Mercurial > mozreview > gecko / changeset / 98f6bd2a7550419c52b6f0282ffd68b4744adf86
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1323538 - use conservative TLS settings for XHR in chrome code f?ehsan draft
authorRobert Helmer <rhelmer@mozilla.com>
Tue, 20 Dec 2016 20:17:38 -0800
changeset 451902 98f6bd2a7550419c52b6f0282ffd68b4744adf86
parent 451656 7083c0d30e75fc102c715887af9faec933e936f8
child 540149 bd294421f6a4fdb3e737eb730f2d245e216c7ad0
push id39318
push userrhelmer@mozilla.com
push dateWed, 21 Dec 2016 04:21:06 +0000
bugs1323538
milestone53.0a1
Bug 1323538 - use conservative TLS settings for XHR in chrome code f?ehsan With the recent introduction of TLS 1.3, there's evidence of updates not working due to middleboxes that haven't caught up. Since there are many places in the tree that use XHR from chrome code for updates, using the "conservative" setting in TLS for chrome XHR seems appropriate. Note that content still gets bleeding-edge TLS changes, this is mostly a hedge against updates and other internal Firefox features being broken. MozReview-Commit-ID: Gy1MxhfsfdW
dom/xhr/XMLHttpRequestMainThread.cpp file | annotate | diff | comparison | revisions
dom/xhr/tests/mochitest.ini file | annotate | diff | comparison | revisions
dom/xhr/tests/test_xhr_conservative_tls.html file | annotate | diff | comparison | revisions 
--- a/dom/xhr/XMLHttpRequestMainThread.cpp
+++ b/dom/xhr/XMLHttpRequestMainThread.cpp
@@ -2531,16 +2531,24 @@ XMLHttpRequestMainThread::CreateChannel(
     rv = httpChannel->SetRequestMethod(mRequestMethod);
     NS_ENSURE_SUCCESS(rv, rv);
 
     // Set the initiator type
     nsCOMPtr<nsITimedChannel> timedChannel(do_QueryInterface(httpChannel));
     if (timedChannel) {
       timedChannel->SetInitiatorType(NS_LITERAL_STRING("xmlhttprequest"));
     }
+
+    // Disable cutting edge features in chrome requests, like TLS 1.3,
+    // where middleboxes might brick us.
+    // Allow these features in content requests.
+    nsCOMPtr<nsIHttpChannelInternal> httpInternal = do_QueryInterface(httpChannel);
+    if (httpInternal) {
+      httpInternal->SetBeConservative(nsContentUtils::IsSystemPrincipal(mPrincipal));
+    }
   }
 
   // Using the provided principal as the triggeringPrincipal is fine, since we
   // want to be able to access any of the origins that the principal has access
   // to during the security checks, but we don't want a document to inherit an
   // expanded principal, so in that case we need to select the principal in the
   // expanded principal's whitelist that can load our URL as principalToInherit.
   nsCOMPtr<nsIPrincipal> resultingDocumentPrincipal(mPrincipal);
--- a/dom/xhr/tests/mochitest.ini
+++ b/dom/xhr/tests/mochitest.ini
@@ -108,8 +108,9 @@ skip-if = (buildapp == 'b2g' && (toolkit
 [test_XHR_timeout.html]
 skip-if = buildapp == 'b2g' || (android_version == '18' && debug) # b2g(flaky on B2G, bug 960743) b2g-debug(flaky on B2G, bug 960743) b2g-desktop(flaky on B2G, bug 960743)
 support-files = test_XHR_timeout.js
 [test_xhr_withCredentials.html]
 [test_XHRDocURI.html]
 [test_XHRResponseURL.html]
 [test_XHRSendData.html]
 [test_sync_xhr_document_write_with_iframe.html]
+[test_xhr_conservative_tls.html]
new file mode 100644
--- /dev/null
+++ b/dom/xhr/tests/test_xhr_conservative_tls.html
@@ -0,0 +1,49 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<!DOCTYPE HTML>
+<html>
+<!--
+Tests that chrome XHR uses conservative TLS (Bug 1323538 )
+-->
+<head>
+  <title>Tests that chrome XHR uses conservative TLS (Bug 1323538 )</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SpawnTask.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1323538">chrome XHR uses conservative TLS (Bug 1323538)</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+
+</div>
+<pre id="test">
+<script class="testbody" type="text/javascript">
+"use strict";
+
+const NORMAL_URL = "http://example.com/tests/dom/xhr/tests/test_xhr_conservative_tls.html";
+
+add_task(function* test_xhr_content() {
+  let xhr = new XMLHttpRequest();
+  xhr.open("GET", NORMAL_URL, true);
+
+  let channel = SpecialPowers.wrap(xhr).channel.QueryInterface(SpecialPowers.Ci.nsIHttpChannelInternal);
+  ok("beConservative" in channel, "conservative TLS settings are set in internal channel");
+  ok(!channel.beConservative, "conservative TLS settings are not used from content");
+});
+
+add_task(function* test_xhr_chrome() {
+  let xhr = SpecialPowers.Cc["@mozilla.org/xmlextras/xmlhttprequest;1"].createInstance()
+  xhr.open("GET", NORMAL_URL, true);
+
+  let channel = xhr.channel.QueryInterface(SpecialPowers.Ci.nsIHttpChannelInternal);
+  ok("beConservative" in channel, "conservative TLS settings are set in internal channel");
+  ok(channel.beConservative, "conservative TLS settings are used from chrome");
+});
+
+</script>
+</pre>
+</body>
+</html>
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:59Z.