search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1795172 [wpt PR 36447] - Disallow culled inlines in repeated content., a=testonly
[gecko.git] / dom / security / nsCSPUtils.h
blob1dc0cdbfd6f5e84297e2c3d3e3c2d2e08fa64f97
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #ifndef nsCSPUtils_h___
8 #define nsCSPUtils_h___
9
10 #include "nsCOMPtr.h"
11 #include "nsIContentSecurityPolicy.h"
12 #include "nsIURI.h"
13 #include "nsLiteralString.h"
14 #include "nsString.h"
15 #include "nsTArray.h"
16 #include "nsUnicharUtils.h"
17 #include "mozilla/Logging.h"
18
19 class nsIChannel;
20
21 namespace mozilla::dom {
22 struct CSP;
23 class Document;
24 } // namespace mozilla::dom
25
26 /* =============== Logging =================== */
27
28 void CSP_LogLocalizedStr(const char* aName, const nsTArray<nsString>& aParams,
29 const nsAString& aSourceName,
30 const nsAString& aSourceLine, uint32_t aLineNumber,
31 uint32_t aColumnNumber, uint32_t aFlags,
32 const nsACString& aCategory, uint64_t aInnerWindowID,
33 bool aFromPrivateWindow);
34
35 void CSP_GetLocalizedStr(const char* aName, const nsTArray<nsString>& aParams,
36 nsAString& outResult);
37
38 void CSP_LogStrMessage(const nsAString& aMsg);
39
40 void CSP_LogMessage(const nsAString& aMessage, const nsAString& aSourceName,
41 const nsAString& aSourceLine, uint32_t aLineNumber,
42 uint32_t aColumnNumber, uint32_t aFlags,
43 const nsACString& aCategory, uint64_t aInnerWindowID,
44 bool aFromPrivateWindow);
45
46 /* =============== Constant and Type Definitions ================== */
47
48 #define INLINE_STYLE_VIOLATION_OBSERVER_TOPIC \
49 "violated base restriction: Inline Stylesheets will not apply"
50 #define INLINE_SCRIPT_VIOLATION_OBSERVER_TOPIC \
51 "violated base restriction: Inline Scripts will not execute"
52 #define EVAL_VIOLATION_OBSERVER_TOPIC \
53 "violated base restriction: Code will not be created from strings"
54 #define WASM_EVAL_VIOLATION_OBSERVER_TOPIC \
55 "violated base restriction: WebAssembly code will not be created from " \
56 "dynamically"
57 #define SCRIPT_NONCE_VIOLATION_OBSERVER_TOPIC "Inline Script had invalid nonce"
58 #define STYLE_NONCE_VIOLATION_OBSERVER_TOPIC "Inline Style had invalid nonce"
59 #define SCRIPT_HASH_VIOLATION_OBSERVER_TOPIC "Inline Script had invalid hash"
60 #define STYLE_HASH_VIOLATION_OBSERVER_TOPIC "Inline Style had invalid hash"
61
62 // these strings map to the CSPDirectives in nsIContentSecurityPolicy
63 // NOTE: When implementing a new directive, you will need to add it here but
64 // also add a corresponding entry to the constants in
65 // nsIContentSecurityPolicy.idl and also create an entry for the new directive
66 // in nsCSPDirective::toDomCSPStruct() and add it to CSPDictionaries.webidl.
