1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef mozilla_LoadInfo_h
8 #define mozilla_LoadInfo_h
10 #include "nsIContentSecurityPolicy.h"
11 #include "nsIInterceptionInfo.h"
12 #include "nsILoadInfo.h"
13 #include "nsIPrincipal.h"
14 #include "nsIWeakReferenceUtils.h" // for nsWeakPtr
16 #include "nsContentUtils.h"
20 #include "mozilla/BasePrincipal.h"
21 #include "mozilla/dom/ClientInfo.h"
22 #include "mozilla/dom/ServiceWorkerDescriptor.h"
25 class nsICookieJarSettings
;
27 class nsPIDOMWindowOuter
;
32 class PerformanceStorage
;
33 class XMLHttpRequestMainThread
;
34 class CanonicalBrowsingContext
;
35 class WindowGlobalParent
;
39 class EarlyHintPreloader
;
45 // we have to forward declare that function so we can use it as a friend.
46 nsresult
LoadInfoArgsToLoadInfo(const mozilla::net::LoadInfoArgs
& aLoadInfoArgs
,
47 const nsACString
& aOriginRemoteType
,
48 nsINode
* aCspToInheritLoadingContext
,
49 net::LoadInfo
** outLoadInfo
);
54 using RedirectHistoryArray
= nsTArray
<nsCOMPtr
<nsIRedirectHistoryEntry
>>;
57 * Class that provides an nsILoadInfo implementation.
59 class LoadInfo final
: public nsILoadInfo
{
60 template <typename T
, typename
... Args
>
61 friend already_AddRefed
<T
> mozilla::MakeAndAddRef(Args
&&... aArgs
);
67 // Used for TYPE_DOCUMENT load.
68 static already_AddRefed
<LoadInfo
> CreateForDocument(
69 dom::CanonicalBrowsingContext
* aBrowsingContext
, nsIURI
* aURI
,
70 nsIPrincipal
* aTriggeringPrincipal
,
71 const nsACString
& aTriggeringRemoteType
,
72 const OriginAttributes
& aOriginAttributes
, nsSecurityFlags aSecurityFlags
,
73 uint32_t aSandboxFlags
);
75 // Used for TYPE_FRAME or TYPE_IFRAME load.
76 static already_AddRefed
<LoadInfo
> CreateForFrame(
77 dom::CanonicalBrowsingContext
* aBrowsingContext
,
78 nsIPrincipal
* aTriggeringPrincipal
,
79 const nsACString
& aTriggeringRemoteType
, nsSecurityFlags aSecurityFlags
,
80 uint32_t aSandboxFlags
);
82 // Use for non-{TYPE_DOCUMENT|TYPE_FRAME|TYPE_IFRAME} load.
83 static already_AddRefed
<LoadInfo
> CreateForNonDocument(
84 dom::WindowGlobalParent
* aParentWGP
, nsIPrincipal
* aTriggeringPrincipal
,
85 nsContentPolicyType aContentPolicyType
, nsSecurityFlags aSecurityFlags
,
86 uint32_t aSandboxFlags
);
88 // aLoadingPrincipal MUST NOT BE NULL.
89 LoadInfo(nsIPrincipal
* aLoadingPrincipal
, nsIPrincipal
* aTriggeringPrincipal
,
90 nsINode
* aLoadingContext
, nsSecurityFlags aSecurityFlags
,
91 nsContentPolicyType aContentPolicyType
,
92 const Maybe
<mozilla::dom::ClientInfo
>& aLoadingClientInfo
=
93 Maybe
<mozilla::dom::ClientInfo
>(),
94 const Maybe
<mozilla::dom::ServiceWorkerDescriptor
>& aController
=
95 Maybe
<mozilla::dom::ServiceWorkerDescriptor
>(),
96 uint32_t aSandboxFlags
= 0,
97 bool aSkipCheckForBrokenURLOrZeroSized
= 0);
99 // Constructor used for TYPE_DOCUMENT loads which have a different
100 // loadingContext than other loads. This ContextForTopLevelLoad is
101 // only used for content policy checks.
