mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1569224 - Part 1: Isolate Alt-Svc mappings for third-party tracker channels based on the origin of the top-level document; r=michal 

Differential Revision: https://phabricator.services.mozilla.com/D41139

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Ehsan Akhgari 2019-08-08 22:04:24 +00:00
Родитель 021bb13602
Коммит c4a278dd27
5 изменённых файлов: 86 добавлений и 67 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

117
netwerk/protocol/http/AlternateServices.cpp
Просмотреть файл

@ -51,7 +51,7 @@ bool AltSvcMapping::AcceptableProxy(nsProxyInfo* proxyInfo) {
void AltSvcMapping::ProcessHeader(
const nsCString& buf, const nsCString& originScheme,
const nsCString& originHost, int32_t originPort, const nsACString& username,
const nsACString& topWindowOrigin, bool privateBrowsing,
const nsACString& topWindowOrigin, bool privateBrowsing, bool isolated,
nsIInterfaceRequestor* callbacks, nsProxyInfo* proxyInfo, uint32_t caps,
const OriginAttributes& originAttributes) {
MOZ_ASSERT(NS_IsMainThread());
@ -124,8 +124,8 @@ void AltSvcMapping::ProcessHeader(
originAttributes.CreateSuffix(suffix);
LOG(("Alt Svc clearing mapping for %s:%d:%s", originHost.get(),
originPort, suffix.get()));
gHttpHandler->ConnMgr()->ClearHostMapping(originHost, originPort,
originAttributes);
gHttpHandler->ConnMgr()->ClearHostMapping(
originHost, originPort, originAttributes, topWindowOrigin);
continue;
}
@ -150,15 +150,15 @@ void AltSvcMapping::ProcessHeader(
RefPtr<AltSvcMapping> mapping = new AltSvcMapping(
gHttpHandler->ConnMgr()->GetStoragePtr(),
gHttpHandler->ConnMgr()->StorageEpoch(), originScheme, originHost,
originPort, username, topWindowOrigin, privateBrowsing,
originPort, username, topWindowOrigin, privateBrowsing, isolated,
NowInSeconds() + maxage, hostname, portno, npnToken, originAttributes);
if (mapping->TTL() <= 0) {
LOG(("Alt Svc invalid map"));
mapping = nullptr;
// since this isn't a parse error, let's clear any existing mapping
// as that would have happened if we had accepted the parameters.
gHttpHandler->ConnMgr()->ClearHostMapping(originHost, originPort,
originAttributes);
gHttpHandler->ConnMgr()->ClearHostMapping(
originHost, originPort, originAttributes, topWindowOrigin);
} else {
gHttpHandler->UpdateAltServiceMapping(mapping, proxyInfo, callbacks, caps,
originAttributes);
@ -171,15 +171,13 @@ void AltSvcMapping::ProcessHeader(
}
}
AltSvcMapping::AltSvcMapping(DataStorage* storage, int32_t epoch,
const nsACString& originScheme,
const nsACString& originHost, int32_t originPort,
const nsACString& username,
const nsACString& topWindowOrigin,
bool privateBrowsing, uint32_t expiresAt,
const nsACString& alternateHost,
int32_t alternatePort, const nsACString& npnToken,
const OriginAttributes& originAttributes)
AltSvcMapping::AltSvcMapping(
DataStorage* storage, int32_t epoch, const nsACString& originScheme,
const nsACString& originHost, int32_t originPort,
const nsACString& username, const nsACString& topWindowOrigin,
bool privateBrowsing, bool isolated, uint32_t expiresAt,
const nsACString& alternateHost, int32_t alternatePort,
const nsACString& npnToken, const OriginAttributes& originAttributes)
: mStorage(storage),
mStorageEpoch(epoch),
mAlternateHost(alternateHost),
@ -189,6 +187,7 @@ AltSvcMapping::AltSvcMapping(DataStorage* storage, int32_t epoch,
mUsername(username),
mTopWindowOrigin(topWindowOrigin),
mPrivate(privateBrowsing),
mIsolated(isolated),
mExpiresAt(expiresAt),
mValidated(false),
mMixedScheme(false),
@ -225,7 +224,7 @@ AltSvcMapping::AltSvcMapping(DataStorage* storage, int32_t epoch,
if (mExpiresAt) {
MakeHashKey(mHashKey, originScheme, mOriginHost, mOriginPort, mPrivate,
mOriginAttributes);
mIsolated, mTopWindowOrigin, mOriginAttributes);
}
}
@ -233,6 +232,8 @@ void AltSvcMapping::MakeHashKey(nsCString& outKey,
const nsACString& originScheme,
const nsACString& originHost,
int32_t originPort, bool privateBrowsing,
bool isolated,
const nsACString& topWindowOrigin,
const OriginAttributes& originAttributes) {
outKey.Truncate();
@ -252,6 +253,15 @@ void AltSvcMapping::MakeHashKey(nsCString& outKey,
nsAutoCString suffix;
originAttributes.CreateSuffix(suffix);
outKey.Append(suffix);
if (isolated) {
outKey.Append(':');
outKey.Append('I');
outKey.Append(':');
outKey.Append(topWindowOrigin);
outKey.Append(
'|'); // Be careful, the top window origin may contain colons!
}
}
int32_t AltSvcMapping::TTL() { return mExpiresAt - NowInSeconds(); }
@ -326,6 +336,7 @@ void AltSvcMapping::GetConnectionInfo(
ci->SetInsecureScheme(true);
}
ci->SetPrivate(mPrivate);
ci->SetIsolated(mIsolated);
