2015-05-03 22:32:37 +03:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
2012-09-17 07:49:43 +04:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
|
|
#ifndef nsMixedContentBlocker_h___
|
|
|
|
|
#define nsMixedContentBlocker_h___
|
|
|
|
|
|
|
|
|
|
#define NS_MIXEDCONTENTBLOCKER_CONTRACTID "@mozilla.org/mixedcontentblocker;1"
|
|
|
|
|
/* daf1461b-bf29-4f88-8d0e-4bcdf332c862 */
|
|
|
|
|
#define NS_MIXEDCONTENTBLOCKER_CID \
|
|
|
|
|
{ 0xdaf1461b, 0xbf29, 0x4f88, \
|
|
|
|
|
{ 0x8d, 0x0e, 0x4b, 0xcd, 0xf3, 0x32, 0xc8, 0x62 } }
|
|
|
|
|
|
2012-12-14 02:53:06 +04:00
|
|
|
// This enum defines type of content that is detected when an
|
|
|
|
|
// nsMixedContentEvent fires
|
|
|
|
|
enum MixedContentTypes {
|
2012-09-17 07:49:43 +04:00
|
|
|
// "Active" content, such as fonts, plugin content, JavaScript, stylesheets,
|
|
|
|
|
// iframes, WebSockets, and XHR
|
2012-12-14 02:53:06 +04:00
|
|
|
eMixedScript,
|
2012-09-17 07:49:43 +04:00
|
|
|
// "Display" content, such as images, audio, video, and <a ping>
|
2012-12-14 02:53:06 +04:00
|
|
|
eMixedDisplay
|
2012-09-17 07:49:43 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#include "nsIContentPolicy.h"
|
2014-10-19 00:21:06 +04:00
|
|
|
#include "nsIChannel.h"
|
|
|
|
|
#include "nsIChannelEventSink.h"
|
2015-03-24 19:18:48 +03:00
|
|
|
#include "imgRequest.h"
|
2012-09-17 07:49:43 +04:00
|
|
|
|
2017-02-14 05:29:24 +03:00
|
|
|
using mozilla::OriginAttributes;
|
|
|
|
|
|
Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
2016-09-27 18:27:00 +03:00
|
|
|
class nsILoadInfo; // forward declaration
|
|
|
|
|
|
2014-10-19 00:21:06 +04:00
|
|
|
class nsMixedContentBlocker : public nsIContentPolicy,
|
|
|
|
|
public nsIChannelEventSink
|
2012-09-17 07:49:43 +04:00
|
|
|
{
|
2015-03-24 19:18:48 +03:00
|
|
|
private:
|
2014-06-25 06:09:15 +04:00
|
|
|
virtual ~nsMixedContentBlocker();
|
|
|
|
|
|
2012-09-17 07:49:43 +04:00
|
|
|
public:
|
|
|
|
|
NS_DECL_ISUPPORTS
|
|
|
|
|
NS_DECL_NSICONTENTPOLICY
|
2014-10-19 00:21:06 +04:00
|
|
|
NS_DECL_NSICHANNELEVENTSINK
|
2012-09-17 07:49:43 +04:00
|
|
|
|
|
|
|
|
nsMixedContentBlocker();
|
2015-03-24 19:18:48 +03:00
|
|
|
|
|
|
|
|
/* Static version of ShouldLoad() that contains all the Mixed Content Blocker
|
|
|
|
|
* logic. Called from non-static ShouldLoad().
|
|
|
|
|
* Called directly from imageLib when an insecure redirect exists in a cached
|
|
|
|
|
* image load.
|
|
|
|
|
* @param aHadInsecureImageRedirect
|
|
|
|
|
* boolean flag indicating that an insecure redirect through http
|
|
|
|
|
* occured when this image was initially loaded and cached.
|
|
|
|
|
* Remaining parameters are from nsIContentPolicy::ShouldLoad().
|
|
|
|
|
*/
|
|
|
|
|
static nsresult ShouldLoad(bool aHadInsecureImageRedirect,
|
|
|
|
|
uint32_t aContentType,
|
|
|
|
|
nsIURI* aContentLocation,
|
|
|
|
|
nsIURI* aRequestingLocation,
|
|
|
|
|
nsISupports* aRequestingContext,
|
|
|
|
|
const nsACString& aMimeGuess,
|
|
|
|
|
nsISupports* aExtra,
|
|
|
|
|
nsIPrincipal* aRequestPrincipal,
|
|
|
|
|
int16_t* aDecision);
|
Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
2016-09-27 18:27:00 +03:00
|
|
|
static void AccumulateMixedContentHSTS(nsIURI* aURI,
|
|
|
|
|
bool aActive,
|
2017-02-14 05:29:24 +03:00
|
|
|
bool aHasHSTSPriming,
|
|
|
|
|
const OriginAttributes& aOriginAttributes);
|
Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
2016-09-27 18:27:00 +03:00
|
|
|
/* If the document associated with aRequestingContext requires priming for
|
|
|
|
|
* aURI, propagate that to the LoadInfo so the HttpChannel will find out about
|
|
|
|
|
* it.
|
|
|
|
|
*
|
|
|
|
|
* @param aURI The URI associated with the load
|
|
|
|
|
* @param aRequestingContext the requesting context passed to ShouldLoad
|
|
|
|
|
* @param aLoadInfo the LoadInfo for the load
|
|
|
|
|
*/
|
|
|
|
|
static nsresult MarkLoadInfoForPriming(nsIURI* aURI,
|
|
|
|
|
nsISupports* aRequestingContext,
|
|
|
|
|
nsILoadInfo* aLoadInfo);
|
|
|
|
|
|
|
|
|
|
/* Given a context, return whether HSTS was marked on the document associated
|
|
|
|
|
* with the load for the given URI. This is used by MarkLoadInfoForPriming and
|
|
|
|
|
* directly by the image loader to determine whether to allow a load to occur
|
|
|
|
|
* from the cache.
|
|
|
|
|
*
|
|
|
|
|
* @param aURI The URI associated with the load
|
|
|
|
|
* @param aRequestingContext the requesting context passed to ShouldLoad
|
|
|
|
|
* @param aSendPrimingRequest out true if priming is required on the channel
|
|
|
|
|
* @param aMixedContentWouldBlock out true if mixed content would block
|
|
|
|
|
*/
|
|
|
|
|
static nsresult GetHSTSPrimingFromRequestingContext(nsIURI* aURI,
|
|
|
|
|
nsISupports* aRequestingContext,
|
|
|
|
|
bool* aSendPrimingRequest,
|
|
|
|
|
bool* aMixedContentWouldBlock);
|
|
|
|
|
|
|
|
|
|
|
2012-09-17 07:49:43 +04:00
|
|
|
static bool sBlockMixedScript;
|
|
|
|
|
static bool sBlockMixedDisplay;
|
2016-11-10 08:30:00 +03:00
|
|
|
// Do we move HSTS before mixed-content
|
Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
2016-09-27 18:27:00 +03:00
|
|
|
static bool sUseHSTS;
|
2016-11-10 08:30:00 +03:00
|
|
|
// Do we send an HSTS priming request
|
Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
2016-09-27 18:27:00 +03:00
|
|
|
static bool sSendHSTSPriming;
|
2016-11-10 08:30:00 +03:00
|
|
|
// Default HSTS Priming failure timeout in seconds
|
|
|
|
|
static uint32_t sHSTSPrimingCacheTimeout;
|
2012-09-17 07:49:43 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#endif /* nsMixedContentBlocker_h___ */
|
