Backed out changeset 5a2241b01c82 (bug 1657583) for DocumentLoadListener.cpp related bustage CLOSED TREE

2020-08-07 14:58:47 +03:00 · 2020-08-07 14:58:47 +03:00 · 3bc4fa6d50
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@ -9183,6 +9183,23 @@ nsIPrincipal* nsDocShell::GetInheritedPrincipal(
    aLoadInfo->SetIsFormSubmission(true);
  }

+  // If the HTTPS-Only mode is enabled, every insecure request gets upgraded to
+  // HTTPS by default. This behavior can be disabled through the loadinfo flag
+  // HTTPS_ONLY_EXEMPT.
+  bool isPrivateWin = attrs.mPrivateBrowsingId > 0;
+  if (nsHTTPSOnlyUtils::IsHttpsOnlyModeEnabled(isPrivateWin)) {
+    // Let's create a new content principal based on the URI for the
+    // PermissionManager
+    nsCOMPtr<nsIPrincipal> permissionPrincipal =
+        BasePrincipal::CreateContentPrincipal(aLoadState->URI(), attrs);
+
+    if (nsHTTPSOnlyUtils::TestHttpsOnlySitePermission(permissionPrincipal)) {
+      uint32_t httpsOnlyStatus = aLoadInfo->GetHttpsOnlyStatus();
+      httpsOnlyStatus |= nsILoadInfo::HTTPS_ONLY_EXEMPT;
+      aLoadInfo->SetHttpsOnlyStatus(httpsOnlyStatus);
+    }
+  }
+
  nsCOMPtr<nsIChannel> channel;
  aRv = CreateRealChannelForDocument(getter_AddRefs(channel), aLoadState->URI(),
                                     aLoadInfo, aCallbacks, aLoadFlags, srcdoc,
@ -9193,11 +9210,6 @@ nsIPrincipal* nsDocShell::GetInheritedPrincipal(
    return false;
  }

-  // If the HTTPS-Only mode is enabled, every insecure request gets upgraded to
-  // HTTPS by default. This behavior can be disabled through the loadinfo flag
-  // HTTPS_ONLY_EXEMPT.
-  nsHTTPSOnlyUtils::TestSitePermissionAndPotentiallyAddExemption(channel);
-
  if (nsCOMPtr<nsIApplicationCacheChannel> appCacheChannel =
          do_QueryInterface(channel)) {
    // Any document load should not inherit application cache.
--- a/dom/security/nsHTTPSOnlyUtils.cpp
+++ b/dom/security/nsHTTPSOnlyUtils.cpp
@ -9,7 +9,6 @@
 #include "nsContentUtils.h"
 #include "nsHTTPSOnlyUtils.h"
 #include "nsIConsoleService.h"
-#include "nsIHttpChannel.h"
 #include "nsIHttpsOnlyModePermission.h"
 #include "nsIPermissionManager.h"
 #include "nsIScriptError.h"
@ -165,57 +164,23 @@ bool nsHTTPSOnlyUtils::CouldBeHttpsOnlyError(nsIChannel* aChannel,
 }

 /* static */
-void nsHTTPSOnlyUtils::TestSitePermissionAndPotentiallyAddExemption(
-    nsIChannel* aChannel) {
-  NS_ENSURE_TRUE_VOID(aChannel);
-
-  // if https-only mode is not enabled, then there is nothing to do here.
-  nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
-  bool isPrivateWin = loadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
-  if (!IsHttpsOnlyModeEnabled(isPrivateWin)) {
-    return;
+bool nsHTTPSOnlyUtils::TestHttpsOnlySitePermission(nsIPrincipal* aPrincipal) {
+  if (!aPrincipal) {
+    // We always deny the permission if we don't have a principal.
+    return false;
  }

-  // if it's not a top-level or iframe load then there is nothing to here.
-  nsContentPolicyType type = loadInfo->GetExternalContentPolicyType();
-  if (type != nsIContentPolicy::TYPE_DOCUMENT &&
-      type != nsIContentPolicy::TYPE_SUBDOCUMENT) {
-    return;
-  }
-
-  // it it's not an http channel, then there is nothing to do here.
-  nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
-  if (!httpChannel) {
-    return;
-  }
-
-  nsCOMPtr<nsIPrincipal> principal;
-  nsresult rv = nsContentUtils::GetSecurityManager()->GetChannelResultPrincipal(
-      aChannel, getter_AddRefs(principal));
-  NS_ENSURE_SUCCESS_VOID(rv);
-
  nsCOMPtr<nsIPermissionManager> permMgr =
      mozilla::services::GetPermissionManager();
-  NS_ENSURE_TRUE_VOID(permMgr);
+  NS_ENSURE_TRUE(permMgr, false);

  uint32_t perm;
-  rv = permMgr->TestExactPermissionFromPrincipal(
-      principal, "https-only-load-insecure"_ns, &perm);
-  NS_ENSURE_SUCCESS_VOID(rv);
+  nsresult rv = permMgr->TestExactPermissionFromPrincipal(
+      aPrincipal, "https-only-load-insecure"_ns, &perm);
+  NS_ENSURE_SUCCESS(rv, false);