67 // Order of elements below important! Make sure it matches the order as in
68 // nsIContentSecurityPolicy.idl
69 static const char* CSPStrDirectives[] = {
70 "-error-", // NO_DIRECTIVE
71 "default-src", // DEFAULT_SRC_DIRECTIVE
72 "script-src", // SCRIPT_SRC_DIRECTIVE
73 "object-src", // OBJECT_SRC_DIRECTIVE
74 "style-src", // STYLE_SRC_DIRECTIVE
75 "img-src", // IMG_SRC_DIRECTIVE
76 "media-src", // MEDIA_SRC_DIRECTIVE
77 "frame-src", // FRAME_SRC_DIRECTIVE
78 "font-src", // FONT_SRC_DIRECTIVE
79 "connect-src", // CONNECT_SRC_DIRECTIVE
80 "report-uri", // REPORT_URI_DIRECTIVE
81 "frame-ancestors", // FRAME_ANCESTORS_DIRECTIVE
82 "reflected-xss", // REFLECTED_XSS_DIRECTIVE
83 "base-uri", // BASE_URI_DIRECTIVE
84 "form-action", // FORM_ACTION_DIRECTIVE
85 "manifest-src", // MANIFEST_SRC_DIRECTIVE
86 "upgrade-insecure-requests", // UPGRADE_IF_INSECURE_DIRECTIVE
87 "child-src", // CHILD_SRC_DIRECTIVE
88 "block-all-mixed-content", // BLOCK_ALL_MIXED_CONTENT
89 "sandbox", // SANDBOX_DIRECTIVE
90 "worker-src", // WORKER_SRC_DIRECTIVE
91 "navigate-to", // NAVIGATE_TO_DIRECTIVE
92 "script-src-elem", // SCRIPT_SRC_ELEM_DIRECTIVE
93 "script-src-attr", // SCRIPT_SRC_ATTR_DIRECTIVE
94 "style-src-elem", // STYLE_SRC_ELEM_DIRECTIVE
95 "style-src-attr", // STYLE_SRC_ATTR_DIRECTIVE
96 };
97
98 inline const char* CSP_CSPDirectiveToString(CSPDirective aDir) {
99 return CSPStrDirectives[static_cast<uint32_t>(aDir)];
100 }
101
102 inline CSPDirective CSP_StringToCSPDirective(const nsAString& aDir) {
103 nsString lowerDir = PromiseFlatString(aDir);
104 ToLowerCase(lowerDir);
105
106 uint32_t numDirs = (sizeof(CSPStrDirectives) / sizeof(CSPStrDirectives[0]));
107 for (uint32_t i = 1; i < numDirs; i++) {
108 if (lowerDir.EqualsASCII(CSPStrDirectives[i])) {
109 return static_cast<CSPDirective>(i);
110 }
111 }
112 return nsIContentSecurityPolicy::NO_DIRECTIVE;
113 }
114
115 #define FOR_EACH_CSP_KEYWORD(MACRO) \
116 MACRO(CSP_SELF, "'self'") \
117 MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'") \
118 MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'") \
119 MACRO(CSP_NONE, "'none'") \
120 MACRO(CSP_NONCE, "'nonce-") \
121 MACRO(CSP_REPORT_SAMPLE, "'report-sample'") \
122 MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'") \
123 MACRO(CSP_UNSAFE_ALLOW_REDIRECTS, "'unsafe-allow-redirects'") \
124 MACRO(CSP_WASM_UNSAFE_EVAL, "'wasm-unsafe-eval'")
125
126 enum CSPKeyword {
127 #define KEYWORD_ENUM(id_, string_) id_,
128 FOR_EACH_CSP_KEYWORD(KEYWORD_ENUM)
129 #undef KEYWORD_ENUM
130
131 // CSP_LAST_KEYWORD_VALUE always needs to be the last element in the enum
132 // because we use it to calculate the size for the char* array.
133 CSP_LAST_KEYWORD_VALUE,
134
135 // Putting CSP_HASH after the delimitor, because CSP_HASH is not a valid
136 // keyword (hash uses e.g. sha256, sha512) but we use CSP_HASH internally
137 // to identify allowed hashes in ::allows.
138 CSP_HASH
139 };
140
141 // The keywords, in UTF-8 form.
142 static const char* gCSPUTF8Keywords[] = {
143 #define KEYWORD_UTF8_LITERAL(id_, string_) string_,
144 FOR_EACH_CSP_KEYWORD(KEYWORD_UTF8_LITERAL)
145 #undef KEYWORD_UTF8_LITERAL
146 };
147
148 // The keywords, in UTF-16 form.
149 static const char16_t* gCSPUTF16Keywords[] = {
150 #define KEYWORD_UTF16_LITERAL(id_, string_) u"" string_,
151 FOR_EACH_CSP_KEYWORD(KEYWORD_UTF16_LITERAL)
152 #undef KEYWORD_UTF16_LITERAL
153 };
154
155 #undef FOR_EACH_CSP_KEYWORD
156
157 inline const char* CSP_EnumToUTF8Keyword(enum CSPKeyword aKey) {
158 // Make sure all elements in enum CSPKeyword got added to gCSPUTF8Keywords.
