nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity

Backed out changeset 8c0e44e4d9ae (bug 1868380) for causing py3 failures on test_yaml_indices.py. CLOSED TREE

Browse source
This commit is contained in:
Natalia Csoregi 2024-03-06 12:32:10 +02:00
parent 1b8e66e079
commit 01a75161fa
8 changed files with 12 additions and 266 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

153
dom/security/metrics.yaml
View file

@ -1,153 +0,0 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# Adding a new metric? We have docs for that!
# https://firefox-source-docs.mozilla.org/toolkit/components/glean/user/new_definitions_file.html
---
$schema: moz://mozilla.org/schemas/glean/metrics/2-0-0
$tags:
- 'Core :: DOM: Security'
httpsfirst:
upgraded:
type: counter
description: >
Counts how often a load is marked to be upgraded to HTTPS because of
HTTPS-First (`dom.security.https_first` enabled).
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10
data_sensitivity:
- technical
notification_emails:
- mjurgens@mozilla.com
- seceng-telemetry@mozilla.com
expires: never
upgraded_schemeless:
type: counter
description: >
Counts how often a load is marked to be upgraded to HTTPS because of
schemeless HTTPS-First (`dom.security.https_first` disabled, but load
marked as schemeless).
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10
data_sensitivity:
- technical
notification_emails:
- mjurgens@mozilla.com
- seceng-telemetry@mozilla.com
expires: never
downgraded:
type: counter
description: >
How many regular HTTPS-First (`dom.security.https_first` enabled)
upgrades get downgraded again.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10
data_sensitivity:
- technical
notification_emails:
- mjurgens@mozilla.com
- seceng-telemetry@mozilla.com
expires: never
downgraded_schemeless:
type: counter
description: >
How many schemeless HTTPS-First (`dom.security.https_first` disabled, but
load marked as schemeless) upgrades get downgraded again.
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10
data_sensitivity:
- technical
notification_emails:
- mjurgens@mozilla.com
- seceng-telemetry@mozilla.com
expires: never
downgraded_on_timer:
type: rate
description: >
How many HTTPS-First (`dom.security.https_first` enabled) upgrades get
downgraded again because the HTTP request fired after 3s received a answer
faster than the HTTPS request.
denominator_metric: httpsfirst.downgraded
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10
data_sensitivity:
- technical
notification_emails:
- mjurgens@mozilla.com
- seceng-telemetry@mozilla.com
expires: never
downgraded_on_timer_schemeless:
type: rate
description: >
How many of schemeless HTTPS-First (`dom.security.https_first` disabled,
but load marked as schemeless) upgrades get downgraded again because the
HTTP request fired after 3s received a answer faster than the HTTPS
request
denominator_metric: httpsfirst.downgraded_schemeless
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10
data_sensitivity:
- technical
notification_emails:
- mjurgens@mozilla.com
- seceng-telemetry@mozilla.com
expires: never
downgrade_time:
type: timing_distribution
description: >
If a HTTPS-First (`dom.security.https_first` enabled) upgrade isn't
successful, measures the timespan between the navigation start and the
downgrade. This is essentially the overhead caused by HTTPS-First if a
site does not support HTTPS.
time_unit: millisecond
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10
data_sensitivity:
- technical
notification_emails:
- mjurgens@mozilla.com
- seceng-telemetry@mozilla.com
expires: never
downgrade_time_schemeless:
type: timing_distribution
description: >
If a schemeless HTTPS-First (`dom.security.https_first` disabled, but
load marked as schemeless) upgrade isn't successful, measures the
timespan between the navigation start and the downgrade. This is
essentially the overhead caused by HTTPS-First if a site does not support
HTTPS.
time_unit: millisecond
bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380
data_reviews:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1868380#c10
data_sensitivity:
- technical
notification_emails:
- mjurgens@mozilla.com
- seceng-telemetry@mozilla.com
expires: never

