Bug 1633338: Use IsPotentiallyTrustworthy to indicate top level window is secure for mixed content blocker. r=baku

Differential Revision: https://phabricator.services.mozilla.com/D75939

docshell/base/WindowContext.cpp

@@ -120,7 +120,8 @@ bool WindowContext::CheckOnlyOwningProcessCanSet(ContentParent* aSource) {
   return false;
 }
 
-bool WindowContext::CanSet(FieldIndex<IDX_IsSecure>, const bool& aIsSecure,
+bool WindowContext::CanSet(FieldIndex<IDX_IsPotentiallyTrustWorthy>,
+                           const bool& aIsPotentiallyTrustWorthy,
                            ContentParent* aSource) {
   return CheckOnlyOwningProcessCanSet(aSource);
 }

docshell/base/WindowContext.h

@@ -28,9 +28,9 @@ class BrowsingContextGroup;
    * tracking resource */                                              \
   FIELD(IsThirdPartyTrackingResourceWindow, bool)                      \
   FIELD(IsSecureContext, bool)                                         \
-  /* Mixed-Content: If the corresponding documentURI is https,         \
-   * then this flag is true. */                                        \
-  FIELD(IsSecure, bool)                                                \
+  /* Mixed-Content: If the corresponding document URI is potentially   \
+   * trustworthy, then this flag is true. */                           \
+  FIELD(IsPotentiallyTrustWorthy, bool)                                \
   /* Whether the user has overriden the mixed content blocker to allow \
    * mixed content loads to happen */                                  \
   FIELD(AllowMixedContent, bool)                                       \
@@ -122,8 +122,8 @@ class WindowContext : public nsISupports, public nsWrapperCache {
   bool CheckOnlyOwningProcessCanSet(ContentParent* aSource);
 
   // Overload `CanSet` to get notifications for a particular field being set.
-  bool CanSet(FieldIndex<IDX_IsSecure>, const bool& aIsSecure,
-              ContentParent* aSource);
+  bool CanSet(FieldIndex<IDX_IsPotentiallyTrustWorthy>,
+              const bool& aIsPotentiallyTrustWorthy, ContentParent* aSource);
   bool CanSet(FieldIndex<IDX_AllowMixedContent>, const bool& aAllowMixedContent,
               ContentParent* aSource);
 

dom/ipc/WindowGlobalActor.cpp

@@ -115,11 +115,9 @@ WindowGlobalInit WindowGlobalActor::WindowInitializer(
   }
 
   // Init Mixed Content Fields
-  nsCOMPtr<nsIURI> innerDocURI = NS_GetInnermostURI(doc->GetDocumentURI());
-  if (innerDocURI) {
-    mozilla::Get<WindowContext::IDX_IsSecure>(init.context().mFields) =
-        innerDocURI->SchemeIs("https");
-  }
+  mozilla::Get<WindowContext::IDX_IsPotentiallyTrustWorthy>(
+      init.context().mFields) =
+      doc->NodePrincipal()->GetIsOriginPotentiallyTrustworthy();
   nsCOMPtr<nsIChannel> mixedChannel;
   aWindow->GetDocShell()->GetMixedContentChannel(getter_AddRefs(mixedChannel));
   // A non null mixedContent channel on the docshell indicates,

dom/ipc/WindowGlobalChild.cpp

@@ -220,11 +220,8 @@ void WindowGlobalChild::OnNewDocument(Document* aDocument) {
   }
 
   // Init Mixed Content Fields
-  nsCOMPtr<nsIURI> innerDocURI =
-      NS_GetInnermostURI(aDocument->GetDocumentURI());
-  if (innerDocURI) {
-    txn.SetIsSecure(innerDocURI->SchemeIs("https"));
-  }
+  txn.SetIsPotentiallyTrustWorthy(
+      aDocument->NodePrincipal()->GetIsOriginPotentiallyTrustworthy());
   nsCOMPtr<nsIChannel> mixedChannel;
   mWindowGlobal->GetDocShell()->GetMixedContentChannel(
       getter_AddRefs(mixedChannel));

dom/security/nsMixedContentBlocker.cpp

@@ -700,22 +700,23 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
   // Determine if the rootDoc is https and if the user decided to allow Mixed
   // Content
   WindowContext* topWC = requestingWindow->TopWindowContext();
-  bool rootHasSecureConnection = topWC->GetIsSecure();
+  bool rootIsPotentiallyTrustWorthy = topWC->GetIsPotentiallyTrustWorthy();
   bool allowMixedContent = topWC->GetAllowMixedContent();
 
   // When navigating an iframe, the iframe may be https
   // but its parents may not be.  Check the parents to see if any of them are
   // https. If none of the parents are https, allow the load.
-  if (contentType == TYPE_SUBDOCUMENT && !rootHasSecureConnection) {
-    bool httpsParentExists = false;
+  if (contentType == TYPE_SUBDOCUMENT && !rootIsPotentiallyTrustWorthy) {
+    bool potentiallyTrustWorthyParentExists = false;
 
     RefPtr<WindowContext> curWindow = requestingWindow;
-    while (!httpsParentExists && curWindow) {
-      httpsParentExists = curWindow->GetIsSecure();
+    while (!potentiallyTrustWorthyParentExists && curWindow) {
+      potentiallyTrustWorthyParentExists =
+          curWindow->GetIsPotentiallyTrustWorthy();
       curWindow = curWindow->GetParentWindowContext();
     }
 
-    if (!httpsParentExists) {
+    if (!potentiallyTrustWorthyParentExists) {
       *aDecision = nsIContentPolicy::ACCEPT;
       return NS_OK;
     }

security/manager/ssl/nsSecureBrowserUI.cpp

@@ -114,7 +114,7 @@ void nsSecureBrowserUI::UpdateForLocationOrMixedContentChange() {
   // with a channel that has a securityInfo that indicates the connection is
   // secure - e.g. h2/alt-svc or by visiting an http URI over an https proxy).
   nsCOMPtr<nsITransportSecurityInfo> securityInfo;
-  if (win && win->GetIsSecure()) {
+  if (win && win->GetIsPotentiallyTrustWorthy()) {
     securityInfo = win->GetSecurityInfo();
     if (securityInfo) {
       MOZ_LOG(gSecureBrowserUILog, LogLevel::Debug,
@@ -148,7 +148,8 @@ void nsSecureBrowserUI::UpdateForLocationOrMixedContentChange() {
   static const uint32_t kLoadedMixedContentFlags =
       nsIWebProgressListener::STATE_LOADED_MIXED_DISPLAY_CONTENT |
       nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT;
-  if (win && win->GetIsSecure() && (mState & kLoadedMixedContentFlags)) {
+  if (win && win->GetIsPotentiallyTrustWorthy() &&
+      (mState & kLoadedMixedContentFlags)) {
     // reset state security flag
     mState = mState >> 4 << 4;
     // set state security flag to broken, since there is mixed content