1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef nsCSPUtils_h___
8 #define nsCSPUtils_h___
11 #include "nsIContentSecurityPolicy.h"
12 #include "nsILoadInfo.h"
14 #include "nsLiteralString.h"
17 #include "nsUnicharUtils.h"
18 #include "mozilla/Logging.h"
22 namespace mozilla::dom
{
25 } // namespace mozilla::dom
27 /* =============== Logging =================== */
29 void CSP_LogLocalizedStr(const char* aName
, const nsTArray
<nsString
>& aParams
,
30 const nsAString
& aSourceName
,
31 const nsAString
& aSourceLine
, uint32_t aLineNumber
,
32 uint32_t aColumnNumber
, uint32_t aFlags
,
33 const nsACString
& aCategory
, uint64_t aInnerWindowID
,
34 bool aFromPrivateWindow
);
36 void CSP_GetLocalizedStr(const char* aName
, const nsTArray
<nsString
>& aParams
,
37 nsAString
& outResult
);
39 void CSP_LogStrMessage(const nsAString
& aMsg
);
41 void CSP_LogMessage(const nsAString
& aMessage
, const nsAString
& aSourceName
,
42 const nsAString
& aSourceLine
, uint32_t aLineNumber
,
43 uint32_t aColumnNumber
, uint32_t aFlags
,
44 const nsACString
& aCategory
, uint64_t aInnerWindowID
,
45 bool aFromPrivateWindow
);
47 /* =============== Constant and Type Definitions ================== */
49 #define INLINE_STYLE_VIOLATION_OBSERVER_TOPIC \
50 "violated base restriction: Inline Stylesheets will not apply"
51 #define INLINE_SCRIPT_VIOLATION_OBSERVER_TOPIC \
52 "violated base restriction: Inline Scripts will not execute"
53 #define EVAL_VIOLATION_OBSERVER_TOPIC \
54 "violated base restriction: Code will not be created from strings"
55 #define WASM_EVAL_VIOLATION_OBSERVER_TOPIC \
56 "violated base restriction: WebAssembly code will not be created from " \
58 #define SCRIPT_NONCE_VIOLATION_OBSERVER_TOPIC "Inline Script had invalid nonce"
59 #define STYLE_NONCE_VIOLATION_OBSERVER_TOPIC "Inline Style had invalid nonce"
60 #define SCRIPT_HASH_VIOLATION_OBSERVER_TOPIC "Inline Script had invalid hash"
61 #define STYLE_HASH_VIOLATION_OBSERVER_TOPIC "Inline Style had invalid hash"
63 // these strings map to the CSPDirectives in nsIContentSecurityPolicy
64 // NOTE: When implementing a new directive, you will need to add it here but
65 // also add a corresponding entry to the constants in
66 // nsIContentSecurityPolicy.idl and also create an entry for the new directive
67 // in nsCSPDirective::toDomCSPStruct() and add it to CSPDictionaries.webidl.
