mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-05-26 14:18:48 +00:00
roytam1
393bc6639f
- Bug 1209162 - Create OriginAttributes subtypes. IGNORE IDL r=sicking. (c2cbe04ef3) - Bug 1220570 - Potential cookie lost while downgrading from Aurora 44 to 43. r=jduell (1a0111c842) - Bug 1217456: Add a security flag for controlling redirects. Use this flag in fetch() implementation. r=bkelly,jduell (79d449e479) - Bug 1112040 - Add a mochitest. r=bholley (566a05f720) - Bug 1171215 - Compute third-partyness in the loadinfo instead of nsIHttpChannelInternal so that other protocols correctly respect the third-party cookie pref. r=sicking/ckerschb (06f7a10a83) - better backport of Bug 485941 - Stack overflow using overly-deep XML tree (DoS). r=bzbarsky (ac43feeffa) - Bug 1182546 - Use channel->Open2() in parser/htmlparser/nsExpatDriver.cpp (r=bz) (42768f373a) - Bug 1163435 part 1 - [css-grid][css-flexbox] Propagate an explicit CB width/height to the reflow state to resolve percentage lengths for grid items properly. Resolve percent against the size in the same axis for abs.pos. children too. r=dholbert (a55463fb05) - Bug 1163435 part 2 - tests. (bb683c5fc6) - Bug 1223282 - Make NS_AUTOMARGIN be a different value than NS_UNCONSTRAINEDSIZE to avoid having clamped huge margin values be interpreted as auto margins. r=roc (4cdfe0f277) - Bug 1224230 - Explicitly store the lineContainer's writing mode in InlineIntrinsicISizeData. r=dbaron (6474515223) - Bug 1221043. Revert to including trailing whitespace for accessibility APIs. r=marcoz,mats (406018c163) - Bug 1227113 - Fix some indentation issues in ServiceWorkerManager, r=janv (2b343bde09) - Bug 1223116 P1 Expose nsIServiceWorkerManager.shouldReportToWindow(). r=catalinb (02899e429d) - Bug 1226441 - Part 1: Add wpt test verifying fetch event waits for activate to complete; r=catalinb (e8eb3e6e7a) - Bug 1209865 - Add gecko profiler marker when mark() of User Timing API is called. r=baku (f48d76e395) - Bug 1169068 - Performance.translateTime(), r=bz (38cd1c31b2) - Bug 1226441 - Part 2: Delay functional event dispatch until service worker is activated; r=catalinb (778cd3dd24) - Bug 1178233 - [non-e10s] The update process doesn't work within about:serviceworkers in non-e10s mode. Test. r=baku (4f8b6f53f8) - Bug 1188545 - Disable unstable test: test_aboutserviceworkers.html. a=testonly (4bbe106693) - Bug 1219255 - We should be able to attach to a service worker;r=amarchesini (0d6b71b4ec) - Bug 1222464 - Part 2: Implement FetchEvent.clientId; r=jdm (9c8abd62dd) - Bug 1218150 - Mark the members of Clients as NewObject; r=bzbarsky (b6b00a586c) - Bug 1222464 - Part 3: Implement Clients.get(); r=jdm (f5ca60d801) - Bug 1222464 - Part 1: Save a client ID for top-level navigations on the docshell and assign it as the document ID when we start loading the document; r=jdm (7dcb5ce2b6) - Bug 1218141 - Add some SameObject and NewObject annotations to ServiceWorkerGlobalScope; r=bzbarsky (5019f58c7a) - Bug 1218190 - Add a pref to enable Clients.openWindow, r=catalinb (dbb6d007dd) - Bug 1218142 - Remove ServiceWorkerGlobalScope.onbeforeevicted/onevicted; r=bzbarsky (029de6f8ec) - Bug 1218146 - Move WindowClient.frameType to Client.frameType; r=bzbarsky (00f0211276) - Bug 1218147 - Make WindowClient.focus() NewObject; r=bzbarsky (3c6aea4b67) - Bug 1189659 - Part 1 - Continue service worker job queue when life cycle events expire. r=bkelly (aa09cd9c60) - Bug 1227932 - Fix Service