search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1901954 - Don't invoke any background tasks from the MMS r=nalexander
[gecko.git] / dom / security / nsCSPUtils.h
blobb9ef52967ec48eb4fc5583c47b9f64a5b52effc0
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #ifndef nsCSPUtils_h___
8 #define nsCSPUtils_h___
9
10 #include "nsCOMPtr.h"
11 #include "nsIContentSecurityPolicy.h"
12 #include "nsILoadInfo.h"
13 #include "nsIURI.h"
14 #include "nsLiteralString.h"
15 #include "nsString.h"
16 #include "nsTArray.h"
17 #include "nsUnicharUtils.h"
18 #include "mozilla/Logging.h"
19
20 class nsIChannel;
21
22 namespace mozilla::dom {
23 struct CSP;
24 class Document;
25 } // namespace mozilla::dom
26
27 /* =============== Logging =================== */
28
29 void CSP_LogLocalizedStr(const char* aName, const nsTArray<nsString>& aParams,
30 const nsAString& aSourceName,
31 const nsAString& aSourceLine, uint32_t aLineNumber,
32 uint32_t aColumnNumber, uint32_t aFlags,
33 const nsACString& aCategory, uint64_t aInnerWindowID,
34 bool aFromPrivateWindow);
35
36 void CSP_GetLocalizedStr(const char* aName, const nsTArray<nsString>& aParams,
37 nsAString& outResult);
38
39 void CSP_LogStrMessage(const nsAString& aMsg);
40
41 void CSP_LogMessage(const nsAString& aMessage, const nsAString& aSourceName,
42 const nsAString& aSourceLine, uint32_t aLineNumber,
43 uint32_t aColumnNumber, uint32_t aFlags,
44 const nsACString& aCategory, uint64_t aInnerWindowID,
45 bool aFromPrivateWindow);
46
47 /* =============== Constant and Type Definitions ================== */
48
49 #define INLINE_STYLE_VIOLATION_OBSERVER_TOPIC \
50 "violated base restriction: Inline Stylesheets will not apply"
51 #define INLINE_SCRIPT_VIOLATION_OBSERVER_TOPIC \
52 "violated base restriction: Inline Scripts will not execute"
53 #define EVAL_VIOLATION_OBSERVER_TOPIC \
54 "violated base restriction: Code will not be created from strings"
55 #define WASM_EVAL_VIOLATION_OBSERVER_TOPIC \
56 "violated base restriction: WebAssembly code will not be created from " \
57 "dynamically"
58 #define SCRIPT_NONCE_VIOLATION_OBSERVER_TOPIC "Inline Script had invalid nonce"
59 #define STYLE_NONCE_VIOLATION_OBSERVER_TOPIC "Inline Style had invalid nonce"
60 #define SCRIPT_HASH_VIOLATION_OBSERVER_TOPIC "Inline Script had invalid hash"
61 #define STYLE_HASH_VIOLATION_OBSERVER_TOPIC "Inline Style had invalid hash"
62
63 // these strings map to the CSPDirectives in nsIContentSecurityPolicy
64 // NOTE: When implementing a new directive, you will need to add it here but
65 // also add a corresponding entry to the constants in
66 // nsIContentSecurityPolicy.idl and also create an entry for the new directive
67 // in nsCSPDirective::toDomCSPStruct() and add it to CSPDictionaries.webidl.
