Bug 1622111 - Convert four security.mixed_content.* prefs in nsMixedContentBlocker r=njn
authorKristen Wright <kwright@mozilla.com>
Thu, 19 Mar 2020 00:54:29 +0000
changeset 520249 dbd863e5406fe7167b75289b877b2a3d605c84f1
parent 520248 3048351ee3e8d91ae5a87c00d4f179ab8827e146
child 520250 ed8741d48e2ad8d98b0d3241312f8a58a7e11b2d
push id37246
push useropoprus@mozilla.com
push dateWed, 25 Mar 2020 03:40:33 +0000
treeherdermozilla-central@14b59d4adc95 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnjn
bugs1622111
milestone76.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1622111 - Convert four security.mixed_content.* prefs in nsMixedContentBlocker r=njn Converts `security.mixed_content.block_object_subrequest`, `security.mixed_content.block_display_content`, `security.mixed_content.upgrade_display_content`, and `security.mixed_content.block_active_content` to static prefs. Differential Revision: https://phabricator.services.mozilla.com/D67205
dom/security/nsMixedContentBlocker.cpp
dom/security/nsMixedContentBlocker.h
mobile/android/app/mobile.js
modules/libpref/init/StaticPrefList.yaml
modules/libpref/init/all.js
netwerk/base/LoadInfo.cpp
netwerk/protocol/http/nsHttpChannel.cpp
--- a/dom/security/nsMixedContentBlocker.cpp
+++ b/dom/security/nsMixedContentBlocker.cpp
@@ -31,38 +31,27 @@
 #include "nsAsyncRedirectVerifyHelper.h"
 #include "mozilla/LoadInfo.h"
 #include "nsISiteSecurityService.h"
 #include "prnetdb.h"
 
 #include "mozilla/BasePrincipal.h"
 #include "mozilla/Logging.h"
 #include "mozilla/StaticPrefs_dom.h"
+#include "mozilla/StaticPrefs_security.h"
 #include "mozilla/Telemetry.h"
 #include "mozilla/dom/ContentChild.h"
 #include "mozilla/ipc/URIUtils.h"
 #include "mozilla/net/DNS.h"
 
 using namespace mozilla;
 using namespace mozilla::dom;
 
 enum nsMixedContentBlockerMessageType { eBlocked = 0x00, eUserOverride = 0x01 };
 
-// Is mixed script blocking (fonts, plugin content, scripts, stylesheets,
-// iframes, websockets, XHR) enabled?
-bool nsMixedContentBlocker::sBlockMixedScript = false;
-
-bool nsMixedContentBlocker::sBlockMixedObjectSubrequest = false;
-
-// Is mixed display content blocking (images, audio, video) enabled?
-bool nsMixedContentBlocker::sBlockMixedDisplay = false;
-
-// Is mixed display content upgrading (images, audio, video) enabled?
-bool nsMixedContentBlocker::sUpgradeMixedDisplay = false;
-
 // Whitelist of hostnames that should be considered secure contexts even when
 // served over http:// or ws://
 nsCString* nsMixedContentBlocker::sSecurecontextWhitelist = nullptr;
 bool nsMixedContentBlocker::sSecurecontextWhitelistCached = false;
 
 enum MixedContentHSTSState {
   MCB_HSTS_PASSIVE_NO_HSTS = 0,
   MCB_HSTS_PASSIVE_WITH_HSTS = 1,
@@ -212,34 +201,16 @@ class nsMixedContentEvent : public Runna
 
   // The type of mixed content detected, e.g. active or display
   const MixedContentTypes mType;
 
   // Indicates whether the top level load is https or not.
   bool mRootHasSecureConnection;
 };
 
