Source code

Revision control

Other Tools

1
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3
/* This Source Code Form is subject to the terms of the Mozilla Public
4
* License, v. 2.0. If a copy of the MPL was not distributed with this
5
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7
#include "mozilla/LoadInfo.h"
8
9
#include "mozilla/Assertions.h"
10
#include "mozilla/ExpandedPrincipal.h"
11
#include "mozilla/dom/ClientIPCTypes.h"
12
#include "mozilla/dom/ClientSource.h"
13
#include "mozilla/dom/Performance.h"
14
#include "mozilla/dom/PerformanceStorage.h"
15
#include "mozilla/dom/BrowserChild.h"
16
#include "mozilla/dom/ToJSValue.h"
17
#include "mozilla/dom/BrowsingContext.h"
18
#include "mozilla/net/CookieSettings.h"
19
#include "mozilla/NullPrincipal.h"
20
#include "mozilla/StaticPrefs_network.h"
21
#include "mozIThirdPartyUtil.h"
22
#include "nsFrameLoader.h"
23
#include "nsFrameLoaderOwner.h"
24
#include "nsIContentSecurityPolicy.h"
25
#include "nsIDocShell.h"
26
#include "mozilla/dom/Document.h"
27
#include "nsCookiePermission.h"
28
#include "nsICookieService.h"
29
#include "nsIInterfaceRequestorUtils.h"
30
#include "nsISupportsImpl.h"
31
#include "nsISupportsUtils.h"
32
#include "nsIXPConnect.h"
33
#include "nsDocShell.h"
34
#include "nsGlobalWindow.h"
35
#include "nsMixedContentBlocker.h"
36
#include "nsQueryObject.h"
37
#include "nsRedirectHistoryEntry.h"
38
#include "nsSandboxFlags.h"
39
40
using namespace mozilla::dom;
41
42
namespace mozilla {
43
namespace net {
44
45
static uint64_t FindTopOuterWindowID(nsPIDOMWindowOuter* aOuter) {
46
nsCOMPtr<nsPIDOMWindowOuter> outer = aOuter;
47
while (nsCOMPtr<nsPIDOMWindowOuter> parent =
48
outer->GetInProcessScriptableParentOrNull()) {
49
outer = parent;
50
}
51
return outer->WindowID();
52
}
53
54
LoadInfo::LoadInfo(
55
nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
56
nsINode* aLoadingContext, nsSecurityFlags aSecurityFlags,
57
nsContentPolicyType aContentPolicyType,
58
const Maybe<mozilla::dom::ClientInfo>& aLoadingClientInfo,
59
const Maybe<mozilla::dom::ServiceWorkerDescriptor>& aController)
60
: mLoadingPrincipal(aLoadingContext ? aLoadingContext->NodePrincipal()
61
: aLoadingPrincipal),
62
mTriggeringPrincipal(aTriggeringPrincipal ? aTriggeringPrincipal
63
: mLoadingPrincipal.get()),
64
mPrincipalToInherit(nullptr),
65
mClientInfo(aLoadingClientInfo),
66
mController(aController),
67
mLoadingContext(do_GetWeakReference(aLoadingContext)),
68
mContextForTopLevelLoad(nullptr),
69
mSecurityFlags(aSecurityFlags),
70
mInternalContentPolicyType(aContentPolicyType),
71
mTainting(LoadTainting::Basic),
72
mBlockAllMixedContent(false),
73
mUpgradeInsecureRequests(false),
74
mBrowserUpgradeInsecureRequests(false),
75
mBrowserWouldUpgradeInsecureRequests(false),
76
mForceAllowDataURI(false),
77
mAllowInsecureRedirectToDataURI(false),
78
mBypassCORSChecks(false),
79
mSkipContentPolicyCheckForWebRequest(false),
80
mOriginalFrameSrcLoad(false),
81
mForceInheritPrincipalDropped(false),
82
mInnerWindowID(0),
83
mOuterWindowID(0),
84
mParentOuterWindowID(0),
85
mTopOuterWindowID(0),
86
mFrameOuterWindowID(0),
87
mBrowsingContextID(0),
88
mFrameBrowsingContextID(0),
89
mInitialSecurityCheckDone(false),
90
mIsThirdPartyContext(false),
91
mIsDocshellReload(false),
92
mIsFormSubmission(false),
93
mSendCSPViolationEvents(true),
94
mRequestBlockingReason(BLOCKING_REASON_NONE),
95
mForcePreflight(false),
96
mIsPreflight(false),
97
mLoadTriggeredFromExternal(false),
98
mServiceWorkerTaintingSynthesized(false),
99
mDocumentHasUserInteracted(false),
100
mDocumentHasLoaded(false),
101
mSkipContentSniffing(false),
102
mIsFromProcessingFrameAttributes(false) {
103
MOZ_ASSERT(mLoadingPrincipal);
104
MOZ_ASSERT(mTriggeringPrincipal);
105
106
#ifdef DEBUG
107
// TYPE_DOCUMENT loads initiated by javascript tests will go through
108
// nsIOService and use the wrong constructor. Don't enforce the
109
// !TYPE_DOCUMENT check in those cases
110
bool skipContentTypeCheck = false;
111
skipContentTypeCheck =
112
Preferences::GetBool("network.loadinfo.skip_type_assertion");
113
#endif
114
115
// This constructor shouldn't be used for TYPE_DOCUMENT loads that don't
116
// have a loadingPrincipal
117
MOZ_ASSERT(skipContentTypeCheck || mLoadingPrincipal ||
118
mInternalContentPolicyType != nsIContentPolicy::TYPE_DOCUMENT);
119
120
// We should only get an explicit controller for subresource requests.
121
MOZ_DIAGNOSTIC_ASSERT(aController.isNothing() ||
122
!nsContentUtils::IsNonSubresourceInternalPolicyType(
123
mInternalContentPolicyType));
124
125
// TODO(bug 1259873): Above, we initialize mIsThirdPartyContext to false
126
// meaning that consumers of LoadInfo that don't pass a context or pass a
127
// context from which we can't find a window will default to assuming that
128
// they're 1st party. It would be nice if we could default "safe" and assume
129
// that we are 3rd party until proven otherwise.
130
131
// if consumers pass both, aLoadingContext and aLoadingPrincipal
132
// then the loadingPrincipal must be the same as the node's principal
133
MOZ_ASSERT(!aLoadingContext || !aLoadingPrincipal ||
134
aLoadingContext->NodePrincipal() == aLoadingPrincipal);
135
136
// if the load is sandboxed, we can not also inherit the principal
137
if (mSecurityFlags & nsILoadInfo::SEC_SANDBOXED) {
138
mForceInheritPrincipalDropped =
139
(mSecurityFlags & nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL);
140
mSecurityFlags &= ~nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
141
}
142
143
uint32_t externalType =
144
nsContentUtils::InternalContentPolicyTypeToExternal(aContentPolicyType);
145
146
if (aLoadingContext) {
147
// Ensure that all network requests for a window client have the ClientInfo
148
// properly set. Workers must currently pass the loading ClientInfo
149
// explicitly. We allow main thread requests to explicitly pass the value as
150
// well.
151
if (mClientInfo.isNothing()) {
152
mClientInfo = aLoadingContext->OwnerDoc()->GetClientInfo();
153
}
154
155
// For subresource loads set the service worker based on the calling
156
// context's controller. Workers must currently pass the controller in
157
// explicitly. We allow main thread requests to explicitly pass the value
158
// as well, but otherwise extract from the loading context here.
159
if (mController.isNothing() &&
160
!nsContentUtils::IsNonSubresourceInternalPolicyType(
161
mInternalContentPolicyType)) {
162
mController = aLoadingContext->OwnerDoc()->GetController();
163
}
164
165
nsCOMPtr<nsPIDOMWindowOuter> contextOuter =
166
aLoadingContext->OwnerDoc()->GetWindow();
167
if (contextOuter) {
168
ComputeIsThirdPartyContext(contextOuter);
169
mOuterWindowID = contextOuter->WindowID();
170
nsCOMPtr<nsPIDOMWindowOuter> parent =
171
contextOuter->GetInProcessScriptableParent();
172
mParentOuterWindowID = parent ? parent->WindowID() : mOuterWindowID;
173
mTopOuterWindowID = FindTopOuterWindowID(contextOuter);
174
RefPtr<dom::BrowsingContext> bc = contextOuter->GetBrowsingContext();
175
mBrowsingContextID = bc ? bc->Id() : 0;
176
177
nsGlobalWindowInner* innerWindow =
178
nsGlobalWindowInner::Cast(contextOuter->GetCurrentInnerWindow());
179
if (innerWindow) {
180
mTopLevelPrincipal = innerWindow->GetTopLevelAntiTrackingPrincipal();
181
182
// The top-level-storage-area-principal is not null only for the first
183
// level of iframes (null for top-level contexts, and null for
184
// sub-iframes). If we are loading a sub-document resource, we must
185
// calculate what the top-level-storage-area-principal will be for the
186
// new context.
187
if (externalType != nsIContentPolicy::TYPE_SUBDOCUMENT) {
188
mTopLevelStorageAreaPrincipal =
189
innerWindow->GetTopLevelStorageAreaPrincipal();
190
} else if (contextOuter->IsTopLevelWindow()) {
191
Document* doc = innerWindow->GetExtantDoc();
192
if (!doc || (!doc->StorageAccessSandboxed())) {
193
mTopLevelStorageAreaPrincipal = innerWindow->GetPrincipal();
194
}
195
196
// If this is the first level iframe, innerWindow is our top-level
197
// principal.
198
if (!mTopLevelPrincipal) {
199
mTopLevelPrincipal = innerWindow->GetPrincipal();
200
}
201
}
202
203
mDocumentHasLoaded = innerWindow->IsDocumentLoaded();
204
205
if (innerWindow->IsFrame()) {
206
// For resources within iframes, we actually want the
207
// top-level document's flag, not the iframe document's.
208
mDocumentHasLoaded = false;
209
nsGlobalWindowOuter* topOuter =
210
innerWindow->GetInProcessScriptableTopInternal();
211
if (topOuter) {
212
nsGlobalWindowInner* topInner =
213
nsGlobalWindowInner::Cast(topOuter->GetCurrentInnerWindow());
214
if (topInner) {
215
mDocumentHasLoaded = topInner->IsDocumentLoaded();
216
}
217
}
218
}
219
}
220
221
// Let's inherit the cookie behavior and permission from the parent
222
// document.
223
mCookieSettings = aLoadingContext->OwnerDoc()->CookieSettings();
224
}
225
226
mInnerWindowID = aLoadingContext->OwnerDoc()->InnerWindowID();
227
mAncestorPrincipals = aLoadingContext->OwnerDoc()->AncestorPrincipals();
228
mAncestorOuterWindowIDs =
229
aLoadingContext->OwnerDoc()->AncestorOuterWindowIDs();
230
MOZ_DIAGNOSTIC_ASSERT(mAncestorPrincipals.Length() ==
231
mAncestorOuterWindowIDs.Length());
232
mDocumentHasUserInteracted =
233
aLoadingContext->OwnerDoc()->UserHasInteracted();
234
235
// When the element being loaded is a frame, we choose the frame's window
236
// for the window ID and the frame element's window as the parent
237
// window. This is the behavior that Chrome exposes to add-ons.
238
// NB: If the frameLoaderOwner doesn't have a frame loader, then the load
239
// must be coming from an object (such as a plugin) that's loaded into it
240
// instead of a document being loaded. In that case, treat this object like
241
// any other non-document-loading element.
242
RefPtr<nsFrameLoaderOwner> frameLoaderOwner =
243
do_QueryObject(aLoadingContext);
244
RefPtr<nsFrameLoader> fl =
245
frameLoaderOwner ? frameLoaderOwner->GetFrameLoader() : nullptr;
246
if (fl) {
247
nsCOMPtr<nsIDocShell> docShell = fl->GetDocShell(IgnoreErrors());
248
if (docShell) {
249
nsCOMPtr<nsPIDOMWindowOuter> outerWindow = do_GetInterface(docShell);
250
if (outerWindow) {
251
mFrameOuterWindowID = outerWindow->WindowID();
252
253
RefPtr<dom::BrowsingContext> bc = outerWindow->GetBrowsingContext();
254
mFrameBrowsingContextID = bc ? bc->Id() : 0;
255
}
256
}
257
}
258
259
// if the document forces all mixed content to be blocked, then we
260
// store that bit for all requests on the loadinfo.
261
mBlockAllMixedContent =
262
aLoadingContext->OwnerDoc()->GetBlockAllMixedContent(false) ||
263
(nsContentUtils::IsPreloadType(mInternalContentPolicyType) &&
264
aLoadingContext->OwnerDoc()->GetBlockAllMixedContent(true));
265
266
// if the document forces all requests to be upgraded from http to https,
267
// then we should do that for all requests. If it only forces preloads to be
268
// upgraded then we should enforce upgrade insecure requests only for
269
// preloads.
270
mUpgradeInsecureRequests =
271
aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(false) ||
272
(nsContentUtils::IsPreloadType(mInternalContentPolicyType) &&
273
aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(true));
274
275
if (nsContentUtils::IsUpgradableDisplayType(externalType)) {
276
if (mLoadingPrincipal->SchemeIs("https")) {
277
if (nsMixedContentBlocker::ShouldUpgradeMixedDisplayContent()) {
278
mBrowserUpgradeInsecureRequests = true;
279
} else {
280
mBrowserWouldUpgradeInsecureRequests = true;
281
}
282
}
283
}
284
}
285
286
mOriginAttributes = mLoadingPrincipal->OriginAttributesRef();
287
288
// We need to do this after inheriting the document's origin attributes
289
// above, in case the loading principal ends up being the system principal.
290
if (aLoadingContext) {
291
nsCOMPtr<nsILoadContext> loadContext =
292
aLoadingContext->OwnerDoc()->GetLoadContext();
293
nsCOMPtr<nsIDocShell> docShell = aLoadingContext->OwnerDoc()->GetDocShell();
294
if (loadContext && docShell &&
295
docShell->ItemType() == nsIDocShellTreeItem::typeContent) {
296
bool usePrivateBrowsing;
297
nsresult rv = loadContext->GetUsePrivateBrowsing(&usePrivateBrowsing);
298
if (NS_SUCCEEDED(rv)) {
299
mOriginAttributes.SyncAttributesWithPrivateBrowsing(usePrivateBrowsing);
300
}
301
}
302
}
303
304
// For chrome docshell, the mPrivateBrowsingId remains 0 even its
305
// UsePrivateBrowsing() is true, so we only update the mPrivateBrowsingId in
306
// origin attributes if the type of the docshell is content.
307
if (aLoadingContext) {
308
nsCOMPtr<nsIDocShell> docShell = aLoadingContext->OwnerDoc()->GetDocShell();
309
if (docShell) {
310
if (docShell->ItemType() == nsIDocShellTreeItem::typeChrome) {
311
MOZ_ASSERT(mOriginAttributes.mPrivateBrowsingId == 0,
312
"chrome docshell shouldn't have mPrivateBrowsingId set.");
313
}
314
}
315
}
316
}
317
318
/* Constructor takes an outer window, but no loadingNode or loadingPrincipal.
319
* This constructor should only be used for TYPE_DOCUMENT loads, since they
320
* have a null loadingNode and loadingPrincipal.
321
*/
322
LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow,
323
nsIPrincipal* aTriggeringPrincipal,
324
nsISupports* aContextForTopLevelLoad,
325
nsSecurityFlags aSecurityFlags)
326
: mLoadingPrincipal(nullptr),
327
mTriggeringPrincipal(aTriggeringPrincipal),
328
mPrincipalToInherit(nullptr),
329
mContextForTopLevelLoad(do_GetWeakReference(aContextForTopLevelLoad)),
330
mSecurityFlags(aSecurityFlags),
331
mInternalContentPolicyType(nsIContentPolicy::TYPE_DOCUMENT),
332
mTainting(LoadTainting::Basic),
333
mBlockAllMixedContent(false),
334
mUpgradeInsecureRequests(false),
335
mBrowserUpgradeInsecureRequests(false),
336
mBrowserWouldUpgradeInsecureRequests(false),
337
mForceAllowDataURI(false),
338
mAllowInsecureRedirectToDataURI(false),
339
mBypassCORSChecks(false),
340
mSkipContentPolicyCheckForWebRequest(false),
341
mOriginalFrameSrcLoad(false),
342
mForceInheritPrincipalDropped(false),
343
mInnerWindowID(0),
344
mOuterWindowID(0),
345
mParentOuterWindowID(0),
346
mTopOuterWindowID(0),
347
mFrameOuterWindowID(0),
348
mBrowsingContextID(0),
349
mFrameBrowsingContextID(0),
350
mInitialSecurityCheckDone(false),
351
mIsThirdPartyContext(false), // NB: TYPE_DOCUMENT implies !third-party.
352
mIsDocshellReload(false),
353
mIsFormSubmission(false),
354
mSendCSPViolationEvents(true),
355
mRequestBlockingReason(BLOCKING_REASON_NONE),
356
mForcePreflight(false),
357
mIsPreflight(false),
358
mLoadTriggeredFromExternal(false),
359
mServiceWorkerTaintingSynthesized(false),
360
mDocumentHasUserInteracted(false),
361
mDocumentHasLoaded(false),
362
mSkipContentSniffing(false),
363
mIsFromProcessingFrameAttributes(false) {
364
// Top-level loads are never third-party
365
// Grab the information we can out of the window.
366
MOZ_ASSERT(aOuterWindow);
367
MOZ_ASSERT(mTriggeringPrincipal);
368
369
// if the load is sandboxed, we can not also inherit the principal
370
if (mSecurityFlags & nsILoadInfo::SEC_SANDBOXED) {
371
mForceInheritPrincipalDropped =
372
(mSecurityFlags & nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL);
373
mSecurityFlags &= ~nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
374
}
375
376
// NB: Ignore the current inner window since we're navigating away from it.
377
mOuterWindowID = aOuterWindow->WindowID();
378
RefPtr<BrowsingContext> bc = aOuterWindow->GetBrowsingContext();
379
mBrowsingContextID = bc ? bc->Id() : 0;
380
381
// TODO We can have a parent without a frame element in some cases dealing
382
// with the hidden window.