159 static_assert((sizeof(gCSPUTF8Keywords) / sizeof(gCSPUTF8Keywords[0]) ==
160 CSP_LAST_KEYWORD_VALUE),
161 "CSP_LAST_KEYWORD_VALUE != length(gCSPUTF8Keywords)");
162
163 if (static_cast<uint32_t>(aKey) <
164 static_cast<uint32_t>(CSP_LAST_KEYWORD_VALUE)) {
165 return gCSPUTF8Keywords[static_cast<uint32_t>(aKey)];
166 }
167 return "error: invalid keyword in CSP_EnumToUTF8Keyword";
168 }
169
170 inline const char16_t* CSP_EnumToUTF16Keyword(enum CSPKeyword aKey) {
171 // Make sure all elements in enum CSPKeyword got added to gCSPUTF16Keywords.
172 static_assert((sizeof(gCSPUTF16Keywords) / sizeof(gCSPUTF16Keywords[0]) ==
173 CSP_LAST_KEYWORD_VALUE),
174 "CSP_LAST_KEYWORD_VALUE != length(gCSPUTF16Keywords)");
175
176 if (static_cast<uint32_t>(aKey) <
177 static_cast<uint32_t>(CSP_LAST_KEYWORD_VALUE)) {
178 return gCSPUTF16Keywords[static_cast<uint32_t>(aKey)];
179 }
180 return u"error: invalid keyword in CSP_EnumToUTF16Keyword";
181 }
182
183 inline CSPKeyword CSP_UTF16KeywordToEnum(const nsAString& aKey) {
184 nsString lowerKey = PromiseFlatString(aKey);
185 ToLowerCase(lowerKey);
186
187 for (uint32_t i = 0; i < CSP_LAST_KEYWORD_VALUE; i++) {
188 if (lowerKey.Equals(gCSPUTF16Keywords[i])) {
189 return static_cast<CSPKeyword>(i);
190 }
191 }
192 NS_ASSERTION(false, "Can not convert unknown Keyword to Enum");
193 return CSP_LAST_KEYWORD_VALUE;
194 }
195
196 nsresult CSP_AppendCSPFromHeader(nsIContentSecurityPolicy* aCsp,
197 const nsAString& aHeaderValue,
198 bool aReportOnly);
199
200 /* =============== Helpers ================== */
201
202 class nsCSPHostSrc;
203
204 nsCSPHostSrc* CSP_CreateHostSrcFromSelfURI(nsIURI* aSelfURI);
205 bool CSP_IsEmptyDirective(const nsAString& aValue, const nsAString& aDir);
206 bool CSP_IsDirective(const nsAString& aValue, CSPDirective aDir);
207 bool CSP_IsKeyword(const nsAString& aValue, enum CSPKeyword aKey);
208 bool CSP_IsQuotelessKeyword(const nsAString& aKey);
209 CSPDirective CSP_ContentTypeToDirective(nsContentPolicyType aType);
210
211 class nsCSPSrcVisitor;
212
213 void CSP_PercentDecodeStr(const nsAString& aEncStr, nsAString& outDecStr);
214 bool CSP_ShouldResponseInheritCSP(nsIChannel* aChannel);
215
216 void CSP_ApplyMetaCSPToDoc(mozilla::dom::Document& aDoc,
217 const nsAString& aPolicyStr);
218
219 /* =============== nsCSPSrc ================== */
220
221 class nsCSPBaseSrc {
222 public:
223 nsCSPBaseSrc();
224 virtual ~nsCSPBaseSrc();
225
226 virtual bool permits(nsIURI* aUri, const nsAString& aNonce,
227 bool aWasRedirected, bool aReportOnly,
228 bool aUpgradeInsecure, bool aParserCreated) const;
229 virtual bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
230 bool aParserCreated) const;
231 virtual bool visit(nsCSPSrcVisitor* aVisitor) const = 0;
232 virtual void toString(nsAString& outStr) const = 0;
233
234 virtual void invalidate() const { mInvalidated = true; }
235
236 virtual bool isReportSample() const { return false; }
237
238 protected:
239 // invalidate srcs if 'script-dynamic' is present or also invalidate
240 // unsafe-inline' if nonce- or hash-source specified
241 mutable bool mInvalidated;
242 };
243
244 /* =============== nsCSPSchemeSrc ============ */
245
246 class nsCSPSchemeSrc : public nsCSPBaseSrc {
247 public:
248 explicit nsCSPSchemeSrc(const nsAString& aScheme);
249 virtual ~nsCSPSchemeSrc();
250
251 bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
252 bool aReportOnly, bool aUpgradeInsecure,
253 bool aParserCreated) const override;
