diff --git a/dom/base/WebSocket.cpp b/dom/base/WebSocket.cpp index 9309bb93fb6d..a75ac5a8c91e 100644 --- a/dom/base/WebSocket.cpp +++ b/dom/base/WebSocket.cpp @@ -1561,7 +1561,7 @@ WebSocketImpl::Init(JSContext* aCx, // to reflect that upgrade. Please note that we can not upgrade from ws: // to wss: before performing content policy checks because CSP needs to // send reports in case the scheme is about to be upgraded. - if (!mSecure && originDoc && originDoc->GetUpgradeInsecureRequests()) { + if (!mSecure && originDoc && originDoc->GetUpgradeInsecureRequests(false)) { // let's use the old specification before the upgrade for logging NS_ConvertUTF8toUTF16 reportSpec(mURI); diff --git a/dom/base/nsContentPolicy.cpp b/dom/base/nsContentPolicy.cpp index d50982acccd4..9a2ee8181224 100644 --- a/dom/base/nsContentPolicy.cpp +++ b/dom/base/nsContentPolicy.cpp @@ -116,8 +116,8 @@ nsContentPolicy::CheckPolicy(CPMethod policyMethod, nsContentPolicyType externalType = nsContentUtils::InternalContentPolicyTypeToExternal(contentType); - nsContentPolicyType externalTypeOrScript = - nsContentUtils::InternalContentPolicyTypeToExternalOrScript(contentType); + nsContentPolicyType externalTypeOrMCBInternal = + nsContentUtils::InternalContentPolicyTypeToExternalOrMCBInternal(contentType); nsContentPolicyType externalTypeOrCSPInternal = nsContentUtils::InternalContentPolicyTypeToExternalOrCSPInternal(contentType); @@ -140,11 +140,13 @@ nsContentPolicy::CheckPolicy(CPMethod policyMethod, /* check the appropriate policy */ // Send the internal content policy type to the mixed content blocker // which needs to know about TYPE_INTERNAL_WORKER, - // TYPE_INTERNAL_SHARED_WORKER and TYPE_INTERNAL_SERVICE_WORKER. + // TYPE_INTERNAL_SHARED_WORKER and TYPE_INTERNAL_SERVICE_WORKER + // and also preloads: TYPE_INTERNAL_SCRIPT_PRELOAD, + // TYPE_INTERNAL_IMAGE_PRELOAD, TYPE_INTERNAL_STYLESHEET_PRELOAD bool isMixedContentBlocker = mixedContentBlocker == entries[i]; nsContentPolicyType type = externalType; if (isMixedContentBlocker) { - type = externalTypeOrScript; + type = externalTypeOrMCBInternal; } // Send the internal content policy type for CSP which needs to // know about preloads and workers, in particular: diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp index fd5b8177e0a8..1e33862896ac 100644 --- a/dom/base/nsContentUtils.cpp +++ b/dom/base/nsContentUtils.cpp @@ -7991,7 +7991,7 @@ nsContentUtils::InternalContentPolicyTypeToExternal(nsContentPolicyType aType) /* static */ nsContentPolicyType -nsContentUtils::InternalContentPolicyTypeToExternalOrScript(nsContentPolicyType aType) +nsContentUtils::InternalContentPolicyTypeToExternalOrMCBInternal(nsContentPolicyType aType) { switch (aType) { case nsIContentPolicy::TYPE_INTERNAL_SCRIPT: @@ -8001,7 +8001,7 @@ nsContentUtils::InternalContentPolicyTypeToExternalOrScript(nsContentPolicyType return aType; default: - return InternalContentPolicyTypeToExternal(aType); + return InternalContentPolicyTypeToExternalOrPreload(aType); } } diff --git a/dom/base/nsContentUtils.h b/dom/base/nsContentUtils.h index a0ec010e0b04..8636a79785fb 100644 --- a/dom/base/nsContentUtils.h +++ b/dom/base/nsContentUtils.h @@ -986,16 +986,18 @@ public: static nsContentPolicyType InternalContentPolicyTypeToExternal(nsContentPolicyType aType); /** - * Map internal content policy types to external ones or script types: + * Map internal content policy types to external ones or script types or preload types: * * TYPE_INTERNAL_SCRIPT * * TYPE_INTERNAL_WORKER * * TYPE_INTERNAL_SHARED_WORKER * * TYPE_INTERNAL_SERVICE_WORKER - * + * * TYPE_INTERNAL_SCRIPT_PRELOAD + * * TYPE_INTERNAL_IMAGE_PRELOAD + * * TYPE_INTERNAL_STYLESHEET_PRELOAD * * Note: DO NOT call this function unless you know what you're doing! */ - static nsContentPolicyType InternalContentPolicyTypeToExternalOrScript(nsContentPolicyType aType); + static nsContentPolicyType InternalContentPolicyTypeToExternalOrMCBInternal(nsContentPolicyType aType); /** * Map internal content policy types to external ones or preload types: diff --git a/dom/base/nsDocument.cpp b/dom/base/nsDocument.cpp index 4d054f00dab5..b4e8ce8887c3 100644 --- a/dom/base/nsDocument.cpp +++ b/dom/base/nsDocument.cpp @@ -2550,12 +2550,12 @@ nsDocument::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel, treeItem->GetSameTypeParent(getter_AddRefs(sameTypeParent)); if (sameTypeParent) { mUpgradeInsecureRequests = - sameTypeParent->GetDocument()->GetUpgradeInsecureRequests(); + sameTypeParent->GetDocument()->GetUpgradeInsecureRequests(false); // if the parent document makes use of upgrade-insecure-requests // then subdocument preloads should always be upgraded. mUpgradeInsecurePreloads = mUpgradeInsecureRequests || - sameTypeParent->GetDocument()->GetUpgradeInsecurePreloads(); + sameTypeParent->GetDocument()->GetUpgradeInsecureRequests(true); } } diff --git a/dom/base/nsIDocument.h b/dom/base/nsIDocument.h index 95e7f6604591..6f66b649ae58 100644 --- a/dom/base/nsIDocument.h +++ b/dom/base/nsIDocument.h @@ -321,19 +321,14 @@ public: * of the document's ancestors up to the toplevel document makes use * of the CSP directive 'upgrade-insecure-requests'. */ - bool GetUpgradeInsecureRequests() const + bool GetUpgradeInsecureRequests(bool aPreload) const { + if (aPreload) { + return mUpgradeInsecurePreloads; + } return mUpgradeInsecureRequests; } - /** - * Same as GetUpgradeInsecureRequests() but *only* for preloads. - */ - bool GetUpgradeInsecurePreloads() const - { - return mUpgradeInsecurePreloads; - } - /** * Set the principal responsible for this document. */ diff --git a/dom/html/HTMLFormElement.cpp b/dom/html/HTMLFormElement.cpp index 8a07734dbcab..24b8a58f7062 100644 --- a/dom/html/HTMLFormElement.cpp +++ b/dom/html/HTMLFormElement.cpp @@ -1746,7 +1746,7 @@ HTMLFormElement::GetActionURL(nsIURI** aActionURL, bool isHttpScheme = false; rv = actionURL->SchemeIs("http", &isHttpScheme); NS_ENSURE_SUCCESS(rv, rv); - if (isHttpScheme && document->GetUpgradeInsecureRequests()) { + if (isHttpScheme && document->GetUpgradeInsecureRequests(false)) { // let's use the old specification before the upgrade for logging nsAutoCString spec; rv = actionURL->GetSpec(spec); diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp index 1c66ccd1aafd..a394dfe8cc93 100644 --- a/dom/security/nsMixedContentBlocker.cpp +++ b/dom/security/nsMixedContentBlocker.cpp @@ -310,7 +310,7 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel, } int16_t decision = REJECT_REQUEST; - rv = ShouldLoad(nsContentUtils::InternalContentPolicyTypeToExternalOrScript(contentPolicyType), + rv = ShouldLoad(nsContentUtils::InternalContentPolicyTypeToExternalOrMCBInternal(contentPolicyType), newUri, requestingLocation, loadInfo->LoadingNode(), @@ -378,9 +378,11 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect, // to them. MOZ_ASSERT(NS_IsMainThread()); - MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternalOrScript(aContentType), + MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternalOrMCBInternal(aContentType), "We