2016-05-28 00:54:31 +03:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
2014-07-07 22:13:04 +04:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
#include "BackgroundUtils.h"
|
|
|
|
|
|
|
|
#include "MainThreadUtils.h"
|
|
|
|
#include "mozilla/Assertions.h"
|
2015-08-17 12:03:19 +03:00
|
|
|
#include "mozilla/BasePrincipal.h"
|
2014-07-07 22:13:04 +04:00
|
|
|
#include "mozilla/ipc/PBackgroundSharedTypes.h"
|
2015-06-19 01:37:20 +03:00
|
|
|
#include "mozilla/net/NeckoChannelParams.h"
|
2015-04-07 01:44:04 +03:00
|
|
|
#include "nsPrincipal.h"
|
2014-07-07 22:13:04 +04:00
|
|
|
#include "nsIScriptSecurityManager.h"
|
|
|
|
#include "nsIURI.h"
|
|
|
|
#include "nsNetUtil.h"
|
2015-07-06 08:55:00 +03:00
|
|
|
#include "mozilla/LoadInfo.h"
|
2014-07-07 22:13:04 +04:00
|
|
|
#include "nsNullPrincipal.h"
|
|
|
|
#include "nsServiceManagerUtils.h"
|
|
|
|
#include "nsString.h"
|
2015-07-20 05:11:03 +03:00
|
|
|
#include "nsTArray.h"
|
2014-07-07 22:13:04 +04:00
|
|
|
|
|
|
|
namespace mozilla {
|
2015-07-14 08:43:13 +03:00
|
|
|
namespace net {
|
|
|
|
class OptionalLoadInfoArgs;
|
|
|
|
}
|
|
|
|
|
2015-08-17 12:03:19 +03:00
|
|
|
using mozilla::BasePrincipal;
|
2015-07-14 08:43:13 +03:00
|
|
|
using namespace mozilla::net;
|
|
|
|
|
2014-07-07 22:13:04 +04:00
|
|
|
namespace ipc {
|
|
|
|
|
|
|
|
already_AddRefed<nsIPrincipal>
|
|
|
|
PrincipalInfoToPrincipal(const PrincipalInfo& aPrincipalInfo,
|
|
|
|
nsresult* aOptionalResult)
|
|
|
|
{
|
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
MOZ_ASSERT(aPrincipalInfo.type() != PrincipalInfo::T__None);
|
|
|
|
|
|
|
|
nsresult stackResult;
|
|
|
|
nsresult& rv = aOptionalResult ? *aOptionalResult : stackResult;
|
|
|
|
|
|
|
|
nsCOMPtr<nsIScriptSecurityManager> secMan =
|
|
|
|
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsCOMPtr<nsIPrincipal> principal;
|
|
|
|
|
|
|
|
switch (aPrincipalInfo.type()) {
|
|
|
|
case PrincipalInfo::TSystemPrincipalInfo: {
|
|
|
|
rv = secMan->GetSystemPrincipal(getter_AddRefs(principal));
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
|
|
|
|
return principal.forget();
|
|
|
|
}
|
|
|
|
|
|
|
|
case PrincipalInfo::TNullPrincipalInfo: {
|
2016-04-21 11:30:03 +03:00
|
|
|
const NullPrincipalInfo& info =
|
|
|
|
aPrincipalInfo.get_NullPrincipalInfo();
|
2014-07-07 22:13:04 +04:00
|
|
|
|
2016-11-30 17:13:27 +03:00
|
|
|
nsCOMPtr<nsIURI> uri;
|
|
|
|
rv = NS_NewURI(getter_AddRefs(uri), info.spec());
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
|
|
|
|
principal = nsNullPrincipal::Create(info.attrs(), uri);
|
2014-07-07 22:13:04 +04:00
|
|
|
return principal.forget();
|
|
|
|
}
|
|
|
|
|
|
|
|
case PrincipalInfo::TContentPrincipalInfo: {
|
|
|
|
const ContentPrincipalInfo& info =
|
|
|
|
aPrincipalInfo.get_ContentPrincipalInfo();
|
|
|
|
|
|
|
|
nsCOMPtr<nsIURI> uri;
|
|
|
|
rv = NS_NewURI(getter_AddRefs(uri), info.spec());
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
|
2017-01-12 19:38:48 +03:00
|
|
|
OriginAttributes attrs;
|
2016-05-24 13:01:34 +03:00
|
|
|
if (info.attrs().mAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID) {
|
|
|
|
attrs = info.attrs();
|
2014-07-07 22:13:04 +04:00
|
|
|
}
|
2016-05-24 13:01:34 +03:00
|
|
|