254 bool visit(nsCSPSrcVisitor* aVisitor) const override;
255 void toString(nsAString& outStr) const override;
256
257 inline void getScheme(nsAString& outStr) const { outStr.Assign(mScheme); };
258
259 private:
260 nsString mScheme;
261 };
262
263 /* =============== nsCSPHostSrc ============== */
264
265 class nsCSPHostSrc : public nsCSPBaseSrc {
266 public:
267 explicit nsCSPHostSrc(const nsAString& aHost);
268 virtual ~nsCSPHostSrc();
269
270 bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
271 bool aReportOnly, bool aUpgradeInsecure,
272 bool aParserCreated) const override;
273 bool visit(nsCSPSrcVisitor* aVisitor) const override;
274 void toString(nsAString& outStr) const override;
275
276 void setScheme(const nsAString& aScheme);
277 void setPort(const nsAString& aPort);
278 void appendPath(const nsAString& aPath);
279
280 inline void setGeneratedFromSelfKeyword() const {
281 mGeneratedFromSelfKeyword = true;
282 }
283
284 inline void setIsUniqueOrigin() const { mIsUniqueOrigin = true; }
285
286 inline void setWithinFrameAncestorsDir(bool aValue) const {
287 mWithinFrameAncstorsDir = aValue;
288 }
289
290 inline void getScheme(nsAString& outStr) const { outStr.Assign(mScheme); };
291
292 inline void getHost(nsAString& outStr) const { outStr.Assign(mHost); };
293
294 inline void getPort(nsAString& outStr) const { outStr.Assign(mPort); };
295
296 inline void getPath(nsAString& outStr) const { outStr.Assign(mPath); };
297
298 private:
299 nsString mScheme;
300 nsString mHost;
301 nsString mPort;
302 nsString mPath;
303 mutable bool mGeneratedFromSelfKeyword;
304 mutable bool mIsUniqueOrigin;
305 mutable bool mWithinFrameAncstorsDir;
306 };
307
308 /* =============== nsCSPKeywordSrc ============ */
309
310 class nsCSPKeywordSrc : public nsCSPBaseSrc {
311 public:
312 explicit nsCSPKeywordSrc(CSPKeyword aKeyword);
313 virtual ~nsCSPKeywordSrc();
314
315 bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
316 bool aParserCreated) const override;
317 bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
318 bool aReportOnly, bool aUpgradeInsecure,
319 bool aParserCreated) const override;
320 bool visit(nsCSPSrcVisitor* aVisitor) const override;
321 void toString(nsAString& outStr) const override;
322
323 inline CSPKeyword getKeyword() const { return mKeyword; };
324
325 inline void invalidate() const override {
326 // keywords that need to invalidated
327 if (mKeyword == CSP_SELF || mKeyword == CSP_UNSAFE_INLINE ||
328 mKeyword == CSP_REPORT_SAMPLE) {
329 mInvalidated = true;
330 }
331 }
332
333 bool isReportSample() const override { return mKeyword == CSP_REPORT_SAMPLE; }
334
335 private:
336 CSPKeyword mKeyword;
337 };
338
339 /* =============== nsCSPNonceSource =========== */
340
341 class nsCSPNonceSrc : public nsCSPBaseSrc {
342 public:
343 explicit nsCSPNonceSrc(const nsAString& aNonce);
344 virtual ~nsCSPNonceSrc();
345
346 bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
347 bool aReportOnly, bool aUpgradeInsecure,
348 bool aParserCreated) const override;
349 bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
350 bool aParserCreated) const override;
351 bool visit(nsCSPSrcVisitor* aVisitor) const override;
352 void toString(nsAString& outStr) const override;
353
354 inline void getNonce(nsAString& outStr) const { outStr.Assign(mNonce); };
355
356 inline void invalidate() const override {
357 // overwrite nsCSPBaseSRC::invalidate() and explicitily
358 // do *not* invalidate, because 'strict-dynamic' should
359 // not invalidate nonces.
