summaryrefslogtreecommitdiffstats
path: root/netwerk/base
diff options
context:
space:
mode:
Diffstat (limited to 'netwerk/base')
-rw-r--r--netwerk/base/FuzzySocketControl.cpp6
-rw-r--r--netwerk/base/LoadInfo.cpp48
-rw-r--r--netwerk/base/NetworkConnectivityService.cpp45
-rw-r--r--netwerk/base/NetworkConnectivityService.h18
-rw-r--r--netwerk/base/nsIClassOfService.idl4
-rw-r--r--netwerk/base/nsINetAddr.idl2
-rw-r--r--netwerk/base/nsINetworkConnectivityService.idl2
-rw-r--r--netwerk/base/nsINetworkInterceptController.idl2
-rw-r--r--netwerk/base/nsIOService.cpp2
-rw-r--r--netwerk/base/nsIServerSocket.idl2
-rw-r--r--netwerk/base/nsITLSServerSocket.idl2
-rw-r--r--netwerk/base/nsITimedChannel.idl4
-rw-r--r--netwerk/base/nsIUDPSocket.idl8
-rw-r--r--netwerk/base/nsProtocolProxyService.cpp4
14 files changed, 111 insertions, 38 deletions
diff --git a/netwerk/base/FuzzySocketControl.cpp b/netwerk/base/FuzzySocketControl.cpp
index ff53358417..77a7ed3ac8 100644
--- a/netwerk/base/FuzzySocketControl.cpp
+++ b/netwerk/base/FuzzySocketControl.cpp
@@ -124,6 +124,12 @@ NS_IMETHODIMP
FuzzySocketControl::StartTLS() { return NS_OK; }
NS_IMETHODIMP
+FuzzySocketControl::AsyncStartTLS(JSContext* aCx,
+ mozilla::dom::Promise** aPromise) {
+ return NS_OK;
+}
+
+NS_IMETHODIMP
FuzzySocketControl::SetNPNList(nsTArray<nsCString>& protocolArray) {
return NS_OK;
}
diff --git a/netwerk/base/LoadInfo.cpp b/netwerk/base/LoadInfo.cpp
index 6be031113f..7a9f8905b6 100644
--- a/netwerk/base/LoadInfo.cpp
+++ b/netwerk/base/LoadInfo.cpp
@@ -423,20 +423,47 @@ LoadInfo::LoadInfo(dom::CanonicalBrowsingContext* aBrowsingContext,
}
#endif
- // If we think we should not resist fingerprinting, defer to the opener's
- // RFP bit (if there is an opener.) If the opener is also exempted, it stays
- // true, otherwise we will put a false into the CJS and that will be respected
- // on this document.
+ // This code path can be taken when loading an about:blank document, which
+ // means we might think that we should be exempted from resist fingerprinting.
+ // If we think that, we should defer to any opener, if it is present. If the
+ // opener is also exempted, then it continues to be exempted. Regardless of
+ // what ShouldRFP says, we _also_ need to propagate any RandomizationKey we
+ // have.
bool shouldResistFingerprinting =
nsContentUtils::ShouldResistFingerprinting_dangerous(
aURI, mOriginAttributes,
"We are creating CookieJarSettings, so we can't have one already.",
RFPTarget::IsAlwaysEnabledForPrecompute);
+
+ nsresult rv = NS_ERROR_NOT_AVAILABLE;
+ nsTArray<uint8_t> randomKey;
RefPtr<BrowsingContext> opener = aBrowsingContext->GetOpener();
- if (!shouldResistFingerprinting && opener &&
- opener->GetCurrentWindowContext()) {
- shouldResistFingerprinting =
- opener->GetCurrentWindowContext()->ShouldResistFingerprinting();
+ if (opener) {
+ MOZ_ASSERT(opener->GetCurrentWindowContext());
+ if (opener->GetCurrentWindowContext()) {
+ shouldResistFingerprinting |=
+ opener->GetCurrentWindowContext()->ShouldResistFingerprinting();
+ }
+
+ // In the parent, we need to get the CJS from the CanonicalBrowsingContext's
+ // WindowGlobalParent If we're in the child, we probably have a reference to
+ // the opener's document, and can get it from there.
