Loading content/base/src/nsMixedContentBlocker.cpp +37 −10 Original line number Diff line number Diff line Loading @@ -12,6 +12,7 @@ #include "nsISecurityEventSink.h" #include "nsIWebProgressListener.h" #include "nsContentUtils.h" #include "nsNetUtil.h" #include "mozilla/Preferences.h" using namespace mozilla; Loading Loading @@ -53,7 +54,7 @@ private: // the document that caused the load. nsCOMPtr<nsISupports> mContext; // The type of mixed content that was blocked, i.e. active or display // The type of mixed content that was blocked, e.g. active or display unsigned short mType; }; */ Loading Loading @@ -94,8 +95,9 @@ nsMixedContentBlocker::ShouldLoad(uint32_t aContentType, return NS_OK; } // Top-level load cannot be mixed content so allow it if (aContentType == nsIContentPolicy::TYPE_DOCUMENT) { // Top-level load cannot be mixed content so allow it. // Creating insecure websocket connections in a secure page is blocked already in websocket constructor. if (aContentType == nsIContentPolicy::TYPE_DOCUMENT || aContentType == nsIContentPolicy::TYPE_WEBSOCKET) { return NS_OK; } Loading Loading @@ -124,10 +126,35 @@ nsMixedContentBlocker::ShouldLoad(uint32_t aContentType, return NS_OK; } // Get the scheme of the sub-document resource to be requested. If it is // an HTTPS load then mixed content doesn't apply. bool isHttps; if (NS_FAILED(aContentLocation->SchemeIs("https", &isHttps)) || isHttps) { /* Get the scheme of the sub-document resource to be requested. If it is * a safe to load in an https context then mixed content doesn't apply. * * Check Protocol Flags to determine if scheme is safe to load: * URI_DOES_NOT_RETURN_DATA - e.g. * "mailto" * URI_IS_LOCAL_RESOURCE - e.g. * "data", * "resource", * "moz-icon" * URI_INHERITS_SECURITY_CONTEXT - e.g. * "javascript" * URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT - e.g. * "https", * "moz-safe-about" * */ bool schemeLocal = false; bool schemeNoReturnData = false; bool schemeInherits = false; bool schemeSecure = false; if (NS_FAILED(NS_URIChainHasFlags(aContentLocation, nsIProtocolHandler::URI_IS_LOCAL_RESOURCE , &schemeLocal)) || NS_FAILED(NS_URIChainHasFlags(aContentLocation, nsIProtocolHandler::URI_DOES_NOT_RETURN_DATA, &schemeNoReturnData)) || NS_FAILED(NS_URIChainHasFlags(aContentLocation, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT, &schemeInherits)) || NS_FAILED(NS_URIChainHasFlags(aContentLocation, nsIProtocolHandler::URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT, &schemeSecure))) { return NS_ERROR_FAILURE; } if (schemeLocal || schemeNoReturnData || schemeInherits || schemeSecure) { return NS_OK; } Loading netwerk/base/public/nsIProtocolHandler.idl +7 −0 Original line number Diff line number Diff line Loading @@ -246,6 +246,13 @@ interface nsIProtocolHandler : nsISupports */ const unsigned long URI_SYNC_LOAD_IS_OK = (1<<17); /** * URI is secure to load in an https page and should not be blocked * by nsMixedContentBlocker */ const unsigned long URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT = (1<<18); }; %{C++ Loading netwerk/protocol/about/nsAboutProtocolHandler.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -192,7 +192,7 @@ nsSafeAboutProtocolHandler::GetDefaultPort(int32_t *result) NS_IMETHODIMP nsSafeAboutProtocolHandler::GetProtocolFlags(uint32_t *result) { *result = URI_NORELATIVE | URI_NOAUTH | URI_LOADABLE_BY_ANYONE; *result = URI_NORELATIVE | URI_NOAUTH | URI_LOADABLE_BY_ANYONE | URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT; return NS_OK; } Loading netwerk/protocol/http/nsHttpHandler.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -1708,7 +1708,7 @@ nsHttpsHandler::GetDefaultPort(int32_t *aPort) NS_IMETHODIMP nsHttpsHandler::GetProtocolFlags(uint32_t *aProtocolFlags) { *aProtocolFlags = NS_HTTP_PROTOCOL_FLAGS; *aProtocolFlags = NS_HTTP_PROTOCOL_FLAGS | URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT; return NS_OK; } Loading Loading
