search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1890277: part 2) Add `require-trusted-types-for` directive to CSP parser, guarded...
[gecko.git] / dom / security / nsCSPUtils.h
blob0b45cc7a78de0b06c79aaf2b5f6739cbecfaa51d
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #ifndef nsCSPUtils_h___
8 #define nsCSPUtils_h___
9
10 #include "nsCOMPtr.h"
11 #include "nsIContentSecurityPolicy.h"
12 #include "nsILoadInfo.h"
13 #include "nsIURI.h"
14 #include "nsLiteralString.h"
15 #include "nsString.h"
16 #include "nsTArray.h"
17 #include "nsUnicharUtils.h"
18 #include "mozilla/Logging.h"
19
20 class nsIChannel;
21
22 namespace mozilla::dom {
23 struct CSP;
24 class Document;
25 } // namespace mozilla::dom
26
27 /* =============== Logging =================== */
28
29 void CSP_LogLocalizedStr(const char* aName, const nsTArray<nsString>& aParams,
30 const nsAString& aSourceName,
31 const nsAString& aSourceLine, uint32_t aLineNumber,
32 uint32_t aColumnNumber, uint32_t aFlags,
33 const nsACString& aCategory, uint64_t aInnerWindowID,
34 bool aFromPrivateWindow);
35
36 void CSP_GetLocalizedStr(const char* aName, const nsTArray<nsString>& aParams,
37 nsAString& outResult);
38
39 void CSP_LogStrMessage(const nsAString& aMsg);
40
41 void CSP_LogMessage(const nsAString& aMessage, const nsAString& aSourceName,
42 const nsAString& aSourceLine, uint32_t aLineNumber,
43 uint32_t aColumnNumber, uint32_t aFlags,
44 const nsACString& aCategory, uint64_t aInnerWindowID,
45 bool aFromPrivateWindow);
46
47 /* =============== Constant and Type Definitions ================== */
48
49 #define INLINE_STYLE_VIOLATION_OBSERVER_TOPIC \
50 "violated base restriction: Inline Stylesheets will not apply"
51 #define INLINE_SCRIPT_VIOLATION_OBSERVER_TOPIC \
52 "violated base restriction: Inline Scripts will not execute"
53 #define EVAL_VIOLATION_OBSERVER_TOPIC \
54 "violated base restriction: Code will not be created from strings"
55 #define WASM_EVAL_VIOLATION_OBSERVER_TOPIC \
56 "violated base restriction: WebAssembly code will not be created from " \
57 "dynamically"
58 #define SCRIPT_NONCE_VIOLATION_OBSERVER_TOPIC "Inline Script had invalid nonce"
59 #define STYLE_NONCE_VIOLATION_OBSERVER_TOPIC "Inline Style had invalid nonce"
60 #define SCRIPT_HASH_VIOLATION_OBSERVER_TOPIC "Inline Script had invalid hash"
61 #define STYLE_HASH_VIOLATION_OBSERVER_TOPIC "Inline Style had invalid hash"
62
63 // these strings map to the CSPDirectives in nsIContentSecurityPolicy
64 // NOTE: When implementing a new directive, you will need to add it here but
65 // also add a corresponding entry to the constants in
66 // nsIContentSecurityPolicy.idl and also create an entry for the new directive
67 // in nsCSPDirective::toDomCSPStruct() and add it to CSPDictionaries.webidl.
