From 166b25a42c0e8813e09eab7e4e19b06a950c0ccc Mon Sep 17 00:00:00 2001 From: Moonchild Date: Mon, 28 Apr 2025 10:04:07 +0200 Subject: [PATCH] Issue #2736 - Part 3: Use `TriggeringPrincipal` for image loads. The imgLoader code consistently uses the term `loadingPrincipal` for the principal that is called the `triggeringPrincipal` everywhere else. This aligns the naming to avoid confusion in later changes. --- image/imgLoader.cpp | 80 ++++++++++++++++++++++---------------------- image/imgRequest.cpp | 4 +-- image/imgRequest.h | 13 +++---- 3 files changed, 49 insertions(+), 48 deletions(-) diff --git a/image/imgLoader.cpp b/image/imgLoader.cpp index 503bc5ed11..d8e50cb2eb 100644 --- a/image/imgLoader.cpp +++ b/image/imgLoader.cpp @@ -547,7 +547,7 @@ ShouldRevalidateEntry(imgCacheEntry* aEntry, static bool ShouldLoadCachedImage(imgRequest* aImgRequest, nsISupports* aLoadingContext, - nsIPrincipal* aLoadingPrincipal, + nsIPrincipal* aTriggeringPrincipal, nsContentPolicyType aPolicyType) { /* Call content policies on cached images - Bug 1082837 @@ -567,8 +567,8 @@ ShouldLoadCachedImage(imgRequest* aImgRequest, int16_t decision = nsIContentPolicy::REJECT_REQUEST; rv = NS_CheckContentLoadPolicy(aPolicyType, contentLocation, - aLoadingPrincipal, // loading principal - aLoadingPrincipal, // triggering principal + aTriggeringPrincipal, // loading principal + aTriggeringPrincipal, // triggering principal aLoadingContext, EmptyCString(), //mime guess nullptr, //aExtra @@ -582,11 +582,11 @@ ShouldLoadCachedImage(imgRequest* aImgRequest, // We call all Content Policies above, but we also have to call mcb // individually to check the intermediary redirect hops are secure. if (insecureRedirect) { - if (!nsContentUtils::IsSystemPrincipal(aLoadingPrincipal)) { - // Set the requestingLocation from the aLoadingPrincipal. + if (!nsContentUtils::IsSystemPrincipal(aTriggeringPrincipal)) { + // Set the requestingLocation from the aTriggeringPrincipal. nsCOMPtr requestingLocation; - if (aLoadingPrincipal) { - rv = aLoadingPrincipal->GetURI(getter_AddRefs(requestingLocation)); + if (aTriggeringPrincipal) { + rv = aTriggeringPrincipal->GetURI(getter_AddRefs(requestingLocation)); NS_ENSURE_SUCCESS(rv, false); } @@ -599,7 +599,7 @@ ShouldLoadCachedImage(imgRequest* aImgRequest, aLoadingContext, EmptyCString(), //mime guess nullptr, - aLoadingPrincipal, + aTriggeringPrincipal, &decision); if (NS_FAILED(rv) || !NS_CP_ACCEPTED(decision)) { return false; @@ -616,7 +616,7 @@ ShouldLoadCachedImage(imgRequest* aImgRequest, // referrers/policies may generate different responses. static bool ValidateSecurityInfo(imgRequest* request, bool forcePrincipalCheck, - int32_t corsmode, nsIPrincipal* loadingPrincipal, + int32_t corsmode, nsIPrincipal* triggeringPrincipal, nsISupports* aCX, nsContentPolicyType aPolicyType, ReferrerPolicy referrerPolicy) { @@ -634,17 +634,17 @@ ValidateSecurityInfo(imgRequest* request, bool forcePrincipalCheck, return false; } else if (request->GetCORSMode() != imgIRequest::CORS_NONE || forcePrincipalCheck) { - nsCOMPtr otherprincipal = request->GetLoadingPrincipal(); + nsCOMPtr otherprincipal = request->GetTriggeringPrincipal(); // If we previously had a principal, but we don't now, we can't use this // request. - if (otherprincipal && !loadingPrincipal) { + if (otherprincipal && !triggeringPrincipal) { return false; } - if (otherprincipal && loadingPrincipal) { + if (otherprincipal && triggeringPrincipal) { bool equals = false; - otherprincipal->Equals(loadingPrincipal, &equals); + otherprincipal->Equals(triggeringPrincipal, &equals); if (!equals) { return false; } @@ -652,7 +652,7 @@ ValidateSecurityInfo(imgRequest* request, bool forcePrincipalCheck, } // Content Policy Check on Cached Images - return ShouldLoadCachedImage(request, aCX, loadingPrincipal, aPolicyType); + return ShouldLoadCachedImage(request, aCX, triggeringPrincipal, aPolicyType); } static nsresult @@ -662,7 +662,7 @@ NewImageChannel(nsIChannel** aResult, // assuming we have a cache hit on a cache entry that we // create for this channel. This is an out param that should // be set to true if this channel ends up depending on - // aLoadingPrincipal and false otherwise. + // aTriggeringPrincipal and false otherwise. bool* aForcePrincipalCheckForCacheEntry, nsIURI* aURI, nsIURI* aInitialDocumentURI, @@ -673,7 +673,7 @@ NewImageChannel(nsIChannel** aResult, const nsCString& aAcceptHeader, nsLoadFlags aLoadFlags, nsContentPolicyType aPolicyType, - nsIPrincipal* aLoadingPrincipal, + nsIPrincipal* aTriggeringPrincipal, nsISupports* aRequestingContext, bool aRespectPrivacy) { @@ -720,11 +720,11 @@ NewImageChannel(nsIChannel** aResult, // node and a principal. This is for things like background images that are // specified by user stylesheets, where the document is being styled, but // the principal is that of the user stylesheet. - if (requestingNode && aLoadingPrincipal) { + if (requestingNode && aTriggeringPrincipal) { rv = NS_NewChannelWithTriggeringPrincipal(aResult, aURI, requestingNode, - aLoadingPrincipal, + aTriggeringPrincipal, securityFlags, aPolicyType, nullptr, // loadGroup @@ -737,10 +737,10 @@ NewImageChannel(nsIChannel** aResult, if (aPolicyType == nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON) { // If this is a favicon loading, we will use the originAttributes from the - // loadingPrincipal as the channel's originAttributes. This allows the favicon + // triggeringPrincipal as the channel's originAttributes. This allows the favicon // loading from XUL will use the correct originAttributes. NeckoOriginAttributes neckoAttrs; - neckoAttrs.InheritFromDocToNecko(BasePrincipal::Cast(aLoadingPrincipal)->OriginAttributesRef()); + neckoAttrs.InheritFromDocToNecko(BasePrincipal::Cast(aTriggeringPrincipal)->OriginAttributesRef()); nsCOMPtr loadInfo = (*aResult)->GetLoadInfo(); rv = loadInfo->SetOriginAttributes(neckoAttrs); @@ -748,7 +748,7 @@ NewImageChannel(nsIChannel** aResult, } else { // either we are loading something inside a document, in which case // we should always have a requestingNode, or we are loading something - // outside a document, in which case the loadingPrincipal and + // outside a document, in which case the triggeringPrincipal and // triggeringPrincipal should always be the systemPrincipal. // However, there are exceptions: one is Notifications which create a // channel in the parent prcoess in which case we can't get a requestingNode. @@ -769,8 +769,8 @@ NewImageChannel(nsIChannel** aResult, // and adjust the private browsing ID based on what kind of load the caller // has asked us to perform. NeckoOriginAttributes neckoAttrs; - if (aLoadingPrincipal) { - neckoAttrs.InheritFromDocToNecko(BasePrincipal::Cast(aLoadingPrincipal)->OriginAttributesRef()); + if (aTriggeringPrincipal) { + neckoAttrs.InheritFromDocToNecko(BasePrincipal::Cast(aTriggeringPrincipal)->OriginAttributesRef()); } neckoAttrs.mPrivateBrowsingId = aRespectPrivacy ? 