Add HTTP Nowhere mode for 4.0 branch

diracdeltas · diracdeltas · commit 599f270ad36d · 2014-09-20T17:46:43.000-07:00
diff --git a/src/chrome/content/code/HTTPS.js b/src/chrome/content/code/HTTPS.js
@@ -30,12 +30,23 @@ const HTTPS = {
   httpsForcedExceptions: null,
   httpsRewrite: null,
   
-  replaceChannel: function(applicable_list, channel) {
+  replaceChannel: function(applicable_list, channel, httpNowhereEnabled) {
     var blob = HTTPSRules.rewrittenURI(applicable_list, channel.URI.clone());
-    if (null == blob) return false; // no rewrite
+    if (null === blob) {
+      // Abort insecure requests when HTTP Nowhere is on
+      if (httpNowhereEnabled && channel.URI.schemeIs("http")) {
+        IOUtil.abort(channel);
+      }
+      return false; // no rewrite
+    }
     var uri = blob.newuri;
     if (!uri) this.log(WARN, "OH NO BAD ARGH\nARGH");
 
+    // Abort downgrading if HTTP Nowhere is on
+    if (httpNowhereEnabled && uri.schemeIs("http")) {
+      IOUtil.abort(channel);
+    }
+
     var c2 = channel.QueryInterface(CI.nsIHttpChannel);
     this.log(DBUG, channel.URI.spec+": Redirection limit is " + c2.redirectionLimit);
     // XXX This used to be (c2.redirectionLimit == 1), but that's very
diff --git a/src/chrome/content/toolbar_button.js b/src/chrome/content/toolbar_button.js
@@ -10,13 +10,13 @@ const CI = Components.interfaces;
 const CC = Components.classes;
 
 // LOG LEVELS ---
-VERB=1;
-DBUG=2;
-INFO=3;
-NOTE=4;
-WARN=5;
+let VERB=1;
+let DBUG=2;
+let INFO=3;
+let NOTE=4;
+let WARN=5;
 
-HTTPSEverywhere = CC["@eff.org/https-everywhere;1"]
+let HTTPSEverywhere = CC["@eff.org/https-everywhere;1"]
                       .getService(Components.interfaces.nsISupports)
                       .wrappedJSObject;
 
@@ -37,6 +37,11 @@ httpsEverywhere.toolbarButton = {
    */
   COUNTER_PREF: "extensions.https_everywhere.show_counter",
 
+  /**
+   * Name of preference for whether HTTP Nowhere is on.
+   */
+  HTTP_NOWHERE_PREF: "extensions.https_everywhere.http_nowhere.enabled",
+
   /**
    * Used to determine if a hint has been previously shown.
    * TODO: Probably extraneous, look into removing
@@ -53,14 +58,22 @@ httpsEverywhere.toolbarButton = {
 
     var tb = httpsEverywhere.toolbarButton;
 
-    // make sure icon is proper color during init
-    tb.changeIcon();
-
     // make sure the checkbox for showing counter is properly set
     var showCounter = tb.shouldShowCounter();
     var counterItem = document.getElementById('https-everywhere-counter-item');
     counterItem.setAttribute('checked', showCounter ? 'true' : 'false');
 
+    // make sure UI for HTTP Nowhere mode is properly set
+    var httpNowhereItem = document.getElementById('http-nowhere-item');
+    var showHttpNowhere = tb.shouldShowHttpNowhere();
+    var toolbarbutton = document.getElementById('https-everywhere-button');
+    httpNowhereItem.setAttribute('checked', showHttpNowhere ? 'true' : 'false');
+    toolbarbutton.setAttribute('http_nowhere',
+                               showHttpNowhere ? 'true' : 'false');
+
+    // make sure UI is set depending on whether HTTPS-E is enabled
+    toggleEnabledUI();
+
     // show ruleset counter when a tab is changed
     tb.updateRulesetsApplied();
     gBrowser.tabContainer.addEventListener(
@@ -119,20 +132,6 @@ httpsEverywhere.toolbarButton = {
     gBrowser.removeEventListener("DOMContentLoaded", tb.handleShowHint, true);
   },
 
-  /**
-   * Changes HTTPS Everywhere toolbar icon based on whether HTTPS Everywhere
-   * is enabled or disabled.
-   */
-  changeIcon: function() {
-    var enabled = HTTPSEverywhere.prefs.getBoolPref("globalEnabled");
-
-    var toolbarbutton = document.getElementById('https-everywhere-button');
-    if (enabled) {
-      toolbarbutton.setAttribute('status', 'enabled');
-    } else {
-      toolbarbutton.setAttribute('status', 'disabled');
-    }
-  },
 
   /**
    * Update the rulesets applied counter for the current tab.
@@ -186,6 +185,17 @@ httpsEverywhere.toolbarButton = {
     return !prefExists || sp.getBoolPref(tb.COUNTER_PREF);
   },
 