68 // Order of elements below important! Make sure it matches the order as in
69 // nsIContentSecurityPolicy.idl
70 static const char* CSPStrDirectives
[] = {
71 "-error-", // NO_DIRECTIVE
72 "default-src", // DEFAULT_SRC_DIRECTIVE
73 "script-src", // SCRIPT_SRC_DIRECTIVE
74 "object-src", // OBJECT_SRC_DIRECTIVE
75 "style-src", // STYLE_SRC_DIRECTIVE
76 "img-src", // IMG_SRC_DIRECTIVE
77 "media-src", // MEDIA_SRC_DIRECTIVE
78 "frame-src", // FRAME_SRC_DIRECTIVE
79 "font-src", // FONT_SRC_DIRECTIVE
80 "connect-src", // CONNECT_SRC_DIRECTIVE
81 "report-uri", // REPORT_URI_DIRECTIVE
82 "frame-ancestors", // FRAME_ANCESTORS_DIRECTIVE
83 "reflected-xss", // REFLECTED_XSS_DIRECTIVE
84 "base-uri", // BASE_URI_DIRECTIVE
85 "form-action", // FORM_ACTION_DIRECTIVE
86 "manifest-src", // MANIFEST_SRC_DIRECTIVE
87 "upgrade-insecure-requests", // UPGRADE_IF_INSECURE_DIRECTIVE
88 "child-src", // CHILD_SRC_DIRECTIVE
89 "block-all-mixed-content", // BLOCK_ALL_MIXED_CONTENT
90 "sandbox", // SANDBOX_DIRECTIVE
91 "worker-src", // WORKER_SRC_DIRECTIVE
92 "script-src-elem", // SCRIPT_SRC_ELEM_DIRECTIVE
93 "script-src-attr", // SCRIPT_SRC_ATTR_DIRECTIVE
94 "style-src-elem", // STYLE_SRC_ELEM_DIRECTIVE
95 "style-src-attr", // STYLE_SRC_ATTR_DIRECTIVE
96 "require-trusted-types-for", // REQUIRE_TRUSTED_TYPES_FOR_DIRECTIVE
97 "trusted-types", // TRUSTED_TYPES_DIRECTIVE
100 inline const char* CSP_CSPDirectiveToString(CSPDirective aDir
) {
101 return CSPStrDirectives
[static_cast<uint32_t>(aDir
)];
104 CSPDirective
CSP_StringToCSPDirective(const nsAString
& aDir
);
106 #define FOR_EACH_CSP_KEYWORD(MACRO) \
107 MACRO(CSP_SELF, "'self'") \
108 MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'") \
109 MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'") \
110 MACRO(CSP_UNSAFE_HASHES, "'unsafe-hashes'") \
111 MACRO(CSP_NONE, "'none'") \
112 MACRO(CSP_NONCE, "'nonce-") \
113 MACRO(CSP_REPORT_SAMPLE, "'report-sample'") \
114 MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'") \
115 MACRO(CSP_WASM_UNSAFE_EVAL, "'wasm-unsafe-eval'")
118 #define KEYWORD_ENUM(id_, string_) id_,
119 FOR_EACH_CSP_KEYWORD(KEYWORD_ENUM
)
122 // CSP_LAST_KEYWORD_VALUE always needs to be the last element in the enum
123 // because we use it to calculate the size for the char* array.
124 CSP_LAST_KEYWORD_VALUE
,
126 // Putting CSP_HASH after the delimitor, because CSP_HASH is not a valid
127 // keyword (hash uses e.g. sha256, sha512) but we use CSP_HASH internally
128 // to identify allowed hashes in ::allows.
132 // The keywords, in UTF-8 form.
133 static const char* gCSPUTF8Keywords
[] = {
134 #define KEYWORD_UTF8_LITERAL(id_, string_) string_,
135 FOR_EACH_CSP_KEYWORD(KEYWORD_UTF8_LITERAL
)
136 #undef KEYWORD_UTF8_LITERAL
139 // The keywords, in UTF-16 form.
140 static const char16_t
* gCSPUTF16Keywords
[] = {
141 #define KEYWORD_UTF16_LITERAL(id_, string_) u"" string_,
142 FOR_EACH_CSP_KEYWORD(KEYWORD_UTF16_LITERAL
)
143 #undef KEYWORD_UTF16_LITERAL
146 #undef FOR_EACH_CSP_KEYWORD
148 inline const char* CSP_EnumToUTF8Keyword(enum CSPKeyword aKey
) {
149 // Make sure all elements in enum CSPKeyword got added to gCSPUTF8Keywords.
150 static_assert((sizeof(gCSPUTF8Keywords
) / sizeof(gCSPUTF8Keywords
[0]) ==
151 CSP_LAST_KEYWORD_VALUE
),
152 "CSP_LAST_KEYWORD_VALUE != length(gCSPUTF8Keywords)");
154 if (static_cast<uint32_t>(aKey
) <
155 static_cast<uint32_t>(CSP_LAST_KEYWORD_VALUE
)) {
156 return gCSPUTF8Keywords
[static_cast<uint32_t>(aKey
)];
158 return "error: invalid keyword in CSP_EnumToUTF8Keyword";
161 inline const char16_t
* CSP_EnumToUTF16Keyword(enum CSPKeyword aKey
) {
162 // Make sure all elements in enum CSPKeyword got added to gCSPUTF16Keywords.
