wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Back out 9 changesets (bug 1214305) for e10s devtools browser_bug1045902_console_csp_ignore_reflected_xss_message.js failures

Browse Source 
Backed out changeset 82929be36e95 (bug 1214305)
Backed out changeset e926606aefbf (bug 1214305)
Backed out changeset 226c83ca9a2a (bug 1214305)
Backed out changeset 88ab26108f2d (bug 1214305)
Backed out changeset 2e3e4f256d46 (bug 1214305)
Backed out changeset 347cd0f8f1e3 (bug 1214305)
Backed out changeset be072bba15fc (bug 1214305)
Backed out changeset 3b85acbe7be7 (bug 1214305)
Backed out changeset 49b930683c02 (bug 1214305)
This commit is contained in:
Phil Ringnalda 2015-11-14 10:09:58 -08:00
parent fc2b44da36
commit 2cc51029ed
14 changed files with 107 additions and 257 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
dom/ipc/ContentParent.cpp
View File

@ -2677,9 +2677,6 @@ bool
ContentParent::RecvReadDataStorageArray(const nsString& aFilename,
InfallibleTArray<DataStorageItem>* aValues)
{
// Ensure the SSS is initialized before we try to use its storage.
nsCOMPtr<nsISiteSecurityService> sss = do_GetService("@mozilla.org/ssservice;1");
RefPtr<DataStorage> storage = DataStorage::Get(aFilename);
storage->GetAll(aValues);
return true;

2
dom/workers/ServiceWorkerManager.cpp
View File

@ -3165,7 +3165,7 @@ ServiceWorkerManager::PrepareFetchEvent(const OriginAttributes& aOriginAttribute
internalChannel->GetLoadGroup(getter_AddRefs(loadGroup));
nsCOMPtr<nsIURI> uri;
aRv = aChannel->GetSecureUpgradedChannelURI(getter_AddRefs(uri));
aRv = internalChannel->GetURI(getter_AddRefs(uri));
if (NS_WARN_IF(aRv.Failed())) {
return nullptr;
}

2
dom/workers/ServiceWorkerPrivate.cpp
View File

@ -974,7 +974,7 @@ public:
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIURI> uri;
rv = mInterceptedChannel->GetSecureUpgradedChannelURI(getter_AddRefs(uri));
rv = channel->GetURI(getter_AddRefs(uri));
NS_ENSURE_SUCCESS(rv, rv);
rv = uri->GetSpec(mSpec);

2
dom/workers/test/serviceworkers/mochitest.ini
View File

@ -283,7 +283,9 @@ skip-if = toolkit == "android" || toolkit == "gonk"
[test_file_blob_upload.html]
[test_unresolved_fetch_interception.html]
[test_hsts_upgrade_intercept.html]
skip-if = e10s # Bug 1214305
[test_csp_upgrade-insecure_intercept.html]
skip-if = e10s # Bug 1214305
[test_serviceworker_header.html]
[test_openWindow.html]
skip-if = toolkit == "android" || toolkit == "gonk"

6
modules/libjar/InterceptedJARChannel.cpp
View File

@ -45,12 +45,6 @@ InterceptedJARChannel::GetChannel(nsIChannel** aChannel)
return NS_OK;
}
NS_IMETHODIMP
InterceptedJARChannel::GetSecureUpgradedChannelURI(nsIURI** aURI)
{
return mChannel->GetURI(aURI);
}
NS_IMETHODIMP
InterceptedJARChannel::ResetInterception()
{

8
netwerk/base/nsINetworkInterceptController.idl
View File

@ -29,7 +29,7 @@ class ChannelInfo;
* which do not implement nsIChannel.
*/
[scriptable, uuid(f4b82975-6a86-4cc4-87fe-9a1fd430c86d)]
[scriptable, uuid(231bb567-90e1-4973-9728-7dab93ab29a8)]
interface nsIInterceptedChannel : nsISupports
{
/**
@ -76,12 +76,6 @@ interface nsIInterceptedChannel : nsISupports
*/
readonly attribute nsIChannel channel;
/**
* The URL of the underlying channel object, corrected for a potential
* secure upgrade.
*/
readonly attribute nsIURI secureUpgradedChannelURI;
/**
* This method allows to override the channel info for the channel.
*/

