_ASSERT(XRE_IsParentProcess());
MOZ_ASSERT(!aURI->SchemeIs("https"));
// Prepending ixed Content to the outgoing console message // enforce Strict-Transport-Security
nsString message; nsISiteSecurityService* sss = gHttpHandler->GetSSService();
message.AppendLiteral(u"Mixed Content: "); NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
message.Append(localizedMsg);
uint32_t innerWindowId = aLoadInfo->GetInnerWindowID(); bool isStsHost = false;
nsContentUtils::ReportToConsoleByWindowID( uint32_t hstsSource = 0;
message, nsIScriptError::warningFlag, "Mixed Content Message"_ns, uint32_t flags =
innerWindowId, aURI); aPrivateBrowsing ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
// Set this flag so we know we'll upgrade because of // Calling |IsSecureURI| before the storage is ready to read will
// 'security.mixed_content.upgrade_display_content'. // block the main thread. Once the storage is ready, we can call it
aLoadInfo->SetBrowserDidUpgradeInsecureRequests(true); // from main thread.
Telemetry::AccumulateCategorical( static Atomic<bool, Relaxed> storageReady(false);
Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::BrowserDisplay); if (!storageReady && gSocketTransportService && aResultCallback) {
nsCOMPtr<nsIURI> uri = aURI;
nsCOMPtr<nsISiteSecurityService> service = sss;
nsresult rv = gSocketTransportService->Dispatch(
NS_NewRunnableFunction(
"net::NS_ShouldSecureUpgrade",
[service{std::move(service)}, uri{std::move(uri)}, flags(flags),
originAttributes(aOriginAttributes),
handleResultFunc{std::move(handleResultFunc)},
resultCallback{std::move(aResultCallback)},
allowSTS{std::move(aAllowSTS)}]() mutable {
uint32_t hstsSource = 0;
bool isStsHost = false;
nsresult rv =
service->IsSecureURI(uri, flags, originAttributes, nullptr,
&hstsSource, &isStsHost);
return true; // Successfully get the result from |IsSecureURI| implies that
// the storage is ready to read.
storageReady = NS_SUCCEEDED(rv);
bool shouldUpgrade =
handleResultFunc(allowSTS, isStsHost, hstsSource);
NS_DispatchToMainThread(NS_NewRunnableFunction(
"net::NS_ShouldSecureUpgrade::ResultCallback",
[rv, shouldUpgrade,
resultCallback{std::move(resultCallback)}]() {
resultCallback(shouldUpgrade, rv);
}));
}),
NS_DISPATCH_NORMAL);
aWillCallback = NS_SUCCEEDED(rv);
return rv;
} }
// 4. Https-Only / -First nsresult rv = sss->IsSecureURI(aURI, flags, aOriginAttributes, nullptr,
if (nsHTTPSOnlyUtils::ShouldUpgradeRequest(aURI, aLoadInfo) || &hstsSource, &isStsHost);
nsHTTPSOnlyUtils::ShouldUpgradeHttpsFirstRequest(aURI, aLoadInfo)) {
return true; // if the SSS check fails, it's likely because this load is on a
} // malformed URI or something else in the setup is wrong, so any error
return false; // should be reported.
NS_ENSURE_SUCCESS(rv, rv);
aShouldUpgrade = handleResultFunc(aAllowSTS, isStsHost, hstsSource);
return NS_OK;
} }
// Check if channel should be upgraded. check in the following order:
// 1. HSTS
// 2. CSP upgrade-insecure-requests
// 3. Mixed content auto upgrading
// 4. Https-Only / first
// (5. Https RR - will be checked in nsHttpChannel)
nsresult NS_ShouldSecureUpgrade( nsresult NS_ShouldSecureUpgrade(
nsIURI* aURI, nsILoadInfo* aLoadInfo, nsIPrincipal* aChannelResultPrincipal, nsIURI* aURI, nsILoadInfo* aLoadInfo, nsIPrincipal* aChannelResultPrincipal,
bool aPrivateBrowsing, bool aAllowSTS, bool aPrivateBrowsing, bool aAllowSTS,
@ -2985,7 +2978,6 @@ nsresult NS_ShouldSecureUpgrade(
} }
aWillCallback = false; aWillCallback = false;
aShouldUpgrade = false;
// Even if we're in private browsing mode, we still enforce existing STS // Even if we're in private browsing mode, we still enforce existing STS
// data (it is read-only). // data (it is read-only).
@ -3006,92 +2998,77 @@ nsresult NS_ShouldSecureUpgrade(
aShouldUpgrade = false; aShouldUpgrade = false;
return NS_OK; return NS_OK;
} }
// If no loadInfo exist there is nothing to upgrade here. if (aLoadInfo) {
if (!aLoadInfo) { // Check if the request can get upgraded with the HTTPS-Only mode
aShouldUpgrade = false; if (nsHTTPSOnlyUtils::ShouldUpgradeRequest(aURI, aLoadInfo) ||
nsHTTPSOnlyUtils::ShouldUpgradeHttpsFirstRequest(aURI, aLoadInfo)) {
aShouldUpgrade = true;
return NS_OK; return NS_OK;
} }
MOZ_ASSERT(!aURI->SchemeIs("https"));
// enforce Strict-Transport-Security // If any of the documents up the chain to the root document makes use of
nsISiteSecurityService* sss = gHttpHandler->GetSSService(); // the CSP directive 'upgrade-insecure-requests', then it's time to
NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY); // fulfill the promise to CSP and mixed content blocking to upgrade the
// channel from http to https.
