зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1569224 - Part 1: Isolate Alt-Svc mappings for third-party tracker channels based on the origin of the top-level document; r=michal
Differential Revision: https://phabricator.services.mozilla.com/D41139 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
021bb13602
Коммит
c4a278dd27
|
@ -51,7 +51,7 @@ bool AltSvcMapping::AcceptableProxy(nsProxyInfo* proxyInfo) {
|
|||
void AltSvcMapping::ProcessHeader(
|
||||
const nsCString& buf, const nsCString& originScheme,
|
||||
const nsCString& originHost, int32_t originPort, const nsACString& username,
|
||||
const nsACString& topWindowOrigin, bool privateBrowsing,
|
||||
const nsACString& topWindowOrigin, bool privateBrowsing, bool isolated,
|
||||
nsIInterfaceRequestor* callbacks, nsProxyInfo* proxyInfo, uint32_t caps,
|
||||
const OriginAttributes& originAttributes) {
|
||||
MOZ_ASSERT(NS_IsMainThread());
|
||||
|
@ -124,8 +124,8 @@ void AltSvcMapping::ProcessHeader(
|
|||
originAttributes.CreateSuffix(suffix);
|
||||
LOG(("Alt Svc clearing mapping for %s:%d:%s", originHost.get(),
|
||||
originPort, suffix.get()));
|
||||
gHttpHandler->ConnMgr()->ClearHostMapping(originHost, originPort,
|
||||
originAttributes);
|
||||
gHttpHandler->ConnMgr()->ClearHostMapping(
|
||||
originHost, originPort, originAttributes, topWindowOrigin);
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -150,15 +150,15 @@ void AltSvcMapping::ProcessHeader(
|
|||
RefPtr<AltSvcMapping> mapping = new AltSvcMapping(
|
||||
gHttpHandler->ConnMgr()->GetStoragePtr(),
|
||||
gHttpHandler->ConnMgr()->StorageEpoch(), originScheme, originHost,
|
||||
originPort, username, topWindowOrigin, privateBrowsing,
|
||||
originPort, username, topWindowOrigin, privateBrowsing, isolated,
|
||||
NowInSeconds() + maxage, hostname, portno, npnToken, originAttributes);
|
||||
if (mapping->TTL() <= 0) {
|
||||
LOG(("Alt Svc invalid map"));
|
||||
mapping = nullptr;
|
||||
// since this isn't a parse error, let's clear any existing mapping
|
||||
// as that would have happened if we had accepted the parameters.
|
||||
gHttpHandler->ConnMgr()->ClearHostMapping(originHost, originPort,
|
||||
originAttributes);
|
||||
gHttpHandler->ConnMgr()->ClearHostMapping(
|
||||
originHost, originPort, originAttributes, topWindowOrigin);
|
||||
} else {
|
||||
gHttpHandler->UpdateAltServiceMapping(mapping, proxyInfo, callbacks, caps,
|
||||
originAttributes);
|
||||
|
@ -171,15 +171,13 @@ void AltSvcMapping::ProcessHeader(
|
|||
}
|
||||
}
|
||||
|
||||
AltSvcMapping::AltSvcMapping(DataStorage* storage, int32_t epoch,
|
||||
const nsACString& originScheme,
|
||||
const nsACString& originHost, int32_t originPort,
|
||||
const nsACString& username,
|
||||
const nsACString& topWindowOrigin,
|
||||
bool privateBrowsing, uint32_t expiresAt,
|
||||
const nsACString& alternateHost,
|
||||
int32_t alternatePort, const nsACString& npnToken,
|
||||
const OriginAttributes& originAttributes)
|
||||
