2003-07-24 09:15:20 +04:00
|
|
|
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
2005-10-14 22:57:26 +04:00
|
|
|
/* vim: set ts=2 sw=2 et tw=80: */
|
2012-05-21 15:12:37 +04:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2003-07-24 09:15:20 +04:00
|
|
|
|
2017-03-22 13:39:31 +03:00
|
|
|
#include "ContentPrincipal.h"
|
2013-08-14 10:56:21 +04:00
|
|
|
|
2013-01-09 01:53:32 +04:00
|
|
|
#include "mozIThirdPartyUtil.h"
|
2018-07-24 23:15:57 +03:00
|
|
|
#include "nsContentUtils.h"
|
2003-07-24 09:15:20 +04:00
|
|
|
#include "nscore.h"
|
|
|
|
#include "nsScriptSecurityManager.h"
|
|
|
|
#include "nsString.h"
|
|
|
|
#include "nsReadableUtils.h"
|
2013-07-12 00:21:45 +04:00
|
|
|
#include "pratom.h"
|
2003-07-24 09:15:20 +04:00
|
|
|
#include "nsIURI.h"
|
2015-07-07 05:17:00 +03:00
|
|
|
#include "nsIURL.h"
|
2015-06-27 03:49:41 +03:00
|
|
|
#include "nsIStandardURL.h"
|
2018-07-31 11:27:00 +03:00
|
|
|
#include "nsIURIWithSpecialOrigin.h"
|
2018-09-05 06:22:16 +03:00
|
|
|
#include "nsIURIMutator.h"
|
2003-07-24 09:15:20 +04:00
|
|
|
#include "nsJSPrincipals.h"
|
2015-03-13 23:15:09 +03:00
|
|
|
#include "nsIEffectiveTLDService.h"
|
2006-03-15 07:59:42 +03:00
|
|
|
#include "nsIClassInfoImpl.h"
|
2017-03-22 13:39:31 +03:00
|
|
|
#include "nsIObjectInputStream.h"
|
|
|
|
#include "nsIObjectOutputStream.h"
|
2014-11-11 12:10:56 +03:00
|
|
|
#include "nsIProtocolHandler.h"
|
2012-07-27 18:03:27 +04:00
|
|
|
#include "nsError.h"
|
2010-01-23 00:38:21 +03:00
|
|
|
#include "nsIContentSecurityPolicy.h"
|
2015-03-13 23:15:09 +03:00
|
|
|
#include "nsNetCID.h"
|
2018-02-21 19:30:19 +03:00
|
|
|
#include "js/Wrapper.h"
|
2003-07-24 09:15:20 +04:00
|
|
|
|
2018-07-24 23:15:57 +03:00
|
|
|
#include "mozilla/dom/BlobURLProtocolHandler.h"
|
2015-07-27 21:57:56 +03:00
|
|
|
#include "mozilla/dom/nsCSPContext.h"
|
2014-08-15 05:47:15 +04:00
|
|
|
#include "mozilla/dom/ScriptSettings.h"
|
2016-11-06 08:38:17 +03:00
|
|
|
#include "mozilla/ClearOnShutdown.h"
|
2017-09-05 21:04:43 +03:00
|
|
|
#include "mozilla/ExtensionPolicyService.h"
|
2011-06-20 07:00:16 +04:00
|
|
|
#include "mozilla/Preferences.h"
|
2012-03-13 02:53:18 +04:00
|
|
|
#include "mozilla/HashFunctions.h"
|
2009-06-16 15:00:06 +04:00
|
|
|
|
2011-06-20 07:00:16 +04:00
|
|
|
using namespace mozilla;
|
2009-06-16 15:00:06 +04:00
|
|
|
|
2017-09-05 21:04:43 +03:00
|
|
|
static inline ExtensionPolicyService&
|
|
|
|
EPS()
|
2016-11-06 08:38:17 +03:00
|
|
|
{
|
2017-09-05 21:04:43 +03:00
|
|
|
return ExtensionPolicyService::GetSingleton();
|
2016-11-06 08:38:17 +03:00
|
|
|
}
|
|
|
|
|
2017-03-22 13:39:31 +03:00
|
|
|
NS_IMPL_CLASSINFO(ContentPrincipal, nullptr, nsIClassInfo::MAIN_THREAD_ONLY,
|
2012-06-10 02:19:26 +04:00
|
|
|
NS_PRINCIPAL_CID)
|
2017-03-22 13:39:31 +03:00
|
|
|
NS_IMPL_QUERY_INTERFACE_CI(ContentPrincipal,
|
2014-04-27 11:06:00 +04:00
|
|
|
nsIPrincipal,
|
|
|
|
nsISerializable)
|
2017-03-22 13:39:31 +03:00
|
|
|
NS_IMPL_CI_INTERFACE_GETTER(ContentPrincipal,
|
2012-06-10 02:19:26 +04:00
|
|
|
nsIPrincipal,
|
|
|
|
nsISerializable)
|
|
|
|
|
2017-03-22 13:39:31 +03:00
|
|
|
ContentPrincipal::ContentPrincipal()
|
2017-02-24 05:33:40 +03:00
|
|
|
: BasePrincipal(eCodebasePrincipal)
|
|
|
|
{
|
|
|
|
}
|
2012-06-10 02:19:26 +04:00
|
|
|
|
2017-03-22 13:39:31 +03:00
|
|
|
ContentPrincipal::~ContentPrincipal()
|
2016-12-08 23:44:59 +03:00
|
|
|
{
|
2015-07-27 21:57:56 +03:00
|
|
|
// let's clear the principal within the csp to avoid a tangling pointer
|
|
|
|
if (mCSP) {
|
|
|
|
static_cast<nsCSPContext*>(mCSP.get())->clearLoadingPrincipal();
|
|
|
|
}
|
|
|
|
}
|
2012-06-10 02:19:26 +04:00
|
|
|
|
2012-05-03 01:57:34 +04:00
|
|
|
nsresult
|
2017-03-22 13:39:31 +03:00
|
|
|
ContentPrincipal::Init(nsIURI *aCodebase,
|
2017-03-29 09:24:01 +03:00
|
|
|
const OriginAttributes& aOriginAttributes,
|
|
|
|
const nsACString& aOriginNoSuffix)
|
2012-06-10 02:19:26 +04:00
|
|
|
{
|
2012-10-22 10:29:56 +04:00
|
|
|
NS_ENSURE_ARG(aCodebase);
|
2012-06-10 02:19:26 +04:00
|
|
|
|
2017-02-24 05:47:28 +03:00
|
|
|
// Assert that the URI we get here isn't any of the schemes that we know we
|
|
|
|
// should not get here. These schemes always either inherit their principal
|
|
|
|
// or fall back to a null principal. These are schemes which return
|
|
|
|
// URI_INHERITS_SECURITY_CONTEXT from their protocol handler's
|
|
|
|
// GetProtocolFlags function.
