mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Backed out 2 changesets (bug 1883954) for causing mochitests failures in browser_schemeless.js. CLOSED TREE 

Backed out changeset 790cb078bb3b (bug 1883954)
Backed out changeset 6d1d98d0e69c (bug 1883954)
This commit is contained in:
Stanca Serban 2024-06-20 12:23:53 +03:00
Родитель ab6f644122
Коммит 92d2016aa1
22 изменённых файлов: 70 добавлений и 894 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

10
docshell/base/nsDocShellLoadState.cpp
Просмотреть файл

@ -91,7 +91,6 @@ nsDocShellLoadState::nsDocShellLoadState(
mTriggeringStorageAccess = aLoadState.TriggeringStorageAccess();
mTriggeringRemoteType = aLoadState.TriggeringRemoteType();
mWasSchemelessInput = aLoadState.WasSchemelessInput();
mHttpsUpgradeTelemetry = aLoadState.HttpsUpgradeTelemetry();
mCsp = aLoadState.Csp();
mOriginalURIString = aLoadState.OriginalURIString();
mCancelContentJSEpoch = aLoadState.CancelContentJSEpoch();
@ -197,8 +196,7 @@ nsDocShellLoadState::nsDocShellLoadState(const nsDocShellLoadState& aOther)
mUnstrippedURI(aOther.mUnstrippedURI),
mRemoteTypeOverride(aOther.mRemoteTypeOverride),
mTriggeringRemoteType(aOther.mTriggeringRemoteType),
mWasSchemelessInput(aOther.mWasSchemelessInput),
mHttpsUpgradeTelemetry(aOther.mHttpsUpgradeTelemetry) {
mWasSchemelessInput(aOther.mWasSchemelessInput) {
MOZ_DIAGNOSTIC_ASSERT(
XRE_IsParentProcess(),
"Cloning a nsDocShellLoadState with the same load identifier is only "
@ -244,11 +242,6 @@ nsDocShellLoadState::nsDocShellLoadState(nsIURI* aURI, uint64_t aLoadIdentifier)
: NOT_REMOTE_TYPE),
mWasSchemelessInput(false) {
MOZ_ASSERT(aURI, "Cannot create a LoadState with a null URI!");
if (aURI->SchemeIs("https")) {
mHttpsUpgradeTelemetry = nsILoadInfo::ALREADY_HTTPS;
} else {
mHttpsUpgradeTelemetry = nsILoadInfo::NO_UPGRADE;
}
}
nsDocShellLoadState::~nsDocShellLoadState() {
@ -1315,7 +1308,6 @@ DocShellLoadStateInit nsDocShellLoadState::Serialize(
loadState.TriggeringStorageAccess() = mTriggeringStorageAccess;
loadState.TriggeringRemoteType() = mTriggeringRemoteType;
loadState.WasSchemelessInput() = mWasSchemelessInput;
loadState.HttpsUpgradeTelemetry() = mHttpsUpgradeTelemetry;
loadState.Csp() = mCsp;
loadState.OriginalURIString() = mOriginalURIString;
loadState.CancelContentJSEpoch() = mCancelContentJSEpoch;

13
docshell/base/nsDocShellLoadState.h
Просмотреть файл

@ -337,15 +337,6 @@ class nsDocShellLoadState final {
bool GetWasSchemelessInput() { return mWasSchemelessInput; }
void SetHttpsUpgradeTelemetry(
nsILoadInfo::HTTPSUpgradeTelemetryType aHttpsUpgradeTelemetry) {
mHttpsUpgradeTelemetry = aHttpsUpgradeTelemetry;
}
nsILoadInfo::HTTPSUpgradeTelemetryType GetHttpsUpgradeTelemetry() {
return mHttpsUpgradeTelemetry;
}
// Determine the remote type of the process which should be considered
// responsible for this load for the purposes of security checks.
//
@ -621,10 +612,6 @@ class nsDocShellLoadState final {
// if the to-be-loaded address had it protocol added through a fixup
bool mWasSchemelessInput = false;
// Solely for the use of collecting Telemetry for HTTPS upgrades.
nsILoadInfo::HTTPSUpgradeTelemetryType mHttpsUpgradeTelemetry =
nsILoadInfo::NO_UPGRADE;
};
#endif /* nsDocShellLoadState_h__ */

3
dom/ipc/DOMTypes.ipdlh
Просмотреть файл

@ -4,7 +4,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
include "mozilla/dom/DomSecurityIPCUtils.h";
include "mozilla/GfxMessageUtils.h";
include "mozilla/dom/CSPMessageUtils.h";
include "mozilla/dom/DocShellMessageUtils.h";
@ -44,7 +43,6 @@ using mozilla::ImageIntSize from "Units.h";
using nsSizeMode from "nsIWidgetListener.h";
using mozilla::ScrollbarPreference from "mozilla/ScrollbarPreferences.h";
using mozilla::gfx::SurfaceFormat from "mozilla/gfx/Types.h";
using nsILoadInfo::HTTPSUpgradeTelemetryType from "nsILoadInfo.h";
[RefCounted] using class nsIPrincipal from "nsIPrincipal.h";
using mozilla::dom::MaybeDiscardedBrowsingContext from "mozilla/dom/BrowsingContext.h";
[RefCounted] using class nsIURI from "nsIURI.h";
@ -222,7 +220,6 @@ struct DocShellLoadStateInit
bool AllowFocusMove;
bool IsFromProcessingFrameAttributes;
bool WasSchemelessInput;
HTTPSUpgradeTelemetryType HttpsUpgradeTelemetry;
// Fields missing due to lack of need or serialization
// nsCOMPtr<nsIDocShell> mSourceDocShell;

2
dom/ipc/WindowGlobalParent.cpp
Просмотреть файл

@ -1434,8 +1434,6 @@ mozilla::ipc::IPCResult WindowGlobalParent::RecvReloadWithHttpsOnlyException() {
RefPtr<nsDocShellLoadState> loadState = new nsDocShellLoadState(insecureURI);
loadState->SetTriggeringPrincipal(nsContentUtils::GetSystemPrincipal());
loadState->SetLoadType(LOAD_NORMAL_REPLACE);
loadState->SetHttpsUpgradeTelemetry(
nsILoadInfo::HTTPS_ONLY_UPGRADE_DOWNGRADE);
RefPtr<CanonicalBrowsingContext> topBC = BrowsingContext()->Top();
topBC->LoadURI(loadState, /* setNavigating */ true);

