summaryrefslogtreecommitdiffstats
path: root/dom/security
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-23 04:29:10 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-23 04:29:10 +0000
commite3cb9707d5a825c871111670200af02af1718195 (patch)
treee9b374d6a4dc9990a45e9b61098624f0b722ede1 /dom/security
parentAdding debian version 125.0.1-2. (diff)
downloadfirefox-e3cb9707d5a825c871111670200af02af1718195.tar.xz
firefox-e3cb9707d5a825c871111670200af02af1718195.zip
Merging upstream version 125.0.2.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security')
-rw-r--r--dom/security/nsContentSecurityUtils.cpp48
-rw-r--r--dom/security/test/general/browser.toml10
-rw-r--r--dom/security/test/general/browser_test_http_download.js275
-rw-r--r--dom/security/test/general/http_download_page.html23
-rw-r--r--dom/security/test/general/http_download_server.sjs20
-rw-r--r--dom/security/test/https-only/browser_save_as.js10
-rw-r--r--dom/security/test/mixedcontentblocker/browser_test_mixed_content_download.js2
7 files changed, 34 insertions, 354 deletions
diff --git a/dom/security/nsContentSecurityUtils.cpp b/dom/security/nsContentSecurityUtils.cpp
index 01e9c6d5db..d2c1b257bc 100644
--- a/dom/security/nsContentSecurityUtils.cpp
+++ b/dom/security/nsContentSecurityUtils.cpp
@@ -1670,25 +1670,37 @@ long nsContentSecurityUtils::ClassifyDownload(
nsCOMPtr<nsIURI> contentLocation;
aChannel->GetURI(getter_AddRefs(contentLocation));
- if (StaticPrefs::dom_block_download_insecure()) {
- // If we are not dealing with a potentially trustworthy origin, or a URI
- // that is safe to be loaded like e.g. data:, then we block the load.
- bool isInsecureDownload =
- !nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(
- contentLocation) &&
- !nsMixedContentBlocker::URISafeToBeLoadedInSecureContext(
- contentLocation);
-
- Telemetry::Accumulate(mozilla::Telemetry::INSECURE_DOWNLOADS,
- isInsecureDownload);
-
- if (isInsecureDownload) {
- nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
- if (httpChannel) {
- LogMessageToConsole(httpChannel, "BlockedInsecureDownload");
- }
- return nsITransfer::DOWNLOAD_POTENTIALLY_UNSAFE;
+ nsCOMPtr<nsIPrincipal> loadingPrincipal = loadInfo->GetLoadingPrincipal();
+ if (!loadingPrincipal) {
+ loadingPrincipal = loadInfo->TriggeringPrincipal();
+ }
+ // Creating a fake Loadinfo that is just used for the MCB check.
+ nsCOMPtr<nsILoadInfo> secCheckLoadInfo = new mozilla::net::LoadInfo(
+ loadingPrincipal, loadInfo->TriggeringPrincipal(), nullptr,
+ nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
+ nsIContentPolicy::TYPE_FETCH);
+ // Disable HTTPS-Only checks for that loadinfo. This is required because
+ // otherwise nsMixedContentBlocker::ShouldLoad would assume that the request
+ // is safe, because HTTPS-Only is handling it.
+ secCheckLoadInfo->SetHttpsOnlyStatus(nsILoadInfo::HTTPS_ONLY_EXEMPT);
+
+ int16_t decission = nsIContentPolicy::ACCEPT;
+ nsMixedContentBlocker::ShouldLoad(false, // aHadInsecureImageRedirect
+ contentLocation, // aContentLocation,
+ secCheckLoadInfo, // aLoadinfo
+ false, // aReportError
+ &decission // aDecision
+ );
+ Telemetry::Accumulate(mozilla::Telemetry::MIXED_CONTENT_DOWNLOADS,
+ decission != nsIContentPolicy::ACCEPT);
+
+ if (StaticPrefs::dom_block_download_insecure() &&
+ decission != nsIContentPolicy::ACCEPT) {
+ nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
+ if (httpChannel) {
+ LogMessageToConsole(httpChannel, "MixedContentBlockedDownload");
}
+ return nsITransfer::DOWNLOAD_POTENTIALLY_UNSAFE;
}
if (loadInfo->TriggeringPrincipal()->IsSystemPrincipal()) {
diff --git a/dom/security/test/general/browser.toml b/dom/security/test/general/browser.toml
index c6d6b4bf79..0f4ec5b224 100644
--- a/dom/security/test/general/browser.toml
+++ b/dom/security/test/general/browser.toml
@@ -48,16 +48,6 @@ support-files = [
"file_gpc_server.sjs",
]
-["browser_test_http_download.js"]
-skip-if = [
- "win11_2009", # Bug 1784764
- "os == 'linux' && !debug",
-]
-support-files = [
- "http_download_page.html",
- "http_download_server.sjs"
-]
-
["browser_test_referrer_loadInOtherProcess.js"]
["browser_test_report_blocking.js"]
diff --git a/dom/security/test/general/browser_test_http_download.js b/dom/security/test/general/browser_test_http_download.js
deleted file mode 100644
index 35e3fdfc4b..0000000000
--- a/dom/security/test/general/browser_test_http_download.js
+++ /dev/null
@@ -1,275 +0,0 @@
-/* Any copyright is dedicated to the Public Domain.
