corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1220810 - Hardcode localhost to loopback, r=ckerschb,necko-reviewers,dragana

Browse Source 
This patch make localhost addresses resolve to a loopback address,
thereby ensuring that we can safely treat http://localhost/ and
http://*.localhost/ as "Potentially Trustworthy". This addresses
various bug reports from developers and aligns with specifications.

See https://groups.google.com/g/mozilla.dev.platform/c/sZdEYTiEBdE

Differential Revision: https://phabricator.services.mozilla.com/D92716
This commit is contained in:
Frédéric Wang
2020-10-22 07:36:15 +00:00
parent 63190b018b
commit 72217d8457
27 changed files with 441 additions and 283 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
netwerk/base/nsProtocolProxyService.cpp
View File

@@ -36,7 +36,9 @@
#include "nsISystemProxySettings.h"
#include "nsINetworkLinkService.h"
#include "nsIHttpChannelInternal.h"
#include "mozilla/dom/nsMixedContentBlocker.h"
#include "mozilla/Logging.h"
#include "mozilla/StaticPrefs_network.h"
#include "mozilla/Tokenizer.h"
#include "mozilla/Unused.h"
@@ -771,7 +773,6 @@ nsProtocolProxyService::nsProtocolProxyService()
mSOCKSProxyRemoteDNS(false),
mProxyOverTLS(true),
mWPADOverDHCPEnabled(false),
mAllowHijackingLocalhost(false),
mPACMan(nullptr),
mSessionStart(PR_Now()),
mFailedProxyTimeout(30 * 60) // 30 minute default
@@ -1019,11 +1020,6 @@ void nsProtocolProxyService::PrefsChanged(nsIPrefBranch* prefBranch,
reloadPAC = reloadPAC || mProxyConfig == PROXYCONFIG_WPAD;
}
if (!pref || !strcmp(pref, PROXY_PREF("allow_hijacking_localhost"))) {
proxy_GetBoolPref(prefBranch, PROXY_PREF("allow_hijacking_localhost"),
mAllowHijackingLocalhost);
}
if (!pref || !strcmp(pref, PROXY_PREF("failover_timeout")))
proxy_GetIntPref(prefBranch, PROXY_PREF("failover_timeout"),
mFailedProxyTimeout);
@@ -1097,9 +1093,12 @@ bool nsProtocolProxyService::CanUseProxy(nsIURI* aURI, int32_t defaultPort) {
// Don't use proxy for local hosts (plain hostname, no dots)
if ((!is_ipaddr && mFilterLocalHosts && !host.Contains('.')) ||
(!mAllowHijackingLocalhost &&
(host.EqualsLiteral("127.0.0.1") || host.EqualsLiteral("::1") ||
host.EqualsLiteral("localhost")))) {
// This method detects if we have network.proxy.allow_hijacking_localhost
// pref enabled. If it's true then this method will always return false
// otherwise it returns true if the host matches an address that's
// hardcoded to the loopback address.
(!StaticPrefs::network_proxy_allow_hijacking_localhost() &&
nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackHost(host))) {
LOG(("Not using proxy for this local host [%s]!\n", host.get()));
return false; // don't allow proxying
}