25
dom/security/DomSecurityIPCUtils.h
Просмотреть файл

@ -1,25 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef mozilla_dom_domsecurityipcutils_h
#define mozilla_dom_domsecurityipcutils_h
#include "ipc/EnumSerializer.h"
#include "nsILoadInfo.h"
namespace IPC {
// nsILoadInfo::HTTPSUpgradeTelemetryType over IPC.
template <>
struct ParamTraits<nsILoadInfo::HTTPSUpgradeTelemetryType>
: public ContiguousEnumSerializerInclusive<
nsILoadInfo::HTTPSUpgradeTelemetryType,
nsILoadInfo::HTTPSUpgradeTelemetryType::NO_UPGRADE,
nsILoadInfo::HTTPSUpgradeTelemetryType::HTTPS_RR> {};
} // namespace IPC
#endif // mozilla_dom_domsecurityipcutils_h

1
dom/security/moz.build
Просмотреть файл

@ -14,7 +14,6 @@ DIRS += ["featurepolicy", "sanitizer", "trusted-types"]
EXPORTS.mozilla.dom += [
"CSPEvalChecker.h",
"CSPViolationData.h",
"DomSecurityIPCUtils.h",
"DOMSecurityMonitor.h",
"FramingChecker.h",
"nsContentSecurityManager.h",

16
dom/security/nsHTTPSOnlyUtils.cpp
Просмотреть файл

@ -588,19 +588,6 @@ void nsHTTPSOnlyUtils::UpdateLoadStateAfterHTTPSFirstDowngrade(
// loop
aLoadState->SetIsExemptFromHTTPSFirstMode(true);
// we can safely set the flag to indicate the downgrade here and it will be
// propagated all the way to nsHttpChannel::OnStopRequest() where we collect
// the telemetry.
nsCOMPtr<nsIChannel> channel = aDocumentLoadListener->GetChannel();
nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
if (loadInfo->GetWasSchemelessInput()) {
aLoadState->SetHttpsUpgradeTelemetry(
nsILoadInfo::HTTPS_FIRST_SCHEMELESS_UPGRADE_DOWNGRADE);
} else {
aLoadState->SetHttpsUpgradeTelemetry(
nsILoadInfo::HTTPS_FIRST_UPGRADE_DOWNGRADE);
}
// Add downgrade data for later telemetry usage to load state
nsDOMNavigationTiming* timing = aDocumentLoadListener->GetTiming();
if (timing) {
@ -609,6 +596,9 @@ void nsHTTPSOnlyUtils::UpdateLoadStateAfterHTTPSFirstDowngrade(
mozilla::TimeDuration duration =
mozilla::TimeStamp::Now() - navigationStart;
nsCOMPtr<nsIChannel> channel = aDocumentLoadListener->GetChannel();
nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
bool isPrivateWin =
loadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
bool isSchemeless =

11
dom/security/test/https-first/browser.toml
Просмотреть файл

@ -58,14 +58,3 @@ support-files = [
["browser_superfluos_auth.js"]
["browser_upgrade_onion.js"]
["browser_https_telemetry.js"]
support-files = [
"file_https_telemetry_hsts.sjs",
"file_no_https_support.sjs"
]
skip-if = [
"http3",
"http2",
"socketprocess_networking",
]