-nsMixedContentBlocker::nsMixedContentBlocker() {
-  // Cache the pref for mixed script blocking
-  Preferences::AddBoolVarCache(&sBlockMixedScript,
-                               "security.mixed_content.block_active_content");
-
-  Preferences::AddBoolVarCache(
-      &sBlockMixedObjectSubrequest,
-      "security.mixed_content.block_object_subrequest");
-
-  // Cache the pref for mixed display blocking
-  Preferences::AddBoolVarCache(&sBlockMixedDisplay,
-                               "security.mixed_content.block_display_content");
-
-  // Cache the pref for mixed display upgrading
-  Preferences::AddBoolVarCache(
-      &sUpgradeMixedDisplay, "security.mixed_content.upgrade_display_content");
-}
-
 nsMixedContentBlocker::~nsMixedContentBlocker() = default;
 
 NS_IMPL_ISUPPORTS(nsMixedContentBlocker, nsIContentPolicy, nsIChannelEventSink)
 
 static void LogMixedContentMessage(
     MixedContentTypes aClassification, nsIURI* aContentLocation,
     Document* aRootDoc, nsMixedContentBlockerMessageType aMessageType) {
   nsAutoCString messageCategory;
@@ -534,18 +505,19 @@ bool nsMixedContentBlocker::IsPotentiall
  * logic.  Called from non-static ShouldLoad().
  */
 nsresult nsMixedContentBlocker::ShouldLoad(
     bool aHadInsecureImageRedirect, uint32_t aContentType,
     nsIURI* aContentLocation, nsIURI* aRequestingLocation,
     nsISupports* aRequestingContext, const nsACString& aMimeGuess,
     nsIPrincipal* aRequestPrincipal, int16_t* aDecision) {
   // Asserting that we are on the main thread here and hence do not have to lock
-  // and unlock sBlockMixedScript and sBlockMixedDisplay before reading/writing
-  // to them.
+  // and unlock security.mixed_content.block_active_content and
+  // security.mixed_content.block_display_content before reading/writing to
+  // them.
   MOZ_ASSERT(NS_IsMainThread());
 
   bool isPreload = nsContentUtils::IsPreloadType(aContentType);
 
   // The content policy type that we receive may be an internal type for
   // scripts.  Let's remember if we have seen a worker type, and reset it to the
   // external type in all cases right now.
   bool isWorkerType =
@@ -642,17 +614,17 @@ nsresult nsMixedContentBlocker::ShouldLo
 
     // Static display content is considered moderate risk for mixed content so
     // these will be blocked according to the mixed display preference
     case TYPE_IMAGE:
     case TYPE_MEDIA:
       classification = eMixedDisplay;
       break;
     case TYPE_OBJECT_SUBREQUEST:
-      if (sBlockMixedObjectSubrequest) {
+      if (StaticPrefs::security_mixed_content_block_object_subrequest()) {
         classification = eMixedScript;
       } else {
         classification = eMixedDisplay;
       }
       break;
 
     // Active content (or content with a low value/risk-of-blocking ratio)
     // that has been explicitly evaluated; listed here for documentation
@@ -860,17 +832,17 @@ nsresult nsMixedContentBlocker::ShouldLo
   }
 
   // Allow http: mixed content if we are choosing to upgrade them when the
   // pref "security.mixed_content.upgrade_display_content" is true.
   // This behaves like GetUpgradeInsecureRequests above in that the channel will
   // be upgraded to https before fetching any data from the netwerk.
   bool isUpgradableDisplayType =
       nsContentUtils::IsUpgradableDisplayType(aContentType) &&
-      ShouldUpgradeMixedDisplayContent();
+      StaticPrefs::security_mixed_content_upgrade_display_content();
   if (isHttpScheme && isUpgradableDisplayType) {
     *aDecision = ACCEPT;
     return NS_OK;
   }
 
   // The page might have set the CSP directive 'block-all-mixed-content' which
   // should block not only active mixed content loads but in fact all mixed
   // content loads, see https://www.w3.org/TR/mixed-content/#strict-checking
@@ -1018,24 +990,25 @@ nsresult nsMixedContentBlocker::ShouldLo
         SerializeURI(innerContentLocation, uri);
         cc->SendAccumulateMixedContentHSTS(uri, active, originAttributes);
       }
     }
   }
 