96
netwerk/base/nsNetUtil.cpp
View File

@ -4,9 +4,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
// HttpLog.h should generally be included first
#include "HttpLog.h"
#include "mozilla/LoadContext.h"
#include "mozilla/LoadInfo.h"
#include "mozilla/BasePrincipal.h"
@ -60,10 +57,6 @@
#include "nsInterfaceRequestorAgg.h"
#include "plstr.h"
#include "nsINestedURI.h"
#include "mozilla/dom/nsCSPUtils.h"
#include "nsIScriptError.h"
#include "nsISiteSecurityService.h"
#include "nsHttpHandler.h"
#ifdef MOZ_WIDGET_GONK
#include "nsINetworkManager.h"
@ -2148,95 +2141,6 @@ NS_IsSrcdocChannel(nsIChannel *aChannel)
return false;
}
nsresult
NS_ShouldSecureUpgrade(nsIURI* aURI,
nsILoadInfo* aLoadInfo,
nsIPrincipal* aChannelResultPrincipal,
bool aPrivateBrowsing,
bool aAllowSTS,
bool& aShouldUpgrade)
{
// Even if we're in private browsing mode, we still enforce existing STS
// data (it is read-only).
// if the connection is not using SSL and either the exact host matches or
// a superdomain wants to force HTTPS, do it.
bool isHttps = false;
nsresult rv = aURI->SchemeIs("https", &isHttps);
NS_ENSURE_SUCCESS(rv, rv);
if (!isHttps) {
// If any of the documents up the chain to the root doucment makes use of
// the CSP directive 'upgrade-insecure-requests', then it's time to fulfill
// the promise to CSP and mixed content blocking to upgrade the channel
// from http to https.
if (aLoadInfo && aLoadInfo->GetUpgradeInsecureRequests()) {
// Please note that cross origin top level navigations are not subject
// to upgrade-insecure-requests, see:
// http://www.w3.org/TR/upgrade-insecure-requests/#examples
bool crossOriginNavigation =
(aLoadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_DOCUMENT) &&
(!aChannelResultPrincipal->Equals(aLoadInfo->LoadingPrincipal()));
if (!crossOriginNavigation) {
// let's log a message to the console that we are upgrading a request
nsAutoCString spec, scheme;
aURI->GetSpec(spec);
aURI->GetScheme(scheme);
// append the additional 's' for security to the scheme :-)
scheme.AppendASCII("s");
NS_ConvertUTF8toUTF16 reportSpec(spec);
NS_ConvertUTF8toUTF16 reportScheme(scheme);
const char16_t* params[] = { reportSpec.get(), reportScheme.get() };
uint32_t innerWindowId = aLoadInfo->GetInnerWindowID();
CSP_LogLocalizedStr(MOZ_UTF16("upgradeInsecureRequest"),
params, ArrayLength(params),
EmptyString(), // aSourceFile
EmptyString(), // aScriptSample
0, // aLineNumber
0, // aColumnNumber
nsIScriptError::warningFlag, "CSP",
innerWindowId);
Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 4);
aShouldUpgrade = true;
return NS_OK;
}
}
// enforce Strict-Transport-Security
nsISiteSecurityService* sss = gHttpHandler->GetSSService();
NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
bool isStsHost = false;
uint32_t flags = aPrivateBrowsing ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI, flags,
&isStsHost);
// if the SSS check fails, it's likely because this load is on a
// malformed URI or something else in the setup is wrong, so any error
// should be reported.
NS_ENSURE_SUCCESS(rv, rv);
if (isStsHost) {
LOG(("nsHttpChannel::Connect() STS permissions found\n"));
if (aAllowSTS) {
Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 3);
aShouldUpgrade = true;
return NS_OK;
} else {
Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 2);
}
} else {
Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 1);
}
} else {
Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 0);
}
aShouldUpgrade = false;
return NS_OK;
}
namespace mozilla {
namespace net {

