Source code

Revision control

Other Tools

1
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3
/* This Source Code Form is subject to the terms of the Mozilla Public
4
* License, v. 2.0. If a copy of the MPL was not distributed with this
5
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7
#ifndef mozilla_LoadInfo_h
8
#define mozilla_LoadInfo_h
9
10
#include "nsIContentSecurityPolicy.h"
11
#include "nsIContentPolicy.h"
12
#include "nsILoadInfo.h"
13
#include "nsIPrincipal.h"
14
#include "nsIWeakReferenceUtils.h" // for nsWeakPtr
15
#include "nsIURI.h"
16
#include "nsContentUtils.h"
17
#include "nsString.h"
18
#include "nsTArray.h"
19
20
#include "mozilla/BasePrincipal.h"
21
#include "mozilla/dom/ClientInfo.h"
22
#include "mozilla/dom/ServiceWorkerDescriptor.h"
23
24
class nsICookieSettings;
25
class nsINode;
26
class nsPIDOMWindowOuter;
27
28
namespace mozilla {
29
30
namespace dom {
31
class PerformanceStorage;
32
class XMLHttpRequestMainThread;
33
} // namespace dom
34
35
namespace net {
36
class LoadInfoArgs;
37
class LoadInfo;
38
} // namespace net
39
40
namespace ipc {
41
// we have to forward declare that function so we can use it as a friend.
42
nsresult LoadInfoArgsToLoadInfo(
43
const Maybe<mozilla::net::LoadInfoArgs>& aLoadInfoArgs,
44
nsINode* aLoadingContext, nsINode* aCspToInheritLoadingContext,
45
net::LoadInfo** outLoadInfo);
46
} // namespace ipc
47
48
namespace net {
49
50
typedef nsTArray<nsCOMPtr<nsIRedirectHistoryEntry>> RedirectHistoryArray;
51
52
/**
53
* Class that provides an nsILoadInfo implementation.
54
*/
55
class LoadInfo final : public nsILoadInfo {
56
public:
57
NS_DECL_ISUPPORTS
58
NS_DECL_NSILOADINFO
59
60
// aLoadingPrincipal MUST NOT BE NULL.
61
LoadInfo(nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
62
nsINode* aLoadingContext, nsSecurityFlags aSecurityFlags,
63
nsContentPolicyType aContentPolicyType,
64
const Maybe<mozilla::dom::ClientInfo>& aLoadingClientInfo =
65
Maybe<mozilla::dom::ClientInfo>(),
66
const Maybe<mozilla::dom::ServiceWorkerDescriptor>& aController =
67
Maybe<mozilla::dom::ServiceWorkerDescriptor>());
68
69
// Constructor used for TYPE_DOCUMENT loads which have a different
70
// loadingContext than other loads. This ContextForTopLevelLoad is
71
// only used for content policy checks.
72
LoadInfo(nsPIDOMWindowOuter* aOuterWindow, nsIPrincipal* aTriggeringPrincipal,
73
nsISupports* aContextForTopLevelLoad,
74
nsSecurityFlags aSecurityFlags);
75
76
// create an exact copy of the loadinfo
77
already_AddRefed<nsILoadInfo> Clone() const;
78
79
// hands off!!! don't use CloneWithNewSecFlags unless you know
80
// exactly what you are doing - it should only be used within
81
// nsBaseChannel::Redirect()
82
already_AddRefed<nsILoadInfo> CloneWithNewSecFlags(
83
nsSecurityFlags aSecurityFlags) const;
84
// creates a copy of the loadinfo which is appropriate to use for a
85
// separate request. I.e. not for a redirect or an inner channel, but
86
// when a separate request is made with the same security properties.
87
already_AddRefed<nsILoadInfo> CloneForNewRequest() const;
88
89
void SetIsPreflight();
90
void SetUpgradeInsecureRequests();
91
void SetBrowserUpgradeInsecureRequests();
92
void SetBrowserWouldUpgradeInsecureRequests();
93
void SetIsFromProcessingFrameAttributes();
94
95
// Hands off from the cspToInherit functionality!
96
//
97
// For navigations, GetCSPToInherit returns what the spec calls the
98
// "request's client's global object's CSP list", or more precisely
99
// a snapshot of it taken when the navigation starts. For navigations
100
// that need to inherit their CSP, this is the right CSP to use for
101
// the new document. We need a way to transfer the CSP from the
102
// docshell (where the navigation starts) to the point where the new
103
// document is created and decides whether to inherit its CSP, and
104
// this is the mechanism we use for that.