57
dom/security/nsHTTPSOnlyUtils.cpp
View file

@ -6,8 +6,6 @@
#include "mozilla/Components.h"
#include "mozilla/ClearOnShutdown.h"
#include "mozilla/TimeStamp.h"
#include "mozilla/glean/GleanMetrics.h"
#include "mozilla/NullPrincipal.h"
#include "mozilla/StaticPrefs_dom.h"
#include "mozilla/net/DNS.h"
@ -440,7 +438,7 @@ bool nsHTTPSOnlyUtils::ShouldUpgradeHttpsFirstRequest(nsIURI* aURI,
// We can upgrade the request - let's log to the console and set the status
// so we know that we upgraded the request.
if (aLoadInfo->GetWasSchemelessInput() &&
!IsHttpsFirstModeEnabled(isPrivateWin)) {
mozilla::StaticPrefs::dom_security_https_first_schemeless()) {
nsAutoCString urlCString;
aURI->GetSpec(urlCString);
NS_ConvertUTF8toUTF16 urlString(urlCString);
@ -449,8 +447,6 @@ bool nsHTTPSOnlyUtils::ShouldUpgradeHttpsFirstRequest(nsIURI* aURI,
nsHTTPSOnlyUtils::LogLocalizedString("HTTPSFirstSchemeless", params,
nsIScriptError::warningFlag, aLoadInfo,
aURI, true);
mozilla::glean::httpsfirst::upgraded_schemeless.Add();
} else {
nsAutoCString scheme;
@ -465,12 +461,7 @@ bool nsHTTPSOnlyUtils::ShouldUpgradeHttpsFirstRequest(nsIURI* aURI,
isSpeculative ? "HTTPSOnlyUpgradeSpeculativeConnection"
: "HTTPSOnlyUpgradeRequest",
params, nsIScriptError::warningFlag, aLoadInfo, aURI, true);
if (!isSpeculative) {
mozilla::glean::httpsfirst::upgraded.Add();
}
}
// Set flag so we know that we upgraded the request
httpsOnlyStatus |= nsILoadInfo::HTTPS_ONLY_UPGRADED_HTTPS_FIRST;
aLoadInfo->SetHttpsOnlyStatus(httpsOnlyStatus);
@ -479,11 +470,9 @@ bool nsHTTPSOnlyUtils::ShouldUpgradeHttpsFirstRequest(nsIURI* aURI,
/* static */
already_AddRefed<nsIURI>
nsHTTPSOnlyUtils::PotentiallyDowngradeHttpsFirstRequest(
mozilla::net::DocumentLoadListener* aDocumentLoadListener,
nsresult aStatus) {
nsCOMPtr<nsIChannel> channel = aDocumentLoadListener->GetChannel();
nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
nsHTTPSOnlyUtils::PotentiallyDowngradeHttpsFirstRequest(nsIChannel* aChannel,
nsresult aStatus) {
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
uint32_t httpsOnlyStatus = loadInfo->GetHttpsOnlyStatus();
// Only downgrade if we this request was upgraded using HTTPS-First Mode
if (!(httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_UPGRADED_HTTPS_FIRST)) {
@ -499,7 +488,7 @@ nsHTTPSOnlyUtils::PotentiallyDowngradeHttpsFirstRequest(
// to check each NS_OK for those errors.
// Only downgrade an NS_OK status if it is an 4xx or 5xx error.
if (NS_SUCCEEDED(aStatus)) {
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(channel);
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
// If no httpChannel exists we have nothing to do here.
if (!httpChannel) {
return nullptr;
@ -543,7 +532,7 @@ nsHTTPSOnlyUtils::PotentiallyDowngradeHttpsFirstRequest(
}
nsCOMPtr<nsIURI> uri;
nsresult rv = channel->GetURI(getter_AddRefs(uri));
nsresult rv = aChannel->GetURI(getter_AddRefs(uri));
NS_ENSURE_SUCCESS(rv, nullptr);
nsAutoCString spec;
@ -595,27 +584,6 @@ nsHTTPSOnlyUtils::PotentiallyDowngradeHttpsFirstRequest(
nsIScriptError::warningFlag, loadInfo,
uri, true);
// Record telemety
nsDOMNavigationTiming* timing = aDocumentLoadListener->GetTiming();
mozilla::TimeDuration duration =
mozilla::TimeStamp::Now() - timing->GetNavigationStartTimeStamp();
bool isPrivateWin = loadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
if (loadInfo->GetWasSchemelessInput() &&
!IsHttpsFirstModeEnabled(isPrivateWin)) {
mozilla::glean::httpsfirst::downgraded_schemeless.Add();
if (timing) {
mozilla::glean::httpsfirst::downgrade_time_schemeless
.AccumulateRawDuration(duration);
}
} else {
mozilla::glean::httpsfirst::downgraded.Add();
if (timing) {
mozilla::glean::httpsfirst::downgrade_time.AccumulateRawDuration(
duration);
}
}
return newURI.forget();
}
@ -986,19 +954,6 @@ TestHTTPAnswerRunnable::OnStartRequest(nsIRequest* aRequest) {
nsresult httpsOnlyChannelStatus;
httpsOnlyChannel->GetStatus(&httpsOnlyChannelStatus);
if (httpsOnlyChannelStatus == NS_OK) {
bool isPrivateWin =
loadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
if (!nsHTTPSOnlyUtils::IsHttpsOnlyModeEnabled(isPrivateWin)) {
// Record HTTPS-First Telemetry
if (loadInfo->GetWasSchemelessInput() &&
!nsHTTPSOnlyUtils::IsHttpsFirstModeEnabled(isPrivateWin)) {
mozilla::glean::httpsfirst::downgraded_on_timer_schemeless
.AddToNumerator();
} else {
mozilla::glean::httpsfirst::downgraded_on_timer.AddToNumerator();
}
}
httpsOnlyChannel->Cancel(NS_ERROR_NET_TIMEOUT_EXTERNAL);
}
}