+  /**
+   * Gets whether to show HTTP Nowhere UI.
+   *
+   * @return {boolean}
+   */
+  shouldShowHttpNowhere: function() {
+    var tb = httpsEverywhere.toolbarButton;
+    var sp = Services.prefs;
+    return sp.getBoolPref(tb.HTTP_NOWHERE_PREF);
+  },
+
   /**
    * Toggles the user's preference for displaying the rulesets applied counter
    * and updates the UI.
@@ -198,8 +208,22 @@ httpsEverywhere.toolbarButton = {
     sp.setBoolPref(tb.COUNTER_PREF, !showCounter);
 
     tb.updateRulesetsApplied();
-  }
+  },
+
+  /**
+   * Toggles whether HTTP Nowhere mode is active, updates the toolbar icon.
+   */
+  toggleHttpNowhere: function() {
+    HTTPSEverywhere.toggleHttpNowhere();
+    var tb = httpsEverywhere.toolbarButton;
+    var showHttpNowhere = tb.shouldShowHttpNowhere();
 
+    // Change icon color to red if HTTP nowhere is enabled
+    var toolbarbutton = document.getElementById('https-everywhere-button');
+    toolbarbutton.setAttribute('http_nowhere',
+                               showHttpNowhere ? 'true' : 'false');
+    reload_window();
+  }
 };
 
 function https_everywhere_load() {
@@ -307,17 +331,29 @@ function reload_window() {
     HTTPSEverywhere.log(WARN,"failed to get webNav");
     return null;
   }
-  // This choice of flags comes from NoScript's quickReload function; not sure
-  // if it's optimal
-  webNav.reload(webNav.LOAD_FLAGS_CHARSET_CHANGE);  
+  // The choice of LOAD_FLAGS_CHARSET_CHANGE comes from NoScript's quickReload
+  // function; not sure if it's optimal
+  let flags = webNav.LOAD_FLAGS_BYPASS_CACHE & webNav.LOAD_FLAGS_CHARSET_CHANGE;
+  webNav.reload(flags);
 }
 
 function toggleEnabledState(){
 	HTTPSEverywhere.toggleEnabledState();
-	reload_window();	
+	reload_window();
+  toggleEnabledUI();
+}
+
+function toggleEnabledUI() {
+  // Add/remove menu items depending on whether HTTPS-E is enabled
+  var items = document.querySelectorAll(".hide-on-disable");
+  var enabled = HTTPSEverywhere.prefs.getBoolPref("globalEnabled");
+  for (let i = 0; i < items.length; i++) {
+    items[i].hidden = !enabled;
+  }
 
   // Change icon depending on enabled state
-  httpsEverywhere.toolbarButton.changeIcon();
+  var toolbarbutton = document.getElementById('https-everywhere-button');
+  toolbarbutton.setAttribute('status', enabled ? 'enabled' : 'disabled');
 }
 
 function open_in_tab(url) {
diff --git a/src/chrome/content/toolbar_button.xul b/src/chrome/content/toolbar_button.xul
@@ -42,9 +42,12 @@
 
       <menupopup id="https-everywhere-context" onpopupshowing="show_applicable_list(this)">
         <!-- entries will be written here by ApplicableList.populate_menu() -->
-        <menuseparator />
+        <menuseparator class="hide-on-disable"/>
+        <menuitem type="checkbox" id="http-nowhere-item" label="Block all HTTP requests" 
+          oncommand="httpsEverywhere.toolbarButton.toggleHttpNowhere()" class="hide-on-disable"/>
+        <menuseparator class="hide-on-disable"/>
         <menuitem type="checkbox" id="https-everywhere-counter-item" label="&https-everywhere.menu.showCounter;" 
-          oncommand="httpsEverywhere.toolbarButton.toggleShowCounter()" />
+          oncommand="httpsEverywhere.toolbarButton.toggleShowCounter()" class="hide-on-disable"/>
         <menuseparator />
         <menuitem label="&https-everywhere.menu.observatory;" command="https-everywhere-menuitem-observatory" />
         <menuitem label="&https-everywhere.menu.about;" command="https-everywhere-menuitem-about" />
diff --git a/src/chrome/skin/https-everywhere-16-red.png b/src/chrome/skin/https-everywhere-16-red.png
diff --git a/src/chrome/skin/https-everywhere-24-red.png b/src/chrome/skin/https-everywhere-24-red.png
diff --git a/src/chrome/skin/https-everywhere.css b/src/chrome/skin/https-everywhere.css
@@ -16,10 +16,15 @@ toolbar #https-everywhere-button > .https-everywhere-button {
 }
 
 /* Use CSS attribute selector for changing icon */
+#https-everywhere-button[http_nowhere="true"] > .https-everywhere-button {
+  list-style-image: url("chrome://https-everywhere/skin/https-everywhere-24-red.png");
+}
 #https-everywhere-button[status="disabled"] > .https-everywhere-button {
   list-style-image: url("chrome://https-everywhere/skin/https-everywhere-24-gray.png");
 }
-
+toolbar[iconsize="small"] #https-everywhere-button[http_nowhere="true"] > .https-everywhere-button {
+  list-style-image: url("chrome://https-everywhere/skin/https-everywhere-16-red.png");
+}
 toolbar[iconsize="small"] #https-everywhere-button[status="disabled"] > .https-everywhere-button {
   list-style-image: url("chrome://https-everywhere/skin/https-everywhere-16-gray.png");
 }
diff --git a/src/components/https-everywhere.js b/src/components/https-everywhere.js
@@ -191,6 +191,7 @@ function HTTPSEverywhere() {
   this.prefs = this.get_prefs();
   this.rule_toggle_prefs = this.get_prefs(PREFBRANCH_RULE_TOGGLE);
 
