Adding upstream version 115.7.0esr.upstream/115.7.0esr

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

9 files changed, 1564 insertions, 0 deletions

diff --git a/third_party/rust/viaduct/src/backend.rs b/third_party/rust/viaduct/src/backend.rs
new file mode 100644
index 0000000000..599a26bd98
--- /dev/null
+++ b/third_party/rust/viaduct/src/backend.rs
@@ -0,0 +1,154 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+use crate::GLOBAL_SETTINGS;
+use ffi::FfiBackend;
+use once_cell::sync::OnceCell;
+mod ffi;
+
+pub fn note_backend(which: &str) {
+    // If trace logs are enabled: log on every request. Otherwise, just log on
+    // the first request at `info` level. We remember if the Once was triggered
+    // to avoid logging twice in the first case.
+    static NOTE_BACKEND_ONCE: std::sync::Once = std::sync::Once::new();
+    let mut called = false;
+    NOTE_BACKEND_ONCE.call_once(|| {
+        log::info!("Using HTTP backend {}", which);
+        called = true;
+    });
+    if !called {
+        log::trace!("Using HTTP backend {}", which);
+    }
+}
+
+pub trait Backend: Send + Sync + 'static {
+    fn send(&self, request: crate::Request) -> Result<crate::Response, crate::Error>;
+}
+
+static BACKEND: OnceCell<&'static dyn Backend> = OnceCell::new();
+
+pub fn set_backend(b: &'static dyn Backend) -> Result<(), crate::Error> {
+    BACKEND
+        .set(b)
+        .map_err(|_| crate::error::Error::SetBackendError)
+}
+
+pub(crate) fn get_backend() -> &'static dyn Backend {
+    *BACKEND.get_or_init(|| Box::leak(Box::new(FfiBackend)))
+}
+
+pub fn send(request: crate::Request) -> Result<crate::Response, crate::Error> {
+    validate_request(&request)?;
+    get_backend().send(request)
+}
+
+pub fn validate_request(request: &crate::Request) -> Result<(), crate::Error> {
+    if request.url.scheme() != "https"
+        && match request.url.host() {
+            Some(url::Host::Domain(d)) => d != "localhost",
+            Some(url::Host::Ipv4(addr)) => !addr.is_loopback(),
+            Some(url::Host::Ipv6(addr)) => !addr.is_loopback(),
+            None => true,
+        }
+        && {
+            let settings = GLOBAL_SETTINGS.read();
+            settings
+                .addn_allowed_insecure_url
+                .as_ref()
+                .map(|url| url.host() != request.url.host() || url.scheme() != request.url.scheme())
+                .unwrap_or(true)
+        }
+    {
+        return Err(crate::Error::NonTlsUrl);
+    }
+    Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_validate_request() {
+        let _https_request = crate::Request::new(
+            crate::Method::Get,
+            url::Url::parse("https://www.example.com").unwrap(),
+        );
+        assert!(validate_request(&_https_request).is_ok());
+
+        let _http_request = crate::Request::new(
+            crate::Method::Get,
+            url::Url::parse("http://www.example.com").unwrap(),
+        );
+        assert!(validate_request(&_http_request).is_err());
+
+        let _localhost_https_request = crate::Request::new(
+            crate::Method::Get,
+            url::Url::parse("https://127.0.0.1/index.html").unwrap(),
+        );
+        assert!(validate_request(&_localhost_https_request).is_ok());
+
+        let _localhost_https_request_2 = crate::Request::new(
+            crate::Method::Get,
+            url::Url::parse("https://localhost:4242/").unwrap(),
+        );
+        assert!(validate_request(&_localhost_https_request_2).is_ok());
+
+        let _localhost_http_request = crate::Request::new(
+            crate::Method::Get,
+            url::Url::parse("http://localhost:4242/").unwrap(),
+        );
+        assert!(validate_request(&_localhost_http_request).is_ok());
+
+        let localhost_request = crate::Request::new(
+            crate::Method::Get,
+            url::Url::parse("localhost:4242/").unwrap(),
+        );
+        assert!(validate_request(&localhost_request).is_err());
+
+        let localhost_request_shorthand_ipv6 =
+            crate::Request::new(crate::Method::Get, url::Url::parse("http://[::1]").unwrap());
+        assert!(validate_request(&localhost_request_shorthand_ipv6).is_ok());
+
+        let localhost_request_ipv6 = crate::Request::new(
+            crate::Method::Get,
+            url::Url::parse("http://[0:0:0:0:0:0:0:1]").unwrap(),
+        );
+        assert!(validate_request(&localhost_request_ipv6).is_ok());
+    }
+
+    #[test]
+    fn test_validate_request_addn_allowed_insecure_url() {
+        let request_root = crate::Request::new(
+            crate::Method::Get,
+            url::Url::parse("http://anything").unwrap(),
+        );
+        let request = crate::Request::new(
+            crate::Method::Get,
+            url::Url::parse("http://anything/path").unwrap(),
+        );
+        // This should never be accepted.
+        let request_ftp = crate::Request::new(
+            crate::Method::Get,
+            url::Url::parse("ftp://anything/path").unwrap(),
+        );
+        assert!(validate_request(&request_root).is_err());
+        assert!(validate_request(&request).is_err());
+        {
+            let mut settings = GLOBAL_SETTINGS.write();
+            settings.addn_allowed_insecure_url =
+                Some(url::Url::parse("http://something-else").unwrap());
+        }
+        assert!(validate_request(&request_root).is_err());
+        assert!(validate_request(&request).is_err());
+
+        {
+            let mut settings = GLOBAL_SETTINGS.write();
+            settings.addn_allowed_insecure_url = Some(url::Url::parse("http://anything").unwrap());
+        }
+        assert!(validate_request(&request_root).is_ok());
+        assert!(validate_request(&request).is_ok());
+        assert!(validate_request(&request_ftp).is_err());
+    }
+}
diff --git a/third_party/rust/viaduct/src/backend/ffi.rs b/third_party/rust/viaduct/src/backend/ffi.rs
new file mode 100644
index 0000000000..cca6bc68f2
--- /dev/null
+++ b/third_party/rust/viaduct/src/backend/ffi.rs
@@ -0,0 +1,209 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+use crate::{backend::Backend, settings::GLOBAL_SETTINGS};
+use crate::{msg_types, Error};
+use ffi_support::{ByteBuffer, FfiStr};
+
+ffi_support::implement_into_ffi_by_protobuf!(msg_types::Request);
+
+impl From<crate::Request> for msg_types::Request {
+    fn from(request: crate::Request) -> Self {
+        let settings = GLOBAL_SETTINGS.read();
+        msg_types::Request {
+            url: request.url.to_string(),
+            body: request.body,
+            // Real weird that this needs to be specified as an i32, but
+            // it certainly makes it convenient for us...
