From 20a10f03d4b14d68a77db88feea95cfcdbef8d34 Mon Sep 17 00:00:00 2001
From: Mark Walker <mark.damon.walker@tutanota.com>
Date: Sun, 28 Apr 2024 10:33:49 +0800
Subject: Add force https mode

Implement an option to force all http urls to be upgraded to HTTPS,
similar to HTTPS-Only Mode in Firefox.

A http_force_https preference variable is provided as well as a menu
bar item to toggle this mode.

See: https://support.mozilla.org/en-US/kb/https-only-prefs
---
 src/menu.cc        | 21 +++++++++++++++++++--
 src/prefs.c        |  1 +
 src/prefs.h        |  1 +
 src/prefsparser.cc |  1 +
 src/url.c          | 26 ++++++++++++++++++--------
 5 files changed, 40 insertions(+), 10 deletions(-)

(limited to 'src')

diff --git a/src/menu.cc b/src/menu.cc
index a1252989..865b843b 100644
--- a/src/menu.cc
+++ b/src/menu.cc
@@ -671,6 +671,19 @@ static void Menu_embedded_css_cb(Fl_Widget *wid, void*)
    a_UIcmd_repush(popup_bw);
 }
 
+
+/**
+ * Toggle use of force https mode
+ */
+static void Menu_force_https_cb(Fl_Widget *wid, void*)
+{
+   Fl_Menu_Item *item = (Fl_Menu_Item*) wid;
+
+   item->flags ^= FL_MENU_VALUE;
+   prefs.http_force_https = item->flags & FL_MENU_VALUE ? 1 : 0;
+   a_UIcmd_repush(popup_bw);
+}
+
 static void Menu_panel_change_cb(Fl_Widget*, void *user_data)
 {
    UI *ui = (UI*)popup_bw->ui;
@@ -728,6 +741,8 @@ void a_Menu_tools_popup(BrowserWindow *bw, int x, int y)
        FL_MENU_TOGGLE,0,0,0,0},
       {"Load background images", 0, Menu_bgimg_load_toggle_cb, 0,
        FL_MENU_TOGGLE|FL_MENU_DIVIDER,0,0,0,0},
+      {"Force HTTPS", 0, Menu_force_https_cb, 0,
+       FL_MENU_TOGGLE|FL_MENU_DIVIDER,0,0,0,0},
       {"Panel size", 0, Menu_nop_cb, (void*)"Submenu1", FL_SUBMENU,0,0,0,0},
          {"tiny",  0,Menu_panel_change_cb,(void*)0,FL_MENU_RADIO,0,0,0,0},
          {"small", 0,Menu_panel_change_cb,(void*)1,FL_MENU_RADIO,0,0,0,0},
@@ -751,8 +766,10 @@ void a_Menu_tools_popup(BrowserWindow *bw, int x, int y)
       pm[2].set();
    if (prefs.load_background_images)
       pm[3].set();
-   pm[5+cur_panelsize].setonly();
-   cur_smallicons ? pm[8].set() : pm[8].clear();
+   if (prefs.http_force_https)
+      pm[4].set();
+   pm[6+cur_panelsize].setonly();
+   cur_smallicons ? pm[9].set() : pm[9].clear();
 
    item = pm->popup(x, y);
    if (item) {
diff --git a/src/prefs.c b/src/prefs.c
index 72a7568e..8d25ef18 100644
--- a/src/prefs.c
+++ b/src/prefs.c
@@ -68,6 +68,7 @@ void a_Prefs_init(void)
    prefs.http_proxyuser = NULL;
    prefs.http_referer = dStrdup(PREFS_HTTP_REFERER);
    prefs.http_strict_transport_security = TRUE;
+   prefs.http_force_https = FALSE;
    prefs.http_user_agent = dStrdup(PREFS_HTTP_USER_AGENT);
    prefs.limit_text_width = FALSE;
    prefs.adjust_min_width = TRUE;
diff --git a/src/prefs.h b/src/prefs.h
index 0073d52a..b234176f 100644
--- a/src/prefs.h
+++ b/src/prefs.h
@@ -97,6 +97,7 @@ typedef struct {
    bool_t parse_embedded_css;
    bool_t http_persistent_conns;
    bool_t http_strict_transport_security;
+   bool_t http_force_https;
    int32_t buffered_drawing;
    char *font_serif;
    char *font_sans_serif;
diff --git a/src/prefsparser.cc b/src/prefsparser.cc
index dbb82cb8..40460e52 100644
--- a/src/prefsparser.cc
+++ b/src/prefsparser.cc
@@ -179,6 +179,7 @@ void PrefsParser::parse(FILE *fp)
       { "http_referer", &prefs.http_referer, PREFS_STRING, 0 },
       { "http_strict_transport_security",&prefs.http_strict_transport_security,
         PREFS_BOOL, 0 },
+      { "http_force_https", &prefs.http_force_https, PREFS_BOOL, 0 },
       { "http_user_agent", &prefs.http_user_agent, PREFS_STRING, 0 },
       { "limit_text_width", &prefs.limit_text_width, PREFS_BOOL, 0 },
       { "adjust_min_width", &prefs.adjust_min_width, PREFS_BOOL, 0 },
diff --git a/src/url.c b/src/url.c
index 4af7bef1..686a3b90 100644
--- a/src/url.c
+++ b/src/url.c
@@ -423,16 +423,26 @@ DilloUrl* a_Url_new(const char *url_str, const char *base_url)
    dFree(str1);
    dFree(str2);
 
-   /*
-    * A site's HTTP Strict Transport Security policy may direct us to transform
-    * URLs like "http://en.wikipedia.org:80" to "https://en.wikipedia.org:443".
-    */
-   if (prefs.http_strict_transport_security &&
-       url->scheme && !dStrAsciiCasecmp(url->scheme, "http") &&
-       a_Hsts_require_https(a_Url_hostname(url))) {
+   bool_t switch_to_https = FALSE;
+
+   if (url->scheme && !dStrAsciiCasecmp(url->scheme, "http")) {
+      /*
+       * A site's HTTP Strict Transport Security policy may direct us to transform
+       * URLs like "http://en.wikipedia.org:80" to "https://en.wikipedia.org:443".
+       */
+      if (prefs.http_strict_transport_security &&
+          a_Hsts_require_https(a_Url_hostname(url))) {
+         _MSG("url: HSTS transformation for %s.\n", url->url_string->str);
+         switch_to_https = TRUE;
+      } else if (prefs.http_force_https) {
+         _MSG("url: Force HTTPS transformation for %s.\n", url->url_string->str);
+         switch_to_https = TRUE;
+      }
+   }
+
+   if (switch_to_https) {
       const char *const scheme = "https";
 
-      _MSG("url: HSTS transformation for %s.\n", url->url_string->str);
       url->scheme = scheme;
       if (url->port == URL_HTTP_PORT)
          url->port = URL_HTTPS_PORT;
-- 
cgit v1.2.3