102 LoadInfo(nsPIDOMWindowOuter
* aOuterWindow
, nsIURI
* aURI
,
103 nsIPrincipal
* aTriggeringPrincipal
,
104 nsISupports
* aContextForTopLevelLoad
, nsSecurityFlags aSecurityFlags
,
105 uint32_t aSandboxFlags
);
108 // Use factory function CreateForDocument
109 // Used for TYPE_DOCUMENT load.
110 LoadInfo(dom::CanonicalBrowsingContext
* aBrowsingContext
, nsIURI
* aURI
,
111 nsIPrincipal
* aTriggeringPrincipal
,
112 const nsACString
& aTriggeringRemoteType
,
113 const OriginAttributes
& aOriginAttributes
,
114 nsSecurityFlags aSecurityFlags
, uint32_t aSandboxFlags
);
116 // Use factory function CreateForFrame
117 // Used for TYPE_FRAME or TYPE_IFRAME load.
118 LoadInfo(dom::CanonicalBrowsingContext
* aBrowsingContext
,
119 nsIPrincipal
* aTriggeringPrincipal
,
120 const nsACString
& aTriggeringRemoteType
,
121 nsSecurityFlags aSecurityFlags
, uint32_t aSandboxFlags
);
123 // Used for loads initiated by DocumentLoadListener that are not TYPE_DOCUMENT
124 // | TYPE_FRAME | TYPE_FRAME.
125 LoadInfo(dom::WindowGlobalParent
* aParentWGP
,
126 nsIPrincipal
* aTriggeringPrincipal
,
127 const nsACString
& aTriggeringRemoteType
,
128 nsContentPolicyType aContentPolicyType
,
129 nsSecurityFlags aSecurityFlags
, uint32_t aSandboxFlags
);
132 // Compute a list of ancestor principals and BrowsingContext IDs.
133 // See methods AncestorPrincipals and AncestorBrowsingContextIDs
134 // in nsILoadInfo.idl for details.
135 static void ComputeAncestors(
136 dom::CanonicalBrowsingContext
* aBC
,
137 nsTArray
<nsCOMPtr
<nsIPrincipal
>>& aAncestorPrincipals
,
138 nsTArray
<uint64_t>& aBrowsingContextIDs
);
140 // create an exact copy of the loadinfo
141 already_AddRefed
<nsILoadInfo
> Clone() const;
143 // hands off!!! don't use CloneWithNewSecFlags unless you know
144 // exactly what you are doing - it should only be used within
145 // nsBaseChannel::Redirect()
146 already_AddRefed
<nsILoadInfo
> CloneWithNewSecFlags(
147 nsSecurityFlags aSecurityFlags
) const;
148 // creates a copy of the loadinfo which is appropriate to use for a
149 // separate request. I.e. not for a redirect or an inner channel, but
150 // when a separate request is made with the same security properties.
151 already_AddRefed
<nsILoadInfo
> CloneForNewRequest() const;
153 // The `nsContentPolicyType GetExternalContentPolicyType()` version in the
154 // base class is hidden by the implementation of
155 // `GetExternalContentPolicyType(nsContentPolicyType* aResult)` in
156 // LoadInfo.cpp. Explicit mark it visible.
157 using nsILoadInfo::GetExternalContentPolicyType
;
159 void SetIsPreflight();
160 void SetUpgradeInsecureRequests(bool aValue
);
161 void SetBrowserUpgradeInsecureRequests();
162 void SetBrowserWouldUpgradeInsecureRequests();
163 void SetIsFromProcessingFrameAttributes();
165 // Hands off from the cspToInherit functionality!
167 // For navigations, GetCSPToInherit returns what the spec calls the
168 // "request's client's global object's CSP list", or more precisely
169 // a snapshot of it taken when the navigation starts. For navigations
170 // that need to inherit their CSP, this is the right CSP to use for
171 // the new document. We need a way to transfer the CSP from the
172 // docshell (where the navigation starts) to the point where the new
173 // document is created and decides whether to inherit its CSP, and
174 // this is the mechanism we use for that.