163 static_assert((sizeof(gCSPUTF16Keywords
) / sizeof(gCSPUTF16Keywords
[0]) ==
164 CSP_LAST_KEYWORD_VALUE
),
165 "CSP_LAST_KEYWORD_VALUE != length(gCSPUTF16Keywords)");
167 if (static_cast<uint32_t>(aKey
) <
168 static_cast<uint32_t>(CSP_LAST_KEYWORD_VALUE
)) {
169 return gCSPUTF16Keywords
[static_cast<uint32_t>(aKey
)];
171 return u
"error: invalid keyword in CSP_EnumToUTF16Keyword";
174 inline CSPKeyword
CSP_UTF16KeywordToEnum(const nsAString
& aKey
) {
175 nsString lowerKey
= PromiseFlatString(aKey
);
176 ToLowerCase(lowerKey
);
178 for (uint32_t i
= 0; i
< CSP_LAST_KEYWORD_VALUE
; i
++) {
179 if (lowerKey
.Equals(gCSPUTF16Keywords
[i
])) {
180 return static_cast<CSPKeyword
>(i
);
183 NS_ASSERTION(false, "Can not convert unknown Keyword to Enum");
184 return CSP_LAST_KEYWORD_VALUE
;
187 nsresult
CSP_AppendCSPFromHeader(nsIContentSecurityPolicy
* aCsp
,
188 const nsAString
& aHeaderValue
,
191 /* =============== Helpers ================== */
195 nsCSPHostSrc
* CSP_CreateHostSrcFromSelfURI(nsIURI
* aSelfURI
);
196 bool CSP_IsEmptyDirective(const nsAString
& aValue
, const nsAString
& aDir
);
197 bool CSP_IsDirective(const nsAString
& aValue
, CSPDirective aDir
);
198 bool CSP_IsKeyword(const nsAString
& aValue
, enum CSPKeyword aKey
);
199 bool CSP_IsQuotelessKeyword(const nsAString
& aKey
);
200 CSPDirective
CSP_ContentTypeToDirective(nsContentPolicyType aType
);
202 class nsCSPSrcVisitor
;
204 void CSP_PercentDecodeStr(const nsAString
& aEncStr
, nsAString
& outDecStr
);
205 bool CSP_ShouldResponseInheritCSP(nsIChannel
* aChannel
);
207 void CSP_ApplyMetaCSPToDoc(mozilla::dom::Document
& aDoc
,
208 const nsAString
& aPolicyStr
);
210 /* =============== nsCSPSrc ================== */
215 virtual ~nsCSPBaseSrc();
217 virtual bool permits(nsIURI
* aUri
, bool aWasRedirected
, bool aReportOnly
,
218 bool aUpgradeInsecure
) const;
219 virtual bool allows(enum CSPKeyword aKeyword
,
220 const nsAString
& aHashOrNonce
) const;
221 virtual bool visit(nsCSPSrcVisitor
* aVisitor
) const = 0;
222 virtual void toString(nsAString
& outStr
) const = 0;
224 virtual bool isReportSample() const { return false; }
226 virtual bool isHash() const { return false; }
227 virtual bool isNonce() const { return false; }
228 virtual bool isKeyword(CSPKeyword aKeyword
) const { return false; }
231 /* =============== nsCSPSchemeSrc ============ */
233 class nsCSPSchemeSrc
: public nsCSPBaseSrc
{
235 explicit nsCSPSchemeSrc(const nsAString
& aScheme
);
236 virtual ~nsCSPSchemeSrc();
238 bool permits(nsIURI
* aUri
, bool aWasRedirected
, bool aReportOnly
,
239 bool aUpgradeInsecure
) const override
;
240 bool visit(nsCSPSrcVisitor
* aVisitor
) const override
;
241 void toString(nsAString
& outStr
) const override
;
243 inline void getScheme(nsAString
& outStr
) const { outStr
.Assign(mScheme
); };
249 /* =============== nsCSPHostSrc ============== */