68 // Order of elements below important! Make sure it matches the order as in
69 // nsIContentSecurityPolicy.idl
70 static const char* CSPStrDirectives[] = {
71 "-error-", // NO_DIRECTIVE
72 "default-src", // DEFAULT_SRC_DIRECTIVE
73 "script-src", // SCRIPT_SRC_DIRECTIVE
74 "object-src", // OBJECT_SRC_DIRECTIVE
75 "style-src", // STYLE_SRC_DIRECTIVE
76 "img-src", // IMG_SRC_DIRECTIVE
77 "media-src", // MEDIA_SRC_DIRECTIVE
78 "frame-src", // FRAME_SRC_DIRECTIVE
79 "font-src", // FONT_SRC_DIRECTIVE
80 "connect-src", // CONNECT_SRC_DIRECTIVE
81 "report-uri", // REPORT_URI_DIRECTIVE
82 "frame-ancestors", // FRAME_ANCESTORS_DIRECTIVE
83 "reflected-xss", // REFLECTED_XSS_DIRECTIVE
84 "base-uri", // BASE_URI_DIRECTIVE
85 "form-action", // FORM_ACTION_DIRECTIVE
86 "manifest-src", // MANIFEST_SRC_DIRECTIVE
87 "upgrade-insecure-requests", // UPGRADE_IF_INSECURE_DIRECTIVE
88 "child-src", // CHILD_SRC_DIRECTIVE
89 "block-all-mixed-content", // BLOCK_ALL_MIXED_CONTENT
90 "sandbox", // SANDBOX_DIRECTIVE
91 "worker-src", // WORKER_SRC_DIRECTIVE
92 "script-src-elem", // SCRIPT_SRC_ELEM_DIRECTIVE
93 "script-src-attr", // SCRIPT_SRC_ATTR_DIRECTIVE
94 "style-src-elem", // STYLE_SRC_ELEM_DIRECTIVE
95 "style-src-attr", // STYLE_SRC_ATTR_DIRECTIVE
96 "require-trusted-types-for", // REQUIRE_TRUSTED_TYPES_FOR_DIRECTIVE
97 "trusted-types", // TRUSTED_TYPES_DIRECTIVE
98 };
99
100 inline const char* CSP_CSPDirectiveToString(CSPDirective aDir) {
101 return CSPStrDirectives[static_cast<uint32_t>(aDir)];
102 }
103
104 CSPDirective CSP_StringToCSPDirective(const nsAString& aDir);
105
106 #define FOR_EACH_CSP_KEYWORD(MACRO) \
107 MACRO(CSP_SELF, "'self'") \
108 MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'") \
109 MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'") \
110 MACRO(CSP_UNSAFE_HASHES, "'unsafe-hashes'") \
111 MACRO(CSP_NONE, "'none'") \
112 MACRO(CSP_NONCE, "'nonce-") \
113 MACRO(CSP_REPORT_SAMPLE, "'report-sample'") \
114 MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'") \
115 MACRO(CSP_WASM_UNSAFE_EVAL, "'wasm-unsafe-eval'")
116
117 enum CSPKeyword {
118 #define KEYWORD_ENUM(id_, string_) id_,
119 FOR_EACH_CSP_KEYWORD(KEYWORD_ENUM)
120 #undef KEYWORD_ENUM
121
122 // CSP_LAST_KEYWORD_VALUE always needs to be the last element in the enum
123 // because we use it to calculate the size for the char* array.
124 CSP_LAST_KEYWORD_VALUE,
125
126 // Putting CSP_HASH after the delimitor, because CSP_HASH is not a valid
127 // keyword (hash uses e.g. sha256, sha512) but we use CSP_HASH internally
128 // to identify allowed hashes in ::allows.
129 CSP_HASH
130 };
131
132 // The keywords, in UTF-8 form.
133 static const char* gCSPUTF8Keywords[] = {
134 #define KEYWORD_UTF8_LITERAL(id_, string_) string_,
135 FOR_EACH_CSP_KEYWORD(KEYWORD_UTF8_LITERAL)
136 #undef KEYWORD_UTF8_LITERAL
137 };
138
139 // The keywords, in UTF-16 form.
140 static const char16_t* gCSPUTF16Keywords[] = {
141 #define KEYWORD_UTF16_LITERAL(id_, string_) u"" string_,
142 FOR_EACH_CSP_KEYWORD(KEYWORD_UTF16_LITERAL)
143 #undef KEYWORD_UTF16_LITERAL
144 };
145
146 #undef FOR_EACH_CSP_KEYWORD
147
148 inline const char* CSP_EnumToUTF8Keyword(enum CSPKeyword aKey) {
149 // Make sure all elements in enum CSPKeyword got added to gCSPUTF8Keywords.