|
|
|
|
bool hasFlag;
|
|
|
|
Unused << hasFlag; // silence possible compiler warnings.
|
|
|
|
MOZ_DIAGNOSTIC_ASSERT(
|
|
|
|
NS_SUCCEEDED(NS_URIChainHasFlags(aCodebase,
|
|
|
|
nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
|
|
|
|
&hasFlag)) &&
|
|
|
|
!hasFlag);
|
|
|
|
|
2018-05-09 19:21:24 +03:00
|
|
|
mCodebase = aCodebase;
|
2017-03-29 09:24:01 +03:00
|
|
|
FinishInit(aOriginNoSuffix, aOriginAttributes);
|
2017-02-25 01:02:24 +03:00
|
|
|
|
2012-10-22 10:29:56 +04:00
|
|
|
return NS_OK;
|
2012-06-10 02:19:26 +04:00
|
|
|
}
|
|
|
|
|
2016-08-30 07:22:04 +03:00
|
|
|
nsresult
|
2017-03-22 13:39:31 +03:00
|
|
|
ContentPrincipal::GetScriptLocation(nsACString &aStr)
|
2012-06-10 02:19:26 +04:00
|
|
|
{
|
2016-08-30 07:22:04 +03:00
|
|
|
return mCodebase->GetSpec(aStr);
|
2012-06-10 02:19:26 +04:00
|
|
|
}
|
|
|
|
|
2017-03-29 09:22:26 +03:00
|
|
|
/* static */ nsresult
|
|
|
|
ContentPrincipal::GenerateOriginNoSuffixFromURI(nsIURI* aURI,
|
|
|
|
nsACString& aOriginNoSuffix)
|
2003-07-24 09:15:20 +04:00
|
|
|
{
|
2017-03-29 09:22:26 +03:00
|
|
|
if (!aURI) {
|
2012-07-19 08:23:44 +04:00
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
}
|
|
|
|
|
2017-03-29 09:22:26 +03:00
|
|
|
nsCOMPtr<nsIURI> origin = NS_GetInnermostURI(aURI);
|
2012-06-10 02:19:26 +04:00
|
|
|
if (!origin) {
|
|
|
|
return NS_ERROR_FAILURE;
|
2007-09-28 18:31:04 +04:00
|
|
|
}
|
2003-07-24 09:15:20 +04:00
|
|
|
|
2017-03-03 23:16:23 +03:00
|
|
|
MOZ_ASSERT(!NS_IsAboutBlank(origin),
|
|
|
|
"The inner URI for about:blank must be moz-safe-about:blank");
|
|
|
|
|
2017-04-04 23:49:06 +03:00
|
|
|
// Handle non-strict file:// uris.
|
2017-02-24 20:11:41 +03:00
|
|
|
if (!nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
|
|
|
|
NS_URIIsLocalFile(origin)) {
|
|
|
|
// If strict file origin policy is not in effect, all local files are
|
|
|
|
// considered to be same-origin, so return a known dummy origin here.
|
2017-03-29 09:22:26 +03:00
|
|
|
aOriginNoSuffix.AssignLiteral("file://UNIVERSAL_FILE_URI_ORIGIN");
|
2017-02-24 20:11:41 +03:00
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2017-04-04 23:49:06 +03:00
|
|
|
|
|
|
|
nsresult rv;
|
|
|
|
// NB: This is only compiled for Thunderbird/Suite.
|
|
|
|
#if IS_ORIGIN_IS_FULL_SPEC_DEFINED
|
|
|
|
bool fullSpec = false;
|
|
|
|
rv = NS_URIChainHasFlags(origin, nsIProtocolHandler::ORIGIN_IS_FULL_SPEC, &fullSpec);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
if (fullSpec) {
|
2017-04-10 15:04:11 +03:00
|
|
|
return origin->GetAsciiSpec(aOriginNoSuffix);
|
2017-04-04 23:49:06 +03:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2015-06-27 03:49:41 +03:00
|
|
|
// We want the invariant that prinA.origin == prinB.origin i.f.f.
|
|
|
|
// prinA.equals(prinB). However, this requires that we impose certain constraints
|
|
|
|
// on the behavior and origin semantics of principals, and in particular, forbid
|
|
|
|
// creating origin strings for principals whose equality constraints are not
|
|
|
|
// expressible as strings (i.e. object equality). Moreover, we want to forbid URIs
|
|
|
|
// containing the magic "^" we use as a separating character for origin
|
|
|
|
// attributes.
|
|
|
|
//
|
|
|
|
// These constraints can generally be achieved by restricting .origin to
|
|
|
|
// nsIStandardURL-based URIs, but there are a few other URI schemes that we need
|
|
|
|
// to handle.
|
|
|
|
bool isBehaved;
|
|
|
|
if ((NS_SUCCEEDED(origin->SchemeIs("about", &isBehaved)) && isBehaved) ||
|
2017-03-03 23:16:23 +03:00
|
|
|
(NS_SUCCEEDED(origin->SchemeIs("moz-safe-about", &isBehaved)) && isBehaved &&
|
|
|
|
// We generally consider two about:foo origins to be same-origin, but
|
|
|
|
// about:blank is special since it can be generated from different sources.
|
|
|
|
// We check for moz-safe-about:blank since origin is an innermost URI.
|
|
|
|
!origin->GetSpecOrDefault().EqualsLiteral("moz-safe-about:blank")) ||
|
2015-06-27 03:49:41 +03:00
|
|
|
(NS_SUCCEEDED(origin->SchemeIs("indexeddb", &isBehaved)) && isBehaved)) {
|
2017-03-29 09:22:26 +03:00
|
|
|
rv = origin->GetAsciiSpec(aOriginNoSuffix);
|
2015-06-27 03:49:41 +03:00
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
2018-09-14 21:07:22 +03:00
|
|
|
|
|
|
|
int32_t pos = aOriginNoSuffix.FindChar('?');
|
|
|
|
int32_t hashPos = aOriginNoSuffix.FindChar('#');
|
|
|
|
|
|
|
|
if (hashPos != kNotFound && (pos == kNotFound || hashPos < pos)) {
|
|
|
|
pos = hashPos;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (pos != kNotFound) {
|
|
|
|
aOriginNoSuffix.Truncate(pos);
|
|
|
|
}
|
|
|
|
|
2015-06-27 03:49:41 +03:00
|
|
|
// These URIs could technically contain a '^', but they never should.
|
2017-03-29 09:22:26 +03:00
|
|
|
if (NS_WARN_IF(aOriginNoSuffix.FindChar('^', 0) != -1)) {
|
|
|
|
aOriginNoSuffix.Truncate();
|
2015-06-27 03:49:41 +03:00
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
}
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2016-12-08 23:44:59 +03:00
|
|
|
// This URL can be a blobURL. In this case, we should use the 'parent'
|
|
|
|
// principal instead.
|
2018-07-24 23:15:57 +03:00
|
|
|
nsCOMPtr<nsIPrincipal> blobPrincipal;
|
|
|
|
if (dom::BlobURLProtocolHandler::GetBlobURLPrincipal(origin,
|
|
|
|
getter_AddRefs(blobPrincipal))) {
|
|
|
|
MOZ_ASSERT(blobPrincipal);
|
|
|
|
return blobPrincipal->GetOriginNoSuffix(aOriginNoSuffix);
|
2003-07-24 09:15:20 +04:00
|
|
|
}
|
|
|
|
|
2016-12-08 23:44:59 +03:00
|
|
|
// If we reached this branch, we can only create an origin if we have a
|
|
|
|
// nsIStandardURL. So, we query to a nsIStandardURL, and fail if we aren't
|
|
|
|
// an instance of an nsIStandardURL nsIStandardURLs have the good property
|
|
|
|
// of escaping the '^' character in their specs, which means that we can be
|
|
|
|
// sure that the caret character (which is reserved for delimiting the end
|
|
|
|
// of the spec, and the beginning of the origin attributes) is not present
|
|
|
|
// in the origin string
|
|
|
|
nsCOMPtr<nsIStandardURL> standardURL = do_QueryInterface(origin);
|
2017-03-24 00:30:16 +03:00
|
|
|
if (!standardURL) {
|
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
}
|
2017-01-04 16:53:57 +03:00
|
|
|
|
2017-04-05 00:04:44 +03:00
|
|
|
// See whether we have a useful hostPort. If we do, use that.
|
|
|
|
nsAutoCString hostPort;
|
|
|
|
bool isChrome = false;
|
|
|
|
rv = origin->SchemeIs("chrome", &isChrome);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
if (!isChrome) {
|
|
|
|
rv = origin->GetAsciiHostPort(hostPort);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
}
|
|
|
|
if (!hostPort.IsEmpty()) {
|
|
|
|
rv = origin->GetScheme(aOriginNoSuffix);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
aOriginNoSuffix.AppendLiteral("://");
|
|
|
|
aOriginNoSuffix.Append(hostPort);
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2017-04-10 15:04:11 +03:00
|
|
|
rv = aURI->GetAsciiSpec(aOriginNoSuffix);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
|
|
|
|
// The origin, when taken from the spec, should not contain the ref part of
|
|
|
|
// the URL.
