Bug 1602318 - Initialize mixed content channel for process-switches. r=ckerschb,necko-reviewers,dragana

Same process origin changes are handled by the docshell, which detects this during AsyncOnChannelRedirect and clears the mixed content permission. Process switches load in a fresh docshell, so we need to make sure we appropriately set or clear the mixed content permission. Differential Revision: https://phabricator.services.mozilla.com/D67095
2020-04-20 22:58:52 +00:00 · 2020-04-20 22:58:52 +00:00 · d11fa9ad8b
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@ -9792,26 +9792,6 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
    mContentTypeHint.Truncate();
  }

-  if (mLoadType == LOAD_NORMAL_ALLOW_MIXED_CONTENT ||
-      mLoadType == LOAD_RELOAD_ALLOW_MIXED_CONTENT) {
-    rv = SetMixedContentChannel(channel);
-    NS_ENSURE_SUCCESS(rv, rv);
-  } else if (mMixedContentChannel) {
-    /*
-     * If the user "Disables Protection on This Page", we call
-     * SetMixedContentChannel for the first time, otherwise
-     * mMixedContentChannel is still null.
-     * Later, if the new channel passes a same orign check, we remember the
-     * users decision by calling SetMixedContentChannel using the new channel.
-     * This way, the user does not have to click the disable protection button
-     * over and over for browsing the same site.
-     */
-    rv = nsContentUtils::CheckSameOrigin(mMixedContentChannel, channel);
-    if (NS_FAILED(rv) || NS_FAILED(SetMixedContentChannel(channel))) {
-      SetMixedContentChannel(nullptr);
-    }
-  }
-
  rv = DoChannelLoad(
      channel, uriLoader,
      aLoadState->HasLoadFlags(INTERNAL_LOAD_FLAGS_BYPASS_CLASSIFIER));
@ -10019,6 +9999,26 @@ nsresult nsDocShell::OpenInitializedChannel(nsIChannel* aChannel,
                                            uint32_t aOpenFlags) {
  nsresult rv = NS_OK;

+  if (mLoadType == LOAD_NORMAL_ALLOW_MIXED_CONTENT ||
+      mLoadType == LOAD_RELOAD_ALLOW_MIXED_CONTENT) {
+    rv = SetMixedContentChannel(aChannel);
+    NS_ENSURE_SUCCESS(rv, rv);
+  } else if (mMixedContentChannel) {
+    /*
+     * If the user "Disables Protection on This Page", we call
+     * SetMixedContentChannel for the first time, otherwise
+     * mMixedContentChannel is still null.
+     * Later, if the new channel passes a same orign check, we remember the
+     * users decision by calling SetMixedContentChannel using the new channel.
+     * This way, the user does not have to click the disable protection button
+     * over and over for browsing the same site.
+     */
+    rv = nsContentUtils::CheckSameOrigin(mMixedContentChannel, aChannel);
+    if (NS_FAILED(rv) || NS_FAILED(SetMixedContentChannel(aChannel))) {
+      SetMixedContentChannel(nullptr);
+    }
+  }
+
  // If anything fails here, make sure to clear our initial ClientSource.
  auto cleanupInitialClient =
      MakeScopeExit([&] { mInitialClientSource.reset(); });
--- a/netwerk/ipc/DocumentLoadListener.cpp
+++ b/netwerk/ipc/DocumentLoadListener.cpp
@ -42,6 +42,7 @@
 #include "mozilla/dom/WindowGlobalParent.h"
 #include "mozilla/StaticPrefs_security.h"
 #include "nsICookieService.h"
+#include "nsDocShellLoadTypes.h"

 #ifdef ANDROID
 #  include "mozilla/widget/nsWindow.h"
@ -1302,6 +1303,22 @@ DocumentLoadListener::AsyncOnChannelRedirect(
        oldURI, aFlags, responseStatus, net::ChannelIsPost(aOldChannel)});
  }

+  // If this is a cross-origin redirect, then we should no longer allow
+  // mixed content. The destination docshell checks this in its redirect
+  // handling, but if we deliver to a new docshell (with a process switch)
+  // then this doesn't happen.
+  // Manually remove the allow mixed content flags.
+  nsresult rv = nsContentUtils::CheckSameOrigin(aOldChannel, aNewChannel);
+  if (NS_FAILED(rv)) {
+    if (mLoadStateLoadType == LOAD_NORMAL_ALLOW_MIXED_CONTENT) {
+      mLoadStateLoadType = LOAD_NORMAL;
+    } else if (mLoadStateLoadType == LOAD_RELOAD_ALLOW_MIXED_CONTENT) {
+      mLoadStateLoadType = LOAD_RELOAD_NORMAL;
+    }
+    MOZ_ASSERT(!LOAD_TYPE_HAS_FLAGS(
+        mLoadStateLoadType, nsIWebNavigation::LOAD_FLAGS_ALLOW_MIXED_CONTENT));
+  }
+
  if (!mDocumentChannelBridge) {
    return NS_BINDING_ABORTED;
  }
@ -1315,7 +1332,7 @@ DocumentLoadListener::AsyncOnChannelRedirect(
  nsCOMPtr<nsILoadInfo> loadInfo = aOldChannel->LoadInfo();

  nsCOMPtr<nsIURI> originalUri;
-  nsresult rv = aOldChannel->GetOriginalURI(getter_AddRefs(originalUri));
+  rv = aOldChannel->GetOriginalURI(getter_AddRefs(originalUri));
  if (NS_FAILED(rv)) {
    aOldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
    return rv;