Source code

Revision control

Other Tools

1
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
/* vim: set ts=2 sw=2 et tw=80: */
3
/* This Source Code Form is subject to the terms of the Mozilla Public
4
* License, v. 2.0. If a copy of the MPL was not distributed with this
5
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7
#include "mozilla/OriginAttributes.h"
8
#include "mozilla/Preferences.h"
9
#include "mozilla/dom/BlobURLProtocolHandler.h"
10
#include "mozilla/dom/URLSearchParams.h"
11
#include "mozilla/dom/quota/QuotaManager.h"
12
#include "nsIEffectiveTLDService.h"
13
#include "nsIURI.h"
14
#include "nsURLHelper.h"
15
16
static const char kSourceChar = ':';
17
static const char kSanitizedChar = '+';
18
19
namespace mozilla {
20
21
using dom::URLParams;
22
23
void OriginAttributes::SetFirstPartyDomain(const bool aIsTopLevelDocument,
24
nsIURI* aURI, bool aForced) {
25
bool isFirstPartyEnabled = IsFirstPartyEnabled();
26
27
// If the prefs are off or this is not a top level load, bail out.
28
if ((!isFirstPartyEnabled || !aIsTopLevelDocument) && !aForced) {
29
return;
30
}
31
32
nsCOMPtr<nsIEffectiveTLDService> tldService =
33
do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
34
MOZ_ASSERT(tldService);
35
if (!tldService) {
36
return;
37
}
38
39
nsAutoCString baseDomain;
40
nsresult rv = tldService->GetBaseDomain(aURI, 0, baseDomain);
41
if (NS_SUCCEEDED(rv)) {
42
mFirstPartyDomain = NS_ConvertUTF8toUTF16(baseDomain);
43
return;
44
}
45
46
if (rv == NS_ERROR_HOST_IS_IP_ADDRESS) {
47
// If the host is an IPv4/IPv6 address, we still accept it as a
48
// valid firstPartyDomain.
49
nsAutoCString ipAddr;
50
rv = aURI->GetHost(ipAddr);
51
NS_ENSURE_SUCCESS_VOID(rv);
52
53
if (net_IsValidIPv6Addr(ipAddr)) {
54
// According to RFC2732, the host of an IPv6 address should be an
55
// IPv6reference. The GetHost() of nsIURI will only return the IPv6
56
// address. So, we need to convert it back to IPv6reference here.
57
mFirstPartyDomain.Truncate();
58
mFirstPartyDomain.AssignLiteral("[");
59
mFirstPartyDomain.Append(NS_ConvertUTF8toUTF16(ipAddr));
60
mFirstPartyDomain.AppendLiteral("]");
61
} else {
62
mFirstPartyDomain = NS_ConvertUTF8toUTF16(ipAddr);
63
}
64
65
return;
66
}
67
68
// Saving isInsufficientDomainLevels before rv is overwritten.
69
bool isInsufficientDomainLevels = (rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS);
70
nsAutoCString scheme;
71
if (aURI) {
72
rv = aURI->GetScheme(scheme);
73
NS_ENSURE_SUCCESS_VOID(rv);
74
if (scheme.EqualsLiteral("about")) {
75
mFirstPartyDomain.AssignLiteral(ABOUT_URI_FIRST_PARTY_DOMAIN);
76
return;
77
}
78
}
79
80
// Add-on principals should never get any first-party domain
81
// attributes in order to guarantee their storage integrity when switching
82
// FPI on and off.
83
if (scheme.EqualsLiteral("moz-extension")) {
84
return;
85
}
86
87
nsCOMPtr<nsIPrincipal> blobPrincipal;
88
if (aURI && dom::BlobURLProtocolHandler::GetBlobURLPrincipal(
89
aURI, getter_AddRefs(blobPrincipal))) {
90
MOZ_ASSERT(blobPrincipal);
91
mFirstPartyDomain = blobPrincipal->OriginAttributesRef().mFirstPartyDomain;
92
return;
93
}
94
95
if (isInsufficientDomainLevels) {
96
nsAutoCString publicSuffix;
97
rv = tldService->GetPublicSuffix(aURI, publicSuffix);
98
if (NS_SUCCEEDED(rv)) {
99
mFirstPartyDomain = NS_ConvertUTF8toUTF16(publicSuffix);
100
}
101
return;
102
}
103
}
104
105
void OriginAttributes::SetFirstPartyDomain(const bool aIsTopLevelDocument,
106
const nsACString& aDomain) {
107
SetFirstPartyDomain(aIsTopLevelDocument, NS_ConvertUTF8toUTF16(aDomain));
108
}
109
110
void OriginAttributes::SetFirstPartyDomain(const bool aIsTopLevelDocument,
111
const nsAString& aDomain) {
112
bool isFirstPartyEnabled = IsFirstPartyEnabled();
113
114
// If the pref is off or this is not a top level load, bail out.
