author Kate McKinley <>
Tue, 26 Jul 2016 13:03:00 +0800
changeset 346851 8dc198cd46fff3b1f6e39ea6e80bb4507bf2cdbe
parent 287209 b8802b591ce273baec00243ce338845741dee21d
child 359648 b508adb15d65a4e5cf535e987b1e0da8d6d7a77f
permissions -rw-r--r--
Bug 1246540 HSTS Priming Proof of Concept HSTS priming changes the order of mixed-content blocking and HSTS upgrades, and adds a priming request to check if a mixed-content load is accesible over HTTPS and the server supports upgrading via the Strict-Transport-Security header. Every call site that uses AsyncOpen2 passes through the mixed-content blocker, and has a LoadInfo. If the mixed-content blocker marks the load as needing HSTS priming, nsHttpChannel will build and send an HSTS priming request on the same URI with the scheme upgraded to HTTPS. If the server allows the upgrade, then channel performs an internal redirect to the HTTPS URI, otherwise use the result of mixed-content blocker to allow or block the load. nsISiteSecurityService adds an optional boolean out parameter to determine if the HSTS state is already cached for negative assertions. If the host has been probed within the previous 24 hours, no HSTS priming check will be sent. (r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)

This is an import of Skia from 2014-07-28 (b1ab5fdd11bb358d738c1bfa63737dc65174a281)

To update to a new version of Skia:

- Clone Skia from upstream using the instructions here:
- Copy the entire source tree from a Skia clone to mozilla-central/gfx/skia/skia
- cd gfx/skia && ./gyp_mozbuild

Once that's done, use git status to view the files that have changed. Keep an eye on GrUserConfig.h
and SkUserConfig.h as those probably don't want to be overwritten by upstream versions.

This process will be made more automatic in the future.