Backed out 2 changesets (bug 1855531) for causing bustages on HTMLVideoElementBinding...
[gecko.git] / caps / ContentPrincipal.cpp
blob5aeecaf2bd426c49ca3a4275000803fae3bd763c
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 sw=2 et tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include "ContentPrincipal.h"
9 #include "mozIThirdPartyUtil.h"
10 #include "nsContentUtils.h"
11 #include "nscore.h"
12 #include "nsScriptSecurityManager.h"
13 #include "nsString.h"
14 #include "nsReadableUtils.h"
15 #include "pratom.h"
16 #include "nsIURI.h"
17 #include "nsIURL.h"
18 #include "nsIStandardURL.h"
19 #include "nsIURIWithSpecialOrigin.h"
20 #include "nsIURIMutator.h"
21 #include "nsJSPrincipals.h"
22 #include "nsIEffectiveTLDService.h"
23 #include "nsIClassInfoImpl.h"
24 #include "nsIObjectInputStream.h"
25 #include "nsIObjectOutputStream.h"
26 #include "nsIProtocolHandler.h"
27 #include "nsError.h"
28 #include "nsIContentSecurityPolicy.h"
29 #include "nsNetCID.h"
30 #include "js/RealmIterators.h"
31 #include "js/Wrapper.h"
33 #include "mozilla/dom/BlobURLProtocolHandler.h"
34 #include "mozilla/dom/ScriptSettings.h"
35 #include "mozilla/ClearOnShutdown.h"
36 #include "mozilla/ExtensionPolicyService.h"
37 #include "mozilla/Preferences.h"
38 #include "mozilla/HashFunctions.h"
40 #include "nsSerializationHelper.h"
41 #include "json/json.h"
43 using namespace mozilla;
45 NS_IMPL_CLASSINFO(ContentPrincipal, nullptr, 0, NS_PRINCIPAL_CID)
46 NS_IMPL_QUERY_INTERFACE_CI(ContentPrincipal, nsIPrincipal)
47 NS_IMPL_CI_INTERFACE_GETTER(ContentPrincipal, nsIPrincipal)
49 ContentPrincipal::ContentPrincipal(nsIURI* aURI,
50 const OriginAttributes& aOriginAttributes,
51 const nsACString& aOriginNoSuffix,
52 nsIURI* aInitialDomain)
53 : BasePrincipal(eContentPrincipal, aOriginNoSuffix, aOriginAttributes),
54 mURI(aURI),
55 mDomain(aInitialDomain) {
56 if (mDomain) {
57 // We're just creating the principal, so no need to re-compute wrappers.
58 SetHasExplicitDomain();
61 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
62 // Assert that the URI we get here isn't any of the schemes that we know we
63 // should not get here. These schemes always either inherit their principal
64 // or fall back to a null principal. These are schemes which return
65 // URI_INHERITS_SECURITY_CONTEXT from their protocol handler's
66 // GetProtocolFlags function.
67 bool hasFlag = false;
68 MOZ_DIAGNOSTIC_ASSERT(
69 NS_SUCCEEDED(NS_URIChainHasFlags(
70 aURI, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT, &hasFlag)) &&
71 !hasFlag);
72 #endif
75 ContentPrincipal::ContentPrincipal(ContentPrincipal* aOther,
76 const OriginAttributes& aOriginAttributes)
77 : BasePrincipal(aOther, aOriginAttributes),
78 mURI(aOther->mURI),
79 mDomain(aOther->mDomain),
80 mAddon(aOther->mAddon) {}
82 ContentPrincipal::~ContentPrincipal() = default;
84 nsresult ContentPrincipal::GetScriptLocation(nsACString& aStr) {
85 return mURI->GetSpec(aStr);
88 /* static */
89 nsresult ContentPrincipal::GenerateOriginNoSuffixFromURI(
90 nsIURI* aURI, nsACString& aOriginNoSuffix) {
91 if (!aURI) {
92 return NS_ERROR_FAILURE;
95 nsCOMPtr<nsIURI> origin = NS_GetInnermostURI(aURI);
96 if (!origin) {
97 return NS_ERROR_FAILURE;
100 MOZ_ASSERT(!NS_IsAboutBlank(origin),
101 "The inner URI for about:blank must be moz-safe-about:blank");
103 // Handle non-strict file:// uris.