383
nsCOMPtr<nsPIDOMWindowOuter> parent =
384
aOuterWindow->GetInProcessScriptableParent();
385
mParentOuterWindowID = parent ? parent->WindowID() : 0;
386
mTopOuterWindowID = FindTopOuterWindowID(aOuterWindow);
387
388
nsGlobalWindowInner* innerWindow =
389
nsGlobalWindowInner::Cast(aOuterWindow->GetCurrentInnerWindow());
390
if (innerWindow) {
391
mTopLevelPrincipal = innerWindow->GetTopLevelAntiTrackingPrincipal();
392
// mTopLevelStorageAreaPrincipal is always null for top-level document
393
// loading.
394
}
395
396
// get the docshell from the outerwindow, and then get the originattributes
397
nsCOMPtr<nsIDocShell> docShell = aOuterWindow->GetDocShell();
398
MOZ_ASSERT(docShell);
399
mOriginAttributes = nsDocShell::Cast(docShell)->GetOriginAttributes();
400
mAncestorPrincipals = nsDocShell::Cast(docShell)->AncestorPrincipals();
401
mAncestorOuterWindowIDs =
402
nsDocShell::Cast(docShell)->AncestorOuterWindowIDs();
403
MOZ_DIAGNOSTIC_ASSERT(mAncestorPrincipals.Length() ==
404
mAncestorOuterWindowIDs.Length());
405
406
#ifdef DEBUG
407
if (docShell->ItemType() == nsIDocShellTreeItem::typeChrome) {
408
MOZ_ASSERT(mOriginAttributes.mPrivateBrowsingId == 0,
409
"chrome docshell shouldn't have mPrivateBrowsingId set.");
410
}
411
#endif
412
413
// Let's take the current cookie behavior and current cookie permission
414
// for the documents' loadInfo. Note that for any other loadInfos,
415
// cookieBehavior will be BEHAVIOR_REJECT for security reasons.
416
mCookieSettings = CookieSettings::Create();
417
}
418
419
LoadInfo::LoadInfo(const LoadInfo& rhs)
420
: mLoadingPrincipal(rhs.mLoadingPrincipal),
421
mTriggeringPrincipal(rhs.mTriggeringPrincipal),
422
mPrincipalToInherit(rhs.mPrincipalToInherit),
423
mSandboxedLoadingPrincipal(rhs.mSandboxedLoadingPrincipal),
424
mTopLevelPrincipal(rhs.mTopLevelPrincipal),
425
mTopLevelStorageAreaPrincipal(rhs.mTopLevelStorageAreaPrincipal),
426
mResultPrincipalURI(rhs.mResultPrincipalURI),
427
mCookieSettings(rhs.mCookieSettings),
428
mCspToInherit(rhs.mCspToInherit),
429
mClientInfo(rhs.mClientInfo),
430
// mReservedClientSource must be handled specially during redirect
431
// mReservedClientInfo must be handled specially during redirect
432
// mInitialClientInfo must be handled specially during redirect
433
mController(rhs.mController),
434
mPerformanceStorage(rhs.mPerformanceStorage),
435
mLoadingContext(rhs.mLoadingContext),
436
mContextForTopLevelLoad(rhs.mContextForTopLevelLoad),
437
mSecurityFlags(rhs.mSecurityFlags),
438
mInternalContentPolicyType(rhs.mInternalContentPolicyType),
439
mTainting(rhs.mTainting),
440
mBlockAllMixedContent(rhs.mBlockAllMixedContent),
441
mUpgradeInsecureRequests(rhs.mUpgradeInsecureRequests),
442
mBrowserUpgradeInsecureRequests(rhs.mBrowserUpgradeInsecureRequests),
443
mBrowserWouldUpgradeInsecureRequests(
444
rhs.mBrowserWouldUpgradeInsecureRequests),
445
mForceAllowDataURI(rhs.mForceAllowDataURI),
446
mAllowInsecureRedirectToDataURI(rhs.mAllowInsecureRedirectToDataURI),
447
mBypassCORSChecks(rhs.mBypassCORSChecks),
448
mSkipContentPolicyCheckForWebRequest(
449
rhs.mSkipContentPolicyCheckForWebRequest),
450
mOriginalFrameSrcLoad(rhs.mOriginalFrameSrcLoad),
451
mForceInheritPrincipalDropped(rhs.mForceInheritPrincipalDropped),
452
mInnerWindowID(rhs.mInnerWindowID),
453
mOuterWindowID(rhs.mOuterWindowID),
454
mParentOuterWindowID(rhs.mParentOuterWindowID),
455
mTopOuterWindowID(rhs.mTopOuterWindowID),
456
mFrameOuterWindowID(rhs.mFrameOuterWindowID),
457
mBrowsingContextID(rhs.mBrowsingContextID),
458
mFrameBrowsingContextID(rhs.mFrameBrowsingContextID),
459
mInitialSecurityCheckDone(rhs.mInitialSecurityCheckDone),
460
mIsThirdPartyContext(rhs.mIsThirdPartyContext),
461
mIsDocshellReload(rhs.mIsDocshellReload),
462
mIsFormSubmission(rhs.mIsFormSubmission),
463
mSendCSPViolationEvents(rhs.mSendCSPViolationEvents),
464
mOriginAttributes(rhs.mOriginAttributes),
465
mRedirectChainIncludingInternalRedirects(
466
rhs.mRedirectChainIncludingInternalRedirects),
467
mRedirectChain(rhs.mRedirectChain),
468
mAncestorPrincipals(rhs.mAncestorPrincipals),
469
mAncestorOuterWindowIDs(rhs.mAncestorOuterWindowIDs),
470
mCorsUnsafeHeaders(rhs.mCorsUnsafeHeaders),
471
mRequestBlockingReason(rhs.mRequestBlockingReason),
472
mForcePreflight(rhs.mForcePreflight),
473
mIsPreflight(rhs.mIsPreflight),
474
mLoadTriggeredFromExternal(rhs.mLoadTriggeredFromExternal),
475
// mServiceWorkerTaintingSynthesized must be handled specially during
476
// redirect
477
mServiceWorkerTaintingSynthesized(false),
478
mDocumentHasUserInteracted(rhs.mDocumentHasUserInteracted),
479
mDocumentHasLoaded(rhs.mDocumentHasLoaded),
480
mCspNonce(rhs.mCspNonce),
481
mSkipContentSniffing(rhs.mSkipContentSniffing),
482
mIsFromProcessingFrameAttributes(rhs.mIsFromProcessingFrameAttributes) {}
483
484
LoadInfo::LoadInfo(
485
nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
486
nsIPrincipal* aPrincipalToInherit, nsIPrincipal* aSandboxedLoadingPrincipal,
487
nsIPrincipal* aTopLevelPrincipal,
488
nsIPrincipal* aTopLevelStorageAreaPrincipal, nsIURI* aResultPrincipalURI,
489
nsICookieSettings* aCookieSettings, nsIContentSecurityPolicy* aCspToInherit,
490
const Maybe<ClientInfo>& aClientInfo,
491
const Maybe<ClientInfo>& aReservedClientInfo,
492
const Maybe<ClientInfo>& aInitialClientInfo,
493
const Maybe<ServiceWorkerDescriptor>& aController,
494
nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
495
LoadTainting aTainting, bool aBlockAllMixedContent,
496
bool aUpgradeInsecureRequests, bool aBrowserUpgradeInsecureRequests,
497
bool aBrowserWouldUpgradeInsecureRequests, bool aForceAllowDataURI,
498
bool aAllowInsecureRedirectToDataURI, bool aBypassCORSChecks,
499
bool aSkipContentPolicyCheckForWebRequest,
500
bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID,
501
uint64_t aOuterWindowID, uint64_t aParentOuterWindowID,
502
uint64_t aTopOuterWindowID, uint64_t aFrameOuterWindowID,
503
uint64_t aBrowsingContextID, uint64_t aFrameBrowsingContextID,
504
bool aInitialSecurityCheckDone, bool aIsThirdPartyContext,
505
bool aIsDocshellReload, bool aIsFormSubmission,
506
bool aSendCSPViolationEvents, const OriginAttributes& aOriginAttributes,
507
RedirectHistoryArray& aRedirectChainIncludingInternalRedirects,
508
RedirectHistoryArray& aRedirectChain,
509
nsTArray<nsCOMPtr<nsIPrincipal>>&& aAncestorPrincipals,
510
const nsTArray<uint64_t>& aAncestorOuterWindowIDs,
511
const nsTArray<nsCString>& aCorsUnsafeHeaders, bool aForcePreflight,
512
bool aIsPreflight, bool aLoadTriggeredFromExternal,
513
bool aServiceWorkerTaintingSynthesized, bool aDocumentHasUserInteracted,
514
bool aDocumentHasLoaded, const nsAString& aCspNonce,
515
bool aSkipContentSniffing, uint32_t aRequestBlockingReason,
516
nsINode* aLoadingContext)
517
: mLoadingPrincipal(aLoadingPrincipal),
518
mTriggeringPrincipal(aTriggeringPrincipal),
519
mPrincipalToInherit(aPrincipalToInherit),