150 static_assert((sizeof(gCSPUTF8Keywords) / sizeof(gCSPUTF8Keywords[0]) ==
151 CSP_LAST_KEYWORD_VALUE),
152 "CSP_LAST_KEYWORD_VALUE != length(gCSPUTF8Keywords)");
153
154 if (static_cast<uint32_t>(aKey) <
155 static_cast<uint32_t>(CSP_LAST_KEYWORD_VALUE)) {
156 return gCSPUTF8Keywords[static_cast<uint32_t>(aKey)];
157 }
158 return "error: invalid keyword in CSP_EnumToUTF8Keyword";
159 }
160
161 inline const char16_t* CSP_EnumToUTF16Keyword(enum CSPKeyword aKey) {
162 // Make sure all elements in enum CSPKeyword got added to gCSPUTF16Keywords.
163 static_assert((sizeof(gCSPUTF16Keywords) / sizeof(gCSPUTF16Keywords[0]) ==
164 CSP_LAST_KEYWORD_VALUE),
165 "CSP_LAST_KEYWORD_VALUE != length(gCSPUTF16Keywords)");
166
167 if (static_cast<uint32_t>(aKey) <
168 static_cast<uint32_t>(CSP_LAST_KEYWORD_VALUE)) {
169 return gCSPUTF16Keywords[static_cast<uint32_t>(aKey)];
170 }
171 return u"error: invalid keyword in CSP_EnumToUTF16Keyword";
172 }
173
174 inline CSPKeyword CSP_UTF16KeywordToEnum(const nsAString& aKey) {
175 nsString lowerKey = PromiseFlatString(aKey);
176 ToLowerCase(lowerKey);
177
178 for (uint32_t i = 0; i < CSP_LAST_KEYWORD_VALUE; i++) {
179 if (lowerKey.Equals(gCSPUTF16Keywords[i])) {
180 return static_cast<CSPKeyword>(i);
181 }
182 }
183 NS_ASSERTION(false, "Can not convert unknown Keyword to Enum");
184 return CSP_LAST_KEYWORD_VALUE;
185 }
186
187 nsresult CSP_AppendCSPFromHeader(nsIContentSecurityPolicy* aCsp,
188 const nsAString& aHeaderValue,
189 bool aReportOnly);
190
191 /* =============== Helpers ================== */
192
193 class nsCSPHostSrc;
194
195 nsCSPHostSrc* CSP_CreateHostSrcFromSelfURI(nsIURI* aSelfURI);
196 bool CSP_IsEmptyDirective(const nsAString& aValue, const nsAString& aDir);
197 bool CSP_IsDirective(const nsAString& aValue, CSPDirective aDir);
198 bool CSP_IsKeyword(const nsAString& aValue, enum CSPKeyword aKey);
199 bool CSP_IsQuotelessKeyword(const nsAString& aKey);
200 CSPDirective CSP_ContentTypeToDirective(nsContentPolicyType aType);
201
202 class nsCSPSrcVisitor;
203
204 void CSP_PercentDecodeStr(const nsAString& aEncStr, nsAString& outDecStr);
205 bool CSP_ShouldResponseInheritCSP(nsIChannel* aChannel);
206
207 void CSP_ApplyMetaCSPToDoc(mozilla::dom::Document& aDoc,
208 const nsAString& aPolicyStr);
209
210 /* =============== nsCSPSrc ================== */
211
212 class nsCSPBaseSrc {
213 public:
214 nsCSPBaseSrc();
215 virtual ~nsCSPBaseSrc();
216
217 virtual bool permits(nsIURI* aUri, bool aWasRedirected, bool aReportOnly,
218 bool aUpgradeInsecure) const;
219 virtual bool allows(enum CSPKeyword aKeyword,
220 const nsAString& aHashOrNonce) const;
221 virtual bool visit(nsCSPSrcVisitor* aVisitor) const = 0;
222 virtual void toString(nsAString& outStr) const = 0;
223
224 virtual bool isReportSample() const { return false; }
225
226 virtual bool isHash() const { return false; }
227 virtual bool isNonce() const { return false; }
228 virtual bool isKeyword(CSPKeyword aKeyword) const { return false; }
229 };
230
231 /* =============== nsCSPSchemeSrc ============ */
232
233 class nsCSPSchemeSrc : public nsCSPBaseSrc {
234 public:
235 explicit nsCSPSchemeSrc(const nsAString& aScheme);
236 virtual ~nsCSPSchemeSrc();
237
238 bool permits(nsIURI* aUri, bool aWasRedirected, bool aReportOnly,
239 bool aUpgradeInsecure) const override;