104 if (!nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
105 NS_URIIsLocalFile(origin)) {
106 // If strict file origin policy is not in effect, all local files are
107 // considered to be same-origin, so return a known dummy origin here.
108 aOriginNoSuffix.AssignLiteral("file://UNIVERSAL_FILE_URI_ORIGIN");
109 return NS_OK;
112 nsresult rv;
113 // NB: This is only compiled for Thunderbird/Suite.
114 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
115 bool fullSpec = false;
116 rv = NS_URIChainHasFlags(origin, nsIProtocolHandler::ORIGIN_IS_FULL_SPEC,
117 &fullSpec);
118 NS_ENSURE_SUCCESS(rv, rv);
119 if (fullSpec) {
120 return origin->GetAsciiSpec(aOriginNoSuffix);
122 #endif
124 // We want the invariant that prinA.origin == prinB.origin i.f.f.
125 // prinA.equals(prinB). However, this requires that we impose certain
126 // constraints on the behavior and origin semantics of principals, and in
127 // particular, forbid creating origin strings for principals whose equality
128 // constraints are not expressible as strings (i.e. object equality).
129 // Moreover, we want to forbid URIs containing the magic "^" we use as a
130 // separating character for origin attributes.
132 // These constraints can generally be achieved by restricting .origin to
133 // nsIStandardURL-based URIs, but there are a few other URI schemes that we
134 // need to handle.
135 if (origin->SchemeIs("about") ||
136 (origin->SchemeIs("moz-safe-about") &&
137 // We generally consider two about:foo origins to be same-origin, but
138 // about:blank is special since it can be generated from different
139 // sources. We check for moz-safe-about:blank since origin is an
140 // innermost URI.
141 !StringBeginsWith(origin->GetSpecOrDefault(),
142 "moz-safe-about:blank"_ns))) {
143 rv = origin->GetAsciiSpec(aOriginNoSuffix);
144 NS_ENSURE_SUCCESS(rv, rv);
146 int32_t pos = aOriginNoSuffix.FindChar('?');
147 int32_t hashPos = aOriginNoSuffix.FindChar('#');
149 if (hashPos != kNotFound && (pos == kNotFound || hashPos < pos)) {
150 pos = hashPos;
153 if (pos != kNotFound) {
154 aOriginNoSuffix.Truncate(pos);
157 // These URIs could technically contain a '^', but they never should.
158 if (NS_WARN_IF(aOriginNoSuffix.FindChar('^', 0) != -1)) {
159 aOriginNoSuffix.Truncate();
160 return NS_ERROR_FAILURE;
162 return NS_OK;
165 // This URL can be a blobURL. In this case, we should use the 'parent'
166 // principal instead.
167 nsCOMPtr<nsIPrincipal> blobPrincipal;
168 if (dom::BlobURLProtocolHandler::GetBlobURLPrincipal(
169 origin, getter_AddRefs(blobPrincipal))) {
170 MOZ_ASSERT(blobPrincipal);
171 return blobPrincipal->GetOriginNoSuffix(aOriginNoSuffix);
174 // If we reached this branch, we can only create an origin if we have a
175 // nsIStandardURL. So, we query to a nsIStandardURL, and fail if we aren't
176 // an instance of an nsIStandardURL nsIStandardURLs have the good property
177 // of escaping the '^' character in their specs, which means that we can be
178 // sure that the caret character (which is reserved for delimiting the end
179 // of the spec, and the beginning of the origin attributes) is not present
180 // in the origin string
181 nsCOMPtr<nsIStandardURL> standardURL = do_QueryInterface(origin);
182 if (!standardURL) {
183 return NS_ERROR_FAILURE;
186 // See whether we have a useful hostPort. If we do, use that.
