зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1597704 - Move is OriginPotentially Trustworthy into Principal r=ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D53830 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
0ab8b21981
Коммит
a22a53ebb2
|
@ -24,6 +24,7 @@
|
||||||
#include "mozilla/dom/BlobURLProtocolHandler.h"
|
#include "mozilla/dom/BlobURLProtocolHandler.h"
|
||||||
#include "mozilla/dom/ChromeUtils.h"
|
#include "mozilla/dom/ChromeUtils.h"
|
||||||
#include "mozilla/dom/ToJSValue.h"
|
#include "mozilla/dom/ToJSValue.h"
|
||||||
|
#include "mozilla/dom/nsMixedContentBlocker.h"
|
||||||
|
|
||||||
#include "json/json.h"
|
#include "json/json.h"
|
||||||
#include "nsSerializationHelper.h"
|
#include "nsSerializationHelper.h"
|
||||||
|
@ -470,6 +471,21 @@ BasePrincipal::IsURIInPrefList(const char* aPref, bool* aResult) {
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
NS_IMETHODIMP
|
||||||
|
BasePrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) {
|
||||||
|
MOZ_ASSERT(NS_IsMainThread());
|
||||||
|
*aResult = false;
|
||||||
|
|
||||||
|
nsCOMPtr<nsIURI> uri;
|
||||||
|
nsresult rv = GetURI(getter_AddRefs(uri));
|
||||||
|
if (NS_FAILED(rv) || !uri) {
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
*aResult = nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(uri);
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
BasePrincipal::GetAboutModuleFlags(uint32_t* flags) {
|
BasePrincipal::GetAboutModuleFlags(uint32_t* flags) {
|
||||||
*flags = 0;
|
*flags = 0;
|
||||||
|
|
|
@ -131,6 +131,7 @@ class BasePrincipal : public nsJSPrincipals {
|
||||||
NS_IMETHOD GetSiteOrigin(nsACString& aOrigin) override;
|
NS_IMETHOD GetSiteOrigin(nsACString& aOrigin) override;
|
||||||
NS_IMETHOD IsThirdPartyURI(nsIURI* uri, bool* aRes) override;
|
NS_IMETHOD IsThirdPartyURI(nsIURI* uri, bool* aRes) override;
|
||||||
NS_IMETHOD IsThirdPartyPrincipal(nsIPrincipal* uri, bool* aRes) override;
|
NS_IMETHOD IsThirdPartyPrincipal(nsIPrincipal* uri, bool* aRes) override;
|
||||||
|
NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override;
|
||||||
|
|
||||||
nsresult ToJSON(nsACString& aJSON);
|
nsresult ToJSON(nsACString& aJSON);
|
||||||
static already_AddRefed<BasePrincipal> FromJSON(const nsACString& aJSON);
|
static already_AddRefed<BasePrincipal> FromJSON(const nsACString& aJSON);
|
||||||
|
|
|
@ -141,6 +141,11 @@ NullPrincipal::GetURI(nsIURI** aURI) {
|
||||||
uri.forget(aURI);
|
uri.forget(aURI);
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
NS_IMETHODIMP
|
||||||
|
NullPrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) {
|
||||||
|
*aResult = false;
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
NullPrincipal::GetDomain(nsIURI** aDomain) {
|
NullPrincipal::GetDomain(nsIURI** aDomain) {
|
||||||
|
|
|
@ -51,6 +51,7 @@ class NullPrincipal final : public BasePrincipal {
|
||||||
NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override;
|
NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override;
|
||||||
uint32_t GetHashValue() override;
|
uint32_t GetHashValue() override;
|
||||||
NS_IMETHOD GetURI(nsIURI** aURI) override;
|
NS_IMETHOD GetURI(nsIURI** aURI) override;
|
||||||
|
NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override;
|
||||||
NS_IMETHOD GetDomain(nsIURI** aDomain) override;
|
NS_IMETHOD GetDomain(nsIURI** aDomain) override;
|
||||||
NS_IMETHOD SetDomain(nsIURI* aDomain) override;
|
NS_IMETHOD SetDomain(nsIURI* aDomain) override;
|
||||||
NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
|
NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
|
||||||
|
|
|
@ -51,6 +51,12 @@ SystemPrincipal::GetURI(nsIURI** aURI) {
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
NS_IMETHODIMP
|
||||||
|
SystemPrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) {
|
||||||
|
*aResult = true;
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
SystemPrincipal::GetDomain(nsIURI** aDomain) {
|
SystemPrincipal::GetDomain(nsIURI** aDomain) {
|
||||||
*aDomain = nullptr;
|
*aDomain = nullptr;
|
||||||
|
|
|
@ -44,6 +44,7 @@ class SystemPrincipal final : public BasePrincipal {
|
||||||
NS_IMETHOD SetDomain(nsIURI* aDomain) override;
|
NS_IMETHOD SetDomain(nsIURI* aDomain) override;
|
||||||
NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
|
NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
|
||||||
NS_IMETHOD GetAddonId(nsAString& aAddonId) override;
|
NS_IMETHOD GetAddonId(nsAString& aAddonId) override;
|
||||||
|
NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override;
|
||||||
|
|
||||||
virtual nsresult GetScriptLocation(nsACString& aStr) override;
|
virtual nsresult GetScriptLocation(nsACString& aStr) override;
|
||||||
|
|
||||||
|
|
|
@ -231,6 +231,18 @@ interface nsIPrincipal : nsISerializable
|
||||||
*/
|
*/
|
||||||
bool IsURIInPrefList(in string pref);
|
bool IsURIInPrefList(in string pref);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Implementation of
|
||||||
|
* https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
|
||||||
|
*
|
||||||
|
* The value returned by this method feeds into the the Secure Context
|
||||||
|
* algorithm that determins the value of Window.isSecureContext and
|
||||||
|
* WorkerGlobalScope.isSecureContext.
|
||||||
|
*
|
||||||
|
* This method returns false instead of throwing upon errors.
|
||||||
|
*/
|
||||||
|
readonly attribute bool IsOriginPotentiallyTrustworthy;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the Flags of the Principals
|
* Returns the Flags of the Principals
|
||||||
* associated AboutModule, in case there is one.
|
* associated AboutModule, in case there is one.
|
||||||
|
|
|
@ -8891,18 +8891,9 @@ bool nsContentUtils::HttpsStateIsModern(Document* aDocument) {
|
||||||
|
|
||||||
MOZ_ASSERT(principal->GetIsContentPrincipal());
|
MOZ_ASSERT(principal->GetIsContentPrincipal());
|
||||||
|
|
||||||
nsCOMPtr<nsIContentSecurityManager> csm =
|
bool isTrustworthyOrigin = false;
|
||||||
do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
|
principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
|
||||||
NS_WARNING_ASSERTION(csm, "csm is null");
|
return isTrustworthyOrigin;
|
||||||
if (csm) {
|
|
||||||
bool isTrustworthyOrigin = false;
|
|
||||||
csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
|
|
||||||
if (isTrustworthyOrigin) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* static */
|
/* static */
|
||||||
|
@ -8932,15 +8923,9 @@ bool nsContentUtils::ComputeIsSecureContext(nsIChannel* aChannel) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
nsCOMPtr<nsIContentSecurityManager> csm =
|
bool isTrustworthyOrigin = false;
|
||||||
do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
|
principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
|
||||||
NS_WARNING_ASSERTION(csm, "csm is null");
|
return isTrustworthyOrigin;
|
||||||
if (csm) {
|
|
||||||
bool isTrustworthyOrigin = false;
|
|
||||||
csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
|
|
||||||
return isTrustworthyOrigin;
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* static */
|
/* static */
|
||||||
|
|
|
@ -1693,18 +1693,9 @@ bool nsGlobalWindowOuter::ComputeIsSecureContext(Document* aDocument,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
nsCOMPtr<nsIContentSecurityManager> csm =
|
bool isTrustworthyOrigin = false;
|
||||||
do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
|
principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
|
||||||
NS_WARNING_ASSERTION(csm, "csm is null");
|
return isTrustworthyOrigin;
|
||||||
if (csm) {
|
|
||||||
bool isTrustworthyOrigin = false;
|
|
||||||
csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
|
|
||||||
if (isTrustworthyOrigin) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// We need certain special behavior for remote XUL whitelisted domains, but we
|
// We need certain special behavior for remote XUL whitelisted domains, but we
|
||||||
|
|
|
@ -42,15 +42,4 @@ interface nsIContentSecurityManager : nsISupports
|
||||||
nsIStreamListener performSecurityCheck(in nsIChannel aChannel,
|
nsIStreamListener performSecurityCheck(in nsIChannel aChannel,
|
||||||
in nsIStreamListener aStreamListener);
|
in nsIStreamListener aStreamListener);
|
||||||
|
|
||||||
/**
|
|
||||||
* Implementation of
|
|
||||||
* https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
|
|
||||||
*
|
|
||||||
* The value returned by this method feeds into the the Secure Context
|
|
||||||
* algorithm that determins the value of Window.isSecureContext and
|
|
||||||
* WorkerGlobalScope.isSecureContext.
|
|
||||||
*
|
|
||||||
* This method returns false instead of throwing upon errors.
|
|
||||||
*/
|
|
||||||
boolean isOriginPotentiallyTrustworthy(in nsIPrincipal aPrincipal);
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -509,14 +509,8 @@ bool PresentationRequest::IsPrioriAuthenticatedURL(const nsAString& aUrl) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
nsCOMPtr<nsIContentSecurityManager> csm =
|
|
||||||
do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
|
|
||||||
if (NS_WARN_IF(!csm)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
bool isTrustworthyOrigin = false;
|
bool isTrustworthyOrigin = false;
|
||||||
csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
|
principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
|
||||||
return isTrustworthyOrigin;
|
return isTrustworthyOrigin;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1051,30 +1051,3 @@ nsContentSecurityManager::PerformSecurityCheck(
|
||||||
inAndOutListener.forget(outStreamListener);
|
inAndOutListener.forget(outStreamListener);
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
NS_IMETHODIMP
|
|
||||||
nsContentSecurityManager::IsOriginPotentiallyTrustworthy(
|
|
||||||
nsIPrincipal* aPrincipal, bool* aIsTrustWorthy) {
|
|
||||||
MOZ_ASSERT(NS_IsMainThread());
|
|
||||||
NS_ENSURE_ARG_POINTER(aPrincipal);
|
|
||||||
NS_ENSURE_ARG_POINTER(aIsTrustWorthy);
|
|
||||||
|
|
||||||
if (aPrincipal->IsSystemPrincipal()) {
|
|
||||||
*aIsTrustWorthy = true;
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
*aIsTrustWorthy = false;
|
|
||||||
if (aPrincipal->GetIsNullPrincipal()) {
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
MOZ_ASSERT(aPrincipal->GetIsContentPrincipal(),
|
|
||||||
"Nobody is expected to call us with an nsIExpandedPrincipal");
|
|
||||||
|
|
||||||
nsCOMPtr<nsIURI> uri;
|
|
||||||
nsresult rv = aPrincipal->GetURI(getter_AddRefs(uri));
|
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
|
||||||
*aIsTrustWorthy = nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(uri);
|
|
||||||
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|
|
@ -70,8 +70,7 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithContentPrincipal)
|
||||||
rv = nsScriptSecurityManager::GetScriptSecurityManager()
|
rv = nsScriptSecurityManager::GetScriptSecurityManager()
|
||||||
->CreateContentPrincipalFromOrigin(uri, getter_AddRefs(prin));
|
->CreateContentPrincipalFromOrigin(uri, getter_AddRefs(prin));
|
||||||
bool isPotentiallyTrustworthy = false;
|
bool isPotentiallyTrustworthy = false;
|
||||||
rv = csManager->IsOriginPotentiallyTrustworthy(prin,
|
rv = prin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy);
|
||||||
&isPotentiallyTrustworthy);
|
|
||||||
ASSERT_EQ(NS_OK, rv);
|
ASSERT_EQ(NS_OK, rv);
|
||||||
ASSERT_EQ(isPotentiallyTrustworthy, uris[i].expectedResult);
|
ASSERT_EQ(isPotentiallyTrustworthy, uris[i].expectedResult);
|
||||||
}
|
}
|
||||||
|
@ -82,14 +81,10 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithSystemPrincipal)
|
||||||
RefPtr<nsScriptSecurityManager> ssManager =
|
RefPtr<nsScriptSecurityManager> ssManager =
|
||||||
nsScriptSecurityManager::GetScriptSecurityManager();
|
nsScriptSecurityManager::GetScriptSecurityManager();
|
||||||
ASSERT_TRUE(!!ssManager);
|
ASSERT_TRUE(!!ssManager);
|
||||||
nsCOMPtr<nsIContentSecurityManager> csManager =
|
|
||||||
do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
|
|
||||||
ASSERT_TRUE(!!csManager);
|
|
||||||
|
|
||||||
nsCOMPtr<nsIPrincipal> sysPrin = nsContentUtils::GetSystemPrincipal();
|
nsCOMPtr<nsIPrincipal> sysPrin = nsContentUtils::GetSystemPrincipal();
|
||||||