+            method: request.method as i32,
+            headers: request.headers.into(),
+            follow_redirects: settings.follow_redirects,
+            use_caches: settings.use_caches,
+            connect_timeout_secs: settings.connect_timeout.map_or(0, |d| d.as_secs() as i32),
+            read_timeout_secs: settings.read_timeout.map_or(0, |d| d.as_secs() as i32),
+        }
+    }
+}
+
+macro_rules! backend_error {
+    ($($args:tt)*) => {{
+        let msg = format!($($args)*);
+        log::error!("{}", msg);
+        Error::BackendError(msg)
+    }};
+}
+
+pub struct FfiBackend;
+impl Backend for FfiBackend {
+    fn send(&self, request: crate::Request) -> Result<crate::Response, Error> {
+        use ffi_support::IntoFfi;
+        use prost::Message;
+        super::note_backend("FFI (trusted)");
+
+        let method = request.method;
+        let fetch = callback_holder::get_callback().ok_or(Error::BackendNotInitialized)?;
+        let proto_req: msg_types::Request = request.into();
+        let buf = proto_req.into_ffi_value();
+        let response = unsafe { fetch(buf) };
+        // This way we'll Drop it if we panic, unlike if we just got a slice into
+        // it. Besides, we already own it.
+        let response_bytes = response.destroy_into_vec();
+
+        let response: msg_types::Response = match Message::decode(response_bytes.as_slice()) {
+            Ok(v) => v,
+            Err(e) => {
+                panic!(
+                    "Failed to parse protobuf returned from fetch callback! {}",
+                    e
+                );
+            }
+        };
+
+        if let Some(exn) = response.exception_message {
+            return Err(Error::NetworkError(format!("Java error: {:?}", exn)));
+        }
+        let status = response
+            .status
+            .ok_or_else(|| backend_error!("Missing HTTP status"))?;
+
+        if status < 0 || status > i32::from(u16::max_value()) {
+            return Err(backend_error!("Illegal HTTP status: {}", status));
+        }
+
+        let mut headers = crate::Headers::with_capacity(response.headers.len());
+        for (name, val) in response.headers {
+            let hname = match crate::HeaderName::new(name) {
+                Ok(name) => name,
+                Err(e) => {
+                    // Ignore headers with invalid names, since nobody can look for them anyway.
+                    log::warn!("Server sent back invalid header name: '{}'", e);
+                    continue;
+                }
+            };
+            // Not using Header::new since the error it returns is for request headers.
+            headers.insert_header(crate::Header::new_unchecked(hname, val));
+        }
+
+        let url = url::Url::parse(
+            &response
+                .url
+                .ok_or_else(|| backend_error!("Response has no URL"))?,
+        )
+        .map_err(|e| backend_error!("Response has illegal URL: {}", e))?;
+
+        Ok(crate::Response {
+            url,
+            request_method: method,
+            body: response.body.unwrap_or_default(),
+            status: status as u16,
+            headers,
+        })
+    }
+}
+
+/// Type of the callback we need callers on the other side of the FFI to
+/// provide.
+///
+/// Takes and returns a ffi_support::ByteBuffer. (TODO: it would be nice if we could
+/// make this take/return pointers, so that we could use JNA direct mapping. Maybe
+/// we need some kind of ThinBuffer?)
+///
+/// This is a bit weird, since it requires us to allow code on the other side of
+/// the FFI to allocate a ByteBuffer from us, but it works.
+///
+/// The code on the other side of the FFI is responsible for freeing the ByteBuffer
+/// it's passed using `viaduct_destroy_bytebuffer`.
+type FetchCallback = unsafe extern "C" fn(ByteBuffer) -> ByteBuffer;
+
+/// Module that manages get/set of the global fetch callback pointer.
+mod callback_holder {
+    use super::FetchCallback;
+    use std::sync::atomic::{AtomicUsize, Ordering};
+
+    /// Note: We only assign to this once.
+    static CALLBACK_PTR: AtomicUsize = AtomicUsize::new(0);
+
+    // Overly-paranoid sanity checking to ensure that these types are
+    // convertible between each-other. `transmute` actually should check this for
+    // us too, but this helps document the invariants we rely on in this code.
+    //
+    // Note that these are guaranteed by
+    // https://rust-lang.github.io/unsafe-code-guidelines/layout/function-pointers.html
+    // and thus this is a little paranoid.
+    ffi_support::static_assert!(
+        STATIC_ASSERT_USIZE_EQ_FUNC_SIZE,
+        std::mem::size_of::<usize>() == std::mem::size_of::<FetchCallback>()
+    );
+
+    ffi_support::static_assert!(
+        STATIC_ASSERT_USIZE_EQ_OPT_FUNC_SIZE,
+        std::mem::size_of::<usize>() == std::mem::size_of::<Option<FetchCallback>>()
+    );
+
+    /// Get the function pointer to the FetchCallback. Panics if the callback
+    /// has not yet been initialized.
+    pub(super) fn get_callback() -> Option<FetchCallback> {
+        let ptr_value = CALLBACK_PTR.load(Ordering::SeqCst);
+        unsafe { std::mem::transmute::<usize, Option<FetchCallback>>(ptr_value) }
+    }
+
+    /// Set the function pointer to the FetchCallback. Returns false if we did nothing because the callback had already been initialized
+    pub(super) fn set_callback(h: FetchCallback) -> bool {
+        let as_usize = h as usize;
+        match CALLBACK_PTR.compare_exchange(0, as_usize, Ordering::SeqCst, Ordering::SeqCst) {
+            Ok(_) => true,
+            Err(_) => {
+                // This is an internal bug, the other side of the FFI should ensure
+                // it sets this only once. Note that this is actually going to be
+                // before logging is initialized in practice, so there's not a lot
+                // we can actually do here.
+                log::error!("Bug: Initialized CALLBACK_PTR multiple times");
+                false
+            }
+        }
+    }
+}
+
+/// Return a ByteBuffer of the requested size. This is used to store the
+/// response from the callback.
+#[no_mangle]
+pub extern "C" fn viaduct_alloc_bytebuffer(sz: i32) -> ByteBuffer {
+    let mut error = ffi_support::ExternError::default();
+    let buffer =
+        ffi_support::call_with_output(&mut error, || ByteBuffer::new_with_size(sz.max(0) as usize));
+    error.consume_and_log_if_error();
+    buffer
+}
+
+#[no_mangle]
+pub extern "C" fn viaduct_log_error(s: FfiStr<'_>) {
+    let mut error = ffi_support::ExternError::default();
+    ffi_support::call_with_output(&mut error, || {
+        log::error!("Viaduct Ffi Error: {}", s.as_str())
+    });
+    error.consume_and_log_if_error();
+}
+
+#[no_mangle]
+pub extern "C" fn viaduct_initialize(callback: FetchCallback) -> u8 {
+    ffi_support::abort_on_panic::call_with_output(|| callback_holder::set_callback(callback))
+}
+
+/// Allows connections to the hard-coded address the Android Emulator uses for
+/// localhost. It would be easy to support allowing the address to be passed in,
+/// but we've made a decision to avoid that possible footgun. The expectation is
+/// that this will only be called in debug builds or if the app can determine it
+/// is in the emulator, but the Rust code doesn't know that, so we can't check.
