Source code

Revision control

Other Tools

1
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3
/* This Source Code Form is subject to the terms of the Mozilla Public
4
* License, v. 2.0. If a copy of the MPL was not distributed with this
5
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7
#ifndef mozilla_LoadInfo_h
8
#define mozilla_LoadInfo_h
9
10
#include "nsIContentSecurityPolicy.h"
11
#include "nsIContentPolicy.h"
12
#include "nsILoadInfo.h"
13
#include "nsIPrincipal.h"
14
#include "nsIWeakReferenceUtils.h" // for nsWeakPtr
15
#include "nsIURI.h"
16
#include "nsContentUtils.h"
17
#include "nsString.h"
18
#include "nsTArray.h"
19
20
#include "mozilla/BasePrincipal.h"
21
#include "mozilla/dom/ClientInfo.h"
22
#include "mozilla/dom/ServiceWorkerDescriptor.h"
23
24
class nsICookieSettings;
25
class nsINode;
26
class nsPIDOMWindowOuter;
27
28
namespace mozilla {
29
30
namespace dom {
31
class PerformanceStorage;
32
class XMLHttpRequestMainThread;
33
} // namespace dom
34
35
namespace net {
36
class LoadInfoArgs;
37
} // namespace net
38
39
namespace ipc {
40
// we have to forward declare that function so we can use it as a friend.
41
nsresult LoadInfoArgsToLoadInfo(
42
const Maybe<mozilla::net::LoadInfoArgs>& aLoadInfoArgs,
43
nsILoadInfo** outLoadInfo);
44
} // namespace ipc
45
46
namespace net {
47
48
typedef nsTArray<nsCOMPtr<nsIRedirectHistoryEntry>> RedirectHistoryArray;
49
50
/**
51
* Class that provides an nsILoadInfo implementation.
52
*/
53
class LoadInfo final : public nsILoadInfo {
54
public:
55
NS_DECL_ISUPPORTS
56
NS_DECL_NSILOADINFO
57
58
// aLoadingPrincipal MUST NOT BE NULL.
59
LoadInfo(nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
60
nsINode* aLoadingContext, nsSecurityFlags aSecurityFlags,
61
nsContentPolicyType aContentPolicyType,
62
const Maybe<mozilla::dom::ClientInfo>& aLoadingClientInfo =
63
Maybe<mozilla::dom::ClientInfo>(),
64
const Maybe<mozilla::dom::ServiceWorkerDescriptor>& aController =
65
Maybe<mozilla::dom::ServiceWorkerDescriptor>());
66
67
// Constructor used for TYPE_DOCUMENT loads which have a different
68
// loadingContext than other loads. This ContextForTopLevelLoad is
69
// only used for content policy checks.
70
LoadInfo(nsPIDOMWindowOuter* aOuterWindow, nsIPrincipal* aTriggeringPrincipal,
71
nsISupports* aContextForTopLevelLoad,
72
nsSecurityFlags aSecurityFlags);
73
74
// create an exact copy of the loadinfo
75
already_AddRefed<nsILoadInfo> Clone() const;
76
77
// hands off!!! don't use CloneWithNewSecFlags unless you know
78
// exactly what you are doing - it should only be used within
79
// nsBaseChannel::Redirect()
80
already_AddRefed<nsILoadInfo> CloneWithNewSecFlags(
81
nsSecurityFlags aSecurityFlags) const;
82
// creates a copy of the loadinfo which is appropriate to use for a
83
// separate request. I.e. not for a redirect or an inner channel, but
84
// when a separate request is made with the same security properties.
85
already_AddRefed<nsILoadInfo> CloneForNewRequest() const;
86
87
void SetIsPreflight();
88
void SetUpgradeInsecureRequests();
89
void SetBrowserUpgradeInsecureRequests();
90
void SetBrowserWouldUpgradeInsecureRequests();
91
void SetIsFromProcessingFrameAttributes();
92
93
// Hands off from the cspToInherit functionality!
94
//
95
// For navigations, GetCSPToInherit returns what the spec calls the
96
// "request's client's global object's CSP list", or more precisely
97
// a snapshot of it taken when the navigation starts. For navigations
98
// that need to inherit their CSP, this is the right CSP to use for
99
// the new document. We need a way to transfer the CSP from the
100
// docshell (where the navigation starts) to the point where the new
101
// document is created and decides whether to inherit its CSP, and
102
// this is the mechanism we use for that.
