Backed out changeset 1b7eb33c8ec9 (bug 1656296) for bc failure on browser_test_mixed_content_download.js . CLOSED TREE
authorNarcis Beleuzu <nbeleuzu@mozilla.com>
Wed, 19 Aug 2020 16:39:33 +0300
changeset 545318 269b14751fb00398e6f6ca0d0b48904b0739dd7f
parent 545317 07e51bfc3436c293202dab8f0ef693192c392ec5
child 545319 2ee74dd329ceac5ae14c04a640013044a087e15b
push id124511
push usernbeleuzu@mozilla.com
push dateWed, 19 Aug 2020 13:41:08 +0000
treeherderautoland@269b14751fb0 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1656296
milestone81.0a1
backs out1b7eb33c8ec9c16e3023973f3e03175ebf41ec98
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 1b7eb33c8ec9 (bug 1656296) for bc failure on browser_test_mixed_content_download.js . CLOSED TREE
browser/components/downloads/DownloadsViewUI.jsm
browser/components/downloads/test/browser/browser_downloads_panel_block.js
browser/locales/en-US/chrome/browser/downloads/downloads.properties
dom/security/nsContentSecurityUtils.cpp
dom/security/nsContentSecurityUtils.h
dom/security/test/mixedcontentblocker/browser_test_mixed_content_download.js
toolkit/components/downloads/DownloadCore.jsm
toolkit/components/downloads/DownloadLegacy.jsm
uriloader/base/nsITransfer.idl
uriloader/exthandler/nsExternalHelperAppService.cpp
uriloader/exthandler/nsExternalHelperAppService.h
--- a/browser/components/downloads/DownloadsViewUI.jsm
+++ b/browser/components/downloads/DownloadsViewUI.jsm
@@ -534,17 +534,16 @@ DownloadsViewUI.DownloadElementShell.pro
             hover = { l10n: "downloads-show-more-information" };
           } else {
             // This download was blocked temporarily by reputation check. In the
             // Downloads View, the interface depends on the threat severity.
             switch (verdict) {
               case Downloads.Error.BLOCK_VERDICT_UNCOMMON:
                 this.showButton("askOpenOrRemoveFile");
                 break;
-              case Downloads.Error.BLOCK_VERDICT_INSECURE:
               case Downloads.Error.BLOCK_VERDICT_POTENTIALLY_UNWANTED:
                 this.showButton("askRemoveFileOrAllow");
                 break;
               default:
                 // Assume Downloads.Error.BLOCK_VERDICT_MALWARE
                 this.showButton("removeFile");
                 break;
             }
@@ -622,18 +621,16 @@ DownloadsViewUI.DownloadElementShell.pro
       !this.download.error ||
       !this.download.error.becauseBlockedByReputationCheck
     ) {
       return [null, null];
     }
     switch (this.download.error.reputationCheckVerdict) {
       case Downloads.Error.BLOCK_VERDICT_UNCOMMON:
         return [s.blockedUncommon2, [s.unblockTypeUncommon2, s.unblockTip2]];
-      case Downloads.Error.BLOCK_VERDICT_INSECURE:
-        return [s.blockedInsecure, [s.blockedInsecure, s.unblockTip2]];
       case Downloads.Error.BLOCK_VERDICT_POTENTIALLY_UNWANTED:
         return [
           s.blockedPotentiallyUnwanted,
           [s.unblockTypePotentiallyUnwanted2, s.unblockTip2],
         ];
       case Downloads.Error.BLOCK_VERDICT_MALWARE:
         return [s.blockedMalware, [s.unblockTypeMalware, s.unblockTip2]];
     }
--- a/browser/components/downloads/test/browser/browser_downloads_panel_block.js
+++ b/browser/components/downloads/test/browser/browser_downloads_panel_block.js
@@ -3,17 +3,16 @@
 
 add_task(async function mainTest() {
   await task_resetState();
 
   let verdicts = [
     Downloads.Error.BLOCK_VERDICT_UNCOMMON,
     Downloads.Error.BLOCK_VERDICT_MALWARE,
     Downloads.Error.BLOCK_VERDICT_POTENTIALLY_UNWANTED,
-    Downloads.Error.BLOCK_VERDICT_INSECURE,
   ];
   await task_addDownloads(verdicts.map(v => makeDownload(v)));
 