|
|
|
|
|
|
|
|
int32_t pos = aOriginNoSuffix.FindChar('?');
|
|
|
|
int32_t hashPos = aOriginNoSuffix.FindChar('#');
|
|
|
|
|
|
|
|
if (hashPos != kNotFound && (pos == kNotFound || hashPos < pos)) {
|
|
|
|
pos = hashPos;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (pos != kNotFound) {
|
|
|
|
aOriginNoSuffix.Truncate(pos);
|
|
|
|
}
|
|
|
|
|
|
|
|
return NS_OK;
|
2003-07-24 09:15:20 +04:00
|
|
|
}
|
|
|
|
|
2015-05-14 21:15:56 +03:00
|
|
|
bool
|
2017-03-22 13:39:31 +03:00
|
|
|
ContentPrincipal::SubsumesInternal(nsIPrincipal* aOther,
|
|
|
|
BasePrincipal::DocumentDomainConsideration aConsideration)
|
2003-07-24 09:15:20 +04:00
|
|
|
{
|
2015-05-14 21:15:56 +03:00
|
|
|
MOZ_ASSERT(aOther);
|
2012-06-10 02:19:26 +04:00
|
|
|
|
2017-03-22 13:39:31 +03:00
|
|
|
// For ContentPrincipal, Subsumes is equivalent to Equals.
|
2012-10-24 21:50:25 +04:00
|
|
|
if (aOther == this) {
|
2015-05-14 21:15:56 +03:00
|
|
|
return true;
|
2003-07-24 09:15:20 +04:00
|
|
|
}
|
|
|
|
|
2014-02-14 06:57:36 +04:00
|
|
|
// If either the subject or the object has changed its principal by
|
|
|
|
// explicitly setting document.domain then the other must also have
|
|
|
|
// done so in order to be considered the same origin. This prevents
|
|
|
|
// DNS spoofing based on document.domain (154930)
|
2015-05-14 21:15:56 +03:00
|
|
|
nsresult rv;
|
|
|
|
if (aConsideration == ConsiderDocumentDomain) {
|
|
|
|
// Get .domain on each principal.
|
|
|
|
nsCOMPtr<nsIURI> thisDomain, otherDomain;
|
|
|
|
GetDomain(getter_AddRefs(thisDomain));
|
|
|
|
aOther->GetDomain(getter_AddRefs(otherDomain));
|
|
|
|
|
|
|
|
// If either has .domain set, we have equality i.f.f. the domains match.
|
|
|
|
// Otherwise, we fall through to the non-document-domain-considering case.
|
|
|
|
if (thisDomain || otherDomain) {
|
2018-09-05 06:22:16 +03:00
|
|
|
bool isMatch =
|
|
|
|
nsScriptSecurityManager::SecurityCompareURIs(thisDomain, otherDomain);
|
|
|
|
#ifdef DEBUG
|
|
|
|
if (isMatch) {
|
|
|
|
nsAutoCString thisSiteOrigin, otherSiteOrigin;
|
|
|
|
MOZ_ALWAYS_SUCCEEDS(GetSiteOrigin(thisSiteOrigin));
|
|
|
|
MOZ_ALWAYS_SUCCEEDS(aOther->GetSiteOrigin(otherSiteOrigin));
|
|
|
|
MOZ_ASSERT(thisSiteOrigin == otherSiteOrigin,
|
|
|
|
"SubsumesConsideringDomain passed with mismatched siteOrigin!");
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
return isMatch;
|
2015-05-14 21:15:56 +03:00
|
|
|
}
|
2003-07-24 09:15:20 +04:00
|
|
|
}
|
|
|
|
|
2016-08-29 06:26:41 +03:00
|
|
|
nsCOMPtr<nsIURI> otherURI;
|
|
|
|
rv = aOther->GetURI(getter_AddRefs(otherURI));
|
|
|
|
NS_ENSURE_SUCCESS(rv, false);
|
2012-06-10 02:19:26 +04:00
|
|
|
|
|
|
|
// Compare codebases.
|
2015-05-14 21:15:56 +03:00
|
|
|
return nsScriptSecurityManager::SecurityCompareURIs(mCodebase, otherURI);
|
2014-02-14 06:57:34 +04:00
|
|
|
}
|
|
|
|
|
2003-07-24 09:15:20 +04:00
|
|
|
NS_IMETHODIMP
|
2017-03-22 13:39:31 +03:00
|
|
|
ContentPrincipal::GetURI(nsIURI** aURI)
|
2003-07-24 09:15:20 +04:00
|
|
|
{
|
2018-05-09 19:21:24 +03:00
|
|
|
NS_ADDREF(*aURI = mCodebase);
|
|
|
|
return NS_OK;
|
2003-07-24 09:15:20 +04:00
|
|
|
}
|
|
|
|
|
2015-10-01 06:03:36 +03:00
|
|
|
bool
|
2017-03-22 13:39:31 +03:00
|
|
|
ContentPrincipal::MayLoadInternal(nsIURI* aURI)
|
2003-07-24 09:15:20 +04:00
|
|
|
{
|
2018-07-24 23:15:57 +03:00
|
|
|
MOZ_ASSERT(aURI);
|
2018-07-24 23:15:17 +03:00
|
|
|
|
2018-07-31 11:27:00 +03:00
|
|
|
#if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
|
|
|
|
nsCOMPtr<nsIURIWithSpecialOrigin> uriWithSpecialOrigin = do_QueryInterface(aURI);
|
|
|
|
if (uriWithSpecialOrigin) {
|
|
|
|
nsCOMPtr<nsIURI> origin;
|
|
|
|
nsresult rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
MOZ_ASSERT(origin);
|
|
|
|
OriginAttributes attrs;
|
|
|
|
RefPtr<BasePrincipal> principal = BasePrincipal::CreateCodebasePrincipal(origin, attrs);
|
|
|
|
return nsIPrincipal::Subsumes(principal);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2018-07-24 23:15:57 +03:00
|
|
|
nsCOMPtr<nsIPrincipal> blobPrincipal;
|
|
|
|
if (dom::BlobURLProtocolHandler::GetBlobURLPrincipal(aURI,
|
|
|
|
getter_AddRefs(blobPrincipal))) {
|
|
|
|
MOZ_ASSERT(blobPrincipal);
|
|
|
|
return nsIPrincipal::Subsumes(blobPrincipal);
|
2014-10-29 11:21:17 +03:00
|
|
|
}
|
|
|
|
|
2015-07-08 03:53:15 +03:00
|
|
|
// If this principal is associated with an addon, check whether that addon
|
|
|
|
// has been given permission to load from this domain.
