commit dcae22191c42bdb1948a6e55c7c50e0ab97dbf70 Author: Alex Catarineu <acat@torproject.org> Date: Wed Mar 25 18:33:57 2020 +0100 fixup! Bug 23247: Communicating security expectations for .onion --- dom/security/nsMixedContentBlocker.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp index cf060b67d68f..2bbc2e8aecb3 100644 --- a/dom/security/nsMixedContentBlocker.cpp +++ b/dom/security/nsMixedContentBlocker.cpp @@ -794,6 +794,11 @@ nsresult nsMixedContentBlocker::ShouldLoad( return NS_OK; } + if (isHttpScheme && IsPotentiallyTrustworthyOrigin(innerContentLocation)) { + *aDecision = ACCEPT; + return NS_OK; + } + // The page might have set the CSP directive 'upgrade-insecure-requests'. In // such a case allow the http: load to succeed with the promise that the // channel will get upgraded to https before fetching any data from the