115
if (!isFirstPartyEnabled || !aIsTopLevelDocument) {
116
return;
117
}
118
119
mFirstPartyDomain = aDomain;
120
}
121
122
void OriginAttributes::CreateSuffix(nsACString& aStr) const {
123
URLParams params;
124
nsAutoString value;
125
126
//
127
// Important: While serializing any string-valued attributes, perform a
128
// release-mode assertion to make sure that they don't contain characters that
129
// will break the quota manager when it uses the serialization for file
130
// naming.
131
//
132
133
if (mInIsolatedMozBrowser) {
134
params.Set(NS_LITERAL_STRING("inBrowser"), NS_LITERAL_STRING("1"));
135
}
136
137
if (mUserContextId != nsIScriptSecurityManager::DEFAULT_USER_CONTEXT_ID) {
138
value.Truncate();
139
value.AppendInt(mUserContextId);
140
params.Set(NS_LITERAL_STRING("userContextId"), value);
141
}
142
143
if (mPrivateBrowsingId) {
144
value.Truncate();
145
value.AppendInt(mPrivateBrowsingId);
146
params.Set(NS_LITERAL_STRING("privateBrowsingId"), value);
147
}
148
149
if (!mFirstPartyDomain.IsEmpty()) {
150
nsAutoString sanitizedFirstPartyDomain(mFirstPartyDomain);
151
sanitizedFirstPartyDomain.ReplaceChar(kSourceChar, kSanitizedChar);
152
153
params.Set(NS_LITERAL_STRING("firstPartyDomain"),
154
sanitizedFirstPartyDomain);
155
}
156
157
if (!mGeckoViewSessionContextId.IsEmpty()) {
158
nsAutoString sanitizedGeckoViewUserContextId(mGeckoViewSessionContextId);
159
sanitizedGeckoViewUserContextId.ReplaceChar(
160
dom::quota::QuotaManager::kReplaceChars, kSanitizedChar);
161
162
params.Set(NS_LITERAL_STRING("geckoViewUserContextId"),
163
sanitizedGeckoViewUserContextId);
164
}
165
166
aStr.Truncate();
167
168
params.Serialize(value);
169
if (!value.IsEmpty()) {
170
aStr.AppendLiteral("^");
171
aStr.Append(NS_ConvertUTF16toUTF8(value));
172
}
173
174
// In debug builds, check the whole string for illegal characters too (just in
175
// case).
176
#ifdef DEBUG
177
nsAutoCString str;
178
str.Assign(aStr);
179
MOZ_ASSERT(str.FindCharInSet(dom::quota::QuotaManager::kReplaceChars) ==
180
kNotFound);
181
#endif
182
}
183
184
void OriginAttributes::CreateAnonymizedSuffix(nsACString& aStr) const {
185
OriginAttributes attrs = *this;
186
187
if (!attrs.mFirstPartyDomain.IsEmpty()) {
188
attrs.mFirstPartyDomain.AssignLiteral("_anonymizedFirstPartyDomain_");
189
}
190
191
attrs.CreateSuffix(aStr);
192
}
193
194
namespace {
195
196
class MOZ_STACK_CLASS PopulateFromSuffixIterator final
197
: public URLParams::ForEachIterator {
198
public:
199
explicit PopulateFromSuffixIterator(OriginAttributes* aOriginAttributes)
200
: mOriginAttributes(aOriginAttributes) {
201
MOZ_ASSERT(aOriginAttributes);
202
// If a non-default mPrivateBrowsingId is passed and is not present in the
203
// suffix, then it will retain the id when it should be default according
204
// to the suffix. Set to default before iterating to fix this.