content/base/src/nsMixedContentBlocker.cpp +37 −10 Original line number Diff line number Diff line Loading @@ -12,6 +12,7 @@ #include "nsISecurityEventSink.h" #include "nsIWebProgressListener.h" #include "nsContentUtils.h" #include "nsNetUtil.h" #include "mozilla/Preferences.h" using namespace mozilla; Loading Loading @@ -53,7 +54,7 @@ private: // the document that caused the load. nsCOMPtr<nsISupports> mContext; // The type of mixed content that was blocked, i.e. active or display // The type of mixed content that was blocked, e.g. active or display unsigned short mType; }; */ Loading Loading @@ -94,8 +95,9 @@ nsMixedContentBlocker::ShouldLoad(uint32_t aContentType, return NS_OK; } // Top-level load cannot be mixed content so allow it if (aContentType == nsIContentPolicy::TYPE_DOCUMENT) { // Top-level load cannot be mixed content so allow it. // Creating insecure websocket connections in a secure page is blocked already in websocket constructor. if (aContentType == nsIContentPolicy::TYPE_DOCUMENT || aContentType == nsIContentPolicy::TYPE_WEBSOCKET) { return NS_OK; } Loading Loading @@ -124,10 +126,35 @@ nsMixedContentBlocker::ShouldLoad(uint32_t aContentType, return NS_OK; } // Get the scheme of the sub-document resource to be requested. If it is // an HTTPS load then mixed content doesn't apply. bool isHttps; if (NS_FAILED(aContentLocation->SchemeIs("https", &isHttps)) || isHttps) { /* Get the scheme of the sub-document resource to be requested. If it is * a safe to load in an https context then mixed content doesn't apply. * * Check Protocol Flags to determine if scheme is safe to load: * URI_DOES_NOT_RETURN_DATA - e.g. * "mailto" * URI_IS_LOCAL_RESOURCE - e.g. * "data", * "resource", * "moz-icon" * URI_INHERITS_SECURITY_CONTEXT - e.g. * "javascript" * URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT - e.g. * "https", * "moz-safe-about" * */ bool schemeLocal = false; bool schemeNoReturnData = false; bool schemeInherits = false; bool schemeSecure = false; if (NS_FAILED(NS_URIChainHasFlags(aContentLocation, nsIProtocolHandler::URI_IS_LOCAL_RESOURCE , &schemeLocal)) || NS_FAILED(NS_URIChainHasFlags(aContentLocation, nsIProtocolHandler::URI_DOES_NOT_RETURN_DATA, &schemeNoReturnData)) || NS_FAILED(NS_URIChainHasFlags(aContentLocation, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT, &schemeInherits)) || NS_FAILED(NS_URIChainHasFlags(aContentLocation, nsIProtocolHandler::URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT, &schemeSecure))) { return NS_ERROR_FAILURE; } if (schemeLocal || schemeNoReturnData || schemeInherits || schemeSecure) { return NS_OK; } Loading
netwerk/base/public/nsIProtocolHandler.idl +7 −0 Original line number Diff line number Diff line Loading @@ -246,6 +246,13 @@ interface nsIProtocolHandler : nsISupports */ const unsigned long URI_SYNC_LOAD_IS_OK = (1<<17); /** * URI is secure to load in an https page and should not be blocked * by nsMixedContentBlocker */ const unsigned long URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT = (1<<18); }; %{C++ Loading
netwerk/protocol/about/nsAboutProtocolHandler.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -192,7 +192,7 @@ nsSafeAboutProtocolHandler::GetDefaultPort(int32_t *result) NS_IMETHODIMP nsSafeAboutProtocolHandler::GetProtocolFlags(uint32_t *result) { *result = URI_NORELATIVE | URI_NOAUTH | URI_LOADABLE_BY_ANYONE; *result = URI_NORELATIVE | URI_NOAUTH | URI_LOADABLE_BY_ANYONE | URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT; return NS_OK; } Loading
netwerk/protocol/http/nsHttpHandler.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -1708,7 +1708,7 @@ nsHttpsHandler::GetDefaultPort(int32_t *aPort) NS_IMETHODIMP nsHttpsHandler::GetProtocolFlags(uint32_t *aProtocolFlags) { *aProtocolFlags = NS_HTTP_PROTOCOL_FLAGS; *aProtocolFlags = NS_HTTP_PROTOCOL_FLAGS | URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT; return NS_OK; } Loading