10
netwerk/base/nsNetUtil.h
View File

@ -965,16 +965,6 @@ bool NS_IsReasonableHTTPHeaderValue(const nsACString &aValue);
*/
bool NS_IsValidHTTPToken(const nsACString &aToken);
/**
* Return true if the given request must be upgraded to HTTPS.
*/
nsresult NS_ShouldSecureUpgrade(nsIURI* aURI,
nsILoadInfo* aLoadInfo,
nsIPrincipal* aChannelResultPrincipal,
bool aPrivateBrowsing,
bool aAllowSTS,
bool& aShouldUpgrade);
namespace mozilla {
namespace net {

33
netwerk/protocol/http/HttpBaseChannel.cpp
View File

@ -2402,13 +2402,13 @@ HttpBaseChannel::BypassServiceWorker() const
}
bool
HttpBaseChannel::ShouldIntercept(nsIURI* aURI)
HttpBaseChannel::ShouldIntercept()
{
nsCOMPtr<nsINetworkInterceptController> controller;
GetCallback(controller);
bool shouldIntercept = false;
if (controller && !BypassServiceWorker() && mLoadInfo) {
nsresult rv = controller->ShouldPrepareForIntercept(aURI ? aURI : mURI.get(),
nsresult rv = controller->ShouldPrepareForIntercept(mURI,
nsContentUtils::IsNonSubresourceRequest(this),
&shouldIntercept);
if (NS_FAILED(rv)) {
@ -3125,35 +3125,6 @@ HttpBaseChannel::SetCorsPreflightParameters(const nsTArray<nsCString>& aUnsafeHe
return NS_OK;
}
// static
nsresult
HttpBaseChannel::GetSecureUpgradedURI(nsIURI* aURI, nsIURI** aUpgradedURI)
{
nsCOMPtr<nsIURI> upgradedURI;
nsresult rv = aURI->Clone(getter_AddRefs(upgradedURI));
NS_ENSURE_SUCCESS(rv,rv);
upgradedURI->SetScheme(NS_LITERAL_CSTRING("https"));
int32_t oldPort = -1;
rv = aURI->GetPort(&oldPort);
if (NS_FAILED(rv)) return rv;
// Keep any nonstandard ports so only the scheme is changed.
// For example:
// http://foo.com:80 -> https://foo.com:443
// http://foo.com:81 -> https://foo.com:81
if (oldPort == 80 || oldPort == -1)
upgradedURI->SetPort(-1);
else
upgradedURI->SetPort(oldPort);
upgradedURI.forget(aUpgradedURI);
return NS_OK;
}
} // namespace net
} // namespace mozilla

6
netwerk/protocol/http/HttpBaseChannel.h
View File

@ -300,10 +300,6 @@ public: /* Necko internal use only... */
// the new mUploadStream.
void EnsureUploadStreamIsCloneableComplete(nsresult aStatus);
// Returns an https URI for channels that need to go through secure
// upgrades.
static nsresult GetSecureUpgradedURI(nsIURI* aURI, nsIURI** aUpgradedURI);
protected:
nsCOMArray<nsISecurityConsoleMessage> mSecurityConsoleMessages;
@ -348,7 +344,7 @@ protected:
// Returns true if this channel should intercept the network request and prepare
// for a possible synthesized response instead.
bool ShouldIntercept(nsIURI* aURI = nullptr);
bool ShouldIntercept();
friend class PrivateBrowsingChannel<HttpBaseChannel>;
friend class InterceptFailedOnStop;