103
//
104
// For example:
105
// A document with a CSP triggers a new top-level data: URI load.
106
// We pass the CSP of the document that triggered the load all the
107
// way to docshell. Within docshell we call SetCSPToInherit() on the
108
// loadinfo. Within Document::InitCSP() we check if the newly created
109
// document needs to inherit the CSP. If so, we call GetCSPToInherit()
110
// and set the inherited CSP as the CSP for the new document. Please
111
// note that any additonal Meta CSP in that document will be merged
112
// into that CSP. Any subresource loads within that document
113
// subesquently will receive the correct CSP by querying
114
// loadinfo->GetCSP() from that point on.
115
void SetCSPToInherit(nsIContentSecurityPolicy* aCspToInherit) {
116
mCspToInherit = aCspToInherit;
117
}
118
119
private:
120
// private constructor that is only allowed to be called from within
121
// HttpChannelParent and FTPChannelParent declared as friends undeneath.
122
// In e10s we can not serialize nsINode, hence we store the innerWindowID.
123
// Please note that aRedirectChain uses swapElements.
124
LoadInfo(nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
125
nsIPrincipal* aPrincipalToInherit,
126
nsIPrincipal* aSandboxedLoadingPrincipal,
127
nsIPrincipal* aTopLevelPrincipal,
128
nsIPrincipal* aTopLevelStorageAreaPrincipal,
129
nsIURI* aResultPrincipalURI, nsICookieSettings* aCookieSettings,
130
nsIContentSecurityPolicy* aCspToInherit,
131
const Maybe<mozilla::dom::ClientInfo>& aClientInfo,
132
const Maybe<mozilla::dom::ClientInfo>& aReservedClientInfo,
133
const Maybe<mozilla::dom::ClientInfo>& aInitialClientInfo,
134
const Maybe<mozilla::dom::ServiceWorkerDescriptor>& aController,
135
nsSecurityFlags aSecurityFlags,
136
nsContentPolicyType aContentPolicyType, LoadTainting aTainting,
137
bool aUpgradeInsecureRequests, bool aBrowserUpgradeInsecureRequests,
138
bool aBrowserWouldUpgradeInsecureRequests, bool aForceAllowDataURI,
139
bool aAllowInsecureRedirectToDataURI, bool aBypassCORSChecks,
140
bool aSkipContentPolicyCheckForWebRequest,
141
bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID,
142
uint64_t aOuterWindowID, uint64_t aParentOuterWindowID,
143
uint64_t aTopOuterWindowID, uint64_t aFrameOuterWindowID,
144
uint64_t aBrowsingContextID, uint64_t aFrameBrowsingContextID,
145
bool aInitialSecurityCheckDone, bool aIsThirdPartyRequest,
146
bool aIsDocshellReload, bool aSendCSPViolationEvents,
147
const OriginAttributes& aOriginAttributes,
148
RedirectHistoryArray& aRedirectChainIncludingInternalRedirects,
149
RedirectHistoryArray& aRedirectChain,
150
nsTArray<nsCOMPtr<nsIPrincipal>>&& aAncestorPrincipals,
151
const nsTArray<uint64_t>& aAncestorOuterWindowIDs,
152
const nsTArray<nsCString>& aUnsafeHeaders, bool aForcePreflight,
153
bool aIsPreflight, bool aLoadTriggeredFromExternal,
154
bool aServiceWorkerTaintingSynthesized,
155
bool aDocumentHasUserInteracted, bool aDocumentHasLoaded,
156
const nsAString& aCspNonce, uint32_t aRequestBlockingReason);
157
LoadInfo(const LoadInfo& rhs);
158
159
NS_IMETHOD GetRedirects(JSContext* aCx,
160
JS::MutableHandle<JS::Value> aRedirects,
161
const RedirectHistoryArray& aArra);
162
163
friend nsresult mozilla::ipc::LoadInfoArgsToLoadInfo(
164
const Maybe<mozilla::net::LoadInfoArgs>& aLoadInfoArgs,
165
nsILoadInfo** outLoadInfo);
166
167
~LoadInfo() = default;
168
169
void ComputeIsThirdPartyContext(nsPIDOMWindowOuter* aOuterWindow);
170
171
// This function is the *only* function which can change the securityflags
172
// of a loadinfo. It only exists because of the XHR code. Don't call it
173
// from anywhere else!