240 bool visit(nsCSPSrcVisitor* aVisitor) const override;
241 void toString(nsAString& outStr) const override;
242
243 inline void getScheme(nsAString& outStr) const { outStr.Assign(mScheme); };
244
245 private:
246 nsString mScheme;
247 };
248
249 /* =============== nsCSPHostSrc ============== */
250
251 class nsCSPHostSrc : public nsCSPBaseSrc {
252 public:
253 explicit nsCSPHostSrc(const nsAString& aHost);
254 virtual ~nsCSPHostSrc();
255
256 bool permits(nsIURI* aUri, bool aWasRedirected, bool aReportOnly,
257 bool aUpgradeInsecure) const override;
258 bool visit(nsCSPSrcVisitor* aVisitor) const override;
259 void toString(nsAString& outStr) const override;
260
261 void setScheme(const nsAString& aScheme);
262 void setPort(const nsAString& aPort);
263 void appendPath(const nsAString& aPath);
264
265 inline void setGeneratedFromSelfKeyword() const {
266 mGeneratedFromSelfKeyword = true;
267 }
268
269 inline void setIsUniqueOrigin() const { mIsUniqueOrigin = true; }
270
271 inline void setWithinFrameAncestorsDir(bool aValue) const {
272 mWithinFrameAncstorsDir = aValue;
273 }
274
275 inline void getScheme(nsAString& outStr) const { outStr.Assign(mScheme); };
276
277 inline void getHost(nsAString& outStr) const { outStr.Assign(mHost); };
278
279 inline void getPort(nsAString& outStr) const { outStr.Assign(mPort); };
280
281 inline void getPath(nsAString& outStr) const { outStr.Assign(mPath); };
282
283 private:
284 nsString mScheme;
285 nsString mHost;
286 nsString mPort;
287 nsString mPath;
288 mutable bool mGeneratedFromSelfKeyword;
289 mutable bool mIsUniqueOrigin;
290 mutable bool mWithinFrameAncstorsDir;
291 };
292
293 /* =============== nsCSPKeywordSrc ============ */
294
295 class nsCSPKeywordSrc : public nsCSPBaseSrc {
296 public:
297 explicit nsCSPKeywordSrc(CSPKeyword aKeyword);
298 virtual ~nsCSPKeywordSrc();
299
300 bool allows(enum CSPKeyword aKeyword,
301 const nsAString& aHashOrNonce) const override;
302 bool visit(nsCSPSrcVisitor* aVisitor) const override;
303 void toString(nsAString& outStr) const override;
304
305 inline CSPKeyword getKeyword() const { return mKeyword; };
306
307 bool isReportSample() const override { return mKeyword == CSP_REPORT_SAMPLE; }
308
309 bool isKeyword(CSPKeyword aKeyword) const final {
310 return mKeyword == aKeyword;
311 }
312
313 private:
314 CSPKeyword mKeyword;
315 };
316
317 /* =============== nsCSPNonceSource =========== */
318
319 class nsCSPNonceSrc : public nsCSPBaseSrc {
320 public:
321 explicit nsCSPNonceSrc(const nsAString& aNonce);
322 virtual ~nsCSPNonceSrc();
323
324 bool allows(enum CSPKeyword aKeyword,
325 const nsAString& aHashOrNonce) const override;
326 bool visit(nsCSPSrcVisitor* aVisitor) const override;
327 void toString(nsAString& outStr) const override;
328
329 inline void getNonce(nsAString& outStr) const { outStr.Assign(mNonce); };
330
331 bool isNonce() const final { return true; }
332
333 private:
334 nsString mNonce;
335 };
336
337 /* =============== nsCSPHashSource ============ */
338
339 class nsCSPHashSrc : public nsCSPBaseSrc {
340 public:
341 nsCSPHashSrc(const nsAString& algo, const nsAString& hash);
342 virtual ~nsCSPHashSrc();
343
344 bool allows(enum CSPKeyword aKeyword,
345 const nsAString& aHashOrNonce) const override;
346 void toString(nsAString& outStr) const override;
