2014-10-28 16:23:00 +03:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
2015-05-03 22:32:37 +03:00
|
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
2012-05-21 15:12:37 +04:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2010-10-19 20:37:03 +04:00
|
|
|
|
|
|
|
#include "ThirdPartyUtil.h"
|
2015-07-07 05:17:00 +03:00
|
|
|
#include "nsNetCID.h"
|
2010-10-19 20:37:03 +04:00
|
|
|
#include "nsNetUtil.h"
|
2015-07-07 05:17:00 +03:00
|
|
|
#include "nsIChannel.h"
|
2010-10-19 20:37:03 +04:00
|
|
|
#include "nsIServiceManager.h"
|
|
|
|
#include "nsIHttpChannelInternal.h"
|
|
|
|
#include "nsIDOMWindow.h"
|
|
|
|
#include "nsILoadContext.h"
|
|
|
|
#include "nsIPrincipal.h"
|
|
|
|
#include "nsIScriptObjectPrincipal.h"
|
2014-10-30 03:22:22 +03:00
|
|
|
#include "nsIURI.h"
|
2010-10-19 20:37:03 +04:00
|
|
|
#include "nsThreadUtils.h"
|
2015-05-19 21:15:34 +03:00
|
|
|
#include "mozilla/Logging.h"
|
2018-11-24 03:49:03 +03:00
|
|
|
#include "mozilla/Unused.h"
|
2016-10-15 04:46:26 +03:00
|
|
|
#include "nsPIDOMWindow.h"
|
2010-10-19 20:37:03 +04:00
|
|
|
|
2014-04-27 11:06:00 +04:00
|
|
|
NS_IMPL_ISUPPORTS(ThirdPartyUtil, mozIThirdPartyUtil)
|
2010-10-19 20:37:03 +04:00
|
|
|
|
2014-10-30 03:22:22 +03:00
|
|
|
//
|
2016-05-26 21:08:47 +03:00
|
|
|
// MOZ_LOG=thirdPartyUtil:5
|
2014-10-30 03:22:22 +03:00
|
|
|
//
|
2015-11-23 22:09:25 +03:00
|
|
|
static mozilla::LazyLogModule gThirdPartyLog("thirdPartyUtil");
|
2014-10-30 03:22:22 +03:00
|
|
|
#undef LOG
|
2015-06-04 01:25:57 +03:00
|
|
|
#define LOG(args) MOZ_LOG(gThirdPartyLog, mozilla::LogLevel::Debug, args)
|
2014-10-30 03:22:22 +03:00
|
|
|
|
2010-10-19 20:37:03 +04:00
|
|
|
nsresult ThirdPartyUtil::Init() {
|
|
|
|
NS_ENSURE_TRUE(NS_IsMainThread(), NS_ERROR_NOT_AVAILABLE);
|
|
|
|
|
|
|
|
nsresult rv;
|
|
|
|
mTLDService = do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID, &rv);
|
2014-10-30 03:22:22 +03:00
|
|
|
|
2010-10-19 20:37:03 +04:00
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Determine if aFirstDomain is a different base domain to aSecondURI; or, if
|
|
|
|
// the concept of base domain does not apply, determine if the two hosts are not
|
|
|
|
// string-identical.
|
|
|
|
nsresult ThirdPartyUtil::IsThirdPartyInternal(const nsCString& aFirstDomain,
|
|
|
|
nsIURI* aSecondURI,
|
2011-09-29 10:19:26 +04:00
|
|
|
bool* aResult) {
|
2015-12-04 23:01:43 +03:00
|
|
|
if (!aSecondURI) {
|
|
|
|
return NS_ERROR_INVALID_ARG;
|
|
|
|
}
|
2010-10-19 20:37:03 +04:00
|
|
|
|
|
|
|
// Get the base domain for aSecondURI.
|
|
|
|
nsCString secondDomain;
|
|
|
|
nsresult rv = GetBaseDomain(aSecondURI, secondDomain);
|
2015-03-31 23:18:38 +03:00
|
|
|
LOG(("ThirdPartyUtil::IsThirdPartyInternal %s =? %s", aFirstDomain.get(),
|
|
|
|
secondDomain.get()));
|
2010-10-19 20:37:03 +04:00
|
|
|
if (NS_FAILED(rv)) return rv;
|
|
|
|
|
|
|
|
// Check strict equality.