   // Check that the richlistitem for each download is correct.
   for (let i = 0; i < verdicts.length; i++) {
     await openPanel();
 
     // The current item is always the first one in the listbox since each
--- a/browser/locales/en-US/chrome/browser/downloads/downloads.properties
+++ b/browser/locales/en-US/chrome/browser/downloads/downloads.properties
@@ -27,17 +27,16 @@ stateCompleted=Completed
 stateBlockedParentalControls=Blocked by Parental Controls
 # LOCALIZATION NOTE (blockedMalware, blockedPotentiallyUnwanted,
 #                    blockedUncommon2):
 # These strings are shown in the panel for some types of blocked downloads. You
 # may need to adjust "downloads.width" in "downloads.dtd" if this turns out to
 # be longer than the other existing status strings.
 blockedMalware=This file contains a virus or malware.
 blockedPotentiallyUnwanted=This file may harm your computer.
-blockedInsecure = This file could not be downloaded securely.
 blockedUncommon2=This file is not commonly downloaded.
 
 # LOCALIZATION NOTE (fileMovedOrMissing):
 # Displayed when a complete download which is not at the original folder.
 fileMovedOrMissing=File moved or missing
 
 # LOCALIZATION NOTE (unblockHeaderUnblock, unblockHeaderOpen,
 #                    unblockTypeMalware, unblockTypePotentiallyUnwanted2,
--- a/dom/security/nsContentSecurityUtils.cpp
+++ b/dom/security/nsContentSecurityUtils.cpp
@@ -8,17 +8,16 @@
 
 #include "nsContentSecurityUtils.h"
 
 #include "nsIContentSecurityPolicy.h"
 #include "nsIChannel.h"
 #include "nsIHttpChannel.h"
 #include "nsIMultiPartChannel.h"
 #include "nsIURI.h"
-#include "nsITransfer.h"
 #if defined(XP_WIN)
 #  include "WinUtils.h"
 #  include <wininet.h>
 #endif
 
 #include "js/Array.h"  // JS::GetArrayLength
 #include "mozilla/ExtensionPolicyService.h"
 #include "mozilla/Logging.h"
@@ -1111,17 +1110,17 @@ void nsContentSecurityUtils::LogMessageT
     return;
   }
 
   nsContentUtils::ReportToConsoleByWindowID(
       localizedMsg, nsIScriptError::warningFlag, "Security"_ns, windowID, uri);
 }
 
 /* static */
-long nsContentSecurityUtils::ClassifyDownload(
+bool nsContentSecurityUtils::IsDownloadAllowed(
     nsIChannel* aChannel, const nsAutoCString& aMimeTypeGuess) {
   MOZ_ASSERT(aChannel, "IsDownloadAllowed without channel?");
 
   nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
 
   nsCOMPtr<nsIURI> contentLocation;
   aChannel->GetURI(getter_AddRefs(contentLocation));
 
@@ -1147,33 +1146,33 @@ long nsContentSecurityUtils::ClassifyDow
                         decission != nsIContentPolicy::ACCEPT);
 
   if (StaticPrefs::dom_block_download_insecure() &&
       decission != nsIContentPolicy::ACCEPT) {
     nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
     if (httpChannel) {
       LogMessageToConsole(httpChannel, "MixedContentBlockedDownload");
     }
-    return nsITransfer::DOWNLOAD_POTENTIALLY_UNSAFE;
+    return false;
   }
 
   if (loadInfo->TriggeringPrincipal()->IsSystemPrincipal()) {
-    return nsITransfer::DOWNLOAD_ACCEPTABLE;
+    return true;
   }
 
   if (!StaticPrefs::dom_block_download_in_sandboxed_iframes()) {
-    return nsITransfer::DOWNLOAD_ACCEPTABLE;
+    return true;
   }
 
