Backed out changeset f51b921e1ccf (bug 1233098) for browser-chrome bustage

--HG--
extra : commitid : ytS8fc4lFu

dom/base/WebSocket.cpp

@@ -1561,7 +1561,7 @@ WebSocketImpl::Init(JSContext* aCx,
   // to reflect that upgrade. Please note that we can not upgrade from ws:
   // to wss: before performing content policy checks because CSP needs to
   // send reports in case the scheme is about to be upgraded.
-  if (!mSecure && originDoc && originDoc->GetUpgradeInsecureRequests(false)) {
+  if (!mSecure && originDoc && originDoc->GetUpgradeInsecureRequests()) {
     // let's use the old specification before the upgrade for logging
     NS_ConvertUTF8toUTF16 reportSpec(mURI);
 

dom/base/nsContentPolicy.cpp

@@ -116,8 +116,8 @@ nsContentPolicy::CheckPolicy(CPMethod          policyMethod,
     nsContentPolicyType externalType =
         nsContentUtils::InternalContentPolicyTypeToExternal(contentType);
 
-    nsContentPolicyType externalTypeOrMCBInternal =
-        nsContentUtils::InternalContentPolicyTypeToExternalOrMCBInternal(contentType);
+    nsContentPolicyType externalTypeOrScript =
+        nsContentUtils::InternalContentPolicyTypeToExternalOrScript(contentType);
 
     nsContentPolicyType externalTypeOrCSPInternal =
        nsContentUtils::InternalContentPolicyTypeToExternalOrCSPInternal(contentType);
@@ -140,13 +140,11 @@ nsContentPolicy::CheckPolicy(CPMethod          policyMethod,
         /* check the appropriate policy */
         // Send the internal content policy type to the mixed content blocker
         // which needs to know about TYPE_INTERNAL_WORKER,
-        // TYPE_INTERNAL_SHARED_WORKER and TYPE_INTERNAL_SERVICE_WORKER
-        // and also preloads: TYPE_INTERNAL_SCRIPT_PRELOAD,
-        // TYPE_INTERNAL_IMAGE_PRELOAD, TYPE_INTERNAL_STYLESHEET_PRELOAD
+        // TYPE_INTERNAL_SHARED_WORKER and TYPE_INTERNAL_SERVICE_WORKER.
         bool isMixedContentBlocker = mixedContentBlocker == entries[i];
         nsContentPolicyType type = externalType;
         if (isMixedContentBlocker) {
-            type = externalTypeOrMCBInternal;
+            type = externalTypeOrScript;
         }
         // Send the internal content policy type for CSP which needs to
         // know about preloads and workers, in particular:

dom/base/nsContentUtils.cpp

@@ -7991,7 +7991,7 @@ nsContentUtils::InternalContentPolicyTypeToExternal(nsContentPolicyType aType)
 
 /* static */
 nsContentPolicyType
-nsContentUtils::InternalContentPolicyTypeToExternalOrMCBInternal(nsContentPolicyType aType)
+nsContentUtils::InternalContentPolicyTypeToExternalOrScript(nsContentPolicyType aType)
 {
   switch (aType) {
   case nsIContentPolicy::TYPE_INTERNAL_SCRIPT:
@@ -8001,7 +8001,7 @@ nsContentUtils::InternalContentPolicyTypeToExternalOrMCBInternal(nsContentPolicy
     return aType;
 
   default:
-    return InternalContentPolicyTypeToExternalOrPreload(aType);
+    return InternalContentPolicyTypeToExternal(aType);
   }
 }
 

dom/base/nsContentUtils.h

@@ -986,18 +986,16 @@ public:
   static nsContentPolicyType InternalContentPolicyTypeToExternal(nsContentPolicyType aType);
 
