1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include "nsAboutRedirector.h"
9 #include "nsAboutProtocolUtils.h"
10 #include "nsBaseChannel.h"
11 #include "mozilla/ArrayUtils.h"
12 #include "nsIProtocolHandler.h"
13 #include "nsXULAppAPI.h"
14 #include "mozilla/Preferences.h"
15 #include "mozilla/dom/ContentParent.h"
16 #include "mozilla/dom/RemoteType.h"
17 #include "mozilla/gfx/GPUProcessManager.h"
19 #define ABOUT_CONFIG_ENABLED_PREF "general.aboutConfig.enable"
21 NS_IMPL_ISUPPORTS(nsAboutRedirector
, nsIAboutModule
)
29 class CrashChannel final
: public nsBaseChannel
{
31 explicit CrashChannel(nsIURI
* aURI
) { SetURI(aURI
); }
33 nsresult
OpenContentStream(bool async
, nsIInputStream
** stream
,
34 nsIChannel
** channel
) override
{
38 if (spec
.EqualsASCII("about:crashparent") && XRE_IsParentProcess()) {
39 MOZ_CRASH("Crash via about:crashparent");
42 if (spec
.EqualsASCII("about:crashgpu") && XRE_IsParentProcess()) {
43 if (auto* gpu
= mozilla::gfx::GPUProcessManager::Get()) {
48 if (spec
.EqualsASCII("about:crashcontent") && XRE_IsContentProcess()) {
49 MOZ_CRASH("Crash via about:crashcontent");
52 if (spec
.EqualsASCII("about:crashextensions") && XRE_IsParentProcess()) {
53 using ContentParent
= mozilla::dom::ContentParent
;
54 nsTArray
<RefPtr
<ContentParent
>> toKill
;
55 for (auto* cp
: ContentParent::AllProcesses(ContentParent::eLive
)) {
56 if (cp
->GetRemoteType() == EXTENSION_REMOTE_TYPE
) {
57 toKill
.AppendElement(cp
);
60 for (auto& cp
: toKill
) {
61 cp
->KillHard("Killed via about:crashextensions");
65 NS_WARNING("Unhandled about:crash* URI or wrong process");
66 return NS_ERROR_NOT_IMPLEMENTED
;
70 virtual ~CrashChannel() = default;
74 Entries which do not have URI_SAFE_FOR_UNTRUSTED_CONTENT will run with chrome
75 privileges. This is potentially dangerous. Please use
76 URI_SAFE_FOR_UNTRUSTED_CONTENT in the third argument to each map item below
77 unless your about: page really needs chrome privileges. Security review is
78 required before adding new map entries without
79 URI_SAFE_FOR_UNTRUSTED_CONTENT.
81 URI_SAFE_FOR_UNTRUSTED_CONTENT is not enough to let web pages load that page,
82 for that you need MAKE_LINKABLE.
84 NOTE: changes to this redir map need to be accompanied with changes to
85 docshell/build/components.conf
87 static const RedirEntry kRedirMap
[] = {
88 {"about", "chrome://global/content/aboutAbout.html", 0},
89 {"addons", "chrome://mozapps/content/extensions/aboutaddons.html",
90 nsIAboutModule::ALLOW_SCRIPT
| nsIAboutModule::IS_SECURE_CHROME_UI
},
91 {"buildconfig", "chrome://global/content/buildconfig.html",
92 nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT
|
93 nsIAboutModule::IS_SECURE_CHROME_UI
},
94 {"checkerboard", "chrome://global/content/aboutCheckerboard.html",
95 nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT
|
96 nsIAboutModule::ALLOW_SCRIPT
},
97 #ifndef MOZ_WIDGET_ANDROID
98 {"config", "chrome://global/content/aboutconfig/aboutconfig.html",
99 nsIAboutModule::IS_SECURE_CHROME_UI
},
101 {"config", "chrome://geckoview/content/config.xhtml",
102 nsIAboutModule::IS_SECURE_CHROME_UI
},
104 #ifdef MOZ_CRASHREPORTER
105 {"crashes", "chrome://global/content/crashes.html",
106 nsIAboutModule::IS_SECURE_CHROME_UI
},
108 {"credits", "https://www.mozilla.org/credits/",
109 nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT
|
110 nsIAboutModule::URI_MUST_LOAD_IN_CHILD
},
111 {"httpsonlyerror", "chrome://global/content/httpsonlyerror/errorpage.html",
112 nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT
|
113 nsIAboutModule::URI_CAN_LOAD_IN_CHILD
| nsIAboutModule::ALLOW_SCRIPT
|
114 nsIAboutModule::HIDE_FROM_ABOUTABOUT
},
115 {"license", "chrome://global/content/license.html",
116 nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT
|
117 nsIAboutModule::IS_SECURE_CHROME_UI
},
118 {"logging", "chrome://global/content/aboutLogging.html",
119 nsIAboutModule::ALLOW_SCRIPT
},
120 {"logo", "chrome://branding/content/about.png",
121 nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT
|
122 // Linkable for testing reasons.
