Bug 1543066 - P2 Do not obtain a cross-origin opener-policy through non-HTTPS r=nika

Differential Revision: https://phabricator.services.mozilla.com/D40671 --HG-- extra : moz-landing-system : lando
2019-08-10 18:00:01 +00:00 · 2019-08-10 18:00:01 +00:00 · fdc7be95aa
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@ -4338,6 +4338,11 @@ NS_IMETHODIMP HttpBaseChannel::GetCrossOriginOpenerPolicy(
    return NS_ERROR_NOT_AVAILABLE;
  }

+  // A document delivered over insecure HTTP will always lack COOP.
+  if (!mURI->SchemeIs("https")) {
+    return NS_OK;
+  }
+
  nsAutoCString openerPolicy;
  Unused << mResponseHead->GetHeader(nsHttp::Cross_Origin_Opener_Policy,
                                     openerPolicy);