|
|
|
|
if (AddonAllowsLoad(aURI)) {
|
2015-10-01 06:03:36 +03:00
|
|
|
return true;
|
2015-07-08 03:53:15 +03:00
|
|
|
}
|
|
|
|
|
2013-06-01 01:33:51 +04:00
|
|
|
if (nsScriptSecurityManager::SecurityCompareURIs(mCodebase, aURI)) {
|
2015-10-01 06:03:36 +03:00
|
|
|
return true;
|
2013-06-01 01:33:51 +04:00
|
|
|
}
|
2013-01-09 01:53:32 +04:00
|
|
|
|
2013-06-01 01:33:51 +04:00
|
|
|
// If strict file origin policy is in effect, local files will always fail
|
|
|
|
// SecurityCompareURIs unless they are identical. Explicitly check file origin
|
|
|
|
// policy, in that case.
|
|
|
|
if (nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
|
|
|
|
NS_URIIsLocalFile(aURI) &&
|
|
|
|
NS_RelaxStrictFileOriginPolicy(aURI, mCodebase)) {
|
2015-10-01 06:03:36 +03:00
|
|
|
return true;
|
2005-07-22 23:05:42 +04:00
|
|
|
}
|
2012-06-10 02:19:26 +04:00
|
|
|
|
2015-10-01 06:03:36 +03:00
|
|
|
return false;
|
2005-07-22 23:05:42 +04:00
|
|
|
}
|
2003-07-24 09:15:20 +04:00
|
|
|
|
|
|
|
NS_IMETHODIMP
|
2017-03-22 13:39:31 +03:00
|
|
|
ContentPrincipal::GetHashValue(uint32_t* aValue)
|
2003-07-24 09:15:20 +04:00
|
|
|
{
|
2018-04-28 22:50:58 +03:00
|
|
|
MOZ_ASSERT(mCodebase, "Need a codebase");
|
2003-07-24 09:15:20 +04:00
|
|
|
|
2012-10-22 10:29:56 +04:00
|
|
|
*aValue = nsScriptSecurityManager::HashPrincipalByOrigin(this);
|
2003-07-24 09:15:20 +04:00
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
NS_IMETHODIMP
|
2017-03-22 13:39:31 +03:00
|
|
|
ContentPrincipal::GetDomain(nsIURI** aDomain)
|
2003-07-24 09:15:20 +04:00
|
|
|
{
|
2006-06-20 07:17:41 +04:00
|
|
|
if (!mDomain) {
|
2012-07-30 18:20:58 +04:00
|
|
|
*aDomain = nullptr;
|
2006-06-20 07:17:41 +04:00
|
|
|
return NS_OK;
|
|
|
|
}
|
2003-07-24 09:15:20 +04:00
|
|
|
|
2018-05-09 19:21:24 +03:00
|
|
|
NS_ADDREF(*aDomain = mDomain);
|
|
|
|
return NS_OK;
|
2003-07-24 09:15:20 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
NS_IMETHODIMP
|
2017-03-22 13:39:31 +03:00
|
|
|
ContentPrincipal::SetDomain(nsIURI* aDomain)
|
2003-07-24 09:15:20 +04:00
|
|
|
{
|
2018-09-06 19:40:56 +03:00
|
|
|
MOZ_ASSERT(aDomain);
|
|
|
|
|
2018-05-09 19:21:24 +03:00
|
|
|
mDomain = aDomain;
|
2017-03-29 09:21:03 +03:00
|
|
|
SetHasExplicitDomain();
|
2013-01-09 01:53:32 +04:00
|
|
|
|
2012-07-12 12:10:15 +04:00
|
|
|
// Recompute all wrappers between compartments using this principal and other
|
|
|
|
// non-chrome compartments.
|
2013-05-06 17:04:17 +04:00
|
|
|
AutoSafeJSContext cx;
|
2012-07-12 12:10:15 +04:00
|
|
|
JSPrincipals *principals = nsJSPrincipals::get(static_cast<nsIPrincipal*>(this));
|
|
|
|
bool success = js::RecomputeWrappers(cx, js::ContentCompartmentsOnly(),
|
|
|
|
js::CompartmentsWithPrincipals(principals));
|
|
|
|
NS_ENSURE_TRUE(success, NS_ERROR_FAILURE);
|
|
|
|
success = js::RecomputeWrappers(cx, js::CompartmentsWithPrincipals(principals),
|
|
|
|
js::ContentCompartmentsOnly());
|
|
|
|
NS_ENSURE_TRUE(success, NS_ERROR_FAILURE);
|
|
|
|
|
2018-09-11 12:01:14 +03:00
|
|
|
// Set the changed-document-domain flag on compartments containing realms
|
|
|
|
// using this principal.