AltSvcMapping::AltSvcMapping(
|
||||
DataStorage* storage, int32_t epoch, const nsACString& originScheme,
|
||||
const nsACString& originHost, int32_t originPort,
|
||||
const nsACString& username, const nsACString& topWindowOrigin,
|
||||
bool privateBrowsing, bool isolated, uint32_t expiresAt,
|
||||
const nsACString& alternateHost, int32_t alternatePort,
|
||||
const nsACString& npnToken, const OriginAttributes& originAttributes)
|
||||
: mStorage(storage),
|
||||
mStorageEpoch(epoch),
|
||||
mAlternateHost(alternateHost),
|
||||
|
@ -189,6 +187,7 @@ AltSvcMapping::AltSvcMapping(DataStorage* storage, int32_t epoch,
|
|||
mUsername(username),
|
||||
mTopWindowOrigin(topWindowOrigin),
|
||||
mPrivate(privateBrowsing),
|
||||
mIsolated(isolated),
|
||||
mExpiresAt(expiresAt),
|
||||
mValidated(false),
|
||||
mMixedScheme(false),
|
||||
|
@ -225,7 +224,7 @@ AltSvcMapping::AltSvcMapping(DataStorage* storage, int32_t epoch,
|
|||
|
||||
if (mExpiresAt) {
|
||||
MakeHashKey(mHashKey, originScheme, mOriginHost, mOriginPort, mPrivate,
|
||||
mOriginAttributes);
|
||||
mIsolated, mTopWindowOrigin, mOriginAttributes);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -233,6 +232,8 @@ void AltSvcMapping::MakeHashKey(nsCString& outKey,
|
|||
const nsACString& originScheme,
|
||||
const nsACString& originHost,
|
||||
int32_t originPort, bool privateBrowsing,
|
||||
bool isolated,
|
||||
const nsACString& topWindowOrigin,
|
||||
const OriginAttributes& originAttributes) {
|
||||
outKey.Truncate();
|
||||
|
||||
|
@ -252,6 +253,15 @@ void AltSvcMapping::MakeHashKey(nsCString& outKey,
|
|||
nsAutoCString suffix;
|
||||
originAttributes.CreateSuffix(suffix);
|
||||
outKey.Append(suffix);
|
||||
|
||||
if (isolated) {
|
||||
outKey.Append(':');
|
||||
outKey.Append('I');
|
||||
outKey.Append(':');
|
||||
outKey.Append(topWindowOrigin);
|
||||
outKey.Append(
|
||||
'|'); // Be careful, the top window origin may contain colons!
|
||||
}
|
||||
}
|
||||
|
||||
int32_t AltSvcMapping::TTL() { return mExpiresAt - NowInSeconds(); }
|
||||
|
@ -326,6 +336,7 @@ void AltSvcMapping::GetConnectionInfo(
|
|||
ci->SetInsecureScheme(true);
|
||||
}
|
||||
ci->SetPrivate(mPrivate);
|
||||
ci->SetIsolated(mIsolated);
|
||||
ci.forget(outCI);
|
||||
}
|
||||
|
||||
|
@ -360,6 +371,8 @@ void AltSvcMapping::Serialize(nsCString& out) {
|
|||
out.Append(':');
|
||||
out.Append(mTopWindowOrigin);
|
||||
out.Append('|'); // Be careful, the top window origin may contain colons!
|
||||
out.Append(mIsolated ? 'y' : 'n');
|
||||
out.Append(':');
|
||||
// Add code to serialize new members here!
|
||||
}
|
||||
|
||||
|
@ -421,13 +434,16 @@ AltSvcMapping::AltSvcMapping(DataStorage* storage, int32_t epoch,
|
|||
_NS_NEXT_TOKEN;
|
||||
mTopWindowOrigin = Substring(str, start, idx - start);
|
||||
separator = ':';
|
||||
mIsolated = Substring(str, start, idx - start).EqualsLiteral("y");
|
||||
_NS_NEXT_TOKEN;
|
||||
// Add code to deserialize new members here!