   /**
-   * Map internal content policy types to external ones or script types or preload types:
+   * Map internal content policy types to external ones or script types:
    *   * TYPE_INTERNAL_SCRIPT
    *   * TYPE_INTERNAL_WORKER
    *   * TYPE_INTERNAL_SHARED_WORKER
    *   * TYPE_INTERNAL_SERVICE_WORKER
-   *   * TYPE_INTERNAL_SCRIPT_PRELOAD
-   *   * TYPE_INTERNAL_IMAGE_PRELOAD
-   *   * TYPE_INTERNAL_STYLESHEET_PRELOAD
+   *
    *
    * Note: DO NOT call this function unless you know what you're doing!
    */
-  static nsContentPolicyType InternalContentPolicyTypeToExternalOrMCBInternal(nsContentPolicyType aType);
+  static nsContentPolicyType InternalContentPolicyTypeToExternalOrScript(nsContentPolicyType aType);
 
   /**
    * Map internal content policy types to external ones or preload types:

dom/base/nsDocument.cpp

@@ -2550,12 +2550,12 @@ nsDocument::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
     treeItem->GetSameTypeParent(getter_AddRefs(sameTypeParent));
     if (sameTypeParent) {
       mUpgradeInsecureRequests =
-        sameTypeParent->GetDocument()->GetUpgradeInsecureRequests(false);
+        sameTypeParent->GetDocument()->GetUpgradeInsecureRequests();
       // if the parent document makes use of upgrade-insecure-requests
       // then subdocument preloads should always be upgraded.
       mUpgradeInsecurePreloads =
         mUpgradeInsecureRequests ||
-        sameTypeParent->GetDocument()->GetUpgradeInsecureRequests(true);
+        sameTypeParent->GetDocument()->GetUpgradeInsecurePreloads();
     }
   }
 

dom/base/nsIDocument.h

@@ -321,14 +321,19 @@ public:
    * of the document's ancestors up to the toplevel document makes use
    * of the CSP directive 'upgrade-insecure-requests'.
    */
-  bool GetUpgradeInsecureRequests(bool aPreload) const
+  bool GetUpgradeInsecureRequests() const
   {
-    if (aPreload) {
-      return mUpgradeInsecurePreloads;
-    }
     return mUpgradeInsecureRequests;
   }
 
+  /**
+   * Same as GetUpgradeInsecureRequests() but *only* for preloads.
+   */
+  bool GetUpgradeInsecurePreloads() const
+  {
+    return mUpgradeInsecurePreloads;
+  }
+
   /**
    * Set the principal responsible for this document.
    */

dom/html/HTMLFormElement.cpp

@@ -1746,7 +1746,7 @@ HTMLFormElement::GetActionURL(nsIURI** aActionURL,
   bool isHttpScheme = false;
   rv = actionURL->SchemeIs("http", &isHttpScheme);
   NS_ENSURE_SUCCESS(rv, rv);
-  if (isHttpScheme && document->GetUpgradeInsecureRequests(false)) {
+  if (isHttpScheme && document->GetUpgradeInsecureRequests()) {
     // let's use the old specification before the upgrade for logging
     nsAutoCString spec;
     rv = actionURL->GetSpec(spec);

dom/security/nsMixedContentBlocker.cpp

@@ -310,7 +310,7 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel,
   }
 
   int16_t decision = REJECT_REQUEST;
-  rv = ShouldLoad(nsContentUtils::InternalContentPolicyTypeToExternalOrMCBInternal(contentPolicyType),
+  rv = ShouldLoad(nsContentUtils::InternalContentPolicyTypeToExternalOrScript(contentPolicyType),
                   newUri,
                   requestingLocation,
                   loadInfo->LoadingNode(),
@@ -378,11 +378,9 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
   // to them.
   MOZ_ASSERT(NS_IsMainThread());
 
-  MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternalOrMCBInternal(aContentType),
+  MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternalOrScript(aContentType),
              "We should only see external content policy types here.");
 