599
dom/security/test/https-first/browser_https_telemetry.js
Просмотреть файл

@ -1,599 +0,0 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
// We explicitly need HTTP URLs in this test
/* eslint-disable @microsoft/sdl/no-insecure-url */
requestLongerTimeout(2);
ChromeUtils.defineLazyGetter(this, "UrlbarTestUtils", () => {
const { UrlbarTestUtils: module } = ChromeUtils.importESModule(
"resource://testing-common/UrlbarTestUtils.sys.mjs"
);
module.init(this);
return module;
});
const TEST_PATH_HTTP = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"http://example.com"
);
const TEST_PATH_HTTPS = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://example.com"
);
const TEST_PATH_SCHEMELESS = getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"example.com"
);
const HSTS_SITE = TEST_PATH_HTTPS + "file_https_telemetry_hsts.sjs";
const NO_HTTPS_SUPPORT_SITE = TEST_PATH_HTTP + "file_no_https_support.sjs";
const NO_HTTPS_SUPPORT_SITE_SCHEMELESS =
TEST_PATH_SCHEMELESS + "file_no_https_support.sjs";
async function setPrefsAndResetFog(
aHTTPSOnlyPref,
aHTTPSFirstPref,
aSchemeLessPref
) {
Services.fog.testResetFOG();
await SpecialPowers.pushPrefEnv({
set: [
["dom.security.https_only_mode", aHTTPSOnlyPref],
["dom.security.https_first", aHTTPSFirstPref],
["dom.security.https_first_schemeless", aSchemeLessPref],
],
});
}
function verifyGleanValues(
aDescription,
aNoUpgrade,
aAlreadyHTTPS,
aHSTS,
aHttpsOnlyUpgrade,
aHttpsOnlyUpgradeDowngrade,
aHttpsFirstUpgrade,
aHttpsFirstUpgradeDowngrade,
aHttpsFirstSchemelessUpgrade,
aHttpsFirstSchemelessUpgradeDowngrade,
aHttpsRR
) {
info(aDescription);
let glean = Glean.networking.httpToHttpsUpgradeReason;
is(glean.no_upgrade.testGetValue(), aNoUpgrade, "verify no_upgrade");
is(glean.already_https.testGetValue(), aAlreadyHTTPS, "verify already_https");
is(glean.hsts.testGetValue(), aHSTS, "verify hsts");
is(
glean.https_only_upgrade.testGetValue(),
aHttpsOnlyUpgrade,
"verify https_only_upgrade"
);
is(
glean.https_only_upgrade_downgrade.testGetValue(),
aHttpsOnlyUpgradeDowngrade,
"verify https_only_upgrade_downgrade"
);
is(
glean.https_first_upgrade.testGetValue(),
aHttpsFirstUpgrade,
"verify https_first_upgrade"
);
is(
glean.https_first_upgrade_downgrade.testGetValue(),
aHttpsFirstUpgradeDowngrade,
"verify https_first_upgrade_downgrade"
);
is(
glean.https_first_schemeless_upgrade.testGetValue(),
aHttpsFirstSchemelessUpgrade,
"verify https_first_schemeless_upgrade"
);
is(
glean.https_first_schemeless_upgrade_downgrade.testGetValue(),
aHttpsFirstSchemelessUpgradeDowngrade,
"verify https_first_schemeless_upgrade_downgrade"
);
is(glean.https_rr.testGetValue(), aHttpsRR, "verify https_rr");
}
async function runUpgradeTest(aURI, aDesc, aAssertURLStartsWith) {
await BrowserTestUtils.withNewTab("about:blank", async function (browser) {
const loaded = BrowserTestUtils.browserLoaded(browser, false, null, true);
BrowserTestUtils.startLoadingURIString(browser, aURI);
await loaded;
await SpecialPowers.spawn(
browser,
[aDesc, aAssertURLStartsWith],
async function (aDesc, aAssertURLStartsWith) {
ok(
content.document.location.href.startsWith(aAssertURLStartsWith),
aDesc
);
}
);
await SpecialPowers.removePermission("https-only-load-insecure", aURI);
});
}
async function runSchemelessTest(aURI, aDesc, aAssertURLStartsWith) {
await BrowserTestUtils.withNewTab("about:blank", async function (browser) {
const loaded = BrowserTestUtils.browserLoaded(browser, false, null, true);
await UrlbarTestUtils.promiseAutocompleteResultPopup({
window,
value: aURI,
});
EventUtils.synthesizeKey("KEY_Enter", { ctrlKey: true });
await loaded;
await SpecialPowers.spawn(
browser,
[aDesc, aAssertURLStartsWith],
async function (aDesc, aAssertURLStartsWith) {
ok(
content.document.location.href.startsWith(aAssertURLStartsWith),
aDesc
);
}
);
// we can't pass a schemeless uri to removePermission
let uri = "https://" + aURI;
await SpecialPowers.removePermission("https-only-load-insecure", uri);
});
}
add_task(async function () {
info("(1) no upgrade test");
await setPrefsAndResetFog(
false /* aHTTPSOnlyPref */,
false /* aHTTPSFirstPref */,
false /* aSchemeLessPref */
);
await runUpgradeTest(
"http://example.com?test1",
"(1) no upgrade test",
"http://"
);
verifyGleanValues(
"(1) no upgrade test",
1 /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
null /* aHttpsOnlyUpgrade */,
null /* aHttpsOnlyUpgradeDowngrade */,
null /* aHttpsFirstUpgrade */,
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
);
});
add_task(async function () {
info("(2) already https test");
await setPrefsAndResetFog(
false /* aHTTPSOnlyPref */,
false /* aHTTPSFirstPref */,
false /* aSchemeLessPref */
);
await runUpgradeTest(
"https://example.com?test2",
"(2) already https test",
"https://"
);
verifyGleanValues(
"(2) already https test",
null /* aNoUpgrade */,
1 /* aAlreadyHTTPS */,
null /* aHSTS */,
null /* aHttpsOnlyUpgrade */,
null /* aHttpsOnlyUpgradeDowngrade */,
null /* aHttpsFirstUpgrade */,
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
);
});
add_task(async function () {
info("(2b) already https test all prefs true");
await setPrefsAndResetFog(
true /* aHTTPSOnlyPref */,
true /* aHTTPSFirstPref */,
true /* aSchemeLessPref */
);
await runUpgradeTest(
"https://example.com?test2b",
"(2b) already https test all prefs true",
"https://"
);
verifyGleanValues(
"(2b) already https test all prefs true",
null /* aNoUpgrade */,
1 /* aAlreadyHTTPS */,
null /* aHSTS */,
null /* aHttpsOnlyUpgrade */,
null /* aHttpsOnlyUpgradeDowngrade */,
null /* aHttpsFirstUpgrade */,
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
);
});
add_task(async function () {
info("(3) hsts");
await setPrefsAndResetFog(
false /* aHTTPSOnlyPref */,
false /* aHTTPSFirstPref */,
false /* aSchemeLessPref */
);
// we need to setup hsts first
await BrowserTestUtils.withNewTab("about:blank", async function (browser) {
const loaded = BrowserTestUtils.browserLoaded(browser, false, null, true);
BrowserTestUtils.startLoadingURIString(browser, HSTS_SITE);
await loaded;
});
// now we reset glean again
Services.fog.testResetFOG();
await runUpgradeTest("http://example.com?test3", "(3) hsts", "https://");
verifyGleanValues(
"(3) hsts",
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
1 /* aHSTS */,
null /* aHttpsOnlyUpgrade */,
null /* aHttpsOnlyUpgradeDowngrade */,
null /* aHttpsFirstUpgrade */,
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
);
// finally we need to reset hsts
await BrowserTestUtils.withNewTab("about:blank", async function (browser) {
const loaded = BrowserTestUtils.browserLoaded(browser, false, null, true);
BrowserTestUtils.startLoadingURIString(browser, HSTS_SITE + "?reset");
await loaded;
});
info("(3b) hsts with all prefs true");
await setPrefsAndResetFog(
true /* aHTTPSOnlyPref */,
true /* aHTTPSFirstPref */,
true /* aSchemeLessPref */
);
// we need to setup hsts first
await BrowserTestUtils.withNewTab("about:blank", async function (browser) {
const loaded = BrowserTestUtils.browserLoaded(browser, false, null, true);
BrowserTestUtils.startLoadingURIString(browser, HSTS_SITE);
await loaded;
});
// now we reset glean again
Services.fog.testResetFOG();
await runUpgradeTest(
"http://example.com?test3b",
"(3b) hsts with all prefs true",
"https://"
);
verifyGleanValues(
"(3b) hsts with all prefs true",
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
1 /* aHSTS */,
null /* aHttpsOnlyUpgrade */,
null /* aHttpsOnlyUpgradeDowngrade */,
null /* aHttpsFirstUpgrade */,
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
);
// finally we need to reset the hsts host
await BrowserTestUtils.withNewTab("about:blank", async function (browser) {
const loaded = BrowserTestUtils.browserLoaded(browser, false, null, true);
BrowserTestUtils.startLoadingURIString(browser, HSTS_SITE + "?reset");
await loaded;
});
});
add_task(async function () {
info("(4) https-only upgrade");
await setPrefsAndResetFog(
true /* aHTTPSOnlyPref */,
false /* aHTTPSFirstPref */,
false /* aSchemeLessPref */
);
await runUpgradeTest(
"http://example.com?test4",
"(4) https-only upgrade",
"https://"
);
verifyGleanValues(
"(4) https-only upgrade",
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
1 /* aHttpsOnlyUpgrade */,
null /* aHttpsOnlyUpgradeDowngrade */,
null /* aHttpsFirstUpgrade */,
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
);
info("(4b) https-only upgrade downgrade");
await setPrefsAndResetFog(
true /* aHTTPSOnlyPref */,
false /* aHTTPSFirstPref */,
false /* aSchemeLessPref */
);
// We specifically want a insecure url here that will fail to upgrade
let uri = "http://untrusted.example.com:80";
let desc = "(4b) https-only upgrade downgrade";
let assertErrorPageStartsWith = "https://";
let assertDowngradedURLStartsWith = "http://";
await BrowserTestUtils.withNewTab("about:blank", async function (browser) {
const loaded = BrowserTestUtils.waitForErrorPage(browser);
BrowserTestUtils.startLoadingURIString(browser, uri);
await loaded;
await SpecialPowers.spawn(
browser,
[desc, assertErrorPageStartsWith],
async function (desc, assertErrorPageStartsWith) {
ok(
content.document.location.href.startsWith(assertErrorPageStartsWith),
desc
);
}
);
const downGradeLoaded = BrowserTestUtils.browserLoaded(
browser,
false,
null,
true
);
// click the 'contine to insecure page' button
await SpecialPowers.spawn(browser, [], async function () {
let openInsecureButton = content.document.getElementById("openInsecure");
Assert.notEqual(
openInsecureButton,
null,
"openInsecureButton should exist."
);
info("Waiting for openInsecureButton to be enabled.");
function callback() {
if (!openInsecureButton.inert) {
observer.disconnect();
content.requestAnimationFrame(() => {
content.requestAnimationFrame(() => {
openInsecureButton.click();
});
});
}
}
const observer = new content.MutationObserver(callback);
observer.observe(openInsecureButton, { attributeFilter: ["inert"] });
callback();
});
await downGradeLoaded;
await SpecialPowers.spawn(
browser,
[desc, assertDowngradedURLStartsWith],
async function (desc, assertDowngradedURLStartsWith) {
ok(
content.document.location.href.startsWith(
assertDowngradedURLStartsWith
),
desc
);
}
);
await SpecialPowers.removePermission("https-only-load-insecure", uri);
});
verifyGleanValues(
"(4b) https-only upgrade downgrade",
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
1 /* aHttpsOnlyUpgrade */,
1 /* aHttpsOnlyUpgradeDowngrade */,
null /* aHttpsFirstUpgrade */,
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
);
});
add_task(async function () {
info("(5) https-first upgrade");
await setPrefsAndResetFog(
false /* aHTTPSOnlyPref */,
true /* aHTTPSFirstPref */,
false /* aSchemeLessPref */
);
await runUpgradeTest(
"http://example.com?test5",
"(5) https-first upgrade",
"https://"
);
verifyGleanValues(
"(5) https-first upgrade",
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
null /* aHttpsOnlyUpgrade */,
null /* aHttpsOnlyUpgradeDowngrade */,
1 /* aHttpsFirstUpgrade */,
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
);
info("(5b) https-first upgrade downgrade");
await setPrefsAndResetFog(
false /* aHTTPSOnlyPref */,
true /* aHTTPSFirstPref */,
false /* aSchemeLessPref */
);
await runUpgradeTest(
NO_HTTPS_SUPPORT_SITE + "?test5b",
"(5b) https-first upgrade downgrade",
"http://"
);
verifyGleanValues(
"(5) https-first upgrade",
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
null /* aHttpsOnlyUpgrade */,
null /* aHttpsOnlyUpgradeDowngrade */,
1 /* aHttpsFirstUpgrade */,
1 /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
);
});
add_task(async function () {
info("(6) schemeless https-first upgrade");
await setPrefsAndResetFog(
false /* aHTTPSOnlyPref */,
false /* aHTTPSFirstPref */,
true /* aSchemeLessPref */
);
await runSchemelessTest(
"example.com?test6",
"(6) schemeless https-first upgrade",
"https://"
);
verifyGleanValues(
"(6) schemeless https-first upgrade",
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
null /* aHttpsOnlyUpgrade */,
null /* aHttpsOnlyUpgradeDowngrade */,
null /* aHttpsFirstUpgrade */,
null /* aHttpsFirstUpgradeDowngrade */,
1 /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
);
info("(6b) schemeless https-first upgrade downgrade");
await setPrefsAndResetFog(
false /* aHTTPSOnlyPref */,
false /* aHTTPSFirstPref */,
true /* aSchemeLessPref */
);
await runSchemelessTest(
NO_HTTPS_SUPPORT_SITE_SCHEMELESS + "?test6b",
"(6) schemeless https-first upgrade downgrade",
"http://"
);
verifyGleanValues(
"(6b) schemeless https-first upgrade downgrade",
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
null /* aHttpsOnlyUpgrade */,
null /* aHttpsOnlyUpgradeDowngrade */,
null /* aHttpsFirstUpgrade */,
null /* aHttpsFirstUpgradeDowngrade */,
1 /* aHttpsFirstSchemelessUpgrade */,
1 /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
);
});
add_task(async function () {
info("(7) https-rr upgrade");
Services.fog.testResetFOG();
await SpecialPowers.pushPrefEnv({
set: [
["dom.security.https_only_mode", false],
["dom.security.https_first", false],
["dom.security.https_first_schemeless", false],
["network.dns.force_use_https_rr", true],
["network.dns.mock_HTTPS_RR_domain", "example.org"],
],
});
await runUpgradeTest(
"http://example.org",
"(7) https-rr upgrade",
"https://"
);
verifyGleanValues(
"(7) https-rr upgrade",
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
null /* aHttpsOnlyUpgrade */,
null /* aHttpsOnlyUpgradeDowngrade */,
null /* aHttpsFirstUpgrade */,
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
1 /* aHttpsRR */
);
});

