Backed out changeset 16895673c015 (bug 1474842) for causing android geckoview failures. CLOSED TREE

2021-11-04 12:22:21 +02:00 · 2021-11-04 12:22:21 +02:00 · 6cb8e9938e
--- a/dom/security/nsMixedContentBlocker.cpp
+++ b/dom/security/nsMixedContentBlocker.cpp
@ -666,8 +666,8 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
    return NS_OK;
  }

-  // Check the parent scheme and window. If it is not an HTTPS page and not a
-  // secure context then mixed content restrictions do not apply.
+  // Check the parent scheme. If it is not an HTTPS page then mixed content
+  // restrictions do not apply.
  nsCOMPtr<nsIURI> innerRequestingLocation =
      NS_GetInnermostURI(requestingLocation);
  if (!innerRequestingLocation) {
@ -681,11 +681,7 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
  }

  bool parentIsHttps = innerRequestingLocation->SchemeIs("https");
-  bool parentIsSecureContext =
-      requestingWindow && requestingWindow->GetIsSecureContext();
-  // Extensions are exempt from mixed content restrictions.
-  bool parentIsExtension = innerRequestingLocation->SchemeIs("moz-extension");
-  if ((!parentIsHttps && !parentIsSecureContext) || parentIsExtension) {
+  if (!parentIsHttps) {
    *aDecision = ACCEPT;
    MOZ_LOG(sMCBLog, LogLevel::Verbose,
            ("  -> decision: Request will be allowed because the requesting "
--- a/dom/security/test/mixedcontentblocker/file_bug1474842.html
+++ b/dom/security/test/mixedcontentblocker/file_bug1474842.html
@ -1,10 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-  <meta charset="utf-8">
-  <script
-    onload="parent.postMessage({status:'loaded ' + document.URL}, '*')"
-    onerror="parent.postMessage({status:'blocked ' + document.URL}, '*')"
-    src="http://example.com/tests/dom/security/test/mixedcontentblocker/file_bug1474842.js"></script>
-</head>
-</html>
--- a/dom/security/test/mixedcontentblocker/file_bug1474842.js
+++ b/dom/security/test/mixedcontentblocker/file_bug1474842.js
@ -1 +0,0 @@
-console.log("i should not be loaded");
--- a/dom/security/test/mixedcontentblocker/mochitest.ini
+++ b/dom/security/test/mixedcontentblocker/mochitest.ini
@ -21,8 +21,6 @@ support-files =
  file_redirect.html
  file_redirect_handler.sjs
  file_bug1551886.html
-  file_bug1474842.html
-  file_bug1474842.js

 [test_main.html]
 skip-if =
@ -35,5 +33,3 @@ skip-if =
    webrender  # Bug 1424752
 [test_redirect.html]
 [test_bug1551886.html]
-[test_bug1474842.html]
-scheme = https
--- a/dom/security/test/mixedcontentblocker/test_bug1474842.html
+++ b/dom/security/test/mixedcontentblocker/test_bug1474842.html
@ -1,37 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-  <meta charset="utf-8">
-  <title>Bug 1474842: mixed content blocker bypass for localhost pages in iframe</title>
-  <script src="/tests/SimpleTest/SimpleTest.js"></script>
-  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
-
-  <script>
-    ok(window.isSecureContext, "top level should be a secure context");
-    SimpleTest.waitForExplicitFinish(); 
-    SpecialPowers.pushPrefEnv({set: [
-      ["security.mixed_content.block_active_content", true],
-      ["network.proxy.allow_hijacking_localhost", true],
-      ["network.proxy.testing_localhost_is_secure_when_hijacked", true],
-    ]}, () => {
-      info("security.mixed_content.upgrade_display_content " + SpecialPowers.getBoolPref("security.mixed_content.upgrade_display_content"));
-      info("security.mixed_content.block_display_content " + SpecialPowers.getBoolPref("security.mixed_content.block_display_content"));
-      info("security.mixed_content.block_active_content " + SpecialPowers.getBoolPref("security.mixed_content.block_active_content"));
-      info("security.mixed_content.block_object_subrequest " + SpecialPowers.getBoolPref("security.mixed_content.block_object_subrequest"));
-      window.addEventListener("message", function listener(event) {
-        if(!event.data.status) {
-          return;
-        }
-        ok(event.data.status.startsWith("blocked"), "http script loaded from http://localhost should be blocked");
-        window.removeEventListener("message", listener);
-        SimpleTest.finish();
-      });
-      let f = document.createElement("iframe");
-      f.src = "http://localhost/tests/dom/security/test/mixedcontentblocker/file_bug1474842.html";
-      document.body.appendChild(f);
-    }); 
-  </script>
-</head>
-
-<body></body>
-</html>
--- a/toolkit/components/extensions/test/xpcshell/data/file_do_load_script_subresource.html
+++ b/toolkit/components/extensions/test/xpcshell/data/file_do_load_script_subresource.html
@ -4,6 +4,6 @@
 <meta charset="utf-8">
 </head>
 <body>
-<script src="https://example.net/intercept_by_webRequest.js"></script>
+<script src="http://example.net/intercept_by_webRequest.js"></script>
 </body>
 </html>
--- a/toolkit/components/extensions/test/xpcshell/test_ext_file_access.js
+++ b/toolkit/components/extensions/test/xpcshell/test_ext_file_access.js
@ -165,7 +165,7 @@ add_task(async function webRequest_script_request_from_file_principals() {
            redirectUrl: `data:text/javascript,location.href='${redirectUrl}';`,
          };
        },
-        { urls: ["https://example.net/intercept_by_webRequest.js"] },
+        { urls: ["http://example.net/intercept_by_webRequest.js"] },
        ["blocking"]
      );
    },