187 nsAutoCString hostPort;
188 if (!origin->SchemeIs("chrome")) {
189 rv = origin->GetAsciiHostPort(hostPort);
190 NS_ENSURE_SUCCESS(rv, rv);
192 if (!hostPort.IsEmpty()) {
193 rv = origin->GetScheme(aOriginNoSuffix);
194 NS_ENSURE_SUCCESS(rv, rv);
195 aOriginNoSuffix.AppendLiteral("://");
196 aOriginNoSuffix.Append(hostPort);
197 return NS_OK;
200 rv = aURI->GetAsciiSpec(aOriginNoSuffix);
201 NS_ENSURE_SUCCESS(rv, rv);
203 // The origin, when taken from the spec, should not contain the ref part of
204 // the URL.
206 int32_t pos = aOriginNoSuffix.FindChar('?');
207 int32_t hashPos = aOriginNoSuffix.FindChar('#');
209 if (hashPos != kNotFound && (pos == kNotFound || hashPos < pos)) {
210 pos = hashPos;
213 if (pos != kNotFound) {
214 aOriginNoSuffix.Truncate(pos);
217 return NS_OK;
220 bool ContentPrincipal::SubsumesInternal(
221 nsIPrincipal* aOther,
222 BasePrincipal::DocumentDomainConsideration aConsideration) {
223 MOZ_ASSERT(aOther);
225 // For ContentPrincipal, Subsumes is equivalent to Equals.
226 if (aOther == this) {
227 return true;
230 // If either the subject or the object has changed its principal by
231 // explicitly setting document.domain then the other must also have
232 // done so in order to be considered the same origin. This prevents
233 // DNS spoofing based on document.domain (154930)
234 if (aConsideration == ConsiderDocumentDomain) {
235 // Get .domain on each principal.
236 nsCOMPtr<nsIURI> thisDomain, otherDomain;
237 GetDomain(getter_AddRefs(thisDomain));
238 aOther->GetDomain(getter_AddRefs(otherDomain));
240 // If either has .domain set, we have equality i.f.f. the domains match.
241 // Otherwise, we fall through to the non-document-domain-considering case.
242 if (thisDomain || otherDomain) {
243 bool isMatch =
244 nsScriptSecurityManager::SecurityCompareURIs(thisDomain, otherDomain);
245 #ifdef DEBUG
246 if (isMatch) {
247 nsAutoCString thisSiteOrigin, otherSiteOrigin;
248 MOZ_ALWAYS_SUCCEEDS(GetSiteOrigin(thisSiteOrigin));
249 MOZ_ALWAYS_SUCCEEDS(aOther->GetSiteOrigin(otherSiteOrigin));
250 MOZ_ASSERT(
251 thisSiteOrigin == otherSiteOrigin,
252 "SubsumesConsideringDomain passed with mismatched siteOrigin!");
254 #endif
255 return isMatch;
259 // Do a fast check (including origin attributes) or a slow uri comparison.
260 return FastEquals(aOther) || aOther->IsSameOrigin(mURI);
263 NS_IMETHODIMP
264 ContentPrincipal::GetURI(nsIURI** aURI) {
265 *aURI = do_AddRef(mURI).take();
266 return NS_OK;
269 bool ContentPrincipal::MayLoadInternal(nsIURI* aURI) {
270 MOZ_ASSERT(aURI);
272 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
273 nsCOMPtr<nsIURIWithSpecialOrigin> uriWithSpecialOrigin =
274 do_QueryInterface(aURI);
275 if (uriWithSpecialOrigin) {
276 nsCOMPtr<nsIURI> origin;
277 nsresult rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
278 if (NS_WARN_IF(NS_FAILED(rv))) {
279 return false;
281 MOZ_ASSERT(origin);
282 OriginAttributes attrs;
283 RefPtr<BasePrincipal> principal =
284 BasePrincipal::CreateContentPrincipal(origin, attrs);
285 return nsIPrincipal::Subsumes(principal);
287 #endif
289 nsCOMPtr<nsIPrincipal> blobPrincipal;
290 if (dom::BlobURLProtocolHandler::GetBlobURLPrincipal(
291 aURI, getter_AddRefs(blobPrincipal))) {
292 MOZ_ASSERT(blobPrincipal);
293 return nsIPrincipal::Subsumes(blobPrincipal);
296 // If this principal is associated with an addon, check whether that addon
297 // has been given permission to load from this domain.