9
dom/security/nsHTTPSOnlyUtils.h
View file

@ -95,13 +95,12 @@ class nsHTTPSOnlyUtils {
/**
* Determines if the request was previously upgraded with HTTPS-First, creates
* a downgraded URI and logs to console.
* @param aStatus Status code
* @param aDocumentLoadListener Failed document load listener
* @return URI with http-scheme or nullptr
* @param aStatus Status code
* @param aChannel Failed channel
* @return URI with http-scheme or nullptr
*/
static already_AddRefed<nsIURI> PotentiallyDowngradeHttpsFirstRequest(
mozilla::net::DocumentLoadListener* aDocumentLoadListener,
nsresult aStatus);
nsIChannel* aChannel, nsresult aStatus);
/**
* Checks if the error code is on a block-list of codes that are probably

30
dom/security/test/https-first/browser_httpsfirst.js
View file

@ -42,19 +42,6 @@ add_task(async function () {
set: [["dom.security.https_first", true]],
});
is(
null,
Glean.httpsfirst.upgraded.testGetValue() ??
Glean.httpsfirst.upgradedSchemeless.testGetValue() ??
Glean.httpsfirst.downgraded.testGetValue() ??
Glean.httpsfirst.downgradedSchemeless.testGetValue() ??
Glean.httpsfirst.downgradedOnTimer.testGetValue() ??
Glean.httpsfirst.downgradedOnTimerSchemeless.testGetValue() ??
Glean.httpsfirst.downgradeTime.testGetValue() ??
Glean.httpsfirst.downgradeTimeSchemeless.testGetValue(),
"No telemetry should have been recorded yet"
);
await runPrefTest(
"http://example.com",
"Should upgrade upgradeable website",
@ -84,21 +71,4 @@ add_task(async function () {
"Should downgrade after timeout.",
"http://"
);
info("Checking expected telemetry");
is(Glean.httpsfirst.upgraded.testGetValue(), 5);
is(Glean.httpsfirst.upgradedSchemeless.testGetValue(), null);
is(Glean.httpsfirst.downgraded.testGetValue(), 3);
is(Glean.httpsfirst.downgradedSchemeless.testGetValue(), null);
is(Glean.httpsfirst.downgradedOnTimer.testGetValue().numerator, 1);
is(Glean.httpsfirst.downgradedOnTimerSchemeless.testGetValue(), null);
const downgradeSeconds =
Glean.httpsfirst.downgradeTime.testGetValue().sum / 1_000_000_000;
ok(
downgradeSeconds > 2 && downgradeSeconds < 30,
`Summed downgrade time should be above 2 and below 30 seconds (is ${downgradeSeconds.toFixed(
2
)}s)`
);
is(null, Glean.httpsfirst.downgradeTimeSchemeless.testGetValue());
});

