diff --git a/caps/BasePrincipal.cpp b/caps/BasePrincipal.cpp index 4425e17f9110..c668a19088dc 100644 --- a/caps/BasePrincipal.cpp +++ b/caps/BasePrincipal.cpp @@ -24,6 +24,7 @@ #include "mozilla/dom/BlobURLProtocolHandler.h" #include "mozilla/dom/ChromeUtils.h" #include "mozilla/dom/ToJSValue.h" +#include "mozilla/dom/nsMixedContentBlocker.h" #include "json/json.h" #include "nsSerializationHelper.h" @@ -500,6 +501,21 @@ BasePrincipal::IsURIInPrefList(const char* aPref, bool* aResult) { return NS_OK; } +NS_IMETHODIMP +BasePrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) { + MOZ_ASSERT(NS_IsMainThread()); + *aResult = false; + + nsCOMPtr uri; + nsresult rv = GetURI(getter_AddRefs(uri)); + if (NS_FAILED(rv) || !uri) { + return NS_OK; + } + + *aResult = nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(uri); + return NS_OK; +} + NS_IMETHODIMP BasePrincipal::GetAboutModuleFlags(uint32_t* flags) { *flags = 0; diff --git a/caps/BasePrincipal.h b/caps/BasePrincipal.h index 68b815257c08..0521500e8f75 100644 --- a/caps/BasePrincipal.h +++ b/caps/BasePrincipal.h @@ -133,6 +133,7 @@ class BasePrincipal : public nsJSPrincipals { NS_IMETHOD GetSiteOrigin(nsACString& aOrigin) override; NS_IMETHOD IsThirdPartyURI(nsIURI* uri, bool* aRes) override; NS_IMETHOD IsThirdPartyPrincipal(nsIPrincipal* uri, bool* aRes) override; + NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override; nsresult ToJSON(nsACString& aJSON); static already_AddRefed FromJSON(const nsACString& aJSON); diff --git a/caps/NullPrincipal.cpp b/caps/NullPrincipal.cpp index ca29d12e3257..cf3d9468bb26 100644 --- a/caps/NullPrincipal.cpp +++ b/caps/NullPrincipal.cpp @@ -136,6 +136,11 @@ NullPrincipal::GetURI(nsIURI** aURI) { uri.forget(aURI); return NS_OK; } +NS_IMETHODIMP +NullPrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) { + *aResult = false; + return NS_OK; +} NS_IMETHODIMP NullPrincipal::GetDomain(nsIURI** aDomain) { diff --git a/caps/NullPrincipal.h b/caps/NullPrincipal.h index ec023c5a5c2e..0196716eb7a4 100644 --- a/caps/NullPrincipal.h +++ b/caps/NullPrincipal.h @@ -51,6 +51,7 @@ class NullPrincipal final : public BasePrincipal { NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override; uint32_t GetHashValue() override; NS_IMETHOD GetURI(nsIURI** aURI) override; + NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override; NS_IMETHOD GetDomain(nsIURI** aDomain) override; NS_IMETHOD SetDomain(nsIURI* aDomain) override; NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override; diff --git a/caps/SystemPrincipal.cpp b/caps/SystemPrincipal.cpp index cb9c5aca97ef..b5c3c9337013 100644 --- a/caps/SystemPrincipal.cpp +++ b/caps/SystemPrincipal.cpp @@ -51,6 +51,12 @@ SystemPrincipal::GetURI(nsIURI** aURI) { return NS_OK; } +NS_IMETHODIMP +SystemPrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) { + *aResult = true; + return NS_OK; +} + NS_IMETHODIMP SystemPrincipal::GetDomain(nsIURI** aDomain) { *aDomain = nullptr; diff --git a/caps/SystemPrincipal.h b/caps/SystemPrincipal.h index 63bbf692b625..4853632f348b 100644 --- a/caps/SystemPrincipal.h +++ b/caps/SystemPrincipal.h @@ -44,6 +44,7 @@ class SystemPrincipal final : public BasePrincipal { NS_IMETHOD SetDomain(nsIURI* aDomain) override; NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override; NS_IMETHOD GetAddonId(nsAString& aAddonId) override; + NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override; virtual nsresult GetScriptLocation(nsACString& aStr) override; diff --git a/caps/nsIPrincipal.idl b/caps/nsIPrincipal.idl index 2a8d3a34d9a3..3d4ce3859e00 100644 --- a/caps/nsIPrincipal.idl +++ b/caps/nsIPrincipal.idl @@ -237,6 +237,18 @@ interface nsIPrincipal : nsISerializable */ bool IsURIInPrefList(in string pref); + /** + * Implementation of + * https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy + * + * The value returned by this method feeds into the the Secure Context + * algorithm that determins the value of Window.isSecureContext and + * WorkerGlobalScope.isSecureContext. + * + * This method returns false instead of throwing upon errors. + */ + readonly attribute bool IsOriginPotentiallyTrustworthy; + /** * Returns the Flags of the Principals * associated AboutModule, in case there is one. diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp index 6db99a516770..b46c9ea7780f 100644 --- a/dom/base/nsContentUtils.cpp +++ b/dom/base/nsContentUtils.cpp @@ -8886,18 +8886,9 @@ bool nsContentUtils::HttpsStateIsModern(Document* aDocument) { MOZ_ASSERT(principal->GetIsContentPrincipal()); - nsCOMPtr csm = - do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID); - NS_WARNING_ASSERTION(csm, "csm is null"); - if (csm) { - bool isTrustworthyOrigin = false; - csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin); - if (isTrustworthyOrigin) { - return true; - } - } - - return false; + bool isTrustworthyOrigin = false; + principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin); + return isTrustworthyOrigin; } /* static */ @@ -8927,15 +8918,9 @@ bool nsContentUtils::ComputeIsSecureContext(nsIChannel* aChannel) { return false; } - nsCOMPtr csm = - do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID); - NS_WARNING_ASSERTION(csm, "csm is null"); - if (csm) { - bool isTrustworthyOrigin = false; - csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin); - return isTrustworthyOrigin; - } - return true; + bool isTrustworthyOrigin = false; + principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin); + return isTrustworthyOrigin; } /* static */ diff --git a/dom/base/nsGlobalWindowOuter.cpp b/dom/base/nsGlobalWindowOuter.cpp index 6b07e6d409b3..c6d96ac91072 100644 --- a/dom/base/nsGlobalWindowOuter.cpp +++ b/dom/base/nsGlobalWindowOuter.cpp @@ -1699,18 +1699,9 @@ bool nsGlobalWindowOuter::ComputeIsSecureContext(Document* aDocument, } } - nsCOMPtr csm = - do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID); - NS_WARNING_ASSERTION(csm, "csm is null"); - if (csm) { - bool isTrustworthyOrigin = false; - csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin); - if (isTrustworthyOrigin) { - return true; - } - } - - return false; + bool isTrustworthyOrigin = false; + principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin); + return isTrustworthyOrigin; } // We need certain special behavior for remote XUL whitelisted domains, but we diff --git a/dom/interfaces/security/nsIContentSecurityManager.idl b/dom/interfaces/security/nsIContentSecurityManager.idl index 1a1c91021751..5cd2feffad19 100644 --- a/dom/interfaces/security/nsIContentSecurityManager.idl +++ b/dom/interfaces/security/nsIContentSecurityManager.idl @@ -42,15 +42,4 @@ interface nsIContentSecurityManager : nsISupports nsIStreamListener performSecurityCheck(in nsIChannel aChannel, in nsIStreamListener aStreamListener); - /** - * Implementation of - * https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy - * - * The value returned by this method feeds into the the Secure Context - * algorithm that determins the value of Window.isSecureContext and - * WorkerGlobalScope.isSecureContext. - * - * This method returns false instead