ci.forget(outCI);
}
@ -360,6 +371,8 @@ void AltSvcMapping::Serialize(nsCString& out) {
out.Append(':');
out.Append(mTopWindowOrigin);
out.Append('|'); // Be careful, the top window origin may contain colons!
out.Append(mIsolated ? 'y' : 'n');
out.Append(':');
// Add code to serialize new members here!
}
@ -421,13 +434,16 @@ AltSvcMapping::AltSvcMapping(DataStorage* storage, int32_t epoch,
_NS_NEXT_TOKEN;
mTopWindowOrigin = Substring(str, start, idx - start);
separator = ':';
mIsolated = Substring(str, start, idx - start).EqualsLiteral("y");
_NS_NEXT_TOKEN;
// Add code to deserialize new members here!
#undef _NS_NEXT_TOKEN
MakeHashKey(
mHashKey,
mHttps ? NS_LITERAL_CSTRING("https") : NS_LITERAL_CSTRING("http"),
mOriginHost, mOriginPort, mPrivate, mOriginAttributes);
mOriginHost, mOriginPort, mPrivate, mIsolated, mTopWindowOrigin,
mOriginAttributes);
} while (false);
}
@ -994,7 +1010,8 @@ void AltSvcCache::UpdateAltServiceMapping(
already_AddRefed<AltSvcMapping> AltSvcCache::GetAltServiceMapping(
const nsACString& scheme, const nsACString& host, int32_t port,
bool privateBrowsing, const OriginAttributes& originAttributes) {
bool privateBrowsing, bool isolated, const nsACString& topWindowOrigin,
const OriginAttributes& originAttributes) {
bool isHTTPS;
MOZ_ASSERT(NS_IsMainThread());
if (!mStorage) {
@ -1024,8 +1041,8 @@ already_AddRefed<AltSvcMapping> AltSvcCache::GetAltServiceMapping(
}
nsAutoCString key;
AltSvcMapping::MakeHashKey(key, scheme, host, port, privateBrowsing,
originAttributes);
AltSvcMapping::MakeHashKey(key, scheme, host, port, privateBrowsing, isolated,
topWindowOrigin, originAttributes);
RefPtr<AltSvcMapping> existing = LookupMapping(key, privateBrowsing);
LOG(
("AltSvcCache::GetAltServiceMapping %p key=%s "
@ -1041,15 +1058,18 @@ already_AddRefed<AltSvcMapping> AltSvcCache::GetAltServiceMapping(
class ProxyClearHostMapping : public Runnable {
public:
explicit ProxyClearHostMapping(const nsACString& host, int32_t port,
const OriginAttributes& originAttributes)
const OriginAttributes& originAttributes,
const nsACString& topWindowOrigin)
: Runnable("net::ProxyClearHostMapping"),
mHost(host),
mPort(port),
mOriginAttributes(originAttributes) {}
mOriginAttributes(originAttributes),
mTopWindowOrigin(topWindowOrigin) {}
NS_IMETHOD Run() override {
MOZ_ASSERT(NS_IsMainThread());
gHttpHandler->ConnMgr()->ClearHostMapping(mHost, mPort, mOriginAttributes);
gHttpHandler->ConnMgr()->ClearHostMapping(mHost, mPort, mOriginAttributes,
mTopWindowOrigin);
return NS_OK;
}
@ -1057,52 +1077,43 @@ class ProxyClearHostMapping : public Runnable {
nsCString mHost;
int32_t mPort;
OriginAttributes mOriginAttributes;
nsCString mTopWindowOrigin;
};
void AltSvcCache::ClearHostMapping(const nsACString& host, int32_t port,
const OriginAttributes& originAttributes) {
const OriginAttributes& originAttributes,
const nsACString& topWindowOrigin) {
if (!NS_IsMainThread()) {
nsCOMPtr<nsIRunnable> event =
new ProxyClearHostMapping(host, port, originAttributes);
nsCOMPtr<nsIRunnable> event = new ProxyClearHostMapping(
host, port, originAttributes, topWindowOrigin);
if (event) {
NS_DispatchToMainThread(event);
}
return;
}
nsAutoCString key;
AltSvcMapping::MakeHashKey(key, NS_LITERAL_CSTRING("http"), host, port, true,
originAttributes);
RefPtr<AltSvcMapping> existing = LookupMapping(key, true);
if (existing) {
existing->SetExpired();
}
AltSvcMapping::MakeHashKey(key, NS_LITERAL_CSTRING("https"), host, port, true,
originAttributes);
existing = LookupMapping(key, true);
if (existing) {
existing->SetExpired();
}
AltSvcMapping::MakeHashKey(key, NS_LITERAL_CSTRING("http"), host, port, false,
originAttributes);
existing = LookupMapping(key, false);
if (existing) {
existing->SetExpired();
}
AltSvcMapping::MakeHashKey(key, NS_LITERAL_CSTRING("https"), host, port,
false, originAttributes);
existing = LookupMapping(key, false);
if (existing) {
existing->SetExpired();
for (int secure = 0; secure < 2; ++secure) {
NS_NAMED_LITERAL_CSTRING(http, "http");
NS_NAMED_LITERAL_CSTRING(https, "https");
const nsLiteralCString& scheme = secure ? https : http;
for (int pb = 1; pb >= 0; --pb) {
for (int isolate = 0; isolate < 2; ++isolate) {
AltSvcMapping::MakeHashKey(key, scheme, host, port, bool(pb),
bool(isolate), topWindowOrigin,
originAttributes);
RefPtr<AltSvcMapping> existing = LookupMapping(key, bool(pb));
if (existing) {
existing->SetExpired();
}
}
}
}
}
void AltSvcCache::ClearHostMapping(nsHttpConnectionInfo* ci) {
if (!ci->GetOrigin().IsEmpty()) {
ClearHostMapping(ci->GetOrigin(), ci->OriginPort(),
ci->GetOriginAttributes());
ci->GetOriginAttributes(), ci->GetTopWindowOrigin());
}
}

