Bug 1666072 - Disable HSTS upgrade for captive portal channels r=Gijs

https://firefox.com/ sends `strict-transport-security:	max-age=31536000; includeSubDomains`
and http://firefox.com sends the `upgrade-insecure-requests: 1` header.

Combined, these cause the captive portal check to report a redirect, which
triggers the locked captive portal banner. The fix is to exclude the captive
portal channel from the upgrade.

Differential Revision: https://phabricator.services.mozilla.com/D97152

toolkit/components/captivedetect/CaptiveDetect.jsm

@@ -45,6 +45,11 @@ function URLFetcher(url, timeout) {
   // We don't want to follow _any_ redirects
   xhr.channel.QueryInterface(Ci.nsIHttpChannel).redirectionLimit = 0;
 
+  // bug 1666072 - firefox.com returns a HSTS header triggering a https upgrade
+  // but the upgrade triggers an internal redirect causing an incorrect locked
+  // portal notification. We exclude CP detection from STS.
+  xhr.channel.QueryInterface(Ci.nsIHttpChannel).allowSTS = false;
+
   // The Cache-Control header is only interpreted by proxies and the
   // final destination. It does not help if a resource is already
   // cached locally.