|
|
|
|
*aResult = aFirstDomain != secondDomain;
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get the URI associated with a window.
|
2014-08-09 00:52:28 +04:00
|
|
|
NS_IMETHODIMP
|
2016-01-30 20:05:36 +03:00
|
|
|
ThirdPartyUtil::GetURIFromWindow(mozIDOMWindowProxy* aWin, nsIURI** result) {
|
2014-08-09 00:52:28 +04:00
|
|
|
nsresult rv;
|
2010-10-19 20:37:03 +04:00
|
|
|
nsCOMPtr<nsIScriptObjectPrincipal> scriptObjPrin = do_QueryInterface(aWin);
|
2014-08-09 00:52:28 +04:00
|
|
|
if (!scriptObjPrin) {
|
|
|
|
return NS_ERROR_INVALID_ARG;
|
|
|
|
}
|
2010-10-19 20:37:03 +04:00
|
|
|
|
|
|
|
nsIPrincipal* prin = scriptObjPrin->GetPrincipal();
|
2014-08-09 00:52:28 +04:00
|
|
|
if (!prin) {
|
|
|
|
return NS_ERROR_INVALID_ARG;
|
|
|
|
}
|
2010-10-19 20:37:03 +04:00
|
|
|
|
2014-10-30 03:22:22 +03:00
|
|
|
if (prin->GetIsNullPrincipal()) {
|
|
|
|
LOG(("ThirdPartyUtil::GetURIFromWindow can't use null principal\n"));
|
|
|
|
return NS_ERROR_INVALID_ARG;
|
|
|
|
}
|
|
|
|
|
2014-08-09 00:52:28 +04:00
|
|
|
rv = prin->GetURI(result);
|
|
|
|
return rv;
|
2010-10-19 20:37:03 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
// Determine if aFirstURI is third party with respect to aSecondURI. See docs
|
|
|
|
// for mozIThirdPartyUtil.
|
|
|
|
NS_IMETHODIMP
|
|
|
|
ThirdPartyUtil::IsThirdPartyURI(nsIURI* aFirstURI, nsIURI* aSecondURI,
|
2011-09-29 10:19:26 +04:00
|
|
|
bool* aResult) {
|
2010-10-19 20:37:03 +04:00
|
|
|
NS_ENSURE_ARG(aFirstURI);
|
|
|
|
NS_ENSURE_ARG(aSecondURI);
|
|
|
|
NS_ASSERTION(aResult, "null outparam pointer");
|
|
|
|
|
|
|
|
nsCString firstHost;
|
|
|
|
nsresult rv = GetBaseDomain(aFirstURI, firstHost);
|
|
|
|
if (NS_FAILED(rv)) return rv;
|
|
|
|
|
|
|
|
return IsThirdPartyInternal(firstHost, aSecondURI, aResult);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Determine if any URI of the window hierarchy of aWindow is foreign with
|
|
|
|
// respect to aSecondURI. See docs for mozIThirdPartyUtil.
|
|
|
|
NS_IMETHODIMP
|
2016-01-30 20:05:36 +03:00
|
|
|
ThirdPartyUtil::IsThirdPartyWindow(mozIDOMWindowProxy* aWindow, nsIURI* aURI,
|
2011-09-29 10:19:26 +04:00
|
|
|
bool* aResult) {
|
2010-10-19 20:37:03 +04:00
|
|
|
NS_ENSURE_ARG(aWindow);
|
|
|
|
NS_ASSERTION(aResult, "null outparam pointer");
|
|
|
|
|
2011-09-29 10:19:26 +04:00
|
|
|
bool result;
|
2010-10-19 20:37:03 +04:00
|
|
|
|
|
|
|
// Get the URI of the window, and its base domain.
|
2014-08-09 00:52:28 +04:00
|
|
|
nsresult rv;
|
|
|
|
nsCOMPtr<nsIURI> currentURI;
|
|
|
|
rv = GetURIFromWindow(aWindow, getter_AddRefs(currentURI));
|
2016-09-29 22:46:14 +03:00
|
|
|
if (NS_FAILED(rv)) return rv;
|
2010-10-19 20:37:03 +04:00
|
|
|
|
|
|
|
nsCString bottomDomain;
|
2014-08-09 00:52:28 +04:00
|
|
|
rv = GetBaseDomain(currentURI, bottomDomain);
|
2010-10-19 20:37:03 +04:00
|
|
|
if (NS_FAILED(rv)) return rv;
|
|
|
|
|
|
|
|
if (aURI) {
|
|
|
|
// Determine whether aURI is foreign with respect to currentURI.
|
|
|
|
rv = IsThirdPartyInternal(bottomDomain, aURI, &result);
|
|
|
|
if (NS_FAILED(rv)) return rv;
|
|
|
|
|
|
|
|
if (result) {
|
|
|
|
*aResult = true;
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-01-30 20:05:36 +03:00
|
|
|
nsCOMPtr<nsPIDOMWindowOuter> current = nsPIDOMWindowOuter::From(aWindow),
|
|
|
|
parent;
|
2010-10-19 20:37:03 +04:00
|
|
|
nsCOMPtr<nsIURI> parentURI;
|
|
|
|
do {
|
2012-11-10 22:32:37 +04:00
|
|
|
// We use GetScriptableParent rather than GetParent because we consider
|
2016-10-15 04:46:26 +03:00
|
|
|
// <iframe mozbrowser> to be a top-level frame.
|
2015-10-27 00:37:32 +03:00
|
|
|
parent = current->GetScriptableParent();
|
2010-10-19 20:37:03 +04:00
|
|
|
if (SameCOMIdentity(parent, current)) {
|
|
|
|
// We're at the topmost content window. We already know the answer.
|
|
|
|
*aResult = false;
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2014-08-09 00:52:28 +04:00
|
|
|
rv = GetURIFromWindow(parent, getter_AddRefs(parentURI));
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
2010-10-19 20:37:03 +04:00
|
|
|
|
|
|
|
rv = IsThirdPartyInternal(bottomDomain, parentURI, &result);
|
|
|
|
if (NS_FAILED(rv)) return rv;
|
|
|
|
|
|
|
|
if (result) {
|
|
|
|
*aResult = true;
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
current = parent;
|
|
|
|
currentURI = parentURI;
|
|
|
|
} while (1);
|
|
|
|
|
2018-06-18 08:43:11 +03:00
|
|
|
MOZ_ASSERT_UNREACHABLE("should've returned");
|
2010-10-19 20:37:03 +04:00
|
|
|
return NS_ERROR_UNEXPECTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Determine if the URI associated with aChannel or any URI of the window
|
|
|
|
// hierarchy associated with the channel is foreign with respect to aSecondURI.
|
|
|
|
// See docs for mozIThirdPartyUtil.
|
2017-07-06 15:00:35 +03:00
|
|
|
NS_IMETHODIMP
|
2010-10-19 20:37:03 +04:00
|
|
|
ThirdPartyUtil::IsThirdPartyChannel(nsIChannel* aChannel, nsIURI* aURI,
|
2011-09-29 10:19:26 +04:00
|
|
|
bool* aResult) {
|
2015-03-31 23:18:38 +03:00
|
|
|
LOG(("ThirdPartyUtil::IsThirdPartyChannel [channel=%p]", aChannel));
|
2010-10-19 20:37:03 +04:00
|
|
|
NS_ENSURE_ARG(aChannel);
|
|
|
|
NS_ASSERTION(aResult, "null outparam pointer");
|
|
|
|
|
|
|
|
nsresult rv;
|
2011-09-29 10:19:26 +04:00
|
|
|
bool doForce = false;
|
2010-10-19 20:37:03 +04:00
|
|
|
nsCOMPtr<nsIHttpChannelInternal> httpChannelInternal =
|
|
|
|
do_QueryInterface(aChannel);
|
|
|
|
if (httpChannelInternal) {
|
2018-11-24 03:49:03 +03:00
|
|
|
uint32_t flags = 0;
|
|
|
|
// Avoid checking the return value here since some channel implementations
|
|
|
|
// may return NS_ERROR_NOT_IMPLEMENTED.
