nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity

Bug 1899841 - Disallow HTTPS RR when network.dns.use_https_rr_as_altsvc is false, r=necko-reviewers,valentin

Browse source 
Differential Revision: https://phabricator.services.mozilla.com/D212238
This commit is contained in:
Kershaw Chang 2024-05-31 11:56:04 +00:00
parent f573121987
commit ca0dc1dd0e
5 changed files with 19 additions and 10 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

5
netwerk/protocol/http/nsHttpChannel.cpp
View file

@ -6605,7 +6605,8 @@ nsresult nsHttpChannel::BeginConnect() {
!(mLoadInfo->TriggeringPrincipal()->IsSystemPrincipal() &&
mLoadInfo->GetExternalContentPolicyType() !=
ExtContentPolicy::TYPE_DOCUMENT) &&
!mConnectionInfo->UsingConnect() && canUseHTTPSRRonNetwork(&trrEnabled);
!mConnectionInfo->UsingConnect() && canUseHTTPSRRonNetwork(&trrEnabled) &&
StaticPrefs::network_dns_use_https_rr_as_altsvc();
if (!httpsRRAllowed) {
DisallowHTTPSRR(mCaps);
} else if (trrEnabled) {
@ -6797,7 +6798,7 @@ nsresult nsHttpChannel::MaybeStartDNSPrefetch() {
mDNSBlockingThenable = mDNSBlockingPromise.Ensure(__func__);
}
if (gHttpHandler->UseHTTPSRRAsAltSvcEnabled() && !mHTTPSSVCRecord &&
if (StaticPrefs::network_dns_use_https_rr_as_altsvc() && !mHTTPSSVCRecord &&
!(mCaps & NS_HTTP_DISALLOW_HTTPS_RR) && canUseHTTPSRRonNetwork()) {
MOZ_ASSERT(!mHTTPSSVCRecord);

4
netwerk/protocol/http/nsHttpHandler.cpp
View file

@ -2803,10 +2803,6 @@ void nsHttpHandler::MaybeAddAltSvcForTesting(
}
}
bool nsHttpHandler::UseHTTPSRRAsAltSvcEnabled() const {
return StaticPrefs::network_dns_use_https_rr_as_altsvc();
}
bool nsHttpHandler::EchConfigEnabled(bool aIsHttp3) const {
if (mParentalControlEnabled) {
return false;

2
netwerk/protocol/http/nsHttpHandler.h
View file

@ -485,8 +485,6 @@ class nsHttpHandler final : public nsIHttpProtocolHandler,
nsIInterfaceRequestor* aCallbacks,
const OriginAttributes& aOriginAttributes);
bool UseHTTPSRRAsAltSvcEnabled() const;
bool EchConfigEnabled(bool aIsHttp3 = false) const;
// When EchConfig is enabled and all records with echConfig are failed, this
// functon indicate whether we can fallback to the origin server.

2
netwerk/protocol/http/nsHttpTransaction.cpp
View file

@ -369,7 +369,7 @@ nsresult nsHttpTransaction::Init(
}
bool forceUseHTTPSRR = StaticPrefs::network_dns_force_use_https_rr();
if ((gHttpHandler->UseHTTPSRRAsAltSvcEnabled() &&
if ((StaticPrefs::network_dns_use_https_rr_as_altsvc() &&
!(mCaps & NS_HTTP_DISALLOW_HTTPS_RR)) ||
forceUseHTTPSRR) {
nsCOMPtr<nsIEventTarget> target;

16
netwerk/test/unit/test_httpssvc_https_upgrade.js
View file

@ -20,10 +20,12 @@ const ReferrerInfo = Components.Constructor(
"init"
);
let h2Port;
add_setup(async function setup() {
trr_test_setup();
let h2Port = Services.env.get("MOZHTTP2_PORT");
h2Port = Services.env.get("MOZHTTP2_PORT");
Assert.notEqual(h2Port, null);
Assert.notEqual(h2Port, "");
@ -350,3 +352,15 @@ add_task(async function testHTTPSRRUpgradeWithOriginHeader() {
Assert.equal(req.getResponseHeader("x-connection-http2"), "yes");
Assert.equal(buf, originURL);
});
// See bug 1899841. Test the case when network.dns.use_https_rr_as_altsvc
// is disabled.
add_task(async function testPrefDisabled() {
Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", false);
let chan = makeChan(`https://test.httpssvc.com:${h2Port}/server-timing`);
let [req] = await channelOpenPromise(chan);
req.QueryInterface(Ci.nsIHttpChannel);
Assert.equal(req.getResponseHeader("x-connection-http2"), "yes");
});