19
dom/security/test/https-first/file_https_telemetry_hsts.sjs
Просмотреть файл

@ -1,19 +0,0 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
function handleRequest(request, response) {
response.setHeader("Cache-Control", "no-cache", false);
if (request.queryString === "reset") {
// Reset the HSTS policy, prevent influencing other tests
response.setStatusLine(request.httpVersion, 200, "OK");
response.setHeader("Strict-Transport-Security", "max-age=0");
response.write("Resetting HSTS");
return;
}
let hstsHeader = "max-age=60";
response.setHeader("Strict-Transport-Security", hstsHeader);
response.setHeader("Cache-Control", "no-cache", false);
response.setHeader("Content-Type", "text/html", false);
response.setStatusLine(request.httpVersion, 200);
response.write("<html><body>ok</body></html>");
}

8
dom/security/test/https-first/file_no_https_support.sjs
Просмотреть файл

@ -1,8 +0,0 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
function handleRequest(request, response) {
response.setHeader("Cache-Control", "no-cache", false);
response.setStatusLine("1.1", 404, "Not Found");
response.write("not found");
}

18
ipc/glue/BackgroundUtils.cpp
Просмотреть файл

@ -576,10 +576,10 @@ nsresult LoadInfoToLoadInfoArgs(nsILoadInfo* aLoadInfo,
aLoadInfo->GetIsFormSubmission(), aLoadInfo->GetSendCSPViolationEvents(),
aLoadInfo->GetOriginAttributes(), redirectChainIncludingInternalRedirects,
redirectChain, aLoadInfo->GetHasInjectedCookieForCookieBannerHandling(),
aLoadInfo->GetWasSchemelessInput(), aLoadInfo->GetHttpsUpgradeTelemetry(),
ipcClientInfo, ipcReservedClientInfo, ipcInitialClientInfo, ipcController,
aLoadInfo->CorsUnsafeHeaders(), aLoadInfo->GetForcePreflight(),
aLoadInfo->GetIsPreflight(), aLoadInfo->GetLoadTriggeredFromExternal(),
aLoadInfo->GetWasSchemelessInput(), ipcClientInfo, ipcReservedClientInfo,
ipcInitialClientInfo, ipcController, aLoadInfo->CorsUnsafeHeaders(),
aLoadInfo->GetForcePreflight(), aLoadInfo->GetIsPreflight(),
aLoadInfo->GetLoadTriggeredFromExternal(),
aLoadInfo->GetServiceWorkerTaintingSynthesized(),
aLoadInfo->GetDocumentHasUserInteracted(),
aLoadInfo->GetAllowListFutureDocumentsCreatedFromThisRedirectChain(),
@ -885,7 +885,7 @@ nsresult LoadInfoArgsToLoadInfo(const LoadInfoArgs& loadInfoArgs,
loadInfoArgs.originTrialCoepCredentiallessEnabledForTopLevel(),
loadInfoArgs.unstrippedURI(), interceptionInfo,
loadInfoArgs.hasInjectedCookieForCookieBannerHandling(),
loadInfoArgs.wasSchemelessInput(), loadInfoArgs.httpsUpgradeTelemetry());
loadInfoArgs.wasSchemelessInput());
if (loadInfoArgs.isFromProcessingFrameAttributes()) {
loadInfo->SetIsFromProcessingFrameAttributes();
@ -953,7 +953,6 @@ void LoadInfoToParentLoadInfoForwarder(
*aForwarderArgsOut = ParentLoadInfoForwarderArgs(
aLoadInfo->GetAllowInsecureRedirectToDataURI(), ipcController, tainting,
aLoadInfo->GetSkipContentSniffing(), aLoadInfo->GetHttpsOnlyStatus(),
aLoadInfo->GetWasSchemelessInput(), aLoadInfo->GetHttpsUpgradeTelemetry(),
aLoadInfo->GetHstsStatus(), aLoadInfo->GetHasValidUserGestureActivation(),
aLoadInfo->GetAllowDeprecatedSystemRequests(),
aLoadInfo->GetIsInDevToolsContext(), aLoadInfo->GetParserCreatedScript(),
@ -996,13 +995,6 @@ nsresult MergeParentLoadInfoForwarder(
rv = aLoadInfo->SetHttpsOnlyStatus(aForwarderArgs.httpsOnlyStatus());
NS_ENSURE_SUCCESS(rv, rv);
rv = aLoadInfo->SetWasSchemelessInput(aForwarderArgs.wasSchemelessInput());
NS_ENSURE_SUCCESS(rv, rv);
rv = aLoadInfo->SetHttpsUpgradeTelemetry(
aForwarderArgs.httpsUpgradeTelemetry());
NS_ENSURE_SUCCESS(rv, rv);
rv = aLoadInfo->SetHstsStatus(aForwarderArgs.hstsStatus());
NS_ENSURE_SUCCESS(rv, rv);