principal = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
|
|
|
|
rv = principal ? NS_OK : NS_ERROR_FAILURE;
|
2014-07-07 22:13:04 +04:00
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
|
|
|
|
return principal.forget();
|
|
|
|
}
|
|
|
|
|
2015-04-07 01:44:04 +03:00
|
|
|
case PrincipalInfo::TExpandedPrincipalInfo: {
|
|
|
|
const ExpandedPrincipalInfo& info = aPrincipalInfo.get_ExpandedPrincipalInfo();
|
|
|
|
|
2016-09-10 01:52:55 +03:00
|
|
|
nsTArray<nsCOMPtr<nsIPrincipal>> whitelist;
|
2015-04-07 01:44:04 +03:00
|
|
|
nsCOMPtr<nsIPrincipal> wlPrincipal;
|
|
|
|
|
|
|
|
for (uint32_t i = 0; i < info.whitelist().Length(); i++) {
|
|
|
|
wlPrincipal = PrincipalInfoToPrincipal(info.whitelist()[i], &rv);
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
// append that principal to the whitelist
|
|
|
|
whitelist.AppendElement(wlPrincipal);
|
|
|
|
}
|
|
|
|
|
2016-09-10 01:52:55 +03:00
|
|
|
RefPtr<nsExpandedPrincipal> expandedPrincipal = new nsExpandedPrincipal(whitelist, info.attrs());
|
2015-04-07 01:44:04 +03:00
|
|
|
if (!expandedPrincipal) {
|
|
|
|
NS_WARNING("could not instantiate expanded principal");
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
|
|
|
|
principal = expandedPrincipal;
|
|
|
|
return principal.forget();
|
|
|
|
}
|
|
|
|
|
2014-07-07 22:13:04 +04:00
|
|
|
default:
|
|
|
|
MOZ_CRASH("Unknown PrincipalInfo type!");
|
|
|
|
}
|
|
|
|
|
|
|
|
MOZ_CRASH("Should never get here!");
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult
|
|
|
|
PrincipalToPrincipalInfo(nsIPrincipal* aPrincipal,
|
|
|
|
PrincipalInfo* aPrincipalInfo)
|
|
|
|
{
|
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
MOZ_ASSERT(aPrincipal);
|
|
|
|
MOZ_ASSERT(aPrincipalInfo);
|
|
|
|
|
2016-08-12 08:19:29 +03:00
|
|
|
if (aPrincipal->GetIsNullPrincipal()) {
|
2016-11-30 17:13:27 +03:00
|
|
|
nsCOMPtr<nsIURI> uri;
|
|
|
|
nsresult rv = aPrincipal->GetURI(getter_AddRefs(uri));
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (NS_WARN_IF(!uri)) {
|
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsAutoCString spec;
|
|
|
|
rv = uri->GetSpec(spec);
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
*aPrincipalInfo =
|
2016-12-19 13:30:29 +03:00
|
|
|
NullPrincipalInfo(aPrincipal->OriginAttributesRef(), spec);
|
2014-07-07 22:13:04 +04:00
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2016-08-12 08:19:29 +03:00
|
|
|
nsresult rv;
|
2014-07-07 22:13:04 +04:00
|
|
|
nsCOMPtr<nsIScriptSecurityManager> secMan =
|
|
|
|
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool isSystemPrincipal;
|
|
|
|
rv = secMan->IsSystemPrincipal(aPrincipal, &isSystemPrincipal);
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isSystemPrincipal) {
|
|
|
|
*aPrincipalInfo = SystemPrincipalInfo();
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2015-04-07 01:44:04 +03:00
|
|
|
// might be an expanded principal
|
|
|
|
nsCOMPtr<nsIExpandedPrincipal> expanded =
|
|
|
|
do_QueryInterface(aPrincipal);
|
|
|
|
|
|
|
|
if (expanded) {
|
|
|
|
nsTArray<PrincipalInfo> whitelistInfo;
|
|
|
|
PrincipalInfo info;
|
|
|
|
|
|
|
|
nsTArray< nsCOMPtr<nsIPrincipal> >* whitelist;
|
2016-03-28 20:28:15 +03:00
|
|
|
MOZ_ALWAYS_SUCCEEDS(expanded->GetWhiteList(&whitelist));
|