should only see external content policy types here."); + bool isPreload = nsContentUtils::IsPreloadType(aContentType); + // The content policy type that we receive may be an internal type for // scripts. Let's remember if we have seen a worker type, and reset it to the // external type in all cases right now. @@ -668,7 +670,7 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect, bool isHttpScheme = false; rv = aContentLocation->SchemeIs("http", &isHttpScheme); NS_ENSURE_SUCCESS(rv, rv); - if (isHttpScheme && docShell->GetDocument()->GetUpgradeInsecureRequests()) { + if (isHttpScheme && docShell->GetDocument()->GetUpgradeInsecureRequests(isPreload)) { *aDecision = ACCEPT; return NS_OK; } diff --git a/ipc/glue/BackgroundUtils.cpp b/ipc/glue/BackgroundUtils.cpp index 054935792ade..07149753a407 100644 --- a/ipc/glue/BackgroundUtils.cpp +++ b/ipc/glue/BackgroundUtils.cpp @@ -244,7 +244,6 @@ LoadInfoToLoadInfoArgs(nsILoadInfo *aLoadInfo, aLoadInfo->InternalContentPolicyType(), static_cast(aLoadInfo->GetTainting()), aLoadInfo->GetUpgradeInsecureRequests(), - aLoadInfo->GetUpgradeInsecurePreloads(), aLoadInfo->GetInnerWindowID(), aLoadInfo->GetOuterWindowID(), aLoadInfo->GetParentOuterWindowID(), @@ -304,7 +303,6 @@ LoadInfoArgsToLoadInfo(const OptionalLoadInfoArgs& aOptionalLoadInfoArgs, loadInfoArgs.contentPolicyType(), static_cast(loadInfoArgs.tainting()), loadInfoArgs.upgradeInsecureRequests(), - loadInfoArgs.upgradeInsecurePreloads(), loadInfoArgs.innerWindowID(), loadInfoArgs.outerWindowID(), loadInfoArgs.parentOuterWindowID(), diff --git a/netwerk/base/LoadInfo.cpp b/netwerk/base/LoadInfo.cpp index d076d6c9bb5c..a80f22b86ddd 100644 --- a/netwerk/base/LoadInfo.cpp +++ b/netwerk/base/LoadInfo.cpp @@ -38,7 +38,6 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, , mInternalContentPolicyType(aContentPolicyType) , mTainting(LoadTainting::Basic) , mUpgradeInsecureRequests(false) - , mUpgradeInsecurePreloads(false) , mInnerWindowID(0) , mOuterWindowID(0) , mParentOuterWindowID(0) @@ -89,8 +88,13 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, ComputeIsThirdPartyContext(outerWindow); } - mUpgradeInsecureRequests = aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(); - mUpgradeInsecurePreloads = aLoadingContext->OwnerDoc()->GetUpgradeInsecurePreloads(); + // if the document forces all requests to be upgraded from http to https, then + // we should do that for all requests. If it only forces preloads to be upgraded + // then we should enforce upgrade insecure requests only for preloads. + mUpgradeInsecureRequests = + aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(false) || + (nsContentUtils::IsPreloadType(mInternalContentPolicyType) && + aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(true)); } const PrincipalOriginAttributes attrs = BasePrincipal::Cast(mLoadingPrincipal)->OriginAttributesRef(); @@ -105,7 +109,6 @@ LoadInfo::LoadInfo(const LoadInfo& rhs) , mInternalContentPolicyType(rhs.mInternalContentPolicyType) , mTainting(rhs.mTainting) , mUpgradeInsecureRequests(rhs.mUpgradeInsecureRequests) - , mUpgradeInsecurePreloads(rhs.mUpgradeInsecurePreloads) , mInnerWindowID(rhs.mInnerWindowID) , mOuterWindowID(rhs.mOuterWindowID) , mParentOuterWindowID(rhs.mParentOuterWindowID) @@ -128,7 +131,6 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, nsContentPolicyType aContentPolicyType, LoadTainting aTainting, bool aUpgradeInsecureRequests, - bool aUpgradeInsecurePreloads, uint64_t