Workers SoftUpdate and registration.update code paths. r=ehsan (24567b23c0) - Bug 1189659 - Part 2 - Remove set of scopes being updated from ServiceWorkerManager. r=bkelly (ce581b095c) - Bug 1189659 - Part 3 - Use separate synchronization queues for service worker register jobs and install jobs. r=bkelly (9c408a22ed) - Bug 1189659 - Part 4 - Fix race in test_install_event.html. r=bkelly (3186ffb808) - Bug 1189659 - Part 5 - Fix race in skip-waiting.https.html and add some logging for SkipWaitingFlag in ServiceWorkerManager. r=ehsan (4e5ddda6f3) - Bug 1229056 - Implement ClientQueryOptions.includeUncontrolled; r=jdm (dbe56aa60d) - namespace (3b0863d42d) - Bug 1201127 - Return the same ServiceWorkerRegistration object from service worker APIs dealing with the same underlying registration object; r=jdm (c542688ae0) - Bug 1171583 - Remove mutable warning from |nsSimpleURI::SetUserPass|. r=bz (73934deaad) - Bug 1206199 - Extend channelwrapper to mediate OnStartRequest, OnStopRequest, OnDataAvailable (r=sicking) (758a7ec65c) - Bug 1186783 (part 4) - Replace nsBaseHashtable::EnumerateRead() calls in netwerk/ with iterators. r=valentin. (681bdba278) - Bug 1186783 (part 3) - Replace nsBaseHashtable::EnumerateRead() calls in netwerk/ with iterators. r=valentin. (76b8b7191e) - Bug 1186783 (part 2) - Replace nsBaseHashtable::EnumerateRead() calls in netwerk/ with iterators. r=valentin. (5c0743ac49) - Bug 1186783 (part 1) - Replace nsBaseHashtable::EnumerateRead() calls in netwerk/ with iterators. r=valentin. (952cc720cc) - Bug 1186783 (part 5) - Replace nsBaseHashtable::EnumerateRead() calls in netwerk/ with iterators. r=valentin. (25b9735c52) - Bug 1186783 (part 1) - Replace nsBaseHashtable::EnumerateRead() calls in netwerk/. r=michal. (ae52425809) - Bug 1186783 (follow-up) - Bustage fix for Gonk. (d4a1b769bd) - add back some hotfix stuff, even if unused (fe32076c5b) - Bug 1068087: Switch about:plugins to run remotely. r=mconley (bc4316dd03) - Bug 1214058: Part 1 - Add a simplified JSON-based add-on update protocol. r=Mossop (a3198884d5) - Bug 1214058: Part 2 - Run add-on update tests against comparable JSON and RDF manifests. r=Mossop (aa6a796e6f) - Bug 1152977 - Enable by default DEAA for desktop platforms that use OpenGL compositor. r=jmuizelaar (bfa9efd5c8)
477 lines
17 KiB
C++
477 lines
17 KiB
C++
#include "nsContentSecurityManager.h"
|
|
#include "nsIChannel.h"
|
|
#include "nsIStreamListener.h"
|
|
#include "nsILoadInfo.h"
|
|
#include "nsContentUtils.h"
|
|
#include "nsCORSListenerProxy.h"
|
|
#include "nsIStreamListener.h"
|
|
|
|
#include "mozilla/dom/Element.h"
|
|
|
|
NS_IMPL_ISUPPORTS(nsContentSecurityManager, nsIContentSecurityManager)
|
|
|
|
static nsresult
|
|
ValidateSecurityFlags(nsILoadInfo* aLoadInfo)
|
|
{
|
|
nsSecurityFlags securityMode = aLoadInfo->GetSecurityMode();
|
|
|
|
if (securityMode != nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS &&
|
|
securityMode != nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED &&
|
|
securityMode != nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS &&
|
|
securityMode != nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL &&
|
|
securityMode != nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
|
|
MOZ_ASSERT(false, "need one securityflag from nsILoadInfo to perform security checks");
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
|
|
// make sure that cors-with-credentials is only used in combination with CORS.