+#[no_mangle]
+pub extern "C" fn viaduct_allow_android_emulator_loopback() {
+    let mut error = ffi_support::ExternError::default();
+    ffi_support::call_with_output(&mut error, || {
+        let url = url::Url::parse("http://10.0.2.2").unwrap();
+        let mut settings = GLOBAL_SETTINGS.write();
+        settings.addn_allowed_insecure_url = Some(url);
+    });
+    error.consume_and_log_if_error();
+}
+
+ffi_support::define_bytebuffer_destructor!(viaduct_destroy_bytebuffer);
diff --git a/third_party/rust/viaduct/src/error.rs b/third_party/rust/viaduct/src/error.rs
new file mode 100644
index 0000000000..a66c3e38fe
--- /dev/null
+++ b/third_party/rust/viaduct/src/error.rs
@@ -0,0 +1,48 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#[derive(Debug, thiserror::Error)]
+pub enum Error {
+    #[error("[no-sentry] Illegal characters in request header '{0}'")]
+    RequestHeaderError(crate::HeaderName),
+
+    #[error("[no-sentry] Backend error: {0}")]
+    BackendError(String),
+
+    #[error("[no-sentry] Network error: {0}")]
+    NetworkError(String),
+
+    #[error("The rust-components network backend must be initialized before use!")]
+    BackendNotInitialized,
+
+    #[error("Backend already initialized.")]
+    SetBackendError,
+
+    /// Note: we return this if the server returns a bad URL with
+    /// its response. This *probably* should never happen, but who knows.
+    #[error("[no-sentry] URL Parse Error: {0}")]
+    UrlError(#[source] url::ParseError),
+
+    #[error("[no-sentry] Validation error: URL does not use TLS protocol.")]
+    NonTlsUrl,
+}
+
+impl From<url::ParseError> for Error {
+    fn from(u: url::ParseError) -> Self {
+        Error::UrlError(u)
+    }
+}
+
+/// This error is returned as the `Err` result from
+/// [`Response::require_success`].
+///
+/// Note that it's not a variant on `Error` to distinguish between errors
+/// caused by the network, and errors returned from the server.
+#[derive(thiserror::Error, Debug, Clone)]
+#[error("Error: {method} {url} returned {status}")]
+pub struct UnexpectedStatus {
+    pub status: u16,
+    pub method: crate::Method,
+    pub url: url::Url,
+}
diff --git a/third_party/rust/viaduct/src/fetch_msg_types.proto b/third_party/rust/viaduct/src/fetch_msg_types.proto
new file mode 100644
index 0000000000..96963cef42
--- /dev/null
+++ b/third_party/rust/viaduct/src/fetch_msg_types.proto
@@ -0,0 +1,42 @@
+syntax = "proto2";
+
+// Note: this file name must be unique due to how the iOS megazord works :(
+
+package mozilla.appservices.httpconfig.protobuf;
+
+option java_package = "mozilla.appservices.httpconfig";
+option java_outer_classname = "MsgTypes";
+option swift_prefix = "MsgTypes_";
+option optimize_for = LITE_RUNTIME;
+
+message Request {
+    enum Method {
+        GET = 0;
+        HEAD = 1;
+        POST = 2;
+        PUT = 3;
+        DELETE = 4;
+        CONNECT = 5;
+        OPTIONS = 6;
+        TRACE = 7;
+        PATCH = 8;
+    }
+    required Method method = 1;
+    required string url = 2;
+    optional bytes body = 3;
+    map<string, string> headers = 4;
+    required bool follow_redirects = 5;
+    required bool use_caches = 6;
+    required int32 connect_timeout_secs = 7;
+    required int32 read_timeout_secs = 8;
+}
+
+message Response {
+    // If this is present, nothing else is.
+    optional string exception_message = 1;
+    optional string url = 2;
+    optional int32 status = 3;
+    optional bytes body = 4;
+    map<string, string> headers = 5;
+}
+
diff --git a/third_party/rust/viaduct/src/headers.rs b/third_party/rust/viaduct/src/headers.rs
new file mode 100644
index 0000000000..d7b7f7aa11
--- /dev/null
+++ b/third_party/rust/viaduct/src/headers.rs
@@ -0,0 +1,414 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+pub use name::{HeaderName, InvalidHeaderName};
+use std::collections::HashMap;
+use std::iter::FromIterator;
+use std::str::FromStr;
+mod name;
+
+/// A single header. Headers have a name (case insensitive) and a value. The
+/// character set for header and values are both restrictive.
+/// - Names must only contain a-zA-Z0-9 and and ('!' | '#' | '$' | '%' | '&' |
+///   '\'' | '*' | '+' | '-' | '.' | '^' | '_' | '`' | '|' | '~') characters
+///   (the field-name token production defined at
+///   https://tools.ietf.org/html/rfc7230#section-3.2).
+///   For request headers, we expect these to all be specified statically,
+///   and so we panic if you provide an invalid one. (For response headers, we
+///   ignore headers with invalid names, but emit a warning).
+///
+///   Header names are case insensitive, and we have several pre-defined ones in
+///   the [`header_names`] module.
+///
+/// - Values may only contain printable ascii characters, and may not contain
+///   \r or \n. Strictly speaking, HTTP is more flexible for header values,
+///   however we don't need to support binary header values, and so we do not.
+///
+/// Note that typically you should not interact with this directly, and instead
+/// use the methods on [`Request`] or [`Headers`] to manipulate these.
+#[derive(Clone, Debug, PartialEq, PartialOrd, Hash, Eq, Ord)]
+pub struct Header {
+    pub(crate) name: HeaderName,
+    pub(crate) value: String,
+}
+
+// Trim `s` without copying if it can be avoided.
+fn trim_string<S: AsRef<str> + Into<String>>(s: S) -> String {
+    let sr = s.as_ref();
+    let trimmed = sr.trim();
+    if sr.len() != trimmed.len() {
+        trimmed.into()
+    } else {
+        s.into()
+    }
+}
+
+fn is_valid_header_value(value: &str) -> bool {
+    value.bytes().all(|b| (32..127).contains(&b) || b == b'\t')
+}
+
+impl Header {
+    pub fn new<Name, Value>(name: Name, value: Value) -> Result<Self, crate::Error>
+    where
+        Name: Into<HeaderName>,
+        Value: AsRef<str> + Into<String>,
+    {
+        let name = name.into();
+        let value = trim_string(value);
+        if !is_valid_header_value(&value) {
+            return Err(crate::Error::RequestHeaderError(name));
+        }
+        Ok(Self { name, value })
+    }
+
+    pub fn new_unchecked<Value>(name: HeaderName, value: Value) -> Self
+    where
+        Value: AsRef<str> + Into<String>,
+    {
+        Self {
+            name,
+            value: value.into(),
+        }
+    }
+
+    #[inline]
+    pub fn name(&self) -> &HeaderName {
+        &self.name
+    }
+
+    #[inline]
+    pub fn value(&self) -> &str {
+        &self.value
+    }
+
+    #[inline]
+    fn set_value<V: AsRef<str>>(&mut self, s: V) -> Result<(), crate::Error> {
+        let value = s.as_ref();
+        if !is_valid_header_value(value) {
+            Err(crate::Error::RequestHeaderError(self.name.clone()))
+        } else {
+            self.value.clear();
+            self.value.push_str(s.as_ref().trim());
+            Ok(())
+        }
+    }
+}
+
+impl std::fmt::Display for Header {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}: {}", self.name, self.value)
+    }
+}
+
+/// A list of headers.
+#[derive(Clone, Debug, PartialEq, Eq, Default)]
+pub struct Headers {
+    headers: Vec<Header>,
+}
+
+impl Headers {
+    /// Initialize an empty list of headers.
