speculative fix for citibank/upgrade-insecure-requests

2020-03-14 21:49:07 -07:00 · 2020-03-14 21:49:07 -07:00 · d7c27ac739
parent 2777050abd
commit d7c27ac739
1 changed files with 20 additions and 5 deletions
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@ -368,6 +368,21 @@ nsHttpChannel::Connect()

    LOG(("nsHttpChannel::Connect [this=%p]\n", this));

+    // Note that we are only setting the "Upgrade-Insecure-Requests" request
+    // header for *all* navigational requests instead of all requests as
+    // defined in the spec, see:
+    // https://www.w3.org/TR/upgrade-insecure-requests/#preference
+    nsContentPolicyType type = mLoadInfo ?
+                               mLoadInfo->GetExternalContentPolicyType() :
+                               nsIContentPolicy::TYPE_OTHER;
+
+    if (type == nsIContentPolicy::TYPE_DOCUMENT ||
+        type == nsIContentPolicy::TYPE_SUBDOCUMENT) {
+        rv = SetRequestHeader(NS_LITERAL_CSTRING("Upgrade-Insecure-Requests"),
+                              NS_LITERAL_CSTRING("1"), false);
+        NS_ENSURE_SUCCESS(rv, rv);
+    }
+
    // Even if we're in private browsing mode, we still enforce existing STS
    // data (it is read-only).
    // if the connection is not using SSL and either the exact host matches or
@ -413,7 +428,7 @@ nsHttpChannel::Connect()
                                    nsIScriptError::warningFlag, "CSP",
                                    innerWindowId);

-                Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 4);
+                //Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 4);
                return AsyncCall(&nsHttpChannel::HandleAsyncRedirectChannelToHttps);
            }
        }
@ -435,16 +450,16 @@ nsHttpChannel::Connect()
        if (isStsHost) {
            LOG(("nsHttpChannel::Connect() STS permissions found\n"));
            if (mAllowSTS) {
-                Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 3);
+                //Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 3);
                return AsyncCall(&nsHttpChannel::HandleAsyncRedirectChannelToHttps);
            } else {
-                Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 2);
+                //Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 2);
            }
        } else {
-            Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 1);
+            //Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 1);
        }
    } else {
-        Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 0);
+        //Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 0);
    }

    // ensure that we are using a valid hostname