|
|
if (aLoadInfo->GetRequireCorsWithCredentials() &&
|
|
securityMode != nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
|
|
MOZ_ASSERT(false, "can not use cors-with-credentials without cors");
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
// all good, found the right security flags
|
|
return NS_OK;
|
|
}
|
|
|
|
static bool SchemeIs(nsIURI* aURI, const char* aScheme)
|
|
{
|
|
nsCOMPtr<nsIURI> baseURI = NS_GetInnermostURI(aURI);
|
|
NS_ENSURE_TRUE(baseURI, false);
|
|
|
|
bool isScheme = false;
|
|
return NS_SUCCEEDED(baseURI->SchemeIs(aScheme, &isScheme)) && isScheme;
|
|
}
|
|
|
|
static nsresult
|
|
DoCheckLoadURIChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo)
|
|
{
|
|
nsresult rv = NS_OK;
|
|
|
|
nsCOMPtr<nsIPrincipal> loadingPrincipal = aLoadInfo->LoadingPrincipal();
|
|
uint32_t flags = nsIScriptSecurityManager::STANDARD;
|
|
if (aLoadInfo->GetAllowChrome()) {
|
|
flags |= nsIScriptSecurityManager::ALLOW_CHROME;
|
|
}
|
|
|
|
rv = nsContentUtils::GetSecurityManager()->
|
|
CheckLoadURIWithPrincipal(loadingPrincipal,
|
|
aURI,
|
|
flags);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
// If the loadingPrincipal and the triggeringPrincipal are different, then make
|
|
// sure the triggeringPrincipal is allowed to access that URI.
|
|
nsCOMPtr<nsIPrincipal> triggeringPrincipal = aLoadInfo->TriggeringPrincipal();
|
|
if (loadingPrincipal != triggeringPrincipal) {
|
|
rv = nsContentUtils::GetSecurityManager()->
|
|
CheckLoadURIWithPrincipal(triggeringPrincipal,
|
|
aURI,
|
|
flags);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
static bool
|
|
URIHasFlags(nsIURI* aURI, uint32_t aURIFlags)
|
|
{
|
|
bool hasFlags;
|
|
nsresult rv = NS_URIChainHasFlags(aURI, aURIFlags, &hasFlags);
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
return hasFlags;
|
|
}
|
|
|
|
static nsresult
|
|
DoSOPChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo)
|
|
{
|
|
if (aLoadInfo->GetAllowChrome() &&
|
|
(URIHasFlags(aURI, nsIProtocolHandler::URI_IS_UI_RESOURCE) ||
|
|
SchemeIs(aURI, "moz-safe-about"))) {
|
|
// UI resources are allowed.
|
|
return DoCheckLoadURIChecks(aURI, aLoadInfo);
|
|
}
|
|
|
|
nsIPrincipal* loadingPrincipal = aLoadInfo->LoadingPrincipal();
|
|
bool sameOriginDataInherits =
|
|
aLoadInfo->GetSecurityMode() == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS;
|
|
|
|
if (sameOriginDataInherits &&
|
|
aLoadInfo->GetAboutBlankInherits() &&
|
|
NS_IsAboutBlank(aURI)) {
|
|
return NS_OK;
|
|
}
|
|
|
|
return loadingPrincipal->CheckMayLoad(aURI,
|
|
true, // report to console
|
|
sameOriginDataInherits);
|
|
}
|
|
|
|
static nsresult
|
|
DoCORSChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo,
|
|
nsCOMPtr<nsIStreamListener>& aInAndOutListener)
|
|
{
|
|
MOZ_RELEASE_ASSERT(aInAndOutListener, "can not perform CORS checks without a listener");
|
|
|
|
// No need to set up CORS if TriggeringPrincipal is the SystemPrincipal.