+    #[inline]
+    pub fn new() -> Self {
+        Default::default()
+    }
+
+    /// Initialize an empty list of headers backed by a vector with the provided
+    /// capacity.
+    pub fn with_capacity(c: usize) -> Self {
+        Self {
+            headers: Vec::with_capacity(c),
+        }
+    }
+
+    /// Convert this list of headers to a Vec<Header>
+    #[inline]
+    pub fn into_vec(self) -> Vec<Header> {
+        self.headers
+    }
+
+    /// Returns the number of headers.
+    #[inline]
+    pub fn len(&self) -> usize {
+        self.headers.len()
+    }
+
+    /// Returns true if `len()` is zero.
+    #[inline]
+    pub fn is_empty(&self) -> bool {
+        self.headers.is_empty()
+    }
+    /// Clear this set of headers.
+    #[inline]
+    pub fn clear(&mut self) {
+        self.headers.clear();
+    }
+
+    /// Insert or update a new header.
+    ///
+    /// This returns an error if you attempt to specify a header with an
+    /// invalid value (values must be printable ASCII and may not contain
+    /// \r or \n)
+    ///
+    /// ## Example
+    /// ```
+    /// # use viaduct::Headers;
+    /// # fn main() -> Result<(), viaduct::Error> {
+    /// let mut h = Headers::new();
+    /// h.insert("My-Cool-Header", "example")?;
+    /// assert_eq!(h.get("My-Cool-Header"), Some("example"));
+    ///
+    /// // Note: names are sensitive
+    /// assert_eq!(h.get("my-cool-header"), Some("example"));
+    ///
+    /// // Also note, constants for headers are in `viaduct::header_names`, and
+    /// // you can chain the result of this function.
+    /// h.insert(viaduct::header_names::CONTENT_TYPE, "something...")?
+    ///  .insert("Something-Else", "etc")?;
+    /// # Ok(())
+    /// # }
+    /// ```
+    pub fn insert<N, V>(&mut self, name: N, value: V) -> Result<&mut Self, crate::Error>
+    where
+        N: Into<HeaderName> + PartialEq<HeaderName>,
+        V: Into<String> + AsRef<str>,
+    {
+        if let Some(entry) = self.headers.iter_mut().find(|h| name == h.name) {
+            entry.set_value(value)?;
+        } else {
+            self.headers.push(Header::new(name, value)?);
+        }
+        Ok(self)
+    }
+
+    /// Insert the provided header unless a header is already specified.
+    /// Mostly used internally, e.g. to set "Content-Type: application/json"
+    /// in `Request::json()` unless it has been set specifically.
+    pub fn insert_if_missing<N, V>(&mut self, name: N, value: V) -> Result<&mut Self, crate::Error>
+    where
+        N: Into<HeaderName> + PartialEq<HeaderName>,
+        V: Into<String> + AsRef<str>,
+    {
+        if !self.headers.iter_mut().any(|h| name == h.name) {
+            self.headers.push(Header::new(name, value)?);
+        }
+        Ok(self)
+    }
+
+    /// Insert or update a header directly. Typically you will want to use
+    /// `insert` over this, as it performs less work if the header needs
+    /// updating instead of insertion.
+    pub fn insert_header(&mut self, new: Header) -> &mut Self {
+        if let Some(entry) = self.headers.iter_mut().find(|h| h.name == new.name) {
+            entry.value = new.value;
+        } else {
+            self.headers.push(new);
+        }
+        self
+    }
+
+    /// Add all the headers in the provided iterator to this list of headers.
+    pub fn extend<I>(&mut self, iter: I) -> &mut Self
+    where
+        I: IntoIterator<Item = Header>,
+    {
+        let it = iter.into_iter();
+        self.headers.reserve(it.size_hint().0);
+        for h in it {
+            self.insert_header(h);
+        }
+        self
+    }
+
+    /// Add all the headers in the provided iterator, unless any of them are Err.
+    pub fn try_extend<I, E>(&mut self, iter: I) -> Result<&mut Self, E>
+    where
+        I: IntoIterator<Item = Result<Header, E>>,
+    {
+        // Not the most efficient but avoids leaving us in an unspecified state
+        // if one returns Err.
+        self.extend(iter.into_iter().collect::<Result<Vec<_>, E>>()?);
+        Ok(self)
+    }
+
+    /// Get the header object with the requested name. Usually, you will
+    /// want to use `get()` or `get_as::<T>()` instead.
+    pub fn get_header<S>(&self, name: S) -> Option<&Header>
+    where
+        S: PartialEq<HeaderName>,
+    {
+        self.headers.iter().find(|h| name == h.name)
+    }
+
+    /// Get the value of the header with the provided name.
+    ///
+    /// See also `get_as`.
+    ///
+    /// ## Example
+    /// ```
+    /// # use viaduct::{Headers, header_names::CONTENT_TYPE};
+    /// # fn main() -> Result<(), viaduct::Error> {
+    /// let mut h = Headers::new();
+    /// h.insert(CONTENT_TYPE, "application/json")?;
+    /// assert_eq!(h.get(CONTENT_TYPE), Some("application/json"));
+    /// assert_eq!(h.get("Something-Else"), None);
+    /// # Ok(())
+    /// # }
+    /// ```
+    pub fn get<S>(&self, name: S) -> Option<&str>
+    where
+        S: PartialEq<HeaderName>,
+    {
+        self.get_header(name).map(|h| h.value.as_str())
+    }
+
+    /// Get the value of the header with the provided name, and
+    /// attempt to parse it using [`std::str::FromStr`].
+    ///
+    /// - If the header is missing, it returns None.
+    /// - If the header is present but parsing failed, returns
+    ///   `Some(Err(<error returned by parsing>))`.
+    /// - Otherwise, returns `Some(Ok(result))`.
+    ///
+    /// Note that if `Option<Result<T, E>>` is inconvenient for you,
+    /// and you wish this returned `Result<Option<T>, E>`, you may use
+    /// the built-in `transpose()` method to convert between them.
+    ///
+    /// ```
+    /// # use viaduct::Headers;
+    /// # fn main() -> Result<(), viaduct::Error> {
+    /// let mut h = Headers::new();
+    /// h.insert("Example", "1234")?.insert("Illegal", "abcd")?;
+    /// let v: Option<Result<i64, _>> = h.get_as("Example");
+    /// assert_eq!(v, Some(Ok(1234)));
+    /// assert_eq!(h.get_as::<i64, _>("Example"), Some(Ok(1234)));
+    /// assert_eq!(h.get_as::<i64, _>("Illegal"), Some("abcd".parse::<i64>()));
+    /// assert_eq!(h.get_as::<i64, _>("Something-Else"), None);
+    /// # Ok(())
+    /// # }
+    /// ```
+    pub fn get_as<T, S>(&self, name: S) -> Option<Result<T, <T as FromStr>::Err>>
+    where
+        T: FromStr,
+        S: PartialEq<HeaderName>,
+    {
+        self.get(name).map(str::parse)
+    }
+    /// Get the value of the header with the provided name, and
+    /// attempt to parse it using [`std::str::FromStr`].
+    ///
+    /// This is a variant of `get_as` that returns None on error,
+    /// intended to be used for cases where missing and invalid
+    /// headers should be treated the same. (With `get_as` this
+    /// requires `h.get_as(...).and_then(|r| r.ok())`, which is
+    /// somewhat opaque.