2015-04-07 01:44:04 +03:00
|
|
|
|
|
|
|
for (uint32_t i = 0; i < whitelist->Length(); i++) {
|
|
|
|
rv = PrincipalToPrincipalInfo((*whitelist)[i], &info);
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
// append that spec to the whitelist
|
|
|
|
whitelistInfo.AppendElement(info);
|
|
|
|
}
|
|
|
|
|
2016-09-10 01:52:55 +03:00
|
|
|
*aPrincipalInfo =
|
2016-12-19 13:30:29 +03:00
|
|
|
ExpandedPrincipalInfo(aPrincipal->OriginAttributesRef(),
|
2016-09-10 01:52:55 +03:00
|
|
|
Move(whitelistInfo));
|
2015-04-07 01:44:04 +03:00
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
// must be a content principal
|
|
|
|
|
2014-07-07 22:13:04 +04:00
|
|
|
nsCOMPtr<nsIURI> uri;
|
|
|
|
rv = aPrincipal->GetURI(getter_AddRefs(uri));
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
2014-12-04 21:12:47 +03:00
|
|
|
if (NS_WARN_IF(!uri)) {
|
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
}
|
|
|
|
|
2016-11-30 17:13:27 +03:00
|
|
|
nsAutoCString spec;
|
2014-07-07 22:13:04 +04:00
|
|
|
rv = uri->GetSpec(spec);
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
2016-12-19 13:30:29 +03:00
|
|
|
*aPrincipalInfo = ContentPrincipalInfo(aPrincipal->OriginAttributesRef(),
|
2015-09-23 13:19:06 +03:00
|
|
|
spec);
|
2014-07-07 22:13:04 +04:00
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2015-06-19 01:37:20 +03:00
|
|
|
nsresult
|
|
|
|
LoadInfoToLoadInfoArgs(nsILoadInfo *aLoadInfo,
|
2015-07-14 08:43:13 +03:00
|
|
|
OptionalLoadInfoArgs* aOptionalLoadInfoArgs)
|
2015-06-19 01:37:20 +03:00
|
|
|
{
|
2015-07-14 08:43:13 +03:00
|
|
|
if (!aLoadInfo) {
|
|
|
|
// if there is no loadInfo, then there is nothing to serialize
|
|
|
|
*aOptionalLoadInfoArgs = void_t();
|
2015-06-19 01:37:20 +03:00
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2015-07-14 08:43:13 +03:00
|
|
|
nsresult rv = NS_OK;
|
2016-04-14 02:30:16 +03:00
|
|
|
OptionalPrincipalInfo loadingPrincipalInfo = mozilla::void_t();
|
|
|
|
if (aLoadInfo->LoadingPrincipal()) {
|
|
|
|
PrincipalInfo loadingPrincipalInfoTemp;
|
|
|
|
rv = PrincipalToPrincipalInfo(aLoadInfo->LoadingPrincipal(),
|
|
|
|
&loadingPrincipalInfoTemp);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
loadingPrincipalInfo = loadingPrincipalInfoTemp;
|
|
|
|
}
|
2015-07-14 08:43:13 +03:00
|
|
|
|
|
|
|
PrincipalInfo triggeringPrincipalInfo;
|
|
|
|
rv = PrincipalToPrincipalInfo(aLoadInfo->TriggeringPrincipal(),
|
|
|
|
&triggeringPrincipalInfo);
|
|
|
|
|
2016-11-08 09:23:12 +03:00
|
|
|
OptionalPrincipalInfo principalToInheritInfo = mozilla::void_t();
|
|
|
|
if (aLoadInfo->PrincipalToInherit()) {
|
|
|
|
PrincipalInfo principalToInheritInfoTemp;
|
|
|
|
rv = PrincipalToPrincipalInfo(aLoadInfo->PrincipalToInherit(),
|
|
|
|
&principalToInheritInfoTemp);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
principalToInheritInfo = principalToInheritInfoTemp;
|
|
|
|
}
|
2016-09-20 09:35:45 +03:00
|
|
|
|
2015-11-01 01:18:59 +03:00
|
|
|
nsTArray<PrincipalInfo> redirectChainIncludingInternalRedirects;
|
|
|
|
for (const nsCOMPtr<nsIPrincipal>& principal : aLoadInfo->RedirectChainIncludingInternalRedirects()) {
|
|
|
|
rv = PrincipalToPrincipalInfo(principal, redirectChainIncludingInternalRedirects.AppendElement());