298 if (AddonAllowsLoad(aURI)) {
299 return true;
302 if (nsScriptSecurityManager::SecurityCompareURIs(mURI, aURI)) {
303 return true;
306 // If strict file origin policy is in effect, local files will always fail
307 // SecurityCompareURIs unless they are identical. Explicitly check file origin
308 // policy, in that case.
309 if (nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
310 NS_URIIsLocalFile(aURI) && NS_RelaxStrictFileOriginPolicy(aURI, mURI)) {
311 return true;
314 return false;
317 uint32_t ContentPrincipal::GetHashValue() {
318 MOZ_ASSERT(mURI, "Need a principal URI");
320 nsCOMPtr<nsIURI> uri;
321 GetDomain(getter_AddRefs(uri));
322 if (!uri) {
323 GetURI(getter_AddRefs(uri));
325 return NS_SecurityHashURI(uri);
328 NS_IMETHODIMP
329 ContentPrincipal::GetDomain(nsIURI** aDomain) {
330 if (!GetHasExplicitDomain()) {
331 *aDomain = nullptr;
332 return NS_OK;
335 mozilla::MutexAutoLock lock(mMutex);
336 NS_ADDREF(*aDomain = mDomain);
337 return NS_OK;
340 NS_IMETHODIMP
341 ContentPrincipal::SetDomain(nsIURI* aDomain) {
342 AssertIsOnMainThread();
343 MOZ_ASSERT(aDomain);
346 mozilla::MutexAutoLock lock(mMutex);
347 mDomain = aDomain;
348 SetHasExplicitDomain();
351 // Set the changed-document-domain flag on compartments containing realms
352 // using this principal.
353 auto cb = [](JSContext*, void*, JS::Realm* aRealm,
354 const JS::AutoRequireNoGC& nogc) {
355 JS::Compartment* comp = JS::GetCompartmentForRealm(aRealm);
356 xpc::SetCompartmentChangedDocumentDomain(comp);
358 JSPrincipals* principals =
359 nsJSPrincipals::get(static_cast<nsIPrincipal*>(this));
361 dom::AutoJSAPI jsapi;
362 jsapi.Init();
363 JS::IterateRealmsWithPrincipals(jsapi.cx(), principals, nullptr, cb);
365 return NS_OK;
368 static nsresult GetSpecialBaseDomain(const nsCOMPtr<nsIURI>& aURI,
369 bool* aHandled, nsACString& aBaseDomain) {
370 *aHandled = false;
372 // Special handling for a file URI.
373 if (NS_URIIsLocalFile(aURI)) {
374 // If strict file origin policy is not in effect, all local files are
375 // considered to be same-origin, so return a known dummy domain here.
376 if (!nsScriptSecurityManager::GetStrictFileOriginPolicy()) {
377 *aHandled = true;
378 aBaseDomain.AssignLiteral("UNIVERSAL_FILE_URI_ORIGIN");
379 return NS_OK;
382 // Otherwise, we return the file path.