|
|
|
|
auto cb = [](JSContext*, void*, JS::Handle<JS::Realm*> aRealm) {
|
|
|
|
JS::Compartment* comp = JS::GetCompartmentForRealm(aRealm);
|
|
|
|
xpc::SetCompartmentChangedDocumentDomain(comp);
|
|
|
|
};
|
|
|
|
JS::IterateRealmsWithPrincipals(cx, principals, nullptr, cb);
|
|
|
|
|
2003-07-24 09:15:20 +04:00
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2018-09-11 12:01:14 +03:00
|
|
|
static nsresult
|
2018-10-01 15:16:39 +03:00
|
|
|
GetSpecialBaseDomain(const nsCOMPtr<nsIURI>& aCodebase,
|
|
|
|
bool* aHandled,
|
|
|
|
nsACString& aBaseDomain)
|
2013-01-09 01:53:32 +04:00
|
|
|
{
|
2018-10-01 15:16:39 +03:00
|
|
|
*aHandled = false;
|
2018-09-11 12:01:14 +03:00
|
|
|
|
2013-01-09 01:53:32 +04:00
|
|
|
// For a file URI, we return the file path.
|
2018-09-11 12:01:14 +03:00
|
|
|
if (NS_URIIsLocalFile(aCodebase)) {
|
|
|
|
nsCOMPtr<nsIURL> url = do_QueryInterface(aCodebase);
|
2013-01-09 01:53:32 +04:00
|
|
|
|
|
|
|
if (url) {
|
2018-10-01 15:16:39 +03:00
|
|
|
*aHandled = true;
|
2013-01-09 01:53:32 +04:00
|
|
|
return url->GetFilePath(aBaseDomain);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-11-11 12:10:56 +03:00
|
|
|
bool hasNoRelativeFlag;
|
2018-09-11 12:01:14 +03:00
|
|
|
nsresult rv = NS_URIChainHasFlags(aCodebase,
|
2014-11-11 12:10:56 +03:00
|
|
|
nsIProtocolHandler::URI_NORELATIVE,
|
|
|
|
&hasNoRelativeFlag);
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (hasNoRelativeFlag) {
|
2018-10-01 15:16:39 +03:00
|
|
|
*aHandled = true;
|
2018-09-11 12:01:14 +03:00
|
|
|
return aCodebase->GetSpec(aBaseDomain);
|
2014-11-11 12:10:56 +03:00
|
|
|
}
|
|
|
|
|
2013-01-09 01:53:32 +04:00
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2018-09-05 06:22:16 +03:00
|
|
|
NS_IMETHODIMP
|
2018-09-11 12:01:14 +03:00
|
|
|
ContentPrincipal::GetBaseDomain(nsACString& aBaseDomain)
|
2018-09-05 06:22:16 +03:00
|
|
|
{
|
2018-10-01 15:16:39 +03:00
|
|
|
// Handle some special URIs first.
|
|
|
|
bool handled;
|
|
|
|
nsresult rv = GetSpecialBaseDomain(mCodebase, &handled, aBaseDomain);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
|
|
|
|
if (handled) {
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
// For everything else, we ask the TLD service via the ThirdPartyUtil.
|
|
|
|
nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
|
|
|
|
do_GetService(THIRDPARTYUTIL_CONTRACTID);
|
|
|
|
if (!thirdPartyUtil) {
|
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return thirdPartyUtil->GetBaseDomain(mCodebase, aBaseDomain);
|
2018-09-11 12:01:14 +03:00
|
|
|
}
|
2018-09-05 06:22:16 +03:00
|
|
|
|
2018-09-11 12:01:14 +03:00
|
|
|
NS_IMETHODIMP
|
|
|
|
ContentPrincipal::GetSiteOrigin(nsACString& aSiteOrigin)
|
|
|
|
{
|
2018-10-01 15:16:39 +03:00
|
|
|
// Handle some special URIs first.
|
2018-09-05 06:22:16 +03:00
|
|
|
nsAutoCString baseDomain;
|
2018-10-01 15:16:39 +03:00
|
|
|
bool handled;
|
|
|
|
nsresult rv = GetSpecialBaseDomain(mCodebase, &handled, baseDomain);
|
2018-09-11 12:01:14 +03:00
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
|
2018-10-01 15:16:39 +03:00
|
|
|
if (handled) {
|
2018-09-11 12:01:14 +03:00
|
|
|
// This is a special URI ("file:", "about:", "view-source:", etc). Just
|
|
|
|
// return the origin.
|
2018-09-05 06:22:16 +03:00
|
|
|
return GetOrigin(aSiteOrigin);
|
|
|
|
}
|
|
|
|
|
2018-10-01 15:16:39 +03:00
|
|
|
// For everything else, we ask the TLD service. Note that, unlike in
|
|
|
|
// GetBaseDomain, we don't use ThirdPartyUtil.getBaseDomain because if the
|
|
|
|
// host is an IP address that returns the raw address and we can't use it with
|
|
|
|
// SetHost below because SetHost expects '[' and ']' around IPv6 addresses.