360 }
361
362 private:
363 nsString mNonce;
364 };
365
366 /* =============== nsCSPHashSource ============ */
367
368 class nsCSPHashSrc : public nsCSPBaseSrc {
369 public:
370 nsCSPHashSrc(const nsAString& algo, const nsAString& hash);
371 virtual ~nsCSPHashSrc();
372
373 bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
374 bool aParserCreated) const override;
375 void toString(nsAString& outStr) const override;
376 bool visit(nsCSPSrcVisitor* aVisitor) const override;
377
378 inline void getAlgorithm(nsAString& outStr) const {
379 outStr.Assign(mAlgorithm);
380 };
381
382 inline void getHash(nsAString& outStr) const { outStr.Assign(mHash); };
383
384 inline void invalidate() const override {
385 // overwrite nsCSPBaseSRC::invalidate() and explicitily
386 // do *not* invalidate, because 'strict-dynamic' should
387 // not invalidate hashes.
388 }
389
390 private:
391 nsString mAlgorithm;
392 nsString mHash;
393 };
394
395 /* =============== nsCSPReportURI ============ */
396
397 class nsCSPReportURI : public nsCSPBaseSrc {
398 public:
399 explicit nsCSPReportURI(nsIURI* aURI);
400 virtual ~nsCSPReportURI();
401
402 bool visit(nsCSPSrcVisitor* aVisitor) const override;
403 void toString(nsAString& outStr) const override;
404
405 private:
406 nsCOMPtr<nsIURI> mReportURI;
407 };
408
409 /* =============== nsCSPSandboxFlags ================== */
410
411 class nsCSPSandboxFlags : public nsCSPBaseSrc {
412 public:
413 explicit nsCSPSandboxFlags(const nsAString& aFlags);
414 virtual ~nsCSPSandboxFlags();
415
416 bool visit(nsCSPSrcVisitor* aVisitor) const override;
417 void toString(nsAString& outStr) const override;
418
419 private:
420 nsString mFlags;
421 };
422
423 /* =============== nsCSPSrcVisitor ================== */
424
425 class nsCSPSrcVisitor {
426 public:
427 virtual bool visitSchemeSrc(const nsCSPSchemeSrc& src) = 0;
428
429 virtual bool visitHostSrc(const nsCSPHostSrc& src) = 0;
430
431 virtual bool visitKeywordSrc(const nsCSPKeywordSrc& src) = 0;
432
433 virtual bool visitNonceSrc(const nsCSPNonceSrc& src) = 0;
434
435 virtual bool visitHashSrc(const nsCSPHashSrc& src) = 0;
436
437 protected:
438 explicit nsCSPSrcVisitor() = default;
439 virtual ~nsCSPSrcVisitor() = default;
440 };
441
442 /* =============== nsCSPDirective ============= */
443
444 class nsCSPDirective {
445 public:
446 explicit nsCSPDirective(CSPDirective aDirective);
447 virtual ~nsCSPDirective();
448
449 virtual bool permits(nsIURI* aUri, const nsAString& aNonce,
450 bool aWasRedirected, bool aReportOnly,
451 bool aUpgradeInsecure, bool aParserCreated) const;
452 virtual bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
453 bool aParserCreated) const;
454 virtual void toString(nsAString& outStr) const;
455 void toDomCSPStruct(mozilla::dom::CSP& outCSP) const;
456
457 virtual void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) {
458 mSrcs = aSrcs.Clone();
459 }
460
461 inline bool isDefaultDirective() const {
462 return mDirective == nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE;
463 }
464
465 virtual bool equals(CSPDirective aDirective) const;
466
467 void getReportURIs(nsTArray<nsString>& outReportURIs) const;
468
469 bool visitSrcs(nsCSPSrcVisitor* aVisitor) const;
470
471 virtual void getDirName(nsAString& outStr) const;
472
473 bool hasReportSampleKeyword() const;
474
475 protected:
476 CSPDirective mDirective;
477 nsTArray<nsCSPBaseSrc*> mSrcs;