520
mTopLevelPrincipal(aTopLevelPrincipal),
521
mTopLevelStorageAreaPrincipal(aTopLevelStorageAreaPrincipal),
522
mResultPrincipalURI(aResultPrincipalURI),
523
mCookieSettings(aCookieSettings),
524
mCspToInherit(aCspToInherit),
525
mClientInfo(aClientInfo),
526
mReservedClientInfo(aReservedClientInfo),
527
mInitialClientInfo(aInitialClientInfo),
528
mController(aController),
529
mLoadingContext(do_GetWeakReference(aLoadingContext)),
530
mSecurityFlags(aSecurityFlags),
531
mInternalContentPolicyType(aContentPolicyType),
532
mTainting(aTainting),
533
mBlockAllMixedContent(aBlockAllMixedContent),
534
mUpgradeInsecureRequests(aUpgradeInsecureRequests),
535
mBrowserUpgradeInsecureRequests(aBrowserUpgradeInsecureRequests),
536
mBrowserWouldUpgradeInsecureRequests(
537
aBrowserWouldUpgradeInsecureRequests),
538
mForceAllowDataURI(aForceAllowDataURI),
539
mAllowInsecureRedirectToDataURI(aAllowInsecureRedirectToDataURI),
540
mBypassCORSChecks(aBypassCORSChecks),
541
mSkipContentPolicyCheckForWebRequest(
542
aSkipContentPolicyCheckForWebRequest),
543
mOriginalFrameSrcLoad(false),
544
mForceInheritPrincipalDropped(aForceInheritPrincipalDropped),
545
mInnerWindowID(aInnerWindowID),
546
mOuterWindowID(aOuterWindowID),
547
mParentOuterWindowID(aParentOuterWindowID),
548
mTopOuterWindowID(aTopOuterWindowID),
549
mFrameOuterWindowID(aFrameOuterWindowID),
550
mBrowsingContextID(aBrowsingContextID),
551
mFrameBrowsingContextID(aFrameBrowsingContextID),
552
mInitialSecurityCheckDone(aInitialSecurityCheckDone),
553
mIsThirdPartyContext(aIsThirdPartyContext),
554
mIsDocshellReload(aIsDocshellReload),
555
mIsFormSubmission(aIsFormSubmission),
556
mSendCSPViolationEvents(aSendCSPViolationEvents),
557
mOriginAttributes(aOriginAttributes),
558
mAncestorPrincipals(std::move(aAncestorPrincipals)),
559
mAncestorOuterWindowIDs(aAncestorOuterWindowIDs),
560
mCorsUnsafeHeaders(aCorsUnsafeHeaders),
561
mRequestBlockingReason(aRequestBlockingReason),
562
mForcePreflight(aForcePreflight),
563
mIsPreflight(aIsPreflight),
564
mLoadTriggeredFromExternal(aLoadTriggeredFromExternal),
565
mServiceWorkerTaintingSynthesized(aServiceWorkerTaintingSynthesized),
566
mDocumentHasUserInteracted(aDocumentHasUserInteracted),
567
mDocumentHasLoaded(aDocumentHasLoaded),
568
mCspNonce(aCspNonce),
569
mSkipContentSniffing(aSkipContentSniffing),
570
mIsFromProcessingFrameAttributes(false) {
571
// Only top level TYPE_DOCUMENT loads can have a null loadingPrincipal
572
MOZ_ASSERT(mLoadingPrincipal ||
573
aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT);
574
MOZ_ASSERT(mTriggeringPrincipal);
575
576
mRedirectChainIncludingInternalRedirects.SwapElements(
577
aRedirectChainIncludingInternalRedirects);
578
579
mRedirectChain.SwapElements(aRedirectChain);
580
}
581
582
void LoadInfo::ComputeIsThirdPartyContext(nsPIDOMWindowOuter* aOuterWindow) {
583
nsContentPolicyType type =
584
nsContentUtils::InternalContentPolicyTypeToExternal(
585
mInternalContentPolicyType);
586
if (type == nsIContentPolicy::TYPE_DOCUMENT) {
587
// Top-level loads are never third-party.
588
mIsThirdPartyContext = false;
589
return;
590
}
591
592
nsCOMPtr<mozIThirdPartyUtil> util(do_GetService(THIRDPARTYUTIL_CONTRACTID));
593
if (NS_WARN_IF(!util)) {
594
return;
595
}
596
597
util->IsThirdPartyWindow(aOuterWindow, nullptr, &mIsThirdPartyContext);
598
}
599
600
NS_IMPL_ISUPPORTS(LoadInfo, nsILoadInfo)
601
602
already_AddRefed<nsILoadInfo> LoadInfo::Clone() const {
603
RefPtr<LoadInfo> copy(new LoadInfo(*this));
604
return copy.forget();
605
}
606
607
already_AddRefed<nsILoadInfo> LoadInfo::CloneWithNewSecFlags(
608
nsSecurityFlags aSecurityFlags) const {
609
RefPtr<LoadInfo> copy(new LoadInfo(*this));
610
copy->mSecurityFlags = aSecurityFlags;
611
return copy.forget();
612
}
613
614
already_AddRefed<nsILoadInfo> LoadInfo::CloneForNewRequest() const {
615
RefPtr<LoadInfo> copy(new LoadInfo(*this));
616
copy->mInitialSecurityCheckDone = false;
617
copy->mRedirectChainIncludingInternalRedirects.Clear();
618
copy->mRedirectChain.Clear();
619
copy->mResultPrincipalURI = nullptr;
620
return copy.forget();
621
}
622
623
NS_IMETHODIMP
624
LoadInfo::GetLoadingPrincipal(nsIPrincipal** aLoadingPrincipal) {
625
NS_IF_ADDREF(*aLoadingPrincipal = mLoadingPrincipal);
626
return NS_OK;
627
}
628
629
nsIPrincipal* LoadInfo::LoadingPrincipal() { return mLoadingPrincipal; }
630
631
NS_IMETHODIMP
632
LoadInfo::GetTriggeringPrincipal(nsIPrincipal** aTriggeringPrincipal) {
633
NS_ADDREF(*aTriggeringPrincipal = mTriggeringPrincipal);
634
return NS_OK;
635
}
636
637
nsIPrincipal* LoadInfo::TriggeringPrincipal() { return mTriggeringPrincipal; }
638
639
NS_IMETHODIMP
640
LoadInfo::GetPrincipalToInherit(nsIPrincipal** aPrincipalToInherit) {
641
NS_IF_ADDREF(*aPrincipalToInherit = mPrincipalToInherit);
642
return NS_OK;
643
}
644
645
NS_IMETHODIMP
646
LoadInfo::SetPrincipalToInherit(nsIPrincipal* aPrincipalToInherit) {
647
MOZ_ASSERT(aPrincipalToInherit, "must be a valid principal to inherit");
648
mPrincipalToInherit = aPrincipalToInherit;
649
return NS_OK;
650
}
651
652
nsIPrincipal* LoadInfo::PrincipalToInherit() { return mPrincipalToInherit; }
653
654
nsIPrincipal* LoadInfo::FindPrincipalToInherit(nsIChannel* aChannel) {
655
if (mPrincipalToInherit) {
656
return mPrincipalToInherit;
657
}
658
659
nsCOMPtr<nsIURI> uri = mResultPrincipalURI;
660
if (!uri) {
661
Unused << aChannel->GetOriginalURI(getter_AddRefs(uri));
662
}
663
664
auto prin = BasePrincipal::Cast(mTriggeringPrincipal);
665
return prin->PrincipalToInherit(uri);
666
}
667
668
nsIPrincipal* LoadInfo::GetSandboxedLoadingPrincipal() {
669
if (!(mSecurityFlags & nsILoadInfo::SEC_SANDBOXED)) {
670
return nullptr;
671
}
672
673
if (!mSandboxedLoadingPrincipal) {
674
if (mLoadingPrincipal) {
675
mSandboxedLoadingPrincipal =
676
NullPrincipal::CreateWithInheritedAttributes(mLoadingPrincipal);
677
} else {
678
OriginAttributes attrs(mOriginAttributes);
679
mSandboxedLoadingPrincipal = NullPrincipal::Create(attrs);
680
}
681
}
682
MOZ_ASSERT(mSandboxedLoadingPrincipal);
683
684
return mSandboxedLoadingPrincipal;
685
}
686
687
nsIPrincipal* LoadInfo::GetTopLevelPrincipal() { return mTopLevelPrincipal; }
688
689
nsIPrincipal* LoadInfo::GetTopLevelStorageAreaPrincipal() {
690
return mTopLevelStorageAreaPrincipal;
691
}
692
693
NS_IMETHODIMP
694
LoadInfo::GetLoadingDocument(Document** aResult) {
695
if (nsCOMPtr<nsINode> node = do_QueryReferent(mLoadingContext)) {
696
RefPtr<Document> context = node->OwnerDoc();
697
context.forget(aResult);
698
}
699
return NS_OK;
700
}
701
702
nsINode* LoadInfo::LoadingNode() {
703
nsCOMPtr<nsINode> node = do_QueryReferent(mLoadingContext);
704
return node;
705
}
706
707
already_AddRefed<nsISupports> LoadInfo::ContextForTopLevelLoad() {
708
// Most likely you want to query LoadingNode() instead of
709
// ContextForTopLevelLoad() if this assertion fires.