68 // Order of elements below important! Make sure it matches the order as in
69 // nsIContentSecurityPolicy.idl
70 static const char* CSPStrDirectives[] = {
71 "-error-", // NO_DIRECTIVE
72 "default-src", // DEFAULT_SRC_DIRECTIVE
73 "script-src", // SCRIPT_SRC_DIRECTIVE
74 "object-src", // OBJECT_SRC_DIRECTIVE
75 "style-src", // STYLE_SRC_DIRECTIVE
76 "img-src", // IMG_SRC_DIRECTIVE
77 "media-src", // MEDIA_SRC_DIRECTIVE
78 "frame-src", // FRAME_SRC_DIRECTIVE
79 "font-src", // FONT_SRC_DIRECTIVE
80 "connect-src", // CONNECT_SRC_DIRECTIVE
81 "report-uri", // REPORT_URI_DIRECTIVE
82 "frame-ancestors", // FRAME_ANCESTORS_DIRECTIVE
83 "reflected-xss", // REFLECTED_XSS_DIRECTIVE
84 "base-uri", // BASE_URI_DIRECTIVE
85 "form-action", // FORM_ACTION_DIRECTIVE
86 "manifest-src", // MANIFEST_SRC_DIRECTIVE
87 "upgrade-insecure-requests", // UPGRADE_IF_INSECURE_DIRECTIVE
88 "child-src", // CHILD_SRC_DIRECTIVE
89 "block-all-mixed-content", // BLOCK_ALL_MIXED_CONTENT
90 "sandbox", // SANDBOX_DIRECTIVE
91 "worker-src", // WORKER_SRC_DIRECTIVE
92 "script-src-elem", // SCRIPT_SRC_ELEM_DIRECTIVE
93 "script-src-attr", // SCRIPT_SRC_ATTR_DIRECTIVE
94 "style-src-elem", // STYLE_SRC_ELEM_DIRECTIVE
95 "style-src-attr", // STYLE_SRC_ATTR_DIRECTIVE
96 "require-trusted-types-for", // REQUIRE_TRUSTED_TYPES_FOR_DIRECTIVE
97 };
98
99 inline const char* CSP_CSPDirectiveToString(CSPDirective aDir) {
100 return CSPStrDirectives[static_cast<uint32_t>(aDir)];
101 }
102
103 CSPDirective CSP_StringToCSPDirective(const nsAString& aDir);
104
105 #define FOR_EACH_CSP_KEYWORD(MACRO) \
106 MACRO(CSP_SELF, "'self'") \
107 MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'") \
108 MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'") \
109 MACRO(CSP_UNSAFE_HASHES, "'unsafe-hashes'") \
110 MACRO(CSP_NONE, "'none'") \
111 MACRO(CSP_NONCE, "'nonce-") \
112 MACRO(CSP_REPORT_SAMPLE, "'report-sample'") \
113 MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'") \
114 MACRO(CSP_WASM_UNSAFE_EVAL, "'wasm-unsafe-eval'")
115
116 enum CSPKeyword {
117 #define KEYWORD_ENUM(id_, string_) id_,
118 FOR_EACH_CSP_KEYWORD(KEYWORD_ENUM)
119 #undef KEYWORD_ENUM
120
121 // CSP_LAST_KEYWORD_VALUE always needs to be the last element in the enum
122 // because we use it to calculate the size for the char* array.
123 CSP_LAST_KEYWORD_VALUE,
124
125 // Putting CSP_HASH after the delimitor, because CSP_HASH is not a valid
126 // keyword (hash uses e.g. sha256, sha512) but we use CSP_HASH internally
127 // to identify allowed hashes in ::allows.
128 CSP_HASH
129 };
130
131 // The keywords, in UTF-8 form.
132 static const char* gCSPUTF8Keywords[] = {
133 #define KEYWORD_UTF8_LITERAL(id_, string_) string_,
134 FOR_EACH_CSP_KEYWORD(KEYWORD_UTF8_LITERAL)
135 #undef KEYWORD_UTF8_LITERAL
136 };
137
138 // The keywords, in UTF-16 form.
139 static const char16_t* gCSPUTF16Keywords[] = {
140 #define KEYWORD_UTF16_LITERAL(id_, string_) u"" string_,
141 FOR_EACH_CSP_KEYWORD(KEYWORD_UTF16_LITERAL)
142 #undef KEYWORD_UTF16_LITERAL
143 };
144
145 #undef FOR_EACH_CSP_KEYWORD
146
147 inline const char* CSP_EnumToUTF8Keyword(enum CSPKeyword aKey) {
148 // Make sure all elements in enum CSPKeyword got added to gCSPUTF8Keywords.
