Bug 846918: add hsts message queue to httpchannel. r=bsmith.

This commit is contained in:
Ivan Alagenchev 2013-07-26 08:37:03 -07:00
Родитель c130661158
Коммит 7931f44b23
4 изменённых файлов: 52 добавлений и 2 удалений

Просмотреть файл

@ -23,6 +23,7 @@
#include "nsILoadContext.h" #include "nsILoadContext.h"
#include "nsEscape.h" #include "nsEscape.h"
#include "nsStreamListenerWrapper.h" #include "nsStreamListenerWrapper.h"
#include "nsISecurityConsoleMessage.h"
#include "prnetdb.h" #include "prnetdb.h"
#include <algorithm> #include <algorithm>
@ -1301,6 +1302,38 @@ HttpBaseChannel::GetLocalAddress(nsACString& addr)
return NS_OK; return NS_OK;
} }
NS_IMETHODIMP
HttpBaseChannel::TakeAllSecurityMessages(
nsCOMArray<nsISecurityConsoleMessage> &aMessages)
{
aMessages.Clear();
aMessages.SwapElements(mSecurityConsoleMessages);
return NS_OK;
}
/* Please use this method with care. This can cause the message
* queue to grow large and cause the channel to take up a lot
* of memory. Use only static string messages and do not add
* server side data to the queue, as that can be large.
* Add only a limited number of messages to the queue to keep
* the channel size down and do so only in rare erroneous situations.
* More information can be found here:
* https://bugzilla.mozilla.org/show_bug.cgi?id=846918
*/
NS_IMETHODIMP
HttpBaseChannel::AddSecurityMessage(const nsAString &aMessageTag,
const nsAString &aMessageCategory)
{
nsresult rv;
nsCOMPtr<nsISecurityConsoleMessage> message =
do_CreateInstance(NS_SECURITY_CONSOLE_MESSAGE_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
message->SetTag(aMessageTag);
message->SetCategory(aMessageCategory);
mSecurityConsoleMessages.AppendElement(message);
return NS_OK;
}
NS_IMETHODIMP NS_IMETHODIMP
HttpBaseChannel::GetLocalPort(int32_t* port) HttpBaseChannel::GetLocalPort(int32_t* port)
{ {

Просмотреть файл

@ -33,6 +33,7 @@
#include "nsThreadUtils.h" #include "nsThreadUtils.h"
#include "PrivateBrowsingChannel.h" #include "PrivateBrowsingChannel.h"
#include "mozilla/net/DNS.h" #include "mozilla/net/DNS.h"
#include "nsISecurityConsoleMessage.h"
extern PRLogModuleInfo *gHttpLog; extern PRLogModuleInfo *gHttpLog;
@ -151,6 +152,8 @@ public:
NS_IMETHOD SetLoadAsBlocking(bool aLoadAsBlocking); NS_IMETHOD SetLoadAsBlocking(bool aLoadAsBlocking);
NS_IMETHOD GetLoadUnblocked(bool *aLoadUnblocked); NS_IMETHOD GetLoadUnblocked(bool *aLoadUnblocked);
NS_IMETHOD SetLoadUnblocked(bool aLoadUnblocked); NS_IMETHOD SetLoadUnblocked(bool aLoadUnblocked);
NS_IMETHOD AddSecurityMessage(const nsAString &aMessageTag, const nsAString &aMessageCategory);
NS_IMETHOD TakeAllSecurityMessages(nsCOMArray<nsISecurityConsoleMessage> &aMessages);
inline void CleanRedirectCacheChainIfNecessary() inline void CleanRedirectCacheChainIfNecessary()
{ {
@ -199,6 +202,7 @@ public:
public: /* Necko internal use only... */ public: /* Necko internal use only... */
protected: protected:
nsCOMArray<nsISecurityConsoleMessage> mSecurityConsoleMessages;
// Handle notifying listener, removing from loadgroup if request failed. // Handle notifying listener, removing from loadgroup if request failed.
void DoNotifyListener(); void DoNotifyListener();

Просмотреть файл

@ -45,9 +45,11 @@
#include "nsContentUtils.h" #include "nsContentUtils.h"
#include "nsIPermissionManager.h" #include "nsIPermissionManager.h"
#include "nsIPrincipal.h" #include "nsIPrincipal.h"
#include "nsISecurityConsoleMessage.h"
#include "nsIScriptSecurityManager.h" #include "nsIScriptSecurityManager.h"
#include "nsISSLStatus.h" #include "nsISSLStatus.h"
#include "nsISSLStatusProvider.h" #include "nsISSLStatusProvider.h"
#include "nsIDOMWindow.h"
namespace mozilla { namespace net { namespace mozilla { namespace net {
@ -1194,8 +1196,9 @@ nsHttpChannel::ProcessSTSHeader()
rv = stss->ProcessStsHeader(mURI, stsHeader.get(), flags, NULL, NULL); rv = stss->ProcessStsHeader(mURI, stsHeader.get(), flags, NULL, NULL);
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {
AddSecurityMessage(NS_LITERAL_STRING("InvalidSTSHeaders"),
NS_LITERAL_STRING("Invalid HSTS Headers"));
LOG(("STS: Failed to parse STS header, continuing load.\n")); LOG(("STS: Failed to parse STS header, continuing load.\n"));
return NS_OK;
} }
return NS_OK; return NS_OK;

Просмотреть файл

@ -7,15 +7,19 @@
%{C++ %{C++
#include "nsTArray.h" #include "nsTArray.h"
#include "nsCOMArray.h"
class nsCString; class nsCString;
%} %}
[ptr] native StringArray(nsTArray<nsCString>); [ptr] native StringArray(nsTArray<nsCString>);
[ref] native securityMessagesArray(nsCOMArray<nsISecurityConsoleMessage>);
interface nsISocketTransport; interface nsISocketTransport;
interface nsIAsyncInputStream; interface nsIAsyncInputStream;
interface nsIAsyncOutputStream; interface nsIAsyncOutputStream;
interface nsIURI; interface nsIURI;
interface nsIProxyInfo; interface nsIProxyInfo;
interface nsISecurityConsoleMessage;
/** /**
* The callback interface for nsIHttpChannelInternal::HTTPUpgrade() * The callback interface for nsIHttpChannelInternal::HTTPUpgrade()
@ -34,7 +38,7 @@ interface nsIHttpUpgradeListener : nsISupports
* using any feature exposed by this interface, be aware that this interface * using any feature exposed by this interface, be aware that this interface
* will change and you will be broken. You have been warned. * will change and you will be broken. You have been warned.
*/ */
[scriptable, uuid(2cd7f6a6-63f3-4bd6-a0f5-6e3d6dcff81b)] [scriptable, uuid(5b4b2632-cee4-11e2-8e84-c7506188709b)]
interface nsIHttpChannelInternal : nsISupports interface nsIHttpChannelInternal : nsISupports
{ {
/** /**
@ -52,6 +56,12 @@ interface nsIHttpChannelInternal : nsISupports
*/ */
void getResponseVersion(out unsigned long major, out unsigned long minor); void getResponseVersion(out unsigned long major, out unsigned long minor);
/*
* Retrieves all security messages from the security message queue
* and empties the queue after retrieval
*/
[noscript] void takeAllSecurityMessages(in securityMessagesArray aMessages);
/** /**
* Helper method to set a cookie with a consumer-provided * Helper method to set a cookie with a consumer-provided
* cookie header, _but_ using the channel's other information * cookie header, _but_ using the channel's other information