-   bool isPreload = nsContentUtils::IsPreloadType(aContentType);
-
   // The content policy type that we receive may be an internal type for
   // scripts.  Let's remember if we have seen a worker type, and reset it to the
   // external type in all cases right now.
@@ -670,7 +668,7 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
   bool isHttpScheme = false;
   rv = aContentLocation->SchemeIs("http", &isHttpScheme);
   NS_ENSURE_SUCCESS(rv, rv);
-  if (isHttpScheme && docShell->GetDocument()->GetUpgradeInsecureRequests(isPreload)) {
+  if (isHttpScheme && docShell->GetDocument()->GetUpgradeInsecureRequests()) {
     *aDecision = ACCEPT;
     return NS_OK;
   }

ipc/glue/BackgroundUtils.cpp

@@ -244,6 +244,7 @@ LoadInfoToLoadInfoArgs(nsILoadInfo *aLoadInfo,
       aLoadInfo->InternalContentPolicyType(),
       static_cast<uint32_t>(aLoadInfo->GetTainting()),
       aLoadInfo->GetUpgradeInsecureRequests(),
+      aLoadInfo->GetUpgradeInsecurePreloads(),
       aLoadInfo->GetInnerWindowID(),
       aLoadInfo->GetOuterWindowID(),
       aLoadInfo->GetParentOuterWindowID(),
@@ -303,6 +304,7 @@ LoadInfoArgsToLoadInfo(const OptionalLoadInfoArgs& aOptionalLoadInfoArgs,
                           loadInfoArgs.contentPolicyType(),
                           static_cast<LoadTainting>(loadInfoArgs.tainting()),
                           loadInfoArgs.upgradeInsecureRequests(),
+                          loadInfoArgs.upgradeInsecurePreloads(),
                           loadInfoArgs.innerWindowID(),
                           loadInfoArgs.outerWindowID(),
                           loadInfoArgs.parentOuterWindowID(),

netwerk/base/LoadInfo.cpp

@@ -38,6 +38,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
   , mInternalContentPolicyType(aContentPolicyType)
   , mTainting(LoadTainting::Basic)
   , mUpgradeInsecureRequests(false)
+  , mUpgradeInsecurePreloads(false)
   , mInnerWindowID(0)
   , mOuterWindowID(0)
   , mParentOuterWindowID(0)
@@ -88,13 +89,8 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
       ComputeIsThirdPartyContext(outerWindow);
     }
 
-    // if the document forces all requests to be upgraded from http to https, then
-    // we should do that for all requests. If it only forces preloads to be upgraded
-    // then we should enforce upgrade insecure requests only for preloads.
-    mUpgradeInsecureRequests =
-      aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(false) ||
-      (nsContentUtils::IsPreloadType(mInternalContentPolicyType) &&
-       aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(true));
+    mUpgradeInsecureRequests = aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests();
+    mUpgradeInsecurePreloads = aLoadingContext->OwnerDoc()->GetUpgradeInsecurePreloads();
   }
 
   const PrincipalOriginAttributes attrs = BasePrincipal::Cast(mLoadingPrincipal)->OriginAttributesRef();
@@ -109,6 +105,7 @@ LoadInfo::LoadInfo(const LoadInfo& rhs)
   , mInternalContentPolicyType(rhs.mInternalContentPolicyType)
   , mTainting(rhs.mTainting)
   , mUpgradeInsecureRequests(rhs.mUpgradeInsecureRequests)
+  , mUpgradeInsecurePreloads(rhs.mUpgradeInsecurePreloads)
   , mInnerWindowID(rhs.mInnerWindowID)
   , mOuterWindowID(rhs.mOuterWindowID)
   , mParentOuterWindowID(rhs.mParentOuterWindowID)
@@ -131,6 +128,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
                    nsContentPolicyType aContentPolicyType,
                    LoadTainting aTainting,
                    bool aUpgradeInsecureRequests,
+                   bool aUpgradeInsecurePreloads,
                    uint64_t aInnerWindowID,
                    uint64_t aOuterWindowID,
                    uint64_t aParentOuterWindowID,
@@ -149,6 +147,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
   , mInternalContentPolicyType(aContentPolicyType)
   , mTainting(aTainting)
   , mUpgradeInsecureRequests(aUpgradeInsecureRequests)
+  , mUpgradeInsecurePreloads(aUpgradeInsecurePreloads)
   , mInnerWindowID(aInnerWindowID)
   , mOuterWindowID(aOuterWindowID)
   , mParentOuterWindowID(aParentOuterWindowID)
@@ -381,6 +380,13 @@ LoadInfo::GetUpgradeInsecureRequests(bool* aResult)
   return NS_OK;
 }
 