149 static_assert((sizeof(gCSPUTF8Keywords) / sizeof(gCSPUTF8Keywords[0]) ==
150 CSP_LAST_KEYWORD_VALUE),
151 "CSP_LAST_KEYWORD_VALUE != length(gCSPUTF8Keywords)");
152
153 if (static_cast<uint32_t>(aKey) <
154 static_cast<uint32_t>(CSP_LAST_KEYWORD_VALUE)) {
155 return gCSPUTF8Keywords[static_cast<uint32_t>(aKey)];
156 }
157 return "error: invalid keyword in CSP_EnumToUTF8Keyword";
158 }
159
160 inline const char16_t* CSP_EnumToUTF16Keyword(enum CSPKeyword aKey) {
161 // Make sure all elements in enum CSPKeyword got added to gCSPUTF16Keywords.
162 static_assert((sizeof(gCSPUTF16Keywords) / sizeof(gCSPUTF16Keywords[0]) ==
163 CSP_LAST_KEYWORD_VALUE),
164 "CSP_LAST_KEYWORD_VALUE != length(gCSPUTF16Keywords)");
165
166 if (static_cast<uint32_t>(aKey) <
167 static_cast<uint32_t>(CSP_LAST_KEYWORD_VALUE)) {
168 return gCSPUTF16Keywords[static_cast<uint32_t>(aKey)];
169 }
170 return u"error: invalid keyword in CSP_EnumToUTF16Keyword";
171 }
172
173 inline CSPKeyword CSP_UTF16KeywordToEnum(const nsAString& aKey) {
174 nsString lowerKey = PromiseFlatString(aKey);
175 ToLowerCase(lowerKey);
176
177 for (uint32_t i = 0; i < CSP_LAST_KEYWORD_VALUE; i++) {
178 if (lowerKey.Equals(gCSPUTF16Keywords[i])) {
179 return static_cast<CSPKeyword>(i);
180 }
181 }
182 NS_ASSERTION(false, "Can not convert unknown Keyword to Enum");
183 return CSP_LAST_KEYWORD_VALUE;
184 }
185
186 nsresult CSP_AppendCSPFromHeader(nsIContentSecurityPolicy* aCsp,
187 const nsAString& aHeaderValue,
188 bool aReportOnly);
189
190 /* =============== Helpers ================== */
191
192 class nsCSPHostSrc;
193
194 nsCSPHostSrc* CSP_CreateHostSrcFromSelfURI(nsIURI* aSelfURI);
195 bool CSP_IsEmptyDirective(const nsAString& aValue, const nsAString& aDir);
196 bool CSP_IsDirective(const nsAString& aValue, CSPDirective aDir);
197 bool CSP_IsKeyword(const nsAString& aValue, enum CSPKeyword aKey);
198 bool CSP_IsQuotelessKeyword(const nsAString& aKey);
199 CSPDirective CSP_ContentTypeToDirective(nsContentPolicyType aType);
200
201 class nsCSPSrcVisitor;
202
203 void CSP_PercentDecodeStr(const nsAString& aEncStr, nsAString& outDecStr);
204 bool CSP_ShouldResponseInheritCSP(nsIChannel* aChannel);
205
206 void CSP_ApplyMetaCSPToDoc(mozilla::dom::Document& aDoc,
207 const nsAString& aPolicyStr);
208
209 /* =============== nsCSPSrc ================== */
210
211 class nsCSPBaseSrc {
212 public:
213 nsCSPBaseSrc();
214 virtual ~nsCSPBaseSrc();
215
216 virtual bool permits(nsIURI* aUri, bool aWasRedirected, bool aReportOnly,
217 bool aUpgradeInsecure) const;
218 virtual bool allows(enum CSPKeyword aKeyword,
219 const nsAString& aHashOrNonce) const;
220 virtual bool visit(nsCSPSrcVisitor* aVisitor) const = 0;
221 virtual void toString(nsAString& outStr) const = 0;
222
223 virtual bool isReportSample() const { return false; }
224
225 virtual bool isHash() const { return false; }
226 virtual bool isNonce() const { return false; }
227 virtual bool isKeyword(CSPKeyword aKeyword) const { return false; }
228 };
229
230 /* =============== nsCSPSchemeSrc ============ */
231
232 class nsCSPSchemeSrc : public nsCSPBaseSrc {
233 public:
234 explicit nsCSPSchemeSrc(const nsAString& aScheme);
235 virtual ~nsCSPSchemeSrc();
236
237 bool permits(nsIURI* aUri, bool aWasRedirected, bool aReportOnly,
238 bool aUpgradeInsecure) const override;
239 bool visit(nsCSPSrcVisitor* aVisitor) const override;
240 void toString(nsAString& outStr) const override;