383 nsCOMPtr<nsIURL> url = do_QueryInterface(aURI);
385 if (url) {
386 *aHandled = true;
387 return url->GetFilePath(aBaseDomain);
391 bool hasNoRelativeFlag;
392 nsresult rv = NS_URIChainHasFlags(aURI, nsIProtocolHandler::URI_NORELATIVE,
393 &hasNoRelativeFlag);
394 if (NS_WARN_IF(NS_FAILED(rv))) {
395 return rv;
398 // In case of FTP we want to get base domain via TLD service even if FTP
399 // protocol handler is disabled and the scheme is handled by external protocol
400 // handler which returns URI_NORELATIVE flag.
401 if (hasNoRelativeFlag && !aURI->SchemeIs("ftp")) {
402 *aHandled = true;
403 return aURI->GetSpec(aBaseDomain);
406 if (aURI->SchemeIs("indexeddb")) {
407 *aHandled = true;
408 return aURI->GetSpec(aBaseDomain);
411 return NS_OK;
414 NS_IMETHODIMP
415 ContentPrincipal::GetBaseDomain(nsACString& aBaseDomain) {
416 // Handle some special URIs first.
417 bool handled;
418 nsresult rv = GetSpecialBaseDomain(mURI, &handled, aBaseDomain);
419 NS_ENSURE_SUCCESS(rv, rv);
421 if (handled) {
422 return NS_OK;
425 // For everything else, we ask the TLD service via the ThirdPartyUtil.
426 nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
427 do_GetService(THIRDPARTYUTIL_CONTRACTID);
428 if (!thirdPartyUtil) {
429 return NS_ERROR_FAILURE;
432 return thirdPartyUtil->GetBaseDomain(mURI, aBaseDomain);
435 NS_IMETHODIMP
436 ContentPrincipal::GetSiteOriginNoSuffix(nsACString& aSiteOrigin) {
437 nsresult rv = GetOriginNoSuffix(aSiteOrigin);
438 NS_ENSURE_SUCCESS(rv, rv);
440 // It is possible for two principals with the same origin to have different
441 // mURI values. In order to ensure that two principals with matching origins
442 // also have matching siteOrigins, we derive the siteOrigin entirely from the
443 // origin string and do not rely on mURI at all here.
444 nsCOMPtr<nsIURI> origin;
445 rv = NS_NewURI(getter_AddRefs(origin), aSiteOrigin);
446 if (NS_FAILED(rv)) {
447 // We got an error parsing the origin as a URI? siteOrigin == origin
448 // aSiteOrigin was already filled with `OriginNoSuffix`
449 return rv;
452 // Handle some special URIs first.
453 nsAutoCString baseDomain;
454 bool handled;
455 rv = GetSpecialBaseDomain(origin, &handled, baseDomain);
456 NS_ENSURE_SUCCESS(rv, rv);
458 if (handled) {
459 // This is a special URI ("file:", "about:", "view-source:", etc). Just
460 // return the origin.
461 return NS_OK;
464 // For everything else, we ask the TLD service. Note that, unlike in
465 // GetBaseDomain, we don't use ThirdPartyUtil.getBaseDomain because if the
466 // host is an IP address that returns the raw address and we can't use it with
467 // SetHost below because SetHost expects '[' and ']' around IPv6 addresses.
468 // See bug 1491728.
469 nsCOMPtr<nsIEffectiveTLDService> tldService =
470 do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
471 if (!tldService) {
472 return NS_ERROR_FAILURE;
475 bool gotBaseDomain = false;
476 rv = tldService->GetBaseDomain(origin, 0, baseDomain);
477 if (NS_SUCCEEDED(rv)) {
478 gotBaseDomain = true;
479 } else {
480 // If this is an IP address or something like "localhost", we just continue
481 // with gotBaseDomain = false.
482 if (rv != NS_ERROR_HOST_IS_IP_ADDRESS &&
483 rv != NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS &&
484 rv != NS_ERROR_INVALID_ARG) {
485 return rv;
489 // NOTE: Calling `SetHostPort` with a portless domain is insufficient to clear
490 // the port, so an extra `SetPort` call has to be made.