|
|
|
|
mozilla::Unused << httpChannelInternal->GetThirdPartyFlags(&flags);
|
2010-10-19 20:37:03 +04:00
|
|
|
|
2014-10-28 16:23:00 +03:00
|
|
|
doForce = (flags & nsIHttpChannelInternal::THIRD_PARTY_FORCE_ALLOW);
|
|
|
|
|
2010-10-19 20:37:03 +04:00
|
|
|
// If aURI was not supplied, and we're forcing, then we're by definition
|
|
|
|
// not foreign. If aURI was supplied, we still want to check whether it's
|
|
|
|
// foreign with respect to the channel URI. (The forcing only applies to
|
|
|
|
// whatever window hierarchy exists above the channel.)
|
|
|
|
if (doForce && !aURI) {
|
|
|
|
*aResult = false;
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-12-01 00:25:29 +03:00
|
|
|
bool parentIsThird = false;
|
|
|
|
|
2010-10-19 20:37:03 +04:00
|
|
|
// Obtain the URI from the channel, and its base domain.
|
|
|
|
nsCOMPtr<nsIURI> channelURI;
|
2015-12-01 00:25:29 +03:00
|
|
|
rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(channelURI));
|
|
|
|
if (NS_FAILED(rv)) return rv;
|
2010-10-19 20:37:03 +04:00
|
|
|
|
|
|
|
nsCString channelDomain;
|
|
|
|
rv = GetBaseDomain(channelURI, channelDomain);
|
|
|
|
if (NS_FAILED(rv)) return rv;
|
|
|
|
|
2015-12-01 00:25:29 +03:00
|
|
|
if (!doForce) {
|
|
|
|
if (nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo()) {
|
|
|
|
parentIsThird = loadInfo->GetIsInThirdPartyContext();
|
|
|
|
if (!parentIsThird && loadInfo->GetExternalContentPolicyType() !=
|
|
|
|
nsIContentPolicy::TYPE_DOCUMENT) {
|
|
|
|
// Check if the channel itself is third-party to its own requestor.
|
|
|
|
// Unforunately, we have to go through the loading principal.
|
|
|
|
nsCOMPtr<nsIURI> parentURI;
|
2018-11-24 03:49:03 +03:00
|
|
|
rv = loadInfo->LoadingPrincipal()->GetURI(getter_AddRefs(parentURI));
|
|
|
|
if (NS_SUCCEEDED(rv) && parentURI) {
|
|
|
|
// We may have a principal like the system principal here which does
|
|
|
|
// not have a URI.
|
|
|
|
rv = IsThirdPartyInternal(channelDomain, parentURI, &parentIsThird);
|
|
|
|
if (NS_FAILED(rv)) {
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
} else {
|
2019-01-30 18:26:52 +03:00
|
|
|
// Found a principal with no URI, assuming third-party request
|
2018-11-24 03:49:03 +03:00
|
|
|
parentIsThird = true;
|
|
|
|
}
|
2015-12-01 00:25:29 +03:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
NS_WARNING(
|
|
|
|
"Found channel with no loadinfo, assuming third-party request");
|
|
|
|
parentIsThird = true;
|
2010-10-19 20:37:03 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-12-01 00:25:29 +03:00
|
|
|
// If we're not comparing to a URI, we have our answer. Otherwise, if
|
|
|
|
// parentIsThird, we're not forcing and we know that we're a third-party
|
|
|
|
// request.
|
|
|
|
if (!aURI || parentIsThird) {
|
2014-10-28 16:23:00 +03:00
|
|
|
*aResult = parentIsThird;
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2015-12-01 00:25:29 +03:00
|
|
|
// Determine whether aURI is foreign with respect to channelURI.
|
|
|
|
return IsThirdPartyInternal(channelDomain, aURI, aResult);
|
2010-10-19 20:37:03 +04:00
|
|
|
}
|
|
|
|
|
2014-08-09 00:52:28 +04:00
|
|
|
NS_IMETHODIMP
|
2016-01-30 20:05:36 +03:00
|
|
|
ThirdPartyUtil::GetTopWindowForChannel(nsIChannel* aChannel,
|
2019-01-23 17:55:49 +03:00
|
|
|
nsIURI* aURIBeingLoaded,
|
2016-01-30 20:05:36 +03:00
|
|
|
mozIDOMWindowProxy** aWin) {
|
2014-08-09 00:52:28 +04:00
|
|
|
NS_ENSURE_ARG(aWin);
|
|
|
|
|
|
|
|
// Find the associated window and its parent window.