23
netwerk/base/LoadInfo.cpp
Просмотреть файл

@ -689,8 +689,7 @@ LoadInfo::LoadInfo(const LoadInfo& rhs)
mInterceptionInfo(rhs.mInterceptionInfo),
mHasInjectedCookieForCookieBannerHandling(
rhs.mHasInjectedCookieForCookieBannerHandling),
mWasSchemelessInput(rhs.mWasSchemelessInput),
mHttpsUpgradeTelemetry(rhs.mHttpsUpgradeTelemetry) {
mWasSchemelessInput(rhs.mWasSchemelessInput) {
}
LoadInfo::LoadInfo(
@ -737,8 +736,7 @@ LoadInfo::LoadInfo(
nsILoadInfo::CrossOriginEmbedderPolicy aLoadingEmbedderPolicy,
bool aIsOriginTrialCoepCredentiallessEnabledForTopLevel,
nsIURI* aUnstrippedURI, nsIInterceptionInfo* aInterceptionInfo,
bool aHasInjectedCookieForCookieBannerHandling, bool aWasSchemelessInput,
nsILoadInfo::HTTPSUpgradeTelemetryType aHttpsUpgradeTelemetry)
bool aHasInjectedCookieForCookieBannerHandling, bool aWasSchemelessInput)
: mLoadingPrincipal(aLoadingPrincipal),
mTriggeringPrincipal(aTriggeringPrincipal),
mPrincipalToInherit(aPrincipalToInherit),
@ -816,8 +814,7 @@ LoadInfo::LoadInfo(
mInterceptionInfo(aInterceptionInfo),
mHasInjectedCookieForCookieBannerHandling(
aHasInjectedCookieForCookieBannerHandling),
mWasSchemelessInput(aWasSchemelessInput),
mHttpsUpgradeTelemetry(aHttpsUpgradeTelemetry) {
mWasSchemelessInput(aWasSchemelessInput) {
// Only top level TYPE_DOCUMENT loads can have a null loadingPrincipal
MOZ_ASSERT(mLoadingPrincipal ||
aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT);
@ -2408,18 +2405,4 @@ LoadInfo::SetWasSchemelessInput(bool aWasSchemelessInput) {
return NS_OK;
}
NS_IMETHODIMP
LoadInfo::GetHttpsUpgradeTelemetry(
nsILoadInfo::HTTPSUpgradeTelemetryType* aOutHttpsUpgradeTelemetry) {
*aOutHttpsUpgradeTelemetry = mHttpsUpgradeTelemetry;
return NS_OK;
}
NS_IMETHODIMP
LoadInfo::SetHttpsUpgradeTelemetry(
nsILoadInfo::HTTPSUpgradeTelemetryType aHttpsUpgradeTelemetry) {
mHttpsUpgradeTelemetry = aHttpsUpgradeTelemetry;
return NS_OK;
}
} // namespace mozilla::net

7
netwerk/base/LoadInfo.h
Просмотреть файл

@ -252,9 +252,7 @@ class LoadInfo final : public nsILoadInfo {
nsILoadInfo::CrossOriginEmbedderPolicy aLoadingEmbedderPolicy,
bool aIsOriginTrialCoepCredentiallessEnabledForTopLevel,
nsIURI* aUnstrippedURI, nsIInterceptionInfo* aInterceptionInfo,
bool aHasInjectedCookieForCookieBannerHandling, bool aWasSchemelessInput,
nsILoadInfo::HTTPSUpgradeTelemetryType aHttpsUpgradeTelemetry);
bool aHasInjectedCookieForCookieBannerHandling, bool aWasSchemelessInput);
LoadInfo(const LoadInfo& rhs);
NS_IMETHOD GetRedirects(JSContext* aCx,
@ -403,9 +401,6 @@ class LoadInfo final : public nsILoadInfo {
bool mHasInjectedCookieForCookieBannerHandling = false;
bool mWasSchemelessInput = false;
nsILoadInfo::HTTPSUpgradeTelemetryType mHttpsUpgradeTelemetry =
nsILoadInfo::NO_UPGRADE;
};
// This is exposed solely for testing purposes and should not be used outside of

12
netwerk/base/TRRLoadInfo.cpp
Просмотреть файл

@ -861,17 +861,5 @@ TRRLoadInfo::SetWasSchemelessInput(bool aWasSchemelessInput) {
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
TRRLoadInfo::GetHttpsUpgradeTelemetry(
nsILoadInfo::HTTPSUpgradeTelemetryType* aOutHttpsTelemetry) {
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
TRRLoadInfo::SetHttpsUpgradeTelemetry(
nsILoadInfo::HTTPSUpgradeTelemetryType aHttpsTelemetry) {
return NS_ERROR_NOT_IMPLEMENTED;
}
} // namespace net
} // namespace mozilla

19
netwerk/base/nsILoadInfo.idl
Просмотреть файл

@ -1532,23 +1532,4 @@ interface nsILoadInfo : nsISupports
* Whether the load has gone through the URL bar, where the fixup had to add * the protocol scheme.
*/
[infallible] attribute boolean wasSchemelessInput;
cenum HTTPSUpgradeTelemetryType : 32 {
NO_UPGRADE = 0,
ALREADY_HTTPS = (1 << 0),
HSTS = (1 << 1),
HTTPS_ONLY_UPGRADE = (1 << 2),
HTTPS_ONLY_UPGRADE_DOWNGRADE = (1 << 3),
HTTPS_FIRST_UPGRADE = (1 << 4),
HTTPS_FIRST_UPGRADE_DOWNGRADE = (1 << 5),
HTTPS_FIRST_SCHEMELESS_UPGRADE = (1 << 6),
HTTPS_FIRST_SCHEMELESS_UPGRADE_DOWNGRADE = (1 << 7),
HTTPS_RR = (1 << 8),
};
/**
* Solely for the use of collecting Telemetry for HTTPS upgrades.
*/
[infallible] attribute nsILoadInfo_HTTPSUpgradeTelemetryType httpsUpgradeTelemetry;
};

