Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-28 05:10:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1646768 - Add Telemetry for MCB-Download Blocking r=ckerschb

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D80215
This commit is contained in:
Sebastian Streich 2020-07-09 09:58:52 +00:00
parent 4d1d96c31a
commit d806bac0e0
5 changed files with 33 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
dom/security/nsContentSecurityUtils.cpp
View File

@ -1114,14 +1114,8 @@ void nsContentSecurityUtils::LogMessageToConsole(nsIHttpChannel* aChannel,
bool nsContentSecurityUtils::IsDownloadAllowed(
nsIChannel* aChannel, const nsAutoCString& aMimeTypeGuess) {
MOZ_ASSERT(aChannel, "IsDownloadAllowed without channel?");
if (!StaticPrefs::dom_block_download_insecure()) {
return true;
}
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
if (loadInfo->TriggeringPrincipal()->IsSystemPrincipal()) {
return true;
}
nsCOMPtr<nsIURI> contentLocation;
aChannel->GetURI(getter_AddRefs(contentLocation));
@ -1141,11 +1135,21 @@ bool nsContentSecurityUtils::IsDownloadAllowed(
contentLocation, // aContentLocation,
secCheckLoadInfo, // aLoadinfo
aMimeTypeGuess, // aMimeGuess,
false, // aReportError
&decission // aDecision
);
if (decission == nsIContentPolicy::ACCEPT) {
Telemetry::Accumulate(mozilla::Telemetry::MIXED_CONTENT_DOWNLOADS,
decission != nsIContentPolicy::ACCEPT);
if (!StaticPrefs::dom_block_download_insecure() ||
decission == nsIContentPolicy::ACCEPT) {
return true;
}
if (loadInfo->TriggeringPrincipal()->IsSystemPrincipal()) {
return true;
}
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
if (httpChannel) {
LogMessageToConsole(httpChannel, "MixedContentBlockedDownload");

11
dom/security/nsMixedContentBlocker.cpp
View File

@ -213,8 +213,9 @@ nsMixedContentBlocker::ShouldLoad(nsIURI* aContentLocation,
// callers of this method don't know whether the load went through cached
// image redirects. This is handled by direct callers of the static
// ShouldLoad.
nsresult rv = ShouldLoad(false, // aHadInsecureImageRedirect
aContentLocation, aLoadInfo, aMimeGuess, aDecision);
nsresult rv =
ShouldLoad(false, // aHadInsecureImageRedirect
aContentLocation, aLoadInfo, aMimeGuess, true, aDecision);
if (*aDecision == nsIContentPolicy::REJECT_REQUEST) {
NS_SetRequestBlockingReason(aLoadInfo,
@ -380,6 +381,7 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
nsIURI* aContentLocation,
nsILoadInfo* aLoadInfo,
const nsACString& aMimeGuess,
bool aReportError,
int16_t* aDecision) {
// Asserting that we are on the main thread here and hence do not have to lock
// and unlock security.mixed_content.block_active_content and
@ -771,10 +773,11 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
}
// set hasMixedContentObjectSubrequest on this object if necessary
if (contentType == TYPE_OBJECT_SUBREQUEST) {
if (contentType == TYPE_OBJECT_SUBREQUEST && aReportError) {
if (!StaticPrefs::security_mixed_content_block_object_subrequest()) {
nsAutoCString messageLookUpKey(
"LoadingMixedDisplayObjectSubrequestDeprecation");
LogMixedContentMessage(classification, aContentLocation, topWC->Id(),
eUserOverride, requestingLocation,
messageLookUpKey);
@ -817,7 +820,7 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
// To avoid duplicate errors on the console, we do not report blocked
// preloads to the console.
if (!isPreload) {
if (!isPreload && aReportError) {
LogMixedContentMessage(classification, aContentLocation, topWC->Id(),
(*aDecision == nsIContentPolicy::REJECT_REQUEST)
? eBlocked

6
dom/security/nsMixedContentBlocker.h
View File

@ -62,11 +62,15 @@ class nsMixedContentBlocker : public nsIContentPolicy,
* @param aHadInsecureImageRedirect
* boolean flag indicating that an insecure redirect through http
* occured when this image was initially loaded and cached.
* @param aReportError
* boolean flag indicating if a rejection should automaticly be
* logged into the Console.
* Remaining parameters are from nsIContentPolicy::ShouldLoad().
*/
static nsresult ShouldLoad(bool aHadInsecureImageRedirect,
nsIURI* aContentLocation, nsILoadInfo* aLoadInfo,
const nsACString& aMimeGuess, int16_t* aDecision);
const nsACString& aMimeGuess, bool aReportError,
int16_t* aDecision);
static void AccumulateMixedContentHSTS(
nsIURI* aURI, bool aActive, const OriginAttributes& aOriginAttributes);

1
image/imgLoader.cpp
View File

@ -730,6 +730,7 @@ static bool ShouldLoadCachedImage(imgRequest* aImgRequest,
rv = nsMixedContentBlocker::ShouldLoad(insecureRedirect, contentLocation,
secCheckLoadInfo,
EmptyCString(), // mime guess
true, // aReportError
&decision);
if (NS_FAILED(rv) || !NS_CP_ACCEPTED(decision)) {
return false;

9
toolkit/components/telemetry/Histograms.json
View File

@ -10906,6 +10906,15 @@
"n_values": 10,
"description": "How often would blocked mixed content be allowed if HSTS upgrades were allowed? 0=display/no-HSTS, 1=display/HSTS, 2=active/no-HSTS, 3=active/HSTS"
},
"MIXED_CONTENT_DOWNLOADS": {
"record_in_processes": ["main","content"],
"products": ["firefox"],
"alert_emails": ["seceng-telemetry@mozilla.com", "sstreich@mozilla.com"],
"bug_numbers": [1646768],
"expires_in_version": "85",
"kind": "boolean",
"description": "Accumulates how many downloads are mixed-content (True = The download is MixedContent, False= is not MixedContent)"
},
"CONTENT_SIGNATURE_VERIFICATION_STATUS": {
"record_in_processes": ["main", "content"],
"products": ["firefox", "fennec", "thunderbird"],