251 class nsCSPHostSrc
: public nsCSPBaseSrc
{
253 explicit nsCSPHostSrc(const nsAString
& aHost
);
254 virtual ~nsCSPHostSrc();
256 bool permits(nsIURI
* aUri
, bool aWasRedirected
, bool aReportOnly
,
257 bool aUpgradeInsecure
) const override
;
258 bool visit(nsCSPSrcVisitor
* aVisitor
) const override
;
259 void toString(nsAString
& outStr
) const override
;
261 void setScheme(const nsAString
& aScheme
);
262 void setPort(const nsAString
& aPort
);
263 void appendPath(const nsAString
& aPath
);
265 inline void setGeneratedFromSelfKeyword() const {
266 mGeneratedFromSelfKeyword
= true;
269 inline void setIsUniqueOrigin() const { mIsUniqueOrigin
= true; }
271 inline void setWithinFrameAncestorsDir(bool aValue
) const {
272 mWithinFrameAncstorsDir
= aValue
;
275 inline void getScheme(nsAString
& outStr
) const { outStr
.Assign(mScheme
); };
277 inline void getHost(nsAString
& outStr
) const { outStr
.Assign(mHost
); };
279 inline void getPort(nsAString
& outStr
) const { outStr
.Assign(mPort
); };
281 inline void getPath(nsAString
& outStr
) const { outStr
.Assign(mPath
); };
288 mutable bool mGeneratedFromSelfKeyword
;
289 mutable bool mIsUniqueOrigin
;
290 mutable bool mWithinFrameAncstorsDir
;
293 /* =============== nsCSPKeywordSrc ============ */
295 class nsCSPKeywordSrc
: public nsCSPBaseSrc
{
297 explicit nsCSPKeywordSrc(CSPKeyword aKeyword
);
298 virtual ~nsCSPKeywordSrc();
300 bool allows(enum CSPKeyword aKeyword
,
301 const nsAString
& aHashOrNonce
) const override
;
302 bool visit(nsCSPSrcVisitor
* aVisitor
) const override
;
303 void toString(nsAString
& outStr
) const override
;
305 inline CSPKeyword
getKeyword() const { return mKeyword
; };
307 bool isReportSample() const override
{ return mKeyword
== CSP_REPORT_SAMPLE
; }
309 bool isKeyword(CSPKeyword aKeyword
) const final
{
310 return mKeyword
== aKeyword
;
317 /* =============== nsCSPNonceSource =========== */
319 class nsCSPNonceSrc
: public nsCSPBaseSrc
{
321 explicit nsCSPNonceSrc(const nsAString
& aNonce
);
322 virtual ~nsCSPNonceSrc();
324 bool allows(enum CSPKeyword aKeyword
,
325 const nsAString
& aHashOrNonce
) const override
;
326 bool visit(nsCSPSrcVisitor
* aVisitor
) const override
;
327 void toString(nsAString
& outStr
) const override
;
329 inline void getNonce(nsAString
& outStr
) const { outStr
.Assign(mNonce
); };
331 bool isNonce() const final
{ return true; }
337 /* =============== nsCSPHashSource ============ */
339 class nsCSPHashSrc
: public nsCSPBaseSrc
{
341 nsCSPHashSrc(const nsAString
& algo
, const nsAString
& hash
);
342 virtual ~nsCSPHashSrc();
344 bool allows(enum CSPKeyword aKeyword
,
345 const nsAString
& aHashOrNonce
) const override
;
346 void toString(nsAString
& outStr
) const override
;
347 bool visit(nsCSPSrcVisitor
* aVisitor
) const override
;
349 inline void getAlgorithm(nsAString
& outStr
