From 656a5d7c45a987be29e71e6b9a6d8d9b3db9a9a7 Mon Sep 17 00:00:00 2001 From: Kristen Wright Date: Thu, 19 Mar 2020 00:54:29 +0000 Subject: [PATCH] Bug 1622111 - Convert four security.mixed_content.* prefs in nsMixedContentBlocker r=njn Converts `security.mixed_content.block_object_subrequest`, `security.mixed_content.block_display_content`, `security.mixed_content.upgrade_display_content`, and `security.mixed_content.block_active_content` to static prefs. Differential Revision: https://phabricator.services.mozilla.com/D67205 --HG-- extra : moz-landing-system : lando --- dom/security/nsMixedContentBlocker.cpp | 52 +++++------------------- dom/security/nsMixedContentBlocker.h | 7 +--- mobile/android/app/mobile.js | 3 -- modules/libpref/init/StaticPrefList.yaml | 25 ++++++++++++ modules/libpref/init/all.js | 10 ----- netwerk/base/LoadInfo.cpp | 3 +- netwerk/protocol/http/nsHttpChannel.cpp | 4 +- 7 files changed, 41 insertions(+), 63 deletions(-) diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp index 860a9754c567..bfe6a2acc98e 100644 --- a/dom/security/nsMixedContentBlocker.cpp +++ b/dom/security/nsMixedContentBlocker.cpp @@ -36,6 +36,7 @@ #include "mozilla/BasePrincipal.h" #include "mozilla/Logging.h" #include "mozilla/StaticPrefs_dom.h" +#include "mozilla/StaticPrefs_security.h" #include "mozilla/Telemetry.h" #include "mozilla/dom/ContentChild.h" #include "mozilla/ipc/URIUtils.h" @@ -46,18 +47,6 @@ using namespace mozilla::dom; enum nsMixedContentBlockerMessageType { eBlocked = 0x00, eUserOverride = 0x01 }; -// Is mixed script blocking (fonts, plugin content, scripts, stylesheets, -// iframes, websockets, XHR) enabled? -bool nsMixedContentBlocker::sBlockMixedScript = false; - -bool nsMixedContentBlocker::sBlockMixedObjectSubrequest = false; - -// Is mixed display content blocking (images, audio, video) enabled? -bool nsMixedContentBlocker::sBlockMixedDisplay = false; - -// Is mixed display content upgrading (images, audio, video) enabled? -bool nsMixedContentBlocker::sUpgradeMixedDisplay = false; - // Whitelist of hostnames that should be considered secure contexts even when // served over http:// or ws:// nsCString* nsMixedContentBlocker::sSecurecontextWhitelist = nullptr; @@ -217,24 +206,6 @@ class nsMixedContentEvent : public Runnable { bool mRootHasSecureConnection; }; -nsMixedContentBlocker::nsMixedContentBlocker() { - // Cache the pref for mixed script blocking - Preferences::AddBoolVarCache(&sBlockMixedScript, - "security.mixed_content.block_active_content"); - - Preferences::AddBoolVarCache( - &sBlockMixedObjectSubrequest, - "security.mixed_content.block_object_subrequest"); - - // Cache the pref for mixed display blocking - Preferences::AddBoolVarCache(&sBlockMixedDisplay, - "security.mixed_content.block_display_content"); - - // Cache the pref for mixed display upgrading - Preferences::AddBoolVarCache( - &sUpgradeMixedDisplay, "security.mixed_content.upgrade_display_content"); -} - nsMixedContentBlocker::~nsMixedContentBlocker() = default; NS_IMPL_ISUPPORTS(nsMixedContentBlocker, nsIContentPolicy, nsIChannelEventSink) @@ -539,8 +510,9 @@ nsresult nsMixedContentBlocker::ShouldLoad( nsISupports* aRequestingContext, const nsACString& aMimeGuess, nsIPrincipal* aRequestPrincipal, int16_t* aDecision) { // Asserting that we are on the main thread here and hence do not have to lock - // and unlock sBlockMixedScript and sBlockMixedDisplay before reading/writing - // to them. + // and unlock security.mixed_content.block_active_content and + // security.mixed_content.block_display_content before reading/writing to + // them. MOZ_ASSERT(NS_IsMainThread()); bool isPreload = nsContentUtils::IsPreloadType(aContentType); @@ -647,7 +619,7 @@ nsresult