123 nsIAboutModule::MAKE_LINKABLE
},
124 {"memory", "chrome://global/content/aboutMemory.xhtml",
125 nsIAboutModule::ALLOW_SCRIPT
},
126 {"certificate", "chrome://global/content/certviewer/certviewer.html",
127 nsIAboutModule::ALLOW_SCRIPT
|
128 nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT
|
129 nsIAboutModule::URI_MUST_LOAD_IN_CHILD
|
130 nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS
|
131 nsIAboutModule::IS_SECURE_CHROME_UI
},
132 {"mozilla", "chrome://global/content/mozilla.html",
133 nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT
},
134 #if !defined(ANDROID) && !defined(XP_WIN)
135 {"webauthn", "chrome://global/content/aboutWebauthn.html",
136 nsIAboutModule::ALLOW_SCRIPT
| nsIAboutModule::IS_SECURE_CHROME_UI
},
138 {"neterror", "chrome://global/content/aboutNetError.html",
139 nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT
|
140 nsIAboutModule::URI_CAN_LOAD_IN_CHILD
| nsIAboutModule::ALLOW_SCRIPT
|
141 nsIAboutModule::HIDE_FROM_ABOUTABOUT
},
142 {"networking", "chrome://global/content/aboutNetworking.html",
143 nsIAboutModule::ALLOW_SCRIPT
},
144 {"performance", "about:processes",
145 nsIAboutModule::ALLOW_SCRIPT
| nsIAboutModule::IS_SECURE_CHROME_UI
|
146 nsIAboutModule::HIDE_FROM_ABOUTABOUT
},
147 {"processes", "chrome://global/content/aboutProcesses.html",
148 nsIAboutModule::ALLOW_SCRIPT
| nsIAboutModule::IS_SECURE_CHROME_UI
},
149 // about:serviceworkers always wants to load in the parent process because
150 // the only place nsIServiceWorkerManager has any data is in the parent
153 // There is overlap without about:debugging, but about:debugging is not
154 // available on mobile at this time, and it's useful to be able to know if
155 // a ServiceWorker is registered directly from the mobile browser without
156 // having to connect the device to a desktop machine and all that entails.
157 {"serviceworkers", "chrome://global/content/aboutServiceWorkers.xhtml",
158 nsIAboutModule::ALLOW_SCRIPT
},
160 {"profiles", "chrome://global/content/aboutProfiles.xhtml",
161 nsIAboutModule::ALLOW_SCRIPT
| nsIAboutModule::IS_SECURE_CHROME_UI
},
163 // about:srcdoc is unresolvable by specification. It is included here
164 // because the security manager would disallow srcdoc iframes otherwise.
165 {"srcdoc", "about:blank",
166 nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT
|
167 nsIAboutModule::HIDE_FROM_ABOUTABOUT
|
168 // Needs to be linkable so content can touch its own srcdoc frames
169 nsIAboutModule::MAKE_LINKABLE
| nsIAboutModule::URI_CAN_LOAD_IN_CHILD
},
170 {"support", "chrome://global/content/aboutSupport.xhtml",
171 nsIAboutModule::ALLOW_SCRIPT
| nsIAboutModule::IS_SECURE_CHROME_UI
},
173 {"third-party", "chrome://global/content/aboutThirdParty.html",
174 nsIAboutModule::ALLOW_SCRIPT
},
175 {"windows-messages", "chrome://global/content/aboutWindowsMessages.html",
176 nsIAboutModule::ALLOW_SCRIPT
},
178 #ifndef MOZ_GLEAN_ANDROID
179 {"glean", "chrome://global/content/aboutGlean.html",
180 # if !defined(NIGHTLY_BUILD) && defined(MOZILLA_OFFICIAL)
181 nsIAboutModule::HIDE_FROM_ABOUTABOUT
|
183 nsIAboutModule::ALLOW_SCRIPT
},
185 {"telemetry", "chrome://global/content/aboutTelemetry.xhtml",
186 nsIAboutModule::ALLOW_SCRIPT
| nsIAboutModule::IS_SECURE_CHROME_UI
},
187 {"translations", "chrome://global/content/translations/translations.html",
188 nsIAboutModule::ALLOW_SCRIPT
|
189 nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT
|
190 nsIAboutModule::URI_MUST_LOAD_IN_CHILD
|
191 nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS
|
192 nsIAboutModule::HIDE_FROM_ABOUTABOUT
},
193 {"url-classifier", "chrome://global/content/aboutUrlClassifier.xhtml",
194 nsIAboutModule::ALLOW_SCRIPT
},
195 {"webrtc", "chrome://global/content/aboutwebrtc/aboutWebrtc.html",
