| author | Ryan VanderMeulen <ryanvm@gmail.com> |
| Thu, 15 Nov 2012 22:16:03 -0500 | |
| changeset 113465 | 6d4a9a61a335b928eec0cc38a0591a2e8c9e0808 |
| parent 113464 | ef467dfbbc0d4d7dc738179c83c35dba2a6648ba |
| child 113466 | f3b9e6da96f25a3da2b88e3effe356ea09a5ab23 |
| push id | 18165 |
| push user | ryanvm@gmail.com |
| push date | Fri, 16 Nov 2012 03:16:03 +0000 |
| treeherder | mozilla-inbound@6d4a9a61a335 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| bugs | 803225 |
| milestone | 19.0a1 |
| backs out | 5bdf8bbcd02f481ea04fef10e255142b0c202ec1 df27137cb7d1a4cb060b72bffed8ffd35212ce0f |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/content/base/src/nsMixedContentBlocker.cpp +++ b/content/base/src/nsMixedContentBlocker.cpp @@ -7,17 +7,16 @@ #include "nsContentPolicyUtils.h" #include "nsINode.h" #include "nsCOMPtr.h" #include "nsIDocShell.h" #include "nsISecurityEventSink.h" #include "nsIWebProgressListener.h" #include "nsContentUtils.h" -#include "nsNetUtil.h" #include "mozilla/Preferences.h" using namespace mozilla; // Is mixed script blocking (fonts, plugin content, scripts, stylesheets, // iframes, websockets, XHR) enabled? bool nsMixedContentBlocker::sBlockMixedScript = false; @@ -49,17 +48,17 @@ public: return NS_OK; } private: // The requesting context for the content load. Generally, a DOM node from // the document that caused the load. nsCOMPtr<nsISupports> mContext; - // The type of mixed content that was blocked, e.g. active or display + // The type of mixed content that was blocked, i.e. active or display unsigned short mType; }; */ nsMixedContentBlocker::nsMixedContentBlocker() { // Cache the pref for mixed script blocking Preferences::AddBoolVarCache(&sBlockMixedScript, @@ -90,19 +89,18 @@ nsMixedContentBlocker::ShouldLoad(uint32 *aDecision = nsIContentPolicy::ACCEPT; // If mixed script blocking and mixed display blocking are turned off // we can return early if (!sBlockMixedScript && !sBlockMixedDisplay) { return NS_OK; } - // Top-level load cannot be mixed content so allow it. - // Creating insecure websocket connections in a secure page is blocked already in websocket constructor. - if (aContentType == nsIContentPolicy::TYPE_DOCUMENT || aContentType == nsIContentPolicy::TYPE_WEBSOCKET) { + // Top-level load cannot be mixed content so allow it + if (aContentType == nsIContentPolicy::TYPE_DOCUMENT) { return NS_OK; } // We need aRequestingLocation to pull out the scheme. If it isn't passed // in, get it from the DOM node. if (!aRequestingLocation) { nsCOMPtr<nsINode> node = do_QueryInterface(aRequestingContext); if (node) { @@ -121,46 +119,21 @@ nsMixedContentBlocker::ShouldLoad(uint32 // Check the parent scheme. If it is not an HTTPS page then mixed content // restrictions do not apply. bool parentIsHttps; if (NS_FAILED(aRequestingLocation->SchemeIs("https", &parentIsHttps)) || !parentIsHttps) { return NS_OK; } - /* Get the scheme of the sub-document resource to be requested. If it is - * a safe to load in an https context then mixed content doesn't apply. - * - * Check Protocol Flags to determine if scheme is safe to load: - * URI_DOES_NOT_RETURN_DATA - e.g. - * "mailto" - * URI_IS_LOCAL_RESOURCE - e.g. - * "data", - * "resource", - * "moz-icon" - * URI_INHERITS_SECURITY_CONTEXT - e.g. - * "javascript" - * URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT - e.g. - * "https", - * "moz-safe-about" - * - */ - bool schemeLocal = false; - bool schemeNoReturnData = false; - bool schemeInherits = false; - bool schemeSecure = false; - if (NS_FAILED(NS_URIChainHasFlags(aContentLocation, nsIProtocolHandler::URI_IS_LOCAL_RESOURCE , &schemeLocal)) || - NS_FAILED(NS_URIChainHasFlags(aContentLocation, nsIProtocolHandler::URI_DOES_NOT_RETURN_DATA, &schemeNoReturnData)) || - NS_FAILED(NS_URIChainHasFlags(aContentLocation, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT, &schemeInherits)) || - NS_FAILED(NS_URIChainHasFlags(aContentLocation, nsIProtocolHandler::URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT, &schemeSecure))) { - return NS_ERROR_FAILURE; - } - - if (schemeLocal || schemeNoReturnData || schemeInherits || schemeSecure) { - return