1 : 0; @@ -784,9 +784,9 @@ NewImageChannel(nsIChannel** aResult, // only inherit if we have a principal *aForcePrincipalCheckForCacheEntry = - aLoadingPrincipal && + aTriggeringPrincipal && nsContentUtils::ChannelShouldInheritPrincipal( - aLoadingPrincipal, + aTriggeringPrincipal, aURI, /* aInheritForAboutBlank */ false, /* aForceInherit */ false); @@ -1583,7 +1583,7 @@ imgLoader::ValidateRequestWithNewChannel(imgRequest* request, nsLoadFlags aLoadFlags, nsContentPolicyType aLoadPolicyType, imgRequestProxy** aProxyRequest, - nsIPrincipal* aLoadingPrincipal, + nsIPrincipal* aTriggeringPrincipal, int32_t aCORSMode) { // now we need to insert a new channel request object inbetween the real @@ -1633,7 +1633,7 @@ imgLoader::ValidateRequestWithNewChannel(imgRequest* request, mAcceptHeader, aLoadFlags, aLoadPolicyType, - aLoadingPrincipal, + aTriggeringPrincipal, aCX, mRespectPrivacy); if (NS_FAILED(rv)) { @@ -1706,7 +1706,7 @@ imgLoader::ValidateEntry(imgCacheEntry* aEntry, nsContentPolicyType aLoadPolicyType, bool aCanMakeNewChannel, imgRequestProxy** aProxyRequest, - nsIPrincipal* aLoadingPrincipal, + nsIPrincipal* aTriggeringPrincipal, int32_t aCORSMode) { LOG_SCOPE(gImgLog, "imgLoader::ValidateEntry"); @@ -1746,7 +1746,7 @@ imgLoader::ValidateEntry(imgCacheEntry* aEntry, } if (!ValidateSecurityInfo(request, aEntry->ForcePrincipalCheck(), - aCORSMode, aLoadingPrincipal, + aCORSMode, aTriggeringPrincipal, aCX, aLoadPolicyType, aReferrerPolicy)) return false; @@ -1823,7 +1823,7 @@ imgLoader::ValidateEntry(imgCacheEntry* aEntry, aReferrerURI, aReferrerPolicy, aLoadGroup, aObserver, aCX, aLoadFlags, aLoadPolicyType, - aProxyRequest, aLoadingPrincipal, + aProxyRequest, aTriggeringPrincipal, aCORSMode); } @@ -1977,7 +1977,7 @@ imgLoader::LoadImageXPCOM(nsIURI* aURI, nsIURI* aInitialDocumentURI, nsIURI* aReferrerURI, const nsAString& aReferrerPolicy, - nsIPrincipal* aLoadingPrincipal, + nsIPrincipal* aTriggeringPrincipal, nsILoadGroup* aLoadGroup, imgINotificationObserver* aObserver, nsISupports* aCX, @@ -1999,7 +1999,7 @@ imgLoader::LoadImageXPCOM(nsIURI* aURI, aReferrerURI, refpol == mozilla::net::RP_Unset ? mozilla::net::RP_Default : refpol, - aLoadingPrincipal, + aTriggeringPrincipal, aLoadGroup, aObserver, node, @@ -2018,7 +2018,7 @@ imgLoader::LoadImage(nsIURI* aURI, nsIURI* aInitialDocumentURI, nsIURI* aReferrerURI, ReferrerPolicy aReferrerPolicy, - nsIPrincipal* aLoadingPrincipal, + nsIPrincipal* aTriggeringPrincipal, nsILoadGroup* aLoadGroup, imgINotificationObserver* aObserver, nsINode *aContext, @@ -2101,8 +2101,8 @@ imgLoader::LoadImage(nsIURI* aURI, // for correctly dealing with image load requests that are a result // of post data. PrincipalOriginAttributes attrs; - if (aLoadingPrincipal) { - attrs = BasePrincipal::Cast(aLoadingPrincipal)->OriginAttributesRef(); + if (aTriggeringPrincipal) { + attrs = BasePrincipal::Cast(aTriggeringPrincipal)->OriginAttributesRef(); } ImageCacheKey key(aURI, attrs, aLoadingDocument, rv); NS_ENSURE_SUCCESS(rv, rv); @@ -2112,7 +2112,7 @@ imgLoader::LoadImage(nsIURI* aURI, if (ValidateEntry(entry, aURI, aInitialDocumentURI, aReferrerURI, aReferrerPolicy, aLoadGroup, aObserver, aLoadingDocument, requestFlags, aContentPolicyType, true, _retval, - aLoadingPrincipal, corsmode)) { + aTriggeringPrincipal, corsmode)) { request = entry->GetRequest(); // If