+ if (XRE_IsParentProcess()) {
+ MOZ_ASSERT(opener->Canonical()->GetCurrentWindowGlobal());
+ if (opener->Canonical()->GetCurrentWindowGlobal()) {
+ MOZ_ASSERT(
+ opener->Canonical()->GetCurrentWindowGlobal()->CookieJarSettings());
+ rv = opener->Canonical()
+ ->GetCurrentWindowGlobal()
+ ->CookieJarSettings()
+ ->GetFingerprintingRandomizationKey(randomKey);
+ }
+ } else if (opener->GetDocument()) {
+ MOZ_ASSERT(false, "Code is in child");
+ rv = opener->GetDocument()
+ ->CookieJarSettings()
+ ->GetFingerprintingRandomizationKey(randomKey);
+ }
}
const bool isPrivate = mOriginAttributes.mPrivateBrowsingId > 0;
@@ -447,6 +474,11 @@ LoadInfo::LoadInfo(dom::CanonicalBrowsingContext* aBrowsingContext,
mCookieJarSettings = CookieJarSettings::Create(
isPrivate ? CookieJarSettings::ePrivate : CookieJarSettings::eRegular,
shouldResistFingerprinting);
+
+ if (NS_SUCCEEDED(rv)) {
+ net::CookieJarSettings::Cast(mCookieJarSettings)
+ ->SetFingerprintingRandomizationKey(randomKey);
+ }
}
LoadInfo::LoadInfo(dom::WindowGlobalParent* aParentWGP,
diff --git a/netwerk/base/NetworkConnectivityService.cpp b/netwerk/base/NetworkConnectivityService.cpp
index 1e126742ce..2f3b80b724 100644
--- a/netwerk/base/NetworkConnectivityService.cpp
+++ b/netwerk/base/NetworkConnectivityService.cpp
@@ -4,6 +4,7 @@
#include "DNSUtils.h"
#include "NetworkConnectivityService.h"
+#include "mozilla/AppShutdown.h"
#include "mozilla/ClearOnShutdown.h"
#include "mozilla/net/SocketProcessParent.h"
#include "mozilla/Preferences.h"
@@ -30,14 +31,6 @@ NS_IMPL_ISUPPORTS(NetworkConnectivityService, nsIDNSListener, nsIObserver,
static StaticRefPtr<NetworkConnectivityService> gConnService;
-NetworkConnectivityService::NetworkConnectivityService()
- : mDNSv4(UNKNOWN),
- mDNSv6(UNKNOWN),
- mIPv4(UNKNOWN),
- mIPv6(UNKNOWN),
- mNAT64(UNKNOWN),
- mLock("nat64prefixes") {}
-
// static
already_AddRefed<NetworkConnectivityService>
NetworkConnectivityService::GetSingleton() {
@@ -45,6 +38,10 @@ NetworkConnectivityService::GetSingleton() {
return do_AddRef(gConnService);
}
+ if (AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdownConfirmed)) {
+ return nullptr;
+ }
+
RefPtr<NetworkConnectivityService> service = new NetworkConnectivityService();
service->Init();
@@ -60,6 +57,8 @@ nsresult NetworkConnectivityService::Init() {
observerService->AddObserver(this, NS_NETWORK_LINK_TOPIC, false);
observerService->AddObserver(this, "network:captive-portal-connectivity",
false);
+ observerService->AddObserver(this, "browser-idle-startup-tasks-finished",
+ false);
return NS_OK;
}
@@ -79,6 +78,13 @@ NetworkConnectivityService::GetDNSv6(ConnectivityState* aState) {
}
NS_IMETHODIMP
+NetworkConnectivityService::GetDNS_HTTPS(ConnectivityState* aState) {
+ NS_ENSURE_ARG(aState);
+ *aState = mDNS_HTTPS;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
NetworkConnectivityService::GetIPv4(ConnectivityState* aState) {
NS_ENSURE_ARG(aState);
*aState = mIPv4;
@@ -154,6 +160,7 @@ static inline bool NAT64PrefixCompare(const NetAddr& prefix1,
void NetworkConnectivityService::PerformChecks() {
mDNSv4 = UNKNOWN;
mDNSv6 = UNKNOWN;
+ mDNS_HTTPS = UNKNOWN;
mIPv4 = UNKNOWN;
mIPv6 = UNKNOWN;
@@ -281,12 +288,16 @@ NetworkConnectivityService::OnLookupComplete(nsICancelable* aRequest,
} else if (aRequest == mDNSv6Request) {
mDNSv6 = state;
mDNSv6Request = nullptr;
+ } else if (aRequest == mDNS_HTTPSRequest) {
+ mDNS_HTTPS = state;
+ mDNS_HTTPSRequest = nullptr;