491 nsCOMPtr<nsIURI> siteUri;
492 NS_MutateURI mutator(origin);
493 mutator.SetUserPass(""_ns).SetPort(-1);
494 if (gotBaseDomain) {
495 mutator.SetHost(baseDomain);
497 rv = mutator.Finalize(siteUri);
498 MOZ_ASSERT(NS_SUCCEEDED(rv), "failed to create siteUri");
499 NS_ENSURE_SUCCESS(rv, rv);
501 aSiteOrigin.Truncate();
502 rv = GenerateOriginNoSuffixFromURI(siteUri, aSiteOrigin);
503 MOZ_ASSERT(NS_SUCCEEDED(rv), "failed to create siteOriginNoSuffix");
504 return rv;
507 nsresult ContentPrincipal::GetSiteIdentifier(SiteIdentifier& aSite) {
508 nsCString siteOrigin;
509 nsresult rv = GetSiteOrigin(siteOrigin);
510 NS_ENSURE_SUCCESS(rv, rv);
512 RefPtr<BasePrincipal> principal = CreateContentPrincipal(siteOrigin);
513 if (!principal) {
514 NS_WARNING("could not instantiate content principal");
515 return NS_ERROR_FAILURE;
518 aSite.Init(principal);
519 return NS_OK;
522 RefPtr<extensions::WebExtensionPolicyCore> ContentPrincipal::AddonPolicyCore() {
523 mozilla::MutexAutoLock lock(mMutex);
524 if (!mAddon.isSome()) {
525 NS_ENSURE_TRUE(mURI, nullptr);
527 RefPtr<extensions::WebExtensionPolicyCore> core;
528 if (mURI->SchemeIs("moz-extension")) {
529 nsCString host;
530 NS_ENSURE_SUCCESS(mURI->GetHost(host), nullptr);
531 core = ExtensionPolicyService::GetCoreByHost(host);
534 mAddon.emplace(core);
536 return *mAddon;
539 NS_IMETHODIMP
540 ContentPrincipal::GetAddonId(nsAString& aAddonId) {
541 if (RefPtr<extensions::WebExtensionPolicyCore> policy = AddonPolicyCore()) {
542 policy->Id()->ToString(aAddonId);
543 } else {
544 aAddonId.Truncate();
546 return NS_OK;
549 NS_IMETHODIMP
550 ContentPrincipal::Deserializer::Read(nsIObjectInputStream* aStream) {
551 MOZ_ASSERT(!mPrincipal);
553 nsCOMPtr<nsISupports> supports;
554 nsCOMPtr<nsIURI> principalURI;
555 nsresult rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
556 if (NS_FAILED(rv)) {
557 return rv;
560 principalURI = do_QueryInterface(supports);
561 // Enforce re-parsing about: URIs so that if they change, we continue to use
562 // their new principals correctly.
563 if (principalURI->SchemeIs("about")) {
564 nsAutoCString spec;
565 principalURI->GetSpec(spec);
566 NS_ENSURE_SUCCESS(NS_NewURI(getter_AddRefs(principalURI), spec),
567 NS_ERROR_FAILURE);
570 nsCOMPtr<nsIURI> domain;
571 rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
572 if (NS_FAILED(rv)) {
573 return rv;
576 domain = do_QueryInterface(supports);
578 nsAutoCString suffix;
579 rv = aStream->ReadCString(suffix);
580 NS_ENSURE_SUCCESS(rv, rv);
582 OriginAttributes attrs;
583 bool ok = attrs.PopulateFromSuffix(suffix);
584 NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE);
586 // Since Bug 965637 we do not serialize the CSP within the
587 // Principal anymore. Nevertheless there might still be
588 // serialized Principals that do have a serialized CSP.
589 // For now, we just read the CSP here but do not actually
590 // consume it. Please note that we deliberately ignore
591 // the return value to avoid CSP deserialization problems.
592 // After Bug 1508939 we will have a new serialization for
593 // Principals which allows us to update the code here.
