From a5249be8af79be1911b47996320b09db1b35342c Mon Sep 17 00:00:00 2001 From: Malte Juergens Date: Mon, 29 Jan 2024 09:47:29 +0000 Subject: [PATCH] Bug 1874801 - Check that HTTPS-Only is disabled when checking if HTTPS-First is enabled in nsHTTPSOnlyUtils r=freddyb Differential Revision: https://phabricator.services.mozilla.com/D198780 --- dom/security/nsHTTPSOnlyUtils.cpp | 8 ++- dom/security/test/https-only/browser.toml | 6 ++ .../test/https-only/browser_bug1874801.js | 56 +++++++++++++++++++ .../test/https-only/file_bug1874801.html | 11 ++++ .../test/https-only/file_bug1874801.sjs | 17 ++++++ 5 files changed, 96 insertions(+), 2 deletions(-) create mode 100644 dom/security/test/https-only/browser_bug1874801.js create mode 100644 dom/security/test/https-only/file_bug1874801.html create mode 100644 dom/security/test/https-only/file_bug1874801.sjs diff --git a/dom/security/nsHTTPSOnlyUtils.cpp b/dom/security/nsHTTPSOnlyUtils.cpp index 52374c789d8d9..2a3880ba70a7f 100644 --- a/dom/security/nsHTTPSOnlyUtils.cpp +++ b/dom/security/nsHTTPSOnlyUtils.cpp @@ -42,6 +42,11 @@ bool nsHTTPSOnlyUtils::IsHttpsOnlyModeEnabled(bool aFromPrivateWindow) { /* static */ bool nsHTTPSOnlyUtils::IsHttpsFirstModeEnabled(bool aFromPrivateWindow) { + // HTTPS-Only takes priority over HTTPS-First + if (IsHttpsOnlyModeEnabled(aFromPrivateWindow)) { + return false; + } + // if the general pref is set to true, then we always return if (mozilla::StaticPrefs::dom_security_https_first()) { return true; @@ -122,8 +127,7 @@ void nsHTTPSOnlyUtils::PotentiallyFireHttpRequestToShortenTimout( // early if attempting to send a background request to a non standard port. if ((IsHttpsFirstModeEnabled(isPrivateWin) || (loadInfo->GetWasSchemelessInput() && - mozilla::StaticPrefs::dom_security_https_first_schemeless())) && - !IsHttpsOnlyModeEnabled(isPrivateWin)) { + mozilla::StaticPrefs::dom_security_https_first_schemeless()))) { int32_t port = 0; nsresult rv = channelURI->GetPort(&port); int defaultPortforScheme = NS_GetDefaultPort("http"); diff --git a/dom/security/test/https-only/browser.toml b/dom/security/test/https-only/browser.toml index 1640223f9c7c2..2cba418aff097 100644 --- a/dom/security/test/https-only/browser.toml +++ b/dom/security/test/https-only/browser.toml @@ -4,6 +4,12 @@ prefs = ["dom.security.https_first=false"] ["browser_background_redirect.js"] support-files = ["file_background_redirect.sjs"] +["browser_bug1874801.js"] +support-files = [ + "file_bug1874801.sjs", + "file_bug1874801.html", +] + ["browser_console_logging.js"] support-files = ["file_console_logging.html"] diff --git a/dom/security/test/https-only/browser_bug1874801.js b/dom/security/test/https-only/browser_bug1874801.js new file mode 100644 index 0000000000000..280a0727360aa --- /dev/null +++ b/dom/security/test/https-only/browser_bug1874801.js @@ -0,0 +1,56 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +// Specifically test https://bugzilla.mozilla.org/show_bug.cgi?id=1874801 + +const TAB_URL = + "https://example.com/browser/dom/security/test/https-only/file_bug1874801.html"; + +function assertImageLoaded(tab) { + return ContentTask.spawn(tab.linkedBrowser, {}, () => { + const img = content.document.getElementsByTagName("img")[0]; + + ok(!!img, "Image tag should exist"); + ok(img.complete && img.naturalWidth > 0, "Image should have loaded "); + }); +} + +add_task(async function test_bug1874801() { + await SpecialPowers.pushPrefEnv({ + set: [ + ["security.mixed_content.upgrade_display_content", false], + ["dom.security.https_first", true], + ["dom.security.https_only_mode", true], + ], + }); + + // Open Tab + const tabToClose = await BrowserTestUtils.openNewForegroundTab( + gBrowser, + TAB_URL, + true + ); + + // Make sure the image was loaded via HTTPS + await assertImageLoaded(tabToClose); + + // Close Tab + const tabClosePromise = + BrowserTestUtils.waitForSessionStoreUpdate(tabToClose); + BrowserTestUtils.removeTab(tabToClose); + await tabClosePromise; + + // Restore Tab + const restoredTabPromise = BrowserTestUtils.waitForNewTab( + gBrowser, + TAB_URL, + true + ); + undoCloseTab(); + const restoredTab = await restoredTabPromise; + + // Make sure the image was loaded via HTTPS + await assertImageLoaded(restoredTab); +}); diff --git a/dom/security/test/https-only/file_bug1874801.html b/dom/security/test/https-only/file_bug1874801.html new file mode 100644 index 0000000000000..58c2f03c81963 --- /dev/null +++ b/dom/security/test/https-only/file_bug1874801.html @@ -0,0 +1,11 @@ + + + + + + Bug 1874801 + + + + + diff --git a/dom/security/test/https-only/file_bug1874801.sjs b/dom/security/test/https-only/file_bug1874801.sjs new file mode 100644 index 0000000000000..ce84af1d5fbe2 --- /dev/null +++ b/dom/security/test/https-only/file_bug1874801.sjs @@ -0,0 +1,17 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +function handleRequest(request, response) { + response.setHeader("Cache-Control", "no-cache", false); + if (request.scheme === "https") { + response.setStatusLine(request.httpVersion, 200, "OK"); + response.setHeader("Content-Type", "image/svg+xml"); + response.write( + `HTTPS` + ); + return; + } + if (request.scheme === "http") { + response.setStatusLine(request.httpVersion, 400, "Bad Request"); + } +}