nsMixedContentBlocker::ShouldLoad( classification = eMixedDisplay; break; case TYPE_OBJECT_SUBREQUEST: - if (sBlockMixedObjectSubrequest) { + if (StaticPrefs::security_mixed_content_block_object_subrequest()) { classification = eMixedScript; } else { classification = eMixedDisplay; @@ -865,7 +837,7 @@ nsresult nsMixedContentBlocker::ShouldLoad( // be upgraded to https before fetching any data from the netwerk. bool isUpgradableDisplayType = nsContentUtils::IsUpgradableDisplayType(aContentType) && - ShouldUpgradeMixedDisplayContent(); + StaticPrefs::security_mixed_content_upgrade_display_content(); if (isHttpScheme && isUpgradableDisplayType) { *aDecision = ACCEPT; return NS_OK; @@ -1023,14 +995,15 @@ nsresult nsMixedContentBlocker::ShouldLoad( // set hasMixedContentObjectSubrequest on this object if necessary if (aContentType == TYPE_OBJECT_SUBREQUEST) { - if (!sBlockMixedObjectSubrequest) { + if (!StaticPrefs::security_mixed_content_block_object_subrequest()) { rootDoc->WarnOnceAbout(Document::eMixedDisplayObjectSubrequest); } } // If the content is display content, and the pref says display content should // be blocked, block it. - if (sBlockMixedDisplay && classification == eMixedDisplay) { + if (StaticPrefs::security_mixed_content_block_display_content() && + classification == eMixedDisplay) { if (allowMixedContent) { LogMixedContentMessage(classification, aContentLocation, rootDoc, eUserOverride); @@ -1084,7 +1057,8 @@ nsresult nsMixedContentBlocker::ShouldLoad( } return NS_OK; - } else if (sBlockMixedScript && classification == eMixedScript) { + } else if (StaticPrefs::security_mixed_content_block_active_content() && + classification == eMixedScript) { // If the content is active content, and the pref says active content should // be blocked, block it unless the user has choosen to override the pref if (allowMixedContent) { @@ -1270,7 +1244,3 @@ void nsMixedContentBlocker::AccumulateMixedContentHSTS( } } } - -bool nsMixedContentBlocker::ShouldUpgradeMixedDisplayContent() { - return sUpgradeMixedDisplay; -} diff --git a/dom/security/nsMixedContentBlocker.h b/dom/security/nsMixedContentBlocker.h index 9997a4cf2a24..f4ff94229374 100644 --- a/dom/security/nsMixedContentBlocker.h +++ b/dom/security/nsMixedContentBlocker.h @@ -45,7 +45,7 @@ class nsMixedContentBlocker : public nsIContentPolicy, NS_DECL_NSICONTENTPOLICY NS_DECL_NSICHANNELEVENTSINK - nsMixedContentBlocker(); + nsMixedContentBlocker() = default; // See: // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy @@ -76,15 +76,10 @@ class nsMixedContentBlocker : public nsIContentPolicy, static bool URISafeToBeLoadedInSecureContext(nsIURI* aURI); - static bool ShouldUpgradeMixedDisplayContent(); static void OnPrefChange(const char* aPref, void* aClosure); static void GetSecureContextWhiteList(nsACString& aList); static void Shutdown(); - static bool sBlockMixedScript; - static bool sBlockMixedObjectSubrequest; - static bool sBlockMixedDisplay; - static bool sUpgradeMixedDisplay; static bool sSecurecontextWhitelistCached; static nsCString* sSecurecontextWhitelist; }; diff --git a/mobile/android/app/mobile.js b/mobile/android/app/mobile.js index 76bcdf659d97..d8eb3ddc5f9a 100644 --- a/mobile/android/app/mobile.js +++ b/mobile/android/app/mobile.js @@ -392,9 +392,6 @@ pref("security.alternate_certificate_error_page", "certerror"); pref("security.warn_viewing_mixed", false); // Warning is disabled. See Bug 616712. -// Block insecure active content on https pages -pref("security.mixed_content.block_active_content", true); - // Enable pinning pref("security.cert_pinning.enforcement_level", 1); diff --git a/modules/libpref/init/StaticPrefList.yaml b/modules/libpref/init/StaticPrefList.yaml index 7db164b7f519..3f743e00519b 