[tbb-commits] [tor-browser/tor-browser-52.7.2esr-8.0-1] Bug 23439: Exempt .onion domains from mixed content warnings
gk at torproject.org
gk at torproject.org
Wed Mar 21 08:22:38 UTC 2018
commit 680dece41e71d30afd4616aa19001c60e55dc852
Author: Kathy Brade <brade at pearlcrescent.com>
Date: Tue Mar 20 15:02:32 2018 -0400
Bug 23439: Exempt .onion domains from mixed content warnings
---
dom/html/HTMLFormElement.cpp | 5 +++++
dom/security/nsContentSecurityManager.cpp | 7 +++---
dom/security/nsMixedContentBlocker.cpp | 37 ++++++++++++++++++++++++++++---
dom/security/nsMixedContentBlocker.h | 2 ++
4 files changed, 44 insertions(+), 7 deletions(-)
diff --git a/dom/html/HTMLFormElement.cpp b/dom/html/HTMLFormElement.cpp
index 5164391f8d2b..71b6248d5b06 100644
--- a/dom/html/HTMLFormElement.cpp
+++ b/dom/html/HTMLFormElement.cpp
@@ -14,6 +14,7 @@
#include "mozilla/dom/AutocompleteErrorEvent.h"
#include "mozilla/dom/nsCSPUtils.h"
#include "mozilla/dom/nsCSPContext.h"
+#include "mozilla/dom/nsMixedContentBlocker.h"
#include "mozilla/dom/HTMLFormControlsCollection.h"
#include "mozilla/dom/HTMLFormElementBinding.h"
#include "mozilla/Move.h"
@@ -907,6 +908,10 @@ HTMLFormElement::DoSecureToInsecureSubmitCheck(nsIURI* aActionURL,
return NS_OK;
}
+ if (nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(aActionURL)) {
+ return NS_OK;
+ }
+
nsCOMPtr<nsPIDOMWindowOuter> window = OwnerDoc()->GetWindow();
if (!window) {
return NS_ERROR_FAILURE;
diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp
index c95226b56e91..aa4f735a5c4f 100644
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -10,6 +10,7 @@
#include "nsMixedContentBlocker.h"
#include "mozilla/dom/Element.h"
+#include "mozilla/dom/nsMixedContentBlocker.h"
NS_IMPL_ISUPPORTS(nsContentSecurityManager,
nsIContentSecurityManager,
@@ -689,11 +690,9 @@ nsContentSecurityManager::IsOriginPotentiallyTrustworthy(nsIPrincipal* aPrincipa
}
}
}
- // Maybe we have a .onion URL. Treat it as whitelisted as well when
+ // Maybe we have a .onion URL. Treat it as whitelisted as well if
// `dom.securecontext.whitelist_onions` is `true`.
- bool whitelistOnions =
- Preferences::GetBool("dom.securecontext.whitelist_onions", false);
- if (whitelistOnions && StringEndsWith(host, NS_LITERAL_CSTRING(".onion"))) {
+ if (nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(uri)) {
*aIsTrustWorthy = true;
return NS_OK;
}
diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp
index a9aca5333491..98e262f0bcf4 100644
--- a/dom/security/nsMixedContentBlocker.cpp
+++ b/dom/security/nsMixedContentBlocker.cpp
@@ -394,6 +394,29 @@ nsMixedContentBlocker::ShouldLoad(uint32_t aContentType,
return rv;
}
+/* Maybe we have a .onion URL. Treat it as whitelisted as well if
+ * `dom.securecontext.whitelist_onions` is `true`.
+ */
+bool
+nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(nsIURI* aURL) {
+ static bool sInited = false;
+ static bool sWhiteListOnions = false;
+ if (!sInited) {
+ Preferences::AddBoolVarCache(&sWhiteListOnions,
+ "dom.securecontext.whitelist_onions");
+ sInited = true;
+ }
+ if (!sWhiteListOnions) {
+ return false;
+ }
+
+ nsAutoCString host;
+ nsresult rv = aURL->GetHost(host);
+ NS_ENSURE_SUCCESS(rv, false);
+ return StringEndsWith(host, NS_LITERAL_CSTRING(".onion"));
+}
+
+
/* Static version of ShouldLoad() that contains all the Mixed Content Blocker
* logic. Called from non-static ShouldLoad().
*/
@@ -696,6 +719,17 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
return NS_OK;
}
+ bool isHttpScheme = false;
+ rv = innerContentLocation->SchemeIs("http", &isHttpScheme);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // .onion URLs are encrypted and authenticated. Don't treat them as mixed
+ // content if potentially trustworthy (i.e. whitelisted).
+ if (isHttpScheme && IsPotentiallyTrustworthyOnion(innerContentLocation)) {
+ *aDecision = ACCEPT;
+ return NS_OK;
+ }
+
// The page might have set the CSP directive 'upgrade-insecure-requests'. In such
// a case allow the http: load to succeed with the promise that the channel will
// get upgraded to https before fetching any data from the netwerk.
@@ -707,9 +741,6 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
// we only have to check against http: here. Skip mixed content blocking if the
// subresource load uses http: and the CSP directive 'upgrade-insecure-requests'
// is present on the page.
- bool isHttpScheme = false;
- rv = innerContentLocation->SchemeIs("http", &isHttpScheme);
- NS_ENSURE_SUCCESS(rv, rv);
nsIDocument* document = docShell->GetDocument();
MOZ_ASSERT(document, "Expected a document");
if (isHttpScheme && document->GetUpgradeInsecureRequests(isPreload)) {
diff --git a/dom/security/nsMixedContentBlocker.h b/dom/security/nsMixedContentBlocker.h
index 539c3ebbb7f0..24fbac171dac 100644
--- a/dom/security/nsMixedContentBlocker.h
+++ b/dom/security/nsMixedContentBlocker.h
@@ -43,6 +43,8 @@ public:
nsMixedContentBlocker();
+ static bool IsPotentiallyTrustworthyOnion(nsIURI* aURL);
+
/* Static version of ShouldLoad() that contains all the Mixed Content Blocker
* logic. Called from non-static ShouldLoad().
* Called directly from imageLib when an insecure redirect exists in a cached
More information about the tbb-commits
mailing list