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
}
|
|
|
|
|
2015-07-20 05:11:03 +03:00
|
|
|
nsTArray<PrincipalInfo> redirectChain;
|
|
|
|
for (const nsCOMPtr<nsIPrincipal>& principal : aLoadInfo->RedirectChain()) {
|
|
|
|
rv = PrincipalToPrincipalInfo(principal, redirectChain.AppendElement());
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
}
|
|
|
|
|
2015-07-14 08:43:13 +03:00
|
|
|
*aOptionalLoadInfoArgs =
|
|
|
|
LoadInfoArgs(
|
2016-04-14 02:30:16 +03:00
|
|
|
loadingPrincipalInfo,
|
2015-07-14 08:43:13 +03:00
|
|
|
triggeringPrincipalInfo,
|
2016-09-20 09:35:45 +03:00
|
|
|
principalToInheritInfo,
|
2015-07-14 08:43:13 +03:00
|
|
|
aLoadInfo->GetSecurityFlags(),
|
2015-10-19 21:14:54 +03:00
|
|
|
aLoadInfo->InternalContentPolicyType(),
|
2015-12-07 02:33:15 +03:00
|
|
|
static_cast<uint32_t>(aLoadInfo->GetTainting()),
|
2015-07-14 08:43:13 +03:00
|
|
|
aLoadInfo->GetUpgradeInsecureRequests(),
|
2016-03-14 13:56:52 +03:00
|
|
|
aLoadInfo->GetVerifySignedContent(),
|
2016-03-16 06:13:26 +03:00
|
|
|
aLoadInfo->GetEnforceSRI(),
|
2016-07-18 09:35:13 +03:00
|
|
|
aLoadInfo->GetForceInheritPrincipalDropped(),
|
2015-07-14 08:43:13 +03:00
|
|
|
aLoadInfo->GetInnerWindowID(),
|
|
|
|
aLoadInfo->GetOuterWindowID(),
|
2015-07-20 05:11:03 +03:00
|
|
|
aLoadInfo->GetParentOuterWindowID(),
|
2016-06-27 03:42:00 +03:00
|
|
|
aLoadInfo->GetFrameOuterWindowID(),
|
2015-07-20 05:11:57 +03:00
|
|
|
aLoadInfo->GetEnforceSecurity(),
|
|
|
|
aLoadInfo->GetInitialSecurityCheckDone(),
|
2015-12-01 00:25:29 +03:00
|
|
|
aLoadInfo->GetIsInThirdPartyContext(),
|
2015-10-22 00:47:00 +03:00
|
|
|
aLoadInfo->GetOriginAttributes(),
|
2015-11-01 01:18:59 +03:00
|
|
|
redirectChainIncludingInternalRedirects,
|
2015-12-07 02:33:14 +03:00
|
|
|
redirectChain,
|
|
|
|
aLoadInfo->CorsUnsafeHeaders(),
|
|
|
|
aLoadInfo->GetForcePreflight(),
|
Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
2016-09-27 18:27:00 +03:00
|
|
|
aLoadInfo->GetIsPreflight(),
|
|
|
|
aLoadInfo->GetForceHSTSPriming(),
|
|
|
|
aLoadInfo->GetMixedContentWouldBlock());
|
2015-07-14 08:43:13 +03:00
|
|
|
|
2015-06-19 01:37:20 +03:00
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult
|
2015-07-14 08:43:13 +03:00
|
|
|
LoadInfoArgsToLoadInfo(const OptionalLoadInfoArgs& aOptionalLoadInfoArgs,
|
2015-06-19 01:37:20 +03:00
|
|
|
nsILoadInfo** outLoadInfo)
|
|
|
|
{
|
2015-07-14 08:43:13 +03:00
|
|
|
if (aOptionalLoadInfoArgs.type() == OptionalLoadInfoArgs::Tvoid_t) {
|
|
|
|
*outLoadInfo = nullptr;
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
const LoadInfoArgs& loadInfoArgs =
|
|
|
|
aOptionalLoadInfoArgs.get_LoadInfoArgs();
|
|
|
|
|
2015-06-19 01:37:20 +03:00
|
|
|
nsresult rv = NS_OK;
|
2016-04-14 02:30:16 +03:00
|
|
|
nsCOMPtr<nsIPrincipal> loadingPrincipal;
|
|
|
|
if (loadInfoArgs.requestingPrincipalInfo().type() != OptionalPrincipalInfo::Tvoid_t) {
|
|
|
|
loadingPrincipal = PrincipalInfoToPrincipal(loadInfoArgs.requestingPrincipalInfo(), &rv);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
}
|
|
|
|
|
2015-06-19 01:37:20 +03:00
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
nsCOMPtr<nsIPrincipal> triggeringPrincipal =
|
2015-07-14 08:43:13 +03:00
|
|
|
PrincipalInfoToPrincipal(loadInfoArgs.triggeringPrincipalInfo(), &rv);