241
242 inline void getScheme(nsAString& outStr) const { outStr.Assign(mScheme); };
243
244 private:
245 nsString mScheme;
246 };
247
248 /* =============== nsCSPHostSrc ============== */
249
250 class nsCSPHostSrc : public nsCSPBaseSrc {
251 public:
252 explicit nsCSPHostSrc(const nsAString& aHost);
253 virtual ~nsCSPHostSrc();
254
255 bool permits(nsIURI* aUri, bool aWasRedirected, bool aReportOnly,
256 bool aUpgradeInsecure) const override;
257 bool visit(nsCSPSrcVisitor* aVisitor) const override;
258 void toString(nsAString& outStr) const override;
259
260 void setScheme(const nsAString& aScheme);
261 void setPort(const nsAString& aPort);
262 void appendPath(const nsAString& aPath);
263
264 inline void setGeneratedFromSelfKeyword() const {
265 mGeneratedFromSelfKeyword = true;
266 }
267
268 inline void setIsUniqueOrigin() const { mIsUniqueOrigin = true; }
269
270 inline void setWithinFrameAncestorsDir(bool aValue) const {
271 mWithinFrameAncstorsDir = aValue;
272 }
273
274 inline void getScheme(nsAString& outStr) const { outStr.Assign(mScheme); };
275
276 inline void getHost(nsAString& outStr) const { outStr.Assign(mHost); };
277
278 inline void getPort(nsAString& outStr) const { outStr.Assign(mPort); };
279
280 inline void getPath(nsAString& outStr) const { outStr.Assign(mPath); };
281
282 private:
283 nsString mScheme;
284 nsString mHost;
285 nsString mPort;
286 nsString mPath;
287 mutable bool mGeneratedFromSelfKeyword;
288 mutable bool mIsUniqueOrigin;
289 mutable bool mWithinFrameAncstorsDir;
290 };
291
292 /* =============== nsCSPKeywordSrc ============ */
293
294 class nsCSPKeywordSrc : public nsCSPBaseSrc {
295 public:
296 explicit nsCSPKeywordSrc(CSPKeyword aKeyword);
297 virtual ~nsCSPKeywordSrc();
298
299 bool allows(enum CSPKeyword aKeyword,
300 const nsAString& aHashOrNonce) const override;
301 bool visit(nsCSPSrcVisitor* aVisitor) const override;
302 void toString(nsAString& outStr) const override;
303
304 inline CSPKeyword getKeyword() const { return mKeyword; };
305
306 bool isReportSample() const override { return mKeyword == CSP_REPORT_SAMPLE; }
307
308 bool isKeyword(CSPKeyword aKeyword) const final {
309 return mKeyword == aKeyword;
310 }
311
312 private:
313 CSPKeyword mKeyword;
314 };
315
316 /* =============== nsCSPNonceSource =========== */
317
318 class nsCSPNonceSrc : public nsCSPBaseSrc {
319 public:
320 explicit nsCSPNonceSrc(const nsAString& aNonce);
321 virtual ~nsCSPNonceSrc();
322
323 bool allows(enum CSPKeyword aKeyword,
324 const nsAString& aHashOrNonce) const override;
325 bool visit(nsCSPSrcVisitor* aVisitor) const override;
326 void toString(nsAString& outStr) const override;
327
328 inline void getNonce(nsAString& outStr) const { outStr.Assign(mNonce); };
329
330 bool isNonce() const final { return true; }
331
332 private:
333 nsString mNonce;
334 };
335
336 /* =============== nsCSPHashSource ============ */
337
338 class nsCSPHashSrc : public nsCSPBaseSrc {
339 public:
340 nsCSPHashSrc(const nsAString& algo, const nsAString& hash);
341 virtual ~nsCSPHashSrc();
342
343 bool allows(enum CSPKeyword aKeyword,
344 const nsAString& aHashOrNonce) const override;
345 void toString(nsAString& outStr) const override;
346 bool visit(nsCSPSrcVisitor* aVisitor) const override;
347
348 inline void getAlgorithm(nsAString& outStr) const {
349 outStr.Assign(mAlgorithm);
350 };
351
