Bug 1269531 - Adding pref for https-only geo reqs.
For now the pref has been defaulted to true (no change from current
behavior). It'll be flipped to false (disallow all non-secure geo
requests) as part of the patch for #1072859.
MozReview-Commit-ID: 4WPUsGAO7xF
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -743,16 +743,20 @@ pref("gecko.handlerService.schemes.ircs.
pref("gecko.handlerService.schemes.ircs.3.name", "chrome://browser-region/locale/region.properties");
pref("gecko.handlerService.schemes.ircs.3.uriTemplate", "chrome://browser-region/locale/region.properties");
// By default, we don't want protocol/content handlers to be registered from a different host, see bug 402287
pref("gecko.handlerService.allowRegisterFromDifferentHost", false);
pref("browser.geolocation.warning.infoURL", "https://www.mozilla.org/%LOCALE%/firefox/geolocation/");
+// We keep allowing non-HTTPS geo requests, for now.
+// TODO: default to false (or remove altogether) for #1072859.
+pref("browser.geolocation.allowinsecure", true);
+
pref("browser.EULA.version", 3);
pref("browser.rights.version", 3);
pref("browser.rights.3.shown", false);
#ifdef DEBUG
// Don't show the about:rights notification in debug builds.
pref("browser.rights.override", true);
#endif
--- a/dom/geolocation/nsGeolocation.cpp
+++ b/dom/geolocation/nsGeolocation.cpp
@@ -14,16 +14,17 @@
#include "nsGeolocation.h"
#include "nsGeoGridFuzzer.h"
#include "nsGeolocationSettings.h"
#include "nsDOMClassInfoID.h"
#include "nsComponentManagerUtils.h"
#include "nsServiceManagerUtils.h"
#include "nsContentUtils.h"
#include "nsContentPermissionHelper.h"
+#include "nsGlobalWindow.h"
#include "nsIDocument.h"
#include "nsIDOMEvent.h"
#include "nsIObserverService.h"
#include "nsPIDOMWindow.h"
#include "nsThreadUtils.h"
#include "mozilla/HalWakeLock.h"
#include "mozilla/Hal.h"
#include "mozilla/Services.h"
@@ -61,19 +62,22 @@ class nsIPrincipal;
#include "WindowsLocationProvider.h"
#include "mozilla/WindowsVersion.h"
#endif
// Some limit to the number of get or watch geolocation requests
// that a window can make.
#define MAX_GEO_REQUESTS_PER_WINDOW 1500
-// the geolocation enabled setting
+// The geolocation enabled setting.
#define GEO_SETTINGS_ENABLED "geolocation.enabled"
+// The geolocation setting to allow insecure requests.
+#define GEO_SETTINGS_ALLOWINSECURE "browser.geolocation.allowinsecure"
+
using mozilla::Unused; // <snicker>
using namespace mozilla;
using namespace mozilla::dom;
using namespace mozilla::hal;
class nsGeolocationRequest final
: public nsIContentPermissionRequest
, public nsIGeolocationUpdate
@@ -1256,16 +1260,24 @@ Geolocation::Init(nsPIDOMWindowInner* aC
{
// Remember the window
if (aContentDom) {
mOwner = do_GetWeakReference(aContentDom);
if (!mOwner) {
return NS_ERROR_FAILURE;
}
+ // TODO: Also remove all the *_SECURE_ORIGIN Telemetry probes before
+ // landing the patch for #1072859. Also default to false.
+ bool allowInsecureReq = Preferences::GetBool(GEO_SETTINGS_ALLOWINSECURE, true);
+ if (!allowInsecureReq &&
+ !nsGlobalWindow::Cast(aContentDom)->IsSecureContext()) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+
// Grab the principal of the document
nsCOMPtr<nsIDocument> doc = aContentDom->GetDoc();
if (!doc) {
return NS_ERROR_FAILURE;
}
mPrincipal = doc->NodePrincipal();