From 2550600131e26c135d9a3e408572c24a85f72f75 Mon Sep 17 00:00:00 2001
From: Josh Matthews <josh@joshmatthews.net>
Date: Tue, 9 Jun 2020 12:50:08 -0400
Subject: [PATCH] net: Use a POST request for allowing certs temporarily.

---
 components/net/fetch/methods.rs  | 36 +++++++++++++++++++-------------
 components/net/http_loader.rs    |  2 +-
 components/net_traits/request.rs |  6 +++---
 resources/badcert.html           |  4 ++--
 4 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs
index a73255bf66b..c25ab10cbe6 100644
--- a/components/net/fetch/methods.rs
+++ b/components/net/fetch/methods.rs
@@ -15,14 +15,16 @@ use headers::{AccessControlExposeHeaders, ContentType, HeaderMapExt, Range};
 use http::header::{self, HeaderMap, HeaderName};
 use hyper::Method;
 use hyper::StatusCode;
-use ipc_channel::ipc::IpcReceiver;
+use ipc_channel::ipc::{self, IpcReceiver};
 use mime::{self, Mime};
 use net_traits::blob_url_store::{parse_blob_url, BlobURLStoreError};
 use net_traits::filemanager_thread::{FileTokenCheck, RelativePos};
 use net_traits::request::{
     is_cors_safelisted_method, is_cors_safelisted_request_header, Origin, ResponseTainting, Window,
 };
-use net_traits::request::{CredentialsMode, Destination, Referrer, Request, RequestMode};
+use net_traits::request::{
+    BodyChunkRequest, CredentialsMode, Destination, Referrer, Request, RequestMode,
+};
 use net_traits::response::{Response, ResponseBody, ResponseType};
 use net_traits::{FetchTaskTarget, NetworkError, ReferrerPolicy, ResourceFetchTiming};
 use net_traits::{ResourceAttribute, ResourceTimeValue, ResourceTimingType};
@@ -634,18 +636,24 @@ fn scheme_fetch(
         "about" if url.path() == "blank" => create_blank_reply(url, request.timing_type()),
 
         "chrome" if url.path() == "allowcert" => {
-            let mut secret = None;
-            let mut cert_bytes = None;
-            for (name, value) in url.as_url().query_pairs() {
-                match &*name {
-                    "secret" => secret = Some(value),
-                    "bytes" => cert_bytes = base64::decode(value.as_bytes()).ok(),
-                    _ => (),
-                }
-            }
-            if let (Some(secret), Some(bytes)) = (secret, cert_bytes) {
-                if secret.parse() == Ok(*net_traits::PRIVILEGED_SECRET) {
-                    context.state.extra_certs.add(bytes);
+            let data = request.body.as_mut().and_then(|body| {
+                let stream = body.take_stream();
+                let (body_chan, body_port) = ipc::channel().unwrap();
+                let _ = stream.send(BodyChunkRequest::Connect(body_chan));
+                let _ = stream.send(BodyChunkRequest::Chunk);
+                body_port.recv().ok()
+            });
+            let data = data.as_ref().and_then(|b| {
+                let idx = b.iter().position(|b| *b == b'&')?;
+                Some(b.split_at(idx))
+            });
+
+            if let Some((secret, bytes)) = data {
+                let secret = str::from_utf8(secret).ok().and_then(|s| s.parse().ok());
+                if secret == Some(*net_traits::PRIVILEGED_SECRET) {
+                    if let Ok(bytes) = base64::decode(&bytes[1..]) {
+                        context.state.extra_certs.add(bytes);
+                    }
                 }
             }
 
diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs
index 9f15dbcad72..d69f418006c 100644
--- a/components/net/http_loader.rs
+++ b/components/net/http_loader.rs
@@ -1571,7 +1571,7 @@ fn http_network_fetch(
         &url,
         &request.method,
         &request.headers,
-        request.body.as_mut().and_then(|body| body.take_stream()),
+        request.body.as_mut().map(|body| body.take_stream()),
         &request.pipeline_id,
         request_id.as_ref().map(Deref::deref),
         is_xhr,
diff --git a/components/net_traits/request.rs b/components/net_traits/request.rs
index 8906f4f038f..7af3855720d 100644
--- a/components/net_traits/request.rs
+++ b/components/net_traits/request.rs
@@ -164,7 +164,7 @@ impl RequestBody {
         }
     }
 
-    pub fn take_stream(&mut self) -> Option<IpcSender<BodyChunkRequest>> {
+    pub fn take_stream(&mut self) -> IpcSender<BodyChunkRequest> {
         if self.read_from {
             match self.source {
                 BodySource::Null => panic!(
@@ -174,12 +174,12 @@ impl RequestBody {
                     let (chan, port) = ipc::channel().unwrap();
                     let _ = self.chan.send(BodyChunkRequest::Extract(port));
                     self.chan = chan.clone();
-                    return Some(chan);
+                    return chan;
                 },
             }
         }
         self.read_from = true;
-        Some(self.chan.clone())
+        self.chan.clone()
     }
 
     pub fn source_is_null(&self) -> bool {
diff --git a/resources/badcert.html b/resources/badcert.html
index 9f37bcaa2a1..392bddc0572 100644
--- a/resources/badcert.html
+++ b/resources/badcert.html
@@ -14,11 +14,11 @@
     if (bytes.length) {
         button.onclick = function() {
             let xhr = new XMLHttpRequest();
-            xhr.open('GET', 'chrome:allowcert?secret=${secret}&bytes=' + btoa(bytes));
+            xhr.open('POST', 'chrome:allowcert');
             xhr.onloadend = function() {
                 location.reload(true);
             };
-            xhr.send();
+            xhr.send("${secret}&" + btoa(bytes));
         };
     } else {
         button.style.display = "none";