} else if (aRequest == mNAT64Request) {
mNAT64Request = nullptr;
SaveNAT64Prefixes(aRecord);
}
- if (!mDNSv4Request && !mDNSv6Request && !mNAT64Request) {
+ if (!mDNSv4Request && !mDNSv6Request && !mDNS_HTTPSRequest &&
+ !mNAT64Request) {
NotifyObservers("network:connectivity-service:dns-checks-complete");
}
return NS_OK;
@@ -328,6 +339,16 @@ NetworkConnectivityService::RecheckDNS() {
getter_AddRefs(mDNSv6Request));
NS_ENSURE_SUCCESS(rv, rv);
+ Preferences::GetCString("network.connectivity-service.DNS_HTTPS.domain",
+ host);
+ rv = dns->AsyncResolveNative(host, nsIDNSService::RESOLVE_TYPE_HTTPSSVC,
+ nsIDNSService::RESOLVE_TRR_DISABLED_MODE,
+ nullptr, this, NS_GetCurrentThread(), attrs,
+ getter_AddRefs(mDNS_HTTPSRequest));
+ if (NS_FAILED(rv)) {
+ mDNS_HTTPSRequest = nullptr;
+ }
+
if (StaticPrefs::network_connectivity_service_nat64_check()) {
rv = dns->AsyncResolveNative("ipv4only.arpa"_ns,
nsIDNSService::RESOLVE_TYPE_DEFAULT,
@@ -355,6 +376,10 @@ NetworkConnectivityService::Observe(nsISupports* aSubject, const char* aTopic,
mDNSv6Request->Cancel(NS_ERROR_ABORT);
mDNSv6Request = nullptr;
}
+ if (mDNS_HTTPSRequest) {
+ mDNS_HTTPSRequest->Cancel(NS_ERROR_ABORT);
+ mDNS_HTTPSRequest = nullptr;
+ }
if (mNAT64Request) {
mNAT64Request->Cancel(NS_ERROR_ABORT);
mNAT64Request = nullptr;
@@ -370,6 +395,8 @@ NetworkConnectivityService::Observe(nsISupports* aSubject, const char* aTopic,
!NS_LITERAL_STRING_FROM_CSTRING(NS_NETWORK_LINK_DATA_UNKNOWN)
.Equals(aData)) {
PerformChecks();
+ } else if (!strcmp(aTopic, "browser-idle-startup-tasks-finished")) {
+ PerformChecks();
}
return NS_OK;
diff --git a/netwerk/base/NetworkConnectivityService.h b/netwerk/base/NetworkConnectivityService.h
index 6315fb192b..b29825d5d5 100644
--- a/netwerk/base/NetworkConnectivityService.h
+++ b/netwerk/base/NetworkConnectivityService.h
@@ -33,7 +33,7 @@ class NetworkConnectivityService : public nsINetworkConnectivityService,
static already_AddRefed<NetworkConnectivityService> GetSingleton();
private:
- NetworkConnectivityService();
+ NetworkConnectivityService() = default;
virtual ~NetworkConnectivityService() = default;
nsresult Init();
@@ -47,18 +47,20 @@ class NetworkConnectivityService : public nsINetworkConnectivityService,
// Will be set to OK if the DNS request returned in IP of this type,
// NOT_AVAILABLE if that type of resolution is not available
// UNKNOWN if the check wasn't performed
- Atomic<ConnectivityState, Relaxed> mDNSv4;
- Atomic<ConnectivityState, Relaxed> mDNSv6;
+ Atomic<ConnectivityState, Relaxed> mDNSv4{ConnectivityState::UNKNOWN};
+ Atomic<ConnectivityState, Relaxed> mDNSv6{ConnectivityState::UNKNOWN};
+ Atomic<ConnectivityState, Relaxed> mDNS_HTTPS{ConnectivityState::UNKNOWN};
- Atomic<ConnectivityState, Relaxed> mIPv4;
- Atomic<ConnectivityState, Relaxed> mIPv6;
+ Atomic<ConnectivityState, Relaxed> mIPv4{ConnectivityState::UNKNOWN};
+ Atomic<ConnectivityState, Relaxed> mIPv6{ConnectivityState::UNKNOWN};
- Atomic<ConnectivityState, Relaxed> mNAT64;
+ Atomic<ConnectivityState, Relaxed> mNAT64{ConnectivityState::UNKNOWN};
- nsTArray<NetAddr> mNAT64Prefixes;
+ nsTArray<NetAddr> mNAT64Prefixes{ConnectivityState::UNKNOWN};
nsCOMPtr<nsICancelable> mDNSv4Request;
nsCOMPtr<nsICancelable> mDNSv6Request;
+ nsCOMPtr<nsICancelable> mDNS_HTTPSRequest;
nsCOMPtr<nsICancelable> mNAT64Request;
nsCOMPtr<nsIChannel> mIPv4Channel;
@@ -67,7 +69,7 @@ class NetworkConnectivityService : public nsINetworkConnectivityService,