23
dom/security/test/https-first/browser_schemeless.js
View file

@ -183,32 +183,9 @@ add_task(async function () {
"http"
);
is(
null,
Glean.httpsfirst.upgraded.testGetValue() ??
Glean.httpsfirst.upgradedSchemeless.testGetValue() ??
Glean.httpsfirst.downgraded.testGetValue() ??
Glean.httpsfirst.downgradedSchemeless.testGetValue() ??
Glean.httpsfirst.downgradedOnTimer.testGetValue() ??
Glean.httpsfirst.downgradedOnTimerSchemeless.testGetValue() ??
Glean.httpsfirst.downgradeTime.testGetValue() ??
Glean.httpsfirst.downgradeTimeSchemeless.testGetValue(),
"No telemetry should have been recorded yet"
);
await runTest(
"example.com",
"Should upgrade upgradeable website without explicit scheme",
"https"
);
info("Checking expected telemetry");
is(Glean.httpsfirst.upgraded.testGetValue(), null);
is(Glean.httpsfirst.upgradedSchemeless.testGetValue(), 5);
is(Glean.httpsfirst.downgraded.testGetValue(), null);
is(Glean.httpsfirst.downgradedSchemeless.testGetValue(), null);
is(Glean.httpsfirst.downgradedOnTimer.testGetValue(), null);
is(Glean.httpsfirst.downgradedOnTimerSchemeless.testGetValue(), null);
is(Glean.httpsfirst.downgradeTime.testGetValue(), null);
is(Glean.httpsfirst.downgradeTimeSchemeless.testGetValue(), null);
});

4
netwerk/ipc/DocumentLoadListener.cpp
View file

@ -2379,8 +2379,8 @@ bool DocumentLoadListener::MaybeHandleLoadErrorWithURIFixup(nsresult aStatus) {
// we can downgrade the scheme to HTTP again.
bool isHTTPSFirstFixup = false;
if (!newURI) {
newURI =
nsHTTPSOnlyUtils::PotentiallyDowngradeHttpsFirstRequest(this, aStatus);
newURI = nsHTTPSOnlyUtils::PotentiallyDowngradeHttpsFirstRequest(mChannel,
aStatus);
isHTTPSFirstFixup = true;
}

1
netwerk/ipc/DocumentLoadListener.h
View file

@ -300,7 +300,6 @@ class DocumentLoadListener : public nsIInterfaceRequestor,
uint32_t GetLoadType() const { return mLoadStateLoadType; }
bool IsDownload() const { return mIsDownload; }
bool IsLoadingJSURI() const { return mIsLoadingJSURI; }
nsDOMNavigationTiming* GetTiming() { return mTiming; }
mozilla::dom::LoadingSessionHistoryInfo* GetLoadingSessionHistoryInfo() {
return mLoadingSessionHistoryInfo.get();

1
toolkit/components/glean/metrics_index.py
View file

@ -20,7 +20,6 @@ gecko_metrics = [
"dom/base/use_counter_metrics.yaml",
"dom/media/metrics.yaml",
"dom/media/webrtc/metrics.yaml",
"dom/security/metrics.yaml",
"dom/metrics.yaml",
"dom/performance/metrics.yaml",
"gfx/metrics.yaml",