196 nsIAboutModule::ALLOW_SCRIPT
},
197 {"crashparent", "about:blank", nsIAboutModule::HIDE_FROM_ABOUTABOUT
},
198 {"crashcontent", "about:blank",
199 nsIAboutModule::HIDE_FROM_ABOUTABOUT
|
200 nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT
|
201 nsIAboutModule::URI_CAN_LOAD_IN_CHILD
|
202 nsIAboutModule::URI_MUST_LOAD_IN_CHILD
},
203 {"crashgpu", "about:blank", nsIAboutModule::HIDE_FROM_ABOUTABOUT
},
204 {"crashextensions", "about:blank", nsIAboutModule::HIDE_FROM_ABOUTABOUT
}};
205 static const int kRedirTotal
= mozilla::ArrayLength(kRedirMap
);
208 nsAboutRedirector::NewChannel(nsIURI
* aURI
, nsILoadInfo
* aLoadInfo
,
209 nsIChannel
** aResult
) {
210 NS_ENSURE_ARG_POINTER(aURI
);
211 NS_ENSURE_ARG_POINTER(aLoadInfo
);
212 NS_ASSERTION(aResult
, "must not be null");
215 nsresult rv
= NS_GetAboutModuleName(aURI
, path
);
216 NS_ENSURE_SUCCESS(rv
, rv
);
218 nsCOMPtr
<nsIIOService
> ioService
= do_GetIOService(&rv
);
219 NS_ENSURE_SUCCESS(rv
, rv
);
221 if (path
.EqualsASCII("crashparent") || path
.EqualsASCII("crashcontent") ||
222 path
.EqualsASCII("crashgpu") || path
.EqualsASCII("crashextensions")) {
224 aLoadInfo
->GetLoadTriggeredFromExternal(&isExternal
);
225 if (isExternal
|| !aLoadInfo
->TriggeringPrincipal() ||
226 !aLoadInfo
->TriggeringPrincipal()->IsSystemPrincipal()) {
227 return NS_ERROR_NOT_AVAILABLE
;
230 nsCOMPtr
<nsIChannel
> channel
= new CrashChannel(aURI
);
231 channel
->SetLoadInfo(aLoadInfo
);
232 channel
.forget(aResult
);
236 if (path
.EqualsASCII("config") &&
237 !mozilla::Preferences::GetBool(ABOUT_CONFIG_ENABLED_PREF
, true)) {
238 return NS_ERROR_NOT_AVAILABLE
;
241 for (int i
= 0; i
< kRedirTotal
; i
++) {
242 if (!strcmp(path
.get(), kRedirMap
[i
].id
)) {
243 nsCOMPtr
<nsIChannel
> tempChannel
;
244 nsCOMPtr
<nsIURI
> tempURI
;
245 rv
= NS_NewURI(getter_AddRefs(tempURI
), kRedirMap
[i
].url
);
246 NS_ENSURE_SUCCESS(rv
, rv
);
248 rv
= NS_NewChannelInternal(getter_AddRefs(tempChannel
), tempURI
,
250 NS_ENSURE_SUCCESS(rv
, rv
);
252 // If tempURI links to an external URI (i.e. something other than
253 // chrome:// or resource://) then set result principal URI on the
254 // load info which forces the channel principal to reflect the displayed
255 // URL rather then being the systemPrincipal.
256 bool isUIResource
= false;
257 rv
= NS_URIChainHasFlags(tempURI
, nsIProtocolHandler::URI_IS_UI_RESOURCE
,
259 NS_ENSURE_SUCCESS(rv
, rv
);
261 bool isAboutBlank
= NS_IsAboutBlank(tempURI
);
263 if (!isUIResource
&& !isAboutBlank
) {
264 aLoadInfo
->SetResultPrincipalURI(tempURI
);
267 tempChannel
->SetOriginalURI(aURI
);
269 tempChannel
.forget(aResult
);
274 NS_ERROR("nsAboutRedirector called for unknown case");
275 return NS_ERROR_ILLEGAL_VALUE
;
279 nsAboutRedirector::GetURIFlags(nsIURI
* aURI
, uint32_t* aResult
) {
280 NS_ENSURE_ARG_POINTER(aURI
);
283 nsresult rv
= NS_GetAboutModuleName(aURI
, name
);
284 NS_ENSURE_SUCCESS(rv
, rv
);
286 for (int i
= 0; i
< kRedirTotal
; i
++) {
287 if (name
.EqualsASCII(kRedirMap
[i
].id
)) {
288 *aResult
= kRedirMap
[i
].flags
;
293 NS_ERROR("nsAboutRedirector called for unknown case");
294 return NS_ERROR_ILLEGAL_VALUE
;
298 nsAboutRedirector::GetChromeURI(nsIURI
* aURI
, nsIURI
** chromeURI
) {
299 NS_ENSURE_ARG_POINTER(aURI
);
302 nsresult rv
= NS_GetAboutModuleName(aURI
, name
);
303 NS_ENSURE_SUCCESS(rv
, rv
);
305 for (const auto& redir
: kRedirMap
) {
306 if (name
.EqualsASCII(redir
.id
)) {
307 return NS_NewURI(chromeURI
, redir
.url
);
311 NS_ERROR("nsAboutRedirector called for unknown case");
312 return NS_ERROR_ILLEGAL_VALUE
;
315 nsresult
nsAboutRedirector::Create(REFNSIID aIID
, void** aResult
) {
316 RefPtr
<nsAboutRedirector
> about
= new nsAboutRedirector();
317 return about
->QueryInterface(aIID
, aResult
);