|
2015-06-19 01:37:20 +03:00
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
|
2016-11-08 09:23:12 +03:00
|
|
|
nsCOMPtr<nsIPrincipal> principalToInherit;
|
|
|
|
if (loadInfoArgs.principalToInheritInfo().type() != OptionalPrincipalInfo::Tvoid_t) {
|
|
|
|
principalToInherit = PrincipalInfoToPrincipal(loadInfoArgs.principalToInheritInfo(), &rv);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
}
|
2016-09-20 09:35:45 +03:00
|
|
|
|
2015-11-01 01:18:59 +03:00
|
|
|
nsTArray<nsCOMPtr<nsIPrincipal>> redirectChainIncludingInternalRedirects;
|
|
|
|
for (const PrincipalInfo& principalInfo : loadInfoArgs.redirectChainIncludingInternalRedirects()) {
|
|
|
|
nsCOMPtr<nsIPrincipal> redirectedPrincipal =
|
|
|
|
PrincipalInfoToPrincipal(principalInfo, &rv);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
redirectChainIncludingInternalRedirects.AppendElement(redirectedPrincipal.forget());
|
|
|
|
}
|
|
|
|
|
2015-07-20 05:11:03 +03:00
|
|
|
nsTArray<nsCOMPtr<nsIPrincipal>> redirectChain;
|
|
|
|
for (const PrincipalInfo& principalInfo : loadInfoArgs.redirectChain()) {
|
|
|
|
nsCOMPtr<nsIPrincipal> redirectedPrincipal =
|
|
|
|
PrincipalInfoToPrincipal(principalInfo, &rv);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
redirectChain.AppendElement(redirectedPrincipal.forget());
|
|
|
|
}
|
|
|
|
|
2015-06-19 01:37:20 +03:00
|
|
|
nsCOMPtr<nsILoadInfo> loadInfo =
|
2016-04-14 02:30:16 +03:00
|
|
|
new mozilla::LoadInfo(loadingPrincipal,
|
2015-06-19 01:37:20 +03:00
|
|
|
triggeringPrincipal,
|
2016-09-20 09:35:45 +03:00
|
|
|
principalToInherit,
|
2015-07-14 08:43:13 +03:00
|
|
|
loadInfoArgs.securityFlags(),
|
|
|
|
loadInfoArgs.contentPolicyType(),
|
2015-12-07 02:33:15 +03:00
|
|
|
static_cast<LoadTainting>(loadInfoArgs.tainting()),
|
2015-07-14 08:43:13 +03:00
|
|
|
loadInfoArgs.upgradeInsecureRequests(),
|
2016-03-14 13:56:52 +03:00
|
|
|
loadInfoArgs.verifySignedContent(),
|
2016-03-16 06:13:26 +03:00
|
|
|
loadInfoArgs.enforceSRI(),
|
2016-07-18 09:35:13 +03:00
|
|
|
loadInfoArgs.forceInheritPrincipalDropped(),
|
2015-07-14 08:43:13 +03:00
|
|
|
loadInfoArgs.innerWindowID(),
|
|
|
|
loadInfoArgs.outerWindowID(),
|
2015-07-20 05:11:03 +03:00
|
|
|
loadInfoArgs.parentOuterWindowID(),
|
2016-06-27 03:42:00 +03:00
|
|
|
loadInfoArgs.frameOuterWindowID(),
|
2015-07-20 05:11:57 +03:00
|
|
|
loadInfoArgs.enforceSecurity(),
|
|
|
|
loadInfoArgs.initialSecurityCheckDone(),
|
2015-12-01 00:25:29 +03:00
|
|
|
loadInfoArgs.isInThirdPartyContext(),
|
2015-10-22 00:47:00 +03:00
|
|
|
loadInfoArgs.originAttributes(),
|
2015-11-01 01:18:59 +03:00
|
|
|
redirectChainIncludingInternalRedirects,
|
2015-12-07 02:33:14 +03:00
|
|
|
redirectChain,
|
|
|
|
loadInfoArgs.corsUnsafeHeaders(),
|
|
|
|
loadInfoArgs.forcePreflight(),
|
Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
2016-09-27 18:27:00 +03:00
|
|
|
loadInfoArgs.isPreflight(),
|
|
|
|
loadInfoArgs.forceHSTSPriming(),
|
|
|
|
loadInfoArgs.mixedContentWouldBlock()
|
|
|
|
);
|
2015-07-14 08:43:13 +03:00
|
|
|
|
|
|
|
loadInfo.forget(outLoadInfo);
|
|
|
|
return NS_OK;
|
2015-06-19 01:37:20 +03:00
|
|
|
}
|
|
|
|
|
2014-07-07 22:13:04 +04:00
|
|
|
} // namespace ipc
|
|
|
|
} // namespace mozilla
|