|
|
// For example, allow user stylesheets to load XBL from external files
|
|
// without requiring CORS.
|
|
if (nsContentUtils::IsSystemPrincipal(aLoadInfo->TriggeringPrincipal())) {
|
|
return NS_OK;
|
|
}
|
|
|
|
nsIPrincipal* loadingPrincipal = aLoadInfo->LoadingPrincipal();
|
|
RefPtr<nsCORSListenerProxy> corsListener =
|
|
new nsCORSListenerProxy(aInAndOutListener,
|
|
loadingPrincipal,
|
|
aLoadInfo->GetRequireCorsWithCredentials());
|
|
// XXX: @arg: DataURIHandling::Allow
|
|
// lets use DataURIHandling::Allow for now and then decide on callsite basis. see also:
|
|
// http://mxr.mozilla.org/mozilla-central/source/dom/security/nsCORSListenerProxy.h#33
|
|
nsresult rv = corsListener->Init(aChannel, DataURIHandling::Allow);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
aInAndOutListener = corsListener;
|
|
return NS_OK;
|
|
}
|
|
|
|
static nsresult
|
|
DoContentSecurityChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo)
|
|
{
|
|
nsContentPolicyType contentPolicyType =
|
|
aLoadInfo->GetExternalContentPolicyType();
|
|
nsContentPolicyType internalContentPolicyType =
|
|
aLoadInfo->InternalContentPolicyType();
|
|
nsCString mimeTypeGuess;
|
|
nsCOMPtr<nsINode> requestingContext = nullptr;
|
|
|
|
switch(contentPolicyType) {
|
|
case nsIContentPolicy::TYPE_OTHER: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_SCRIPT: {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("application/javascript");
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_IMAGE:
|
|
case nsIContentPolicy::TYPE_STYLESHEET:
|
|
case nsIContentPolicy::TYPE_OBJECT:
|
|
case nsIContentPolicy::TYPE_DOCUMENT: {
|
|
MOZ_ASSERT(false, "contentPolicyType not supported yet");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_SUBDOCUMENT: {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("text/html");
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
|
|
"type_subdocument requires requestingContext of type Document");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_REFRESH: {
|
|
MOZ_ASSERT(false, "contentPolicyType not supported yet");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_XBL: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_PING: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_XMLHTTPREQUEST: {
|
|
// alias nsIContentPolicy::TYPE_DATAREQUEST:
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
|
|
"type_xml requires requestingContext of type Document");
|
|
|
|
// We're checking for the external TYPE_XMLHTTPREQUEST here in case
|
|
// an addon creates a request with that type.
|
|
if (internalContentPolicyType ==
|
|
nsIContentPolicy::TYPE_INTERNAL_XMLHTTPREQUEST ||
|
|
internalContentPolicyType ==
|
|
nsIContentPolicy::TYPE_XMLHTTPREQUEST) {
|
|
mimeTypeGuess = EmptyCString();
|
|
}
|
|
else {
|
|
MOZ_ASSERT(internalContentPolicyType ==
|
|
nsIContentPolicy::TYPE_INTERNAL_EVENTSOURCE,
|
|
"can not set mime type guess for unexpected internal type");
|
|
mimeTypeGuess = NS_LITERAL_CSTRING(TEXT_EVENT_STREAM);
|
|
}
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_OBJECT_SUBREQUEST: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::ELEMENT_NODE,
|
|
"type_subrequest requires requestingContext of type Element");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_DTD: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
|
|
"type_dtd requires requestingContext of type Document");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_FONT: {
|
|
MOZ_ASSERT(false, "contentPolicyType not supported yet");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_MEDIA: {
|
|
if (internalContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_TRACK) {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("text/vtt");
|
|
}
|
|
else {
|
|
mimeTypeGuess = EmptyCString();
|
|
}
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::ELEMENT_NODE,
|
|
"type_media requires requestingContext of type Element");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_WEBSOCKET: {
|
|
MOZ_ASSERT(false, "contentPolicyType not supported yet");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_CSP_REPORT: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_XSLT: {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("application/xml");
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
|
|
"type_xslt requires requestingContext of type Document");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_BEACON: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
|
|
"type_beacon requires requestingContext of type Document");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_FETCH: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_IMAGESET: {
|
|
MOZ_ASSERT(false, "contentPolicyType not supported yet");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_WEB_MANIFEST: {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("application/manifest+json");
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
default:
|
|
// nsIContentPolicy::TYPE_INVALID
|
|
MOZ_ASSERT(false, "can not perform security check without a valid contentType");
|
|
}
|
|
|
|
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
|
|
nsresult rv = NS_CheckContentLoadPolicy(internalContentPolicyType,
|
|
aURI,
|
|
aLoadInfo->LoadingPrincipal(),
|
|
requestingContext,
|
|
mimeTypeGuess,
|
|
nullptr, //extra,
|
|
&shouldLoad,
|
|
nsContentUtils::GetContentPolicy(),
|
|
nsContentUtils::GetSecurityManager());
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
if (NS_CP_REJECTED(shouldLoad)) {
|
|
return NS_ERROR_CONTENT_BLOCKED;
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
/*
|
|
* Based on the security flags provided in the loadInfo of the channel,
|
|
* doContentSecurityCheck() performs the following content security checks
|
|
* before opening the channel:
|
|
*
|
|
* (1) Same Origin Policy Check (if applicable)
|
|
* (2) Allow Cross Origin but perform sanity checks whether a principal
|
|
* is allowed to access the following URL.
|
|
* (3) Perform CORS check (if applicable)
|
|
* (4) ContentPolicy checks (Content-Security-Policy, Mixed Content, ...)
|
|
*
|
|
* @param aChannel
|
|
* The channel to perform the security checks on.
|
|
* @param aInAndOutListener
|
|
* The streamListener that is passed to channel->AsyncOpen2() that is now potentially
|
|
* wrappend within nsCORSListenerProxy() and becomes the corsListener that now needs
|
|
* to be set as new streamListener on the channel.
|
|
*/
|
|
nsresult
|
|
nsContentSecurityManager::doContentSecurityCheck(nsIChannel* aChannel,
|
|
nsCOMPtr<nsIStreamListener>& aInAndOutListener)
|
|
{
|
|
NS_ENSURE_ARG(aChannel);
|
|
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
|
|
|
|
if (!loadInfo) {
|
|
MOZ_ASSERT(false, "channel needs to have loadInfo to perform security checks");
|
|
return NS_ERROR_UNEXPECTED;
|
|
}
|
|
|
|
// make sure that only one of the five security flags is set in the loadinfo
|
|
// e.g. do not require same origin and allow cross origin at the same time
|
|
nsresult rv = ValidateSecurityFlags(loadInfo);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
// lets store the initialSecurityCheckDone flag which indicates whether the channel
|
|
// was initialy evaluated by the contentSecurityManager. Once the inital
|
|
// asyncOpen() of the channel went through the contentSecurityManager then
|
|
// redirects do not have perform all the security checks, e.g. no reason
|
|
// to setup CORS again.
|
|
bool initialSecurityCheckDone = loadInfo->GetInitialSecurityCheckDone();
|
|
|
|
// now lets set the initalSecurityFlag for subsequent calls
|
|
rv = loadInfo->SetInitialSecurityCheckDone(true);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
// since aChannel was openend using asyncOpen2() we have to make sure
|
|
// that redirects of that channel also get openend using asyncOpen2()
|
|
// please note that some implementations of ::AsyncOpen2 might already
|
|
// have set that flag to true (e.g. nsViewSourceChannel) in which case
|
|
// we just set the flag again.