-  bool isHttpsOnlyExempt =
-      perm == nsIHttpsOnlyModePermission::LOAD_INSECURE_ALLOW ||
-      perm == nsIHttpsOnlyModePermission::LOAD_INSECURE_ALLOW_SESSION;
-
-  // We explicitly add or also remove the exemption flag, because this
-  // function is also consulted after redirects.
-  uint32_t httpsOnlyStatus = loadInfo->GetHttpsOnlyStatus();
-  if (isHttpsOnlyExempt) {
-    httpsOnlyStatus |= nsILoadInfo::HTTPS_ONLY_EXEMPT;
-  } else {
-    httpsOnlyStatus &= ~nsILoadInfo::HTTPS_ONLY_EXEMPT;
-  }
-  loadInfo->SetHttpsOnlyStatus(httpsOnlyStatus);
+  return perm == nsIHttpsOnlyModePermission::LOAD_INSECURE_ALLOW ||
+         perm == nsIHttpsOnlyModePermission::LOAD_INSECURE_ALLOW_SESSION;
 }

 /* ------ Logging ------ */
--- a/dom/security/nsHTTPSOnlyUtils.h
+++ b/dom/security/nsHTTPSOnlyUtils.h
@ -66,12 +66,11 @@ class nsHTTPSOnlyUtils {
                                 nsIURI* aURI = nullptr);

  /**
-   * Tests if the HTTPS-Only Mode upgrade exception is set for a given channel.
-   * Note: This function only adds an exemption for loads of TYPE_DOCUMENT.
-   * @param  aChannel The channel to be checked
+   * Tests is the HTTPS-Only Mode upgrade exception is set for a given principal
+   * @param  aPrincipal Principal to check permission for
+   * @return            true if exempt from upgrade
   */
-  static void TestSitePermissionAndPotentiallyAddExemption(
-      nsIChannel* aChannel);
+  static bool TestHttpsOnlySitePermission(nsIPrincipal* aPrincipal);

 private:
  /**
--- a/netwerk/ipc/DocumentLoadListener.cpp
+++ b/netwerk/ipc/DocumentLoadListener.cpp
@ -21,6 +21,7 @@
 #include "mozilla/dom/ClientChannelHelper.h"
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/dom/ContentProcessManager.h"
+#include "mozilla/dom/nsHTTPSOnlyUtils.h"
 #include "mozilla/dom/SessionHistoryEntry.h"
 #include "mozilla/dom/WindowGlobalParent.h"
 #include "mozilla/dom/ipc/IdType.h"
@ -2274,7 +2275,33 @@ DocumentLoadListener::AsyncOnChannelRedirect(

  // If HTTPS-Only mode is enabled, we need to check whether the exception-flag
  // needs to be removed or set, by asking the PermissionManager.
-  nsHTTPSOnlyUtils::TestSitePermissionAndPotentiallyAddExemption(mChannel);
+  RefPtr<CanonicalBrowsingContext> bc =
+      mParentChannelListener->GetBrowsingContext();
+  nsCOMPtr<nsILoadInfo> channelLoadInfo = mChannel->LoadInfo();
+  bool isPrivateWin =
+      channelLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
+  if (nsHTTPSOnlyUtils::IsHttpsOnlyModeEnabled(isPrivateWin) && bc &&
+      bc->IsTop()) {
+    bool isHttpsOnlyExempt = false;
+    if (httpChannel) {
+      nsCOMPtr<nsIPrincipal> resultPrincipal;
+      nsresult rv =
+          nsContentUtils::GetSecurityManager()->GetChannelResultPrincipal(
+              mChannel, getter_AddRefs(resultPrincipal));
+      if (NS_SUCCEEDED(rv)) {
+        isHttpsOnlyExempt =
+            nsHTTPSOnlyUtils::TestHttpsOnlySitePermission(resultPrincipal);
+      }
+    }
+
+    uint32_t httpsOnlyStatus = channelLoadInfo->GetHttpsOnlyStatus();
+    if (isHttpsOnlyExempt) {
+      httpsOnlyStatus |= nsILoadInfo::HTTPS_ONLY_EXEMPT;
+    } else {
+      httpsOnlyStatus &= ~nsILoadInfo::HTTPS_ONLY_EXEMPT;
+    }
+    channelLoadInfo->SetHttpsOnlyStatus(httpsOnlyStatus);
+  }

  // We don't need to confirm internal redirects or record any
  // history for them, so just immediately verify and return.