of throwing upon errors. - */ - boolean isOriginPotentiallyTrustworthy(in nsIPrincipal aPrincipal); }; diff --git a/dom/presentation/PresentationRequest.cpp b/dom/presentation/PresentationRequest.cpp index fd2f1fc08851..fd0c887429dd 100644 --- a/dom/presentation/PresentationRequest.cpp +++ b/dom/presentation/PresentationRequest.cpp @@ -509,14 +509,8 @@ bool PresentationRequest::IsPrioriAuthenticatedURL(const nsAString& aUrl) { return false; } - nsCOMPtr csm = - do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID); - if (NS_WARN_IF(!csm)) { - return false; - } - bool isTrustworthyOrigin = false; - csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin); + principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin); return isTrustworthyOrigin; } diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp index 7dcc6332477e..0ad318054139 100644 --- a/dom/security/nsContentSecurityManager.cpp +++ b/dom/security/nsContentSecurityManager.cpp @@ -1059,30 +1059,3 @@ nsContentSecurityManager::PerformSecurityCheck( inAndOutListener.forget(outStreamListener); return NS_OK; } - -NS_IMETHODIMP -nsContentSecurityManager::IsOriginPotentiallyTrustworthy( - nsIPrincipal* aPrincipal, bool* aIsTrustWorthy) { - MOZ_ASSERT(NS_IsMainThread()); - NS_ENSURE_ARG_POINTER(aPrincipal); - NS_ENSURE_ARG_POINTER(aIsTrustWorthy); - - if (aPrincipal->IsSystemPrincipal()) { - *aIsTrustWorthy = true; - return NS_OK; - } - *aIsTrustWorthy = false; - if (aPrincipal->GetIsNullPrincipal()) { - return NS_OK; - } - - MOZ_ASSERT(aPrincipal->GetIsContentPrincipal(), - "Nobody is expected to call us with an nsIExpandedPrincipal"); - - nsCOMPtr uri; - nsresult rv = aPrincipal->GetURI(getter_AddRefs(uri)); - NS_ENSURE_SUCCESS(rv, rv); - *aIsTrustWorthy = nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(uri); - - return NS_OK; -} diff --git a/dom/security/test/gtest/TestSecureContext.cpp b/dom/security/test/gtest/TestSecureContext.cpp index fa6678dc9396..f971963d9e7d 100644 --- a/dom/security/test/gtest/TestSecureContext.cpp +++ b/dom/security/test/gtest/TestSecureContext.cpp @@ -70,8 +70,7 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithContentPrincipal) rv = nsScriptSecurityManager::GetScriptSecurityManager() ->CreateContentPrincipalFromOrigin(uri, getter_AddRefs(prin)); bool isPotentiallyTrustworthy = false; - rv = csManager->IsOriginPotentiallyTrustworthy(prin, - &isPotentiallyTrustworthy); + rv = prin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy); ASSERT_EQ(NS_OK, rv); ASSERT_EQ(isPotentiallyTrustworthy, uris[i].expectedResult); } @@ -82,14 +81,10 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithSystemPrincipal) RefPtr ssManager = nsScriptSecurityManager::GetScriptSecurityManager(); ASSERT_TRUE(!!ssManager); - nsCOMPtr csManager = - do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID); - ASSERT_TRUE(!!csManager); - nsCOMPtr sysPrin = nsContentUtils::GetSystemPrincipal(); bool isPotentiallyTrustworthy; - nsresult rv = csManager->IsOriginPotentiallyTrustworthy( - sysPrin, &isPotentiallyTrustworthy); + nsresult rv = + sysPrin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy); ASSERT_EQ(rv, NS_OK); ASSERT_TRUE(isPotentiallyTrustworthy); } @@ -99,15 +94,12 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithNullPrincipal) RefPtr ssManager = nsScriptSecurityManager::GetScriptSecurityManager(); ASSERT_TRUE(!!ssManager); - nsCOMPtr csManager = - do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID); - ASSERT_TRUE(!!csManager); RefPtr nullPrin = NullPrincipal::CreateWithoutOriginAttributes(); bool