28
netwerk/protocol/http/HttpChannelChild.cpp
View File

@ -1736,30 +1736,7 @@ HttpChannelChild::AsyncOpen(nsIStreamListener *listener, nsISupports *aContext)
return NS_OK;
}
bool isHttps = false;
rv = mURI->SchemeIs("https", &isHttps);
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIPrincipal> resultPrincipal;
if (!isHttps && mLoadInfo && mLoadInfo->GetUpgradeInsecureRequests()) {
nsContentUtils::GetSecurityManager()->
GetChannelResultPrincipal(this, getter_AddRefs(resultPrincipal));
}
bool shouldUpgrade = false;
rv = NS_ShouldSecureUpgrade(mURI,
mLoadInfo,
resultPrincipal,
mPrivateBrowsing,
mAllowSTS,
shouldUpgrade);
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIURI> upgradedURI;
if (shouldUpgrade) {
rv = GetSecureUpgradedURI(mURI, getter_AddRefs(upgradedURI));
NS_ENSURE_SUCCESS(rv, rv);
}
if (ShouldIntercept(upgradedURI)) {
if (ShouldIntercept()) {
mResponseCouldBeSynthesized = true;
nsCOMPtr<nsINetworkInterceptController> controller;
@ -1768,8 +1745,7 @@ HttpChannelChild::AsyncOpen(nsIStreamListener *listener, nsISupports *aContext)
mInterceptListener = new InterceptStreamListener(this, mListenerContext);
RefPtr<InterceptedChannelContent> intercepted =
new InterceptedChannelContent(this, controller,
mInterceptListener, shouldUpgrade);
new InterceptedChannelContent(this, controller, mInterceptListener);
intercepted->NotifyController();
return NS_OK;
}

46
netwerk/protocol/http/InterceptedChannel.cpp
View File

@ -118,21 +118,6 @@ InterceptedChannelBase::GetConsoleReportCollector(nsIConsoleReportCollector** aC
return NS_OK;
}
/* static */
already_AddRefed<nsIURI>
InterceptedChannelBase::SecureUpgradeChannelURI(nsIChannel* aChannel)
{
nsCOMPtr<nsIURI> uri;
nsresult rv = aChannel->GetURI(getter_AddRefs(uri));
NS_ENSURE_SUCCESS(rv, nullptr);
nsCOMPtr<nsIURI> upgradedURI;
rv = HttpBaseChannel::GetSecureUpgradedURI(uri, getter_AddRefs(upgradedURI));
NS_ENSURE_SUCCESS(rv, nullptr);
return upgradedURI.forget();
}
InterceptedChannelChrome::InterceptedChannelChrome(nsHttpChannel* aChannel,
nsINetworkInterceptController* aController,
nsICacheEntry* aEntry)
@ -324,20 +309,12 @@ InterceptedChannelChrome::GetInternalContentPolicyType(nsContentPolicyType* aPol
return NS_OK;
}
NS_IMETHODIMP
InterceptedChannelChrome::GetSecureUpgradedChannelURI(nsIURI** aURI)
{
return mChannel->GetURI(aURI);
}
InterceptedChannelContent::InterceptedChannelContent(HttpChannelChild* aChannel,
nsINetworkInterceptController* aController,
InterceptStreamListener* aListener,
bool aSecureUpgrade)
InterceptStreamListener* aListener)
: InterceptedChannelBase(aController)
, mChannel(aChannel)
, mStreamListener(aListener)
, mSecureUpgrade(aSecureUpgrade)
{
}
@ -414,10 +391,6 @@ InterceptedChannelContent::FinishSynthesizedResponse(const nsACString& aFinalURL
if (!aFinalURLSpec.IsEmpty()) {
nsresult rv = NS_NewURI(getter_AddRefs(responseURI), aFinalURLSpec);
NS_ENSURE_SUCCESS(rv, rv);
} else if (mSecureUpgrade) {
nsresult rv = HttpBaseChannel::GetSecureUpgradedURI(originalURI,
getter_AddRefs(responseURI));
NS_ENSURE_SUCCESS(rv, rv);
} else {
responseURI = originalURI;
}
@ -482,22 +455,5 @@ InterceptedChannelContent::GetInternalContentPolicyType(nsContentPolicyType* aPo
return NS_OK;
}
NS_IMETHODIMP
InterceptedChannelContent::GetSecureUpgradedChannelURI(nsIURI** aURI)
{
nsCOMPtr<nsIURI> uri;
if (mSecureUpgrade) {
uri = SecureUpgradeChannelURI(mChannel);
} else {
nsresult rv = mChannel->GetURI(getter_AddRefs(uri));
NS_ENSURE_SUCCESS(rv, rv);
}
if (uri) {
uri.forget(aURI);
return NS_OK;
}
return NS_ERROR_FAILURE;
}
} // namespace net
} // namespace mozilla