710
MOZ_ASSERT(mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT,
711
"should only query this context for top level document loads");
712
nsCOMPtr<nsISupports> context = do_QueryReferent(mContextForTopLevelLoad);
713
return context.forget();
714
}
715
716
already_AddRefed<nsISupports> LoadInfo::GetLoadingContext() {
717
nsCOMPtr<nsISupports> context;
718
if (mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT) {
719
context = ContextForTopLevelLoad();
720
} else {
721
context = LoadingNode();
722
}
723
return context.forget();
724
}
725
726
NS_IMETHODIMP
727
LoadInfo::GetLoadingContextXPCOM(nsISupports** aResult) {
728
nsCOMPtr<nsISupports> context = GetLoadingContext();
729
context.forget(aResult);
730
return NS_OK;
731
}
732
733
NS_IMETHODIMP
734
LoadInfo::GetSecurityFlags(nsSecurityFlags* aResult) {
735
*aResult = mSecurityFlags;
736
return NS_OK;
737
}
738
739
NS_IMETHODIMP
740
LoadInfo::GetSecurityMode(uint32_t* aFlags) {
741
*aFlags =
742
(mSecurityFlags & (nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS |
743
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED |
744
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS |
745
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL |
746
nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS));
747
return NS_OK;
748
}
749
750
NS_IMETHODIMP
751
LoadInfo::GetIsInThirdPartyContext(bool* aIsInThirdPartyContext) {
752
*aIsInThirdPartyContext = mIsThirdPartyContext;
753
return NS_OK;
754
}
755
756
static const uint32_t sCookiePolicyMask =
757
nsILoadInfo::SEC_COOKIES_DEFAULT | nsILoadInfo::SEC_COOKIES_INCLUDE |
758
nsILoadInfo::SEC_COOKIES_SAME_ORIGIN | nsILoadInfo::SEC_COOKIES_OMIT;
759
760
NS_IMETHODIMP
761
LoadInfo::GetCookiePolicy(uint32_t* aResult) {
762
uint32_t policy = mSecurityFlags & sCookiePolicyMask;
763
if (policy == nsILoadInfo::SEC_COOKIES_DEFAULT) {
764
policy = (mSecurityFlags & SEC_REQUIRE_CORS_DATA_INHERITS)
765
? nsILoadInfo::SEC_COOKIES_SAME_ORIGIN
766
: nsILoadInfo::SEC_COOKIES_INCLUDE;
767
}
768
769
*aResult = policy;
770
return NS_OK;
771
}
772
773
namespace {
774
775
already_AddRefed<nsICookieSettings> CreateCookieSettings(
776
nsContentPolicyType aContentPolicyType) {
777
if (StaticPrefs::network_cookieSettings_unblocked_for_testing()) {
778
return CookieSettings::Create();
779
}
780
781
// These contentPolictTypes require a real CookieSettings because favicon and
782
// save-as requests must send cookies. Anything else should not send/receive
783
// cookies.
784
if (aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON ||
785
aContentPolicyType == nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD) {
786
return CookieSettings::Create();
787
}
788
789
return CookieSettings::CreateBlockingAll();
790
}
791
792
} // namespace
793
794
NS_IMETHODIMP
795
LoadInfo::GetCookieSettings(nsICookieSettings** aCookieSettings) {
796
if (!mCookieSettings) {
797
mCookieSettings = CreateCookieSettings(mInternalContentPolicyType);
798
}
799
800
nsCOMPtr<nsICookieSettings> cookieSettings = mCookieSettings;
801
cookieSettings.forget(aCookieSettings);
802
return NS_OK;
803
}
804
805
NS_IMETHODIMP
806
LoadInfo::SetCookieSettings(nsICookieSettings* aCookieSettings) {
807
MOZ_ASSERT(aCookieSettings);
808
// We allow the overwrite of CookieSettings.
809
mCookieSettings = aCookieSettings;
810
return NS_OK;
811
}
812
813
void LoadInfo::SetIncludeCookiesSecFlag() {
814
MOZ_ASSERT((mSecurityFlags & sCookiePolicyMask) ==
815
nsILoadInfo::SEC_COOKIES_DEFAULT);
816
mSecurityFlags =
817
(mSecurityFlags & ~sCookiePolicyMask) | nsILoadInfo::SEC_COOKIES_INCLUDE;
818
}
819
820
NS_IMETHODIMP
821
LoadInfo::GetForceInheritPrincipal(bool* aInheritPrincipal) {
822
*aInheritPrincipal =
823
(mSecurityFlags & nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL);
824
return NS_OK;
825
}
826
827
NS_IMETHODIMP
828
LoadInfo::GetForceInheritPrincipalOverruleOwner(bool* aInheritPrincipal) {
829
*aInheritPrincipal =
830
(mSecurityFlags &
831
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER);
832
return NS_OK;
833
}
834
835
NS_IMETHODIMP
836
LoadInfo::GetLoadingSandboxed(bool* aLoadingSandboxed) {
837
*aLoadingSandboxed = (mSecurityFlags & nsILoadInfo::SEC_SANDBOXED);
838
return NS_OK;
839
}
840
841
NS_IMETHODIMP
842
LoadInfo::GetAboutBlankInherits(bool* aResult) {
843
*aResult = (mSecurityFlags & nsILoadInfo::SEC_ABOUT_BLANK_INHERITS);
844
return NS_OK;
845
}
846
847
NS_IMETHODIMP
848
LoadInfo::GetAllowChrome(bool* aResult) {
849
*aResult = (mSecurityFlags & nsILoadInfo::SEC_ALLOW_CHROME);
850
return NS_OK;
851
}
852
853
NS_IMETHODIMP
854
LoadInfo::GetDisallowScript(bool* aResult) {
855
*aResult = (mSecurityFlags & nsILoadInfo::SEC_DISALLOW_SCRIPT);
856
return NS_OK;
857
}
858
859
NS_IMETHODIMP
860
LoadInfo::GetDontFollowRedirects(bool* aResult) {
861
*aResult = (mSecurityFlags & nsILoadInfo::SEC_DONT_FOLLOW_REDIRECTS);
862
return NS_OK;
863
}
864
865
NS_IMETHODIMP
866
LoadInfo::GetLoadErrorPage(bool* aResult) {
867
*aResult = (mSecurityFlags & nsILoadInfo::SEC_LOAD_ERROR_PAGE);
868
return NS_OK;
869
}
870
871
NS_IMETHODIMP
872
LoadInfo::GetIsDocshellReload(bool* aResult) {
873
*aResult = mIsDocshellReload;
874
return NS_OK;
875
}
876
877
NS_IMETHODIMP
878
LoadInfo::SetIsDocshellReload(bool aValue) {
879
mIsDocshellReload = aValue;
880
return NS_OK;
881
}
882
883
NS_IMETHODIMP
884
LoadInfo::GetIsFormSubmission(bool* aResult) {
885
*aResult = mIsFormSubmission;
886
return NS_OK;
887
}
888
889
NS_IMETHODIMP
890
LoadInfo::SetIsFormSubmission(bool aValue) {
891
mIsFormSubmission = aValue;
892
return NS_OK;
893
}
894
895
NS_IMETHODIMP
896
LoadInfo::GetSendCSPViolationEvents(bool* aResult) {
897
*aResult = mSendCSPViolationEvents;
898
return NS_OK;
899
}
900
901
NS_IMETHODIMP
902
LoadInfo::SetSendCSPViolationEvents(bool aValue) {
903
mSendCSPViolationEvents = aValue;
904
return NS_OK;
905
}
906
907
NS_IMETHODIMP
908
LoadInfo::GetExternalContentPolicyType(nsContentPolicyType* aResult) {
909
*aResult = nsContentUtils::InternalContentPolicyTypeToExternal(
910
mInternalContentPolicyType);
911
return NS_OK;
912
}
913
914
nsContentPolicyType LoadInfo::InternalContentPolicyType() {
915
return mInternalContentPolicyType;
916
}
917
918
NS_IMETHODIMP
919
LoadInfo::GetBlockAllMixedContent(bool* aResult) {
920
*aResult = mBlockAllMixedContent;
921
return NS_OK;
922
}
923
924
NS_IMETHODIMP
925
LoadInfo::GetUpgradeInsecureRequests(bool* aResult) {
926
*aResult = mUpgradeInsecureRequests;
927
return NS_OK;
928
}
929
930
NS_IMETHODIMP
931
LoadInfo::GetBrowserUpgradeInsecureRequests(bool* aResult) {
932
*aResult = mBrowserUpgradeInsecureRequests;
933
return NS_OK;
934
}
935
936
NS_IMETHODIMP
937
LoadInfo::GetBrowserWouldUpgradeInsecureRequests(bool* aResult) {
938
*aResult = mBrowserWouldUpgradeInsecureRequests;
939
return NS_OK;
940
}
941
942
NS_IMETHODIMP
943
LoadInfo::SetForceAllowDataURI(bool aForceAllowDataURI) {
944
MOZ_ASSERT(!mForceAllowDataURI ||
945
mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT,
946
"can only allow data URI navigation for TYPE_DOCUMENT");
947
mForceAllowDataURI = aForceAllowDataURI;
948
return NS_OK;
949
}
950
951
NS_IMETHODIMP
952
LoadInfo::GetForceAllowDataURI(bool* aForceAllowDataURI) {
953
*aForceAllowDataURI = mForceAllowDataURI;
954
return NS_OK;
955
}
956
957
NS_IMETHODIMP
958
LoadInfo::SetAllowInsecureRedirectToDataURI(
959
bool aAllowInsecureRedirectToDataURI) {
960
mAllowInsecureRedirectToDataURI = aAllowInsecureRedirectToDataURI;
961
return NS_OK;
962
}
963
964
NS_IMETHODIMP
965
LoadInfo::GetAllowInsecureRedirectToDataURI(
966
bool* aAllowInsecureRedirectToDataURI) {
967
*aAllowInsecureRedirectToDataURI = mAllowInsecureRedirectToDataURI;
968
return NS_OK;
969
}
970
971
NS_IMETHODIMP
972
LoadInfo::SetBypassCORSChecks(bool aBypassCORSChecks) {
973
mBypassCORSChecks = aBypassCORSChecks;
974
return NS_OK;
975
}
976
977
NS_IMETHODIMP
978
LoadInfo::GetBypassCORSChecks(bool* aBypassCORSChecks) {
979
*aBypassCORSChecks = mBypassCORSChecks;
980
return NS_OK;
981
}
982
983
NS_IMETHODIMP
984
LoadInfo::SetSkipContentPolicyCheckForWebRequest(bool aSkip) {
985
mSkipContentPolicyCheckForWebRequest = aSkip;
986
return NS_OK;
987
}
988
989
NS_IMETHODIMP
990
LoadInfo::GetSkipContentPolicyCheckForWebRequest(bool* aSkip) {
991
*aSkip = mSkipContentPolicyCheckForWebRequest;
992
return NS_OK;
993
}
994
995
NS_IMETHODIMP
996
LoadInfo::SetOriginalFrameSrcLoad(bool aOriginalFrameSrcLoad) {
997
mOriginalFrameSrcLoad = aOriginalFrameSrcLoad;
998
return NS_OK;
999
}
1000
1001
NS_IMETHODIMP
1002
LoadInfo::GetOriginalFrameSrcLoad(bool* aOriginalFrameSrcLoad) {
1003
*aOriginalFrameSrcLoad = mOriginalFrameSrcLoad;
1004
return NS_OK;
1005
}
1006
1007
NS_IMETHODIMP
1008
LoadInfo::GetForceInheritPrincipalDropped(bool* aResult) {
1009
*aResult = mForceInheritPrincipalDropped;
1010
return NS_OK;
1011
}
1012
1013
NS_IMETHODIMP
1014
LoadInfo::GetInnerWindowID(uint64_t* aResult) {
1015
*aResult = mInnerWindowID;
1016
return NS_OK;
1017
}
1018
1019
NS_IMETHODIMP
1020
LoadInfo::GetOuterWindowID(uint64_t* aResult) {
1021
*aResult = mOuterWindowID;
1022
return NS_OK;
1023
}
1024
1025
NS_IMETHODIMP
1026
LoadInfo::GetParentOuterWindowID(uint64_t* aResult) {
1027
*aResult = mParentOuterWindowID;
1028
return NS_OK;
1029
}
1030
1031
NS_IMETHODIMP
1032
LoadInfo::GetTopOuterWindowID(uint64_t* aResult) {
1033
*aResult = mTopOuterWindowID;
1034
return NS_OK;
1035
}
1036
1037
NS_IMETHODIMP
1038
LoadInfo::GetFrameOuterWindowID(uint64_t* aResult) {
1039
*aResult = mFrameOuterWindowID;
1040
return NS_OK;
1041
}
1042
1043
NS_IMETHODIMP
1044
LoadInfo::GetBrowsingContextID(uint64_t* aResult) {
1045
*aResult = mBrowsingContextID;
1046
return NS_OK;
1047
}
1048
1049
NS_IMETHODIMP
1050
LoadInfo::GetFrameBrowsingContextID(uint64_t* aResult) {
1051
*aResult = mFrameBrowsingContextID;
1052
return NS_OK;
1053
}
1054
1055
NS_IMETHODIMP
1056
LoadInfo::GetBrowsingContext(dom::BrowsingContext** aResult) {
1057
*aResult = BrowsingContext::Get(mBrowsingContextID).take();
1058
return NS_OK;
1059
}
1060
1061
NS_IMETHODIMP
1062
LoadInfo::GetFrameBrowsingContext(dom::BrowsingContext** aResult) {
1063
*aResult = BrowsingContext::Get(mFrameBrowsingContextID).take();
1064
return NS_OK;
1065
}
1066
1067
NS_IMETHODIMP
1068
LoadInfo::GetScriptableOriginAttributes(
1069
JSContext* aCx, JS::MutableHandle<JS::Value> aOriginAttributes) {
1070
if (NS_WARN_IF(!ToJSValue(aCx, mOriginAttributes, aOriginAttributes))) {
1071
return NS_ERROR_FAILURE;
1072
}
1073
return NS_OK;
1074
}
1075
1076
NS_IMETHODIMP
1077
LoadInfo::ResetPrincipalToInheritToNullPrincipal() {
1078
// take the originAttributes from the LoadInfo and create
1079
// a new NullPrincipal using those origin attributes.
1080
nsCOMPtr<nsIPrincipal> newNullPrincipal =
1081
NullPrincipal::Create(mOriginAttributes);
1082
1083
mPrincipalToInherit = newNullPrincipal;
1084
1085
// setting SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER will overrule
1086
// any non null owner set on the channel and will return the principal
1087
// form the loadinfo instead.
1088
mSecurityFlags |= SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER;
1089
1090
return NS_OK;
1091
}
1092
1093
NS_IMETHODIMP
1094
LoadInfo::SetScriptableOriginAttributes(
1095
JSContext* aCx, JS::Handle<JS::Value> aOriginAttributes) {
1096
OriginAttributes attrs;
1097
if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
1098
return NS_ERROR_INVALID_ARG;
1099
}
1100
1101
mOriginAttributes = attrs;
1102
return NS_OK;
1103
}
1104
1105
nsresult LoadInfo::GetOriginAttributes(
1106
mozilla::OriginAttributes* aOriginAttributes) {
1107
NS_ENSURE_ARG(aOriginAttributes);
1108
*aOriginAttributes = mOriginAttributes;
1109
return NS_OK;
1110
}
1111
1112
nsresult LoadInfo::SetOriginAttributes(
1113
const mozilla::OriginAttributes& aOriginAttributes) {
1114
mOriginAttributes = aOriginAttributes;
1115
return NS_OK;
1116
}
1117
1118
NS_IMETHODIMP
1119
LoadInfo::SetInitialSecurityCheckDone(bool aInitialSecurityCheckDone) {
1120
// Indicates whether the channel was ever evaluated by the
1121
// ContentSecurityManager. Once set to true, this flag must
1122
// remain true throughout the lifetime of the channel.
1123
// Setting it to anything else than true will be discarded.