   uint32_t triggeringFlags = loadInfo->GetTriggeringSandboxFlags();
   uint32_t currentflags = loadInfo->GetSandboxFlags();
 
   if ((triggeringFlags & SANDBOXED_ALLOW_DOWNLOADS) ||
       (currentflags & SANDBOXED_ALLOW_DOWNLOADS)) {
     nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
     if (httpChannel) {
       LogMessageToConsole(httpChannel, "IframeSandboxBlockedDownload");
     }
-    return nsITransfer::DOWNLOAD_FORBIDDEN;
+    return false;
   }
 
-  return nsITransfer::DOWNLOAD_ACCEPTABLE;
-}
\ No newline at end of file
+  return true;
+}
--- a/dom/security/nsContentSecurityUtils.h
+++ b/dom/security/nsContentSecurityUtils.h
@@ -46,22 +46,26 @@ class nsContentSecurityUtils {
 
   // Helper function which performs the following framing checks
   // * CSP frame-ancestors
   // * x-frame-options
   // If any of the two disallows framing, the channel will be cancelled.
   static void PerformCSPFrameAncestorAndXFOCheck(nsIChannel* aChannel);
 
   // Helper function to Check if a Download is allowed;
-  static long ClassifyDownload(nsIChannel* aChannel,
-                               const nsAutoCString& aMimeTypeGuess);
+  static bool IsDownloadAllowed(nsIChannel* aChannel,
+                                const nsAutoCString& aMimeTypeGuess);
 
 #if defined(DEBUG)
   static void AssertAboutPageHasCSP(mozilla::dom::Document* aDocument);
 #endif
 
   static bool ValidateScriptFilename(const char* aFilename,
                                      bool aIsSystemRealm);
+  /*
+   * Checks if a Channel should be able to proceed a download.
+   */
+  static bool IsDownloadAllowed(nsIChannel* aChannel);
   // Helper Function to Post a message to the corresponding JS-Console
   static void LogMessageToConsole(nsIHttpChannel* aChannel, const char* aMsg);
 };
 
 #endif /* nsContentSecurityUtils_h___ */
--- a/dom/security/test/mixedcontentblocker/browser_test_mixed_content_download.js
+++ b/dom/security/test/mixedcontentblocker/browser_test_mixed_content_download.js
@@ -1,14 +1,8 @@
-ChromeUtils.defineModuleGetter(
-  this,
-  "Downloads",
-  "resource://gre/modules/Downloads.jsm"
-);
-
 let INSECURE_BASE_URL =
   getRootDirectory(gTestPath).replace(
     "chrome://mochitests/content/",
     "http://example.com/"
   ) + "download_page.html";
 let SECURE_BASE_URL =
   getRootDirectory(gTestPath).replace(
     "chrome://mochitests/content/",
@@ -50,50 +44,20 @@ function shouldConsoleError() {
         Services.console.unregisterListener(listener);
         resolve();
       }
     }
     Services.console.registerListener(listener);
   });
 }
 
-async function resetDownloads() {
-  // Removes all downloads from the download List
-  let publicList = await Downloads.getList(Downloads.PUBLIC);
-  let downloads = await publicList.getAll();
-  for (let download of downloads) {
-    publicList.remove(download);
-    await download.finalize(true);
-  }
-}
-
-async function shouldNotifyDownloadUI() {
-  // Waits until a Blocked download was added to the Download List
-  let list = await Downloads.getList(Downloads.ALL);
-  await new Promise(res => {
-    const view = {
-      onDownloadAdded: aDownload => {
-        let { error } = aDownload;
-        if (
-          error.becauseBlockedByReputationCheck &&
-          error.reputationCheckVerdict == Downloads.Error.BLOCK_VERDICT_INSECURE
-        ) {
-          res(true);
-          list.removeView(view);
-        }
-      },
-    };
-  });
-}
-
 async function runTest(url, link, checkFunction, decscription) {
   await SpecialPowers.pushPrefEnv({
     set: [["dom.block_download_insecure", true]],
   });
-  await resetDownloads();
 