594 // Additionally, the format for serialized CSPs changed
595 // within Bug 965637 which also can cause failures within
596 // the CSP deserialization code.
597 Unused << NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
599 nsAutoCString originNoSuffix;
600 rv = GenerateOriginNoSuffixFromURI(principalURI, originNoSuffix);
601 NS_ENSURE_SUCCESS(rv, rv);
603 mPrincipal =
604 new ContentPrincipal(principalURI, attrs, originNoSuffix, domain);
605 return NS_OK;
608 nsresult ContentPrincipal::PopulateJSONObject(Json::Value& aObject) {
609 nsAutoCString principalURI;
610 nsresult rv = mURI->GetSpec(principalURI);
611 NS_ENSURE_SUCCESS(rv, rv);
613 // We turn each int enum field into a JSON string key of the object
614 // aObject is the inner JSON object that has stringified enum keys
615 // An example aObject might be:
617 // eURI eSuffix
618 // | |
619 // {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}
620 // | | | |
621 // ----------------------------- |
622 // | | |
623 // Key ----------------------
624 // |
625 // Value
626 SetJSONValue<eURI>(aObject, principalURI);
628 if (GetHasExplicitDomain()) {
629 nsAutoCString domainStr;
631 MutexAutoLock lock(mMutex);
632 rv = mDomain->GetSpec(domainStr);
633 NS_ENSURE_SUCCESS(rv, rv);
635 SetJSONValue<eDomain>(aObject, domainStr);
638 nsAutoCString suffix;
639 OriginAttributesRef().CreateSuffix(suffix);
640 if (suffix.Length() > 0) {
641 SetJSONValue<eSuffix>(aObject, suffix);
644 return NS_OK;
647 already_AddRefed<BasePrincipal> ContentPrincipal::FromProperties(
648 nsTArray<ContentPrincipal::KeyVal>& aFields) {
649 MOZ_ASSERT(aFields.Length() == eMax + 1, "Must have all the keys");
650 nsresult rv;
651 nsCOMPtr<nsIURI> principalURI;
652 nsCOMPtr<nsIURI> domain;
653 nsCOMPtr<nsIContentSecurityPolicy> csp;
654 OriginAttributes attrs;
656 // The odd structure here is to make the code to not compile
657 // if all the switch enum cases haven't been codified
658 for (const auto& field : aFields) {
659 switch (field.key) {
660 case ContentPrincipal::eURI:
661 if (!field.valueWasSerialized) {
662 MOZ_ASSERT(
663 false,
664 "Content principals require a principal URI in serialized JSON");
665 return nullptr;
667 rv = NS_NewURI(getter_AddRefs(principalURI), field.value.get());
668 NS_ENSURE_SUCCESS(rv, nullptr);
671 // Enforce re-parsing about: URIs so that if they change, we
672 // continue to use their new principals correctly.
673 if (principalURI->SchemeIs("about")) {
674 nsAutoCString spec;
675 principalURI->GetSpec(spec);
676 if (NS_FAILED(NS_NewURI(getter_AddRefs(principalURI), spec))) {
677 return nullptr;
681 break;
682 case ContentPrincipal::eDomain:
683 if (field.valueWasSerialized) {
684 rv = NS_NewURI(getter_AddRefs(domain), field.value.get());
685 NS_ENSURE_SUCCESS(rv, nullptr);
687 break;
688 case ContentPrincipal::eSuffix:
689 if (field.valueWasSerialized) {
690 bool ok = attrs.PopulateFromSuffix(field.value);
691 if (!ok) {
692 return nullptr;
695 break;
698 nsAutoCString originNoSuffix;
699 rv = ContentPrincipal::GenerateOriginNoSuffixFromURI(principalURI,
700 originNoSuffix);
701 if (NS_FAILED(rv)) {
702 return nullptr;
705 RefPtr<ContentPrincipal> principal =
706 new ContentPrincipal(principalURI, attrs, originNoSuffix, domain);
708 return principal.forget();