|
|
|
|
// See bug 1491728.
|
|
|
|
nsCOMPtr<nsIEffectiveTLDService> tldService =
|
|
|
|
do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
|
|
|
|
if (!tldService) {
|
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool gotBaseDomain = false;
|
|
|
|
rv = tldService->GetBaseDomain(mCodebase, 0, baseDomain);
|
|
|
|
if (NS_SUCCEEDED(rv)) {
|
|
|
|
gotBaseDomain = true;
|
|
|
|
} else {
|
|
|
|
// If this is an IP address or something like "localhost", we just continue
|
|
|
|
// with gotBaseDomain = false.
|
|
|
|
if (rv != NS_ERROR_HOST_IS_IP_ADDRESS &&
|
|
|
|
rv != NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-09-05 06:22:16 +03:00
|
|
|
// NOTE: Calling `SetHostPort` with a portless domain is insufficient to clear
|
|
|
|
// the port, so an extra `SetPort` call has to be made.
|
|
|
|
nsCOMPtr<nsIURI> siteUri;
|
2018-10-01 15:16:39 +03:00
|
|
|
NS_MutateURI mutator(mCodebase);
|
|
|
|
mutator.SetUserPass(EmptyCString())
|
|
|
|
.SetPort(-1);
|
|
|
|
if (gotBaseDomain) {
|
|
|
|
mutator.SetHost(baseDomain);
|
|
|
|
}
|
|
|
|
rv = mutator.Finalize(siteUri);
|
2018-09-05 06:22:16 +03:00
|
|
|
MOZ_ASSERT(NS_SUCCEEDED(rv), "failed to create siteUri");
|
2018-09-11 12:01:14 +03:00
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
2018-09-05 06:22:16 +03:00
|
|
|
|
|
|
|
rv = GenerateOriginNoSuffixFromURI(siteUri, aSiteOrigin);
|
|
|
|
MOZ_ASSERT(NS_SUCCEEDED(rv), "failed to create siteOriginNoSuffix");
|
2018-09-11 12:01:14 +03:00
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
2018-09-05 06:22:16 +03:00
|
|
|
|
|
|
|
nsAutoCString suffix;
|
|
|
|
rv = GetOriginSuffix(suffix);
|
|
|
|
MOZ_ASSERT(NS_SUCCEEDED(rv), "failed to create suffix");
|
2018-09-11 12:01:14 +03:00
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
2018-09-05 06:22:16 +03:00
|
|
|
|
|
|
|
aSiteOrigin.Append(suffix);
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2018-09-11 12:01:14 +03:00
|
|
|
nsresult
|
|
|
|
ContentPrincipal::GetSiteIdentifier(SiteIdentifier& aSite)
|
|
|
|
{
|
|
|
|
nsCString siteOrigin;
|
|
|
|
nsresult rv = GetSiteOrigin(siteOrigin);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
|
|
|
|
RefPtr<BasePrincipal> principal = CreateCodebasePrincipal(siteOrigin);
|
|
|
|
if (!principal) {
|
|
|
|
NS_WARNING("could not instantiate codebase principal");
|
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
aSite.Init(principal);
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2017-09-05 21:04:43 +03:00
|
|
|
WebExtensionPolicy*
|
|
|
|
ContentPrincipal::AddonPolicy()
|
2016-11-06 08:38:17 +03:00
|
|
|
{
|
2017-09-05 21:04:43 +03:00
|
|
|
if (!mAddon.isSome()) {
|
|
|
|
NS_ENSURE_TRUE(mCodebase, nullptr);
|
|
|
|
|
|
|
|
bool isMozExt;
|
|
|
|
if (NS_SUCCEEDED(mCodebase->SchemeIs("moz-extension", &isMozExt)) && isMozExt) {
|
|
|
|
mAddon.emplace(EPS().GetByURL(mCodebase.get()));
|
|
|
|
} else {
|
|
|
|
mAddon.emplace(nullptr);
|
|
|
|
}
|
2016-11-06 08:38:17 +03:00
|
|
|
}
|
|
|
|
|
2017-09-05 21:04:43 +03:00
|
|
|
return mAddon.value();
|
|
|
|
}
|
2016-11-06 08:38:17 +03:00
|
|
|
|
2017-09-05 21:04:43 +03:00
|
|
|
NS_IMETHODIMP
|
|
|
|
ContentPrincipal::GetAddonId(nsAString& aAddonId)
|
|
|
|
{
|
|
|
|
auto policy = AddonPolicy();
|
|
|
|
if (policy) {
|
|
|
|
policy->GetId(aAddonId);
|
2016-11-06 08:38:17 +03:00
|
|
|
} else {
|
2017-09-05 21:04:43 +03:00
|
|
|
aAddonId.Truncate();
|
2016-11-06 08:38:17 +03:00
|
|
|
}
|
|
|
|
return NS_OK;
|
2017-09-05 21:04:43 +03:00
|
|
|
}
|
2016-11-06 08:38:17 +03:00
|
|
|
|
2003-07-24 09:15:20 +04:00
|
|
|
NS_IMETHODIMP
|
2017-03-22 13:39:31 +03:00
|
|
|
ContentPrincipal::Read(nsIObjectInputStream* aStream)
|
2003-07-24 09:15:20 +04:00
|
|
|
{
|
2014-03-15 23:00:17 +04:00
|
|
|
nsCOMPtr<nsISupports> supports;
|
2007-09-18 02:18:28 +04:00
|
|
|
nsCOMPtr<nsIURI> codebase;
|
2014-03-15 23:00:17 +04:00
|
|
|
nsresult rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
|
2007-09-18 02:18:28 +04:00
|
|
|
if (NS_FAILED(rv)) {
|
|
|
|
return rv;
|
2003-07-24 09:15:20 +04:00
|
|
|
}
|
|
|
|
|
2014-03-15 23:00:17 +04:00
|
|
|
codebase = do_QueryInterface(supports);
|
2018-05-15 00:04:49 +03:00
|
|
|
// Enforce re-parsing about: URIs so that if they change, we continue to use
|
|
|
|
// their new principals correctly.