1124
MOZ_ASSERT(aInitialSecurityCheckDone,
1125
"aInitialSecurityCheckDone must be true");
1126
mInitialSecurityCheckDone =
1127
mInitialSecurityCheckDone || aInitialSecurityCheckDone;
1128
return NS_OK;
1129
}
1130
1131
NS_IMETHODIMP
1132
LoadInfo::GetInitialSecurityCheckDone(bool* aResult) {
1133
*aResult = mInitialSecurityCheckDone;
1134
return NS_OK;
1135
}
1136
1137
NS_IMETHODIMP
1138
LoadInfo::AppendRedirectHistoryEntry(nsIRedirectHistoryEntry* aEntry,
1139
bool aIsInternalRedirect) {
1140
NS_ENSURE_ARG(aEntry);
1141
MOZ_ASSERT(NS_IsMainThread());
1142
1143
mRedirectChainIncludingInternalRedirects.AppendElement(aEntry);
1144
if (!aIsInternalRedirect) {
1145
mRedirectChain.AppendElement(aEntry);
1146
}
1147
return NS_OK;
1148
}
1149
1150
NS_IMETHODIMP
1151
LoadInfo::GetRedirects(JSContext* aCx, JS::MutableHandle<JS::Value> aRedirects,
1152
const RedirectHistoryArray& aArray) {
1153
JS::Rooted<JSObject*> redirects(aCx, JS_NewArrayObject(aCx, aArray.Length()));
1154
NS_ENSURE_TRUE(redirects, NS_ERROR_OUT_OF_MEMORY);
1155
1156
JS::Rooted<JSObject*> global(aCx, JS::CurrentGlobalOrNull(aCx));
1157
NS_ENSURE_TRUE(global, NS_ERROR_UNEXPECTED);
1158
1159
nsCOMPtr<nsIXPConnect> xpc = nsIXPConnect::XPConnect();
1160
1161
for (size_t idx = 0; idx < aArray.Length(); idx++) {
1162
JS::RootedObject jsobj(aCx);
1163
nsresult rv =
1164
xpc->WrapNative(aCx, global, aArray[idx],
1165
NS_GET_IID(nsIRedirectHistoryEntry), jsobj.address());
1166
NS_ENSURE_SUCCESS(rv, rv);
1167
NS_ENSURE_STATE(jsobj);
1168
1169
bool rc = JS_DefineElement(aCx, redirects, idx, jsobj, JSPROP_ENUMERATE);
1170
NS_ENSURE_TRUE(rc, NS_ERROR_UNEXPECTED);
1171
}
1172
1173
aRedirects.setObject(*redirects);
1174
return NS_OK;
1175
}
1176
1177
NS_IMETHODIMP
1178
LoadInfo::GetRedirectChainIncludingInternalRedirects(
1179
JSContext* aCx, JS::MutableHandle<JS::Value> aChain) {
1180
return GetRedirects(aCx, aChain, mRedirectChainIncludingInternalRedirects);
1181
}
1182
1183
const RedirectHistoryArray&
1184
LoadInfo::RedirectChainIncludingInternalRedirects() {
1185
return mRedirectChainIncludingInternalRedirects;
1186
}
1187
1188
NS_IMETHODIMP
1189
LoadInfo::GetRedirectChain(JSContext* aCx,
1190
JS::MutableHandle<JS::Value> aChain) {
1191
return GetRedirects(aCx, aChain, mRedirectChain);
1192
}
1193
1194
const RedirectHistoryArray& LoadInfo::RedirectChain() { return mRedirectChain; }
1195
1196
const nsTArray<nsCOMPtr<nsIPrincipal>>& LoadInfo::AncestorPrincipals() {
1197
return mAncestorPrincipals;
1198
}
1199
1200
const nsTArray<uint64_t>& LoadInfo::AncestorOuterWindowIDs() {
1201
return mAncestorOuterWindowIDs;
1202
}
1203
1204
void LoadInfo::SetCorsPreflightInfo(const nsTArray<nsCString>& aHeaders,
1205
bool aForcePreflight) {
1206
MOZ_ASSERT(GetSecurityMode() == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS);
1207
MOZ_ASSERT(!mInitialSecurityCheckDone);
1208
mCorsUnsafeHeaders = aHeaders;
1209
mForcePreflight = aForcePreflight;
1210
}
1211
1212
const nsTArray<nsCString>& LoadInfo::CorsUnsafeHeaders() {
1213
return mCorsUnsafeHeaders;
1214
}
1215
1216
NS_IMETHODIMP
1217
LoadInfo::GetForcePreflight(bool* aForcePreflight) {
1218
*aForcePreflight = mForcePreflight;
1219
return NS_OK;
1220
}
1221
1222
void LoadInfo::SetIsPreflight() {
1223
MOZ_ASSERT(GetSecurityMode() == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS);
1224
MOZ_ASSERT(!mInitialSecurityCheckDone);
1225
mIsPreflight = true;
1226
}
1227
1228
void LoadInfo::SetUpgradeInsecureRequests() { mUpgradeInsecureRequests = true; }
1229
1230
void LoadInfo::SetBrowserUpgradeInsecureRequests() {
1231
mBrowserUpgradeInsecureRequests = true;
1232
}
1233
1234
void LoadInfo::SetBrowserWouldUpgradeInsecureRequests() {
1235
mBrowserWouldUpgradeInsecureRequests = true;
1236
}
1237
1238
NS_IMETHODIMP
1239
LoadInfo::GetIsPreflight(bool* aIsPreflight) {
1240
*aIsPreflight = mIsPreflight;
1241
return NS_OK;
1242
}
1243
1244
NS_IMETHODIMP
1245
LoadInfo::SetLoadTriggeredFromExternal(bool aLoadTriggeredFromExternal) {
1246
MOZ_ASSERT(!aLoadTriggeredFromExternal ||
1247
mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT,
1248
"can only set load triggered from external for TYPE_DOCUMENT");
1249
mLoadTriggeredFromExternal = aLoadTriggeredFromExternal;
1250
return NS_OK;
1251
}
1252
1253
NS_IMETHODIMP
1254
LoadInfo::GetLoadTriggeredFromExternal(bool* aLoadTriggeredFromExternal) {
1255
*aLoadTriggeredFromExternal = mLoadTriggeredFromExternal;
1256
return NS_OK;
1257
}
1258
1259
NS_IMETHODIMP
1260
LoadInfo::GetServiceWorkerTaintingSynthesized(
1261
bool* aServiceWorkerTaintingSynthesized) {
1262
MOZ_ASSERT(aServiceWorkerTaintingSynthesized);
1263
*aServiceWorkerTaintingSynthesized = mServiceWorkerTaintingSynthesized;
1264
return NS_OK;
1265
}
1266
1267
NS_IMETHODIMP
1268
LoadInfo::GetTainting(uint32_t* aTaintingOut) {
1269
MOZ_ASSERT(aTaintingOut);
1270
*aTaintingOut = static_cast<uint32_t>(mTainting);
1271
return NS_OK;
1272
}
1273
1274
NS_IMETHODIMP
1275
LoadInfo::MaybeIncreaseTainting(uint32_t aTainting) {
1276
NS_ENSURE_ARG(aTainting <= TAINTING_OPAQUE);
1277
1278
// Skip if the tainting has been set by the service worker.
1279
if (mServiceWorkerTaintingSynthesized) {
1280
return NS_OK;
1281
}
1282
1283
LoadTainting tainting = static_cast<LoadTainting>(aTainting);
1284
if (tainting > mTainting) {
1285
mTainting = tainting;
1286
}
1287
return NS_OK;
1288
}
1289
1290
void LoadInfo::SynthesizeServiceWorkerTainting(LoadTainting aTainting) {
1291
MOZ_DIAGNOSTIC_ASSERT(aTainting <= LoadTainting::Opaque);
1292
mTainting = aTainting;
1293
1294
// Flag to prevent the tainting from being increased.
1295
mServiceWorkerTaintingSynthesized = true;
1296
}
1297
1298
NS_IMETHODIMP
1299
LoadInfo::GetDocumentHasUserInteracted(bool* aDocumentHasUserInteracted) {
1300
MOZ_ASSERT(aDocumentHasUserInteracted);
1301
*aDocumentHasUserInteracted = mDocumentHasUserInteracted;
1302
return NS_OK;
1303
}
1304
1305
NS_IMETHODIMP
1306
LoadInfo::SetDocumentHasUserInteracted(bool aDocumentHasUserInteracted) {
1307
mDocumentHasUserInteracted = aDocumentHasUserInteracted;
1308
return NS_OK;
1309
}
1310
1311
NS_IMETHODIMP
1312
LoadInfo::GetDocumentHasLoaded(bool* aDocumentHasLoaded) {
1313
MOZ_ASSERT(aDocumentHasLoaded);
1314
*aDocumentHasLoaded = mDocumentHasLoaded;
1315
return NS_OK;
1316
}
1317
1318
NS_IMETHODIMP
1319
LoadInfo::SetDocumentHasLoaded(bool aDocumentHasLoaded) {
1320
mDocumentHasLoaded = aDocumentHasLoaded;
1321
return NS_OK;
1322
}
1323
1324
NS_IMETHODIMP
1325
LoadInfo::GetCspNonce(nsAString& aCspNonce) {
1326
aCspNonce = mCspNonce;
1327
return NS_OK;
1328
}
1329
1330
NS_IMETHODIMP
1331
LoadInfo::SetCspNonce(const nsAString& aCspNonce) {
1332
MOZ_ASSERT(!mInitialSecurityCheckDone,
1333
"setting the nonce is only allowed before any sec checks");
1334
mCspNonce = aCspNonce;
1335
return NS_OK;
1336
}
1337
1338
NS_IMETHODIMP
1339
LoadInfo::GetSkipContentSniffing(bool* aSkipContentSniffing) {
1340
*aSkipContentSniffing = mSkipContentSniffing;
1341
return NS_OK;
1342
}
1343
1344
NS_IMETHODIMP
1345
LoadInfo::SetSkipContentSniffing(bool aSkipContentSniffing) {
1346
mSkipContentSniffing = aSkipContentSniffing;
1347
return NS_OK;
1348
}
1349
1350
NS_IMETHODIMP
1351
LoadInfo::GetIsTopLevelLoad(bool* aResult) {
1352
*aResult = mFrameOuterWindowID ? mFrameOuterWindowID == mOuterWindowID
1353
: mParentOuterWindowID == mOuterWindowID;
1354
return NS_OK;
1355
}
1356
1357
void LoadInfo::SetIsFromProcessingFrameAttributes() {
1358
mIsFromProcessingFrameAttributes = true;
1359
}
1360
1361
NS_IMETHODIMP
1362
LoadInfo::GetIsFromProcessingFrameAttributes(
1363
bool* aIsFromProcessingFrameAttributes) {
1364
MOZ_ASSERT(aIsFromProcessingFrameAttributes);
1365
*aIsFromProcessingFrameAttributes = mIsFromProcessingFrameAttributes;
1366
return NS_OK;
1367
}
1368
1369
NS_IMETHODIMP
1370
LoadInfo::GetResultPrincipalURI(nsIURI** aURI) {
1371
NS_IF_ADDREF(*aURI = mResultPrincipalURI);
1372
return NS_OK;
1373
}
1374
1375
NS_IMETHODIMP
1376
LoadInfo::SetResultPrincipalURI(nsIURI* aURI) {
1377
mResultPrincipalURI = aURI;
1378
return NS_OK;
1379
}
1380
1381
NS_IMETHODIMP
1382
LoadInfo::SetRequestBlockingReason(uint32_t aReason) {
1383
mRequestBlockingReason = aReason;
1384
return NS_OK;
1385
}
1386
NS_IMETHODIMP
1387
LoadInfo::GetRequestBlockingReason(uint32_t* aReason) {
1388
*aReason = mRequestBlockingReason;
1389
return NS_OK;
1390
}
1391
1392
void LoadInfo::SetClientInfo(const ClientInfo& aClientInfo) {
1393
mClientInfo.emplace(aClientInfo);
1394
}
1395
1396
const Maybe<ClientInfo>& LoadInfo::GetClientInfo() { return mClientInfo; }
1397
1398
void LoadInfo::GiveReservedClientSource(
1399
UniquePtr<ClientSource>&& aClientSource) {
1400
MOZ_DIAGNOSTIC_ASSERT(aClientSource);
1401
mReservedClientSource = std::move(aClientSource);
1402
SetReservedClientInfo(mReservedClientSource->Info());
1403
}
1404
1405
UniquePtr<ClientSource> LoadInfo::TakeReservedClientSource() {
1406
if (mReservedClientSource) {
1407
// If the reserved ClientInfo was set due to a ClientSource being present,
1408
// then clear that info object when the ClientSource is taken.
