Bug 1622111 - Convert four security.mixed_content.* prefs in nsMixedContentBlocker r=njn

Converts `security.mixed_content.block_object_subrequest`, `security.mixed_content.block_display_content`, `security.mixed_content.upgrade_display_content`, and `security.mixed_content.block_active_content` to static prefs.

Differential Revision: https://phabricator.services.mozilla.com/D67205

--HG--
extra : moz-landing-system : lando

dom/security/nsMixedContentBlocker.cpp

@@ -36,6 +36,7 @@
 #include "mozilla/BasePrincipal.h"
 #include "mozilla/Logging.h"
 #include "mozilla/StaticPrefs_dom.h"
+#include "mozilla/StaticPrefs_security.h"
 #include "mozilla/Telemetry.h"
 #include "mozilla/dom/ContentChild.h"
 #include "mozilla/ipc/URIUtils.h"
@@ -46,18 +47,6 @@ using namespace mozilla::dom;
 
 enum nsMixedContentBlockerMessageType { eBlocked = 0x00, eUserOverride = 0x01 };
 
-// Is mixed script blocking (fonts, plugin content, scripts, stylesheets,
-// iframes, websockets, XHR) enabled?
-bool nsMixedContentBlocker::sBlockMixedScript = false;
-
-bool nsMixedContentBlocker::sBlockMixedObjectSubrequest = false;
-
-// Is mixed display content blocking (images, audio, video) enabled?
-bool nsMixedContentBlocker::sBlockMixedDisplay = false;
-
-// Is mixed display content upgrading (images, audio, video) enabled?
-bool nsMixedContentBlocker::sUpgradeMixedDisplay = false;
-
 // Whitelist of hostnames that should be considered secure contexts even when
 // served over http:// or ws://
 nsCString* nsMixedContentBlocker::sSecurecontextWhitelist = nullptr;
@@ -217,24 +206,6 @@ class nsMixedContentEvent : public Runnable {
   bool mRootHasSecureConnection;
 };
 
-nsMixedContentBlocker::nsMixedContentBlocker() {
-  // Cache the pref for mixed script blocking
-  Preferences::AddBoolVarCache(&sBlockMixedScript,
-                               "security.mixed_content.block_active_content");
-
-  Preferences::AddBoolVarCache(
-      &sBlockMixedObjectSubrequest,
-      "security.mixed_content.block_object_subrequest");
-
-  // Cache the pref for mixed display blocking
-  Preferences::AddBoolVarCache(&sBlockMixedDisplay,
-                               "security.mixed_content.block_display_content");
-
-  // Cache the pref for mixed display upgrading
-  Preferences::AddBoolVarCache(
-      &sUpgradeMixedDisplay, "security.mixed_content.upgrade_display_content");
-}
-
 nsMixedContentBlocker::~nsMixedContentBlocker() = default;
 
 NS_IMPL_ISUPPORTS(nsMixedContentBlocker, nsIContentPolicy, nsIChannelEventSink)
@@ -539,8 +510,9 @@ nsresult nsMixedContentBlocker::ShouldLoad(
     nsISupports* aRequestingContext, const nsACString& aMimeGuess,
     nsIPrincipal* aRequestPrincipal, int16_t* aDecision) {
   // Asserting that we are on the main thread here and hence do not have to lock
-  // and unlock sBlockMixedScript and sBlockMixedDisplay before reading/writing
-  // to them.
+  // and unlock security.mixed_content.block_active_content and
+  // security.mixed_content.block_display_content before reading/writing to
+  // them.
   MOZ_ASSERT(NS_IsMainThread());
 