bool mCheckedNetworkId = false;
bool mHasNetworkId = false;
- Mutex mLock MOZ_UNANNOTATED;
+ Mutex mLock MOZ_UNANNOTATED{"nat64prefixes"};
};
} // namespace net
diff --git a/netwerk/base/nsIClassOfService.idl b/netwerk/base/nsIClassOfService.idl
index 7b133107de..2d5fa03dc1 100644
--- a/netwerk/base/nsIClassOfService.idl
+++ b/netwerk/base/nsIClassOfService.idl
@@ -22,7 +22,7 @@ class ClassOfService;
%}
native ClassOfService(mozilla::net::ClassOfService);
-[scriptable, uuid(1ccb58ec-5e07-4cf9-a30d-ac5490d23b41)]
+[scriptable, builtinclass, uuid(1ccb58ec-5e07-4cf9-a30d-ac5490d23b41)]
interface nsIClassOfService : nsISupports
{
attribute unsigned long classFlags;
@@ -30,7 +30,7 @@ interface nsIClassOfService : nsISupports
void clearClassFlags(in unsigned long flags);
void addClassFlags(in unsigned long flags);
- void setClassOfService(in ClassOfService s);
+ [noscript] void setClassOfService(in ClassOfService s);
// All these flags have a (de)prioritization effect.
diff --git a/netwerk/base/nsINetAddr.idl b/netwerk/base/nsINetAddr.idl
index bbbcd28c0e..3e86442415 100644
--- a/netwerk/base/nsINetAddr.idl
+++ b/netwerk/base/nsINetAddr.idl
@@ -21,7 +21,7 @@ native NetAddr(mozilla::net::NetAddr);
* This interface represents a native NetAddr struct in a readonly
* interface.
*/
-[scriptable, uuid(652B9EC5-D159-45D7-9127-50BB559486CD)]
+[scriptable, builtinclass, uuid(652B9EC5-D159-45D7-9127-50BB559486CD)]
interface nsINetAddr : nsISupports
{
/**
diff --git a/netwerk/base/nsINetworkConnectivityService.idl b/netwerk/base/nsINetworkConnectivityService.idl
index 482eaf45ee..126e85b3fa 100644
--- a/netwerk/base/nsINetworkConnectivityService.idl
+++ b/netwerk/base/nsINetworkConnectivityService.idl
@@ -25,6 +25,8 @@ interface nsINetworkConnectivityService : nsISupports
readonly attribute nsINetworkConnectivityService_ConnectivityState DNSv4;
[infallible]
readonly attribute nsINetworkConnectivityService_ConnectivityState DNSv6;
+ [infallible]
+ readonly attribute nsINetworkConnectivityService_ConnectivityState DNS_HTTPS;
/* If connecting to IPv4/v6 works on the current network */
[infallible]
diff --git a/netwerk/base/nsINetworkInterceptController.idl b/netwerk/base/nsINetworkInterceptController.idl
index 946cc95a88..7f91d2df6f 100644
--- a/netwerk/base/nsINetworkInterceptController.idl
+++ b/netwerk/base/nsINetworkInterceptController.idl
@@ -48,7 +48,7 @@ interface nsIInterceptedBodyCallback : nsISupports
* which do not implement nsIChannel.
*/
-[scriptable, uuid(f4b82975-6a86-4cc4-87fe-9a1fd430c86d)]
+[scriptable, builtinclass, uuid(f4b82975-6a86-4cc4-87fe-9a1fd430c86d)]
interface nsIInterceptedChannel : nsISupports
{
/**
diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
index 998c389ace..07dde50227 100644
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@@ -414,7 +414,7 @@ nsresult nsIOService::InitializeCaptivePortalService() {
mCaptivePortalService = do_GetService(NS_CAPTIVEPORTAL_CID);
if (mCaptivePortalService) {
- return static_cast<CaptivePortalService*>(mCaptivePortalService.get())
+ static_cast<CaptivePortalService*>(mCaptivePortalService.get())
->Initialize();
}
diff --git a/netwerk/base/nsIServerSocket.idl b/netwerk/base/nsIServerSocket.idl
index d6fd348778..3c21bdb707 100644
--- a/netwerk/base/nsIServerSocket.idl
+++ b/netwerk/base/nsIServerSocket.idl
@@ -19,7 +19,7 @@ typedef unsigned long nsServerSocketFlag;
*
* An interface to a server socket that can accept incoming connections.