100644 --- a/modules/libpref/init/StaticPrefList.yaml +++ b/modules/libpref/init/StaticPrefList.yaml @@ -8034,6 +8034,31 @@ value: true mirror: always +# Pref to block mixed scripts (fonts, plugin content, scripts, stylesheets, +# iframes, websockets, XHR). +- name: security.mixed_content.block_active_content + type: bool + value: @IS_ANDROID@ + mirror: always + +# Pref to block sub requests that happen within an object. +- name: security.mixed_content.block_object_subrequest + type: bool + value: false + mirror: always + +# Pref for mixed display content blocking (images, audio, video). +- name: security.mixed_content.block_display_content + type: bool + value: false + mirror: always + +# Pref for mixed display content upgrading (images, audio, video). +- name: security.mixed_content.upgrade_display_content + type: bool + value: false + mirror: always + # Whether strict file origin policy is in effect. "False" is traditional. - name: security.fileuri.strict_origin_policy type: RelaxedAtomicBool diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index bbb9eb06c72f..aa85e53b10ad 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -2292,16 +2292,6 @@ pref("security.notification_enable_delay", 500); pref("security.disallow_non_local_systemprincipal_in_tests", false); #endif -// Mixed content blocking -pref("security.mixed_content.block_active_content", false); -pref("security.mixed_content.block_display_content", false); - -// Upgrade mixed display content before it's blocked -pref("security.mixed_content.upgrade_display_content", false); - -// Block sub requests that happen within an object -pref("security.mixed_content.block_object_subrequest", false); - // Sub-resource integrity pref("security.sri.enable", true); diff --git a/netwerk/base/LoadInfo.cpp b/netwerk/base/LoadInfo.cpp index b4bf1b17adec..c12e1f97223c 100644 --- a/netwerk/base/LoadInfo.cpp +++ b/netwerk/base/LoadInfo.cpp @@ -20,6 +20,7 @@ #include "mozilla/net/CookieJarSettings.h" #include "mozilla/NullPrincipal.h" #include "mozilla/StaticPrefs_network.h" +#include "mozilla/StaticPrefs_security.h" #include "mozIThirdPartyUtil.h" #include "nsFrameLoader.h" #include "nsFrameLoaderOwner.h" @@ -278,7 +279,7 @@ LoadInfo::LoadInfo( if (nsContentUtils::IsUpgradableDisplayType(externalType)) { if (mLoadingPrincipal->SchemeIs("https")) { - if (nsMixedContentBlocker::ShouldUpgradeMixedDisplayContent()) { + if (StaticPrefs::security_mixed_content_upgrade_display_content()) { mBrowserUpgradeInsecureRequests = true; } else { mBrowserWouldUpgradeInsecureRequests = true; diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp index 565acf887e5d..8b5144ee4f30 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp @@ -8238,7 +8238,7 @@ nsresult nsHttpChannel::ContinueOnStopRequest(nsresult aStatus, bool aIsFromNet, // Browser upgrading is disabled and the content is already HTTPS upgradeKey = NS_LITERAL_CSTRING("disabledNoReason"); // Checks "security.mixed_content.upgrade_display_content" is true - if (nsMixedContentBlocker::ShouldUpgradeMixedDisplayContent()) { + if (StaticPrefs::security_mixed_content_upgrade_display_content()) { if (mLoadInfo->GetBrowserUpgradeInsecureRequests()) { // HTTP content the browser has upgraded to HTTPS upgradeKey = NS_LITERAL_CSTRING("enabledUpgrade"); @@ -8256,7 +8256,7 @@ nsresult nsHttpChannel::ContinueOnStopRequest(nsresult aStatus, bool aIsFromNet, upgradeKey = NS_LITERAL_CSTRING("disabledUpgrade"); } else { // HTTP content that wouldn't upgrade - upgradeKey = nsMixedContentBlocker::ShouldUpgradeMixedDisplayContent() + upgradeKey = StaticPrefs::security_mixed_content_upgrade_display_content() ? NS_LITERAL_CSTRING("enabledWont") : NS_LITERAL_CSTRING("disabledWont"); }