diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index bdeaa6e86c4f..e04af8f9905d 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -8548,13 +8548,18 @@ bool nsDocShell::IsSameDocumentNavigation(nsDocShellLoadState* aLoadState, if (!aState.mSameExceptHashes) { if (nsCOMPtr docChannel = GetCurrentDocChannel()) { nsCOMPtr docLoadInfo = docChannel->LoadInfo(); + nsHTTPSOnlyUtils::UpgradeMode upgradeMode = + nsHTTPSOnlyUtils::GetUpgradeMode(docLoadInfo); if (!docLoadInfo->GetLoadErrorPage() && - nsHTTPSOnlyUtils::ShouldUpgradeConnection(docLoadInfo) && + (upgradeMode == nsHTTPSOnlyUtils::HTTPS_ONLY_MODE || + upgradeMode == nsHTTPSOnlyUtils::HTTPS_FIRST_MODE) && nsHTTPSOnlyUtils::IsHttpDowngrade(currentExposableURI, aLoadState->URI())) { uint32_t status = docLoadInfo->GetHttpsOnlyStatus(); - if (status & (nsILoadInfo::HTTPS_ONLY_UPGRADED_LISTENER_REGISTERED | - nsILoadInfo::HTTPS_ONLY_UPGRADED_HTTPS_FIRST)) { + if ((status & + (nsILoadInfo::HTTPS_ONLY_UPGRADED_LISTENER_REGISTERED | + nsILoadInfo::HTTPS_ONLY_UPGRADED_HTTPS_FIRST)) && + !(status & nsILoadInfo::HTTPS_ONLY_EXEMPT)) { // At this point the requested URI is for sure a fragment // navigation via HTTP and HTTPS-Only mode or HTTPS-First is // enabled. Also it is not interfering the upgrade order of @@ -9390,7 +9395,8 @@ nsresult nsDocShell::InternalLoad(nsDocShellLoadState* aLoadState, // unload and just unload. bool okToUnload; if (!isHistoryOrReload && aLoadState->IsExemptFromHTTPSFirstMode() && - nsHTTPSOnlyUtils::IsHttpsFirstModeEnabled(isPrivateWin)) { + nsHTTPSOnlyUtils::GetUpgradeMode(isPrivateWin) == + nsHTTPSOnlyUtils::HTTPS_FIRST_MODE) { rv = mDocumentViewer->PermitUnload( nsIDocumentViewer::PermitUnloadAction::eDontPromptAndUnload, &okToUnload); diff --git a/dom/security/nsHTTPSOnlyUtils.cpp b/dom/security/nsHTTPSOnlyUtils.cpp index 334b28d4ae51..7581b65fa3e4 100644 --- a/dom/security/nsHTTPSOnlyUtils.cpp +++ b/dom/security/nsHTTPSOnlyUtils.cpp @@ -29,40 +29,34 @@ #include "prnetdb.h" /* static */ -bool nsHTTPSOnlyUtils::IsHttpsOnlyModeEnabled(bool aFromPrivateWindow) { - // if the general pref is set to true, then we always return - if (mozilla::StaticPrefs::dom_security_https_only_mode()) { - return true; +nsHTTPSOnlyUtils::UpgradeMode nsHTTPSOnlyUtils::GetUpgradeMode( + bool aFromPrivateWindow, + nsILoadInfo::SchemelessInputType aSchemelessInputType) { + if (mozilla::StaticPrefs::dom_security_https_only_mode() || + (aFromPrivateWindow && + mozilla::StaticPrefs::dom_security_https_only_mode_pbm())) { + return nsHTTPSOnlyUtils::HTTPS_ONLY_MODE; } - // otherwise we check if executing in private browsing mode and return true - // if the PBM pref for HTTPS-Only is set. - if (aFromPrivateWindow && - mozilla::StaticPrefs::dom_security_https_only_mode_pbm()) { - return true; + if (mozilla::StaticPrefs::dom_security_https_first() || + (aFromPrivateWindow && + mozilla::StaticPrefs::dom_security_https_first_pbm())) { + return nsHTTPSOnlyUtils::HTTPS_FIRST_MODE; } - return false; + + if (mozilla::StaticPrefs::dom_security_https_first_schemeless() && + aSchemelessInputType == nsILoadInfo::SchemelessInputTypeSchemeless) { + return nsHTTPSOnlyUtils::SCHEMELESS_HTTPS_FIRST_MODE; + } + + return NO_UPGRADE_MODE; } /* static */ -bool nsHTTPSOnlyUtils::IsHttpsFirstModeEnabled(bool