   let tab = BrowserTestUtils.addTab(gBrowser, url);
   gBrowser.selectedTab = tab;
 
   let browser = gBrowser.getBrowserForTab(tab);
   await BrowserTestUtils.browserLoaded(browser);
 
   info("Checking: " + decscription);
@@ -123,17 +87,17 @@ add_task(async function() {
     INSECURE_BASE_URL,
     "secure",
     shouldPromptDownload,
     "Insecure -> Secure should download"
   );
   await runTest(
     SECURE_BASE_URL,
     "insecure",
-    () => Promise.all([shouldNotifyDownloadUI(), shouldConsoleError()]),
+    shouldConsoleError,
     "Secure -> Insecure should Error"
   );
   await runTest(
     SECURE_BASE_URL,
     "secure",
     shouldPromptDownload,
     "Secure -> Secure should Download"
   );
--- a/toolkit/components/downloads/DownloadCore.jsm
+++ b/toolkit/components/downloads/DownloadCore.jsm
@@ -1685,17 +1685,16 @@ var DownloadError = function(aProperties
 /**
  * These constants are used by the reputationCheckVerdict property and indicate
  * the detailed reason why a download is blocked.
  *
  * @note These values should not be changed because they can be serialized.
  */
 DownloadError.BLOCK_VERDICT_MALWARE = "Malware";
 DownloadError.BLOCK_VERDICT_POTENTIALLY_UNWANTED = "PotentiallyUnwanted";
-DownloadError.BLOCK_VERDICT_INSECURE = "Insecure";
 DownloadError.BLOCK_VERDICT_UNCOMMON = "Uncommon";
 
 DownloadError.prototype = {
   __proto__: Error.prototype,
 
   /**
    * The result code associated with this error.
    */
--- a/toolkit/components/downloads/DownloadLegacy.jsm
+++ b/toolkit/components/downloads/DownloadLegacy.jsm
@@ -14,21 +14,16 @@
 
 "use strict";
 
 ChromeUtils.defineModuleGetter(
   this,
   "Downloads",
   "resource://gre/modules/Downloads.jsm"
 );
-ChromeUtils.defineModuleGetter(
-  this,
-  "DownloadError",
-  "resource://gre/modules/DownloadCore.jsm"
-);
 
 /**
  * nsITransfer implementation that provides a bridge to a Download object.
  *
  * Legacy downloads work differently than the JavaScript implementation.  In the
  * latter, the caller only provides the properties for the Download object and
  * the entire process is handled by the "start" method.  In the legacy
  * implementation, the caller must create a separate object to execute the
@@ -269,43 +264,40 @@ DownloadLegacyTransfer.prototype = {
   init: function DLT_init(
     aSource,
     aTarget,
     aDisplayName,
     aMIMEInfo,
     aStartTime,
     aTempFile,
     aCancelable,
-    aIsPrivate,
-    aDownloadClassification
+    aIsPrivate
   ) {
     return this._nsITransferInitInternal(
       aSource,
       aTarget,
       aDisplayName,
       aMIMEInfo,
       aStartTime,
       aTempFile,
       aCancelable,
-      aIsPrivate,
-      aDownloadClassification
+      aIsPrivate
     );
   },
 
   // nsITransfer
   initWithBrowsingContext(
     aSource,
     aTarget,
     aDisplayName,
     aMIMEInfo,
     aStartTime,
     aTempFile,
     aCancelable,
     aIsPrivate,
-    aDownloadClassification,
     aBrowsingContext,
     aHandleInternally
   ) {
     let browsingContextId;
     let userContextId;
     if (aBrowsingContext && aBrowsingContext.currentWindowGlobal) {
       browsingContextId = aBrowsingContext.id;
       let windowGlobal = aBrowsingContext.currentWindowGlobal;
@@ -316,33 +308,31 @@ DownloadLegacyTransfer.prototype = {
       aSource,
       aTarget,
       aDisplayName,
       aMIMEInfo,
       aStartTime,
       aTempFile,
       aCancelable,
       aIsPrivate,
-      aDownloadClassification,
       userContextId,
       browsingContextId,
       aHandleInternally
     );
   },
 
