From 724b36b7051c0d9190cbd8854ba5919904967c11 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Tue, 21 May 2024 07:22:11 +0200
Subject: Merging upstream version 115.11.0esr.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 dom/security/nsHTTPSOnlyUtils.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'dom/security/nsHTTPSOnlyUtils.h')

diff --git a/dom/security/nsHTTPSOnlyUtils.h b/dom/security/nsHTTPSOnlyUtils.h
index 5cf94ae6a9..b25ef1fa96 100644
--- a/dom/security/nsHTTPSOnlyUtils.h
+++ b/dom/security/nsHTTPSOnlyUtils.h
@@ -163,6 +163,18 @@ class nsHTTPSOnlyUtils {
                                            nsIURI* aOtherURI,
                                            nsILoadInfo* aLoadInfo);
 
+  /**
+   * Determines which HTTPS-Only status flags should get propagated to
+   * sub-resources or sub-documents. As sub-resources and sub-documents are
+   * exempt when the top-level document is exempt, we need to copy the "exempt"
+   * flag. The HTTPS-First "upgraded" flag should not be copied to prevent a
+   * unwanted downgrade (Bug 1885949).
+   * @param aHttpsOnlyStatus The HTTPS-Only status of the top-level document.
+   * @return The HTTPS-Only status that the sub-resource/document should
+   * receive.
+   */
+  static uint32_t GetStatusForSubresourceLoad(uint32_t aHttpsOnlyStatus);
+
   /**
    * Checks a top-level load, if it is exempt by HTTPS-First/ Only
    * clear exemption flag.
-- 
cgit v1.2.3