+    pub fn try_get<T, S>(&self, name: S) -> Option<T>
+    where
+        T: FromStr,
+        S: PartialEq<HeaderName>,
+    {
+        self.get(name).and_then(|val| val.parse::<T>().ok())
+    }
+
+    /// Get an iterator over the headers in no particular order.
+    ///
+    /// Note that we also implement IntoIterator.
+    pub fn iter(&self) -> <&Headers as IntoIterator>::IntoIter {
+        self.into_iter()
+    }
+}
+
+impl std::iter::IntoIterator for Headers {
+    type IntoIter = <Vec<Header> as IntoIterator>::IntoIter;
+    type Item = Header;
+    fn into_iter(self) -> Self::IntoIter {
+        self.headers.into_iter()
+    }
+}
+
+impl<'a> std::iter::IntoIterator for &'a Headers {
+    type IntoIter = <&'a [Header] as IntoIterator>::IntoIter;
+    type Item = &'a Header;
+    fn into_iter(self) -> Self::IntoIter {
+        self.headers[..].iter()
+    }
+}
+
+impl FromIterator<Header> for Headers {
+    fn from_iter<T>(iter: T) -> Self
+    where
+        T: IntoIterator<Item = Header>,
+    {
+        let mut v = iter.into_iter().collect::<Vec<Header>>();
+        v.sort_by(|a, b| a.name.cmp(&b.name));
+        v.reverse();
+        v.dedup_by(|a, b| a.name == b.name);
+        Headers { headers: v }
+    }
+}
+
+#[allow(clippy::implicit_hasher)] // https://github.com/rust-lang/rust-clippy/issues/3899
+impl From<Headers> for HashMap<String, String> {
+    fn from(headers: Headers) -> HashMap<String, String> {
+        headers
+            .into_iter()
+            .map(|h| (String::from(h.name), h.value))
+            .collect()
+    }
+}
+
+pub mod consts {
+    use super::name::HeaderName;
+    macro_rules! def_header_consts {
+        ($(($NAME:ident, $string:literal)),* $(,)?) => {
+            $(pub const $NAME: HeaderName = HeaderName(std::borrow::Cow::Borrowed($string));)*
+        };
+    }
+
+    macro_rules! headers {
+        ($(($NAME:ident, $string:literal)),* $(,)?) => {
+            def_header_consts!($(($NAME, $string)),*);
+            // Unused except for tests.
+            const _ALL: &[&str] = &[$($string),*];
+        };
+    }
+
+    // Predefined header names, for convenience.
+    // Feel free to add to these.
+    headers!(
+        (ACCEPT_ENCODING, "accept-encoding"),
+        (ACCEPT, "accept"),
+        (AUTHORIZATION, "authorization"),
+        (CONTENT_TYPE, "content-type"),
+        (ETAG, "etag"),
+        (IF_NONE_MATCH, "if-none-match"),
+        (USER_AGENT, "user-agent"),
+        // non-standard, but it's convenient to have these.
+        (RETRY_AFTER, "retry-after"),
+        (X_IF_UNMODIFIED_SINCE, "x-if-unmodified-since"),
+        (X_KEYID, "x-keyid"),
+        (X_LAST_MODIFIED, "x-last-modified"),
+        (X_TIMESTAMP, "x-timestamp"),
+        (X_WEAVE_NEXT_OFFSET, "x-weave-next-offset"),
+        (X_WEAVE_RECORDS, "x-weave-records"),
+        (X_WEAVE_TIMESTAMP, "x-weave-timestamp"),
+        (X_WEAVE_BACKOFF, "x-weave-backoff"),
+    );
+
+    #[test]
+    fn test_predefined() {
+        for &name in _ALL {
+            assert!(
+                HeaderName::new(name).is_ok(),
+                "Invalid header name in predefined header constants: {}",
+                name
+            );
+            assert_eq!(
+                name.to_ascii_lowercase(),
+                name,
+                "Non-lowercase name in predefined header constants: {}",
+                name
+            );
+        }
+    }
+}
diff --git a/third_party/rust/viaduct/src/headers/name.rs b/third_party/rust/viaduct/src/headers/name.rs
new file mode 100644
index 0000000000..7fe322ddd6
--- /dev/null
+++ b/third_party/rust/viaduct/src/headers/name.rs
@@ -0,0 +1,232 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+use std::borrow::Cow;
+
+/// Represents a header name that we know to be both valid and lowercase.
+/// Internally, this avoids allocating for headers that are constant strings,
+/// like the predefined ones in this crate, however even without that
+/// optimization, we would still likely have an equivalent of this for use
+/// as a case-insensitive string guaranteed to only have valid characters.
+#[derive(Debug, Clone, PartialEq, PartialOrd, Hash, Eq, Ord)]
+pub struct HeaderName(pub(super) Cow<'static, str>);
+
+/// Indicates an invalid header name. Note that we only emit
+/// this for response headers, for request headers, we panic
+/// instead. This is because it would likely come through as
+/// a network error if we emitted it for local headers, when
+/// it's actually a bug that we'd need to fix.
+#[derive(thiserror::Error, Debug, Clone, PartialEq, Eq)]
+#[error("Invalid header name: {0:?}")]
+pub struct InvalidHeaderName(Cow<'static, str>);
+
+impl From<&'static str> for HeaderName {
+    fn from(s: &'static str) -> HeaderName {
+        match HeaderName::new(s) {
+            Ok(v) => v,
+            Err(e) => {
+                panic!("Illegal locally specified header {}", e);
+            }
+        }
+    }
+}
+
+impl From<String> for HeaderName {
+    fn from(s: String) -> HeaderName {
+        match HeaderName::new(s) {
+            Ok(v) => v,
+            Err(e) => {
+                panic!("Illegal locally specified header {}", e);
+            }
+        }
+    }
+}
+
+impl From<Cow<'static, str>> for HeaderName {
+    fn from(s: Cow<'static, str>) -> HeaderName {
+        match HeaderName::new(s) {
+            Ok(v) => v,
+            Err(e) => {
+                panic!("Illegal locally specified header {}", e);
+            }
+        }
+    }
+}
+
+impl InvalidHeaderName {
+    pub fn name(&self) -> &str {
+        &self.0[..]
+    }
+}
+
+fn validate_header(mut name: Cow<'static, str>) -> Result<HeaderName, InvalidHeaderName> {
+    if name.len() == 0 {
+        return Err(invalid_header_name(name));
+    }
+    let mut need_lower_case = false;
+    for b in name.bytes() {
+        let validity = VALID_HEADER_LUT[b as usize];
+        if validity == 0 {
+            return Err(invalid_header_name(name));
+        }
+        if validity == 2 {
+            need_lower_case = true;
+        }
+    }
+    if need_lower_case {
+        // Only do this if needed, since it causes us to own the header.
+        name.to_mut().make_ascii_lowercase();
+    }
+    Ok(HeaderName(name))
+}
+
+impl HeaderName {
+    /// Create a new header. In general you likely want to use `HeaderName::from(s)`
+    /// instead for headers being specified locally (This will panic instead of
+    /// returning a Result, since we have control over headers we specify locally,
+    /// and want to know if we specify an illegal one).
