Bug 1899841 - Disallow HTTPS RR when network.dns.use_https_rr_as_altsvc is false, r=necko-reviewers,valentin

Differential Revision: https://phabricator.services.mozilla.com/D212238
2024-05-31 11:56:04 +00:00 · 2024-05-31 11:56:04 +00:00 · ca0dc1dd0e
commit ca0dc1dd0e
parent f573121987
5 changed files with 19 additions and 10 deletions
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@ -6605,7 +6605,8 @@ nsresult nsHttpChannel::BeginConnect() {
      !(mLoadInfo->TriggeringPrincipal()->IsSystemPrincipal() &&
        mLoadInfo->GetExternalContentPolicyType() !=
            ExtContentPolicy::TYPE_DOCUMENT) &&
-      !mConnectionInfo->UsingConnect() && canUseHTTPSRRonNetwork(&trrEnabled);
+      !mConnectionInfo->UsingConnect() && canUseHTTPSRRonNetwork(&trrEnabled) &&
+      StaticPrefs::network_dns_use_https_rr_as_altsvc();
  if (!httpsRRAllowed) {
    DisallowHTTPSRR(mCaps);
  } else if (trrEnabled) {
@ -6797,7 +6798,7 @@ nsresult nsHttpChannel::MaybeStartDNSPrefetch() {
      mDNSBlockingThenable = mDNSBlockingPromise.Ensure(__func__);
    }

-    if (gHttpHandler->UseHTTPSRRAsAltSvcEnabled() && !mHTTPSSVCRecord &&
+    if (StaticPrefs::network_dns_use_https_rr_as_altsvc() && !mHTTPSSVCRecord &&
        !(mCaps & NS_HTTP_DISALLOW_HTTPS_RR) && canUseHTTPSRRonNetwork()) {
      MOZ_ASSERT(!mHTTPSSVCRecord);

--- a/netwerk/protocol/http/nsHttpHandler.cpp
+++ b/netwerk/protocol/http/nsHttpHandler.cpp
@ -2803,10 +2803,6 @@ void nsHttpHandler::MaybeAddAltSvcForTesting(
  }
 }

-bool nsHttpHandler::UseHTTPSRRAsAltSvcEnabled() const {
-  return StaticPrefs::network_dns_use_https_rr_as_altsvc();
-}
-
 bool nsHttpHandler::EchConfigEnabled(bool aIsHttp3) const {
  if (mParentalControlEnabled) {
    return false;
--- a/netwerk/protocol/http/nsHttpHandler.h
+++ b/netwerk/protocol/http/nsHttpHandler.h
@ -485,8 +485,6 @@ class nsHttpHandler final : public nsIHttpProtocolHandler,
                                nsIInterfaceRequestor* aCallbacks,
                                const OriginAttributes& aOriginAttributes);

-  bool UseHTTPSRRAsAltSvcEnabled() const;
-
  bool EchConfigEnabled(bool aIsHttp3 = false) const;
  // When EchConfig is enabled and all records with echConfig are failed, this
  // functon indicate whether we can fallback to the origin server.
--- a/netwerk/protocol/http/nsHttpTransaction.cpp
+++ b/netwerk/protocol/http/nsHttpTransaction.cpp
@ -369,7 +369,7 @@ nsresult nsHttpTransaction::Init(
  }

  bool forceUseHTTPSRR = StaticPrefs::network_dns_force_use_https_rr();
-  if ((gHttpHandler->UseHTTPSRRAsAltSvcEnabled() &&
+  if ((StaticPrefs::network_dns_use_https_rr_as_altsvc() &&
       !(mCaps & NS_HTTP_DISALLOW_HTTPS_RR)) ||
      forceUseHTTPSRR) {
    nsCOMPtr<nsIEventTarget> target;
--- a/netwerk/test/unit/test_httpssvc_https_upgrade.js
+++ b/netwerk/test/unit/test_httpssvc_https_upgrade.js
@ -20,10 +20,12 @@ const ReferrerInfo = Components.Constructor(
  "init"
 );

+let h2Port;
+
 add_setup(async function setup() {
  trr_test_setup();

-  let h2Port = Services.env.get("MOZHTTP2_PORT");
+  h2Port = Services.env.get("MOZHTTP2_PORT");
  Assert.notEqual(h2Port, null);
  Assert.notEqual(h2Port, "");

@ -350,3 +352,15 @@ add_task(async function testHTTPSRRUpgradeWithOriginHeader() {
  Assert.equal(req.getResponseHeader("x-connection-http2"), "yes");
  Assert.equal(buf, originURL);
 });
+
+// See bug 1899841. Test the case when network.dns.use_https_rr_as_altsvc
+// is disabled.
+add_task(async function testPrefDisabled() {
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", false);
+
+  let chan = makeChan(`https://test.httpssvc.com:${h2Port}/server-timing`);
+  let [req] = await channelOpenPromise(chan);
+
+  req.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(req.getResponseHeader("x-connection-http2"), "yes");
+});