174
void SetIncludeCookiesSecFlag();
175
friend class mozilla::dom::XMLHttpRequestMainThread;
176
177
// if you add a member, please also update the copy constructor and consider
178
// if it should be merged from parent channel through
179
// ParentLoadInfoForwarderArgs.
180
nsCOMPtr<nsIPrincipal> mLoadingPrincipal;
181
nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
182
nsCOMPtr<nsIPrincipal> mPrincipalToInherit;
183
nsCOMPtr<nsIPrincipal> mSandboxedLoadingPrincipal;
184
nsCOMPtr<nsIPrincipal> mTopLevelPrincipal;
185
nsCOMPtr<nsIPrincipal> mTopLevelStorageAreaPrincipal;
186
nsCOMPtr<nsIURI> mResultPrincipalURI;
187
nsCOMPtr<nsICSPEventListener> mCSPEventListener;
188
nsCOMPtr<nsICookieSettings> mCookieSettings;
189
nsCOMPtr<nsIContentSecurityPolicy> mCspToInherit;
190
191
Maybe<mozilla::dom::ClientInfo> mClientInfo;
192
UniquePtr<mozilla::dom::ClientSource> mReservedClientSource;
193
Maybe<mozilla::dom::ClientInfo> mReservedClientInfo;
194
Maybe<mozilla::dom::ClientInfo> mInitialClientInfo;
195
Maybe<mozilla::dom::ServiceWorkerDescriptor> mController;
196
RefPtr<mozilla::dom::PerformanceStorage> mPerformanceStorage;
197
198
nsWeakPtr mLoadingContext;
199
nsWeakPtr mContextForTopLevelLoad;
200
nsSecurityFlags mSecurityFlags;
201
nsContentPolicyType mInternalContentPolicyType;
202
LoadTainting mTainting;
203
bool mUpgradeInsecureRequests;
204
bool mBrowserUpgradeInsecureRequests;
205
bool mBrowserWouldUpgradeInsecureRequests;
206
bool mForceAllowDataURI;
207
bool mAllowInsecureRedirectToDataURI;
208
bool mBypassCORSChecks;
209
bool mSkipContentPolicyCheckForWebRequest;
210
bool mOriginalFrameSrcLoad;
211
bool mForceInheritPrincipalDropped;
212
uint64_t mInnerWindowID;
213
uint64_t mOuterWindowID;
214
uint64_t mParentOuterWindowID;
215
uint64_t mTopOuterWindowID;
216
uint64_t mFrameOuterWindowID;
217
uint64_t mBrowsingContextID;
218
uint64_t mFrameBrowsingContextID;
219
bool mInitialSecurityCheckDone;
220
bool mIsThirdPartyContext;
221
bool mIsDocshellReload;
222
bool mSendCSPViolationEvents;
223
OriginAttributes mOriginAttributes;
224
RedirectHistoryArray mRedirectChainIncludingInternalRedirects;
225
RedirectHistoryArray mRedirectChain;
226
nsTArray<nsCOMPtr<nsIPrincipal>> mAncestorPrincipals;
227
nsTArray<uint64_t> mAncestorOuterWindowIDs;
228
nsTArray<nsCString> mCorsUnsafeHeaders;
229
uint32_t mRequestBlockingReason;
230
bool mForcePreflight;
231
bool mIsPreflight;
232
bool mLoadTriggeredFromExternal;
233
bool mServiceWorkerTaintingSynthesized;
234
bool mDocumentHasUserInteracted;
235
bool mDocumentHasLoaded;
236
nsString mCspNonce;
237
238
// Is true if this load was triggered by processing the attributes of the
239
// browsing context container.
240
// See nsILoadInfo.isFromProcessingFrameAttributes
241
bool mIsFromProcessingFrameAttributes;
242
};
243
244
} // namespace net
245
} // namespace mozilla
246
247
#endif // mozilla_LoadInfo_h