|
|
rv = loadInfo->SetEnforceSecurity(true);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
nsCOMPtr<nsIURI> finalChannelURI;
|
|
rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(finalChannelURI));
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
nsSecurityFlags securityMode = loadInfo->GetSecurityMode();
|
|
|
|
// Allow subresource loads if TriggeringPrincipal is the SystemPrincipal.
|
|
// For example, allow user stylesheets to load XBL from external files.
|
|
if (nsContentUtils::IsSystemPrincipal(loadInfo->TriggeringPrincipal()) &&
|
|
loadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_DOCUMENT &&
|
|
loadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_SUBDOCUMENT) {
|
|
return NS_OK;
|
|
}
|
|
|
|
// if none of the REQUIRE_SAME_ORIGIN flags are set, then SOP does not apply
|
|
if ((securityMode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS) ||
|
|
(securityMode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED)) {
|
|
rv = DoSOPChecks(finalChannelURI, loadInfo);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
|
|
// if dealing with a redirected channel then we only enforce SOP
|
|
// and can return at this point.
|
|
if (initialSecurityCheckDone) {
|
|
return NS_OK;
|
|
}
|
|
|
|
if ((securityMode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS) ||
|
|
(securityMode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL)) {
|
|
// Please note that DoCheckLoadURIChecks should only be enforced for
|
|
// cross origin requests. If the flag SEC_REQUIRE_CORS_DATA_INHERITS is set
|
|
// within the loadInfo, then then CheckLoadURIWithPrincipal is performed
|
|
// within nsCorsListenerProxy
|
|
rv = DoCheckLoadURIChecks(finalChannelURI, loadInfo);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
|
|
if (securityMode == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
|
|
rv = DoCORSChecks(aChannel, loadInfo, aInAndOutListener);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
|
|
// Perform all ContentPolicy checks (MixedContent, CSP, ...)
|
|
rv = DoContentSecurityChecks(finalChannelURI, loadInfo);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
// all security checks passed - lets allow the load
|
|
return NS_OK;
|
|
}
|
|
|
|
|
|
// ==== nsIContentSecurityManager implementation =====
|
|
|
|
NS_IMETHODIMP
|
|
nsContentSecurityManager::PerformSecurityCheck(nsIChannel* aChannel,
|
|
nsIStreamListener* aStreamListener,
|
|
nsIStreamListener** outStreamListener)
|
|
{
|
|
nsCOMPtr<nsIStreamListener> inAndOutListener = aStreamListener;
|
|
nsresult rv = doContentSecurityCheck(aChannel, inAndOutListener);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
inAndOutListener.forget(outStreamListener);
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsContentSecurityManager::IsURIPotentiallyTrustworthy(nsIURI* aURI, bool* aIsTrustWorthy)
|
|
{
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
NS_ENSURE_ARG_POINTER(aURI);
|
|
NS_ENSURE_ARG_POINTER(aIsTrustWorthy);
|
|
|
|
*aIsTrustWorthy = false;
|
|
nsAutoCString scheme;
|
|
nsresult rv = aURI->GetScheme(scheme);
|
|
NS_ENSURE_SUCCESS(rv, NS_OK);
|
|
|
|
if (scheme.EqualsLiteral("https") ||
|
|
scheme.EqualsLiteral("file") ||
|
|
scheme.EqualsLiteral("app") ||
|
|
scheme.EqualsLiteral("wss")) {
|
|
*aIsTrustWorthy = true;
|
|
return NS_OK;
|
|
}
|
|
|
|
nsAutoCString host;
|
|
rv = aURI->GetHost(host);
|
|
NS_ENSURE_SUCCESS(rv, NS_OK);
|
|
|
|
if (host.Equals("127.0.0.1") ||
|
|
host.Equals("localhost") ||
|
|
host.Equals("::1")) {
|
|
*aIsTrustWorthy = true;
|
|
return NS_OK;
|
|
}
|
|
|
|
return NS_OK;
|
|
}
|