Bug 135007, Transfer mode of images should be relevant for shown lock icon state (mixed content)

Based on ideas from Stuart Parmenter and experimental code from Kai Engert
Patch contributed by Honza Bambas
r=kaie, r=pavlov, sr=bz

modules/libpr0n/src/imgRequest.cpp

@@ -321,6 +321,16 @@ nsresult imgRequest::GetPrincipal(nsIPrincipal **aPrincipal)
   return NS_ERROR_FAILURE;
 }
 
+nsresult imgRequest::GetSecurityInfo(nsISupports **aSecurityInfo)
+{
+  LOG_FUNC(gImgLog, "imgRequest::GetSecurityInfo");
+
+  // Missing security info means this is not a security load
+  // i.e. it is not an error when security info is missing
+  NS_IF_ADDREF(*aSecurityInfo = mSecurityInfo);
+  return NS_OK;
+}
+
 void imgRequest::RemoveFromCache()
 {
   LOG_SCOPE(gImgLog, "imgRequest::RemoveFromCache");
@@ -596,6 +606,10 @@ NS_IMETHODIMP imgRequest::OnStartRequest(nsIRequest *aRequest, nsISupports *ctxt
   mImageStatus = imgIRequest::STATUS_NONE;
   mState = onStartRequest;
 
+  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
+  if (channel)
+    channel->GetSecurityInfo(getter_AddRefs(mSecurityInfo));
+
   /* set our loading flag to true */
   mLoading = PR_TRUE;
 

modules/libpr0n/src/imgRequest.h

@@ -123,6 +123,7 @@ private:
   void Cancel(nsresult aStatus);
   nsresult GetURI(nsIURI **aURI);
   nsresult GetPrincipal(nsIPrincipal **aPrincipal);
+  nsresult GetSecurityInfo(nsISupports **aSecurityInfo);
   void RemoveFromCache();
   inline const char *GetMimeType() const {
     return mContentType.get();
@@ -157,6 +158,7 @@ private:
   nsCOMPtr<imgIContainer> mImage;
   nsCOMPtr<imgIDecoder> mDecoder;
   nsCOMPtr<nsIProperties> mProperties;
+  nsCOMPtr<nsISupports> mSecurityInfo;
 
   nsTObserverArray<imgRequestProxy*> mObservers;
 

modules/libpr0n/src/imgRequestProxy.cpp

@@ -55,8 +55,8 @@
 #include "nspr.h"
 
 
-NS_IMPL_ISUPPORTS3(imgRequestProxy, imgIRequest, nsIRequest,
-                   nsISupportsPriority)
+NS_IMPL_ISUPPORTS4(imgRequestProxy, imgIRequest, nsIRequest,
+                   nsISupportsPriority, nsISecurityInfoProvider)
 
 imgRequestProxy::imgRequestProxy() :
   mOwner(nsnull),
@@ -383,6 +383,17 @@ NS_IMETHODIMP imgRequestProxy::AdjustPriority(PRInt32 priority)
   return NS_OK;
 }
 
+/** nsISecurityInfoProvider methods **/
+
+NS_IMETHODIMP imgRequestProxy::GetSecurityInfo(nsISupports** _retval)
+{
+  if (mOwner)
+    return mOwner->GetSecurityInfo(_retval);
+
+  *_retval = nsnull;
+  return NS_OK;
+}
+
 /** imgIContainerObserver methods **/
 
 void imgRequestProxy::FrameChanged(imgIContainer *container, gfxIImageFrame *newframe, nsIntRect * dirtyRect)

modules/libpr0n/src/imgRequestProxy.h

@@ -39,6 +39,7 @@
 
 #include "imgIRequest.h"
 #include "imgIDecoderObserver.h"
+#include "nsISecurityInfoProvider.h"
 
 #include "imgIContainer.h"
 #include "imgIDecoder.h"
@@ -59,13 +60,14 @@
     {0x8f, 0x65, 0x9c, 0x46, 0x2e, 0xe2, 0xbc, 0x95} \
 }
 
