This changes where the IsUpgradeDowngradeEndlessLoop check triggers.
Before this patch, it triggered during the redirect caused by the https
upgrade. With this patch, it triggers during the downgrade for http
redirects. META and JS redirect are still detected during upgrade.
This should be fixed as a follow up (See Bug 1896691).
Downgrade in this context means same url, except with the scheme http
instead of https.
Different query parameters normally lead to different responses by web servers.
Don't consider the '#ref' part of the uri, because it doesn't get send to
the server and therefore can't change the server response.
We can't use the redirect chain anymore, because the query parameters
are trimmed since Bug 1715785.
This also removes the config option dom.security.https_only_check_path_upgrade_downgrade_endless_loop,
because it adds unnecessary complexity. Removing it for this patch is
easier.
https-only, https-first and httpssvc_https_upgrade tests had to be
modified, because they depended on the incorrect handling of query
strings in loop detection.
Differential Revision: https://phabricator.services.mozilla.com/D193672
This variety is specifically used to make the User-Agent header be treated as
a default request header, but it wasn't used properly of the UA override.
This caused the header to be copied by CopyNonDefaultHeaderVisitor.
Differential Revision: https://phabricator.services.mozilla.com/D210478
This changes where the IsUpgradeDowngradeEndlessLoop check triggers.
Before this patch, it triggered during the redirect caused by the https
upgrade. With this patch, it triggers during the downgrade for http
redirects. META and JS redirect are still detected during upgrade.
This should be fixed as a follow up (See Bug 1896691).
Downgrade in this context means same url, except with the scheme http
instead of https.
Different query parameters normally lead to different responses by web servers.
Don't consider the '#ref' part of the uri, because it doesn't get send to
the server and therefore can't change the server response.
We can't use the redirect chain anymore, because the query parameters
are trimmed since Bug 1715785.
This also removes the config option dom.security.https_only_check_path_upgrade_downgrade_endless_loop,
because it adds unnecessary complexity. Removing it for this patch is
easier.
https-only, https-first and httpssvc_https_upgrade tests had to be
modified, because they depended on the incorrect handling of query
strings in loop detection.
Differential Revision: https://phabricator.services.mozilla.com/D193672
For WebDriver BiDi network interception we need to be able to modify the request as late as possible.
This changeset exposes RequestObserversCalled to JS so that we can update it from the webdriver bidi codebase.
Differential Revision: https://phabricator.services.mozilla.com/D208011
This patch is a no-op for observable functionality. All it does is add a bit to the partitionKey for OA, and then adds plumbing to be able to set it, and where it is required, sets it to false.
This is serialized identically to the absence of the bit, so nothing changes at all.
Differential Revision: https://phabricator.services.mozilla.com/D203155
This patch is a no-op for observable functionality. All it does is add a bit to the partitionKey for OA, and then adds plumbing to be able to set it, and where it is required, sets it to false.
This is serialized identically to the absence of the bit, so nothing changes at all.
Differential Revision: https://phabricator.services.mozilla.com/D203155
This patch is a no-op for observable functionality. All it does is add a bit to the partitionKey for OA, and then adds plumbing to be able to set it, and where it is required, sets it to false.
This is serialized identically to the absence of the bit, so nothing changes at all.
Differential Revision: https://phabricator.services.mozilla.com/D203155
This patch is a no-op for observable functionality. All it does is add a bit to the partitionKey for OA, and then adds plumbing to be able to set it, and where it is required, sets it to false.
This is serialized identically to the absence of the bit, so nothing changes at all.
Differential Revision: https://phabricator.services.mozilla.com/D203155
This notification would be sent by HttpChannelChild before
calling onStopRequest for a channel.
This patch also updates some comments regarding the on stop topic
which referenced the non-existent http-on-stop-connect
Differential Revision: https://phabricator.services.mozilla.com/D204482
The userAgent header can be modified in several ways, such as using the
header field to set a custom userAgent header for a fetch request. We
want to preserve the custom header, so we shouldn't recalculate the
userAgent header if it's been overridden after the channel was created.
Otherwise, the custom header won't work.
Differential Revision: https://phabricator.services.mozilla.com/D197655
Per fetch spec [1], we should perform CSP upgrade-insecure-requests and mixed
content upgrades before determining the referrer, while HSTS upgrades happen
after the referrer is determined. In our implementation, we determine the
referrer before all the upgrades, so we need to recalculate the referrer
after we upgrade through anything but HSTS.
[1] https://fetch.spec.whatwg.org/#main-fetch
Differential Revision: https://phabricator.services.mozilla.com/D193417
The userAgent header can be modified in several ways, such as using the
header field to set a custom userAgent header for a fetch request. We
want to preserve the custom header, so we shouldn't recalculate the
userAgent header if it's been overridden after the channel was created.
Otherwise, the custom header won't work.
Differential Revision: https://phabricator.services.mozilla.com/D197655