16
netwerk/protocol/http/AlternateServices.h
Просмотреть файл

@ -50,8 +50,9 @@ class AltSvcMapping {
const nsACString& originScheme, const nsACString& originHost,
int32_t originPort, const nsACString& username,
const nsACString& topWindowOrigin, bool privateBrowsing,
uint32_t expiresAt, const nsACString& alternateHost,
int32_t alternatePort, const nsACString& npnToken,
bool isolated, uint32_t expiresAt,
const nsACString& alternateHost, int32_t alternatePort,
const nsACString& npnToken,
const OriginAttributes& originAttributes);
public:
@ -62,7 +63,7 @@ class AltSvcMapping {
const nsCString& originHost, int32_t originPort,
const nsACString& username,
const nsACString& topWindowOrigin,
bool privateBrowsing,
bool privateBrowsing, bool isolated,
nsIInterfaceRequestor* callbacks,
nsProxyInfo* proxyInfo, uint32_t caps,
const OriginAttributes& originAttributes);
@ -87,6 +88,7 @@ class AltSvcMapping {
int32_t TTL();
int32_t StorageEpoch() { return mStorageEpoch; }
bool Private() { return mPrivate; }
bool Isolated() { return mIsolated; }
void SetValidated(bool val);
void SetMixedScheme(bool val);
@ -97,7 +99,8 @@ class AltSvcMapping {
static void MakeHashKey(nsCString& outKey, const nsACString& originScheme,
const nsACString& originHost, int32_t originPort,
bool privateBrowsing,
bool privateBrowsing, bool isolated,
const nsACString& topWindowOrigin,
const OriginAttributes& originAttributes);
private:
@ -119,6 +122,7 @@ class AltSvcMapping {
nsCString mUsername;
nsCString mTopWindowOrigin;
MOZ_INIT_OUTSIDE_CTOR bool mPrivate;
MOZ_INIT_OUTSIDE_CTOR bool mIsolated;
MOZ_INIT_OUTSIDE_CTOR uint32_t mExpiresAt; // alt-svc mappping
@ -183,10 +187,12 @@ class AltSvcCache {
const OriginAttributes& originAttributes); // main thread
already_AddRefed<AltSvcMapping> GetAltServiceMapping(
const nsACString& scheme, const nsACString& host, int32_t port, bool pb,
bool isolated, const nsACString& topWindowOrigin,
const OriginAttributes& originAttributes);
void ClearAltServiceMappings();
void ClearHostMapping(const nsACString& host, int32_t port,
const OriginAttributes& originAttributes);
const OriginAttributes& originAttributes,
const nsACString& topWindowOrigin);
void ClearHostMapping(nsHttpConnectionInfo* ci);
DataStorage* GetStoragePtr() { return mStorage.get(); }
int32_t StorageEpoch() { return mStorageEpoch; }