isPotentiallyTrustworthy; - nsresult rv = csManager->IsOriginPotentiallyTrustworthy( - nullPrin, &isPotentiallyTrustworthy); + nsresult rv = + nullPrin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy); ASSERT_EQ(rv, NS_OK); ASSERT_TRUE(!isPotentiallyTrustworthy); } diff --git a/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js index e5bc3f7dcb87..b88c6ed83048 100644 --- a/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js +++ b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js @@ -49,18 +49,12 @@ add_task(async function test_isOriginPotentiallyTrustworthy() { ]) { let uri = NetUtil.newURI(uriSpec); let principal = gScriptSecurityManager.createContentPrincipal(uri, {}); - Assert.equal( - gContentSecurityManager.isOriginPotentiallyTrustworthy(principal), - expectedResult - ); + Assert.equal(principal.IsOriginPotentiallyTrustworthy, expectedResult); } // And now let's test whether .onion sites are properly treated when // whitelisted, see bug 1382359. Services.prefs.setBoolPref("dom.securecontext.whitelist_onions", true); let uri = NetUtil.newURI("http://1234567890abcdef.onion/"); let principal = gScriptSecurityManager.createContentPrincipal(uri, {}); - Assert.equal( - gContentSecurityManager.isOriginPotentiallyTrustworthy(principal), - true - ); + Assert.equal(principal.IsOriginPotentiallyTrustworthy, true); }); diff --git a/toolkit/components/clearsitedata/ClearSiteData.cpp b/toolkit/components/clearsitedata/ClearSiteData.cpp index e056648b7468..e2760fc83265 100644 --- a/toolkit/components/clearsitedata/ClearSiteData.cpp +++ b/toolkit/components/clearsitedata/ClearSiteData.cpp @@ -162,11 +162,8 @@ void ClearSiteData::ClearDataFromChannel(nsIHttpChannel* aChannel) { return; } - nsCOMPtr csm = - do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID); - bool secure; - rv = csm->IsOriginPotentiallyTrustworthy(principal, &secure); + rv = principal->GetIsOriginPotentiallyTrustworthy(&secure); if (NS_WARN_IF(NS_FAILED(rv)) || !secure) { return; } diff --git a/toolkit/components/extensions/test/xpcshell/test_ext_trustworthy_origin.js b/toolkit/components/extensions/test/xpcshell/test_ext_trustworthy_origin.js index 0c6dd0b6f393..18a92a350969 100644 --- a/toolkit/components/extensions/test/xpcshell/test_ext_trustworthy_origin.js +++ b/toolkit/components/extensions/test/xpcshell/test_ext_trustworthy_origin.js @@ -6,16 +6,13 @@ add_task( function test_isOriginPotentiallyTrustworthnsIContentSecurityManagery() { - let contentSecManager = Cc[ - "@mozilla.org/contentsecuritymanager;1" - ].getService(Ci.nsIContentSecurityManager); let uri = NetUtil.newURI("moz-extension://foobar/something.html"); let principal = Services.scriptSecurityManager.createContentPrincipal( uri, {} ); Assert.equal( - contentSecManager.isOriginPotentiallyTrustworthy(principal), + principal.IsOriginPotentiallyTrustworthy, true, "it is potentially trustworthy" ); diff --git a/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm b/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm index 67ae38b85489..9d241728814c 100644 --- a/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm +++ b/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm @@ -100,7 +100,7 @@ this.InsecurePasswordUtils = { if (uri.schemeIs("http")) { isFormSubmitHTTP = true; if ( - gContentSecurityManager.isOriginPotentiallyTrustworthy(principal) || + principal.IsOriginPotentiallyTrustworthy || // Ignore sites with local IP addresses pointing to local forms. (this._isPrincipalForLocalIPAddress( aForm.rootElement.nodePrincipal