-class imgRequestProxy : public imgIRequest, public nsISupportsPriority
+class imgRequestProxy : public imgIRequest, public nsISupportsPriority, public nsISecurityInfoProvider
 {
 public:
   NS_DECL_ISUPPORTS
   NS_DECL_IMGIREQUEST
   NS_DECL_NSIREQUEST
   NS_DECL_NSISUPPORTSPRIORITY
+  NS_DECL_NSISECURITYINFOPROVIDER
 
   imgRequestProxy();
   virtual ~imgRequestProxy();

netwerk/base/public/Makefile.in

@@ -104,6 +104,7 @@ XPIDLSRCS	= \
 		nsIServerSocket.idl \
 		nsIResumableChannel.idl \
 		nsIRequestObserverProxy.idl \
+		nsISecurityInfoProvider.idl \
 		nsIStreamListenerTee.idl \
 		nsISimpleStreamListener.idl \
 		nsIStreamTransportService.idl \

netwerk/base/public/nsISecurityInfoProvider.idl

@@ -0,0 +1,44 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is mozilla.org
+ * Portions created by the Initial Developer are Copyright (C) 2008
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s): 
+ *    Honza Bambas <honzab@firemni.cz>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+ 
+#include "nsISupports.idl"
+
+[scriptable, uuid(9E03B4C6-8B79-41a8-A3E5-C41F9E015598)]
+interface nsISecurityInfoProvider : nsISupports
+{
+  readonly attribute nsISupports securityInfo;
+};

security/manager/boot/src/Makefile.in

@@ -76,6 +76,7 @@ REQUIRES	= nspr \
 		  caps \
 		  pref \
 		  pipnss \
+		  imglib2 \
 		  $(NULL)
 
 include $(topsrcdir)/config/rules.mk

security/manager/boot/src/nsSecureBrowserUIImpl.cpp

@@ -78,7 +78,9 @@
 #include "nsIPrompt.h"
 #include "nsIFormSubmitObserver.h"
 #include "nsISecurityWarningDialogs.h"
+#include "nsISecurityInfoProvider.h"
 #include "nsIProxyObjectManager.h"
+#include "imgIRequest.h"
 #include "nsThreadUtils.h"
 #include "nsNetUtil.h"
 #include "nsCRT.h"
@@ -271,6 +273,24 @@ nsSecureBrowserUIImpl::GetState(PRUint32* aState)
   return MapInternalToExternalState(aState, mNotifiedSecurityState, mNotifiedToplevelIsEV);
 }
 
+// static
+already_AddRefed<nsISupports> 
+nsSecureBrowserUIImpl::ExtractSecurityInfo(nsIRequest* aRequest)
+{
+  nsISupports *retval = nsnull; 
+  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
+  if (channel)
+    channel->GetSecurityInfo(&retval);
+  
+  if (!retval) {
+    nsCOMPtr<nsISecurityInfoProvider> provider(do_QueryInterface(aRequest));
+    if (provider)
+      provider->GetSecurityInfo(&retval);
+  }
+
+  return retval;
+}
+
 nsresult
 nsSecureBrowserUIImpl::MapInternalToExternalState(PRUint32* aState, lockIconState lock, PRBool ev)
 {
@@ -738,13 +758,11 @@ nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
   }
 #endif
 
-  nsCOMPtr<nsISupports> securityInfo;
-  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
+  nsCOMPtr<nsISupports> securityInfo(ExtractSecurityInfo(aRequest));
 
+  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
   if (channel)
   {
-    channel->GetSecurityInfo(getter_AddRefs(securityInfo));
-
     nsCOMPtr<nsIURI> uri;
     channel->GetURI(getter_AddRefs(uri));
     if (uri)
@@ -789,21 +807,31 @@ nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
 #endif
 
   PRBool isSubDocumentRelevant = PR_TRUE;
+  PRBool isImageRequest = PR_FALSE;
 
