Bug 846918: add hsts message queue to httpchannel. r=bsmith.

netwerk/protocol/http/HttpBaseChannel.cpp

@@ -23,6 +23,7 @@
 #include "nsILoadContext.h"
 #include "nsEscape.h"
 #include "nsStreamListenerWrapper.h"
+#include "nsISecurityConsoleMessage.h"
 
 #include "prnetdb.h"
 #include <algorithm>
@@ -1301,6 +1302,38 @@ HttpBaseChannel::GetLocalAddress(nsACString& addr)
   return NS_OK;
 }
 
+NS_IMETHODIMP
+HttpBaseChannel::TakeAllSecurityMessages(
+    nsCOMArray<nsISecurityConsoleMessage> &aMessages)
+{
+  aMessages.Clear();
+  aMessages.SwapElements(mSecurityConsoleMessages);
+  return NS_OK;
+}
+
+/* Please use this method with care. This can cause the message
+ * queue to grow large and cause the channel to take up a lot
+ * of memory. Use only static string messages and do not add
+ * server side data to the queue, as that can be large.
+ * Add only a limited number of messages to the queue to keep
+ * the channel size down and do so only in rare erroneous situations.
+ * More information can be found here:
+ * https://bugzilla.mozilla.org/show_bug.cgi?id=846918
+ */
+NS_IMETHODIMP
+HttpBaseChannel::AddSecurityMessage(const nsAString &aMessageTag,
+    const nsAString &aMessageCategory)
+{
+  nsresult rv;
+  nsCOMPtr<nsISecurityConsoleMessage> message =
+    do_CreateInstance(NS_SECURITY_CONSOLE_MESSAGE_CONTRACTID, &rv);
+  NS_ENSURE_SUCCESS(rv, rv);
+  message->SetTag(aMessageTag);
+  message->SetCategory(aMessageCategory);
+  mSecurityConsoleMessages.AppendElement(message);
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 HttpBaseChannel::GetLocalPort(int32_t* port)
 {

netwerk/protocol/http/HttpBaseChannel.h

@@ -33,6 +33,7 @@
 #include "nsThreadUtils.h"
 #include "PrivateBrowsingChannel.h"
 #include "mozilla/net/DNS.h"
+#include "nsISecurityConsoleMessage.h"
 
 extern PRLogModuleInfo *gHttpLog;
 
@@ -151,6 +152,8 @@ public:
   NS_IMETHOD SetLoadAsBlocking(bool aLoadAsBlocking);
   NS_IMETHOD GetLoadUnblocked(bool *aLoadUnblocked);
   NS_IMETHOD SetLoadUnblocked(bool aLoadUnblocked);
+  NS_IMETHOD AddSecurityMessage(const nsAString &aMessageTag, const nsAString &aMessageCategory);
+  NS_IMETHOD TakeAllSecurityMessages(nsCOMArray<nsISecurityConsoleMessage> &aMessages);
 
   inline void CleanRedirectCacheChainIfNecessary()
   {
@@ -199,6 +202,7 @@ public:
 public: /* Necko internal use only... */
 
 protected:
+    nsCOMArray<nsISecurityConsoleMessage> mSecurityConsoleMessages;
 
   // Handle notifying listener, removing from loadgroup if request failed.
   void     DoNotifyListener();

netwerk/protocol/http/nsHttpChannel.cpp

@@ -45,9 +45,11 @@
 #include "nsContentUtils.h"
 #include "nsIPermissionManager.h"
 #include "nsIPrincipal.h"
+#include "nsISecurityConsoleMessage.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsISSLStatus.h"
 #include "nsISSLStatusProvider.h"
+#include "nsIDOMWindow.h"
 
 namespace mozilla { namespace net {
 
@@ -1194,8 +1196,9 @@ nsHttpChannel::ProcessSTSHeader()
 
     rv = stss->ProcessStsHeader(mURI, stsHeader.get(), flags, NULL, NULL);
     if (NS_FAILED(rv)) {
+        AddSecurityMessage(NS_LITERAL_STRING("InvalidSTSHeaders"),
+                NS_LITERAL_STRING("Invalid HSTS Headers"));
         LOG(("STS: Failed to parse STS header, continuing load.\n"));
-        return NS_OK;
     }
 
     return NS_OK;

netwerk/protocol/http/nsIHttpChannelInternal.idl

@@ -7,15 +7,19 @@
 
 %{C++
 #include "nsTArray.h"
+#include "nsCOMArray.h"
+
 class nsCString;
 %}
 [ptr] native StringArray(nsTArray<nsCString>);
+[ref] native securityMessagesArray(nsCOMArray<nsISecurityConsoleMessage>);
 
 interface nsISocketTransport;
 interface nsIAsyncInputStream;
 interface nsIAsyncOutputStream;
 interface nsIURI;
 interface nsIProxyInfo;
+interface nsISecurityConsoleMessage;
 
 /**
  * The callback interface for nsIHttpChannelInternal::HTTPUpgrade()
@@ -34,7 +38,7 @@ interface nsIHttpUpgradeListener : nsISupports
  * using any feature exposed by this interface, be aware that this interface
  * will change and you will be broken.  You have been warned.
  */
-[scriptable, uuid(2cd7f6a6-63f3-4bd6-a0f5-6e3d6dcff81b)]
+[scriptable, uuid(5b4b2632-cee4-11e2-8e84-c7506188709b)]
 interface nsIHttpChannelInternal : nsISupports
 {
     /**
@@ -52,6 +56,12 @@ interface nsIHttpChannelInternal : nsISupports
      */
     void getResponseVersion(out unsigned long major, out unsigned long minor);
 
+    /*
+     * Retrieves all security messages from the security message queue
+     * and empties the queue after retrieval
+     */
+    [noscript] void takeAllSecurityMessages(in securityMessagesArray aMessages);
+
     /**
      * Helper method to set a cookie with a consumer-provided
      * cookie header, _but_ using the channel's other information