bool isPotentiallyTrustworthy;
|
bool isPotentiallyTrustworthy;
|
||||||
nsresult rv = csManager->IsOriginPotentiallyTrustworthy(
|
nsresult rv =
|
||||||
sysPrin, &isPotentiallyTrustworthy);
|
sysPrin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy);
|
||||||
ASSERT_EQ(rv, NS_OK);
|
ASSERT_EQ(rv, NS_OK);
|
||||||
ASSERT_TRUE(isPotentiallyTrustworthy);
|
ASSERT_TRUE(isPotentiallyTrustworthy);
|
||||||
}
|
}
|
||||||
|
@ -99,15 +94,12 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithNullPrincipal)
|
||||||
RefPtr<nsScriptSecurityManager> ssManager =
|
RefPtr<nsScriptSecurityManager> ssManager =
|
||||||
nsScriptSecurityManager::GetScriptSecurityManager();
|
nsScriptSecurityManager::GetScriptSecurityManager();
|
||||||
ASSERT_TRUE(!!ssManager);
|
ASSERT_TRUE(!!ssManager);
|
||||||
nsCOMPtr<nsIContentSecurityManager> csManager =
|
|
||||||
do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
|
|
||||||
ASSERT_TRUE(!!csManager);
|
|
||||||
|
|
||||||
RefPtr<NullPrincipal> nullPrin =
|
RefPtr<NullPrincipal> nullPrin =
|
||||||
NullPrincipal::CreateWithoutOriginAttributes();
|
NullPrincipal::CreateWithoutOriginAttributes();
|
||||||
bool isPotentiallyTrustworthy;
|
bool isPotentiallyTrustworthy;
|
||||||
nsresult rv = csManager->IsOriginPotentiallyTrustworthy(
|
nsresult rv =
|
||||||
nullPrin, &isPotentiallyTrustworthy);
|
nullPrin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy);
|
||||||
ASSERT_EQ(rv, NS_OK);
|
ASSERT_EQ(rv, NS_OK);
|
||||||
ASSERT_TRUE(!isPotentiallyTrustworthy);
|
ASSERT_TRUE(!isPotentiallyTrustworthy);
|
||||||
}
|
}
|
||||||
|
|
|
@ -49,18 +49,12 @@ add_task(async function test_isOriginPotentiallyTrustworthy() {
|
||||||
]) {
|
]) {
|
||||||
let uri = NetUtil.newURI(uriSpec);
|
let uri = NetUtil.newURI(uriSpec);
|
||||||
let principal = gScriptSecurityManager.createContentPrincipal(uri, {});
|
let principal = gScriptSecurityManager.createContentPrincipal(uri, {});
|
||||||
Assert.equal(
|
Assert.equal(principal.IsOriginPotentiallyTrustworthy, expectedResult);
|
||||||
gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
|
|
||||||
expectedResult
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
// And now let's test whether .onion sites are properly treated when
|
// And now let's test whether .onion sites are properly treated when
|
||||||
// whitelisted, see bug 1382359.
|
// whitelisted, see bug 1382359.
|
||||||
Services.prefs.setBoolPref("dom.securecontext.whitelist_onions", true);
|
Services.prefs.setBoolPref("dom.securecontext.whitelist_onions", true);
|
||||||
let uri = NetUtil.newURI("http://1234567890abcdef.onion/");
|
let uri = NetUtil.newURI("http://1234567890abcdef.onion/");
|
||||||
let principal = gScriptSecurityManager.createContentPrincipal(uri, {});
|
let principal = gScriptSecurityManager.createContentPrincipal(uri, {});
|
||||||
Assert.equal(
|
Assert.equal(principal.IsOriginPotentiallyTrustworthy, true);
|
||||||
gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
|
|
||||||
true
|
|
||||||
);
|
|
||||||
});
|
});
|
||||||
|
|
|
@ -162,11 +162,8 @@ void ClearSiteData::ClearDataFromChannel(nsIHttpChannel* aChannel) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
nsCOMPtr<nsIContentSecurityManager> csm =
|
|
||||||
do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
|
|
||||||
|
|
||||||
bool secure;
|
bool secure;
|
||||||
rv = csm->IsOriginPotentiallyTrustworthy(principal, &secure);
|
rv = principal->GetIsOriginPotentiallyTrustworthy(&secure);
|
||||||
if (NS_WARN_IF(NS_FAILED(rv)) || !secure) {
|
if (NS_WARN_IF(NS_FAILED(rv)) || !secure) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
Загрузка…
Ссылка в новой задаче