Bug 1325501 - Adds ServiceRequest as a drop-in replacement for XHR, which uses conservative TLS settings. r=mossop, a=lizzard
authorRobert Helmer <rhelmer@mozilla.com>
Thu, 22 Dec 2016 15:56:37 -0800
changeset 366075 e99d27f978b499d74744bd16f0b7d41d4169ba1d
parent 366074 467835517dc4ceee4d1ddc7237ce9a181808860f
child 366076 a4c896337223bfaaf068fee315fc0abfae6249da
push id6795
push userjlund@mozilla.com
push dateMon, 23 Jan 2017 14:19:46 +0000
treeherdermozilla-beta@76101b503191 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmossop, lizzard
bugs1325501
milestone52.0a2
Bug 1325501 - Adds ServiceRequest as a drop-in replacement for XHR, which uses conservative TLS settings. r=mossop, a=lizzard MozReview-Commit-ID: 5937m90Q948
toolkit/modules/ServiceRequest.jsm
toolkit/modules/moz.build
toolkit/modules/tests/xpcshell/test_servicerequest_xhr.js
toolkit/modules/tests/xpcshell/xpcshell.ini
new file mode 100644
--- /dev/null
+++ b/toolkit/modules/ServiceRequest.jsm
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const { classes: Cc, interfaces: Ci, results: Cr, utils: Cu } = Components;
+
+/**
+  * This module consolidates various code and data update requests, so flags
+  * can be set, Telemetry collected, etc. in a central place.
+  */
+
+Cu.import("resource://gre/modules/Log.jsm");
+Cu.importGlobalProperties(["XMLHttpRequest"]);
+
+this.EXPORTED_SYMBOLS = [ "ServiceRequest" ];
+
+const logger = Log.repository.getLogger("ServiceRequest");
+logger.level = Log.Level.Debug;
+logger.addAppender(new Log.ConsoleAppender(new Log.BasicFormatter()));
+
+/**
+  * ServiceRequest is intended to be a drop-in replacement for current users
+  * of XMLHttpRequest.
+  *
+  * @param {Object} options - Options for underlying XHR, e.g. { mozAnon: bool }
+  */
+class ServiceRequest extends XMLHttpRequest {
+  constructor(options) {
+    super(options);
+  }
+  /**
+    * Opens an XMLHttpRequest, and sets the NSS "beConservative" flag.
+    * Requests are always async.
+    *
+    * @param {String} method - HTTP method to use, e.g. "GET".
+    * @param {String} url - URL to open.
+    * @param {Object} options - Additional options (reserved for future use).
+    */
+  open(method, url, options) {
+    super.open(method, url, true);
+
+    // Disable cutting edge features, like TLS 1.3, where middleboxes might brick us
+    if (super.channel instanceof Ci.nsIHttpChannelInternal) {
+      super.channel.QueryInterface(Ci.nsIHttpChannelInternal).beConservative = true;
+    }
+  }
+}
--- a/toolkit/modules/moz.build
+++ b/toolkit/modules/moz.build
@@ -78,16 +78,17 @@ EXTRA_JS_MODULES += [
     'RemoteSecurityUI.jsm',
     'RemoteWebProgress.jsm',
     'ResetProfile.jsm',
     'secondscreen/PresentationApp.jsm',
     'secondscreen/RokuApp.jsm',
     'secondscreen/SimpleServiceDiscovery.jsm',
     'SelectContentHelper.jsm',
     'SelectParentHelper.jsm',
+    'ServiceRequest.jsm',
     'Services.jsm',
     'SessionRecorder.jsm',
     'sessionstore/FormData.jsm',
     'sessionstore/ScrollPosition.jsm',
     'sessionstore/XPathGenerator.jsm',
     'ShortcutUtils.jsm',
     'Sntp.jsm',
     'SpatialNavigation.jsm',
new file mode 100644
--- /dev/null
+++ b/toolkit/modules/tests/xpcshell/test_servicerequest_xhr.js
@@ -0,0 +1,25 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+var {classes: Cc, interfaces: Ci, utils: Cu} = Components;
+
+Cu.import("resource://gre/modules/ServiceRequest.jsm");
+
+add_task(function* test_tls_conservative() {
+  const request = new ServiceRequest();
+  request.open("GET", "http://example.com", false);
+
+  const sr_channel = request.channel.QueryInterface(Ci.nsIHttpChannelInternal);
+  ok(("beConservative" in sr_channel), "TLS setting is present in SR channel");
+  ok(sr_channel.beConservative, "TLS setting in request channel is set to conservative for SR");
+
+  const xhr = new XMLHttpRequest();
+  xhr.open("GET", "http://example.com", false);
+
+  const xhr_channel = xhr.channel.QueryInterface(Ci.nsIHttpChannelInternal);
+  ok(("beConservative" in xhr_channel), "TLS setting is present in XHR channel");
+  ok(!xhr_channel.beConservative, "TLS setting in request channel is not set to conservative for XHR");
+
+});
--- a/toolkit/modules/tests/xpcshell/xpcshell.ini
+++ b/toolkit/modules/tests/xpcshell/xpcshell.ini
@@ -67,8 +67,9 @@ skip-if = toolkit == 'android'
 skip-if = toolkit == 'android'
 [test_UpdateUtils_url.js]
 [test_UpdateUtils_updatechannel.js]
 [test_web_channel.js]
 [test_web_channel_broker.js]
 [test_ZipUtils.js]
 skip-if = toolkit == 'android'
 [test_Log_stackTrace.js]
+[test_servicerequest_xhr.js]