   // set hasMixedContentObjectSubrequest on this object if necessary
   if (aContentType == TYPE_OBJECT_SUBREQUEST) {
-    if (!sBlockMixedObjectSubrequest) {
+    if (!StaticPrefs::security_mixed_content_block_object_subrequest()) {
       rootDoc->WarnOnceAbout(Document::eMixedDisplayObjectSubrequest);
     }
   }
 
   // If the content is display content, and the pref says display content should
   // be blocked, block it.
-  if (sBlockMixedDisplay && classification == eMixedDisplay) {
+  if (StaticPrefs::security_mixed_content_block_display_content() &&
+      classification == eMixedDisplay) {
     if (allowMixedContent) {
       LogMixedContentMessage(classification, aContentLocation, rootDoc,
                              eUserOverride);
       *aDecision = nsIContentPolicy::ACCEPT;
       // See if mixed display content has already loaded on the page or if the
       // state needs to be updated here. If mixed display hasn't loaded
       // previously, then we need to call OnSecurityChange() to update the UI.
       if (rootDoc->GetHasMixedDisplayContentLoaded()) {
@@ -1079,17 +1052,18 @@ nsresult nsMixedContentBlocker::ShouldLo
         nativeDocShell->nsDocLoader::OnSecurityChange(
             aRequestingContext,
             (state |
              nsIWebProgressListener::STATE_BLOCKED_MIXED_DISPLAY_CONTENT));
       }
     }
     return NS_OK;
 
-  } else if (sBlockMixedScript && classification == eMixedScript) {
+  } else if (StaticPrefs::security_mixed_content_block_active_content() &&
+             classification == eMixedScript) {
     // If the content is active content, and the pref says active content should
     // be blocked, block it unless the user has choosen to override the pref
     if (allowMixedContent) {
       LogMixedContentMessage(classification, aContentLocation, rootDoc,
                              eUserOverride);
       *aDecision = nsIContentPolicy::ACCEPT;
       // See if the state will change here. If it will, only then do we need to
       // call OnSecurityChange() to update the UI.
@@ -1265,12 +1239,8 @@ void nsMixedContentBlocker::AccumulateMi
       Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS,
                             MCB_HSTS_ACTIVE_NO_HSTS);
     } else {
       Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS,
                             MCB_HSTS_ACTIVE_WITH_HSTS);
     }
   }
 }
-
-bool nsMixedContentBlocker::ShouldUpgradeMixedDisplayContent() {
-  return sUpgradeMixedDisplay;
-}
--- a/dom/security/nsMixedContentBlocker.h
+++ b/dom/security/nsMixedContentBlocker.h
@@ -40,17 +40,17 @@ class nsMixedContentBlocker : public nsI
  private:
   virtual ~nsMixedContentBlocker();
 
  public:
   NS_DECL_ISUPPORTS
   NS_DECL_NSICONTENTPOLICY
   NS_DECL_NSICHANNELEVENTSINK
 
-  nsMixedContentBlocker();
+  nsMixedContentBlocker() = default;
 
   // See:
   // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
   static bool IsPotentiallyTrustworthyLoopbackHost(
       const nsACString& aAsciiHost);
   static bool IsPotentiallyTrustworthyLoopbackURL(nsIURI* aURL);
   static bool IsPotentiallyTrustworthyOnion(nsIURI* aURL);
   static bool IsPotentiallyTrustworthyOrigin(nsIURI* aURI);
@@ -71,22 +71,17 @@ class nsMixedContentBlocker : public nsI
                              const nsACString& aMimeGuess,
                              nsIPrincipal* aRequestPrincipal,
                              int16_t* aDecision);
   static void AccumulateMixedContentHSTS(
       nsIURI* aURI, bool aActive, const OriginAttributes& aOriginAttributes);
 
   static bool URISafeToBeLoadedInSecureContext(nsIURI* aURI);
 