) const {
350 outStr
.Assign(mAlgorithm
);
353 inline void getHash(nsAString
& outStr
) const { outStr
.Assign(mHash
); };
355 bool isHash() const final
{ return true; }
362 /* =============== nsCSPReportURI ============ */
364 class nsCSPReportURI
: public nsCSPBaseSrc
{
366 explicit nsCSPReportURI(nsIURI
* aURI
);
367 virtual ~nsCSPReportURI();
369 bool visit(nsCSPSrcVisitor
* aVisitor
) const override
;
370 void toString(nsAString
& outStr
) const override
;
373 nsCOMPtr
<nsIURI
> mReportURI
;
376 /* =============== nsCSPSandboxFlags ================== */
378 class nsCSPSandboxFlags
: public nsCSPBaseSrc
{
380 explicit nsCSPSandboxFlags(const nsAString
& aFlags
);
381 virtual ~nsCSPSandboxFlags();
383 bool visit(nsCSPSrcVisitor
* aVisitor
) const override
;
384 void toString(nsAString
& outStr
) const override
;
390 /* =============== nsCSPRequireTrustedTypesForDirectiveValue =============== */
392 class nsCSPRequireTrustedTypesForDirectiveValue
: public nsCSPBaseSrc
{
394 explicit nsCSPRequireTrustedTypesForDirectiveValue(const nsAString
& aValue
);
395 virtual ~nsCSPRequireTrustedTypesForDirectiveValue() = default;
397 bool visit(nsCSPSrcVisitor
* aVisitor
) const override
;
398 void toString(nsAString
& aOutStr
) const override
;
401 const nsString mValue
;
404 /* =============== nsCSPTrustedTypesDirectiveExpression =============== */
406 class nsCSPTrustedTypesDirectivePolicyName
: public nsCSPBaseSrc
{
408 explicit nsCSPTrustedTypesDirectivePolicyName(const nsAString
& aName
);
409 virtual ~nsCSPTrustedTypesDirectivePolicyName() = default;
411 bool visit(nsCSPSrcVisitor
* aVisitor
) const override
;
412 void toString(nsAString
& aOutStr
) const override
;
415 const nsString mName
;
418 /* =============== nsCSPSrcVisitor ================== */
420 class nsCSPSrcVisitor
{
422 virtual bool visitSchemeSrc(const nsCSPSchemeSrc
& src
) = 0;
424 virtual bool visitHostSrc(const nsCSPHostSrc
& src
) = 0;
426 virtual bool visitKeywordSrc(const nsCSPKeywordSrc
& src
) = 0;
428 virtual bool visitNonceSrc(const nsCSPNonceSrc
& src
) = 0;
430 virtual bool visitHashSrc(const nsCSPHashSrc
& src
) = 0;
433 explicit nsCSPSrcVisitor() = default;
434 virtual ~nsCSPSrcVisitor() = default;
437 /* =============== nsCSPDirective ============= */
439 class nsCSPDirective
{
441 explicit nsCSPDirective(CSPDirective aDirective
);
442 virtual ~nsCSPDirective();
444 virtual bool permits(CSPDirective aDirective
, nsILoadInfo
* aLoadInfo
,
445 nsIURI
* aUri
, bool aWasRedirected
, bool aReportOnly
,
446 bool aUpgradeInsecure
) const;
447 virtual bool allows(enum CSPKeyword aKeyword
,
448 const nsAString
& aHashOrNonce
) const;
449 bool allowsAllInlineBehavior(CSPDirective aDir
) const;
450 virtual void toString(nsAString
& outStr
) const;
451 void toDomCSPStruct(mozilla::dom::CSP
& outCSP
) const;
453 // Takes ownership of the passed sources.
