Bug 1207775 - Check LOAD_BYPASS_CLASSIFY_URI flag before adding LOAD_CLASSIFY_URI. r?ckerschb draft default tip classify-by-default-1207775
authorFrancois Marier <francois@mozilla.com>
Mon, 29 Oct 2018 13:01:10 -0700
changeset 491373 5be79c5daf2d
parent 491372 91a21b66babc
push id248
push userfmarier@mozilla.com
push dateMon, 29 Oct 2018 23:21:03 +0000
reviewersckerschb
bugs1207775
milestone65.0a1
Bug 1207775 - Check LOAD_BYPASS_CLASSIFY_URI flag before adding LOAD_CLASSIFY_URI. r?ckerschb
dom/security/nsContentSecurityManager.cpp
netwerk/base/nsIChannel.idl
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -624,18 +624,19 @@ DoContentSecurityChecks(nsIChannel* aCha
   nsCOMPtr<nsILoadContext> loadContext;
   NS_QueryNotificationCallbacks(aChannel, loadContext);
   if (loadContext) {
     nsCOMPtr<mozIDOMWindowProxy> window;
     rv = loadContext->GetAssociatedWindow(getter_AddRefs(window));
     if (NS_SUCCEEDED(rv) && window) {
       uint32_t loadFlags;
       if (NS_SUCCEEDED(aChannel->GetLoadFlags(&loadFlags))) {
-        // TODO: check for opt-out
-        aChannel->SetLoadFlags(loadFlags | nsIChannel::LOAD_CLASSIFY_URI);
+        if (!(loadFlags & nsIChannel::LOAD_BYPASS_CLASSIFY_URI)) {
+          aChannel->SetLoadFlags(loadFlags | nsIChannel::LOAD_CLASSIFY_URI);
+        }
       }
     }
   }
 
   return NS_OK;
 }
 
 static void
--- a/netwerk/base/nsIChannel.idl
+++ b/netwerk/base/nsIChannel.idl
@@ -262,16 +262,23 @@ interface nsIChannel : nsIRequest
 
     /**
      * This flag tells the channel to use URI classifier service to check
      * the URI when opening the channel.
      */
     const unsigned long LOAD_CLASSIFY_URI = 1 << 22;
 
     /**
+     * This flag tells the channel to AVOID using the URI classifier
+     * service to check the URI when opening the channel.
+     */
+    // TODO: don't reuse an existing value!
+    const unsigned long LOAD_BYPASS_CLASSIFY_URI = 1 << 23; // nsICachingChannel uses up to 31
+
+    /**
      * If this flag is set, the media-type content sniffer will be allowed
      * to override any server-set content-type. Otherwise it will only
      * be allowed to override "no content type" and application/octet-stream.
      */
     const unsigned long LOAD_MEDIA_SNIFFER_OVERRIDES_CONTENT_TYPE = 1 << 23;
 
     /**
      * Set to let explicitely provided credentials be used over credentials