478 };
479
480 /* =============== nsCSPChildSrcDirective ============= */
481
482 /*
483 * In CSP 3 child-src is deprecated. For backwards compatibility
484 * child-src needs to restrict:
485 * (*) frames, in case frame-src is not expicitly specified
486 * (*) workers, in case worker-src is not expicitly specified
487 */
488 class nsCSPChildSrcDirective : public nsCSPDirective {
489 public:
490 explicit nsCSPChildSrcDirective(CSPDirective aDirective);
491 virtual ~nsCSPChildSrcDirective();
492
493 void setRestrictFrames() { mRestrictFrames = true; }
494
495 void setRestrictWorkers() { mRestrictWorkers = true; }
496
497 virtual bool equals(CSPDirective aDirective) const override;
498
499 private:
500 bool mRestrictFrames;
501 bool mRestrictWorkers;
502 };
503
504 /* =============== nsCSPScriptSrcDirective ============= */
505
506 /*
507 * In CSP 3 worker-src restricts workers, for backwards compatibily
508 * script-src has to restrict workers as the ultimate fallback if
509 * neither worker-src nor child-src is present in a CSP.
510 */
511 class nsCSPScriptSrcDirective : public nsCSPDirective {
512 public:
513 explicit nsCSPScriptSrcDirective(CSPDirective aDirective);
514 virtual ~nsCSPScriptSrcDirective();
515
516 void setRestrictWorkers() { mRestrictWorkers = true; }
517 void setRestrictScriptElem() { mRestrictScriptElem = true; }
518 void setRestrictScriptAttr() { mRestrictScriptAttr = true; }
519
520 bool equals(CSPDirective aDirective) const override;
521
522 private:
523 bool mRestrictWorkers = false;
524 bool mRestrictScriptElem = false;
525 bool mRestrictScriptAttr = false;
526 };
527
528 /* =============== nsCSPStyleSrcDirective ============= */
529
530 /*
531 * In CSP 3 style-src is use as a fallback for style-src-elem and
532 * style-src-attr.
533 */
534 class nsCSPStyleSrcDirective : public nsCSPDirective {
535 public:
536 explicit nsCSPStyleSrcDirective(CSPDirective aDirective);
537 virtual ~nsCSPStyleSrcDirective();
538
539 void setRestrictStyleElem() { mRestrictStyleElem = true; }
540 void setRestrictStyleAttr() { mRestrictStyleAttr = true; }
541
542 bool equals(CSPDirective aDirective) const override;
543
544 private:
545 bool mRestrictStyleElem = false;
546 bool mRestrictStyleAttr = false;
547 };
548
549 /* =============== nsBlockAllMixedContentDirective === */
550
551 class nsBlockAllMixedContentDirective : public nsCSPDirective {
552 public:
553 explicit nsBlockAllMixedContentDirective(CSPDirective aDirective);
554 ~nsBlockAllMixedContentDirective();
555
556 bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
557 bool aReportOnly, bool aUpgradeInsecure,
558 bool aParserCreated) const override {
559 return false;
560 }
561
562 bool permits(nsIURI* aUri) const { return false; }
563
564 bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
565 bool aParserCreated) const override {
566 return false;
567 }
568
569 void toString(nsAString& outStr) const override;
570
571 void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) override {
572 MOZ_ASSERT(false, "block-all-mixed-content does not hold any srcs");
573 }
574
575 void getDirName(nsAString& outStr) const override;
576 };
577
578 /* =============== nsUpgradeInsecureDirective === */
579
580 /*
581 * Upgrading insecure requests includes the following actors:
582 * (1) CSP:
583 * The CSP implementation allowlists the http-request
584 * in case the policy is executed in enforcement mode.
