NetworkPkg: Add PCD to enable the HTTP connections switch

v3: * Correct the commits grammar v2: * Rename the PCD to PcdAllowHttpConnections. * Refine the PCD descriptions. If the value of PcdAllowHttpConnections is TRUE, HTTP connections are allowed. Both the "https://" and "http://" URI schemes are permitted. Otherwise, HTTP connections are denied. Only the "https://" URI scheme is permitted. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Kinney Michael D <michael.d.kinney@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Gary Lin <glin@suse.com> Tested-by: Gary Lin <glin@suse.com>
2017-01-06 11:53:57 +08:00
parent 70420e31a0
commit 221463c2b3
8 changed files with 167 additions and 40 deletions
--- a/NetworkPkg/HttpDxe/HttpImpl.c
+++ b/NetworkPkg/HttpDxe/HttpImpl.c
@@ -1,7 +1,7 @@
 /** @file
  Implementation of EFI_HTTP_PROTOCOL protocol interfaces.

-  Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
  (C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP<BR>

  This program and the accompanying materials
@@ -354,6 +354,16 @@ EfiHttpRequest (
    //
    HttpInstance->UseHttps = IsHttpsUrl (Url);

+    //
+    // HTTP is disabled, return directly if the URI is not HTTPS.
+    //
+    if (!PcdGetBool (PcdAllowHttpConnections) && !(HttpInstance->UseHttps)) {
+      
+      DEBUG ((EFI_D_ERROR, "EfiHttpRequest: HTTP is disabled.\n"));
+
+      return EFI_ACCESS_DENIED;
+    }
+
    //
    // Check whether we need to create Tls child and open the TLS protocol.
    //