Bug 1877195: Expand mixed-content download protection to all http downloads, r=freddyb,Gijs,anti-tracking-reviewers,pbz

Differential Revision: https://phabricator.services.mozilla.com/D200267
2024-03-01 13:04:39 +00:00
parent baeed2172d
commit b001dbde19
26 changed files with 385 additions and 56 deletions
--- a/dom/security/nsContentSecurityUtils.cpp
+++ b/dom/security/nsContentSecurityUtils.cpp
@@ -1670,37 +1670,25 @@ long nsContentSecurityUtils::ClassifyDownload(
  nsCOMPtr<nsIURI> contentLocation;
  aChannel->GetURI(getter_AddRefs(contentLocation));

-  nsCOMPtr<nsIPrincipal> loadingPrincipal = loadInfo->GetLoadingPrincipal();
-  if (!loadingPrincipal) {
-    loadingPrincipal = loadInfo->TriggeringPrincipal();
-  }
-  // Creating a fake Loadinfo that is just used for the MCB check.
-  nsCOMPtr<nsILoadInfo> secCheckLoadInfo = new mozilla::net::LoadInfo(
-      loadingPrincipal, loadInfo->TriggeringPrincipal(), nullptr,
-      nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
-      nsIContentPolicy::TYPE_FETCH);
-  // Disable HTTPS-Only checks for that loadinfo. This is required because
-  // otherwise nsMixedContentBlocker::ShouldLoad would assume that the request
-  // is safe, because HTTPS-Only is handling it.
-  secCheckLoadInfo->SetHttpsOnlyStatus(nsILoadInfo::HTTPS_ONLY_EXEMPT);
+  if (StaticPrefs::dom_block_download_insecure()) {
+    // If we are not dealing with a potentially trustworthy origin, or a URI
+    // that is safe to be loaded like e.g. data:, then we block the load.
+    bool isInsecureDownload =
+        !nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(
+            contentLocation) &&
+        !nsMixedContentBlocker::URISafeToBeLoadedInSecureContext(
+            contentLocation);

-  int16_t decission = nsIContentPolicy::ACCEPT;
-  nsMixedContentBlocker::ShouldLoad(false,  //  aHadInsecureImageRedirect
-                                    contentLocation,   //  aContentLocation,
-                                    secCheckLoadInfo,  //  aLoadinfo
-                                    false,             //  aReportError
-                                    &decission         // aDecision
-  );
-  Telemetry::Accumulate(mozilla::Telemetry::MIXED_CONTENT_DOWNLOADS,
-                        decission != nsIContentPolicy::ACCEPT);
+    Telemetry::Accumulate(mozilla::Telemetry::INSECURE_DOWNLOADS,
+                          isInsecureDownload);

-  if (StaticPrefs::dom_block_download_insecure() &&
-      decission != nsIContentPolicy::ACCEPT) {
-    nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
-    if (httpChannel) {
-      LogMessageToConsole(httpChannel, "MixedContentBlockedDownload");
+    if (isInsecureDownload) {
+      nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
+      if (httpChannel) {
+        LogMessageToConsole(httpChannel, "BlockedInsecureDownload");
+      }
+      return nsITransfer::DOWNLOAD_POTENTIALLY_UNSAFE;
    }
-    return nsITransfer::DOWNLOAD_POTENTIALLY_UNSAFE;
  }

  if (loadInfo->TriggeringPrincipal()->IsSystemPrincipal()) {