NS_OK; + // Get the scheme of the sub-document resource to be requested. If it is + // an HTTPS load then mixed content doesn't apply. + bool isHttps; + if (NS_FAILED(aContentLocation->SchemeIs("https", &isHttps)) || isHttps) { + return NS_OK; } // If we are here we have mixed content. // Decide whether or not to allow the mixed content based on what type of // content it is and if the user permitted it. switch (aContentType) { case nsIContentPolicy::TYPE_FONT: @@ -217,19 +190,19 @@ nsMixedContentBlocker::ShouldProcess(uin nsIURI* aContentLocation, nsIURI* aRequestingLocation, nsISupports* aRequestingContext, const nsACString& aMimeGuess, nsISupports* aExtra, nsIPrincipal* aRequestPrincipal, int16_t* aDecision) { - if (!aContentLocation) { + if(!aContentLocation) { // aContentLocation may be null when a plugin is loading without an associated URI resource - if (aContentType == TYPE_OBJECT) { + if(aContentType == TYPE_OBJECT) { return NS_OK; } else { return NS_ERROR_FAILURE; } } return ShouldLoad(aContentType, aContentLocation, aRequestingLocation, aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
--- a/content/base/test/Makefile.in +++ b/content/base/test/Makefile.in @@ -580,20 +580,16 @@ MOCHITEST_FILES_B = \ test_XHR_anon.html \ file_XHR_anon.sjs \ test_XHR_system.html \ test_XHR_parameters.html \ test_ipc_messagemanager_blob.html \ test_mixed_content_blocker.html \ file_mixed_content_main.html \ file_mixed_content_server.sjs \ - test_mixed_content_blocker_bug803225.html \ - file_mixed_content_main_bug803225.html \ - file_mixed_content_main_bug803225_websocket_wsh.py \ - bug803225_test_mailto.html \ test_bug789856.html \ file_bug804395.jar \ test_bug804395.html \ test_bug809003.html \ $(NULL) # OOP tests don't work on Windows (bug 763081) or native-fennec # (see Bug 774939)
deleted file mode 100644 --- a/content/base/test/bug803225_test_mailto.html +++ /dev/null @@ -1,13 +0,0 @@ -<!DOCTYPE HTML> -<html> -<!-- -Tests for Mixed Content Blocker - Mailto Protocol Compose Page -https://bugzilla.mozilla.org/show_bug.cgi?id=803225 ---> -<head> <meta charset="utf-8"> -</head> -<body> -Hello -<script>window.close();</script> -</body> -</html>
deleted file mode 100644 --- a/content/base/test/file_mixed_content_main_bug803225.html +++ /dev/null @@ -1,160 +0,0 @@ -<!DOCTYPE HTML> -<html> -<!-- -Tests for Mixed Content Blocker - Allowed Protocols -https://bugzilla.mozilla.org/show_bug.cgi?id=803225 ---> -<head> - <meta charset="utf-8"> - <title>Tests for Bug 62178</title> - <script type="application/javascript" src="/tests/SimpleTest/EventUtils.js"></script> -</head> -<body> -<div id="testContent"></div> - -<!-- Test additional schemes the Mixed Content Blocker should not block - "about" protocol URIs that are URI_SAFE_FOR_UNTRUSTED_CONTENT (moz-safe-about; see nsAboutProtocolHandler::NewURI - "data", - "javascript", - "mailto", - "resource", - "moz-icon", - "wss" ---> - -<script> - - //For tests that require setTimeout, set the timeout interval - var TIMEOUT_INTERVAL = 100; - - var testContent = document.getElementById("testContent"); - - // Test 1 & 2: about and javascript protcols within an iframe - var data = Array(2,2); - var protocols = [ - ["about", ""], //When no source is specified, the frame gets a source of about:blank - ["javascript", "javascript:document.open();document.write='<h1>SUCCESS</h1>';document.close();"], - ]; - for(var i=0; i < protocols.length; i++) - { - var generic_frame = document.createElement("iframe"); - generic_frame.src = protocols[i][1]; - generic_frame.name="generic_protocol"; - - generic_frame.onload = function(i) { - data = {"test": protocols[i][0], "msg": "resource with " + protocols[i][0] + " protocol loaded"}; - parent.postMessage(data, "http://mochi.test:8888"); - }.bind(generic_frame, i) - - generic_frame.onerror = function(i) { - data = {"test": protocols[i][0], "msg": "resource with " + protocols[i][0] + " protocol did not load"}; - parent.postMessage(data, "http://mochi.test:8888"); - }.bind(generic_frame, i); - - testContent.appendChild(generic_frame, i); - } - - // Test 3: for resource within a script tag - var resource_script=document.createElement("script"); - resource_script.src = "resource://gre/modules/XPCOMUtils.jsm"; - resource_script.name = "resource_protocol"; - resource_script.onload = function() { - parent.postMessage({"test": "resource", "msg": "resource with resource protocol loaded"}, "http://mochi.test:8888"); - } - resource_script.onerror = function() { - parent.postMessage({"test": "resource", "msg": "resource with resource protocol did not load"}, "http://mochi.test:8888"); - } - - testContent.appendChild(resource_script); - - // Test 4: moz-icon within an img tag - var image=document.createElement("img"); - image.src = "moz-icon://dummy.exe?size=16"; - image.onload = function() { - parent.postMessage({"test": "mozicon", "msg": "resource with mozicon protocol loaded"}, "http://mochi.test:8888"); - } - image.onerror = function() { - parent.postMessage({"test": "mozicon", "msg": "resource with mozicon protocol did not load"}, "http://mochi.test:8888"); - } - // We don't need to append the image to the document. Doing so causes the image test to run twice. - - // Test 5: about unsafe protocol within an iframe - var unsafe_about_frame = document.createElement("iframe"); - unsafe_about_frame.src = "about:config"; - unsafe_about_frame.name = "unsafe_about_protocol"; - unsafe_about_frame.onload = function() { - parent.postMessage({"test": "unsafe_about", "msg": "resource with unsafe about protocol loaded"}, "http://mochi.test:8888"); - } - unsafe_about_frame.onerror = function() { - parent.postMessage({"test": "unsafe_about", "msg": "resource with unsafe about protocol did not load"}, "http://mochi.test:8888"); - } - testContent.appendChild(unsafe_about_frame); - - // Test 6: data protocol within a script tag - var x = 2; - var newscript = document.createElement("script"); - newscript.src= "data:text/javascript,var x = 4;"; - newscript.onload = function() { - parent.postMessage({"test": "data_protocol", "msg": "resource with data protocol protocol loaded"}, "http://mochi.test:8888"); - } - newscript.onerror = function() { - parent.postMessage({"test": "data_protocol", "msg": "resource with data protocol protocol did not load"}, "http://mochi.test:8888"); - } - testContent.appendChild(newscript); - - // Test 7: mailto protocol - var ioService = SpecialPowers.Cc["@mozilla.org/network/io-service;1"]. - getService(SpecialPowers.Ci.nsIIOService); - - var webHandler = SpecialPowers.Cc["@mozilla.org/uriloader/web-handler-app;1"]. - createInstance(SpecialPowers.Ci.nsIWebHandlerApp); - webHandler.name = "Web Handler"; - webHandler.uriTemplate = "http://example.com/tests/content/base/test/bug803225_test_mailto.html?s=%"; - - var uri = ioService.newURI("mailto:foo@bar.com", null, null); - webHandler.launchWithURI(uri); - - var mailto = false; - - // listen for a messages from a new window - var observer = { - observe: function(subject, topic, data) { - if(topic == "content-document-global-created" && data =="http://example.com") { - parent.postMessage({"test": "mailto", "msg": "resource with mailto protocol loaded"}, "http://mochi.test:8888"); - mailto = true; - } - } - } - var os = SpecialPowers.Cc["@mozilla.org/observer-service;1"]. - getService(SpecialPowers.Components.interfaces.nsIObserverService); - os.addObserver(observer, "content-document-global-created", false); - - function mailtoProtocolStatus() { - if(!mailto) { - //There is no onerror event associated with the WebHandler, and hence we need a setTimeout to check the status - setTimeout(mailtoProtocolStatus, TIMEOUT_INTERVAL); - } - } - - mailtoProtocolStatus(); - - // Test 8: wss protocol - var wss; - wss = new WebSocket("wss://example.com/tests/content/base/test/file_mixed_content_main_bug803225_websocket"); - - var status_wss = "started"; - wss.onopen = function(e) { - status_wss = "opened"; - wss.close(); - } - wss.onclose = function(e) { - if(status_wss == "opened") { - parent.postMessage({"test": "wss", "msg": "resource with wss protocol loaded"}, "http://mochi.test:8888"); - } else { - parent.postMessage({"test": "wss", "msg": "resource with wss protocol did not load"}, "http://mochi.test:8888"); - } - } - -</script> -</body> -</html>