- * https://creativecommons.org/publicdomain/zero/1.0/ */
-
-ChromeUtils.defineESModuleGetters(this, {
- Downloads: "resource://gre/modules/Downloads.sys.mjs",
- DownloadsCommon: "resource:///modules/DownloadsCommon.sys.mjs",
-});
-
-const HandlerService = Cc[
- "@mozilla.org/uriloader/handler-service;1"
-].getService(Ci.nsIHandlerService);
-
-const MIMEService = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService);
-
-// Using insecure HTTP URL for a test cases around HTTP downloads
-let INSECURE_BASE_URL =
- getRootDirectory(gTestPath).replace(
- "chrome://mochitests/content/",
- // eslint-disable-next-line @microsoft/sdl/no-insecure-url
- "http://example.com/"
- ) + "http_download_page.html";
-
-function promiseFocus() {
- return new Promise(resolve => {
- waitForFocus(resolve);
- });
-}
-
-async function task_openPanel() {
- await promiseFocus();
-
- let promise = BrowserTestUtils.waitForPopupEvent(
- DownloadsPanel.panel,
- "shown"
- );
- DownloadsPanel.showPanel();
- await promise;
-}
-
-const downloadMonitoringView = {
- _listeners: [],
- onDownloadAdded(download) {
- for (let listener of this._listeners) {
- listener(download);
- }
- this._listeners = [];
- },
- waitForDownload(listener) {
- this._listeners.push(listener);
- },
-};
-
-/**
- * Waits until a download is triggered.
- * Unless the always_ask_before_handling_new_types pref is true, the download
- * will simply be saved, so resolve when the view is notified of the new
- * download. Otherwise, it waits until a prompt is shown, selects the choosen
- * <action>, then accepts the dialog
- * @param [action] Which action to select, either:
- * "handleInternally", "save" or "open".
- * @returns {Promise} Resolved once done.
- */
-
-function shouldTriggerDownload(action = "save") {
- if (
- Services.prefs.getBoolPref(
- "browser.download.always_ask_before_handling_new_types"
- )
- ) {
- return new Promise((resolve, reject) => {
- Services.wm.addListener({
- onOpenWindow(xulWin) {
- Services.wm.removeListener(this);
- let win = xulWin.docShell.domWindow;
- waitForFocus(() => {
- if (
- win.location ==
- "chrome://mozapps/content/downloads/unknownContentType.xhtml"
- ) {
- let dialog = win.document.getElementById("unknownContentType");
- let button = dialog.getButton("accept");
- let actionRadio = win.document.getElementById(action);
- actionRadio.click();
- button.disabled = false;
- dialog.acceptDialog();
- resolve();
- } else {
- reject();
- }
- }, win);
- },
- });
- });
- }
- return new Promise(res => {
- downloadMonitoringView.waitForDownload(res);
- });
-}
-
-const CONSOLE_ERROR_MESSAGE = "We blocked a download that’s not secure";
-
-function shouldConsoleError() {
- // Waits until CONSOLE_ERROR_MESSAGE was logged
- return new Promise((resolve, reject) => {
- function listener(msgObj) {
- let text = msgObj.message;
- if (text.includes(CONSOLE_ERROR_MESSAGE)) {
- Services.console.unregisterListener(listener);
- resolve();
- }
- }
- Services.console.registerListener(listener);
- });
-}
-
-async function resetDownloads() {
- // Removes all downloads from the download List
- const types = new Set();
- let publicList = await Downloads.getList(Downloads.PUBLIC);
- let downloads = await publicList.getAll();
- for (let download of downloads) {
- if (download.contentType) {
- types.add(download.contentType);
- }
- publicList.remove(download);
- await download.finalize(true);
- }
-
- if (types.size) {
- // reset handlers for the contentTypes of any files previously downloaded
- for (let type of types) {
- const mimeInfo = MIMEService.getFromTypeAndExtension(type, "");
- info("resetting handler for type: " + type);
- HandlerService.remove(mimeInfo);
- }
- }
-}
-
-function shouldNotifyDownloadUI() {
- return new Promise(res => {