aFromPrivateWindow) { - // HTTPS-Only takes priority over HTTPS-First - if (IsHttpsOnlyModeEnabled(aFromPrivateWindow)) { - return false; - } - - // if the general pref is set to true, then we always return - if (mozilla::StaticPrefs::dom_security_https_first()) { - return true; - } - - // otherwise we check if executing in private browsing mode and return true - // if the PBM pref for HTTPS-First is set. - if (aFromPrivateWindow && - mozilla::StaticPrefs::dom_security_https_first_pbm()) { - return true; - } - return false; +nsHTTPSOnlyUtils::UpgradeMode nsHTTPSOnlyUtils::GetUpgradeMode( + nsILoadInfo* aLoadInfo) { + bool isPrivateWin = aLoadInfo->GetOriginAttributes().IsPrivateBrowsing(); + return GetUpgradeMode(isPrivateWin, aLoadInfo->GetSchemelessInput()); } /* static */ @@ -81,15 +75,11 @@ void nsHTTPSOnlyUtils::PotentiallyFireHttpRequestToShortenTimout( } nsCOMPtr loadInfo = channel->LoadInfo(); - bool isPrivateWin = loadInfo->GetOriginAttributes().IsPrivateBrowsing(); + UpgradeMode upgradeMode = GetUpgradeMode(loadInfo); // if neither HTTPS-Only nor HTTPS-First mode is enabled, then there is // nothing to do here. - if ((!IsHttpsOnlyModeEnabled(isPrivateWin) && - !IsHttpsFirstModeEnabled(isPrivateWin)) && - !(loadInfo->GetSchemelessInput() == - nsILoadInfo::SchemelessInputTypeSchemeless && - mozilla::StaticPrefs::dom_security_https_first_schemeless())) { + if (upgradeMode == NO_UPGRADE_MODE) { return; } @@ -132,10 +122,8 @@ void nsHTTPSOnlyUtils::PotentiallyFireHttpRequestToShortenTimout( // HTTPS-First is enabled, but HTTPS-Only is not enabled, we might return // early if attempting to send a background request to a non standard port. if (!mozilla::StaticPrefs::dom_security_https_first_for_custom_ports() && - (IsHttpsFirstModeEnabled(isPrivateWin) || - (loadInfo->GetSchemelessInput() == - nsILoadInfo::SchemelessInputTypeSchemeless && - mozilla::StaticPrefs::dom_security_https_first_schemeless()))) { + (upgradeMode == HTTPS_FIRST_MODE || + upgradeMode == SCHEMELESS_HTTPS_FIRST_MODE)) { int32_t port = 0; nsresult rv = channelURI->GetPort(&port); int defaultPortforScheme = NS_GetDefaultPort("http"); @@ -158,8 +146,7 @@ void nsHTTPSOnlyUtils::PotentiallyFireHttpRequestToShortenTimout( bool nsHTTPSOnlyUtils::ShouldUpgradeRequest(nsIURI* aURI, nsILoadInfo* aLoadInfo) { // 1. Check if the HTTPS-Only Mode is even enabled, before we do anything else - bool isPrivateWin = aLoadInfo->GetOriginAttributes().IsPrivateBrowsing(); - if (!IsHttpsOnlyModeEnabled(isPrivateWin)) { + if (GetUpgradeMode(aLoadInfo) != HTTPS_ONLY_MODE) { return false; } @@ -183,7 +170,8 @@ bool nsHTTPSOnlyUtils::ShouldUpgradeRequest(nsIURI* aURI, ExtContentPolicyType contentType = aLoadInfo->GetExternalContentPolicyType(); if (contentType != ExtContentPolicy::TYPE_DOCUMENT) { if (!aLoadInfo->TriggeringPrincipal()->IsSystemPrincipal() && - TestIfPrincipalIsExempt(aLoadInfo->TriggeringPrincipal())) { + TestIfPrincipalIsExempt(aLoadInfo->TriggeringPrincipal(), + HTTPS_ONLY_MODE)) { return false; } } @@ -226,8 +214,7 @@ bool nsHTTPSOnlyUtils::ShouldUpgradeRequest(nsIURI* aURI, bool nsHTTPSOnlyUtils::ShouldUpgradeWebSocket(nsIURI* aURI, nsILoadInfo* aLoadInfo) { // 1. Check if the HTTPS-Only Mode is even enabled, before we do anything else - bool isPrivateWin = aLoadInfo->GetOriginAttributes().IsPrivateBrowsing(); - if (!IsHttpsOnlyModeEnabled(isPrivateWin)) { + if (GetUpgradeMode(aLoadInfo) != HTTPS_ONLY_MODE) { return false; } @@ -250,7 +237,8 @@ bool nsHTTPSOnlyUtils::ShouldUpgradeWebSocket(nsIURI* aURI, // All subresources of an exempt triggering principal are also exempt. if (!aLoadInfo->TriggeringPrincipal()->IsSystemPrincipal() && - TestIfPrincipalIsExempt(aLoadInfo->TriggeringPrincipal())) { + TestIfPrincipalIsExempt(aLoadInfo->TriggeringPrincipal(), + HTTPS_ONLY_MODE)) { return false; } @@ -275,13 +263,13 @@ bool nsHTTPSOnlyUtils::IsUpgradeDowngradeEndlessLoop( const mozilla::EnumSet& aOptions) { // 1. Check if the HTTPS-Only/HTTPS-First is even enabled, before doing // anything else - bool isPrivateWin = aLoadInfo->GetOriginAttributes().IsPrivateBrowsing(); + UpgradeMode upgradeMode = GetUpgradeMode(aLoadInfo); bool enforceForHTTPSOnlyMode = - IsHttpsOnlyModeEnabled(isPrivateWin) && + upgradeMode == HTTPS_ONLY_MODE && aOptions.contains( UpgradeDowngradeEndlessLoopOptions::EnforceForHTTPSOnlyMode); bool enforceForHTTPSFirstMode = - IsHttpsFirstModeEnabled(isPrivateWin) && + upgradeMode == HTTPS_FIRST_MODE && aOptions.contains( UpgradeDowngradeEndlessLoopOptions::EnforceForHTTPSFirstMode); bool enforceForHTTPSRR = @@ -357,11 +345,9 @@ bool nsHTTPSOnlyUtils::ShouldUpgradeHttpsFirstRequest(nsIURI* aURI, MOZ_ASSERT(aURI->SchemeIs("http"), "how come the request is not 'http'?"); // 1. Check if HTTPS-First Mode is enabled - bool isPrivateWin = aLoadInfo->GetOriginAttributes().IsPrivateBrowsing(); - if (!IsHttpsFirstModeEnabled(isPrivateWin) && - !(aLoadInfo->GetSchemelessInput() == - nsILoadInfo::SchemelessInputTypeSchemeless && - mozilla::StaticPrefs::dom_security_https_first_schemeless())) { + UpgradeMode upgradeMode = GetUpgradeMode(aLoadInfo); + if (upgradeMode != HTTPS_FIRST_MODE && + upgradeMode != SCHEMELESS_HTTPS_FIRST_MODE) { return false; } // 2. HTTPS-First only upgrades top-level loads (and speculative connections) @@ -416,9 +402,7 @@ bool nsHTTPSOnlyUtils::ShouldUpgradeHttpsFirstRequest(nsIURI* aURI, // We can upgrade the request - let's log to the console and set the status // so we know that we upgraded the request. - if (aLoadInfo->GetSchemelessInput() == - nsILoadInfo::SchemelessInputTypeSchemeless && - !IsHttpsFirstModeEnabled(isPrivateWin)) { + if (upgradeMode == SCHEMELESS_HTTPS_FIRST_MODE) { nsAutoCString urlCString; aURI->GetSpec(urlCString); NS_ConvertUTF8toUTF16 urlString(urlCString); @@ -604,19 +588,14 @@ void nsHTTPSOnlyUtils::UpdateLoadStateAfterHTTPSFirstDowngrade( mozilla::TimeDuration duration = mozilla::TimeStamp::Now() - navigationStart; - bool isPrivateWin = loadInfo->GetOriginAttributes().IsPrivateBrowsing(); - bool isSchemeless = - loadInfo->GetSchemelessInput() == - nsILoadInfo::SchemelessInputTypeSchemeless && - !nsHTTPSOnlyUtils::IsHttpsFirstModeEnabled(isPrivateWin); - nsresult channelStatus; channel->GetStatus(&channelStatus); RefPtr downgradeData = mozilla::MakeRefPtr(); downgradeData->downgradeTime = duration; downgradeData->isOnTimer = channelStatus == NS_ERROR_NET_TIMEOUT_EXTERNAL; - downgradeData->isSchemeless = isSchemeless; + downgradeData->isSchemeless = + GetUpgradeMode(loadInfo) == SCHEMELESS_HTTPS_FIRST_MODE; aLoadState->SetHttpsFirstDowngradeData(downgradeData); } } @@ -649,8 +628,7 @@ void nsHTTPSOnlyUtils::SubmitHTTPSFirstTelemetry( nsILoadInfo::HTTPS_ONLY_UPGRADED_HTTPS_FIRST) { // Successfully upgraded load - if (aLoadInfo->GetSchemelessInput() == - nsILoadInfo::SchemelessInputTypeSchemeless) { + if (GetUpgradeMode(aLoadInfo) == SCHEMELESS_HTTPS_FIRST_MODE) { upgraded_schemeless.Add(); } else { upgraded.Add(); @@ -668,8 +646,7 @@ bool nsHTTPSOnlyUtils::CouldBeHttpsOnlyError(nsIChannel* aChannel, // If HTTPS-Only Mode is not enabled, then there is nothing to do here. nsCOMPtr loadInfo = aChannel->LoadInfo(); - bool isPrivateWin = loadInfo->GetOriginAttributes().IsPrivateBrowsing(); - if (!IsHttpsOnlyModeEnabled(isPrivateWin)) { + if (GetUpgradeMode(loadInfo) != HTTPS_ONLY_MODE) { return false; } @@ -688,7 +665,7 @@ bool nsHTTPSOnlyUtils::CouldBeHttpsOnlyError(nsIChannel* aChannel, /* static */ bool nsHTTPSOnlyUtils::TestIfPrincipalIsExempt(nsIPrincipal* aPrincipal, - bool aCheckForHTTPSFirst) { + UpgradeMode aUpgradeMode) { static nsCOMPtr sPermMgr; if (!sPermMgr) { sPermMgr = mozilla::components::PermissionManager::Service(); @@ -701,9 +678,12 @@ bool nsHTTPSOnlyUtils::TestIfPrincipalIsExempt(nsIPrincipal* aPrincipal, aPrincipal, "https-only-load-insecure"_ns, &perm); NS_ENSURE_SUCCESS(rv, false); + bool checkForHTTPSFirst = aUpgradeMode == HTTPS_FIRST_MODE || + aUpgradeMode == SCHEMELESS_HTTPS_FIRST_MODE; + return perm == nsIHttpsOnlyModePermission::LOAD_INSECURE_ALLOW || perm == nsIHttpsOnlyModePermission::LOAD_INSECURE_ALLOW_SESSION || - (aCheckForHTTPSFirst && + (checkForHTTPSFirst && perm == nsIHttpsOnlyModePermission::HTTPSFIRST_LOAD_INSECURE_ALLOW); } @@ -715,15 +695,9 @@ void nsHTTPSOnlyUtils::TestSitePermissionAndPotentiallyAddExemption( // If HTTPS-Only or HTTPS-First Mode is not enabled, then there is nothing to // do here. nsCOMPtr loadInfo = aChannel->LoadInfo(); - bool isPrivateWin = loadInfo->GetOriginAttributes().IsPrivateBrowsing(); - bool isHttpsOnly = IsHttpsOnlyModeEnabled(isPrivateWin); - bool isHttpsFirst = IsHttpsFirstModeEnabled(isPrivateWin); - bool isSchemelessHttpsFirst = - (loadInfo->GetSchemelessInput() == - nsILoadInfo::SchemelessInputTypeSchemeless) && - mozilla::StaticPrefs::dom_security_https_first_schemeless() && - !isHttpsOnly && !isHttpsFirst; - if (!isHttpsOnly && !isHttpsFirst && !isSchemelessHttpsFirst) { + UpgradeMode upgradeMode = GetUpgradeMode(loadInfo); + + if (upgradeMode == NO_UPGRADE_MODE) { return; } @@ -745,8 +719,7 @@ void nsHTTPSOnlyUtils::TestSitePermissionAndPotentiallyAddExemption( NS_ENSURE_SUCCESS_VOID(rv); uint32_t httpsOnlyStatus = loadInfo->GetHttpsOnlyStatus(); - bool isPrincipalExempt = TestIfPrincipalIsExempt( - principal, isHttpsFirst || isSchemelessHttpsFirst); + bool isPrincipalExempt = TestIfPrincipalIsExempt(principal, upgradeMode); if (isPrincipalExempt) { httpsOnlyStatus |= nsILoadInfo::HTTPS_ONLY_EXEMPT; } @@ -776,8 +749,7 @@ bool nsHTTPSOnlyUtils::IsSafeToAcceptCORSOrMixedContent( return false; } // Check if HTTPS-Only Mode is enabled for this request - bool isPrivateWin = aLoadInfo->GetOriginAttributes().IsPrivateBrowsing(); - return nsHTTPSOnlyUtils::IsHttpsOnlyModeEnabled(isPrivateWin); + return GetUpgradeMode(aLoadInfo) == HTTPS_ONLY_MODE; } /* static */ @@ -894,29 +866,6 @@ bool