-  static bool ShouldUpgradeMixedDisplayContent();
   static void OnPrefChange(const char* aPref, void* aClosure);
   static void GetSecureContextWhiteList(nsACString& aList);
   static void Shutdown();
 
-  static bool sBlockMixedScript;
-  static bool sBlockMixedObjectSubrequest;
-  static bool sBlockMixedDisplay;
-  static bool sUpgradeMixedDisplay;
   static bool sSecurecontextWhitelistCached;
   static nsCString* sSecurecontextWhitelist;
 };
 
 #endif /* nsMixedContentBlocker_h___ */
--- a/mobile/android/app/mobile.js
+++ b/mobile/android/app/mobile.js
@@ -387,19 +387,16 @@ pref("app.channelURL", "https://www.mozi
   pref("app.releaseNotesURL", "https://www.mozilla.com/%LOCALE%/mobile/%VERSION%/releasenotes/");
 #endif
 
 // Name of alternate about: page for certificate errors (when undefined, defaults to about:neterror)
 pref("security.alternate_certificate_error_page", "certerror");
 
 pref("security.warn_viewing_mixed", false); // Warning is disabled.  See Bug 616712.
 
-// Block insecure active content on https pages
-pref("security.mixed_content.block_active_content", true);
-
 // Enable pinning
 pref("security.cert_pinning.enforcement_level", 1);
 
 // Only fetch OCSP for EV certificates
 pref("security.OCSP.enabled", 2);
 
 // Override some named colors to avoid inverse OS themes
 pref("ui.-moz-dialog", "#efebe7");
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@@ -8029,16 +8029,41 @@
 
 # Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but
 # not allowed for Firefox Desktop in firefox.js
 - name: security.allow_eval_in_parent_process
   type: RelaxedAtomicBool
   value: true
   mirror: always
 
+# Pref to block mixed scripts (fonts, plugin content, scripts, stylesheets,
+# iframes, websockets, XHR).
+- name: security.mixed_content.block_active_content
+  type: bool
+  value: @IS_ANDROID@
+  mirror: always
+
+# Pref to block sub requests that happen within an object.
+- name: security.mixed_content.block_object_subrequest
+  type: bool
+  value: false
+  mirror: always
+
+# Pref for mixed display content blocking (images, audio, video).
+- name: security.mixed_content.block_display_content
+  type: bool
+  value: false
+  mirror: always
+
+# Pref for mixed display content upgrading (images, audio, video).
+- name: security.mixed_content.upgrade_display_content
+  type: bool
+  value: false
+  mirror: always
+
 # Whether strict file origin policy is in effect. "False" is traditional.
 - name: security.fileuri.strict_origin_policy
   type: RelaxedAtomicBool
   value: true
   mirror: always
 
 
 # The level to which we sandbox the content process. firefox.js sets the
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -2287,26 +2287,16 @@ pref("security.directory",              
 pref("security.dialog_enable_delay", 1000);
 pref("security.notification_enable_delay", 500);
 
 #ifdef EARLY_BETA_OR_EARLIER
   // Disallow web documents loaded with the SystemPrincipal
   pref("security.disallow_non_local_systemprincipal_in_tests", false);
 #endif
 
-// Mixed content blocking
-pref("security.mixed_content.block_active_content", false);
-pref("security.mixed_content.block_display_content", false);
-
-// Upgrade mixed display content before it's blocked
-pref("security.mixed_content.upgrade_display_content", false);
-
-// Block sub requests that happen within an object
-pref("security.mixed_content.block_object_subrequest", false);
-
 // Sub-resource integrity
 pref("security.sri.enable", true);
 
 // OCSP must-staple
 pref("security.ssl.enable_ocsp_must_staple", true);
 