this entry has no proxies, its request has no reference to the @@ -2157,7 +2157,7 @@ imgLoader::LoadImage(nsIURI* aURI, mAcceptHeader, requestFlags, aContentPolicyType, - aLoadingPrincipal, + aTriggeringPrincipal, aContext, mRespectPrivacy); if (NS_FAILED(rv)) { @@ -2178,7 +2178,7 @@ imgLoader::LoadImage(nsIURI* aURI, newChannel->GetLoadGroup(getter_AddRefs(channelLoadGroup)); rv = request->Init(aURI, aURI, /* aHadInsecureRedirect = */ false, channelLoadGroup, newChannel, entry, aLoadingDocument, - aLoadingPrincipal, corsmode, aReferrerPolicy); + aTriggeringPrincipal, corsmode, aReferrerPolicy); if (NS_FAILED(rv)) { return NS_ERROR_FAILURE; } @@ -2814,7 +2814,7 @@ imgCacheValidator::OnStartRequest(nsIRequest* aRequest, nsISupports* ctxt) int32_t corsmode = mRequest->GetCORSMode(); ReferrerPolicy refpol = mRequest->GetReferrerPolicy(); - nsCOMPtr loadingPrincipal = mRequest->GetLoadingPrincipal(); + nsCOMPtr triggeringPrincipal = mRequest->GetTriggeringPrincipal(); // Doom the old request's cache entry mRequest->RemoveFromCache(); @@ -2827,7 +2827,7 @@ imgCacheValidator::OnStartRequest(nsIRequest* aRequest, nsISupports* ctxt) channel->GetOriginalURI(getter_AddRefs(originalURI)); nsresult rv = mNewRequest->Init(originalURI, uri, mHadInsecureRedirect, aRequest, channel, - mNewEntry, context, loadingPrincipal, corsmode, refpol); + mNewEntry, context, triggeringPrincipal, corsmode, refpol); if (NS_FAILED(rv)) { return rv; } diff --git a/image/imgRequest.cpp b/image/imgRequest.cpp index 2a8af98cf4..31356b0c72 100644 --- a/image/imgRequest.cpp +++ b/image/imgRequest.cpp @@ -91,7 +91,7 @@ imgRequest::Init(nsIURI *aURI, nsIChannel *aChannel, imgCacheEntry *aCacheEntry, nsISupports* aCX, - nsIPrincipal* aLoadingPrincipal, + nsIPrincipal* aTriggeringPrincipal, int32_t aCORSMode, ReferrerPolicy aReferrerPolicy) { @@ -119,7 +119,7 @@ imgRequest::Init(nsIURI *aURI, mChannel = aChannel; mTimedChannel = do_QueryInterface(mChannel); - mLoadingPrincipal = aLoadingPrincipal; + mTriggeringPrincipal = aTriggeringPrincipal; mCORSMode = aCORSMode; mReferrerPolicy = aReferrerPolicy; diff --git a/image/imgRequest.h b/image/imgRequest.h index c05e6a4a94..8781a5e30e 100644 --- a/image/imgRequest.h +++ b/image/imgRequest.h @@ -72,7 +72,7 @@ public: nsIChannel* aChannel, imgCacheEntry* aCacheEntry, nsISupports* aCX, - nsIPrincipal* aLoadingPrincipal, + nsIPrincipal* aTriggeringPrincipal, int32_t aCORSMode, ReferrerPolicy aReferrerPolicy); @@ -127,9 +127,9 @@ public: // The principal for the document that loaded this image. Used when trying to // validate a CORS image load. - already_AddRefed GetLoadingPrincipal() const + already_AddRefed GetTriggeringPrincipal() const { - nsCOMPtr principal = mLoadingPrincipal; + nsCOMPtr principal = mTriggeringPrincipal; return principal.forget(); } @@ -232,9 +232,10 @@ private: RefPtr mURI; // The URI of the resource we ended up loading after all redirects, etc. nsCOMPtr mCurrentURI; - // The principal of the document which loaded this image. Used when - // validating for CORS. - nsCOMPtr mLoadingPrincipal; + // The principal which triggered the load of this image. Generally either + // the principal of the document the image is being loaded into, or of the + // stylesheet which specified the image to load. Used when validating for CORS. + nsCOMPtr mTriggeringPrincipal; // The principal of this image. nsCOMPtr mPrincipal; nsCOMPtr mProperties;