From b30beb577199ac5d8558b1504bb4f18838041a6d Mon Sep 17 00:00:00 2001 From: Fedor Date: Thu, 1 Aug 2019 03:18:30 +0300 Subject: [PATCH] Add preference to allow the loading of FTP subresources. --- dom/security/nsContentSecurityManager.cpp | 3 +++ modules/libpref/init/all.js | 3 +++ netwerk/base/nsIOService.cpp | 9 +++++++++ netwerk/base/nsIOService.h | 4 ++++ 4 files changed, 19 insertions(+) diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp index f2cbc8fcf..12c55e8f6 100644 --- a/dom/security/nsContentSecurityManager.cpp +++ b/dom/security/nsContentSecurityManager.cpp @@ -98,6 +98,9 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel) // We dissallow using FTP resources as a subresource everywhere. // The only valid way to use FTP resources is loading it as // a top level document. + if (!mozilla::net::nsIOService::BlockFTPSubresources()) { + return NS_OK; + } nsCOMPtr loadInfo = aChannel->GetLoadInfo(); if (!loadInfo) { diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index ae730e41c..95ed55aea 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -5435,6 +5435,9 @@ pref("layout.css.servo.enabled", true); // URL-Bar will not be blocked when flipping this pref. pref("security.data_uri.block_toplevel_data_uri_navigations", true); +// If true, all FTP subresource loads will be blocked. +pref("security.block_ftp_subresources", true); + // Disable Storage api in release builds. #ifdef NIGHTLY_BUILD pref("dom.storageManager.enabled", true); diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp index c1fc2aa48..aee4dd439 100644 --- a/netwerk/base/nsIOService.cpp +++ b/netwerk/base/nsIOService.cpp @@ -164,6 +164,7 @@ uint32_t nsIOService::gDefaultSegmentSize = 4096; uint32_t nsIOService::gDefaultSegmentCount = 24; bool nsIOService::sBlockToplevelDataUriNavigations = false; +bool nsIOService::sBlockFTPSubresources = false; //////////////////////////////////////////////////////////////////////////////// @@ -238,6 +239,8 @@ nsIOService::Init() Preferences::AddBoolVarCache(&sBlockToplevelDataUriNavigations, "security.data_uri.block_toplevel_data_uri_navigations", false); + Preferences::AddBoolVarCache(&sBlockFTPSubresources, + "security.block_ftp_subresources", true); Preferences::AddBoolVarCache(&mOfflineMirrorsConnectivity, OFFLINE_MIRRORS_CONNECTIVITY, true); gIOService = this; @@ -1767,5 +1770,11 @@ nsIOService::BlockToplevelDataUriNavigations() return sBlockToplevelDataUriNavigations; } +/*static*/ bool +nsIOService::BlockFTPSubresources() +{ + return sBlockFTPSubresources; +} + } // namespace net } // namespace mozilla diff --git a/netwerk/base/nsIOService.h b/netwerk/base/nsIOService.h index 29204f6ea..2fe2d2aa3 100644 --- a/netwerk/base/nsIOService.h +++ b/netwerk/base/nsIOService.h @@ -93,6 +93,8 @@ public: static bool BlockToplevelDataUriNavigations(); + static bool BlockFTPSubresources(); + private: // These shouldn't be called directly: // - construct using GetInstance @@ -168,6 +170,8 @@ private: static bool sBlockToplevelDataUriNavigations; + static bool sBlockFTPSubresources; + // Time a network tearing down started. mozilla::Atomic mNetTearingDownStarted; public: