Bug 1655719 - Make Type:SaveAsDownload subject to mixedContentBlocking r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D85267
2020-07-30 12:26:49 +00:00 · 2020-07-30 12:26:49 +00:00 · 530412c9cf
--- a/dom/security/nsContentSecurityUtils.cpp
+++ b/dom/security/nsContentSecurityUtils.cpp
@ -1128,7 +1128,7 @@ bool nsContentSecurityUtils::IsDownloadAllowed(
  nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
      new LoadInfo(loadingPrincipal, loadInfo->TriggeringPrincipal(), nullptr,
                   nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
-                   nsIContentPolicy::TYPE_OTHER);
+                   nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD);

  int16_t decission = nsIContentPolicy::ACCEPT;
  nsMixedContentBlocker::ShouldLoad(false,  //  aHadInsecureImageRedirect
--- a/dom/security/nsMixedContentBlocker.cpp
+++ b/dom/security/nsMixedContentBlocker.cpp
@ -465,9 +465,6 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
  // properties as WebSockets w.r.t. mixed content. XHR's handling of redirects
  // amplifies these concerns.
  //
-  // TYPE_SAVEAS_DOWNLOAD: Save-link-as feature is used to download a resource
-  // without involving a docShell. This kind of loading must be always be
-  // allowed.

  static_assert(TYPE_DATAREQUEST == TYPE_XMLHTTPREQUEST,
                "TYPE_DATAREQUEST is not a synonym for "
@ -485,12 +482,20 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
      *aDecision = ACCEPT;
      return NS_OK;

-    // Creating insecure connections for a save-as link download is acceptable.
-    // This download is completely disconnected from the docShell, but still
-    // using the same loading principal.
+      // TYPE_SAVEAS_DOWNLOAD: Save-link-as feature is used to download a
+      // resource
+      // without involving a docShell. This kind of loading must be
+      // allowed, if not disabled in the preferences.
+      // Creating insecure connections for a save-as link download is
+      // acceptable. This download is completely disconnected from the docShell,
+      // but still using the same loading principal.
+
    case TYPE_SAVEAS_DOWNLOAD:
-      *aDecision = ACCEPT;
-      return NS_OK;
+      if (!StaticPrefs::dom_block_download_insecure()) {
+        *aDecision = ACCEPT;
+        return NS_OK;
+      }
+      break;

    // Static display content is considered moderate risk for mixed content so
    // these will be blocked according to the mixed display preference