352 inline void getHash(nsAString& outStr) const { outStr.Assign(mHash); };
353
354 bool isHash() const final { return true; }
355
356 private:
357 nsString mAlgorithm;
358 nsString mHash;
359 };
360
361 /* =============== nsCSPReportURI ============ */
362
363 class nsCSPReportURI : public nsCSPBaseSrc {
364 public:
365 explicit nsCSPReportURI(nsIURI* aURI);
366 virtual ~nsCSPReportURI();
367
368 bool visit(nsCSPSrcVisitor* aVisitor) const override;
369 void toString(nsAString& outStr) const override;
370
371 private:
372 nsCOMPtr<nsIURI> mReportURI;
373 };
374
375 /* =============== nsCSPSandboxFlags ================== */
376
377 class nsCSPSandboxFlags : public nsCSPBaseSrc {
378 public:
379 explicit nsCSPSandboxFlags(const nsAString& aFlags);
380 virtual ~nsCSPSandboxFlags();
381
382 bool visit(nsCSPSrcVisitor* aVisitor) const override;
383 void toString(nsAString& outStr) const override;
384
385 private:
386 nsString mFlags;
387 };
388
389 /* =============== nsCSPRequireTrustedTypesForDirectiveValue =============== */
390
391 class nsCSPRequireTrustedTypesForDirectiveValue : public nsCSPBaseSrc {
392 public:
393 explicit nsCSPRequireTrustedTypesForDirectiveValue(const nsAString& aValue);
394 virtual ~nsCSPRequireTrustedTypesForDirectiveValue() = default;
395
396 bool visit(nsCSPSrcVisitor* aVisitor) const override;
397 void toString(nsAString& aOutStr) const override;
398
399 private:
400 const nsString mValue;
401 };
402
403 /* =============== nsCSPSrcVisitor ================== */
404
405 class nsCSPSrcVisitor {
406 public:
407 virtual bool visitSchemeSrc(const nsCSPSchemeSrc& src) = 0;
408
409 virtual bool visitHostSrc(const nsCSPHostSrc& src) = 0;
410
411 virtual bool visitKeywordSrc(const nsCSPKeywordSrc& src) = 0;
412
413 virtual bool visitNonceSrc(const nsCSPNonceSrc& src) = 0;
414
415 virtual bool visitHashSrc(const nsCSPHashSrc& src) = 0;
416
417 protected:
418 explicit nsCSPSrcVisitor() = default;
419 virtual ~nsCSPSrcVisitor() = default;
420 };
421
422 /* =============== nsCSPDirective ============= */
423
424 class nsCSPDirective {
425 public:
426 explicit nsCSPDirective(CSPDirective aDirective);
427 virtual ~nsCSPDirective();
428
429 virtual bool permits(CSPDirective aDirective, nsILoadInfo* aLoadInfo,
430 nsIURI* aUri, bool aWasRedirected, bool aReportOnly,
431 bool aUpgradeInsecure) const;
432 virtual bool allows(enum CSPKeyword aKeyword,
433 const nsAString& aHashOrNonce) const;
434 bool allowsAllInlineBehavior(CSPDirective aDir) const;
435 virtual void toString(nsAString& outStr) const;
436 void toDomCSPStruct(mozilla::dom::CSP& outCSP) const;
437
438 virtual void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) {
439 mSrcs = aSrcs.Clone();
440 }
441
442 inline bool isDefaultDirective() const {
443 return mDirective == nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE;
444 }
445
446 virtual bool equals(CSPDirective aDirective) const;
447
448 void getReportURIs(nsTArray<nsString>& outReportURIs) const;
449
450 bool visitSrcs(nsCSPSrcVisitor* aVisitor) const;
451
452 virtual void getDirName(nsAString& outStr) const;
453
454 bool hasReportSampleKeyword() const;
455
456 protected:
457 CSPDirective mDirective;
458 nsTArray<nsCSPBaseSrc*> mSrcs;
459 };
460
461 /* =============== nsCSPChildSrcDirective ============= */
462
463 /*
464 * In CSP 3 child-src is deprecated. For backwards compatibility
465 * child-src needs to restrict:
466 * (*) frames, in case frame-src is not expicitly specified