|
|
|
|
bool isAbout = false;
|
|
|
|
if (NS_SUCCEEDED(codebase->SchemeIs("about", &isAbout)) && isAbout) {
|
|
|
|
nsAutoCString spec;
|
|
|
|
codebase->GetSpec(spec);
|
|
|
|
NS_ENSURE_SUCCESS(NS_NewURI(getter_AddRefs(codebase), spec), NS_ERROR_FAILURE);
|
|
|
|
}
|
2014-03-15 23:00:17 +04:00
|
|
|
|
2012-07-26 04:12:03 +04:00
|
|
|
nsCOMPtr<nsIURI> domain;
|
2014-03-15 23:00:17 +04:00
|
|
|
rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
|
2012-07-26 04:12:03 +04:00
|
|
|
if (NS_FAILED(rv)) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
2014-03-15 23:00:17 +04:00
|
|
|
domain = do_QueryInterface(supports);
|
|
|
|
|
2015-06-04 21:51:57 +03:00
|
|
|
nsAutoCString suffix;
|
|
|
|
rv = aStream->ReadCString(suffix);
|
2015-06-05 14:07:51 +03:00
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
2015-06-04 21:51:57 +03:00
|
|
|
|
2017-01-12 19:38:48 +03:00
|
|
|
OriginAttributes attrs;
|
2015-06-04 21:51:57 +03:00
|
|
|
bool ok = attrs.PopulateFromSuffix(suffix);
|
|
|
|
NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE);
|
|
|
|
|
2014-03-15 23:00:17 +04:00
|
|
|
rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
|
2014-01-24 03:34:59 +04:00
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
|
2017-03-29 09:24:01 +03:00
|
|
|
nsAutoCString originNoSuffix;
|
|
|
|
rv = GenerateOriginNoSuffixFromURI(codebase, originNoSuffix);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
|
|
|
|
rv = Init(codebase, attrs, originNoSuffix);
|
2007-09-18 02:18:28 +04:00
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
|
2016-01-15 00:21:31 +03:00
|
|
|
mCSP = do_QueryInterface(supports, &rv);
|
|
|
|
// make sure setRequestContext is called after Init(),
|
|
|
|
// to make sure the principals URI been initalized.
|
|
|
|
if (mCSP) {
|
|
|
|
mCSP->SetRequestContext(nullptr, this);
|
2016-01-14 05:34:50 +03:00
|
|
|
}
|
|
|
|
|
2018-09-06 19:40:56 +03:00
|
|
|
// Note: we don't call SetDomain here because we don't need the wrapper
|
|
|
|
// recomputation code there (we just created this principal).
|
|
|
|
mDomain = domain;
|
|
|
|
if (mDomain) {
|
|
|
|
SetHasExplicitDomain();
|
|
|
|
}
|
2007-09-18 02:18:28 +04:00
|
|
|
|
2003-07-24 09:15:20 +04:00
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
NS_IMETHODIMP
|
2017-03-22 13:39:31 +03:00
|
|
|
ContentPrincipal::Write(nsIObjectOutputStream* aStream)
|
2003-07-24 09:15:20 +04:00
|
|
|
{
|
2012-10-22 10:29:56 +04:00
|
|
|
NS_ENSURE_STATE(mCodebase);
|
|
|
|
nsresult rv = NS_WriteOptionalCompoundObject(aStream, mCodebase, NS_GET_IID(nsIURI),
|
|
|
|
true);
|
2007-09-18 02:18:28 +04:00
|
|
|
if (NS_FAILED(rv)) {
|
|
|
|
return rv;
|
2003-07-24 09:15:20 +04:00
|
|
|
}
|
|
|
|
|
2007-09-18 02:18:28 +04:00
|
|
|
rv = NS_WriteOptionalCompoundObject(aStream, mDomain, NS_GET_IID(nsIURI),
|
2011-10-17 18:59:28 +04:00
|
|
|
true);
|
2003-07-24 09:15:20 +04:00
|
|
|
if (NS_FAILED(rv)) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
2015-06-04 21:51:57 +03:00
|
|
|
nsAutoCString suffix;
|
|
|
|
OriginAttributesRef().CreateSuffix(suffix);
|
|
|
|
|
|
|
|
rv = aStream->WriteStringZ(suffix.get());
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
2012-07-20 09:44:03 +04:00
|
|
|
|
2014-01-24 03:34:59 +04:00
|
|
|
rv = NS_WriteOptionalCompoundObject(aStream, mCSP,
|
|
|
|
NS_GET_IID(nsIContentSecurityPolicy),
|
|
|
|
true);
|
|
|
|
if (NS_FAILED(rv)) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
2003-07-24 09:15:20 +04:00
|
|
|
return NS_OK;
|
|
|
|
}
|