deleted file mode 100644 --- a/content/base/test/file_mixed_content_main_bug803225_websocket_wsh.py +++ /dev/null @@ -1,7 +0,0 @@ -from mod_pywebsocket import msgutil - -def web_socket_do_extra_handshake(request): - pass - -def web_socket_transfer_data(request): - resp = ""
deleted file mode 100644 --- a/content/base/test/test_mixed_content_blocker_bug803225.html +++ /dev/null @@ -1,148 +0,0 @@ -<!DOCTYPE HTML> -<html> -<!-- -Testing Whitelist of Resource Schemed for Mixed Content Blocker -https://bugzilla.mozilla.org/show_bug.cgi?id=803225 ---> -<head> - <meta charset="utf-8"> - <title>Tests for Bug 803225</title> - <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> - <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> - - <script> - - var origBlockDisplay = SpecialPowers.getBoolPref("security.mixed_content.block_display_content"); - var origBlockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content"); - - var counter = 0; - var settings = [ [true, true], [true, false], [false, true], [false, false] ]; - - var blockActive; - var blockDisplay; - - //Cycle through 4 different preference settings. - function changePrefs(x) { - SpecialPowers.setBoolPref("security.mixed_content.block_display_content", settings[x][0]); - SpecialPowers.setBoolPref("security.mixed_content.block_active_content", settings[x][1]); - blockDisplay = SpecialPowers.getBoolPref("security.mixed_content.block_display_content"); - blockActive = SpecialPowers.getBoolPref("security.mixed_content.block_active_content"); - } - - //Set the first set of settings (true, true) and increment the counter. - changePrefs(counter); - counter++; - - var testsToRun = { - /* https - Tests already run as part of bug 62178. */ - about: false, - mozicon: false, - resource: false, - unsafe_about: false, - data_protocol: false, - javascript: false, - mailto: false, - wss: false, - }; - - function log(msg) { - document.getElementById("log").textContent += "\n" + msg; - } - - function checkTestsCompleted() { - for (var prop in testsToRun) { - // some test hasn't run yet so we're not done - if (!testsToRun[prop]) - return; - } - //if the testsToRun are all completed, change the pref and run the tests again until we have cycled through all the prefs. - if(counter < 4) { - for (var prop in testsToRun) { - testsToRun[prop] = false; - } - //call to change the preferences - changePrefs(counter); - counter++; - log("\nblockDisplay set to "+blockDisplay+", blockActive set to "+blockActive+"."); - document.getElementById('framediv').innerHTML = '<iframe id="testHarness" src="https://example.com/tests/content/base/test/file_mixed_content_main_bug803225.html"></iframe>'; - } - else { - //set the prefs back to what they were set to originally - SpecialPowers.setBoolPref("security.mixed_content.block_display_content", origBlockDisplay); - SpecialPowers.setBoolPref("security.mixed_content.block_active_content", origBlockActive); - SimpleTest.finish(); - } - } - - var firstTest = true; - - // listen for a messages from the mixed content test harness - window.addEventListener("message", receiveMessage, false); - function receiveMessage(event) { - if(firstTest) { - log("blockDisplay set to "+blockDisplay+", blockActive set to "+blockActive+"."); - firstTest = false; - } - - log("test: "+event.data.test+", msg: "+event.data.msg + " logging message."); - // test that the load type matches the pref for this type of content - // (i.e. active vs. display) - - switch(event.data.test) { - - /* Mixed Script tests */ - case "about": - ok(event.data.msg == "resource with about protocol loaded", "resource with about protocol did not load"); - testsToRun["about"] = true; - break; - - case "resource": - ok(event.data.msg == "resource with resource protocol loaded", "resource with resource protocol did not load"); - testsToRun["resource"] = true; - break; - - case "mozicon": - ok(event.data.msg == "resource with mozicon protocol loaded", "resource with mozicon protocol did not load"); - testsToRun["mozicon"] = true; - break; - - case "unsafe_about": - // This one should not load - ok(event.data.msg == "resource with unsafe about protocol did not load", "resource with unsafe about protocol