11
netwerk/protocol/http/InterceptedChannel.h
View File

@ -55,9 +55,6 @@ public:
NS_IMETHOD GetResponseBody(nsIOutputStream** aOutput) override;
NS_IMETHOD GetConsoleReportCollector(nsIConsoleReportCollector** aCollectorOut) override;
static already_AddRefed<nsIURI>
SecureUpgradeChannelURI(nsIChannel* aChannel);
};
class InterceptedChannelChrome : public InterceptedChannelBase
@ -81,7 +78,6 @@ public:
NS_IMETHOD ResetInterception() override;
NS_IMETHOD FinishSynthesizedResponse(const nsACString& aFinalURLSpec) override;
NS_IMETHOD GetChannel(nsIChannel** aChannel) override;
NS_IMETHOD GetSecureUpgradedChannelURI(nsIURI** aURI) override;
NS_IMETHOD SynthesizeStatus(uint16_t aStatus, const nsACString& aReason) override;
NS_IMETHOD SynthesizeHeader(const nsACString& aName, const nsACString& aValue) override;
NS_IMETHOD Cancel(nsresult aStatus) override;
@ -102,19 +98,14 @@ class InterceptedChannelContent : public InterceptedChannelBase
// Listener for the synthesized response to fix up the notifications before they reach
// the actual channel.
RefPtr<InterceptStreamListener> mStreamListener;
// Set for intercepted channels that have gone through a secure upgrade.
bool mSecureUpgrade;
public:
InterceptedChannelContent(HttpChannelChild* aChannel,
nsINetworkInterceptController* aController,
InterceptStreamListener* aListener,
bool aSecureUpgrade);
InterceptStreamListener* aListener);
NS_IMETHOD ResetInterception() override;
NS_IMETHOD FinishSynthesizedResponse(const nsACString& aFinalURLSpec) override;
NS_IMETHOD GetChannel(nsIChannel** aChannel) override;
NS_IMETHOD GetSecureUpgradedChannelURI(nsIURI** aURI) override;
NS_IMETHOD SynthesizeStatus(uint16_t aStatus, const nsACString& aReason) override;
NS_IMETHOD SynthesizeHeader(const nsACString& aName, const nsACString& aValue) override;
NS_IMETHOD Cancel(nsresult aStatus) override;