205
mOriginAttributes->mPrivateBrowsingId =
206
nsIScriptSecurityManager::DEFAULT_PRIVATE_BROWSING_ID;
207
}
208
209
bool URLParamsIterator(const nsAString& aName,
210
const nsAString& aValue) override {
211
if (aName.EqualsLiteral("inBrowser")) {
212
if (!aValue.EqualsLiteral("1")) {
213
return false;
214
}
215
216
mOriginAttributes->mInIsolatedMozBrowser = true;
217
return true;
218
}
219
220
if (aName.EqualsLiteral("addonId") || aName.EqualsLiteral("appId")) {
221
// No longer supported. Silently ignore so that legacy origin strings
222
// don't cause failures.
223
return true;
224
}
225
226
if (aName.EqualsLiteral("userContextId")) {
227
nsresult rv;
228
int64_t val = aValue.ToInteger64(&rv);
229
NS_ENSURE_SUCCESS(rv, false);
230
NS_ENSURE_TRUE(val <= UINT32_MAX, false);
231
mOriginAttributes->mUserContextId = static_cast<uint32_t>(val);
232
233
return true;
234
}
235
236
if (aName.EqualsLiteral("privateBrowsingId")) {
237
nsresult rv;
238
int64_t val = aValue.ToInteger64(&rv);
239
NS_ENSURE_SUCCESS(rv, false);
240
NS_ENSURE_TRUE(val >= 0 && val <= UINT32_MAX, false);
241
mOriginAttributes->mPrivateBrowsingId = static_cast<uint32_t>(val);
242
243
return true;
244
}
245
246
if (aName.EqualsLiteral("firstPartyDomain")) {
247
MOZ_RELEASE_ASSERT(mOriginAttributes->mFirstPartyDomain.IsEmpty());
248
nsAutoString firstPartyDomain(aValue);
249
firstPartyDomain.ReplaceChar(kSanitizedChar, kSourceChar);
250
mOriginAttributes->mFirstPartyDomain.Assign(firstPartyDomain);
251
return true;
252
}
253
254
if (aName.EqualsLiteral("geckoViewUserContextId")) {
255
MOZ_RELEASE_ASSERT(
256
mOriginAttributes->mGeckoViewSessionContextId.IsEmpty());
257
mOriginAttributes->mGeckoViewSessionContextId.Assign(aValue);
258
return true;
259
}
260
261
// No other attributes are supported.
262
return false;
263
}
264
265
private:
266
OriginAttributes* mOriginAttributes;
267
};
268
269
} // namespace
270
271
bool OriginAttributes::PopulateFromSuffix(const nsACString& aStr) {
272
if (aStr.IsEmpty()) {
273
return true;
274
}
275
276
if (aStr[0] != '^') {
277
return false;
278
}
279
280
PopulateFromSuffixIterator iterator(this);
281
return URLParams::Parse(Substring(aStr, 1, aStr.Length() - 1), iterator);
282
}
283
284
bool OriginAttributes::PopulateFromOrigin(const nsACString& aOrigin,
285
nsACString& aOriginNoSuffix) {
286
// RFindChar is only available on nsCString.
287
nsCString origin(aOrigin);
288
int32_t pos = origin.RFindChar('^');
289
290
if (pos == kNotFound) {
291
aOriginNoSuffix = origin;
292
return true;
293
}
294
295
aOriginNoSuffix = Substring(origin, 0, pos);
296
return PopulateFromSuffix(Substring(origin, pos));
297
}
298
299
void OriginAttributes::SyncAttributesWithPrivateBrowsing(
300
bool aInPrivateBrowsing) {
301
mPrivateBrowsingId = aInPrivateBrowsing ? 1 : 0;
302
}
303
304
/* static */
305
bool OriginAttributes::IsPrivateBrowsing(const nsACString& aOrigin) {
306
nsAutoCString dummy;
307
OriginAttributes attrs;
308
if (NS_WARN_IF(!attrs.PopulateFromOrigin(aOrigin, dummy))) {
309
return false;
310
}
311
312
return !!attrs.mPrivateBrowsingId;
313
}
314
315
} // namespace mozilla