|
||||
#undef _NS_NEXT_TOKEN
|
||||
|
||||
MakeHashKey(
|
||||
mHashKey,
|
||||
mHttps ? NS_LITERAL_CSTRING("https") : NS_LITERAL_CSTRING("http"),
|
||||
mOriginHost, mOriginPort, mPrivate, mOriginAttributes);
|
||||
mOriginHost, mOriginPort, mPrivate, mIsolated, mTopWindowOrigin,
|
||||
mOriginAttributes);
|
||||
} while (false);
|
||||
}
|
||||
|
||||
|
@ -994,7 +1010,8 @@ void AltSvcCache::UpdateAltServiceMapping(
|
|||
|
||||
already_AddRefed<AltSvcMapping> AltSvcCache::GetAltServiceMapping(
|
||||
const nsACString& scheme, const nsACString& host, int32_t port,
|
||||
bool privateBrowsing, const OriginAttributes& originAttributes) {
|
||||
bool privateBrowsing, bool isolated, const nsACString& topWindowOrigin,
|
||||
const OriginAttributes& originAttributes) {
|
||||
bool isHTTPS;
|
||||
MOZ_ASSERT(NS_IsMainThread());
|
||||
if (!mStorage) {
|
||||
|
@ -1024,8 +1041,8 @@ already_AddRefed<AltSvcMapping> AltSvcCache::GetAltServiceMapping(
|
|||
}
|
||||
|
||||
nsAutoCString key;
|
||||
AltSvcMapping::MakeHashKey(key, scheme, host, port, privateBrowsing,
|
||||
originAttributes);
|
||||
AltSvcMapping::MakeHashKey(key, scheme, host, port, privateBrowsing, isolated,
|
||||
topWindowOrigin, originAttributes);
|
||||
RefPtr<AltSvcMapping> existing = LookupMapping(key, privateBrowsing);
|
||||
LOG(
|
||||
("AltSvcCache::GetAltServiceMapping %p key=%s "
|
||||
|
@ -1041,15 +1058,18 @@ already_AddRefed<AltSvcMapping> AltSvcCache::GetAltServiceMapping(
|
|||
class ProxyClearHostMapping : public Runnable {
|
||||
public:
|
||||
explicit ProxyClearHostMapping(const nsACString& host, int32_t port,
|
||||
const OriginAttributes& originAttributes)
|
||||
const OriginAttributes& originAttributes,
|
||||
const nsACString& topWindowOrigin)
|
||||
: Runnable("net::ProxyClearHostMapping"),
|
||||
mHost(host),
|
||||
mPort(port),
|
||||
mOriginAttributes(originAttributes) {}
|
||||
mOriginAttributes(originAttributes),
|
||||
mTopWindowOrigin(topWindowOrigin) {}
|
||||
|
||||
NS_IMETHOD Run() override {
|
||||
MOZ_ASSERT(NS_IsMainThread());
|
||||
gHttpHandler->ConnMgr()->ClearHostMapping(mHost, mPort, mOriginAttributes);
|
||||
gHttpHandler->ConnMgr()->ClearHostMapping(mHost, mPort, mOriginAttributes,
|
||||
mTopWindowOrigin);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -1057,52 +1077,43 @@ class ProxyClearHostMapping : public Runnable {
|
|||
nsCString mHost;
|
||||
int32_t mPort;
|
||||
OriginAttributes mOriginAttributes;
|
||||
nsCString mTopWindowOrigin;
|
||||
};
|
||||
|
||||
void AltSvcCache::ClearHostMapping(const nsACString& host, int32_t port,
|
||||
const OriginAttributes& originAttributes) {
|
||||
const OriginAttributes& originAttributes,
|
||||
const nsACString& topWindowOrigin) {
|
||||
if (!NS_IsMainThread()) {
|
||||
nsCOMPtr<nsIRunnable> event =
|
||||
new ProxyClearHostMapping(host, port, originAttributes);
|
||||
nsCOMPtr<nsIRunnable> event = new ProxyClearHostMapping(
|
||||
host, port, originAttributes, topWindowOrigin);
|
||||
if (event) {
|
||||
NS_DispatchToMainThread(event);
|
||||
}
|
||||
return;
|
||||
}
|
||||
nsAutoCString key;
|
||||
AltSvcMapping::MakeHashKey(key, NS_LITERAL_CSTRING("http"), host, port, true,
|
||||
originAttributes);
|
||||
RefPtr<AltSvcMapping> existing = LookupMapping(key, true);
|
||||
if (existing) {
|
||||
existing->SetExpired();
|
||||
}
|
||||
|
||||