- downloadMonitoringView.waitForDownload(async aDownload => {
- let { error } = aDownload;
- if (
- error.becauseBlockedByReputationCheck &&
- error.reputationCheckVerdict == Downloads.Error.BLOCK_VERDICT_INSECURE
- ) {
- // It's an insecure Download, now Check that it has been cleaned up properly
- if ((await IOUtils.stat(aDownload.target.path)).size != 0) {
- throw new Error(`Download target is not empty!`);
- }
- if ((await IOUtils.stat(aDownload.target.path)).size != 0) {
- throw new Error(`Download partFile was not cleaned up properly`);
- }
- // Assert that the Referrer is presnt
- if (!aDownload.source.referrerInfo) {
- throw new Error("The Blocked download is missing the ReferrerInfo");
- }
-
- res(aDownload);
- } else {
- ok(false, "No error for download that was expected to error!");
- }
- });
- });
-}
-
-async function runTest(url, link, checkFunction, description) {
- await SpecialPowers.pushPrefEnv({
- set: [["dom.block_download_insecure", true]],
- });
- await resetDownloads();
-
- let tab = BrowserTestUtils.addTab(gBrowser, url);
- gBrowser.selectedTab = tab;
-
- let browser = gBrowser.getBrowserForTab(tab);
- await BrowserTestUtils.browserLoaded(browser);
-
- info("Checking: " + description);
-
- let checkPromise = checkFunction();
- // Click the Link to trigger the download
- SpecialPowers.spawn(gBrowser.selectedBrowser, [link], contentLink => {
- content.document.getElementById(contentLink).click();
- });
-
- await checkPromise;
-
- ok(true, description);
- BrowserTestUtils.removeTab(tab);
-
- await SpecialPowers.popPrefEnv();
-}
-
-add_setup(async () => {
- let list = await Downloads.getList(Downloads.ALL);
- list.addView(downloadMonitoringView);
- registerCleanupFunction(() => list.removeView(downloadMonitoringView));
-});
-
-// Test Blocking
-add_task(async function test_blocking() {
- for (let prefVal of [true, false]) {
- await SpecialPowers.pushPrefEnv({
- set: [["browser.download.always_ask_before_handling_new_types", prefVal]],
- });
- await runTest(
- INSECURE_BASE_URL,
- "http-link",
- () =>
- Promise.all([
- shouldTriggerDownload(),
- shouldNotifyDownloadUI(),
- shouldConsoleError(),
- ]),
- "Insecure (HTTP) toplevel -> Insecure (HTTP) download should Error"
- );
- await SpecialPowers.popPrefEnv();
- }
-});
-
-// Test Manual Unblocking
-add_task(async function test_manual_unblocking() {
- for (let prefVal of [true, false]) {
- await SpecialPowers.pushPrefEnv({
- set: [["browser.download.always_ask_before_handling_new_types", prefVal]],
- });
- await runTest(
- INSECURE_BASE_URL,
- "http-link",
- async () => {
- let [, download] = await Promise.all([
- shouldTriggerDownload(),
- shouldNotifyDownloadUI(),
- ]);
- await download.unblock();
- Assert.equal(
- download.error,
- null,
- "There should be no error after unblocking"
- );
- },
- "A blocked download should succeed to download after a manual unblock"
- );
- await SpecialPowers.popPrefEnv();
- }
-});
-
-// Test Unblock Download Visible
-add_task(async function test_unblock_download_visible() {
- for (let prefVal of [true, false]) {
- await SpecialPowers.pushPrefEnv({
- set: [["browser.download.always_ask_before_handling_new_types", prefVal]],
- });
- await promiseFocus();
- await runTest(
- INSECURE_BASE_URL,
- "http-link",
- async () => {
- let panelHasOpened = BrowserTestUtils.waitForPopupEvent(
- DownloadsPanel.panel,
- "shown"
- );
- info("awaiting that the download is triggered and added to the list");
- await Promise.all([shouldTriggerDownload(), shouldNotifyDownloadUI()]);
- info("awaiting that the Download list shows itself");
- await panelHasOpened;
- DownloadsPanel.hidePanel();
- ok(true, "The Download Panel should have opened on blocked download");
- },
