Bug 1243586 - Implement Upgrade-Insecure-Requests HTTP Request Header Field. r=rbarnes
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Tue, 01 Mar 2016 09:17:56 -0800
changeset 291030 e769e96e86802aa52db21ec1be64b000d748611e
parent 291029 8a9823b951f6af481fe247fb5a57dac5a2f8bf13
child 291031 ef37a752e6cd360da991756ffb73d4319780d11a
push id19656
push usergwagner@mozilla.com
push dateMon, 04 Apr 2016 13:43:23 +0000
treeherderb2g-inbound@e99061fde28a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrbarnes
bugs1243586
milestone48.0a1
Bug 1243586 - Implement Upgrade-Insecure-Requests HTTP Request Header Field. r=rbarnes
netwerk/protocol/http/nsHttpChannel.cpp
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -311,16 +311,31 @@ nsHttpChannel::AddSecurityMessage(const 
 
 nsresult
 nsHttpChannel::Connect()
 {
     nsresult rv;
 
     LOG(("nsHttpChannel::Connect [this=%p]\n", this));
 
+    // Note that we are only setting the "Upgrade-Insecure-Requests" request
+    // header for *all* navigational requests instead of all requests as
+    // defined in the spec, see:
+    // https://www.w3.org/TR/upgrade-insecure-requests/#preference
+    nsContentPolicyType type = mLoadInfo ?
+                               mLoadInfo->GetExternalContentPolicyType() :
+                               nsIContentPolicy::TYPE_OTHER;
+
+    if (type == nsIContentPolicy::TYPE_DOCUMENT ||
+        type == nsIContentPolicy::TYPE_SUBDOCUMENT) {
+        rv = SetRequestHeader(NS_LITERAL_CSTRING("Upgrade-Insecure-Requests"),
+                              NS_LITERAL_CSTRING("1"), false);
+        NS_ENSURE_SUCCESS(rv, rv);
+    }
+ 
     bool isHttps = false;
     rv = mURI->SchemeIs("https", &isHttps);
     NS_ENSURE_SUCCESS(rv,rv);
     nsCOMPtr<nsIPrincipal> resultPrincipal;
     if (!isHttps && mLoadInfo) {
         nsContentUtils::GetSecurityManager()->
           GetChannelResultPrincipal(this, getter_AddRefs(resultPrincipal));
     }