467 * (*) workers, in case worker-src is not expicitly specified
468 */
469 class nsCSPChildSrcDirective : public nsCSPDirective {
470 public:
471 explicit nsCSPChildSrcDirective(CSPDirective aDirective);
472 virtual ~nsCSPChildSrcDirective();
473
474 void setRestrictFrames() { mRestrictFrames = true; }
475
476 void setRestrictWorkers() { mRestrictWorkers = true; }
477
478 virtual bool equals(CSPDirective aDirective) const override;
479
480 private:
481 bool mRestrictFrames;
482 bool mRestrictWorkers;
483 };
484
485 /* =============== nsCSPScriptSrcDirective ============= */
486
487 /*
488 * In CSP 3 worker-src restricts workers, for backwards compatibily
489 * script-src has to restrict workers as the ultimate fallback if
490 * neither worker-src nor child-src is present in a CSP.
491 */
492 class nsCSPScriptSrcDirective : public nsCSPDirective {
493 public:
494 explicit nsCSPScriptSrcDirective(CSPDirective aDirective);
495 virtual ~nsCSPScriptSrcDirective();
496
497 void setRestrictWorkers() { mRestrictWorkers = true; }
498 void setRestrictScriptElem() { mRestrictScriptElem = true; }
499 void setRestrictScriptAttr() { mRestrictScriptAttr = true; }
500
501 bool equals(CSPDirective aDirective) const override;
502
503 private:
504 bool mRestrictWorkers = false;
505 bool mRestrictScriptElem = false;
506 bool mRestrictScriptAttr = false;
507 };
508
509 /* =============== nsCSPStyleSrcDirective ============= */
510
511 /*
512 * In CSP 3 style-src is use as a fallback for style-src-elem and
513 * style-src-attr.
514 */
515 class nsCSPStyleSrcDirective : public nsCSPDirective {
516 public:
517 explicit nsCSPStyleSrcDirective(CSPDirective aDirective);
518 virtual ~nsCSPStyleSrcDirective();
519
520 void setRestrictStyleElem() { mRestrictStyleElem = true; }
521 void setRestrictStyleAttr() { mRestrictStyleAttr = true; }
522
523 bool equals(CSPDirective aDirective) const override;
524
525 private:
526 bool mRestrictStyleElem = false;
527 bool mRestrictStyleAttr = false;
528 };
529
530 /* =============== nsBlockAllMixedContentDirective === */
531
532 class nsBlockAllMixedContentDirective : public nsCSPDirective {
533 public:
534 explicit nsBlockAllMixedContentDirective(CSPDirective aDirective);
535 ~nsBlockAllMixedContentDirective();
536
537 bool permits(CSPDirective aDirective, nsILoadInfo* aLoadInfo, nsIURI* aUri,
538 bool aWasRedirected, bool aReportOnly,
539 bool aUpgradeInsecure) const override {
540 return false;
541 }
542
543 bool permits(nsIURI* aUri) const { return false; }
544
545 bool allows(enum CSPKeyword aKeyword,
546 const nsAString& aHashOrNonce) const override {
547 return false;
548 }
549
550 void toString(nsAString& outStr) const override;
551
552 void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) override {
553 MOZ_ASSERT(false, "block-all-mixed-content does not hold any srcs");
554 }
555
556 void getDirName(nsAString& outStr) const override;
557 };
558
559 /* =============== nsUpgradeInsecureDirective === */
560
561 /*
562 * Upgrading insecure requests includes the following actors:
563 * (1) CSP:
564 * The CSP implementation allowlists the http-request
565 * in case the policy is executed in enforcement mode.
566 * The CSP implementation however does not allow http
567 * requests to succeed if executed in report-only mode.
568 * In such a case the CSP implementation reports the
569 * error back to the page.