4
netwerk/protocol/http/Http2Session.cpp
Просмотреть файл

@ -2531,8 +2531,8 @@ class UpdateAltSvcEvent : public Runnable {
AltSvcMapping::ProcessHeader(
mHeader, originScheme, originHost, originPort, mCI->GetUsername(),
mCI->GetTopWindowOrigin(), mCI->GetPrivate(), mCallbacks,
mCI->ProxyInfo(), 0, mCI->GetOriginAttributes());
mCI->GetTopWindowOrigin(), mCI->GetPrivate(), mCI->GetIsolated(),
mCallbacks, mCI->ProxyInfo(), 0, mCI->GetOriginAttributes());
return NS_OK;
}

11
netwerk/protocol/http/nsHttpChannel.cpp
Просмотреть файл

@ -2368,10 +2368,10 @@ void nsHttpChannel::ProcessAltService() {
OriginAttributes originAttributes;
NS_GetOriginAttributes(this, originAttributes);
AltSvcMapping::ProcessHeader(altSvc, scheme, originHost, originPort,
mUsername, GetTopWindowOrigin(),
mPrivateBrowsing, callbacks, proxyInfo,
mCaps & NS_HTTP_DISALLOW_SPDY, originAttributes);
AltSvcMapping::ProcessHeader(
altSvc, scheme, originHost, originPort, mUsername, GetTopWindowOrigin(),
mPrivateBrowsing, IsIsolated(), callbacks, proxyInfo,
mCaps & NS_HTTP_DISALLOW_SPDY, originAttributes);
}
nsresult nsHttpChannel::ProcessResponse() {
@ -6588,7 +6588,8 @@ nsresult nsHttpChannel::BeginConnect() {
AltSvcMapping::AcceptableProxy(proxyInfo) &&
(scheme.EqualsLiteral("http") || scheme.EqualsLiteral("https")) &&
(mapping = gHttpHandler->GetAltServiceMapping(
scheme, host, port, mPrivateBrowsing, originAttributes))) {
scheme, host, port, mPrivateBrowsing, IsIsolated(),
GetTopWindowOrigin(), originAttributes))) {
LOG(("nsHttpChannel %p Alt Service Mapping Found %s://%s:%d [%s]\n", this,
scheme.get(), mapping->AlternateHost().get(), mapping->AlternatePort(),
mapping->HashKey().get()));

5
netwerk/protocol/http/nsHttpHandler.h
Просмотреть файл

@ -331,9 +331,10 @@ class nsHttpHandler final : public nsIHttpProtocolHandler,
already_AddRefed<AltSvcMapping> GetAltServiceMapping(
const nsACString& scheme, const nsACString& host, int32_t port, bool pb,
bool isolated, const nsACString& topWindowOrigin,
const OriginAttributes& originAttributes) {
return mConnMgr->GetAltServiceMapping(scheme, host, port, pb,
originAttributes);
return mConnMgr->GetAltServiceMapping(scheme, host, port, pb, isolated,
topWindowOrigin, originAttributes);
}
//