   _nsITransferInitInternal(
     aSource,
     aTarget,
     aDisplayName,
     aMIMEInfo,
     aStartTime,
     aTempFile,
     aCancelable,
     isPrivate,
-    aDownloadClassification,
     userContextId = 0,
     browsingContextId = 0,
     handleInternally = false
   ) {
     this._cancelable = aCancelable;
 
     let launchWhenSucceeded = false,
       contentType = null,
@@ -356,70 +346,54 @@ DownloadLegacyTransfer.prototype = {
       let appHandler = aMIMEInfo.preferredApplicationHandler;
       if (
         aMIMEInfo.preferredAction == Ci.nsIMIMEInfo.useHelperApp &&
         appHandler instanceof Ci.nsILocalHandlerApp
       ) {
         launcherPath = appHandler.executable.path;
       }
     }
+
     // Create a new Download object associated to a DownloadLegacySaver, and
     // wait for it to be available.  This operation may cause the entire
     // download system to initialize before the object is created.
-    let serialisedDownload = {
+    Downloads.createDownload({
       source: {
         url: aSource.spec,
         isPrivate,
         userContextId,
         browsingContextId,
       },
       target: {
         path: aTarget.QueryInterface(Ci.nsIFileURL).file.path,
         partFilePath: aTempFile && aTempFile.path,
       },
       saver: "legacy",
       launchWhenSucceeded,
       contentType,
       launcherPath,
       handleInternally,
-    };
-
-    // In case the Download was classified as insecure/dangerous
-    // it is already canceled, so we need to generate and attach the
-    // corresponding error to the download.
-    if (aDownloadClassification == Ci.nsITransfer.DOWNLOAD_POTENTIALLY_UNSAFE) {
-      serialisedDownload.errorObj = {
-        becauseBlockedByReputationCheck: true,
-        reputationCheckVerdict: DownloadError.BLOCK_VERDICT_INSECURE,
-      };
-    }
-
-    Downloads.createDownload(serialisedDownload)
-      .then(async aDownload => {
+    })
+      .then(aDownload => {
         // Legacy components keep partial data when they use a ".part" file.
         if (aTempFile) {
           aDownload.tryToKeepPartialData = true;
         }
 
         // Start the download before allowing it to be controlled.  Ignore errors.
         aDownload.start().catch(() => {});
 
         // Start processing all the other events received through nsITransfer.
         this._download = aDownload;
         this._resolveDownload(aDownload);
 
         // Add the download to the list, allowing it to be seen and canceled.
-        await (await Downloads.getList(Downloads.ALL)).add(aDownload);
-        if (serialisedDownload.errorObj) {
-          // In case we added an already canceled dummy download
-          // we need to manually trigger a change event
-          // as all the animations for finishing downloads are
-          // listening on onChange.
-          aDownload._notifyChange();
-        }
+        return Downloads.getList(Downloads.ALL).then(list =>
+          list.add(aDownload)
+        );
       })
       .catch(Cu.reportError);
   },
 
   setSha256Hash(hash) {
     this._sha256Hash = hash;
   },
 
--- a/uriloader/base/nsITransfer.idl
+++ b/uriloader/base/nsITransfer.idl
@@ -10,20 +10,16 @@ interface nsIURI;
 interface nsICancelable;
 interface nsIMIMEInfo;
 interface nsIFile;
 webidl BrowsingContext;
 
 [scriptable, uuid(37ec75d3-97ad-4da8-afaa-eabe5b4afd73)]
 interface nsITransfer : nsIWebProgressListener2 {
 