+  this.httpNowhereEnabled = this.prefs.getBoolPref("http_nowhere.enabled");
   this.isMobile = this.doMobileCheck();
 
   // We need to use observers instead of categories for FF3.0 for these:
@@ -456,7 +457,7 @@ HTTPSEverywhere.prototype = {
         else        this.log(NOTE,"Failed to indicate breakage in content menu");
         return;
       }
-      HTTPS.replaceChannel(lst, channel);
+      HTTPS.replaceChannel(lst, channel, this.httpNowhereEnabled);
     } else if (topic == "http-on-examine-response") {
          this.log(DBUG, "Got http-on-examine-response @ "+ (channel.URI ? channel.URI.spec : '') );
          HTTPS.handleSecureCookies(channel);
@@ -624,7 +625,7 @@ HTTPSEverywhere.prototype = {
       return;
     }
     var alist = this.juggleApplicableListsDuringRedirection(oldChannel, newChannel);
-    HTTPS.replaceChannel(alist,newChannel);
+    HTTPS.replaceChannel(alist,newChannel, this.httpNowhereEnabled);
   },
 
   juggleApplicableListsDuringRedirection: function(oldChannel, newChannel) {
@@ -784,6 +785,40 @@ HTTPSEverywhere.prototype = {
             this.log(WARN, "Couldn't add observers: " + e);         
         }
     }
+  },
+
+  toggleHttpNowhere: function() {
+    let prefService = Services.prefs;
+    let thisBranch =
+      prefService.getBranch("extensions.https_everywhere.http_nowhere.");
+    let securityBranch = prefService.getBranch("security.");
+
+    // Whether cert is treated as invalid when OCSP connection fails
+    let OCSP_REQUIRED = "OCSP.require";
+
+    // Branch to save original settings
+    let ORIG_OCSP_REQUIRED = "orig.ocsp.required";
+
+
+    if (thisBranch.getBoolPref("enabled")) {
+      // Restore original OCSP settings. TODO: What if user manually edits
+      // these while HTTP Nowhere is enabled?
+      let origOcspRequired = thisBranch.getBoolPref(ORIG_OCSP_REQUIRED);
+      securityBranch.setBoolPref(OCSP_REQUIRED, origOcspRequired);
+
+      thisBranch.setBoolPref("enabled", false);
+      this.httpNowhereEnabled = false;
+    } else {
+      // Save original OCSP settings in HTTP Nowhere preferences branch.
+      let origOcspRequired = securityBranch.getBoolPref(OCSP_REQUIRED);
+      thisBranch.setBoolPref(ORIG_OCSP_REQUIRED, origOcspRequired);
+
+      // Disable OCSP enforcement
+      securityBranch.setBoolPref(OCSP_REQUIRED, false);
+
+      thisBranch.setBoolPref("enabled", true);
+      this.httpNowhereEnabled = true;
+    }
   }
 };
 
diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js
@@ -15,6 +15,10 @@ pref("extensions.https_everywhere.performance_tests", false);
 // enable rulesets that trigger mixed content blocking
 pref("extensions.https_everywhere.enable_mixed_rulesets", false);
 
+// HTTP Nowhere preferences
+pref("extensions.https_everywhere.http_nowhere.enabled", false);
+pref("extensions.https_everywhere.http_nowhere.orig.ocsp.required", false);
+
 
 // SSl Observatory preferences
 pref("extensions.https_everywhere._observatory.enabled",false);

Original file line number	Diff line number	Diff line change
`@@ -16,10 +16,15 @@ toolbar #https-everywhere-button > .https-everywhere-button {`
`16`	`16`	`}`
`17`	`17`
`18`	`18`	`/* Use CSS attribute selector for changing icon */`
	`19`	`+#https-everywhere-button[http_nowhere="true"] > .https-everywhere-button {`
	`20`	`+ list-style-image: url("chrome://https-everywhere/skin/https-everywhere-24-red.png");`
	`21`	`+}`
`19`	`22`	`#https-everywhere-button[status="disabled"] > .https-everywhere-button {`
`20`	`23`	`list-style-image: url("chrome://https-everywhere/skin/https-everywhere-24-gray.png");`
`21`	`24`	`}`
`22`		`-`
	`25`	`+toolbar[iconsize="small"] #https-everywhere-button[http_nowhere="true"] > .https-everywhere-button {`
	`26`	`+ list-style-image: url("chrome://https-everywhere/skin/https-everywhere-16-red.png");`
	`27`	`+}`
`23`	`28`	`toolbar[iconsize="small"] #https-everywhere-button[status="disabled"] > .https-everywhere-button {`
`24`	`29`	`list-style-image: url("chrome://https-everywhere/skin/https-everywhere-16-gray.png");`
`25`	`30`	`}`