585 * The CSP implementation however does not allow http
586 * requests to succeed if executed in report-only mode.
587 * In such a case the CSP implementation reports the
588 * error back to the page.
589 *
590 * (2) MixedContent:
591 * The evalution of MixedContent allowlists all http
592 * requests with the promise that the http requests
593 * gets upgraded to https before any data is fetched
594 * from the network.
595 *
596 * (3) CORS:
597 * Does not consider the http request to be of a
598 * different origin in case the scheme is the only
599 * difference in otherwise matching URIs.
600 *
601 * (4) nsHttpChannel:
602 * Before connecting, the channel gets redirected
603 * to use https.
604 *
605 * (5) WebSocketChannel:
606 * Similar to the httpChannel, the websocketchannel
607 * gets upgraded from ws to wss.
608 */
609 class nsUpgradeInsecureDirective : public nsCSPDirective {
610 public:
611 explicit nsUpgradeInsecureDirective(CSPDirective aDirective);
612 ~nsUpgradeInsecureDirective();
613
614 bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
615 bool aReportOnly, bool aUpgradeInsecure,
616 bool aParserCreated) const override {
617 return false;
618 }
619
620 bool permits(nsIURI* aUri) const { return false; }
621
622 bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
623 bool aParserCreated) const override {
624 return false;
625 }
626
627 void toString(nsAString& outStr) const override;
628
629 void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) override {
630 MOZ_ASSERT(false, "upgrade-insecure-requests does not hold any srcs");
631 }
632
633 void getDirName(nsAString& outStr) const override;
634 };
635
636 /* =============== nsCSPPolicy ================== */
637
638 class nsCSPPolicy {
639 public:
640 nsCSPPolicy();
641 virtual ~nsCSPPolicy();
642
643 bool permits(CSPDirective aDirective, nsIURI* aUri, const nsAString& aNonce,
644 bool aWasRedirected, bool aSpecific, bool aParserCreated,
645 nsAString& outViolatedDirective) const;
646 bool allows(CSPDirective aDirective, enum CSPKeyword aKeyword,
647 const nsAString& aHashOrNonce, bool aParserCreated) const;
648 void toString(nsAString& outStr) const;
649 void toDomCSPStruct(mozilla::dom::CSP& outCSP) const;
650
651 inline void addDirective(nsCSPDirective* aDir) {
652 mDirectives.AppendElement(aDir);
653 }
654
655 inline void addUpgradeInsecDir(nsUpgradeInsecureDirective* aDir) {
656 mUpgradeInsecDir = aDir;
657 addDirective(aDir);
658 }
659
660 bool hasDirective(CSPDirective aDir) const;
661
662 inline void setDeliveredViaMetaTagFlag(bool aFlag) {
663 mDeliveredViaMetaTag = aFlag;
664 }
665
666 inline bool getDeliveredViaMetaTagFlag() const {
667 return mDeliveredViaMetaTag;
668 }
669
670 inline void setReportOnlyFlag(bool aFlag) { mReportOnly = aFlag; }
671
672 inline bool getReportOnlyFlag() const { return mReportOnly; }
673
674 void getReportURIs(nsTArray<nsString>& outReportURIs) const;
675
676 void getDirectiveStringAndReportSampleForContentType(
677 CSPDirective aDirective, nsAString& outDirective,
678 bool* aReportSample) const;
679
680 void getDirectiveAsString(CSPDirective aDir, nsAString& outDirective) const;
681
682 uint32_t getSandboxFlags() const;
683
684 inline uint32_t getNumDirectives() const { return mDirectives.Length(); }
685
686 bool visitDirectiveSrcs(CSPDirective aDir, nsCSPSrcVisitor* aVisitor) const;
687
688 bool allowsNavigateTo(nsIURI* aURI, bool aWasRedirected,
689 bool aEnforceAllowlist) const;
690
691 private:
692 nsUpgradeInsecureDirective* mUpgradeInsecDir;
693 nsTArray<nsCSPDirective*> mDirectives;
694 bool mReportOnly;
695 bool mDeliveredViaMetaTag;
696 };
697
698 #endif /* nsCSPUtils_h___ */