105
//
106
// For example:
107
// A document with a CSP triggers a new top-level data: URI load.
108
// We pass the CSP of the document that triggered the load all the
109
// way to docshell. Within docshell we call SetCSPToInherit() on the
110
// loadinfo. Within Document::InitCSP() we check if the newly created
111
// document needs to inherit the CSP. If so, we call GetCSPToInherit()
112
// and set the inherited CSP as the CSP for the new document. Please
113
// note that any additonal Meta CSP in that document will be merged
114
// into that CSP. Any subresource loads within that document
115
// subesquently will receive the correct CSP by querying
116
// loadinfo->GetCSP() from that point on.
117
void SetCSPToInherit(nsIContentSecurityPolicy* aCspToInherit) {
118
mCspToInherit = aCspToInherit;
119
}
120
121
private:
122
// private constructor that is only allowed to be called from within
123
// HttpChannelParent and FTPChannelParent declared as friends undeneath.
124
// In e10s we can not serialize nsINode, hence we store the innerWindowID.
125
// Please note that aRedirectChain uses swapElements.
126
LoadInfo(nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
127
nsIPrincipal* aPrincipalToInherit,
128
nsIPrincipal* aSandboxedLoadingPrincipal,
129
nsIPrincipal* aTopLevelPrincipal,
130
nsIPrincipal* aTopLevelStorageAreaPrincipal,
131
nsIURI* aResultPrincipalURI, nsICookieSettings* aCookieSettings,
132
nsIContentSecurityPolicy* aCspToInherit,
133
const Maybe<mozilla::dom::ClientInfo>& aClientInfo,
134
const Maybe<mozilla::dom::ClientInfo>& aReservedClientInfo,
135
const Maybe<mozilla::dom::ClientInfo>& aInitialClientInfo,
136
const Maybe<mozilla::dom::ServiceWorkerDescriptor>& aController,
137
nsSecurityFlags aSecurityFlags,
138
nsContentPolicyType aContentPolicyType, LoadTainting aTainting,
139
bool aBlockAllMixedContent, bool aUpgradeInsecureRequests,
140
bool aBrowserUpgradeInsecureRequests,
141
bool aBrowserWouldUpgradeInsecureRequests, bool aForceAllowDataURI,
142
bool aAllowInsecureRedirectToDataURI, bool aBypassCORSChecks,
143
bool aSkipContentPolicyCheckForWebRequest,
144
bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID,
145
uint64_t aOuterWindowID, uint64_t aParentOuterWindowID,
146
uint64_t aTopOuterWindowID, uint64_t aFrameOuterWindowID,
147
uint64_t aBrowsingContextID, uint64_t aFrameBrowsingContextID,
148
bool aInitialSecurityCheckDone, bool aIsThirdPartyRequest,
149
bool aIsDocshellReload, bool aIsFormSubmission,
150
bool aSendCSPViolationEvents,
151
const OriginAttributes& aOriginAttributes,
152
RedirectHistoryArray& aRedirectChainIncludingInternalRedirects,
153
RedirectHistoryArray& aRedirectChain,
154
nsTArray<nsCOMPtr<nsIPrincipal>>&& aAncestorPrincipals,
155
const nsTArray<uint64_t>& aAncestorOuterWindowIDs,
156
const nsTArray<nsCString>& aUnsafeHeaders, bool aForcePreflight,
157
bool aIsPreflight, bool aLoadTriggeredFromExternal,
158
bool aServiceWorkerTaintingSynthesized,
159
bool aDocumentHasUserInteracted, bool aDocumentHasLoaded,
160
const nsAString& aCspNonce, bool aSkipContentSniffing,
161
uint32_t aRequestBlockingReason, nsINode* aLoadingContext);
162
LoadInfo(const LoadInfo& rhs);
163
164
NS_IMETHOD GetRedirects(JSContext* aCx,
165
JS::MutableHandle<JS::Value> aRedirects,
166
const RedirectHistoryArray& aArra);
167
168
friend nsresult mozilla::ipc::LoadInfoArgsToLoadInfo(
169
const Maybe<mozilla::net::LoadInfoArgs>& aLoadInfoArgs,
170
nsINode* aLoadingContext, nsINode* aCspToInheritLoadingContext,
171
net::LoadInfo** outLoadInfo);
172
173
~LoadInfo() = default;
174
175
void ComputeIsThirdPartyContext(nsPIDOMWindowOuter* aOuterWindow);
176
177
// This function is the *only* function which can change the securityflags
178
// of a loadinfo. It only exists because of the XHR code. Don't call it
179
// from anywhere else!
