tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 6636d62bc7008a71b5b5c7d7d9453d6fe42cf13e
parent f819cc68168879bb7addacc6a148250333bded7b
Author: Randell Jesup <rjesup@mozilla.com>
Date:   Tue,  7 Oct 2025 17:56:04 +0000

Bug 1917965: Bug Fix for AddStandardHeaders and an await in TRR r=necko-reviewers,valentin

This undoes changes to the devtools tests; they're sensitive to header ordering

Differential Revision: https://phabricator.services.mozilla.com/D266549

Diffstat:

Mdevtools/client/netmonitor/test/browser_net_copy_as_powershell.js | 8++++----


Mnetwerk/protocol/http/HttpBaseChannel.cpp | 3++-


Mnetwerk/protocol/http/nsHttpHandler.cpp | 10+++++++++-


Mnetwerk/protocol/http/nsHttpHandler.h | 3++-


Mnetwerk/test/unit/test_dictionary_storage.js | 2++


Mnetwerk/test/unit/xpcshell.toml | 4++--


6 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/devtools/client/netmonitor/test/browser_net_copy_as_powershell.js b/devtools/client/netmonitor/test/browser_net_copy_as_powershell.js
@@ -19,11 +19,11 @@ add_task(async function () {
 -Headers @{
 "Accept" = "*/*"
   "Accept-Language" = "en-US"
+  "Accept-Encoding" = "gzip, deflate, br, zstd"
   "X-Custom-Header-1" = "Custom value"
   "X-Custom-Header-2" = "8.8.8.8"
   "X-Custom-Header-3" = "Mon, 3 Mar 2014 11:11:11 GMT"
   "Referer" = "https://example.com/browser/devtools/client/netmonitor/test/html_copy-as-curl.html"
-  "Accept-Encoding" = "gzip, deflate, br, zstd"
   "Sec-Fetch-Dest" = "empty"
   "Sec-Fetch-Mode" = "cors"
   "Sec-Fetch-Site" = "same-origin"
@@ -42,11 +42,11 @@ Invoke-WebRequest -UseBasicParsing -Uri "https://example.com/browser/devtools/cl
 -Headers @{
 "Accept" = "*/*"
   "Accept-Language" = "en-US"
+  "Accept-Encoding" = "gzip, deflate, br, zstd"
   "X-Custom-Header-1" = "Custom value"
   "X-Custom-Header-2" = "8.8.8.8"
   "X-Custom-Header-3" = "Mon, 3 Mar 2014 11:11:11 GMT"
   "Referer" = "https://example.com/browser/devtools/client/netmonitor/test/html_copy-as-curl.html"
-  "Accept-Encoding" = "gzip, deflate, br, zstd"
   "Sec-Fetch-Dest" = "empty"
   "Sec-Fetch-Mode" = "cors"
   "Sec-Fetch-Site" = "same-origin"
@@ -68,12 +68,12 @@ Invoke-WebRequest -UseBasicParsing -Uri "https://example.com/browser/devtools/cl
 -Headers @{
 "Accept" = "*/*"
   "Accept-Language" = "en-US"
+  "Accept-Encoding" = "gzip, deflate, br, zstd"
   "X-Custom-Header-1" = "Custom value"
   "X-Custom-Header-2" = "8.8.8.8"
   "X-Custom-Header-3" = "Mon, 3 Mar 2014 11:11:11 GMT"
   "Origin" = "https://example.com"
   "Referer" = "https://example.com/browser/devtools/client/netmonitor/test/html_copy-as-curl.html"
-  "Accept-Encoding" = "gzip, deflate, br, zstd"
   "Sec-Fetch-Dest" = "empty"
   "Sec-Fetch-Mode" = "cors"
   "Sec-Fetch-Site" = "same-origin"
@@ -97,12 +97,12 @@ Invoke-WebRequest -UseBasicParsing -Uri "https://example.com/browser/devtools/cl
 -Headers @{
 "Accept" = "*/*"
   "Accept-Language" = "en-US"
+  "Accept-Encoding" = "gzip, deflate, br, zstd"
   "X-Custom-Header-1" = "Custom value"
   "X-Custom-Header-2" = "8.8.8.8"
   "X-Custom-Header-3" = "Mon, 3 Mar 2014 11:11:11 GMT"
   "Origin" = "https://example.com"
   "Referer" = "https://example.com/browser/devtools/client/netmonitor/test/html_copy-as-curl.html"
-  "Accept-Encoding" = "gzip, deflate, br, zstd"
   "Sec-Fetch-Dest" = "empty"
   "Sec-Fetch-Mode" = "cors"
   "Sec-Fetch-Site" = "same-origin"
diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -348,6 +348,7 @@ nsresult HttpBaseChannel::Init(nsIURI* aURI, uint32_t aCaps,
   // Construct connection info object
   nsAutoCString host;
   int32_t port = -1;
+  bool isHTTPS = isSecureOrTrustworthyURL(mURI);
 
   nsresult rv = mURI->GetAsciiHost(host);
   if (NS_FAILED(rv)) return rv;
@@ -394,7 +395,7 @@ nsresult HttpBaseChannel::Init(nsIURI* aURI, uint32_t aCaps,
   }
 
   rv = gHttpHandler->AddStandardRequestHeaders(
-      &mRequestHead, aURI, contentPolicyType,
+      &mRequestHead, aURI, isHTTPS, contentPolicyType,
       nsContentUtils::ShouldResistFingerprinting(this,
                                                  RFPTarget::HttpUserAgent));
   if (NS_FAILED(rv)) return rv;
diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp
@@ -734,7 +734,7 @@ nsresult nsHttpHandler::AddAcceptAndDictionaryHeaders(
 }
 
 nsresult nsHttpHandler::AddStandardRequestHeaders(
-    nsHttpRequestHead* request, nsIURI* aURI,
+    nsHttpRequestHead* request, nsIURI* aURI, bool aIsHTTPS,
     ExtContentPolicyType aContentPolicyType, bool aShouldResistFingerprinting) {
   nsresult rv;
 
@@ -787,6 +787,14 @@ nsresult nsHttpHandler::AddStandardRequestHeaders(
                             nsHttpHeaderArray::eVarietyRequestDefault);
     if (NS_FAILED(rv)) return rv;
   }
+
+  if (aIsHTTPS) {
+    rv = request->SetHeader(nsHttp::Accept_Encoding, mHttpsAcceptEncodings,
+                            false, nsHttpHeaderArray::eVarietyRequestDefault);
+  } else {
+    rv = request->SetHeader(nsHttp::Accept_Encoding, mHttpAcceptEncodings,
+                            false, nsHttpHeaderArray::eVarietyRequestDefault);
+  }
   return NS_OK;
 }
 
diff --git a/netwerk/protocol/http/nsHttpHandler.h b/netwerk/protocol/http/nsHttpHandler.h
@@ -122,7 +122,8 @@ class nsHttpHandler final : public nsIHttpProtocolHandler,
       bool aSecure, bool& aAsync,
       const std::function<bool(bool, DictionaryCacheEntry*)>& aCallback);
   [[nodiscard]] nsresult AddStandardRequestHeaders(
-      nsHttpRequestHead*, nsIURI* aURI, ExtContentPolicyType aContentPolicyType,
+      nsHttpRequestHead*, nsIURI* aURI, bool aIsHTTPS,
+      ExtContentPolicyType aContentPolicyType,
       bool aShouldResistFingerprinting);
   [[nodiscard]] nsresult AddConnectionHeader(nsHttpRequestHead*, uint32_t caps);
   bool IsAcceptableEncoding(const char* encoding, bool isSecure);
diff --git a/netwerk/test/unit/test_dictionary_storage.js b/netwerk/test/unit/test_dictionary_storage.js
@@ -592,6 +592,8 @@ add_task(async function test_too_long_dictionary_url() {
   [req, data] = await channelOpenPromise(chan);
 
   try {
+    // we're just looking to see if it throws
+    // eslint-disable-next-line no-unused-vars
     let headerValue = req.getRequestHeader("Available-Dictionary");
     Assert.ok(false, "Too-long dictionary was offered in Available-Dictionary");
   } catch (e) {
diff --git a/netwerk/test/unit/xpcshell.toml b/netwerk/test/unit/xpcshell.toml
@@ -571,14 +571,14 @@ prefs = ["content.cors.use_triggering_principal=true"] # See bug 1982916.
 
 ["test_data_protocol.js"]
 
+["test_defaultURI.js"]
+
 ["test_dictionary_compression_dcb.js"]
 
 ["test_dictionary_retrieval.js"]
 
 ["test_dictionary_storage.js"]
 
-["test_defaultURI.js"]
-
 ["test_dns_by_type_resolve.js"]
 
 ["test_dns_cancel.js"]