 // Insecure Form Field Warning
 pref("security.insecure_field_warning.contextual.enabled", false);
--- a/netwerk/base/LoadInfo.cpp
+++ b/netwerk/base/LoadInfo.cpp
@@ -15,16 +15,17 @@
 #include "mozilla/dom/Performance.h"
 #include "mozilla/dom/PerformanceStorage.h"
 #include "mozilla/dom/BrowserChild.h"
 #include "mozilla/dom/ToJSValue.h"
 #include "mozilla/dom/BrowsingContext.h"
 #include "mozilla/net/CookieJarSettings.h"
 #include "mozilla/NullPrincipal.h"
 #include "mozilla/StaticPrefs_network.h"
+#include "mozilla/StaticPrefs_security.h"
 #include "mozIThirdPartyUtil.h"
 #include "nsFrameLoader.h"
 #include "nsFrameLoaderOwner.h"
 #include "nsIContentSecurityPolicy.h"
 #include "nsIDocShell.h"
 #include "mozilla/dom/Document.h"
 #include "nsCookiePermission.h"
 #include "nsIInterfaceRequestorUtils.h"
@@ -273,17 +274,17 @@ LoadInfo::LoadInfo(
     // preloads.
     mUpgradeInsecureRequests =
         aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(false) ||
         (nsContentUtils::IsPreloadType(mInternalContentPolicyType) &&
          aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(true));
 
     if (nsContentUtils::IsUpgradableDisplayType(externalType)) {
       if (mLoadingPrincipal->SchemeIs("https")) {
-        if (nsMixedContentBlocker::ShouldUpgradeMixedDisplayContent()) {
+        if (StaticPrefs::security_mixed_content_upgrade_display_content()) {
           mBrowserUpgradeInsecureRequests = true;
         } else {
           mBrowserWouldUpgradeInsecureRequests = true;
         }
       }
     }
   }
 
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -8233,17 +8233,17 @@ nsresult nsHttpChannel::ContinueOnStopRe
   }
   // Browser upgrading only happens on HTTPS pages for mixed passive content
   // when upgrading is enabled.
   nsCString upgradeKey;
   if (IsHTTPS()) {
     // Browser upgrading is disabled and the content is already HTTPS
     upgradeKey = NS_LITERAL_CSTRING("disabledNoReason");
     // Checks "security.mixed_content.upgrade_display_content" is true
-    if (nsMixedContentBlocker::ShouldUpgradeMixedDisplayContent()) {
+    if (StaticPrefs::security_mixed_content_upgrade_display_content()) {
       if (mLoadInfo->GetBrowserUpgradeInsecureRequests()) {
         // HTTP content the browser has upgraded to HTTPS
         upgradeKey = NS_LITERAL_CSTRING("enabledUpgrade");
       } else {
         // Content wasn't upgraded but is already HTTPS
         upgradeKey = NS_LITERAL_CSTRING("enabledNoReason");
       }
     }
@@ -8251,17 +8251,17 @@ nsresult nsHttpChannel::ContinueOnStopRe
     chanDisposition =
         static_cast<ChannelDisposition>(chanDisposition + kHttpsCanceled);
   } else if (mLoadInfo->GetBrowserWouldUpgradeInsecureRequests()) {
     // HTTP content the browser would upgrade to HTTPS if upgrading was
     // enabled
     upgradeKey = NS_LITERAL_CSTRING("disabledUpgrade");
   } else {
     // HTTP content that wouldn't upgrade
-    upgradeKey = nsMixedContentBlocker::ShouldUpgradeMixedDisplayContent()
+    upgradeKey = StaticPrefs::security_mixed_content_upgrade_display_content()
                      ? NS_LITERAL_CSTRING("enabledWont")
                      : NS_LITERAL_CSTRING("disabledWont");
   }
   Telemetry::AccumulateCategoricalKeyed(upgradeKey, upgradeChanDisposition);
   LOG(("  nsHttpChannel::OnStopRequest ChannelDisposition %d\n",
        chanDisposition));
   Telemetry::Accumulate(Telemetry::HTTP_CHANNEL_DISPOSITION, chanDisposition);