if (aLoadInfo->GetUpgradeInsecureRequests() ||
aLoadInfo->GetBrowserUpgradeInsecureRequests()) {
// let's log a message to the console that we are upgrading a request
nsAutoCString scheme;
aURI->GetScheme(scheme);
// append the additional 's' for security to the scheme :-)
scheme.AppendLiteral("s");
NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault());
NS_ConvertUTF8toUTF16 reportScheme(scheme);
bool isStsHost = false; if (aLoadInfo->GetUpgradeInsecureRequests()) {
uint32_t hstsSource = 0; AutoTArray<nsString, 2> params = {reportSpec, reportScheme};
uint32_t flags = uint32_t innerWindowId = aLoadInfo->GetInnerWindowID();
aPrivateBrowsing ? nsISocketProvider::NO_PERMANENT_STORAGE : 0; CSP_LogLocalizedStr(
// Calling |IsSecureURI| before the storage is ready to read will "upgradeInsecureRequest", params,
// block the main thread. Once the storage is ready, we can call it u""_ns, // aSourceFile
// from main thread. u""_ns, // aScriptSample
static Atomic<bool, Relaxed> storageReady(false); 0, // aLineNumber
if (!storageReady && gSocketTransportService && aResultCallback) { 0, // aColumnNumber
nsCOMPtr<nsILoadInfo> loadInfo = aLoadInfo; nsIScriptError::warningFlag, "upgradeInsecureRequest"_ns,
nsCOMPtr<nsIURI> uri = aURI; innerWindowId,
auto callbackWrapper = [resultCallback{std::move(aResultCallback)}, uri, !!aLoadInfo->GetOriginAttributes().mPrivateBrowsingId);
loadInfo](bool aShouldUpgrade, nsresult aStatus) { Telemetry::AccumulateCategorical(
MOZ_ASSERT(NS_IsMainThread()); Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::CSP);
} else {
AutoTArray<nsString, 2> params = {reportSpec, reportScheme};
// 1. HSTS upgrade nsAutoString localizedMsg;
if (aShouldUpgrade || NS_FAILED(aStatus)) { nsContentUtils::FormatLocalizedString(
resultCallback(aShouldUpgrade, aStatus); nsContentUtils::eSECURITY_PROPERTIES, "MixedContentAutoUpgrade",
return; params, localizedMsg);
}
// Check if we need to upgrade because of other reasons.
// 2. CSP upgrade-insecure-requests
// 3. Mixed content auto upgrading
// 4. Https-Only / first
bool shouldUpgrade = ShouldSecureUpgradeNoHSTS(uri, loadInfo);
resultCallback(shouldUpgrade, aStatus);
};
nsCOMPtr<nsISiteSecurityService> service = sss;
nsresult rv = gSocketTransportService->Dispatch(
NS_NewRunnableFunction(
"net::NS_ShouldSecureUpgrade",
[service{std::move(service)}, uri{std::move(uri)}, flags(flags),
originAttributes(aOriginAttributes),
handleResultFunc{std::move(handleResultFunc)},
callbackWrapper{std::move(callbackWrapper)},
allowSTS{std::move(aAllowSTS)}]() mutable {
bool isStsHost = false;
uint32_t hstsSource = 0;
nsresult rv =
service->IsSecureURI(uri, flags, originAttributes, nullptr,
&hstsSource, &isStsHost);
// Successfully get the result from |IsSecureURI| implies that // Prepending ixed Content to the outgoing console message
// the storage is ready to read. nsString message;
storageReady = NS_SUCCEEDED(rv); message.AppendLiteral(u"Mixed Content: ");
bool shouldUpgrade = message.Append(localizedMsg);
handleResultFunc(allowSTS, isStsHost, hstsSource);
// Check if request should be upgraded. uint32_t innerWindowId = aLoadInfo->GetInnerWindowID();
NS_DispatchToMainThread(NS_NewRunnableFunction( nsContentUtils::ReportToConsoleByWindowID(
"net::NS_ShouldSecureUpgrade::ResultCallback", message, nsIScriptError::warningFlag, "Mixed Content Message"_ns,
[rv, shouldUpgrade, innerWindowId, aURI);
callbackWrapper{std::move(callbackWrapper)}]() {
callbackWrapper(shouldUpgrade, rv); // Set this flag so we know we'll upgrade because of
})); // 'security.mixed_content.upgrade_display_content'.
}), aLoadInfo->SetBrowserDidUpgradeInsecureRequests(true);
NS_DISPATCH_NORMAL); Telemetry::AccumulateCategorical(
aWillCallback = NS_SUCCEEDED(rv); Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::BrowserDisplay);
return rv;
} }
nsresult rv = sss->IsSecureURI(aURI, flags, aOriginAttributes, nullptr, aShouldUpgrade = true;
&hstsSource, &isStsHost); return NS_OK;
// if the SSS check fails, it's likely because this load is on a
// malformed URI or something else in the setup is wrong, so any error
// should be reported.
NS_ENSURE_SUCCESS(rv, rv);
aShouldUpgrade = handleResultFunc(aAllowSTS, isStsHost, hstsSource);
if (!aShouldUpgrade) {
// Check for CSP upgrade-insecure-requests, Mixed content auto upgrading
// and Https-Only / -First.
aShouldUpgrade = ShouldSecureUpgradeNoHSTS(aURI, aLoadInfo);
} }
return rv; // check if request can be upgraded by hsts
return NS_ShouldHSTSUpgrade(aURI, aPrivateBrowsing, aAllowSTS,
aOriginAttributes, aShouldUpgrade,
std::move(aResultCallback), aWillCallback);
}
aShouldUpgrade = false;
return NS_OK;
} }
nsresult NS_GetSecureUpgradedURI(nsIURI* aURI, nsIURI** aUpgradedURI) { nsresult NS_GetSecureUpgradedURI(nsIURI* aURI, nsIURI** aUpgradedURI) {