-    const unsigned long DOWNLOAD_ACCEPTABLE = 0;
-    const unsigned long DOWNLOAD_FORBIDDEN = 1;
-    const unsigned long DOWNLOAD_POTENTIALLY_UNSAFE = 2;
-
     /**
      * Initializes the transfer with certain properties.  This function must
      * be called prior to accessing any properties on this interface.
      *
      * @param aSource The source URI of the transfer. Must not be null.
      *
      * @param aTarget The target URI of the transfer. Must not be null.
      *
@@ -50,28 +46,25 @@ interface nsITransfer : nsIWebProgressLi
      *                    reference to this object until the download is
      *                    finished, at which point they should release the
      *                    reference.
      *
      * @param aIsPrivate Used to determine the privacy status of the new transfer.
      *                   If true, indicates that the transfer was initiated from
      *                   a source that desires privacy.
      *
-     * @param aDownloadClassification Indicates wheter the dowload is unwanted,
-     *                                should be considered dangerous or insecure. 
      */
     void init(in nsIURI aSource,
               in nsIURI aTarget,
               in AString aDisplayName,
               in nsIMIMEInfo aMIMEInfo,
               in PRTime startTime,
               in nsIFile aTempFile,
               in nsICancelable aCancelable,
-              in boolean aIsPrivate,
-              in long aDownloadClassification);
+              in boolean aIsPrivate);
 
     /**
      * Same as init, but allows for passing the browsingContext
      * which will allow for opening the download with the same
      * userContextId
      *
      * @param aBrowsingContext BrowsingContext of the initiating document.
      *
@@ -81,17 +74,16 @@ interface nsITransfer : nsIWebProgressLi
     void initWithBrowsingContext(in nsIURI aSource,
                                  in nsIURI aTarget,
                                  in AString aDisplayName,
                                  in nsIMIMEInfo aMIMEInfo,
                                  in PRTime startTime,
                                  in nsIFile aTempFile,
                                  in nsICancelable aCancelable,
                                  in boolean aIsPrivate,
-                                 in long aDownloadClassification,
                                  in BrowsingContext aBrowsingContext,
                                  in boolean aHandleInternally);
 
     /*
      * Used to notify the transfer object of the hash of the downloaded file.
      * Must be called on the main thread, only after the download has finished
      * successfully.
      * @param aHash The SHA-256 hash in raw bytes of the downloaded file.
--- a/uriloader/exthandler/nsExternalHelperAppService.cpp
+++ b/uriloader/exthandler/nsExternalHelperAppService.cpp
@@ -1573,32 +1573,20 @@ NS_IMETHODIMP nsExternalAppHandler::OnSt
 
   nsCOMPtr<nsIChannel> aChannel = do_QueryInterface(request);
 
   nsresult rv;
   nsAutoCString MIMEType;
   if (mMimeInfo) {
     mMimeInfo->GetMIMEType(MIMEType);
   }
-  // Now get the URI
-  if (aChannel) {
-    aChannel->GetURI(getter_AddRefs(mSourceUrl));
-  }
-
-  mDownloadClassification =
-      nsContentSecurityUtils::ClassifyDownload(aChannel, MIMEType);
-  if (mDownloadClassification != nsITransfer::DOWNLOAD_ACCEPTABLE) {
-    // If the download is rated as forbidden,
-    // we need to silently cancel the request to make sure
-    // it wont show up in the download ui.
+
+  if (!nsContentSecurityUtils::IsDownloadAllowed(aChannel, MIMEType)) {
     mCanceled = true;
     request->Cancel(NS_ERROR_ABORT);
-    if (mDownloadClassification != nsITransfer::DOWNLOAD_FORBIDDEN) {
-      CreateFailedTransfer();
-    }
     return NS_OK;
   }
 
   nsCOMPtr<nsIFileChannel> fileChan(do_QueryInterface(request));
   mIsFileChannel = fileChan != nullptr;
   if (!mIsFileChannel) {
     // It's possible that this request came from the child process and the
     // file channel actually lives there. If this returns true, then our
@@ -1622,16 +1610,21 @@ NS_IMETHODIMP nsExternalAppHandler::OnSt
       bool tmp = false;
       if (NS_SUCCEEDED(
               props->GetPropertyAsBool(u"docshell.newWindowTarget"_ns, &tmp))) {
         mMaybeCloseWindowHelper->SetShouldCloseWindow(tmp);
       }
     }
   }
 