loaded"); - testsToRun["unsafe_about"] = true; - break; - - case "data_protocol": - ok(event.data.msg == "resource with data protocol loaded", "resource with data protocol did not load"); - testsToRun["data_protocol"] = true; - break; - - case "javascript": - ok(event.data.msg == "resource with javascript protocol loaded", "resource with javascript protocol did not load"); - testsToRun["javascript"] = true; - break; - - case "wss": - ok(event.data.msg == "resource with wss protocol loaded", "resource with wss protocol did not load"); - testsToRun["wss"] = true; - break; - - case "mailto": - ok(event.data.msg == "resource with mailto protocol loaded", "resource with mailto protocol did not load"); - testsToRun["mailto"] = true; - break; - } - checkTestsCompleted(); - } - - SimpleTest.waitForExplicitFinish(); - </script> -</head> - -<body> - <div id="framediv"> - <iframe id="testHarness" src="https://example.com/tests/content/base/test/file_mixed_content_main_bug803225.html"></iframe> - </div> - <pre id="log"></pre> -</body> -</html>
--- a/netwerk/base/public/nsIProtocolHandler.idl +++ b/netwerk/base/public/nsIProtocolHandler.idl @@ -241,23 +241,16 @@ interface nsIProtocolHandler : nsISuppor const unsigned long URI_CROSS_ORIGIN_NEEDS_WEBAPPS_PERM = (1<<16); /** * Channels for this protocol don't need to spin the event loop to handle * Open() and reads on the resulting stream. */ const unsigned long URI_SYNC_LOAD_IS_OK = (1<<17); - /** - * URI is secure to load in an https page and should not be blocked - * by nsMixedContentBlocker - */ - const unsigned long URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT = (1<<18); - - }; %{C++ /** * Protocol handlers are registered with XPCOM under the following CONTRACTID prefix: */ #define NS_NETWORK_PROTOCOL_CONTRACTID_PREFIX "@mozilla.org/network/protocol;1?name=" /**
--- a/netwerk/protocol/about/nsAboutProtocolHandler.cpp +++ b/netwerk/protocol/about/nsAboutProtocolHandler.cpp @@ -187,17 +187,17 @@ nsSafeAboutProtocolHandler::GetDefaultPo { *result = -1; // no port for moz-safe-about: URLs return NS_OK; } NS_IMETHODIMP nsSafeAboutProtocolHandler::GetProtocolFlags(uint32_t *result) { - *result = URI_NORELATIVE | URI_NOAUTH | URI_LOADABLE_BY_ANYONE | URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT; + *result = URI_NORELATIVE | URI_NOAUTH | URI_LOADABLE_BY_ANYONE; return NS_OK; } NS_IMETHODIMP nsSafeAboutProtocolHandler::NewURI(const nsACString &aSpec, const char *aCharset, // ignore charset info nsIURI *aBaseURI, nsIURI **result)
--- a/netwerk/protocol/http/nsHttpHandler.cpp +++ b/netwerk/protocol/http/nsHttpHandler.cpp @@ -1699,17 +1699,17 @@ nsHttpsHandler::GetDefaultPort(int32_t * { *aPort = NS_HTTPS_DEFAULT_PORT; return NS_OK; } NS_IMETHODIMP nsHttpsHandler::GetProtocolFlags(uint32_t *aProtocolFlags) { - *aProtocolFlags = NS_HTTP_PROTOCOL_FLAGS | URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT; + *aProtocolFlags = NS_HTTP_PROTOCOL_FLAGS; return NS_OK; } NS_IMETHODIMP nsHttpsHandler::NewURI(const nsACString &aSpec, const char *aOriginCharset, nsIURI *aBaseURI, nsIURI **_retval)
--- a/testing/mochitest/android.json +++ b/testing/mochitest/android.json @@ -15,17 +15,16 @@ "content/base/test/test_bug503481.html": "TIMED_OUT", "content/base/test/test_bug503481b.html": "TIMED_OUT", "content/base/test/test_bug505783.html": "TIMED_OUT", "content/base/test/test_copypaste.html": "", "content/base/test/test_csp_redirects.html": "TIMED_OUT", "content/base/test/test_fileapi_slice.html": "bug 775227", "content/base/test/test_mozfiledataurl.html": "TIMED_OUT", "content/base/test/test_mixed_content_blocker.html": "TIMED_OUT, SSL_REQUIRED", - "content/base/test/test_mixed_content_blocker_bug803225.html": "TIMED_OUT, SSL_REQUIRED", "content/base/test/test_mutationobservers.html": "", "content/base/test/test_plugin_freezing.html": "CLICK_TO_PLAY", "content/base/test/test_range_bounds.html": "", "content/base/test/test_reentrant_flush.html": "RANDOM", "content/base/test/test_sync_xhr_timer.xhtml": "RANDOM", "content/base/test/test_websocket.html": "", "content/base/test/test_websocket_basic.html": "", "content/base/test/test_websocket_hello.html": "",