AltSvcMapping::MakeHashKey(key, NS_LITERAL_CSTRING("https"), host, port, true,
|
||||
originAttributes);
|
||||
existing = LookupMapping(key, true);
|
||||
if (existing) {
|
||||
existing->SetExpired();
|
||||
}
|
||||
|
||||
AltSvcMapping::MakeHashKey(key, NS_LITERAL_CSTRING("http"), host, port, false,
|
||||
originAttributes);
|
||||
existing = LookupMapping(key, false);
|
||||
if (existing) {
|
||||
existing->SetExpired();
|
||||
}
|
||||
|
||||
AltSvcMapping::MakeHashKey(key, NS_LITERAL_CSTRING("https"), host, port,
|
||||
false, originAttributes);
|
||||
existing = LookupMapping(key, false);
|
||||
if (existing) {
|
||||
existing->SetExpired();
|
||||
for (int secure = 0; secure < 2; ++secure) {
|
||||
NS_NAMED_LITERAL_CSTRING(http, "http");
|
||||
NS_NAMED_LITERAL_CSTRING(https, "https");
|
||||
const nsLiteralCString& scheme = secure ? https : http;
|
||||
for (int pb = 1; pb >= 0; --pb) {
|
||||
for (int isolate = 0; isolate < 2; ++isolate) {
|
||||
AltSvcMapping::MakeHashKey(key, scheme, host, port, bool(pb),
|
||||
bool(isolate), topWindowOrigin,
|
||||
originAttributes);
|
||||
RefPtr<AltSvcMapping> existing = LookupMapping(key, bool(pb));
|
||||
if (existing) {
|
||||
existing->SetExpired();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void AltSvcCache::ClearHostMapping(nsHttpConnectionInfo* ci) {
|
||||
if (!ci->GetOrigin().IsEmpty()) {
|
||||
ClearHostMapping(ci->GetOrigin(), ci->OriginPort(),
|
||||
ci->GetOriginAttributes());
|
||||
ci->GetOriginAttributes(), ci->GetTopWindowOrigin());
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -50,8 +50,9 @@ class AltSvcMapping {
|
|||
const nsACString& originScheme, const nsACString& originHost,
|
||||
int32_t originPort, const nsACString& username,
|
||||
const nsACString& topWindowOrigin, bool privateBrowsing,
|
||||
uint32_t expiresAt, const nsACString& alternateHost,
|
||||
int32_t alternatePort, const nsACString& npnToken,
|
||||
bool isolated, uint32_t expiresAt,
|
||||
const nsACString& alternateHost, int32_t alternatePort,
|
||||
const nsACString& npnToken,
|
||||
const OriginAttributes& originAttributes);
|
||||
|
||||
public:
|
||||
|
@ -62,7 +63,7 @@ class AltSvcMapping {
|
|||
const nsCString& originHost, int32_t originPort,
|
||||
const nsACString& username,
|
||||
const nsACString& topWindowOrigin,
|
||||
bool privateBrowsing,
|
||||
bool privateBrowsing, bool isolated,
|
||||
nsIInterfaceRequestor* callbacks,
|
||||
nsProxyInfo* proxyInfo, uint32_t caps,
|
||||
const OriginAttributes& originAttributes);
|
||||
|
@ -87,6 +88,7 @@ class AltSvcMapping {
|
|||
int32_t TTL();
|
||||
int32_t StorageEpoch() { return mStorageEpoch; }
|
||||
bool Private() { return mPrivate; }
|
||||
bool Isolated() { return mIsolated; }
|
||||
|
||||
void SetValidated(bool val);
|
||||
void SetMixedScheme(bool val);
|
||||
|
@ -97,7 +99,8 @@ class AltSvcMapping {
|
|||
|
||||
static void MakeHashKey(nsCString& outKey, const nsACString& originScheme,
|
||||
const nsACString& originHost, int32_t originPort,
|
||||
bool privateBrowsing,
|
||||
bool privateBrowsing, bool isolated,
|
||||
const nsACString& topWindowOrigin,
|
||||
const OriginAttributes& originAttributes);
|
||||
|
||||
private:
|
||||
|
@ -119,6 +122,7 @@ class AltSvcMapping {
|
|||
nsCString mUsername;
|
||||
nsCString mTopWindowOrigin;
|
||||
MOZ_INIT_OUTSIDE_CTOR bool mPrivate;
|
||||