   // We are only interested in requests that load in the browser window...
   nsCOMPtr<nsIHttpChannel> httpRequest(do_QueryInterface(aRequest));
   if (!httpRequest) {
-    nsCOMPtr<nsIFileChannel> fileRequest(do_QueryInterface(aRequest));
-    if (!fileRequest) {
-      nsCOMPtr<nsIWyciwygChannel> wyciwygRequest(do_QueryInterface(aRequest));
-      if (!wyciwygRequest) {
-        nsCOMPtr<nsIFTPChannel> ftpRequest(do_QueryInterface(aRequest));
-        if (!ftpRequest) {
-          PR_LOG(gSecureDocLog, PR_LOG_DEBUG,
-                 ("SecureUI:%p: OnStateChange: not relevant for sub content\n", this));
-          isSubDocumentRelevant = PR_FALSE;
+    nsCOMPtr<imgIRequest> imgRequest(do_QueryInterface(aRequest));
+    if (!imgRequest) {
+      nsCOMPtr<nsIFileChannel> fileRequest(do_QueryInterface(aRequest));
+      if (!fileRequest) {
+        nsCOMPtr<nsIWyciwygChannel> wyciwygRequest(do_QueryInterface(aRequest));
+        if (!wyciwygRequest) {
+          nsCOMPtr<nsIFTPChannel> ftpRequest(do_QueryInterface(aRequest));
+          if (!ftpRequest) {
+              PR_LOG(gSecureDocLog, PR_LOG_DEBUG,
+                     ("SecureUI:%p: OnStateChange: not relevant for sub content\n", this));
+              isSubDocumentRelevant = PR_FALSE;
+          }
         }
       }
+    } else { // !imgRequest
+        // Remember this is an image request. Because image loads doesn't
+        // support any TRANSFERRING notifications but only START and
+        // STOP we must simply predict there were a content transferred.
+        // See bug 432685 for details.
+        isImageRequest = PR_TRUE;
     }
   }
 
@@ -939,8 +967,11 @@ nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
     // The listing of a request in mTransferringRequests
     // means, there has already been data transfered.
 
-    nsAutoMonitor lock(mMonitor);
-    PL_DHashTableOperate(&mTransferringRequests, aRequest, PL_DHASH_ADD);
+    if (!isImageRequest) 
+    {
+      nsAutoMonitor lock(mMonitor);
+      PL_DHashTableOperate(&mTransferringRequests, aRequest, PL_DHASH_ADD);
+    }
     
     return NS_OK;
   }
@@ -951,14 +982,21 @@ nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
       &&
       aProgressStateFlags & STATE_IS_REQUEST)
   {
-    nsAutoMonitor lock(mMonitor);
-    PLDHashEntryHdr *entry = PL_DHashTableOperate(&mTransferringRequests, aRequest, PL_DHASH_LOOKUP);
-    if (PL_DHASH_ENTRY_IS_BUSY(entry))
+    if (isImageRequest) 
     {
-      PL_DHashTableOperate(&mTransferringRequests, aRequest, PL_DHASH_REMOVE);
-
       requestHasTransferedData = PR_TRUE;
     }
+    else
+    {
+      nsAutoMonitor lock(mMonitor);
+      PLDHashEntryHdr *entry = PL_DHashTableOperate(&mTransferringRequests, aRequest, PL_DHASH_LOOKUP);
+      if (PL_DHASH_ENTRY_IS_BUSY(entry))
+      {
+        PL_DHashTableOperate(&mTransferringRequests, aRequest, PL_DHASH_REMOVE);
+
+        requestHasTransferedData = PR_TRUE;
+      }
+    }
   }
 
   PRBool allowSecurityStateChange = PR_TRUE;
@@ -1450,10 +1488,7 @@ nsSecureBrowserUIImpl::OnLocationChange(nsIWebProgress* aWebProgress,
   nsCOMPtr<nsIDOMWindow> windowForProgress;
   aWebProgress->GetDOMWindow(getter_AddRefs(windowForProgress));
 
-  nsCOMPtr<nsISupports> securityInfo;
-  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
-  if (channel)
-    channel->GetSecurityInfo(getter_AddRefs(securityInfo));
+  nsCOMPtr<nsISupports> securityInfo(ExtractSecurityInfo(aRequest));
 
   if (windowForProgress.get() == window.get()) {
     // For toplevel channels, update the security state right away.

security/manager/boot/src/nsSecureBrowserUIImpl.h

@@ -126,6 +126,7 @@ protected:
   PRInt32 mSubRequestsBrokenSecurity;
   PRInt32 mSubRequestsNoSecurity;
 
+  static already_AddRefed<nsISupports> ExtractSecurityInfo(nsIRequest* aRequest);
   static nsresult MapInternalToExternalState(PRUint32* aState, lockIconState lock, PRBool ev);
   nsresult UpdateSecurityState(nsIRequest* aRequest);
   void UpdateMyFlags(PRBool &showWarning, lockIconState &warnSecurityState);