   bool isPreload = nsContentUtils::IsPreloadType(aContentType);
@@ -647,7 +619,7 @@ nsresult nsMixedContentBlocker::ShouldLoad(
       classification = eMixedDisplay;
       break;
     case TYPE_OBJECT_SUBREQUEST:
-      if (sBlockMixedObjectSubrequest) {
+      if (StaticPrefs::security_mixed_content_block_object_subrequest()) {
         classification = eMixedScript;
       } else {
         classification = eMixedDisplay;
@@ -865,7 +837,7 @@ nsresult nsMixedContentBlocker::ShouldLoad(
   // be upgraded to https before fetching any data from the netwerk.
   bool isUpgradableDisplayType =
       nsContentUtils::IsUpgradableDisplayType(aContentType) &&
-      ShouldUpgradeMixedDisplayContent();
+      StaticPrefs::security_mixed_content_upgrade_display_content();
   if (isHttpScheme && isUpgradableDisplayType) {
     *aDecision = ACCEPT;
     return NS_OK;
@@ -1023,14 +995,15 @@ nsresult nsMixedContentBlocker::ShouldLoad(
 
   // set hasMixedContentObjectSubrequest on this object if necessary
   if (aContentType == TYPE_OBJECT_SUBREQUEST) {
-    if (!sBlockMixedObjectSubrequest) {
+    if (!StaticPrefs::security_mixed_content_block_object_subrequest()) {
       rootDoc->WarnOnceAbout(Document::eMixedDisplayObjectSubrequest);
     }
   }
 
   // If the content is display content, and the pref says display content should
   // be blocked, block it.
-  if (sBlockMixedDisplay && classification == eMixedDisplay) {
+  if (StaticPrefs::security_mixed_content_block_display_content() &&
+      classification == eMixedDisplay) {
     if (allowMixedContent) {
       LogMixedContentMessage(classification, aContentLocation, rootDoc,
                              eUserOverride);
@@ -1084,7 +1057,8 @@ nsresult nsMixedContentBlocker::ShouldLoad(
     }
     return NS_OK;
 
-  } else if (sBlockMixedScript && classification == eMixedScript) {
+  } else if (StaticPrefs::security_mixed_content_block_active_content() &&
+             classification == eMixedScript) {
     // If the content is active content, and the pref says active content should
     // be blocked, block it unless the user has choosen to override the pref
     if (allowMixedContent) {
@@ -1270,7 +1244,3 @@ void nsMixedContentBlocker::AccumulateMixedContentHSTS(
     }
   }
 }
-
-bool nsMixedContentBlocker::ShouldUpgradeMixedDisplayContent() {
-  return sUpgradeMixedDisplay;
-}

dom/security/nsMixedContentBlocker.h

@@ -45,7 +45,7 @@ class nsMixedContentBlocker : public nsIContentPolicy,
   NS_DECL_NSICONTENTPOLICY
   NS_DECL_NSICHANNELEVENTSINK
 
-  nsMixedContentBlocker();
+  nsMixedContentBlocker() = default;
 
   // See:
   // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
@@ -76,15 +76,10 @@ class nsMixedContentBlocker : public nsIContentPolicy,
 
   static bool URISafeToBeLoadedInSecureContext(nsIURI* aURI);
 
-  static bool ShouldUpgradeMixedDisplayContent();
   static void OnPrefChange(const char* aPref, void* aClosure);
   static void GetSecureContextWhiteList(nsACString& aList);
   static void Shutdown();
 
-  static bool sBlockMixedScript;
-  static bool sBlockMixedObjectSubrequest;
-  static bool sBlockMixedDisplay;
-  static bool sUpgradeMixedDisplay;
   static bool sSecurecontextWhitelistCached;
   static nsCString* sSecurecontextWhitelist;
 };

mobile/android/app/mobile.js

@@ -392,9 +392,6 @@ pref("security.alternate_certificate_error_page", "certerror");
 
 pref("security.warn_viewing_mixed", false); // Warning is disabled.  See Bug 616712.
 