1409
mReservedClientInfo.reset();
1410
}
1411
return std::move(mReservedClientSource);
1412
}
1413
1414
void LoadInfo::SetReservedClientInfo(const ClientInfo& aClientInfo) {
1415
MOZ_DIAGNOSTIC_ASSERT(mInitialClientInfo.isNothing());
1416
// Treat assignments of the same value as a no-op. The emplace below
1417
// will normally assert when overwriting an existing value.
1418
if (mReservedClientInfo.isSome() &&
1419
mReservedClientInfo.ref() == aClientInfo) {
1420
return;
1421
}
1422
mReservedClientInfo.emplace(aClientInfo);
1423
}
1424
1425
void LoadInfo::OverrideReservedClientInfoInParent(
1426
const ClientInfo& aClientInfo) {
1427
// This should only be called to handle redirects in the parent process.
1428
MOZ_ASSERT(XRE_GetProcessType() == GeckoProcessType_Default);
1429
1430
mInitialClientInfo.reset();
1431
mReservedClientInfo.reset();
1432
mReservedClientInfo.emplace(aClientInfo);
1433
}
1434
1435
const Maybe<ClientInfo>& LoadInfo::GetReservedClientInfo() {
1436
return mReservedClientInfo;
1437
}
1438
1439
void LoadInfo::SetInitialClientInfo(const ClientInfo& aClientInfo) {
1440
MOZ_DIAGNOSTIC_ASSERT(!mReservedClientSource);
1441
MOZ_DIAGNOSTIC_ASSERT(mReservedClientInfo.isNothing());
1442
// Treat assignments of the same value as a no-op. The emplace below
1443
// will normally assert when overwriting an existing value.
1444
if (mInitialClientInfo.isSome() && mInitialClientInfo.ref() == aClientInfo) {
1445
return;
1446
}
1447
mInitialClientInfo.emplace(aClientInfo);
1448
}
1449
1450
const Maybe<ClientInfo>& LoadInfo::GetInitialClientInfo() {
1451
return mInitialClientInfo;
1452
}
1453
1454
void LoadInfo::SetController(const ServiceWorkerDescriptor& aServiceWorker) {
1455
mController.emplace(aServiceWorker);
1456
}
1457
1458
void LoadInfo::ClearController() { mController.reset(); }
1459
1460
const Maybe<ServiceWorkerDescriptor>& LoadInfo::GetController() {
1461
return mController;
1462
}
1463
1464
void LoadInfo::SetPerformanceStorage(PerformanceStorage* aPerformanceStorage) {
1465
mPerformanceStorage = aPerformanceStorage;
1466
}
1467
1468
PerformanceStorage* LoadInfo::GetPerformanceStorage() {
1469
if (mPerformanceStorage) {
1470
return mPerformanceStorage;
1471
}
1472
1473
RefPtr<dom::Document> loadingDocument;
1474
GetLoadingDocument(getter_AddRefs(loadingDocument));
1475
if (!loadingDocument) {
1476
return nullptr;
1477
}
1478
1479
if (!TriggeringPrincipal()->Equals(loadingDocument->NodePrincipal())) {
1480
return nullptr;
1481
}
1482
1483
if (nsILoadInfo::GetExternalContentPolicyType() ==
1484
nsIContentPolicy::TYPE_SUBDOCUMENT &&
1485
!GetIsFromProcessingFrameAttributes()) {
1486
// We only report loads caused by processing the attributes of the
1487
// browsing context container.
1488
return nullptr;
1489
}
1490
1491
nsCOMPtr<nsPIDOMWindowInner> innerWindow = loadingDocument->GetInnerWindow();
1492
if (!innerWindow) {
1493
return nullptr;
1494
}
1495
1496
mozilla::dom::Performance* performance = innerWindow->GetPerformance();
1497
if (!performance) {
1498
return nullptr;
1499
}
1500
1501
return performance->AsPerformanceStorage();
1502
}
1503
1504
NS_IMETHODIMP
1505
LoadInfo::GetCspEventListener(nsICSPEventListener** aCSPEventListener) {
1506
NS_IF_ADDREF(*aCSPEventListener = mCSPEventListener);
1507
return NS_OK;
1508
}
1509
1510
NS_IMETHODIMP
1511
LoadInfo::SetCspEventListener(nsICSPEventListener* aCSPEventListener) {
1512
mCSPEventListener = aCSPEventListener;
1513
return NS_OK;
1514
}
1515
1516
already_AddRefed<nsIContentSecurityPolicy> LoadInfo::GetCsp() {
1517
// Before querying the CSP from the client we have to check if the
1518
// triggeringPrincipal originates from an addon and potentially
1519
// overrides the CSP stored within the client.
1520
if (mLoadingPrincipal && BasePrincipal::Cast(mTriggeringPrincipal)
1521
->OverridesCSP(mLoadingPrincipal)) {
1522
nsCOMPtr<nsIExpandedPrincipal> ep = do_QueryInterface(mTriggeringPrincipal);
1523
nsCOMPtr<nsIContentSecurityPolicy> addonCSP;
1524
if (ep) {
1525
addonCSP = ep->GetCsp();
1526
}
1527
return addonCSP.forget();
1528
}
1529
1530
if (mClientInfo.isNothing()) {
1531
return nullptr;
1532
}
1533
1534
nsCOMPtr<nsINode> node = do_QueryReferent(mLoadingContext);
1535
RefPtr<Document> doc = node ? node->OwnerDoc() : nullptr;
1536
1537
// If the client is of type window, then we return the cached CSP
1538
// stored on the document instead of having to deserialize the CSP
1539
// from the ClientInfo.
1540
if (doc && mClientInfo->Type() == ClientType::Window) {
1541
nsCOMPtr<nsIContentSecurityPolicy> docCSP = doc->GetCsp();
1542
return docCSP.forget();
1543
}
1544
1545
Maybe<mozilla::ipc::CSPInfo> cspInfo = mClientInfo->GetCspInfo();
1546
if (cspInfo.isNothing()) {
1547
return nullptr;
1548
}
1549
nsCOMPtr<nsIContentSecurityPolicy> clientCSP =
1550
CSPInfoToCSP(cspInfo.ref(), doc);
1551
return clientCSP.forget();
1552
}
1553
1554
already_AddRefed<nsIContentSecurityPolicy> LoadInfo::GetPreloadCsp() {
1555
if (mClientInfo.isNothing()) {
1556
return nullptr;
1557
}
1558
1559
nsCOMPtr<nsINode> node = do_QueryReferent(mLoadingContext);
1560
RefPtr<Document> doc = node ? node->OwnerDoc() : nullptr;
1561
1562
// If the client is of type window, then we return the cached CSP
1563
// stored on the document instead of having to deserialize the CSP
1564
// from the ClientInfo.
1565
if (doc && mClientInfo->Type() == ClientType::Window) {
1566
nsCOMPtr<nsIContentSecurityPolicy> preloadCsp = doc->GetPreloadCsp();
1567
return preloadCsp.forget();
1568
}
1569
1570
Maybe<mozilla::ipc::CSPInfo> cspInfo = mClientInfo->GetPreloadCspInfo();
1571
if (cspInfo.isNothing()) {
1572
return nullptr;
1573
}
1574
nsCOMPtr<nsIContentSecurityPolicy> preloadCSP =
1575
CSPInfoToCSP(cspInfo.ref(), doc);
1576
return preloadCSP.forget();
1577
}
1578
1579
already_AddRefed<nsIContentSecurityPolicy> LoadInfo::GetCspToInherit() {
1580
nsCOMPtr<nsIContentSecurityPolicy> cspToInherit = mCspToInherit;
1581
return cspToInherit.forget();
1582
}
1583
1584
} // namespace net
1585
} // namespace mozilla