Source code

Revision control

Other Tools

1
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3
/* This Source Code Form is subject to the terms of the Mozilla Public
4
* License, v. 2.0. If a copy of the MPL was not distributed with this
5
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7
#include "ServiceWorkerUtils.h"
8
9
#include "mozilla/Preferences.h"
10
#include "mozilla/dom/ClientInfo.h"
11
#include "mozilla/dom/ServiceWorkerRegistrarTypes.h"
12
#include "nsIURL.h"
13
14
namespace mozilla {
15
namespace dom {
16
17
bool ServiceWorkerParentInterceptEnabled() {
18
static Atomic<bool> sEnabled;
19
static Atomic<bool> sInitialized;
20
if (!sInitialized) {
21
AssertIsOnMainThread();
22
sInitialized = true;
23
sEnabled =
24
Preferences::GetBool("dom.serviceWorkers.parent_intercept", false);
25
}
26
return sEnabled;
27
}
28
29
bool ServiceWorkerRegistrationDataIsValid(
30
const ServiceWorkerRegistrationData& aData) {
31
return !aData.scope().IsEmpty() && !aData.currentWorkerURL().IsEmpty() &&
32
!aData.cacheName().IsEmpty();
33
}
34
35
namespace {
36
37
nsresult CheckForSlashEscapedCharsInPath(nsIURI* aURI) {
38
MOZ_ASSERT(aURI);
39
40
// A URL that can't be downcast to a standard URL is an invalid URL and should
41
// be treated as such and fail with SecurityError.
42
nsCOMPtr<nsIURL> url(do_QueryInterface(aURI));
43
if (NS_WARN_IF(!url)) {
44
return NS_ERROR_DOM_SECURITY_ERR;
45
}
46
47
nsAutoCString path;
48
nsresult rv = url->GetFilePath(path);
49
if (NS_WARN_IF(NS_FAILED(rv))) {
50
return rv;
51
}
52
53
ToLowerCase(path);
54
if (path.Find("%2f") != kNotFound || path.Find("%5c") != kNotFound) {
55
return NS_ERROR_DOM_TYPE_ERR;
56
}
57
58
return NS_OK;
59
}
60
61
} // anonymous namespace
62
63
nsresult ServiceWorkerScopeAndScriptAreValid(const ClientInfo& aClientInfo,
64
nsIURI* aScopeURI,
65
nsIURI* aScriptURI) {
66
MOZ_DIAGNOSTIC_ASSERT(aScopeURI);
67
MOZ_DIAGNOSTIC_ASSERT(aScriptURI);
68
69
nsCOMPtr<nsIPrincipal> principal = aClientInfo.GetPrincipal();
70
NS_ENSURE_TRUE(principal, NS_ERROR_DOM_INVALID_STATE_ERR);
71
72
bool isHttp = aScriptURI->SchemeIs("http");
73
bool isHttps = aScriptURI->SchemeIs("https");
74
NS_ENSURE_TRUE(isHttp || isHttps, NS_ERROR_DOM_SECURITY_ERR);
75
76
nsresult rv = CheckForSlashEscapedCharsInPath(aScopeURI);
77
NS_ENSURE_SUCCESS(rv, rv);
78
79
rv = CheckForSlashEscapedCharsInPath(aScriptURI);
80
NS_ENSURE_SUCCESS(rv, rv);
81
82
nsAutoCString ref;
83
Unused << aScopeURI->GetRef(ref);
84
NS_ENSURE_TRUE(ref.IsEmpty(), NS_ERROR_DOM_SECURITY_ERR);
85
86
Unused << aScriptURI->GetRef(ref);
87
NS_ENSURE_TRUE(ref.IsEmpty(), NS_ERROR_DOM_SECURITY_ERR);
88
89
rv = principal->CheckMayLoad(aScopeURI, true /* report */,
90
false /* allowIfInheritsPrincipal */);
91
NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SECURITY_ERR);
92
93
rv = principal->CheckMayLoad(aScriptURI, true /* report */,
94
false /* allowIfInheritsPrincipal */);
95
NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SECURITY_ERR);
96
97
return NS_OK;
98
}
99
100
} // namespace dom
101
} // namespace mozilla