454 virtual void addSrcs(const nsTArray
<nsCSPBaseSrc
*>& aSrcs
) {
455 mSrcs
= aSrcs
.Clone();
458 inline bool isDefaultDirective() const {
459 return mDirective
== nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE
;
462 virtual bool equals(CSPDirective aDirective
) const;
464 void getReportURIs(nsTArray
<nsString
>& outReportURIs
) const;
466 bool visitSrcs(nsCSPSrcVisitor
* aVisitor
) const;
468 virtual void getDirName(nsAString
& outStr
) const;
470 bool hasReportSampleKeyword() const;
473 CSPDirective mDirective
;
474 nsTArray
<nsCSPBaseSrc
*> mSrcs
;
477 /* =============== nsCSPChildSrcDirective ============= */
480 * In CSP 3 child-src is deprecated. For backwards compatibility
481 * child-src needs to restrict:
482 * (*) frames, in case frame-src is not expicitly specified
483 * (*) workers, in case worker-src is not expicitly specified
485 class nsCSPChildSrcDirective
: public nsCSPDirective
{
487 explicit nsCSPChildSrcDirective(CSPDirective aDirective
);
488 virtual ~nsCSPChildSrcDirective();
490 void setRestrictFrames() { mRestrictFrames
= true; }
492 void setRestrictWorkers() { mRestrictWorkers
= true; }
494 virtual bool equals(CSPDirective aDirective
) const override
;
497 bool mRestrictFrames
;
498 bool mRestrictWorkers
;
501 /* =============== nsCSPScriptSrcDirective ============= */
504 * In CSP 3 worker-src restricts workers, for backwards compatibily
505 * script-src has to restrict workers as the ultimate fallback if
506 * neither worker-src nor child-src is present in a CSP.
508 class nsCSPScriptSrcDirective
: public nsCSPDirective
{
510 explicit nsCSPScriptSrcDirective(CSPDirective aDirective
);
511 virtual ~nsCSPScriptSrcDirective();
513 void setRestrictWorkers() { mRestrictWorkers
= true; }
514 void setRestrictScriptElem() { mRestrictScriptElem
= true; }
515 void setRestrictScriptAttr() { mRestrictScriptAttr
= true; }
517 bool equals(CSPDirective aDirective
) const override
;
520 bool mRestrictWorkers
= false;
521 bool mRestrictScriptElem
= false;
522 bool mRestrictScriptAttr
= false;
525 /* =============== nsCSPStyleSrcDirective ============= */
528 * In CSP 3 style-src is use as a fallback for style-src-elem and
531 class nsCSPStyleSrcDirective
: public nsCSPDirective
{
533 explicit nsCSPStyleSrcDirective(CSPDirective aDirective
);
534 virtual ~nsCSPStyleSrcDirective();
536 void setRestrictStyleElem() { mRestrictStyleElem
= true; }
537 void setRestrictStyleAttr() { mRestrictStyleAttr
= true; }
539 bool equals(CSPDirective aDirective
) const override
;
542 bool mRestrictStyleElem
= false;
543 bool mRestrictStyleAttr
= false;
546 /* =============== nsBlockAllMixedContentDirective === */
548 class nsBlockAllMixedContentDirective
: public nsCSPDirective
{
550 explicit nsBlockAllMixedContentDirective(CSPDirective aDirective
);
551 ~nsBlockAllMixedContentDirective();
553 bool permits(CSPDirective aDirective
, nsILoadInfo
* aLoadInfo
, nsIURI
* aUri
,
554 bool aWasRedirected
, bool aReportOnly
,
555 bool aUpgradeInsecure
) const override
{
559 bool permits(nsIURI
* aUri
) const { return false; }
561 bool allows(enum CSPKeyword aKeyword
,
562 const nsAString
& aHashOrNonce
) const override
{
566 void toString(nsAString
& outStr
) const override
;
568 void addSrcs(const nsTArray
<nsCSPBaseSrc
*>& aSrcs
) override
{
569 MOZ_ASSERT(false, "block-all-mixed-content does not hold any srcs");
572 void getDirName(nsAString
& outStr
) const override
;
575 /* =============== nsUpgradeInsecureDirective === */
578 * Upgrading insecure requests includes the following actors:
580 * The CSP implementation allowlists the http-request
581 * in case the policy is executed in enforcement mode.