+    #[inline]
+    pub fn new<S: Into<Cow<'static, str>>>(s: S) -> Result<Self, InvalidHeaderName> {
+        validate_header(s.into())
+    }
+
+    #[inline]
+    pub fn as_str(&self) -> &str {
+        &self.0[..]
+    }
+}
+
+impl std::fmt::Display for HeaderName {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.write_str(self.as_str())
+    }
+}
+
+// Separate for dumb micro-optimization reasons.
+#[cold]
+#[inline(never)]
+fn invalid_header_name(s: Cow<'static, str>) -> InvalidHeaderName {
+    log::warn!("Invalid header name: {}", s);
+    InvalidHeaderName(s)
+}
+// Note: 0 = invalid, 1 = valid, 2 = valid but needs lowercasing. I'd use an
+// enum for this, but it would make this LUT *way* harder to look at. This
+// includes 0-9, a-z, A-Z (as 2), and ('!' | '#' | '$' | '%' | '&' | '\'' | '*'
+// | '+' | '-' | '.' | '^' | '_' | '`' | '|' | '~'), matching the field-name
+// token production defined at https://tools.ietf.org/html/rfc7230#section-3.2.
+static VALID_HEADER_LUT: [u8; 256] = [
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0,
+    0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 0, 0, 0, 1, 1,
+    1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+];
+
+impl std::ops::Deref for HeaderName {
+    type Target = str;
+    #[inline]
+    fn deref(&self) -> &str {
+        self.as_str()
+    }
+}
+
+impl AsRef<str> for HeaderName {
+    #[inline]
+    fn as_ref(&self) -> &str {
+        self.as_str()
+    }
+}
+
+impl AsRef<[u8]> for HeaderName {
+    #[inline]
+    fn as_ref(&self) -> &[u8] {
+        self.as_str().as_bytes()
+    }
+}
+
+impl From<HeaderName> for String {
+    #[inline]
+    fn from(h: HeaderName) -> Self {
+        h.0.into()
+    }
+}
+
+impl From<HeaderName> for Cow<'static, str> {
+    #[inline]
+    fn from(h: HeaderName) -> Self {
+        h.0
+    }
+}
+
+impl From<HeaderName> for Vec<u8> {
+    #[inline]
+    fn from(h: HeaderName) -> Self {
+        String::from(h.0).into()
+    }
+}
+
+macro_rules! partialeq_boilerplate {
+    ($T0:ty, $T1:ty) => {
+        // This macro is used for items with and without lifetimes.
+        #[allow(clippy::extra_unused_lifetimes)]
+        impl<'a> PartialEq<$T0> for $T1 {
+            fn eq(&self, other: &$T0) -> bool {
+                // The &* should invoke Deref::deref if it exists, no-op otherwise.
+                (&*self).eq_ignore_ascii_case(&*other)
+            }
+        }
+        #[allow(clippy::extra_unused_lifetimes)]
+        impl<'a> PartialEq<$T1> for $T0 {
+            fn eq(&self, other: &$T1) -> bool {
+                PartialEq::eq(other, self)
+            }
+        }
+    };
+}
+
+partialeq_boilerplate!(HeaderName, str);
+partialeq_boilerplate!(HeaderName, &'a str);
+partialeq_boilerplate!(HeaderName, String);
+partialeq_boilerplate!(HeaderName, &'a String);
+partialeq_boilerplate!(HeaderName, Cow<'a, str>);
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    #[test]
+    fn test_lut() {
+        let mut expect = [0u8; 256];
+        for b in b'0'..=b'9' {
+            expect[b as usize] = 1;
+        }
+        for b in b'a'..=b'z' {
+            expect[b as usize] = 1;
+        }
+        for b in b'A'..=b'Z' {
+            expect[b as usize] = 2;
+        }
+        for b in b"!#$%&'*+-.^_`|~" {
+            expect[*b as usize] = 1;
+        }
+        assert_eq!(&VALID_HEADER_LUT[..], &expect[..]);
+    }
+    #[test]
+    fn test_validate() {
+        assert!(validate_header("".into()).is_err());
+        assert!(validate_header(" foo ".into()).is_err());
+        assert!(validate_header("a=b".into()).is_err());
+        assert_eq!(
+            validate_header("content-type".into()),
+            Ok(HeaderName("content-type".into()))
+        );
+        assert_eq!(
+            validate_header("Content-Type".into()),
+            Ok(HeaderName("content-type".into()))
+        );
+    }
+}
diff --git a/third_party/rust/viaduct/src/lib.rs b/third_party/rust/viaduct/src/lib.rs
new file mode 100644
index 0000000000..d6739cd809
--- /dev/null
+++ b/third_party/rust/viaduct/src/lib.rs
@@ -0,0 +1,370 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#![allow(unknown_lints)]
+#![warn(rust_2018_idioms)]
+
+use url::Url;
+#[macro_use]
+mod headers;
+
+mod backend;
+pub mod error;
+pub mod settings;
+pub use error::*;
+
+pub use backend::{note_backend, set_backend, Backend};
+pub use headers::{consts as header_names, Header, HeaderName, Headers, InvalidHeaderName};
+pub use settings::GLOBAL_SETTINGS;
+
+#[allow(clippy::derive_partial_eq_without_eq)]
+pub(crate) mod msg_types {
+    include!("mozilla.appservices.httpconfig.protobuf.rs");
+}
+
+/// HTTP Methods.
+///
+/// The supported methods are the limited to what's supported by android-components.
+#[derive(Clone, Debug, Copy, PartialEq, PartialOrd, Eq, Ord, Hash)]
+#[repr(u8)]
+pub enum Method {
+    Get,
+    Head,
+    Post,
+    Put,
+    Delete,
+    Connect,
+    Options,
+    Trace,
+    Patch,
+}
+
+impl Method {
+    pub fn as_str(self) -> &'static str {
+        match self {
+            Method::Get => "GET",
+            Method::Head => "HEAD",
+            Method::Post => "POST",
+            Method::Put => "PUT",
+            Method::Delete => "DELETE",
+            Method::Connect => "CONNECT",
+            Method::Options => "OPTIONS",
+            Method::Trace => "TRACE",
+            Method::Patch => "PATCH",
+        }
+    }
+}
+
+impl std::fmt::Display for Method {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.write_str(self.as_str())
+    }
+}
+
+#[must_use = "`Request`'s \"builder\" functions take by move, not by `&mut self`"]
+#[derive(Clone, Debug)]
+pub struct Request {
+    pub method: Method,
+    pub url: Url,
+    pub headers: Headers,
+    pub body: Option<Vec<u8>>,
+}
+
+impl Request {
+    /// Construct a new request to the given `url` using the given `method`.
+    /// Note that the request is not made until `send()` is called.
+    pub fn new(method: Method, url: Url) -> Self {
+        Self {
+            method,
+            url,
+            headers: Headers::new(),
+            body: None,
+        }
+    }
+
+    pub fn send(self) -> Result<Response, Error> {
+        crate::backend::send(self)
+    }
+
+    /// Alias for `Request::new(Method::Get, url)`, for convenience.
+    pub fn get(url: Url) -> Self {
+        Self::new(Method::Get, url)
+    }
+
+    /// Alias for `Request::new(Method::Patch, url)`, for convenience.
+    pub fn patch(url: Url) -> Self {
+        Self::new(Method::Patch, url)
+    }
+
+    /// Alias for `Request::new(Method::Post, url)`, for convenience.