180
void SetIncludeCookiesSecFlag();
181
friend class mozilla::dom::XMLHttpRequestMainThread;
182
183
// nsDocShell::OpenInitializedChannel needs to update the loadInfo with
184
// the correct browsingContext.
185
friend class ::nsDocShell;
186
void UpdateBrowsingContextID(uint64_t aBrowsingContextID) {
187
mBrowsingContextID = aBrowsingContextID;
188
}
189
void UpdateFrameBrowsingContextID(uint64_t aFrameBrowsingContextID) {
190
mFrameBrowsingContextID = aFrameBrowsingContextID;
191
}
192
193
// if you add a member, please also update the copy constructor and consider
194
// if it should be merged from parent channel through
195
// ParentLoadInfoForwarderArgs.
196
nsCOMPtr<nsIPrincipal> mLoadingPrincipal;
197
nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
198
nsCOMPtr<nsIPrincipal> mPrincipalToInherit;
199
nsCOMPtr<nsIPrincipal> mSandboxedLoadingPrincipal;
200
nsCOMPtr<nsIPrincipal> mTopLevelPrincipal;
201
nsCOMPtr<nsIPrincipal> mTopLevelStorageAreaPrincipal;
202
nsCOMPtr<nsIURI> mResultPrincipalURI;
203
nsCOMPtr<nsICSPEventListener> mCSPEventListener;
204
nsCOMPtr<nsICookieSettings> mCookieSettings;
205
nsCOMPtr<nsIContentSecurityPolicy> mCspToInherit;
206
207
Maybe<mozilla::dom::ClientInfo> mClientInfo;
208
UniquePtr<mozilla::dom::ClientSource> mReservedClientSource;
209
Maybe<mozilla::dom::ClientInfo> mReservedClientInfo;
210
Maybe<mozilla::dom::ClientInfo> mInitialClientInfo;
211
Maybe<mozilla::dom::ServiceWorkerDescriptor> mController;
212
RefPtr<mozilla::dom::PerformanceStorage> mPerformanceStorage;
213
214
nsWeakPtr mLoadingContext;
215
nsWeakPtr mContextForTopLevelLoad;
216
nsSecurityFlags mSecurityFlags;
217
nsContentPolicyType mInternalContentPolicyType;
218
LoadTainting mTainting;
219
bool mBlockAllMixedContent;
220
bool mUpgradeInsecureRequests;
221
bool mBrowserUpgradeInsecureRequests;
222
bool mBrowserWouldUpgradeInsecureRequests;
223
bool mForceAllowDataURI;
224
bool mAllowInsecureRedirectToDataURI;
225
bool mBypassCORSChecks;
226
bool mSkipContentPolicyCheckForWebRequest;
227
bool mOriginalFrameSrcLoad;
228
bool mForceInheritPrincipalDropped;
229
uint64_t mInnerWindowID;
230
uint64_t mOuterWindowID;
231
uint64_t mParentOuterWindowID;
232
uint64_t mTopOuterWindowID;
233
uint64_t mFrameOuterWindowID;
234
uint64_t mBrowsingContextID;
235
uint64_t mFrameBrowsingContextID;
236
bool mInitialSecurityCheckDone;
237
bool mIsThirdPartyContext;
238
bool mIsDocshellReload;
239
bool mIsFormSubmission;
240
bool mSendCSPViolationEvents;
241
OriginAttributes mOriginAttributes;
242
RedirectHistoryArray mRedirectChainIncludingInternalRedirects;
243
RedirectHistoryArray mRedirectChain;
244
nsTArray<nsCOMPtr<nsIPrincipal>> mAncestorPrincipals;
245
nsTArray<uint64_t> mAncestorOuterWindowIDs;
246
nsTArray<nsCString> mCorsUnsafeHeaders;
247
uint32_t mRequestBlockingReason;
248
bool mForcePreflight;
249
bool mIsPreflight;
250
bool mLoadTriggeredFromExternal;
251
bool mServiceWorkerTaintingSynthesized;
252
bool mDocumentHasUserInteracted;
253
bool mDocumentHasLoaded;
254
nsString mCspNonce;
255
bool mSkipContentSniffing;
256
257
// Is true if this load was triggered by processing the attributes of the
258
// browsing context container.
259
// See nsILoadInfo.isFromProcessingFrameAttributes
260
bool mIsFromProcessingFrameAttributes;
261
};
262
263
} // namespace net
264
} // namespace mozilla
265
266
#endif // mozilla_LoadInfo_h