Bug 1243586 - Implement Upgrade-Insecure-Requests HTTP Request Header Field. r=rbarnes
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Tue, 01 Mar 2016 09:17:56 -0800
changeset 328842 e769e96e86802aa52db21ec1be64b000d748611e
parent 328841 8a9823b951f6af481fe247fb5a57dac5a2f8bf13
child 328843 ef37a752e6cd360da991756ffb73d4319780d11a
push id6048
push userkmoir@mozilla.com
push dateMon, 06 Jun 2016 19:02:08 +0000
treeherdermozilla-beta@46d72a56c57d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrbarnes
bugs1243586
milestone48.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1243586 - Implement Upgrade-Insecure-Requests HTTP Request Header Field. r=rbarnes
netwerk/protocol/http/nsHttpChannel.cpp
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -311,16 +311,31 @@ nsHttpChannel::AddSecurityMessage(const 
 
 nsresult
 nsHttpChannel::Connect()
 {
     nsresult rv;
 
     LOG(("nsHttpChannel::Connect [this=%p]\n", this));
 
+    // Note that we are only setting the "Upgrade-Insecure-Requests" request
+    // header for *all* navigational requests instead of all requests as
+    // defined in the spec, see:
+    // https://www.w3.org/TR/upgrade-insecure-requests/#preference
+    nsContentPolicyType type = mLoadInfo ?
+                               mLoadInfo->GetExternalContentPolicyType() :
+                               nsIContentPolicy::TYPE_OTHER;
+
+    if (type == nsIContentPolicy::TYPE_DOCUMENT ||
+        type == nsIContentPolicy::TYPE_SUBDOCUMENT) {
+        rv = SetRequestHeader(NS_LITERAL_CSTRING("Upgrade-Insecure-Requests"),
+                              NS_LITERAL_CSTRING("1"), false);
+        NS_ENSURE_SUCCESS(rv, rv);
+    }
+ 
     bool isHttps = false;
     rv = mURI->SchemeIs("https", &isHttps);
     NS_ENSURE_SUCCESS(rv,rv);
     nsCOMPtr<nsIPrincipal> resultPrincipal;
     if (!isHttps && mLoadInfo) {
         nsContentUtils::GetSecurityManager()->
           GetChannelResultPrincipal(this, getter_AddRefs(resultPrincipal));
     }