347 bool visit(nsCSPSrcVisitor* aVisitor) const override;
348
349 inline void getAlgorithm(nsAString& outStr) const {
350 outStr.Assign(mAlgorithm);
351 };
352
353 inline void getHash(nsAString& outStr) const { outStr.Assign(mHash); };
354
355 bool isHash() const final { return true; }
356
357 private:
358 nsString mAlgorithm;
359 nsString mHash;
360 };
361
362 /* =============== nsCSPReportURI ============ */
363
364 class nsCSPReportURI : public nsCSPBaseSrc {
365 public:
366 explicit nsCSPReportURI(nsIURI* aURI);
367 virtual ~nsCSPReportURI();
368
369 bool visit(nsCSPSrcVisitor* aVisitor) const override;
370 void toString(nsAString& outStr) const override;
371
372 private:
373 nsCOMPtr<nsIURI> mReportURI;
374 };
375
376 /* =============== nsCSPSandboxFlags ================== */
377
378 class nsCSPSandboxFlags : public nsCSPBaseSrc {
379 public:
380 explicit nsCSPSandboxFlags(const nsAString& aFlags);
381 virtual ~nsCSPSandboxFlags();
382
383 bool visit(nsCSPSrcVisitor* aVisitor) const override;
384 void toString(nsAString& outStr) const override;
385
386 private:
387 nsString mFlags;
388 };
389
390 /* =============== nsCSPRequireTrustedTypesForDirectiveValue =============== */
391
392 class nsCSPRequireTrustedTypesForDirectiveValue : public nsCSPBaseSrc {
393 public:
394 explicit nsCSPRequireTrustedTypesForDirectiveValue(const nsAString& aValue);
395 virtual ~nsCSPRequireTrustedTypesForDirectiveValue() = default;
396
397 bool visit(nsCSPSrcVisitor* aVisitor) const override;
398 void toString(nsAString& aOutStr) const override;
399
400 private:
401 const nsString mValue;
402 };
403
404 /* =============== nsCSPTrustedTypesDirectiveExpression =============== */
405
406 class nsCSPTrustedTypesDirectivePolicyName : public nsCSPBaseSrc {
407 public:
408 explicit nsCSPTrustedTypesDirectivePolicyName(const nsAString& aName);
409 virtual ~nsCSPTrustedTypesDirectivePolicyName() = default;
410
411 bool visit(nsCSPSrcVisitor* aVisitor) const override;
412 void toString(nsAString& aOutStr) const override;
413
414 private:
415 const nsString mName;
416 };
417
418 /* =============== nsCSPSrcVisitor ================== */
419
420 class nsCSPSrcVisitor {
421 public:
422 virtual bool visitSchemeSrc(const nsCSPSchemeSrc& src) = 0;
423
424 virtual bool visitHostSrc(const nsCSPHostSrc& src) = 0;
425
426 virtual bool visitKeywordSrc(const nsCSPKeywordSrc& src) = 0;
427
428 virtual bool visitNonceSrc(const nsCSPNonceSrc& src) = 0;
429
430 virtual bool visitHashSrc(const nsCSPHashSrc& src) = 0;
431
432 protected:
433 explicit nsCSPSrcVisitor() = default;
434 virtual ~nsCSPSrcVisitor() = default;
435 };
436
437 /* =============== nsCSPDirective ============= */
438
439 class nsCSPDirective {
440 public:
441 explicit nsCSPDirective(CSPDirective aDirective);
442 virtual ~nsCSPDirective();
443
444 virtual bool permits(CSPDirective aDirective, nsILoadInfo* aLoadInfo,
445 nsIURI* aUri, bool aWasRedirected, bool aReportOnly,
446 bool aUpgradeInsecure) const;
447 virtual bool allows(enum CSPKeyword aKeyword,
448 const nsAString& aHashOrNonce) const;
449 bool allowsAllInlineBehavior(CSPDirective aDir) const;
450 virtual void toString(nsAString& outStr) const;
451 void toDomCSPStruct(mozilla::dom::CSP& outCSP) const;
452
453 // Takes ownership of the passed sources.
