1620242 - HTTPS Only Mode - Basic implementation

Status: RESOLVED FIXED

(Core :: DOM: Security, enhancement, P2)

Description

[Julian Gaibler]

Basic implementation of the HTTPS Only Mode, which upgrades all insecure requests to https:// when a pref is set.

Should contain:

• Basic upgrade behind a pref
• Upgrade tests for requests, sub-resources, and redirects.
• Logging to console

Meta Bug 1613063

Comment 1

[Julian Gaibler]

Attachment: Bug 1620242 - Basic implementation for HTTPS Only Mode. r=ckerschb

Comment 2

[Pulsebot]

Pushed by rgurzau@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/46dfbb4de902
Basic implementation for HTTPS Only Mode. r=ckerschb,mixedpuppy

Comment 3

[Alexandru Michis [:malexandru]]

Backed out changeset 46dfbb4de902 for causing failures in test_x-frame-options.html

Backout link: https://hg.mozilla.org/integration/autoland/rev/157a80e6e571a2826d0afebb8b3d3bb666b4bbc8

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&test_paths=dom%2Fbase%2Ftest&failure_classification_id=2&fromchange=93abc56ef420956cb8b04b2e9305befb33e08b7d&tochange=157a80e6e571a2826d0afebb8b3d3bb666b4bbc8&selectedJob=293054796

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=293054790&repo=autoland&lineNumber=4194

Comment 4

[Christoph Kerschbaumer [:ckerschb, back on May 21st]]

Ah, good that we have that test, this is a problem indeed. Probably we should add a test for CSP frame-ancestors in combination with upgrade-insecure-requests as well to avoid that problem.

For XFO specifically we have to update code here:
https://searchfox.org/mozilla-central/rev/fb3b0075d1a9c4dafbdf339b835d462b5ae55a0e/dom/security/FramingChecker.cpp#137

Comment 5

[Julian Gaibler]

This test failure didn't seem related to this revision and I could not reproduce it locally either.
Made another try-run where the test didn't fail, so added Check-in Needed again.

Comment 6

[Pulsebot]

Pushed by aiakab@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/21f62488a5b5
Basic implementation for HTTPS Only Mode. r=ckerschb,mixedpuppy

Comment 7

[Noemi Erli[:noemi_erli]]

Backed out changeset 21f62488a5b5 (Bug 1620242) for causing bustages in nsMixedContentBlocker.cpp CLOSED TREE

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&group_state=expanded&selectedJob=293392372&resultStatus=testfailed%2Cbusted%2Cexception&revision=21f62488a5b5e06a356d3e0c28fba42890764ec6

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=293392372&repo=autoland&lineNumber=28626

Backout: https://hg.mozilla.org/integration/autoland/rev/77e4f540f4d4688a0460c27d16fa4ef988e69645

Comment 8

[Pulsebot]

Pushed by csabou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f6d98a73d50a
Basic implementation for HTTPS Only Mode. r=ckerschb,mixedpuppy

Comment 9

[Bogdan Tara[:bogdan_tara | bogdant]]

https://hg.mozilla.org/mozilla-central/rev/f6d98a73d50a