|
|
|
|
nsCOMPtr<nsILoadContext> ctx;
|
|
|
|
NS_QueryNotificationCallbacks(aChannel, ctx);
|
|
|
|
if (!ctx) {
|
|
|
|
return NS_ERROR_INVALID_ARG;
|
|
|
|
}
|
|
|
|
|
2016-01-30 20:05:36 +03:00
|
|
|
nsCOMPtr<mozIDOMWindowProxy> window;
|
2015-10-27 00:37:32 +03:00
|
|
|
ctx->GetAssociatedWindow(getter_AddRefs(window));
|
2016-01-30 20:05:36 +03:00
|
|
|
if (!window) {
|
2014-08-09 00:52:28 +04:00
|
|
|
return NS_ERROR_INVALID_ARG;
|
|
|
|
}
|
2016-01-30 20:05:36 +03:00
|
|
|
|
2019-01-23 17:55:49 +03:00
|
|
|
nsCOMPtr<nsPIDOMWindowOuter> top =
|
|
|
|
nsGlobalWindowOuter::Cast(window)
|
|
|
|
->GetTopExcludingExtensionAccessibleContentFrames(aURIBeingLoaded);
|
2015-10-27 00:37:32 +03:00
|
|
|
top.forget(aWin);
|
|
|
|
return NS_OK;
|
2014-08-09 00:52:28 +04:00
|
|
|
}
|
|
|
|
|
2011-10-14 01:45:22 +04:00
|
|
|
// Get the base domain for aHostURI; e.g. for "www.bbc.co.uk", this would be
|
|
|
|
// "bbc.co.uk". Only properly-formed URI's are tolerated, though a trailing
|
|
|
|
// dot may be present. If aHostURI is an IP address, an alias such as
|
|
|
|
// 'localhost', an eTLD such as 'co.uk', or the empty string, aBaseDomain will
|
|
|
|
// be the exact host. The result of this function should only be used in exact
|
|
|
|
// string comparisons, since substring comparisons will not be valid for the
|
|
|
|
// special cases elided above.
|
|
|
|
NS_IMETHODIMP
|
|
|
|
ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI, nsACString& aBaseDomain) {
|
2015-07-23 21:02:45 +03:00
|
|
|
if (!aHostURI) {
|
|
|
|
return NS_ERROR_INVALID_ARG;
|
|
|
|
}
|
|
|
|
|
2011-10-14 01:45:22 +04:00
|
|
|
// Get the base domain. this will fail if the host contains a leading dot,
|
|
|
|
// more than one trailing dot, or is otherwise malformed.
|
|
|
|
nsresult rv = mTLDService->GetBaseDomain(aHostURI, 0, aBaseDomain);
|
|
|
|
if (rv == NS_ERROR_HOST_IS_IP_ADDRESS ||
|
|
|
|
rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) {
|
|
|
|
// aHostURI is either an IP address, an alias such as 'localhost', an eTLD
|
|
|
|
// such as 'co.uk', or the empty string. Uses the normalized host in such
|
|
|
|
// cases.
|
|
|
|
rv = aHostURI->GetAsciiHost(aBaseDomain);
|
|
|
|
}
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
|
|
|
|
// aHostURI (and thus aBaseDomain) may be the string '.'. If so, fail.
|
|
|
|
if (aBaseDomain.Length() == 1 && aBaseDomain.Last() == '.')
|
|
|
|
return NS_ERROR_INVALID_ARG;
|
|
|
|
|
|
|
|
// Reject any URIs without a host that aren't file:// URIs. This makes it the
|
|
|
|
// only way we can get a base domain consisting of the empty string, which
|
|
|
|
// means we can safely perform foreign tests on such URIs where "not foreign"
|
|
|
|
// means "the involved URIs are all file://".
|
|
|
|
if (aBaseDomain.IsEmpty()) {
|
|
|
|
bool isFileURI = false;
|
|
|
|
aHostURI->SchemeIs("file", &isFileURI);
|
2015-07-23 21:03:25 +03:00
|
|
|
if (!isFileURI) {
|
|
|
|
return NS_ERROR_INVALID_ARG;
|
|
|
|
}
|
2011-10-14 01:45:22 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
return NS_OK;
|
|
|
|
}
|