- "A blocked download should open the download panel"
- );
- await SpecialPowers.popPrefEnv();
- }
-});
diff --git a/dom/security/test/general/http_download_page.html b/dom/security/test/general/http_download_page.html
deleted file mode 100644
index c5461eaed3..0000000000
--- a/dom/security/test/general/http_download_page.html
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE HTML>
-<html>
- <head>
- <title>Test for the download attribute</title>
- </head>
- <body>
- hi
-
- <script>
- const host = window.location.host;
- const path = location.pathname.replace("http_download_page.html","http_download_server.sjs");
-
- const insecureLink = document.createElement("a");
- // eslint-disable-next-line @microsoft/sdl/no-insecure-url
- insecureLink.href=`http://${host}/${path}`;
- insecureLink.download="true";
- insecureLink.id="http-link";
- insecureLink.textContent="Not secure Link";
-
- document.body.append(insecureLink);
- </script>
- </body>
-</html>
diff --git a/dom/security/test/general/http_download_server.sjs b/dom/security/test/general/http_download_server.sjs
deleted file mode 100644
index e659df2f40..0000000000
--- a/dom/security/test/general/http_download_server.sjs
+++ /dev/null
@@ -1,20 +0,0 @@
-// force the Browser to Show a Download Prompt
-
-function handleRequest(request, response) {
- let type = "image/png";
- let filename = "hello.png";
- request.queryString.split("&").forEach(val => {
- var [key, value] = val.split("=");
- if (key == "type") {
- type = value;
- }
- if (key == "name") {
- filename = value;
- }
- });
-
- response.setHeader("Cache-Control", "no-cache", false);
- response.setHeader("Content-Disposition", `attachment; filename=${filename}`);
- response.setHeader("Content-Type", type);
- response.write("🙈🙊🐵🙊");
-}
diff --git a/dom/security/test/https-only/browser_save_as.js b/dom/security/test/https-only/browser_save_as.js
index fbfdf276a8..28f3df539d 100644
--- a/dom/security/test/https-only/browser_save_as.js
+++ b/dom/security/test/https-only/browser_save_as.js
@@ -155,11 +155,7 @@ async function setHttpsFirstAndOnlyPrefs(httpsFirst, httpsOnly) {
add_task(async function testBaseline() {
// Run with HTTPS-First and HTTPS-Only disabled
await setHttpsFirstAndOnlyPrefs(false, false);
- await runTest(
- "#insecure-link",
- HTTP_LINK,
- "We blocked a download that’s not secure: “http://example.org/”."
- );
+ await runTest("#insecure-link", HTTP_LINK, undefined);
await runTest("#secure-link", HTTPS_LINK, undefined);
});
@@ -173,7 +169,7 @@ add_task(async function testHttpsFirst() {
await runTest(
"#insecure-link",
HTTP_LINK,
- "We blocked a download that’s not secure: “http://example.org/”."
+ "Blocked downloading insecure content “http://example.org/”."
);
await runTest("#secure-link", HTTPS_LINK, undefined);
});
@@ -185,7 +181,7 @@ add_task(async function testHttpsOnly() {
await runTest(
"#insecure-link",
HTTP_LINK,
- "We blocked a download that’s not secure: “http://example.org/”."
+ "Blocked downloading insecure content “http://example.org/”."
);
await runTest("#secure-link", HTTPS_LINK, undefined);
});
diff --git a/dom/security/test/mixedcontentblocker/browser_test_mixed_content_download.js b/dom/security/test/mixedcontentblocker/browser_test_mixed_content_download.js
index b103d83cd7..ee350008aa 100644
--- a/dom/security/test/mixedcontentblocker/browser_test_mixed_content_download.js
+++ b/dom/security/test/mixedcontentblocker/browser_test_mixed_content_download.js
@@ -101,7 +101,7 @@ function shouldTriggerDownload(action = "save") {
});
}
-const CONSOLE_ERROR_MESSAGE = "We blocked a download that’s not secure";
+const CONSOLE_ERROR_MESSAGE = "Blocked downloading insecure content";
function shouldConsoleError() {
// Waits until CONSOLE_ERROR_MESSAGE was logged