454 virtual void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) {
455 mSrcs = aSrcs.Clone();
456 }
457
458 inline bool isDefaultDirective() const {
459 return mDirective == nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE;
460 }
461
462 virtual bool equals(CSPDirective aDirective) const;
463
464 void getReportURIs(nsTArray<nsString>& outReportURIs) const;
465
466 bool visitSrcs(nsCSPSrcVisitor* aVisitor) const;
467
468 virtual void getDirName(nsAString& outStr) const;
469
470 bool hasReportSampleKeyword() const;
471
472 protected:
473 CSPDirective mDirective;
474 nsTArray<nsCSPBaseSrc*> mSrcs;
475 };
476
477 /* =============== nsCSPChildSrcDirective ============= */
478
479 /*
480 * In CSP 3 child-src is deprecated. For backwards compatibility
481 * child-src needs to restrict:
482 * (*) frames, in case frame-src is not expicitly specified
483 * (*) workers, in case worker-src is not expicitly specified
484 */
485 class nsCSPChildSrcDirective : public nsCSPDirective {
486 public:
487 explicit nsCSPChildSrcDirective(CSPDirective aDirective);
488 virtual ~nsCSPChildSrcDirective();
489
490 void setRestrictFrames() { mRestrictFrames = true; }
491
492 void setRestrictWorkers() { mRestrictWorkers = true; }
493
494 virtual bool equals(CSPDirective aDirective) const override;
495
496 private:
497 bool mRestrictFrames;
498 bool mRestrictWorkers;
499 };
500
501 /* =============== nsCSPScriptSrcDirective ============= */
502
503 /*
504 * In CSP 3 worker-src restricts workers, for backwards compatibily
505 * script-src has to restrict workers as the ultimate fallback if
506 * neither worker-src nor child-src is present in a CSP.
507 */
508 class nsCSPScriptSrcDirective : public nsCSPDirective {
509 public:
510 explicit nsCSPScriptSrcDirective(CSPDirective aDirective);
511 virtual ~nsCSPScriptSrcDirective();
512
513 void setRestrictWorkers() { mRestrictWorkers = true; }
514 void setRestrictScriptElem() { mRestrictScriptElem = true; }
515 void setRestrictScriptAttr() { mRestrictScriptAttr = true; }
516
517 bool equals(CSPDirective aDirective) const override;
518
519 private:
520 bool mRestrictWorkers = false;
521 bool mRestrictScriptElem = false;
522 bool mRestrictScriptAttr = false;
523 };
524
525 /* =============== nsCSPStyleSrcDirective ============= */
526
527 /*
528 * In CSP 3 style-src is use as a fallback for style-src-elem and
529 * style-src-attr.
530 */
531 class nsCSPStyleSrcDirective : public nsCSPDirective {
532 public:
533 explicit nsCSPStyleSrcDirective(CSPDirective aDirective);
534 virtual ~nsCSPStyleSrcDirective();
535
536 void setRestrictStyleElem() { mRestrictStyleElem = true; }
537 void setRestrictStyleAttr() { mRestrictStyleAttr = true; }
538
539 bool equals(CSPDirective aDirective) const override;
540
541 private:
542 bool mRestrictStyleElem = false;
543 bool mRestrictStyleAttr = false;
544 };
545
546 /* =============== nsBlockAllMixedContentDirective === */
547
548 class nsBlockAllMixedContentDirective : public nsCSPDirective {
549 public:
550 explicit nsBlockAllMixedContentDirective(CSPDirective aDirective);
551 ~nsBlockAllMixedContentDirective();
552
553 bool permits(CSPDirective aDirective, nsILoadInfo* aLoadInfo, nsIURI* aUri,
554 bool aWasRedirected, bool aReportOnly,
555 bool aUpgradeInsecure) const override {
556 return false;
557 }
558
559 bool permits(nsIURI* aUri) const { return false; }
560
561 bool allows(enum CSPKeyword aKeyword,
562 const nsAString& aHashOrNonce) const override {
563 return false;
564 }
565
566 void toString(nsAString& outStr) const override;
567
568 void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) override {
569 MOZ_ASSERT(false, "block-all-mixed-content does not hold any srcs");
570 }
571
572 void getDirName(nsAString& outStr) const override;
573 };
574
575 /* =============== nsUpgradeInsecureDirective === */
576
577 /*
578 * Upgrading insecure requests includes the following actors:
579 * (1) CSP:
580 * The CSP implementation allowlists the http-request
581 * in case the policy is executed in enforcement mode.
582 * The CSP implementation however does not allow http
583 * requests to succeed if executed in report-only mode.