31
netwerk/base/nsNetUtil.cpp
Просмотреть файл

@ -2931,8 +2931,15 @@ bool handleResultFunc(bool aAllowSTS, bool aIsStsHost) {
if (aIsStsHost) {
LOG(("nsHttpChannel::Connect() STS permissions found\n"));
if (aAllowSTS) {
Telemetry::AccumulateCategorical(
Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::STS);
return true;
}
Telemetry::AccumulateCategorical(
Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::PrefBlockedSTS);
} else {
Telemetry::AccumulateCategorical(
Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::NoReasonToUpgrade);
}
return false;
};
@ -2959,6 +2966,8 @@ static bool ShouldSecureUpgradeNoHSTS(nsIURI* aURI, nsILoadInfo* aLoadInfo) {
nsIScriptError::warningFlag,
"upgradeInsecureRequest"_ns, innerWindowId,
!!aLoadInfo->GetOriginAttributes().mPrivateBrowsingId);
Telemetry::AccumulateCategorical(
Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::CSP);
return true;
}
// 3. Mixed content auto upgrading
@ -2990,22 +2999,22 @@ static bool ShouldSecureUpgradeNoHSTS(nsIURI* aURI, nsILoadInfo* aLoadInfo) {
// Set this flag so we know we'll upgrade because of
// 'security.mixed_content.upgrade_display_content'.
aLoadInfo->SetBrowserDidUpgradeInsecureRequests(true);
Telemetry::AccumulateCategorical(
Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::BrowserDisplay);
return true;
}
// 4. Https-Only
if (nsHTTPSOnlyUtils::ShouldUpgradeRequest(aURI, aLoadInfo)) {
aLoadInfo->SetHttpsUpgradeTelemetry(nsILoadInfo::HTTPS_ONLY_UPGRADE);
Telemetry::AccumulateCategorical(
Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::HTTPSOnly);
return true;
}
// 4.a Https-First
if (nsHTTPSOnlyUtils::ShouldUpgradeHttpsFirstRequest(aURI, aLoadInfo)) {
if (aLoadInfo->GetWasSchemelessInput()) {
aLoadInfo->SetHttpsUpgradeTelemetry(
nsILoadInfo::HTTPS_FIRST_SCHEMELESS_UPGRADE);
} else {
aLoadInfo->SetHttpsUpgradeTelemetry(nsILoadInfo::HTTPS_FIRST_UPGRADE);
}
Telemetry::AccumulateCategorical(
Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::HTTPSFirst);
return true;
}
return false;
@ -3038,7 +3047,8 @@ nsresult NS_ShouldSecureUpgrade(
// If request is https, then there is nothing to do here.
if (isHttps) {
aLoadInfo->SetHttpsUpgradeTelemetry(nsILoadInfo::ALREADY_HTTPS);
Telemetry::AccumulateCategorical(
Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::AlreadyHTTPS);
aShouldUpgrade = false;
return NS_OK;
}
@ -3121,11 +3131,6 @@ nsresult NS_ShouldSecureUpgrade(
NS_ENSURE_SUCCESS(rv, rv);
aShouldUpgrade = handleResultFunc(aAllowSTS, isStsHost);
// we can't pass the loadinfo to handleResultFunc since it's not threadsafe
// hence we set the http telemetry information on the loadinfo here.
if (aShouldUpgrade) {
aLoadInfo->SetHttpsUpgradeTelemetry(nsILoadInfo::HSTS);
}
if (!aShouldUpgrade) {
// Check for CSP upgrade-insecure-requests, Mixed content auto upgrading
// and Https-Only / -First.

1
netwerk/ipc/DocumentLoadListener.cpp
Просмотреть файл

@ -161,7 +161,6 @@ static auto CreateDocumentLoadInfo(CanonicalBrowsingContext* aBrowsingContext,
}
loadInfo->SetWasSchemelessInput(aLoadState->GetWasSchemelessInput());
loadInfo->SetHttpsUpgradeTelemetry(aLoadState->GetHttpsUpgradeTelemetry());
loadInfo->SetTriggeringSandboxFlags(aLoadState->TriggeringSandboxFlags());
loadInfo->SetTriggeringWindowId(aLoadState->TriggeringWindowId());

7
netwerk/ipc/NeckoChannelParams.ipdlh
Просмотреть файл

@ -14,7 +14,6 @@ include PBackgroundSharedTypes;
include DOMTypes;
include ProtocolTypes;
include "mozilla/dom/DomSecurityIPCUtils.h";
include "mozilla/dom/FetchIPCTypes.h";
include "mozilla/dom/PropertyBagUtils.h";
include "mozilla/dom/ReferrerInfoUtils.h";
@ -38,7 +37,6 @@ using nsILoadInfo::StoragePermissionState from "nsILoadInfo.h";
using struct mozilla::dom::LoadingSessionHistoryInfo from "mozilla/dom/SessionHistoryEntry.h";
using mozilla::dom::RequestMode from "mozilla/dom/RequestBinding.h";
using mozilla::net::LinkHeader from "nsNetUtil.h";
using nsILoadInfo::HTTPSUpgradeTelemetryType from "nsILoadInfo.h";
namespace mozilla {
namespace net {
@ -137,7 +135,6 @@ struct LoadInfoArgs
RedirectHistoryEntryInfo[] redirectChain;
bool hasInjectedCookieForCookieBannerHandling;
bool wasSchemelessInput;
HTTPSUpgradeTelemetryType httpsUpgradeTelemetry;
/**
* ClientInfo structure representing the window or worker that triggered
@ -224,10 +221,6 @@ struct ParentLoadInfoForwarderArgs
uint32_t httpsOnlyStatus;
bool wasSchemelessInput;
HTTPSUpgradeTelemetryType httpsUpgradeTelemetry;
bool hstsStatus;
// Returns true if at the time of the loadinfo construction the document

43
netwerk/metrics.yaml
Просмотреть файл

@ -933,6 +933,22 @@ networking:
- presented_with_http3
- none
https_upgrade_with_https_rr:
type: labeled_counter
description: >
Whether an HTTP request gets upgraded to HTTPS because of HTTPS RR
bugs:
- https://bugzilla.mozilla.org/1686421
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1686421
notification_emails:
- necko@mozilla.com
- kershaw@mozilla.com
expires: never
labels:
- https_rr
- others
http_channel_onstart_success_https_rr:
type: labeled_counter
description: >
@ -1089,33 +1105,6 @@ networking:
- kershaw@mozilla.com
expires: never
http_to_https_upgrade_reason:
type: labeled_counter
description: >
Whether a top-level HTTP request gets upgraded to HTTPS and the reason for it
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1883954
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1883954
notification_emails:
- ckerschb@mozilla.com
- freddyb@mozilla.com
- kershaw@mozilla.com
- necko@mozilla.com
- seceng-telemetry@mozilla.com
expires: never
labels:
- no_upgrade
- already_https
- hsts
- https_only_upgrade
- https_only_upgrade_downgrade
- https_first_upgrade
- https_first_upgrade_downgrade
- https_first_schemeless_upgrade
- https_first_schemeless_upgrade_downgrade
- https_rr
http_channel_sub_open_to_first_sent_https_rr:
type: timing_distribution
time_unit: millisecond

