| blob | d17679e714fa2d9e6c61279b53cc57c96835b7a3 |
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 sw=2 et tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
46 }
49 NS_PRINCIPAL_CID)
62 // Assert that the URI we get here isn't any of the schemes that we know we
63 // should not get here. These schemes always either inherit their principal
64 // or fall back to a null principal. These are schemes which return
65 // URI_INHERITS_SECURITY_CONTEXT from their protocol handler's
66 // GetProtocolFlags function.
78 }
90 }
94 }
96 /* static */
101 }
106 }
111 // Handle non-strict file:// uris.
114 // If strict file origin policy is not in effect, all local files are
115 // considered to be same-origin, so return a known dummy origin here.
118 }
120 nsresult rv;
121 // NB: This is only compiled for Thunderbird/Suite.
122 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
129 }
130 #endif
132 // We want the invariant that prinA.origin == prinB.origin i.f.f.
133 // prinA.equals(prinB). However, this requires that we impose certain
134 // constraints on the behavior and origin semantics of principals, and in
135 // particular, forbid creating origin strings for principals whose equality
136 // constraints are not expressible as strings (i.e. object equality).
137 // Moreover, we want to forbid URIs containing the magic "^" we use as a
138 // separating character for origin attributes.
139 //
140 // These constraints can generally be achieved by restricting .origin to
141 // nsIStandardURL-based URIs, but there are a few other URI schemes that we
142 // need to handle.
145 // We generally consider two about:foo origins to be same-origin, but
146 // about:blank is special since it can be generated from different
147 // sources. We check for moz-safe-about:blank since origin is an
148 // innermost URI.
159 }
163 }
165 // These URIs could technically contain a '^', but they never should.
169 }
171 }
173 // This URL can be a blobURL. In this case, we should use the 'parent'
174 // principal instead.
180 }
182 // If we reached this branch, we can only create an origin if we have a
183 // nsIStandardURL. So, we query to a nsIStandardURL, and fail if we aren't
184 // an instance of an nsIStandardURL nsIStandardURLs have the good property
185 // of escaping the '^' character in their specs, which means that we can be
186 // sure that the caret character (which is reserved for delimiting the end
187 // of the spec, and the beginning of the origin attributes) is not present
188 // in the origin string
192 }
194 // See whether we have a useful hostPort. If we do, use that.
195 nsAutoCString hostPort;
199 }
206 }
211 // The origin, when taken from the spec, should not contain the ref part of
212 // the URL.
219 }
223 }
226 }
233 // For ContentPrincipal, Subsumes is equivalent to Equals.
236 }
238 // If either the subject or the object has changed its principal by
239 // explicitly setting document.domain then the other must also have
240 // done so in order to be considered the same origin. This prevents
241 // DNS spoofing based on document.domain (154930)
242 nsresult rv;
244 // Get .domain on each principal.
249 // If either has .domain set, we have equality i.f.f. the domains match.
250 // Otherwise, we fall through to the non-document-domain-considering case.
254 #ifdef DEBUG
262 }
263 #endif
265 }
266 }
268 // Compare uris.
273 }
275 NS_IMETHODIMP
279 }
284 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
292 }
294 OriginAttributes attrs;
298 }
299 #endif
306 }
308 // If this principal is associated with an addon, check whether that addon
309 // has been given permission to load from this domain.
312 }
316 }
318 // If strict file origin policy is in effect, local files will always fail
319 // SecurityCompareURIs unless they are identical. Explicitly check file origin
320 // policy, in that case.
324 }
327 }
336 };
338 }
340 NS_IMETHODIMP
345 }
349 }
351 NS_IMETHODIMP
358 // Set the changed-document-domain flag on compartments containing realms
359 // using this principal.
364 };
373 }
379 // Special handling for a file URI.
381 // If strict file origin policy is not in effect, all local files are
382 // considered to be same-origin, so return a known dummy domain here.
387 }
389 // Otherwise, we return the file path.
395 }
396 }
403 }
405 // In case of FTP we want to get base domain via TLD service even if FTP
406 // protocol handler is disabled and the scheme is handled by external protocol
407 // handler which returns URI_NORELATIVE flag.
411 }
416 }
419 }
421 NS_IMETHODIMP
423 // Handle some special URIs first.
430 }
432 // For everything else, we ask the TLD service via the ThirdPartyUtil.
437 }
440 }
442 NS_IMETHODIMP
444 // Handle some special URIs first.
445 nsAutoCString baseDomain;
451 // This is a special URI ("file:", "about:", "view-source:", etc). Just
452 // return the origin.
454 }
456 // For everything else, we ask the TLD service. Note that, unlike in
457 // GetBaseDomain, we don't use ThirdPartyUtil.getBaseDomain because if the
458 // host is an IP address that returns the raw address and we can't use it with
459 // SetHost below because SetHost expects '[' and ']' around IPv6 addresses.
460 // See bug 1491728.
465 }
472 // If this is an IP address or something like "localhost", we just continue
473 // with gotBaseDomain = false.
477 }
478 }
480 // NOTE: Calling `SetHostPort` with a portless domain is insufficient to clear
481 // the port, so an extra `SetPort` call has to be made.
487 }
495 }
498 nsCString siteOrigin;
506 }
510 }
520 }
521 }
524 }
526 NS_IMETHODIMP
533 }
535 }
537 NS_IMETHODIMP
544 }
547 // Enforce re-parsing about: URIs so that if they change, we continue to use
548 // their new principals correctly.
550 nsAutoCString spec;
553 NS_ERROR_FAILURE);
554 }
560 }
564 nsAutoCString suffix;
568 OriginAttributes attrs;
572 // Since Bug 965637 we do not serialize the CSP within the
573 // Principal anymore. Nevertheless there might still be
574 // serialized Principals that do have a serialized CSP.
575 // For now, we just read the CSP here but do not actually
576 // consume it. Please note that we deliberately ignore
577 // the return value to avoid CSP deserialization problems.
578 // After Bug 1508939 we will have a new serialization for
579 // Principals which allows us to update the code here.
580 // Additionally, the format for serialized CSPs changed
581 // within Bug 965637 which also can cause failures within
582 // the CSP deserialization code.
585 nsAutoCString originNoSuffix;
592 // Note: we don't call SetDomain here because we don't need the wrapper
593 // recomputation code there (we just created this principal).
597 }
600 }
602 NS_IMETHODIMP
604 // Read is used still for legacy principals
607 }
610 nsAutoCString principalURI;
614 // We turn each int enum field into a JSON string key of the object
615 // aObject is the inner JSON object that has stringified enum keys
616 // An example aObject might be:
617 //
618 // eURI eSuffix
619 // | |
620 // {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}
621 // | | | |
622 // ----------------------------- |
623 // | | |
624 // Key ----------------------
625 // |
626 // Value
630 nsAutoCString domainStr;
634 }
636 nsAutoCString suffix;
640 }
643 }
648 nsresult rv;
652 OriginAttributes attrs;
654 // The odd structure here is to make the code to not compile
655 // if all the switch enum cases haven't been codified
664 }
668 {
669 // Enforce re-parsing about: URIs so that if they change, we
670 // continue to use their new principals correctly.
672 nsAutoCString spec;
676 }
677 }
678 }
684 }
691 }
692 }
694 }
695 }
696 nsAutoCString originNoSuffix;
698 originNoSuffix);
701 }
707 }
712 }
715 }