MOZ_INIT_OUTSIDE_CTOR bool mIsolated;
|
||||
|
||||
MOZ_INIT_OUTSIDE_CTOR uint32_t mExpiresAt; // alt-svc mappping
|
||||
|
||||
|
@ -183,10 +187,12 @@ class AltSvcCache {
|
|||
const OriginAttributes& originAttributes); // main thread
|
||||
already_AddRefed<AltSvcMapping> GetAltServiceMapping(
|
||||
const nsACString& scheme, const nsACString& host, int32_t port, bool pb,
|
||||
bool isolated, const nsACString& topWindowOrigin,
|
||||
const OriginAttributes& originAttributes);
|
||||
void ClearAltServiceMappings();
|
||||
void ClearHostMapping(const nsACString& host, int32_t port,
|
||||
const OriginAttributes& originAttributes);
|
||||
const OriginAttributes& originAttributes,
|
||||
const nsACString& topWindowOrigin);
|
||||
void ClearHostMapping(nsHttpConnectionInfo* ci);
|
||||
DataStorage* GetStoragePtr() { return mStorage.get(); }
|
||||
int32_t StorageEpoch() { return mStorageEpoch; }
|
||||
|
|
|
@ -2531,8 +2531,8 @@ class UpdateAltSvcEvent : public Runnable {
|
|||
|
||||
AltSvcMapping::ProcessHeader(
|
||||
mHeader, originScheme, originHost, originPort, mCI->GetUsername(),
|
||||
mCI->GetTopWindowOrigin(), mCI->GetPrivate(), mCallbacks,
|
||||
mCI->ProxyInfo(), 0, mCI->GetOriginAttributes());
|
||||
mCI->GetTopWindowOrigin(), mCI->GetPrivate(), mCI->GetIsolated(),
|
||||
mCallbacks, mCI->ProxyInfo(), 0, mCI->GetOriginAttributes());
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
|
|
@ -2368,10 +2368,10 @@ void nsHttpChannel::ProcessAltService() {
|
|||
OriginAttributes originAttributes;
|
||||
NS_GetOriginAttributes(this, originAttributes);
|
||||
|
||||
AltSvcMapping::ProcessHeader(altSvc, scheme, originHost, originPort,
|
||||
mUsername, GetTopWindowOrigin(),
|
||||
mPrivateBrowsing, callbacks, proxyInfo,
|
||||
mCaps & NS_HTTP_DISALLOW_SPDY, originAttributes);
|
||||
AltSvcMapping::ProcessHeader(
|
||||
altSvc, scheme, originHost, originPort, mUsername, GetTopWindowOrigin(),
|
||||
mPrivateBrowsing, IsIsolated(), callbacks, proxyInfo,
|
||||
mCaps & NS_HTTP_DISALLOW_SPDY, originAttributes);
|
||||
}
|
||||
|
||||
nsresult nsHttpChannel::ProcessResponse() {
|
||||
|
@ -6588,7 +6588,8 @@ nsresult nsHttpChannel::BeginConnect() {
|
|||
AltSvcMapping::AcceptableProxy(proxyInfo) &&
|
||||
(scheme.EqualsLiteral("http") || scheme.EqualsLiteral("https")) &&
|
||||
(mapping = gHttpHandler->GetAltServiceMapping(
|
||||
scheme, host, port, mPrivateBrowsing, originAttributes))) {
|
||||
scheme, host, port, mPrivateBrowsing, IsIsolated(),
|
||||
GetTopWindowOrigin(), originAttributes))) {
|
||||
LOG(("nsHttpChannel %p Alt Service Mapping Found %s://%s:%d [%s]\n", this,
|
||||
scheme.get(), mapping->AlternateHost().get(), mapping->AlternatePort(),
|
||||
mapping->HashKey().get()));
|
||||
|
|
|
@ -331,9 +331,10 @@ class nsHttpHandler final : public nsIHttpProtocolHandler,
|
|||
|
||||
already_AddRefed<AltSvcMapping> GetAltServiceMapping(
|
||||
const nsACString& scheme, const nsACString& host, int32_t port, bool pb,
|
||||
bool isolated, const nsACString& topWindowOrigin,
|
||||
const OriginAttributes& originAttributes) {
|
||||
return mConnMgr->GetAltServiceMapping(scheme, host, port, pb,
|
||||
originAttributes);
|
||||
return mConnMgr->GetAltServiceMapping(scheme, host, port, pb, isolated,
|
||||
topWindowOrigin, originAttributes);
|
||||
}
|
||||
|
||||
//
|
||||
|
|
Загрузка…
Ссылка в новой задаче