570 *
571 * (2) MixedContent:
572 * The evalution of MixedContent allowlists all http
573 * requests with the promise that the http requests
574 * gets upgraded to https before any data is fetched
575 * from the network.
576 *
577 * (3) CORS:
578 * Does not consider the http request to be of a
579 * different origin in case the scheme is the only
580 * difference in otherwise matching URIs.
581 *
582 * (4) nsHttpChannel:
583 * Before connecting, the channel gets redirected
584 * to use https.
585 *
586 * (5) WebSocketChannel:
587 * Similar to the httpChannel, the websocketchannel
588 * gets upgraded from ws to wss.
589 */
590 class nsUpgradeInsecureDirective : public nsCSPDirective {
591 public:
592 explicit nsUpgradeInsecureDirective(CSPDirective aDirective);
593 ~nsUpgradeInsecureDirective();
594
595 bool permits(CSPDirective aDirective, nsILoadInfo* aLoadInfo, nsIURI* aUri,
596 bool aWasRedirected, bool aReportOnly,
597 bool aUpgradeInsecure) const override {
598 return false;
599 }
600
601 bool permits(nsIURI* aUri) const { return false; }
602
603 bool allows(enum CSPKeyword aKeyword,
604 const nsAString& aHashOrNonce) const override {
605 return false;
606 }
607
608 void toString(nsAString& outStr) const override;
609
610 void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) override {
611 MOZ_ASSERT(false, "upgrade-insecure-requests does not hold any srcs");
612 }
613
614 void getDirName(nsAString& outStr) const override;
615 };
616
617 /* =============== nsCSPPolicy ================== */
618
619 class nsCSPPolicy {
620 public:
621 nsCSPPolicy();
622 virtual ~nsCSPPolicy();
623
624 bool permits(CSPDirective aDirective, nsILoadInfo* aLoadInfo, nsIURI* aUri,
625 bool aWasRedirected, bool aSpecific,
626 nsAString& outViolatedDirective,
627 nsAString& outViolatedDirectiveString) const;
628 bool allows(CSPDirective aDirective, enum CSPKeyword aKeyword,
629 const nsAString& aHashOrNonce) const;
630 void toString(nsAString& outStr) const;
631 void toDomCSPStruct(mozilla::dom::CSP& outCSP) const;
632
633 inline void addDirective(nsCSPDirective* aDir) {
634 mDirectives.AppendElement(aDir);
635 }
636
637 inline void addUpgradeInsecDir(nsUpgradeInsecureDirective* aDir) {
638 mUpgradeInsecDir = aDir;
639 addDirective(aDir);
640 }
641
642 bool hasDirective(CSPDirective aDir) const;
643
644 inline void setDeliveredViaMetaTagFlag(bool aFlag) {
645 mDeliveredViaMetaTag = aFlag;
646 }
647
648 inline bool getDeliveredViaMetaTagFlag() const {
649 return mDeliveredViaMetaTag;
650 }
651
652 inline void setReportOnlyFlag(bool aFlag) { mReportOnly = aFlag; }
653
654 inline bool getReportOnlyFlag() const { return mReportOnly; }
655
656 void getReportURIs(nsTArray<nsString>& outReportURIs) const;
657
658 void getViolatedDirectiveInformation(CSPDirective aDirective,
659 nsAString& outDirective,
660 nsAString& outDirectiveString,
661 bool* aReportSample) const;
662
663 uint32_t getSandboxFlags() const;
664
665 inline uint32_t getNumDirectives() const { return mDirectives.Length(); }
666
667 bool visitDirectiveSrcs(CSPDirective aDir, nsCSPSrcVisitor* aVisitor) const;
668
669 bool allowsAllInlineBehavior(CSPDirective aDir) const;
670
671 private:
672 nsCSPDirective* matchingOrDefaultDirective(CSPDirective aDirective) const;
673
674 nsUpgradeInsecureDirective* mUpgradeInsecDir;
675 nsTArray<nsCSPDirective*> mDirectives;
676 bool mReportOnly;
677 bool mDeliveredViaMetaTag;
678 };
679
680 #endif /* nsCSPUtils_h___ */