aInnerWindowID, uint64_t aOuterWindowID, uint64_t aParentOuterWindowID, @@ -147,7 +149,6 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, , mInternalContentPolicyType(aContentPolicyType) , mTainting(aTainting) , mUpgradeInsecureRequests(aUpgradeInsecureRequests) - , mUpgradeInsecurePreloads(aUpgradeInsecurePreloads) , mInnerWindowID(aInnerWindowID) , mOuterWindowID(aOuterWindowID) , mParentOuterWindowID(aParentOuterWindowID) @@ -380,13 +381,6 @@ LoadInfo::GetUpgradeInsecureRequests(bool* aResult) return NS_OK; } -NS_IMETHODIMP -LoadInfo::GetUpgradeInsecurePreloads(bool* aResult) -{ - *aResult = mUpgradeInsecurePreloads; - return NS_OK; -} - NS_IMETHODIMP LoadInfo::GetInnerWindowID(uint64_t* aResult) { diff --git a/netwerk/base/LoadInfo.h b/netwerk/base/LoadInfo.h index edece211cddd..b632360f6590 100644 --- a/netwerk/base/LoadInfo.h +++ b/netwerk/base/LoadInfo.h @@ -74,7 +74,6 @@ private: nsContentPolicyType aContentPolicyType, LoadTainting aTainting, bool aUpgradeInsecureRequests, - bool aUpgradeInsecurePreloads, uint64_t aInnerWindowID, uint64_t aOuterWindowID, uint64_t aParentOuterWindowID, @@ -112,7 +111,6 @@ private: nsContentPolicyType mInternalContentPolicyType; LoadTainting mTainting; bool mUpgradeInsecureRequests; - bool mUpgradeInsecurePreloads; uint64_t mInnerWindowID; uint64_t mOuterWindowID; uint64_t mParentOuterWindowID; diff --git a/netwerk/base/nsILoadInfo.idl b/netwerk/base/nsILoadInfo.idl index 1ca7ef7e3028..6360d367a853 100644 --- a/netwerk/base/nsILoadInfo.idl +++ b/netwerk/base/nsILoadInfo.idl @@ -29,7 +29,7 @@ typedef unsigned long nsSecurityFlags; /** * An nsILoadOwner represents per-load information about who started the load. */ -[scriptable, builtinclass, uuid(41e311d0-5894-4aaa-80b5-5b7099dfc404)] +[scriptable, builtinclass, uuid(ddc65bf9-2f60-41ab-b22a-4f1ae9efcd36)] interface nsILoadInfo : nsISupports { /** @@ -336,11 +336,6 @@ interface nsILoadInfo : nsISupports */ [infallible] readonly attribute boolean upgradeInsecureRequests; - /** - * Same as upgradeInsecureRequests but for preloads. - */ - [infallible] readonly attribute boolean upgradeInsecurePreloads; - /** * Typically these are the window IDs of the window in which the element being * loaded lives. However, if the element being loaded is InternalContentPolicyType()); - bool upgradeRequests = - ((isPreload && aLoadInfo->GetUpgradeInsecurePreloads()) || - (aLoadInfo->GetUpgradeInsecureRequests())); - // Please note that cross origin top level navigations are not subject // to upgrade-insecure-requests, see: // http://www.w3.org/TR/upgrade-insecure-requests/#examples @@ -2270,7 +2265,7 @@ NS_ShouldSecureUpgrade(nsIURI* aURI, (aLoadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_DOCUMENT) && (!aChannelResultPrincipal->Equals(aLoadInfo->LoadingPrincipal())); - if (upgradeRequests && !crossOriginNavigation) { + if (aLoadInfo->GetUpgradeInsecureRequests() && !crossOriginNavigation) { // let's log a message to the console that we are upgrading a request nsAutoCString spec, scheme; aURI->GetSpec(spec); diff --git a/netwerk/ipc/NeckoChannelParams.ipdlh b/netwerk/ipc/NeckoChannelParams.ipdlh index 315df68859a0..9afdf73d2eeb 100644 --- a/netwerk/ipc/NeckoChannelParams.ipdlh +++ b/netwerk/ipc/NeckoChannelParams.ipdlh @@ -33,7 +33,6 @@ struct LoadInfoArgs uint32_t contentPolicyType; uint32_t tainting; bool upgradeInsecureRequests; - bool upgradeInsecurePreloads; uint64_t innerWindowID; uint64_t outerWindowID; uint64_t parentOuterWindowID;