+NS_IMETHODIMP
+LoadInfo::GetUpgradeInsecurePreloads(bool* aResult)
+{
+  *aResult = mUpgradeInsecurePreloads;
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 LoadInfo::GetInnerWindowID(uint64_t* aResult)
 {

netwerk/base/LoadInfo.h

@@ -74,6 +74,7 @@ private:
            nsContentPolicyType aContentPolicyType,
            LoadTainting aTainting,
            bool aUpgradeInsecureRequests,
+           bool aUpgradeInsecurePreloads,
            uint64_t aInnerWindowID,
            uint64_t aOuterWindowID,
            uint64_t aParentOuterWindowID,
@@ -111,6 +112,7 @@ private:
   nsContentPolicyType              mInternalContentPolicyType;
   LoadTainting                     mTainting;
   bool                             mUpgradeInsecureRequests;
+  bool                             mUpgradeInsecurePreloads;
   uint64_t                         mInnerWindowID;
   uint64_t                         mOuterWindowID;
   uint64_t                         mParentOuterWindowID;

netwerk/base/nsILoadInfo.idl

@@ -29,7 +29,7 @@ typedef unsigned long nsSecurityFlags;
 /**
  * An nsILoadOwner represents per-load information about who started the load.
  */
-[scriptable, builtinclass, uuid(ddc65bf9-2f60-41ab-b22a-4f1ae9efcd36)]
+[scriptable, builtinclass, uuid(41e311d0-5894-4aaa-80b5-5b7099dfc404)]
 interface nsILoadInfo : nsISupports
 {
   /**
@@ -336,6 +336,11 @@ interface nsILoadInfo : nsISupports
    */
   [infallible] readonly attribute boolean upgradeInsecureRequests;
 
+  /**
+   * Same as upgradeInsecureRequests but for preloads.
+   */
+  [infallible] readonly attribute boolean upgradeInsecurePreloads;
+
   /**
    * Typically these are the window IDs of the window in which the element being
    * loaded lives. However, if the element being loaded is <frame

netwerk/base/nsNetUtil.cpp

@@ -2258,6 +2258,11 @@ NS_ShouldSecureUpgrade(nsIURI* aURI,
     // the promise to CSP and mixed content blocking to upgrade the channel
     // from http to https.
     if (aLoadInfo) {
+      bool isPreload = nsContentUtils::IsPreloadType(aLoadInfo->InternalContentPolicyType());
+      bool upgradeRequests =
+        ((isPreload && aLoadInfo->GetUpgradeInsecurePreloads()) ||
+         (aLoadInfo->GetUpgradeInsecureRequests()));
+
       // Please note that cross origin top level navigations are not subject
       // to upgrade-insecure-requests, see:
       // http://www.w3.org/TR/upgrade-insecure-requests/#examples
@@ -2265,7 +2270,7 @@ NS_ShouldSecureUpgrade(nsIURI* aURI,
         (aLoadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_DOCUMENT) &&
         (!aChannelResultPrincipal->Equals(aLoadInfo->LoadingPrincipal()));
 
-      if (aLoadInfo->GetUpgradeInsecureRequests() && !crossOriginNavigation) {
+      if (upgradeRequests && !crossOriginNavigation) {
         // let's log a message to the console that we are upgrading a request
         nsAutoCString spec, scheme;
         aURI->GetSpec(spec);

netwerk/ipc/NeckoChannelParams.ipdlh

@@ -33,6 +33,7 @@ struct LoadInfoArgs
   uint32_t         contentPolicyType;
   uint32_t         tainting;
   bool             upgradeInsecureRequests;
+  bool             upgradeInsecurePreloads;
   uint64_t         innerWindowID;
   uint64_t         outerWindowID;
   uint64_t         parentOuterWindowID;