[tbb-commits] [tor-browser/tor-browser-52.8.0esr-7.5-1] Bug 23439: Exempt .onion domains from mixed content warnings

gk at torproject.org gk at torproject.org
Wed May 2 07:06:13 UTC 2018 

commit c4d20a867e257b15895cc2123e2c88b80df70b41
Author: Kathy Brade <brade at pearlcrescent.com>
Date:   Tue Mar 20 15:02:32 2018 -0400

    Bug 23439: Exempt .onion domains from mixed content warnings
---
 dom/html/HTMLFormElement.cpp              |  5 +++++
 dom/security/nsContentSecurityManager.cpp |  7 +++---
 dom/security/nsMixedContentBlocker.cpp    | 37 ++++++++++++++++++++++++++++---
 dom/security/nsMixedContentBlocker.h      |  2 ++
 4 files changed, 44 insertions(+), 7 deletions(-)

diff --git a/dom/html/HTMLFormElement.cpp b/dom/html/HTMLFormElement.cpp
index 5164391f8d2b..71b6248d5b06 100644
--- a/dom/html/HTMLFormElement.cpp
+++ b/dom/html/HTMLFormElement.cpp
@@ -14,6 +14,7 @@
 #include "mozilla/dom/AutocompleteErrorEvent.h"
 #include "mozilla/dom/nsCSPUtils.h"
 #include "mozilla/dom/nsCSPContext.h"
+#include "mozilla/dom/nsMixedContentBlocker.h"
 #include "mozilla/dom/HTMLFormControlsCollection.h"
 #include "mozilla/dom/HTMLFormElementBinding.h"
 #include "mozilla/Move.h"
@@ -907,6 +908,10 @@ HTMLFormElement::DoSecureToInsecureSubmitCheck(nsIURI* aActionURL,
     return NS_OK;
   }
 
+  if (nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(aActionURL)) {
+    return NS_OK;
+  }
+
   nsCOMPtr<nsPIDOMWindowOuter> window = OwnerDoc()->GetWindow();
   if (!window) {
     return NS_ERROR_FAILURE;
diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp
index c95226b56e91..aa4f735a5c4f 100644
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -10,6 +10,7 @@
 #include "nsMixedContentBlocker.h"
 
 #include "mozilla/dom/Element.h"
+#include "mozilla/dom/nsMixedContentBlocker.h"
 
 NS_IMPL_ISUPPORTS(nsContentSecurityManager,
                   nsIContentSecurityManager,
@@ -689,11 +690,9 @@ nsContentSecurityManager::IsOriginPotentiallyTrustworthy(nsIPrincipal* aPrincipa
         }
       }
     }
-    // Maybe we have a .onion URL. Treat it as whitelisted as well when
+    // Maybe we have a .onion URL. Treat it as whitelisted as well if
     // `dom.securecontext.whitelist_onions` is `true`.
-    bool whitelistOnions =
-      Preferences::GetBool("dom.securecontext.whitelist_onions", false);
-    if (whitelistOnions && StringEndsWith(host, NS_LITERAL_CSTRING(".onion"))) {
+    if (nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(uri)) {
       *aIsTrustWorthy = true;
       return NS_OK;
     }
diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp
index a9aca5333491..98e262f0bcf4 100644
--- a/dom/security/nsMixedContentBlocker.cpp
+++ b/dom/security/nsMixedContentBlocker.cpp
@@ -394,6 +394,29 @@ nsMixedContentBlocker::ShouldLoad(uint32_t aContentType,
   return rv;
 }
 
+/* Maybe we have a .onion URL. Treat it as whitelisted as well if
+ * `dom.securecontext.whitelist_onions` is `true`.
+ */
+bool
+nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(nsIURI* aURL) {
+  static bool sInited = false;
+  static bool sWhiteListOnions = false;
+  if (!sInited) {
+    Preferences::AddBoolVarCache(&sWhiteListOnions,
+                                 "dom.securecontext.whitelist_onions");
+    sInited = true;
+  }
+  if (!sWhiteListOnions) {
+    return false;
+  }
+
+  nsAutoCString host;
+  nsresult rv = aURL->GetHost(host);
+  NS_ENSURE_SUCCESS(rv, false);
+  return StringEndsWith(host, NS_LITERAL_CSTRING(".onion"));
+}
+
+
 /* Static version of ShouldLoad() that contains all the Mixed Content Blocker
  * logic.  Called from non-static ShouldLoad().
  */
@@ -696,6 +719,17 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
     return NS_OK;
   }
 
+  bool isHttpScheme = false;
+  rv = innerContentLocation->SchemeIs("http", &isHttpScheme);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  // .onion URLs are encrypted and authenticated. Don't treat them as mixed
+  // content if potentially trustworthy (i.e. whitelisted).
+  if (isHttpScheme && IsPotentiallyTrustworthyOnion(innerContentLocation)) {
+    *aDecision = ACCEPT;
+    return NS_OK;
+  }
+
   // The page might have set the CSP directive 'upgrade-insecure-requests'. In such
   // a case allow the http: load to succeed with the promise that the channel will
   // get upgraded to https before fetching any data from the netwerk.
@@ -707,9 +741,6 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
   // we only have to check against http: here. Skip mixed content blocking if the
   // subresource load uses http: and the CSP directive 'upgrade-insecure-requests'
   // is present on the page.
-  bool isHttpScheme = false;
-  rv = innerContentLocation->SchemeIs("http", &isHttpScheme);
-  NS_ENSURE_SUCCESS(rv, rv);
   nsIDocument* document = docShell->GetDocument();
   MOZ_ASSERT(document, "Expected a document");
   if (isHttpScheme && document->GetUpgradeInsecureRequests(isPreload)) {
diff --git a/dom/security/nsMixedContentBlocker.h b/dom/security/nsMixedContentBlocker.h
index 539c3ebbb7f0..24fbac171dac 100644
--- a/dom/security/nsMixedContentBlocker.h
+++ b/dom/security/nsMixedContentBlocker.h
@@ -43,6 +43,8 @@ public:
 
   nsMixedContentBlocker();
 
+  static bool IsPotentiallyTrustworthyOnion(nsIURI* aURL);
+
   /* Static version of ShouldLoad() that contains all the Mixed Content Blocker
    * logic.  Called from non-static ShouldLoad().
    * Called directly from imageLib when an insecure redirect exists in a cached

More information about the tbb-commits mailing list