+    pub fn post(url: Url) -> Self {
+        Self::new(Method::Post, url)
+    }
+
+    /// Alias for `Request::new(Method::Put, url)`, for convenience.
+    pub fn put(url: Url) -> Self {
+        Self::new(Method::Put, url)
+    }
+
+    /// Alias for `Request::new(Method::Delete, url)`, for convenience.
+    pub fn delete(url: Url) -> Self {
+        Self::new(Method::Delete, url)
+    }
+
+    /// Append the provided query parameters to the URL
+    ///
+    /// ## Example
+    /// ```
+    /// # use viaduct::{Request, header_names};
+    /// # use url::Url;
+    /// let some_url = url::Url::parse("https://www.example.com/xyz").unwrap();
+    ///
+    /// let req = Request::post(some_url).query(&[("a", "1234"), ("b", "qwerty")]);
+    /// assert_eq!(req.url.as_str(), "https://www.example.com/xyz?a=1234&b=qwerty");
+    ///
+    /// // This appends to the query query instead of replacing `a`.
+    /// let req = req.query(&[("a", "5678")]);
+    /// assert_eq!(req.url.as_str(), "https://www.example.com/xyz?a=1234&b=qwerty&a=5678");
+    /// ```
+    pub fn query(mut self, pairs: &[(&str, &str)]) -> Self {
+        let mut append_to = self.url.query_pairs_mut();
+        for (k, v) in pairs {
+            append_to.append_pair(k, v);
+        }
+        drop(append_to);
+        self
+    }
+
+    /// Set the query string of the URL. Note that `req.set_query(None)` will
+    /// clear the query.
+    ///
+    /// See also `Request::query` which appends a slice of query pairs, which is
+    /// typically more ergonomic when usable.
+    ///
+    /// ## Example
+    /// ```
+    /// # use viaduct::{Request, header_names};
+    /// # use url::Url;
+    /// let some_url = url::Url::parse("https://www.example.com/xyz").unwrap();
+    ///
+    /// let req = Request::post(some_url).set_query("a=b&c=d");
+    /// assert_eq!(req.url.as_str(), "https://www.example.com/xyz?a=b&c=d");
+    ///
+    /// let req = req.set_query(None);
+    /// assert_eq!(req.url.as_str(), "https://www.example.com/xyz");
+    /// ```
+    pub fn set_query<'a, Q: Into<Option<&'a str>>>(mut self, query: Q) -> Self {
+        self.url.set_query(query.into());
+        self
+    }
+
+    /// Add all the provided headers to the list of headers to send with this
+    /// request.
+    pub fn headers<I>(mut self, to_add: I) -> Self
+    where
+        I: IntoIterator<Item = Header>,
+    {
+        self.headers.extend(to_add);
+        self
+    }
+
+    /// Add the provided header to the list of headers to send with this request.
+    ///
+    /// This returns `Err` if `val` contains characters that may not appear in
+    /// the body of a header.
+    ///
+    /// ## Example
+    /// ```
+    /// # use viaduct::{Request, header_names};
+    /// # use url::Url;
+    /// # fn main() -> Result<(), viaduct::Error> {
+    /// # let some_url = url::Url::parse("https://www.example.com").unwrap();
+    /// Request::post(some_url)
+    ///     .header(header_names::CONTENT_TYPE, "application/json")?
+    ///     .header("My-Header", "Some special value")?;
+    /// // ...
+    /// # Ok(())
+    /// # }
+    /// ```
+    pub fn header<Name, Val>(mut self, name: Name, val: Val) -> Result<Self, crate::Error>
+    where
+        Name: Into<HeaderName> + PartialEq<HeaderName>,
+        Val: Into<String> + AsRef<str>,
+    {
+        self.headers.insert(name, val)?;
+        Ok(self)
+    }
+
+    /// Set this request's body.
+    pub fn body(mut self, body: impl Into<Vec<u8>>) -> Self {
+        self.body = Some(body.into());
+        self
+    }
+
+    /// Set body to the result of serializing `val`, and, unless it has already
+    /// been set, set the Content-Type header to "application/json".
+    ///
+    /// Note: This panics if serde_json::to_vec fails. This can only happen
+    /// in a couple cases:
+    ///
+    /// 1. Trying to serialize a map with non-string keys.
+    /// 2. We wrote a custom serializer that fails.
+    ///
+    /// Neither of these are things we do. If they happen, it seems better for
+    /// this to fail hard with an easy to track down panic, than for e.g. `sync`
+    /// to fail with a JSON parse error (which we'd probably attribute to
+    /// corrupt data on the server, or something).
+    pub fn json<T: ?Sized + serde::Serialize>(mut self, val: &T) -> Self {
+        self.body =
+            Some(serde_json::to_vec(val).expect("Rust component bug: serde_json::to_vec failure"));
+        self.headers
+            .insert_if_missing(header_names::CONTENT_TYPE, "application/json")
+            .unwrap(); // We know this has to be valid.
+        self
+    }
+}
+
+/// A response from the server.
+#[derive(Clone, Debug)]
+pub struct Response {
+    /// The method used to request this response.
+    pub request_method: Method,
+    /// The URL of this response.
+    pub url: Url,
+    /// The HTTP Status code of this response.
+    pub status: u16,
+    /// The headers returned with this response.
+    pub headers: Headers,
+    /// The body of the response. Note that responses with binary bodies are
+    /// currently unsupported.
+    pub body: Vec<u8>,
+}
+
+impl Response {
+    /// Parse the body as JSON.
+    pub fn json<'a, T>(&'a self) -> Result<T, serde_json::Error>
+    where
+        T: serde::Deserialize<'a>,
+    {
+        serde_json::from_slice(&self.body)
+    }
+
+    /// Get the body as a string. Assumes UTF-8 encoding. Any non-utf8 bytes
+    /// are replaced with the replacement character.
+    pub fn text(&self) -> std::borrow::Cow<'_, str> {
+        String::from_utf8_lossy(&self.body)
+    }
+
+    /// Returns true if the status code is in the interval `[200, 300)`.
+    #[inline]
+    pub fn is_success(&self) -> bool {
+        status_codes::is_success_code(self.status)
+    }
+
+    /// Returns true if the status code is in the interval `[500, 600)`.
+    #[inline]
+    pub fn is_server_error(&self) -> bool {
+        status_codes::is_server_error_code(self.status)
+    }
+
+    /// Returns true if the status code is in the interval `[400, 500)`.
+    #[inline]
+    pub fn is_client_error(&self) -> bool {
+        status_codes::is_client_error_code(self.status)
+    }
+
+    /// Returns an [`UnexpectedStatus`] error if `self.is_success()` is false,
+    /// otherwise returns `Ok(self)`.
+    #[inline]
+    pub fn require_success(self) -> Result<Self, UnexpectedStatus> {
+        if self.is_success() {
+            Ok(self)
+        } else {
+            Err(UnexpectedStatus {
+                method: self.request_method,
+                // XXX We probably should try and sanitize this. Replace the user id
+                // if it's a sync token server URL, for example.
+                url: self.url,
+                status: self.status,
+            })
+        }
+    }
+}
+
+/// A module containing constants for all HTTP status codes.
+pub mod status_codes {
+
+    /// Is it a 2xx status?
