Firefox: prevent axios HEAD request from downloading entire original image; CSP 'upgrade-insecure-requests' handling with http-only proxies; firefox imageset listener contingent on if proxy is HTTPS

[changhaitravis]

Firefox-Only: Fixed HEAD requests downloading the entire original image when scouting the file-size of images on improperly configured webservers (Supposedly this also required Axios get upgraded to the latest version). Accomplished by setting {maxContentLength: 0} as config option.

The change in patchContentSecurity.js in regards to upgrade-insecure-requests should shut the door on #20 as far as CSP goes on http-only proxies, gawker sites (gizmodo/kotaku/io9) are improved, but still don't seem to work right. unwrappedlife.com is fixed.

Once again, I didn't test on chrome, but these are pretty minor changes.

Feel free to let this one linger a bit, since if we figure out what's happening with @Tomatoide's set up I'll push the fix into this pull request assuming it doesn't have to do with the proxy they're using.

[changhaitravis]

Okay, this turned out to be a bigger change than I was anticipating. Imageset counts as active-mixed-content in firefox, so I'm only enabling that listener if using bandwidth hero with an HTTPS proxy (I need to write a unit test for that detection module before the TravisCI build will pass)

[Tomatoide]

Quick question here as I'm not very knowledgeable in this area: does setting block csp reports in ublock origin affect bandwidth hero in any way?

[changhaitravis]

I'm not too familiar with ublock, but this add-on relies heavily on CSP header manipulation to work on many secure websites. So I'd avoid messing with that

[changhaitravis]

Bandwidth hero doesn't care about, and isn't affected by CSP Reports.

[changhaitravis]

Do not pull, there's some sort of bug that's causing a data drain, I've already maxxed out my data plan in a little over a week, and normally it takes me 3 weeks or so. I'll re-open this pull request after I've identified and fixed it.

[Tomatoide]

Is it better to disable the extension for now till this axios bug and the other unidentified data draining bug are fixed? I'm short on data in the upcoming weeks and don't want to risk it

[changhaitravis]

data draining bug only happens on my fork of the code. Even without the axios bug fix it would be a net save because it does not affect most websites. I would keep using.

[changhaitravis]

I'm 3 days into my billing cycle and it seems normal. I think the encountered data drain was just because it went into an off state due to #23.

[Tomatoide]

Note that in issue #23 images don't display at all
Edit: yeah it seems like now images are appearing (although uncompressed) unlike the old behavior when issue #23 was first reported, where images would stop appearing at all when the extension stops working.. don't know if this is related to extension changes or newer firefox versions