582 * The CSP implementation however does not allow http
583 * requests to succeed if executed in report-only mode.
584 * In such a case the CSP implementation reports the
585 * error back to the page.
588 * The evalution of MixedContent allowlists all http
589 * requests with the promise that the http requests
590 * gets upgraded to https before any data is fetched
594 * Does not consider the http request to be of a
595 * different origin in case the scheme is the only
596 * difference in otherwise matching URIs.
599 * Before connecting, the channel gets redirected
602 * (5) WebSocketChannel:
603 * Similar to the httpChannel, the websocketchannel
604 * gets upgraded from ws to wss.
606 class nsUpgradeInsecureDirective
: public nsCSPDirective
{
608 explicit nsUpgradeInsecureDirective(CSPDirective aDirective
);
609 ~nsUpgradeInsecureDirective();
611 bool permits(CSPDirective aDirective
, nsILoadInfo
* aLoadInfo
, nsIURI
* aUri
,
612 bool aWasRedirected
, bool aReportOnly
,
613 bool aUpgradeInsecure
) const override
{
617 bool permits(nsIURI
* aUri
) const { return false; }
619 bool allows(enum CSPKeyword aKeyword
,
620 const nsAString
& aHashOrNonce
) const override
{
624 void toString(nsAString
& outStr
) const override
;
626 void addSrcs(const nsTArray
<nsCSPBaseSrc
*>& aSrcs
) override
{
627 MOZ_ASSERT(false, "upgrade-insecure-requests does not hold any srcs");
630 void getDirName(nsAString
& outStr
) const override
;
633 /* =============== nsCSPPolicy ================== */
638 virtual ~nsCSPPolicy();
640 bool permits(CSPDirective aDirective
, nsILoadInfo
* aLoadInfo
, nsIURI
* aUri
,
641 bool aWasRedirected
, bool aSpecific
,
642 nsAString
& outViolatedDirective
,
643 nsAString
& outViolatedDirectiveString
) const;
644 bool allows(CSPDirective aDirective
, enum CSPKeyword aKeyword
,
645 const nsAString
& aHashOrNonce
) const;
646 void toString(nsAString
& outStr
) const;
647 void toDomCSPStruct(mozilla::dom::CSP
& outCSP
) const;
649 inline void addDirective(nsCSPDirective
* aDir
) {
650 mDirectives
.AppendElement(aDir
);
653 inline void addUpgradeInsecDir(nsUpgradeInsecureDirective
* aDir
) {
654 mUpgradeInsecDir
= aDir
;
658 bool hasDirective(CSPDirective aDir
) const;
660 inline void setDeliveredViaMetaTagFlag(bool aFlag
) {
661 mDeliveredViaMetaTag
= aFlag
;
664 inline bool getDeliveredViaMetaTagFlag() const {
665 return mDeliveredViaMetaTag
;
668 inline void setReportOnlyFlag(bool aFlag
) { mReportOnly
= aFlag
; }
670 inline bool getReportOnlyFlag() const { return mReportOnly
; }
672 void getReportURIs(nsTArray
<nsString
>& outReportURIs
) const;
674 void getViolatedDirectiveInformation(CSPDirective aDirective
,
675 nsAString
& aDirectiveName
,
676 nsAString
& aDirectiveNameAndValue
,
677 bool* aReportSample
) const;
679 uint32_t getSandboxFlags() const;
681 inline uint32_t getNumDirectives() const { return mDirectives
.Length(); }
683 bool visitDirectiveSrcs(CSPDirective aDir
, nsCSPSrcVisitor
* aVisitor
) const;
685 bool allowsAllInlineBehavior(CSPDirective aDir
) const;
688 nsCSPDirective
* matchingOrDefaultDirective(CSPDirective aDirective
) const;
690 nsUpgradeInsecureDirective
* mUpgradeInsecDir
;
691 nsTArray
<nsCSPDirective
*> mDirectives
;
693 bool mDeliveredViaMetaTag
;
696 #endif /* nsCSPUtils_h___ */