+    #[inline]
+    pub fn is_success_code(c: u16) -> bool {
+        (200..300).contains(&c)
+    }
+
+    /// Is it a 4xx error?
+    #[inline]
+    pub fn is_client_error_code(c: u16) -> bool {
+        (400..500).contains(&c)
+    }
+
+    /// Is it a 5xx error?
+    #[inline]
+    pub fn is_server_error_code(c: u16) -> bool {
+        (500..600).contains(&c)
+    }
+
+    macro_rules! define_status_codes {
+        ($(($val:expr, $NAME:ident)),* $(,)?) => {
+            $(pub const $NAME: u16 = $val;)*
+        };
+    }
+    // From https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
+    define_status_codes![
+        (100, CONTINUE),
+        (101, SWITCHING_PROTOCOLS),
+        // 2xx
+        (200, OK),
+        (201, CREATED),
+        (202, ACCEPTED),
+        (203, NONAUTHORITATIVE_INFORMATION),
+        (204, NO_CONTENT),
+        (205, RESET_CONTENT),
+        (206, PARTIAL_CONTENT),
+        // 3xx
+        (300, MULTIPLE_CHOICES),
+        (301, MOVED_PERMANENTLY),
+        (302, FOUND),
+        (303, SEE_OTHER),
+        (304, NOT_MODIFIED),
+        (305, USE_PROXY),
+        // no 306
+        (307, TEMPORARY_REDIRECT),
+        // 4xx
+        (400, BAD_REQUEST),
+        (401, UNAUTHORIZED),
+        (402, PAYMENT_REQUIRED),
+        (403, FORBIDDEN),
+        (404, NOT_FOUND),
+        (405, METHOD_NOT_ALLOWED),
+        (406, NOT_ACCEPTABLE),
+        (407, PROXY_AUTHENTICATION_REQUIRED),
+        (408, REQUEST_TIMEOUT),
+        (409, CONFLICT),
+        (410, GONE),
+        (411, LENGTH_REQUIRED),
+        (412, PRECONDITION_FAILED),
+        (413, REQUEST_ENTITY_TOO_LARGE),
+        (414, REQUEST_URI_TOO_LONG),
+        (415, UNSUPPORTED_MEDIA_TYPE),
+        (416, REQUESTED_RANGE_NOT_SATISFIABLE),
+        (417, EXPECTATION_FAILED),
+        (429, TOO_MANY_REQUESTS),
+        // 5xx
+        (500, INTERNAL_SERVER_ERROR),
+        (501, NOT_IMPLEMENTED),
+        (502, BAD_GATEWAY),
+        (503, SERVICE_UNAVAILABLE),
+        (504, GATEWAY_TIMEOUT),
+        (505, HTTP_VERSION_NOT_SUPPORTED),
+    ];
+}
diff --git a/third_party/rust/viaduct/src/mozilla.appservices.httpconfig.protobuf.rs b/third_party/rust/viaduct/src/mozilla.appservices.httpconfig.protobuf.rs
new file mode 100644
index 0000000000..a74da5dedd
--- /dev/null
+++ b/third_party/rust/viaduct/src/mozilla.appservices.httpconfig.protobuf.rs
@@ -0,0 +1,49 @@
+#[derive(Clone, PartialEq, ::prost::Message)]
+pub struct Request {
+    #[prost(enumeration="request::Method", required, tag="1")]
+    pub method: i32,
+    #[prost(string, required, tag="2")]
+    pub url: ::prost::alloc::string::String,
+    #[prost(bytes="vec", optional, tag="3")]
+    pub body: ::core::option::Option<::prost::alloc::vec::Vec<u8>>,
+    #[prost(map="string, string", tag="4")]
+    pub headers: ::std::collections::HashMap<::prost::alloc::string::String, ::prost::alloc::string::String>,
+    #[prost(bool, required, tag="5")]
+    pub follow_redirects: bool,
+    #[prost(bool, required, tag="6")]
+    pub use_caches: bool,
+    #[prost(int32, required, tag="7")]
+    pub connect_timeout_secs: i32,
+    #[prost(int32, required, tag="8")]
+    pub read_timeout_secs: i32,
+}
+/// Nested message and enum types in `Request`.
+pub mod request {
+    #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)]
+    #[repr(i32)]
+    pub enum Method {
+        Get = 0,
+        Head = 1,
+        Post = 2,
+        Put = 3,
+        Delete = 4,
+        Connect = 5,
+        Options = 6,
+        Trace = 7,
+        Patch = 8,
+    }
+}
+#[derive(Clone, PartialEq, ::prost::Message)]
+pub struct Response {
+    /// If this is present, nothing else is.
+    #[prost(string, optional, tag="1")]
+    pub exception_message: ::core::option::Option<::prost::alloc::string::String>,
+    #[prost(string, optional, tag="2")]
+    pub url: ::core::option::Option<::prost::alloc::string::String>,
+    #[prost(int32, optional, tag="3")]
+    pub status: ::core::option::Option<i32>,
+    #[prost(bytes="vec", optional, tag="4")]
+    pub body: ::core::option::Option<::prost::alloc::vec::Vec<u8>>,
+    #[prost(map="string, string", tag="5")]
+    pub headers: ::std::collections::HashMap<::prost::alloc::string::String, ::prost::alloc::string::String>,
+}
diff --git a/third_party/rust/viaduct/src/settings.rs b/third_party/rust/viaduct/src/settings.rs
new file mode 100644
index 0000000000..6ed204b44e
--- /dev/null
+++ b/third_party/rust/viaduct/src/settings.rs
@@ -0,0 +1,46 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+use once_cell::sync::Lazy;
+use parking_lot::RwLock;
+use std::time::Duration;
+use url::Url;
+
+/// Note: reqwest allows these only to be specified per-Client. concept-fetch
+/// allows these to be specified on each call to fetch. I think it's worth
+/// keeping a single global reqwest::Client in the reqwest backend, to simplify
+/// the way we abstract away from these.
+///
+/// In the future, should we need it, we might be able to add a CustomClient type
+/// with custom settings. In the reqwest backend this would store a Client, and
+/// in the concept-fetch backend it would only store the settings, and populate
+/// things on the fly.
+#[derive(Debug)]
+#[non_exhaustive]
+pub struct Settings {
+    pub read_timeout: Option<Duration>,
+    pub connect_timeout: Option<Duration>,
+    pub follow_redirects: bool,
+    pub use_caches: bool,
+    // For testing purposes, we allow exactly one additional Url which is
+    // allowed to not be https.
+    pub addn_allowed_insecure_url: Option<Url>,
+}
+
+#[cfg(target_os = "ios")]
+const TIMEOUT_DURATION: Duration = Duration::from_secs(7);
+
+#[cfg(not(target_os = "ios"))]
+const TIMEOUT_DURATION: Duration = Duration::from_secs(10);
+
+// The singleton instance of our settings.
+pub static GLOBAL_SETTINGS: Lazy<RwLock<Settings>> = Lazy::new(|| {
+    RwLock::new(Settings {
+        read_timeout: Some(TIMEOUT_DURATION),
+        connect_timeout: Some(TIMEOUT_DURATION),
+        follow_redirects: true,
+        use_caches: false,
+        addn_allowed_insecure_url: None,
+    })
+});