+  // Now get the URI
+  if (aChannel) {
+    aChannel->GetURI(getter_AddRefs(mSourceUrl));
+  }
+
   // retarget all load notifications to our docloader instead of the original
   // window's docloader...
   RetargetLoadNotifications(request);
 
   // Close the underlying DOMWindow if it was opened specifically for the
   // download. We don't run this in the content process, since we have
   // an instance running in the parent as well, which will handle this
   // if needed.
@@ -2182,22 +2175,21 @@ nsresult nsExternalAppHandler::CreateTra
   rv = NS_NewFileURI(getter_AddRefs(target), mFinalFileDestination);
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsIChannel> channel = do_QueryInterface(mRequest);
   if (mBrowsingContext) {
     rv = transfer->InitWithBrowsingContext(
         mSourceUrl, target, EmptyString(), mMimeInfo, mTimeDownloadStarted,
         mTempFile, this, channel && NS_UsePrivateBrowsing(channel),
-        mDownloadClassification, mBrowsingContext, mHandleInternally);
+        mBrowsingContext, mHandleInternally);
   } else {
     rv = transfer->Init(mSourceUrl, target, EmptyString(), mMimeInfo,
                         mTimeDownloadStarted, mTempFile, this,
-                        channel && NS_UsePrivateBrowsing(channel),
-                        mDownloadClassification);
+                        channel && NS_UsePrivateBrowsing(channel));
   }
 
   NS_ENSURE_SUCCESS(rv, rv);
 
   // If we were cancelled since creating the transfer, just return. It is
   // always ok to return NS_OK if we are cancelled. Callers of this function
   // must call Cancel if CreateTransfer fails, but there's no need to cancel
   // twice.
@@ -2251,23 +2243,22 @@ nsresult nsExternalAppHandler::CreateFai
   rv = NS_NewFileURI(getter_AddRefs(pseudoTarget), pseudoFile);
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsIChannel> channel = do_QueryInterface(mRequest);
   if (mBrowsingContext) {
     rv = transfer->InitWithBrowsingContext(
         mSourceUrl, pseudoTarget, EmptyString(), mMimeInfo,
         mTimeDownloadStarted, nullptr, this,
-        channel && NS_UsePrivateBrowsing(channel), mDownloadClassification,
-        mBrowsingContext, mHandleInternally);
+        channel && NS_UsePrivateBrowsing(channel), mBrowsingContext,
+        mHandleInternally);
   } else {
     rv = transfer->Init(mSourceUrl, pseudoTarget, EmptyString(), mMimeInfo,
                         mTimeDownloadStarted, nullptr, this,
-                        channel && NS_UsePrivateBrowsing(channel),
-                        mDownloadClassification);
+                        channel && NS_UsePrivateBrowsing(channel));
   }
   NS_ENSURE_SUCCESS(rv, rv);
 
   // Our failed transfer is ready.
   mTransfer = std::move(transfer);
 
   return NS_OK;
 }
--- a/uriloader/exthandler/nsExternalHelperAppService.h
+++ b/uriloader/exthandler/nsExternalHelperAppService.h
@@ -329,23 +329,16 @@ class nsExternalAppHandler final : publi
   /**
    * One of the REASON_ constants from nsIHelperAppLauncherDialog. Indicates the
    * reason the dialog was shown (unknown content type, server requested it,
    * etc).
    */
   uint32_t mReason;
 
   /**
-   * Indicates if the nsContentSecurityUtils rate this download as
-   * acceptable, potentialy unwanted or illigal request.
-   *
-   */
-  int32_t mDownloadClassification;
-
-  /**
    * Track the executable-ness of the temporary file.
    */
   bool mTempFileIsExecutable;
 
   PRTime mTimeDownloadStarted;
   int64_t mContentLength;
   int64_t mProgress; /**< Number of bytes received (for sending progress
                         notifications). */