76
netwerk/protocol/http/nsHttpChannel.cpp
Просмотреть файл

@ -794,12 +794,9 @@ nsresult nsHttpChannel::ContinueOnBeforeConnect(bool aShouldUpgrade,
}
if (aShouldUpgrade && !mURI->SchemeIs("https")) {
// only set HTTPS_RR to be responsbile for the upgrade in the loadinfo
// if it actually was responsible, otherwise the correct flag is
// already present in the loadinfo.
if (aUpgradeWithHTTPSRR) {
mLoadInfo->SetHttpsUpgradeTelemetry(nsILoadInfo::HTTPS_RR);
}
mozilla::glean::networking::https_upgrade_with_https_rr
.Get(aUpgradeWithHTTPSRR ? "https_rr"_ns : "others"_ns)
.Add(1);
return AsyncCall(&nsHttpChannel::HandleAsyncRedirectChannelToHttps);
}
@ -7944,71 +7941,6 @@ nsresult nsHttpChannel::LogConsoleError(const char* aTag) {
return NS_OK;
}
static void RecordHTTPSUpgradeTelemetry(nsILoadInfo* aLoadInfo) {
// we record https telemetry only for top-level loads
if (aLoadInfo->GetExternalContentPolicyType() !=
ExtContentPolicy::TYPE_DOCUMENT) {
return;
}
nsILoadInfo::HTTPSUpgradeTelemetryType httpsTelemetry =
nsILoadInfo::NO_UPGRADE;
aLoadInfo->GetHttpsUpgradeTelemetry(&httpsTelemetry);
switch (httpsTelemetry) {
case nsILoadInfo::NO_UPGRADE:
mozilla::glean::networking::http_to_https_upgrade_reason
.Get("no_upgrade"_ns)
.Add(1);
break;
case nsILoadInfo::ALREADY_HTTPS:
mozilla::glean::networking::http_to_https_upgrade_reason
.Get("already_https"_ns)
.Add(1);
break;
case nsILoadInfo::HSTS:
mozilla::glean::networking::http_to_https_upgrade_reason.Get("hsts"_ns)
.Add(1);
break;
case nsILoadInfo::HTTPS_ONLY_UPGRADE:
mozilla::glean::networking::http_to_https_upgrade_reason
.Get("https_only_upgrade"_ns)
.Add(1);
break;
case nsILoadInfo::HTTPS_ONLY_UPGRADE_DOWNGRADE:
mozilla::glean::networking::http_to_https_upgrade_reason
.Get("https_only_upgrade_downgrade"_ns)
.Add(1);
break;
case nsILoadInfo::HTTPS_FIRST_UPGRADE:
mozilla::glean::networking::http_to_https_upgrade_reason
.Get("https_first_upgrade"_ns)
.Add(1);
break;
case nsILoadInfo::HTTPS_FIRST_UPGRADE_DOWNGRADE:
mozilla::glean::networking::http_to_https_upgrade_reason
.Get("https_first_upgrade_downgrade"_ns)
.Add(1);
break;
case nsILoadInfo::HTTPS_FIRST_SCHEMELESS_UPGRADE:
mozilla::glean::networking::http_to_https_upgrade_reason
.Get("https_first_schemeless_upgrade"_ns)
.Add(1);
break;
case nsILoadInfo::HTTPS_FIRST_SCHEMELESS_UPGRADE_DOWNGRADE:
mozilla::glean::networking::http_to_https_upgrade_reason
.Get("https_first_schemeless_upgrade_downgrade"_ns)
.Add(1);
break;
case nsILoadInfo::HTTPS_RR:
mozilla::glean::networking::http_to_https_upgrade_reason
.Get("https_rr"_ns)
.Add(1);
break;
default:
MOZ_ASSERT(false, "what telemetry flag is set to end up here?");
}
}
NS_IMETHODIMP
nsHttpChannel::OnStopRequest(nsIRequest* request, nsresult status) {
AUTO_PROFILER_LABEL("nsHttpChannel::OnStopRequest", NETWORK);
@ -8164,8 +8096,6 @@ nsHttpChannel::OnStopRequest(nsIRequest* request, nsresult status) {
mozilla::glean::network::data_size_per_type.Get(label).Add(totalSize);
}
RecordHTTPSUpgradeTelemetry(mLoadInfo);
// If we are using the transaction to serve content, we also save the
// time since async open in the cache entry so we can compare telemetry
// between cache and net response.

20
toolkit/components/telemetry/Histograms.json
Просмотреть файл

@ -3026,6 +3026,26 @@
"kind": "boolean",
"description": "Whether or not a new alt-svc mapping would change the target hostname of the existing mapping"
},
"HTTP_SCHEME_UPGRADE_TYPE": {
"record_in_processes": ["main", "content"],
"products": ["firefox", "fennec"],
"alert_emails": ["seceng-telemetry@mozilla.com", "freddyb@mozilla.com"],
"bug_numbers": [1340021, 1435733, 1722895],
"releaseChannelCollection": "opt-out",
"expires_in_version": "never",
"kind": "categorical",
"labels": [
"AlreadyHTTPS",
"NoReasonToUpgrade",
"PrefBlockedSTS",
"STS",
"CSP",
"BrowserDisplay",
"HTTPSOnly",
"HTTPSFirst"
],
"description": "Was the URL upgraded to HTTPS?"
},
"HTTP_RESPONSE_STATUS_CODE": {
"record_in_processes": ["main", "content"],
"products": ["firefox", "fennec"],