-// Block insecure active content on https pages
-pref("security.mixed_content.block_active_content", true);
-
 // Enable pinning
 pref("security.cert_pinning.enforcement_level", 1);
 

modules/libpref/init/StaticPrefList.yaml

@@ -8034,6 +8034,31 @@
   value: true
   mirror: always
 
+# Pref to block mixed scripts (fonts, plugin content, scripts, stylesheets,
+# iframes, websockets, XHR).
+- name: security.mixed_content.block_active_content
+  type: bool
+  value: @IS_ANDROID@
+  mirror: always
+
+# Pref to block sub requests that happen within an object.
+- name: security.mixed_content.block_object_subrequest
+  type: bool
+  value: false
+  mirror: always
+
+# Pref for mixed display content blocking (images, audio, video).
+- name: security.mixed_content.block_display_content
+  type: bool
+  value: false
+  mirror: always
+
+# Pref for mixed display content upgrading (images, audio, video).
+- name: security.mixed_content.upgrade_display_content
+  type: bool
+  value: false
+  mirror: always
+
 # Whether strict file origin policy is in effect. "False" is traditional.
 - name: security.fileuri.strict_origin_policy
   type: RelaxedAtomicBool

modules/libpref/init/all.js

@@ -2292,16 +2292,6 @@ pref("security.notification_enable_delay", 500);
   pref("security.disallow_non_local_systemprincipal_in_tests", false);
 #endif
 
-// Mixed content blocking
-pref("security.mixed_content.block_active_content", false);
-pref("security.mixed_content.block_display_content", false);
-
-// Upgrade mixed display content before it's blocked
-pref("security.mixed_content.upgrade_display_content", false);
-
-// Block sub requests that happen within an object
-pref("security.mixed_content.block_object_subrequest", false);
-
 // Sub-resource integrity
 pref("security.sri.enable", true);
 

netwerk/base/LoadInfo.cpp

@@ -20,6 +20,7 @@
 #include "mozilla/net/CookieJarSettings.h"
 #include "mozilla/NullPrincipal.h"
 #include "mozilla/StaticPrefs_network.h"
+#include "mozilla/StaticPrefs_security.h"
 #include "mozIThirdPartyUtil.h"
 #include "nsFrameLoader.h"
 #include "nsFrameLoaderOwner.h"
@@ -278,7 +279,7 @@ LoadInfo::LoadInfo(
 
     if (nsContentUtils::IsUpgradableDisplayType(externalType)) {
       if (mLoadingPrincipal->SchemeIs("https")) {
-        if (nsMixedContentBlocker::ShouldUpgradeMixedDisplayContent()) {
+        if (StaticPrefs::security_mixed_content_upgrade_display_content()) {
           mBrowserUpgradeInsecureRequests = true;
         } else {
           mBrowserWouldUpgradeInsecureRequests = true;

netwerk/protocol/http/nsHttpChannel.cpp

@@ -8238,7 +8238,7 @@ nsresult nsHttpChannel::ContinueOnStopRequest(nsresult aStatus, bool aIsFromNet,
     // Browser upgrading is disabled and the content is already HTTPS
     upgradeKey = NS_LITERAL_CSTRING("disabledNoReason");
     // Checks "security.mixed_content.upgrade_display_content" is true
-    if (nsMixedContentBlocker::ShouldUpgradeMixedDisplayContent()) {
+    if (StaticPrefs::security_mixed_content_upgrade_display_content()) {
       if (mLoadInfo->GetBrowserUpgradeInsecureRequests()) {
         // HTTP content the browser has upgraded to HTTPS
         upgradeKey = NS_LITERAL_CSTRING("enabledUpgrade");
@@ -8256,7 +8256,7 @@ nsresult nsHttpChannel::ContinueOnStopRequest(nsresult aStatus, bool aIsFromNet,
     upgradeKey = NS_LITERAL_CSTRING("disabledUpgrade");
   } else {
     // HTTP content that wouldn't upgrade
-    upgradeKey = nsMixedContentBlocker::ShouldUpgradeMixedDisplayContent()
+    upgradeKey = StaticPrefs::security_mixed_content_upgrade_display_content()
                      ? NS_LITERAL_CSTRING("enabledWont")
                      : NS_LITERAL_CSTRING("disabledWont");
   }