*/
-[scriptable, uuid(7a9c39cb-a13f-4eef-9bdf-a74301628742)]
+[scriptable, builtinclass, uuid(7a9c39cb-a13f-4eef-9bdf-a74301628742)]
interface nsIServerSocket : nsISupports
{
/**
diff --git a/netwerk/base/nsITLSServerSocket.idl b/netwerk/base/nsITLSServerSocket.idl
index e944f23af7..a3588ddce2 100644
--- a/netwerk/base/nsITLSServerSocket.idl
+++ b/netwerk/base/nsITLSServerSocket.idl
@@ -8,7 +8,7 @@ interface nsIX509Cert;
interface nsITLSServerSecurityObserver;
interface nsISocketTransport;
-[scriptable, uuid(cc2c30f9-cfaa-4b8a-bd44-c24881981b74)]
+[scriptable, builtinclass, uuid(cc2c30f9-cfaa-4b8a-bd44-c24881981b74)]
interface nsITLSServerSocket : nsIServerSocket
{
/**
diff --git a/netwerk/base/nsITimedChannel.idl b/netwerk/base/nsITimedChannel.idl
index 4707bf1b7a..f6d85cf945 100644
--- a/netwerk/base/nsITimedChannel.idl
+++ b/netwerk/base/nsITimedChannel.idl
@@ -25,7 +25,7 @@ interface nsIServerTiming : nsISupports {
[ref] native nsServerTimingArrayRef(nsTArray<nsCOMPtr<nsIServerTiming>>);
// All properties return zero if the value is not available
-[scriptable, uuid(ca63784d-959c-4c3a-9a59-234a2a520de0)]
+[scriptable, builtinclass, uuid(ca63784d-959c-4c3a-9a59-234a2a520de0)]
interface nsITimedChannel : nsISupports {
// Set this attribute to true to enable collection of timing data.
// channelCreationTime will be available even with this attribute set to
@@ -124,5 +124,5 @@ interface nsITimedChannel : nsISupports {
[noscript] attribute boolean reportResourceTiming;
readonly attribute nsIArray serverTiming;
- nsServerTimingArrayRef getNativeServerTiming();
+ [noscript] nsServerTimingArrayRef getNativeServerTiming();
};
diff --git a/netwerk/base/nsIUDPSocket.idl b/netwerk/base/nsIUDPSocket.idl
index 5c23c1bb6f..d07be55349 100644
--- a/netwerk/base/nsIUDPSocket.idl
+++ b/netwerk/base/nsIUDPSocket.idl
@@ -31,7 +31,7 @@ native NetAddr(mozilla::net::NetAddr);
*
* An interface to a UDP socket that can accept incoming connections.
*/
-[scriptable, uuid(d423bf4e-4499-40cf-bc03-153e2bf206d1)]
+[scriptable, builtinclass, uuid(d423bf4e-4499-40cf-bc03-153e2bf206d1)]
interface nsIUDPSocket : nsISupports
{
/**
@@ -126,7 +126,7 @@ interface nsIUDPSocket : nsISupports
* @param aRemoteAddr
* The remote address to connect to
*/
- void connect([const] in NetAddrPtr aAddr);
+ [noscript] void connect([const] in NetAddrPtr aAddr);
/**
* Returns the local address of this UDP socket
@@ -217,8 +217,8 @@ interface nsIUDPSocket : nsISupports
* @param addr The remote host address.
* @param stream The input stream to be sent. This must be a buffered stream implementation.
*/
- void sendBinaryStreamWithAddress([const] in NetAddrPtr addr,
- in nsIInputStream stream);
+ [noscript] void sendBinaryStreamWithAddress([const] in NetAddrPtr addr,
+ in nsIInputStream stream);
/**
* joinMulticast
diff --git a/netwerk/base/nsProtocolProxyService.cpp b/netwerk/base/nsProtocolProxyService.cpp
index 7ccfc9363a..743c977c74 100644
--- a/netwerk/base/nsProtocolProxyService.cpp
+++ b/netwerk/base/nsProtocolProxyService.cpp
@@ -2292,6 +2292,10 @@ void nsProtocolProxyService::MaybeDisableDNSPrefetch(nsIProxyInfo* aProxy) {
nsCOMPtr<nsProxyInfo> pi = do_QueryInterface(aProxy);
if (!pi || !pi->mType || pi->mType == kProxyType_DIRECT) return;
+ if (StaticPrefs::network_dns_prefetch_via_proxy()) {
+ return;
+ }
+
// To avoid getting DNS service recursively, we directly use
// GetXPCOMSingleton().
nsCOMPtr<nsIDNSService> dns = nsDNSService::GetXPCOMSingleton();
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-06 18:56:41 +0000