nsHTTPSOnlyUtils::UnknownPublicSuffixException(nsIURI* aURI) { return !hasKnownPublicSuffix; } -/* static */ -bool nsHTTPSOnlyUtils::ShouldUpgradeConnection(nsILoadInfo* aLoadInfo) { - // Check if one of parameters is null then webpage can't be loaded yet - // and no further inspections are needed - if (!aLoadInfo) { - return false; - } - - // Check if the HTTPS-Only Mode is even enabled, before we do anything else - bool isPrivateWin = aLoadInfo->GetOriginAttributes().IsPrivateBrowsing(); - if (!IsHttpsOnlyModeEnabled(isPrivateWin) && - !IsHttpsFirstModeEnabled(isPrivateWin)) { - return false; - } - - // If the load is exempt, then don't upgrade - uint32_t httpsOnlyStatus = aLoadInfo->GetHttpsOnlyStatus(); - if (httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_EXEMPT) { - return false; - } - return true; -} - /* static */ bool nsHTTPSOnlyUtils::IsHttpDowngrade(nsIURI* aFromURI, nsIURI* aToURI) { MOZ_ASSERT(aFromURI); diff --git a/dom/security/nsHTTPSOnlyUtils.h b/dom/security/nsHTTPSOnlyUtils.h index d0cb1760feb9..6bea05e8226a 100644 --- a/dom/security/nsHTTPSOnlyUtils.h +++ b/dom/security/nsHTTPSOnlyUtils.h @@ -13,19 +13,35 @@ class nsHTTPSOnlyUtils { public: - /** - * Returns if HTTPS-Only Mode preference is enabled - * @param aFromPrivateWindow true if executing in private browsing mode - * @return true if HTTPS-Only Mode is enabled - */ - static bool IsHttpsOnlyModeEnabled(bool aFromPrivateWindow); + enum UpgradeMode { + NO_UPGRADE_MODE, + HTTPS_ONLY_MODE, + HTTPS_FIRST_MODE, + SCHEMELESS_HTTPS_FIRST_MODE + }; /** - * Returns if HTTPS-First Mode preference is enabled - * @param aFromPrivateWindow true if executing in private browsing mode - * @return true if HTTPS-First Mode is enabled + * Returns the upgrade mode which should be used for a given load, based on + * the prefs currently set. + * @param aFromPrivateWindow Whether the load in question is from a private + * window. + * @param aSchemelessInputType Information about the load possibly originating + * from a schemeful or schemeless address bar + * input. + * @return Upgrade mode as an enum. */ - static bool IsHttpsFirstModeEnabled(bool aFromPrivateWindow); + static UpgradeMode GetUpgradeMode( + bool aFromPrivateWindow, + nsILoadInfo::SchemelessInputType aSchemelessInputType = + nsILoadInfo::SchemelessInputTypeUnset); + + /** + * Returns the upgrade mode which should be used for a given load, based on + * the prefs currently set. + * @param aLoadInfo Load info for the load in question. + * @return Upgrade mode as an enum. + */ + static UpgradeMode GetUpgradeMode(nsILoadInfo* aLoadInfo); /** * Potentially fires an http request for a top-level load (provided by @@ -128,12 +144,13 @@ class nsHTTPSOnlyUtils { bool aUseHttpsFirst = false); /** - * Tests if the HTTPS-Only upgrade exception is set for a given principal. - * @param aPrincipal The principal for whom the exception should be checked - * @return True if exempt + * Tests if a upgrade exception is set for a given principal. + * @param aPrincipal The principal for whom the exception should be checked + * @param aUpgradeMode The upgrade mode that should be checked for + * @return True if exempt */ static bool TestIfPrincipalIsExempt(nsIPrincipal* aPrincipal, - bool aCheckForHTTPSFirst = false); + UpgradeMode aUpgradeMode); /** * Tests