Bug 1702417: Do not subject webrtc media connections to mixed content blocking. r=mixedpuppy,freddyb

Differential Revision: https://phabricator.services.mozilla.com/D124201
This commit is contained in:
Byron Campen 2021-09-13 18:20:10 +00:00
Родитель b67cbe0b60
Коммит f163bbb0d8
2 изменённых файлов: 14 добавлений и 2 удалений

Просмотреть файл

@ -417,7 +417,8 @@ nsresult WebrtcTCPSocket::OpenWithHttpProxy() {
// We need this flag to allow loads from any origin since this channel
// is being used to CONNECT to an HTTP proxy.
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
nsIContentPolicy::TYPE_OTHER, getter_AddRefs(localChannel));
nsIContentPolicy::TYPE_PROXIED_WEBRTC_MEDIA,
getter_AddRefs(localChannel));
if (NS_FAILED(rv)) {
LOG(("WebrtcTCPSocket %p: bad open channel\n", this));
return rv;

Просмотреть файл

@ -503,6 +503,11 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
// properties as WebSockets w.r.t. mixed content. XHR's handling of redirects
// amplifies these concerns.
//
// TYPE_PROXIED_WEBRTC_MEDIA: Ordinarily, webrtc uses low-level sockets for
// peer-to-peer media, which bypasses this code entirely. However, when a
// web proxy is being used, the TCP and TLS webrtc connections are routed
// through the web proxy (using HTTP CONNECT), which causes these connections
// to be checked. We just skip mixed content blocking in that case.
switch (contentType) {
// The top-level document cannot be mixed content by definition
@ -529,6 +534,13 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
return NS_OK;
break;
// It does not make sense to subject webrtc media connections to mixed
// content blocking, since those connections are peer-to-peer and will
// therefore almost never match the origin.
case ExtContentPolicy::TYPE_PROXIED_WEBRTC_MEDIA:
*aDecision = ACCEPT;
return NS_OK;
// Static display content is considered moderate risk for mixed content so
// these will be blocked according to the mixed display preference
case ExtContentPolicy::TYPE_IMAGE:
@ -563,7 +575,6 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
case ExtContentPolicy::TYPE_XSLT:
case ExtContentPolicy::TYPE_OTHER:
case ExtContentPolicy::TYPE_SPECULATIVE:
case ExtContentPolicy::TYPE_PROXIED_WEBRTC_MEDIA:
break;
case ExtContentPolicy::TYPE_INVALID: