Bug 1737829: Populate an RFP bit from Channel to Connection via Caps r=necko-reviewers,kershaw

Differential Revision: https://phabricator.services.mozilla.com/D144583

netwerk/protocol/http/Http2ConnectTransaction.cpp

@@ -218,7 +218,8 @@ Http2ConnectTransaction::Http2ConnectTransaction(
     trans->RequestHead()->Exit();
   }
   DebugOnly<nsresult> rv = nsHttpConnection::MakeConnectString(
-      trans, mRequestHead, mConnectString, mIsWebsocket);
+      trans, mRequestHead, mConnectString, mIsWebsocket,
+      mCaps & NS_HTTP_USE_RFP);
   MOZ_ASSERT(NS_SUCCEEDED(rv));
   mDrivingTransaction = trans;
 }

netwerk/protocol/http/nsHttp.h

@@ -146,6 +146,10 @@ extern const nsCString kHttp3Versions[];
 
 #define NS_HTTP_DISALLOW_ECH (1 << 25)
 
+// Used to indicate that an HTTP Connection should obey Resist Fingerprinting
+// and set the User-Agent accordingly.
+#define NS_HTTP_USE_RFP (1 << 26)
+
 #define NS_HTTP_TRR_FLAGS_FROM_MODE(x) ((static_cast<uint32_t>(x) & 3) << 19)
 
 #define NS_HTTP_TRR_MODE_FROM_FLAGS(x) \

netwerk/protocol/http/nsHttpChannel.cpp

@@ -1134,6 +1134,10 @@ nsresult nsHttpChannel::SetupTransaction() {
     mCaps |= NS_HTTP_LOAD_ANONYMOUS_CONNECT_ALLOW_CLIENT_CERT;
   }
 
+  if (nsContentUtils::ShouldResistFingerprinting(this)) {
+    mCaps |= NS_HTTP_USE_RFP;
+  }
+
   // Use the URI path if not proxying (transparent proxying such as proxy
   // CONNECT does not count here). Also figure out what HTTP version to use.
   nsAutoCString buf, path;

netwerk/protocol/http/nsHttpConnection.cpp

@@ -1824,7 +1824,8 @@ void nsHttpConnection::SetInSpdyTunnel(bool arg) {
 // static
 nsresult nsHttpConnection::MakeConnectString(nsAHttpTransaction* trans,
                                              nsHttpRequestHead* request,
-                                             nsACString& result, bool h2ws) {
+                                             nsACString& result, bool h2ws,
+                                             bool aShouldResistFingerprinting) {
   result.Truncate();
   if (!trans->ConnectionInfo()) {
     return NS_ERROR_NOT_INITIALIZED;
@@ -1850,7 +1851,8 @@ nsresult nsHttpConnection::MakeConnectString(nsAHttpTransaction* trans,
   } else {
     request->SetRequestURI(result);
   }
-  rv = request->SetHeader(nsHttp::User_Agent, gHttpHandler->UserAgent());
+  rv = request->SetHeader(nsHttp::User_Agent,
+                          gHttpHandler->UserAgent(aShouldResistFingerprinting));
   MOZ_ASSERT(NS_SUCCEEDED(rv));
 
   // a CONNECT is always persistent
@@ -2451,7 +2453,8 @@ nsresult nsHttpConnection::SetupProxyConnectStream() {
 
   nsAutoCString buf;
   nsHttpRequestHead request;
-  nsresult rv = MakeConnectString(mTransaction, &request, buf, false);
+  nsresult rv = MakeConnectString(mTransaction, &request, buf, false,
+                                  mTransactionCaps & NS_HTTP_USE_RFP);
   if (NS_FAILED(rv)) {
     return rv;
   }

netwerk/protocol/http/nsHttpConnection.h

@@ -191,10 +191,9 @@ class nsHttpConnection final : public HttpConnectionBase,
   bool IsForWebSocket() { return mForWebSocket; }
 
   // The following functions are related to setting up a tunnel.
-  [[nodiscard]] static nsresult MakeConnectString(nsAHttpTransaction* trans,
-                                                  nsHttpRequestHead* request,
-                                                  nsACString& result,
-                                                  bool h2ws);
+  [[nodiscard]] static nsresult MakeConnectString(
+      nsAHttpTransaction* trans, nsHttpRequestHead* request, nsACString& result,
+      bool h2ws, bool aShouldResistFingerprinting);
   [[nodiscard]] static nsresult ReadFromStream(nsIInputStream*, void*,
                                                const char*, uint32_t, uint32_t,
                                                uint32_t*);