Bug 1214305 - Part 7: Decide in the child process whether an intercepted channel should go through a secure upgrade; r=mcmanus

This is OK from a security perspective, since this decision only affects whether the channel will be intercepted with the secure URI in the child process. If the intercepting service worker decides to fall back to an actual network request, we send the request to the parent process with the original pre-upgrade URI, and the parent process will still be in charge of whether a network visible HTTP request should be upgraded.
2015-11-02 11:27:00 -05:00
parent 2490afc624
commit a59b309f54
3 changed files with 27 additions and 4 deletions
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -2402,13 +2402,13 @@ HttpBaseChannel::BypassServiceWorker() const
 }

 bool
-HttpBaseChannel::ShouldIntercept()
+HttpBaseChannel::ShouldIntercept(nsIURI* aURI)
 {
  nsCOMPtr<nsINetworkInterceptController> controller;
  GetCallback(controller);
  bool shouldIntercept = false;
  if (controller && !BypassServiceWorker() && mLoadInfo) {
-    nsresult rv = controller->ShouldPrepareForIntercept(mURI,
+    nsresult rv = controller->ShouldPrepareForIntercept(aURI ? aURI : mURI.get(),
                                                        nsContentUtils::IsNonSubresourceRequest(this),
                                                        &shouldIntercept);
    if (NS_FAILED(rv)) {
--- a/netwerk/protocol/http/HttpBaseChannel.h
+++ b/netwerk/protocol/http/HttpBaseChannel.h
@@ -348,7 +348,7 @@ protected:

  // Returns true if this channel should intercept the network request and prepare
  // for a possible synthesized response instead.
-  bool ShouldIntercept();
+  bool ShouldIntercept(nsIURI* aURI = nullptr);

  friend class PrivateBrowsingChannel<HttpBaseChannel>;
  friend class InterceptFailedOnStop;
--- a/netwerk/protocol/http/HttpChannelChild.cpp
+++ b/netwerk/protocol/http/HttpChannelChild.cpp
@@ -1736,7 +1736,30 @@ HttpChannelChild::AsyncOpen(nsIStreamListener *listener, nsISupports *aContext)
    return NS_OK;
  }

-  if (ShouldIntercept()) {
+  bool isHttps = false;
+  rv = mURI->SchemeIs("https", &isHttps);
+  NS_ENSURE_SUCCESS(rv, rv);
+  nsCOMPtr<nsIPrincipal> resultPrincipal;
+  if (!isHttps && mLoadInfo && mLoadInfo->GetUpgradeInsecureRequests()) {
+      nsContentUtils::GetSecurityManager()->
+        GetChannelResultPrincipal(this, getter_AddRefs(resultPrincipal));
+  }
+  bool shouldUpgrade = false;
+  rv = NS_ShouldSecureUpgrade(mURI,
+                              mLoadInfo,
+                              resultPrincipal,
+                              mPrivateBrowsing,
+                              mAllowSTS,
+                              shouldUpgrade);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  nsCOMPtr<nsIURI> upgradedURI;
+  if (shouldUpgrade) {
+    rv = GetSecureUpgradedURI(mURI, getter_AddRefs(upgradedURI));
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  if (ShouldIntercept(upgradedURI)) {
    mResponseCouldBeSynthesized = true;

    nsCOMPtr<nsINetworkInterceptController> controller;