111
netwerk/protocol/http/nsHttpChannel.cpp
View File

@ -7,6 +7,7 @@
// HttpLog.h should generally be included first
#include "HttpLog.h"
#include "mozilla/dom/nsCSPUtils.h"
#include "mozilla/dom/nsCSPContext.h"
#include "nsHttp.h"
#include "nsHttpChannel.h"
@ -55,6 +56,7 @@
#include "nsIClassOfService.h"
#include "nsIPermissionManager.h"
#include "nsIPrincipal.h"
#include "nsIScriptError.h"
#include "nsIScriptSecurityManager.h"
#include "nsISSLStatus.h"
#include "nsISSLStatusProvider.h"
@ -317,24 +319,83 @@ nsHttpChannel::Connect()
LOG(("nsHttpChannel::Connect [this=%p]\n", this));
// Even if we're in private browsing mode, we still enforce existing STS
// data (it is read-only).
// if the connection is not using SSL and either the exact host matches or
// a superdomain wants to force HTTPS, do it.
bool isHttps = false;
rv = mURI->SchemeIs("https", &isHttps);
NS_ENSURE_SUCCESS(rv,rv);
nsCOMPtr<nsIPrincipal> resultPrincipal;
if (!isHttps && mLoadInfo && mLoadInfo->GetUpgradeInsecureRequests()) {
nsContentUtils::GetSecurityManager()->
GetChannelResultPrincipal(this, getter_AddRefs(resultPrincipal));
}
bool shouldUpgrade = false;
rv = NS_ShouldSecureUpgrade(mURI,
mLoadInfo,
resultPrincipal,
mPrivateBrowsing,
mAllowSTS,
shouldUpgrade);
NS_ENSURE_SUCCESS(rv, rv);
if (shouldUpgrade) {
return AsyncCall(&nsHttpChannel::HandleAsyncRedirectChannelToHttps);
if (!isHttps) {
// If any of the documents up the chain to the root doucment makes use of
// the CSP directive 'upgrade-insecure-requests', then it's time to fulfill
// the promise to CSP and mixed content blocking to upgrade the channel
// from http to https.
if (mLoadInfo && mLoadInfo->GetUpgradeInsecureRequests()) {
// Please note that cross origin top level navigations are not subject
// to upgrade-insecure-requests, see:
// http://www.w3.org/TR/upgrade-insecure-requests/#examples
nsCOMPtr<nsIPrincipal> resultPrincipal;
nsContentUtils::GetSecurityManager()->
GetChannelResultPrincipal(this, getter_AddRefs(resultPrincipal));
bool crossOriginNavigation =
(mLoadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_DOCUMENT) &&
(!resultPrincipal->Equals(mLoadInfo->LoadingPrincipal()));
if (!crossOriginNavigation) {
// let's log a message to the console that we are upgrading a request
nsAutoCString spec, scheme;
mURI->GetSpec(spec);
mURI->GetScheme(scheme);
// append the additional 's' for security to the scheme :-)
scheme.AppendASCII("s");
NS_ConvertUTF8toUTF16 reportSpec(spec);
NS_ConvertUTF8toUTF16 reportScheme(scheme);
const char16_t* params[] = { reportSpec.get(), reportScheme.get() };
uint32_t innerWindowId = mLoadInfo ? mLoadInfo->GetInnerWindowID() : 0;
CSP_LogLocalizedStr(MOZ_UTF16("upgradeInsecureRequest"),
params, ArrayLength(params),
EmptyString(), // aSourceFile
EmptyString(), // aScriptSample
0, // aLineNumber
0, // aColumnNumber
nsIScriptError::warningFlag, "CSP",
innerWindowId);
Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 4);
return AsyncCall(&nsHttpChannel::HandleAsyncRedirectChannelToHttps);
}
}
// enforce Strict-Transport-Security
nsISiteSecurityService* sss = gHttpHandler->GetSSService();
NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
bool isStsHost = false;
uint32_t flags = mPrivateBrowsing ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, mURI, flags,
&isStsHost);
// if the SSS check fails, it's likely because this load is on a
// malformed URI or something else in the setup is wrong, so any error
// should be reported.
NS_ENSURE_SUCCESS(rv, rv);
if (isStsHost) {
LOG(("nsHttpChannel::Connect() STS permissions found\n"));
if (mAllowSTS) {
Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 3);
return AsyncCall(&nsHttpChannel::HandleAsyncRedirectChannelToHttps);
} else {
Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 2);
}
} else {
Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 1);
}
} else {
Telemetry::Accumulate(Telemetry::HTTP_SCHEME_UPGRADE, 0);
}
// ensure that we are using a valid hostname
@ -1868,12 +1929,30 @@ nsHttpChannel::HandleAsyncRedirectChannelToHttps()
nsresult
nsHttpChannel::StartRedirectChannelToHttps()
{
nsresult rv = NS_OK;
LOG(("nsHttpChannel::HandleAsyncRedirectChannelToHttps() [STS]\n"));
nsCOMPtr<nsIURI> upgradedURI;
nsresult rv = GetSecureUpgradedURI(mURI, getter_AddRefs(upgradedURI));
rv = mURI->Clone(getter_AddRefs(upgradedURI));
NS_ENSURE_SUCCESS(rv,rv);
upgradedURI->SetScheme(NS_LITERAL_CSTRING("https"));
int32_t oldPort = -1;
rv = mURI->GetPort(&oldPort);
if (NS_FAILED(rv)) return rv;
// Keep any nonstandard ports so only the scheme is changed.
// For example:
// http://foo.com:80 -> https://foo.com:443
// http://foo.com:81 -> https://foo.com:81
if (oldPort == 80 || oldPort == -1)
upgradedURI->SetPort(-1);
else
upgradedURI->SetPort(oldPort);
return StartRedirectChannelToURI(upgradedURI,
nsIChannelEventSink::REDIRECT_PERMANENT |
nsIChannelEventSink::REDIRECT_STS_UPGRADE);