if the HTTPS-Only Mode upgrade exception is set for channel result @@ -153,12 +170,6 @@ class nsHTTPSOnlyUtils { */ static bool IsSafeToAcceptCORSOrMixedContent(nsILoadInfo* aLoadInfo); - /** - * Checks if https only or https first mode is enabled for this load - * @param aLoadInfo nsILoadInfo of the request - */ - static bool ShouldUpgradeConnection(nsILoadInfo* aLoadInfo); - /** * Checks if two URIs are same origin modulo the difference that * aToURI scheme is downgraded to http from https aFromURI. diff --git a/netwerk/base/TRRLoadInfo.cpp b/netwerk/base/TRRLoadInfo.cpp index d1650595f8cf..2f9a2e107fb7 100644 --- a/netwerk/base/TRRLoadInfo.cpp +++ b/netwerk/base/TRRLoadInfo.cpp @@ -904,7 +904,8 @@ TRRLoadInfo::SetHasInjectedCookieForCookieBannerHandling( NS_IMETHODIMP TRRLoadInfo::GetSchemelessInput( nsILoadInfo::SchemelessInputType* aSchemelessInput) { - return NS_ERROR_NOT_IMPLEMENTED; + *aSchemelessInput = nsILoadInfo::SchemelessInputTypeUnset; + return NS_OK; } NS_IMETHODIMP diff --git a/netwerk/ipc/DocumentLoadListener.cpp b/netwerk/ipc/DocumentLoadListener.cpp index ec94730fe706..f2f80e0ec506 100644 --- a/netwerk/ipc/DocumentLoadListener.cpp +++ b/netwerk/ipc/DocumentLoadListener.cpp @@ -159,9 +159,9 @@ static auto CreateDocumentLoadInfo(CanonicalBrowsingContext* aBrowsingContext, sandboxFlags); } - bool isPrivateWin = aBrowsingContext->UsePrivateBrowsing(); if (aLoadState->IsExemptFromHTTPSFirstMode() && - nsHTTPSOnlyUtils::IsHttpsFirstModeEnabled(isPrivateWin)) { + nsHTTPSOnlyUtils::GetUpgradeMode(loadInfo) == + nsHTTPSOnlyUtils::HTTPS_FIRST_MODE) { uint32_t httpsOnlyStatus = loadInfo->GetHttpsOnlyStatus(); httpsOnlyStatus |= nsILoadInfo::HTTPS_ONLY_EXEMPT; loadInfo->SetHttpsOnlyStatus(httpsOnlyStatus); @@ -2627,8 +2627,8 @@ nsresult DocumentLoadListener::DoOnStartRequest(nsIRequest* aRequest) { // do not kick in. if (httpChannel) { nsCOMPtr loadInfo = httpChannel->LoadInfo(); - bool isPrivateWin = loadInfo->GetOriginAttributes().IsPrivateBrowsing(); - if (nsHTTPSOnlyUtils::IsHttpsOnlyModeEnabled(isPrivateWin)) { + if (nsHTTPSOnlyUtils::GetUpgradeMode(loadInfo) == + nsHTTPSOnlyUtils::HTTPS_ONLY_MODE) { uint32_t httpsOnlyStatus = loadInfo->GetHttpsOnlyStatus(); httpsOnlyStatus |= nsILoadInfo::HTTPS_ONLY_TOP_LEVEL_LOAD_IN_PROGRESS; loadInfo->SetHttpsOnlyStatus(httpsOnlyStatus); diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp b/uriloader/exthandler/nsExternalHelperAppService.cpp index c0953c6e8c91..67e041eb326d 100644 --- a/uriloader/exthandler/nsExternalHelperAppService.cpp +++ b/uriloader/exthandler/nsExternalHelperAppService.cpp @@ -1594,9 +1594,8 @@ NS_IMETHODIMP nsExternalAppHandler::OnStartRequest(nsIRequest* request) { // the download is in progress we set that flag so that timeout counter // measures do not kick in. nsCOMPtr loadInfo = aChannel->LoadInfo(); - bool isPrivateWin = loadInfo->GetOriginAttributes().IsPrivateBrowsing(); - if (nsHTTPSOnlyUtils::IsHttpsOnlyModeEnabled(isPrivateWin) || - nsHTTPSOnlyUtils::IsHttpsFirstModeEnabled(isPrivateWin)) { + if (nsHTTPSOnlyUtils::GetUpgradeMode(loadInfo) != + nsHTTPSOnlyUtils::NO_UPGRADE_MODE) { uint32_t httpsOnlyStatus = loadInfo->GetHttpsOnlyStatus(); httpsOnlyStatus |= nsILoadInfo::HTTPS_ONLY_DOWNLOAD_IN_PROGRESS; loadInfo->SetHttpsOnlyStatus(httpsOnlyStatus);