584 * In such a case the CSP implementation reports the
585 * error back to the page.
586 *
587 * (2) MixedContent:
588 * The evalution of MixedContent allowlists all http
589 * requests with the promise that the http requests
590 * gets upgraded to https before any data is fetched
591 * from the network.
592 *
593 * (3) CORS:
594 * Does not consider the http request to be of a
595 * different origin in case the scheme is the only
596 * difference in otherwise matching URIs.
597 *
598 * (4) nsHttpChannel:
599 * Before connecting, the channel gets redirected
600 * to use https.
601 *
602 * (5) WebSocketChannel:
603 * Similar to the httpChannel, the websocketchannel
604 * gets upgraded from ws to wss.
605 */
606 class nsUpgradeInsecureDirective : public nsCSPDirective {
607 public:
608 explicit nsUpgradeInsecureDirective(CSPDirective aDirective);
609 ~nsUpgradeInsecureDirective();
610
611 bool permits(CSPDirective aDirective, nsILoadInfo* aLoadInfo, nsIURI* aUri,
612 bool aWasRedirected, bool aReportOnly,
613 bool aUpgradeInsecure) const override {
614 return false;
615 }
616
617 bool permits(nsIURI* aUri) const { return false; }
618
619 bool allows(enum CSPKeyword aKeyword,
620 const nsAString& aHashOrNonce) const override {
621 return false;
622 }
623
624 void toString(nsAString& outStr) const override;
625
626 void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) override {
627 MOZ_ASSERT(false, "upgrade-insecure-requests does not hold any srcs");
628 }
629
630 void getDirName(nsAString& outStr) const override;
631 };
632
633 /* =============== nsCSPPolicy ================== */
634
635 class nsCSPPolicy {
636 public:
637 nsCSPPolicy();
638 virtual ~nsCSPPolicy();
639
640 bool permits(CSPDirective aDirective, nsILoadInfo* aLoadInfo, nsIURI* aUri,
641 bool aWasRedirected, bool aSpecific,
642 nsAString& outViolatedDirective,
643 nsAString& outViolatedDirectiveString) const;
644 bool allows(CSPDirective aDirective, enum CSPKeyword aKeyword,
645 const nsAString& aHashOrNonce) const;
646 void toString(nsAString& outStr) const;
647 void toDomCSPStruct(mozilla::dom::CSP& outCSP) const;
648
649 inline void addDirective(nsCSPDirective* aDir) {
650 mDirectives.AppendElement(aDir);
651 }
652
653 inline void addUpgradeInsecDir(nsUpgradeInsecureDirective* aDir) {
654 mUpgradeInsecDir = aDir;
655 addDirective(aDir);
656 }
657
658 bool hasDirective(CSPDirective aDir) const;
659
660 inline void setDeliveredViaMetaTagFlag(bool aFlag) {
661 mDeliveredViaMetaTag = aFlag;
662 }
663
664 inline bool getDeliveredViaMetaTagFlag() const {
665 return mDeliveredViaMetaTag;
666 }
667
668 inline void setReportOnlyFlag(bool aFlag) { mReportOnly = aFlag; }
669
670 inline bool getReportOnlyFlag() const { return mReportOnly; }
671
672 void getReportURIs(nsTArray<nsString>& outReportURIs) const;
673
674 void getViolatedDirectiveInformation(CSPDirective aDirective,
675 nsAString& aDirectiveName,
676 nsAString& aDirectiveNameAndValue,
677 bool* aReportSample) const;
678
679 uint32_t getSandboxFlags() const;
680
681 inline uint32_t getNumDirectives() const { return mDirectives.Length(); }
682
683 bool visitDirectiveSrcs(CSPDirective aDir, nsCSPSrcVisitor* aVisitor) const;
684
685 bool allowsAllInlineBehavior(CSPDirective aDir) const;
686
687 private:
688 nsCSPDirective* matchingOrDefaultDirective(CSPDirective aDirective) const;
689
690 nsUpgradeInsecureDirective* mUpgradeInsecDir;
691 nsTArray<nsCSPDirective*> mDirectives;
692 bool mReportOnly;
693 bool mDeliveredViaMetaTag;
694 };
695
696 #endif /* nsCSPUtils_h___ */