177 // A document with a CSP triggers a new top-level data: URI load.
178 // We pass the CSP of the document that triggered the load all the
179 // way to docshell. Within docshell we call SetCSPToInherit() on the
180 // loadinfo. Within Document::InitCSP() we check if the newly created
181 // document needs to inherit the CSP. If so, we call GetCSPToInherit()
182 // and set the inherited CSP as the CSP for the new document. Please
183 // note that any additonal Meta CSP in that document will be merged
184 // into that CSP. Any subresource loads within that document
185 // subesquently will receive the correct CSP by querying
186 // loadinfo->GetCsp() from that point on.
187 void SetCSPToInherit(nsIContentSecurityPolicy
* aCspToInherit
) {
188 mCspToInherit
= aCspToInherit
;
191 bool HasIsThirdPartyContextToTopWindowSet() {
192 return mIsThirdPartyContextToTopWindow
.isSome();
194 void ClearIsThirdPartyContextToTopWindow() {
195 mIsThirdPartyContextToTopWindow
.reset();
199 void MarkOverriddenFingerprintingSettingsAsSet() {
200 mOverriddenFingerprintingSettingsIsSet
= true;
205 // private constructor that is only allowed to be called from within
206 // HttpChannelParent and FTPChannelParent declared as friends undeneath.
207 // In e10s we can not serialize nsINode, hence we store the innerWindowID.
208 // Please note that aRedirectChain uses swapElements.
210 nsIPrincipal
* aLoadingPrincipal
, nsIPrincipal
* aTriggeringPrincipal
,
211 nsIPrincipal
* aPrincipalToInherit
, nsIPrincipal
* aTopLevelPrincipal
,
212 nsIURI
* aResultPrincipalURI
, nsICookieJarSettings
* aCookieJarSettings
,
213 nsIContentSecurityPolicy
* aCspToInherit
,
214 const nsACString
& aTriggeringRemoteType
,
215 const nsID
& aSandboxedNullPrincipalID
,
216 const Maybe
<mozilla::dom::ClientInfo
>& aClientInfo
,
217 const Maybe
<mozilla::dom::ClientInfo
>& aReservedClientInfo
,
218 const Maybe
<mozilla::dom::ClientInfo
>& aInitialClientInfo
,
219 const Maybe
<mozilla::dom::ServiceWorkerDescriptor
>& aController
,
220 nsSecurityFlags aSecurityFlags
, uint32_t aSandboxFlags
,
221 uint32_t aTriggeringSandboxFlags
, uint64_t aTriggeringWindowId
,
222 bool aTriggeringStorageAccess
, nsContentPolicyType aContentPolicyType
,
223 LoadTainting aTainting
, bool aBlockAllMixedContent
,
224 bool aUpgradeInsecureRequests
, bool aBrowserUpgradeInsecureRequests
,
225 bool aBrowserDidUpgradeInsecureRequests
,
226 bool aBrowserWouldUpgradeInsecureRequests
, bool aForceAllowDataURI
,
227 bool aAllowInsecureRedirectToDataURI
,
228 bool aSkipContentPolicyCheckForWebRequest
, bool aOriginalFrameSrcLoad
,
229 bool aForceInheritPrincipalDropped
, uint64_t aInnerWindowID
,
230 uint64_t aBrowsingContextID
, uint64_t aFrameBrowsingContextID
,
231 bool aInitialSecurityCheckDone
, bool aIsThirdPartyContext
,
232 const Maybe
<bool>& aIsThirdPartyContextToTopWindow
,
233 bool aIsFormSubmission
, bool aSendCSPViolationEvents
,
234 const OriginAttributes
& aOriginAttributes
,
235 RedirectHistoryArray
&& aRedirectChainIncludingInternalRedirects
,
236 RedirectHistoryArray
&& aRedirectChain
,
237 nsTArray
<nsCOMPtr
<nsIPrincipal
>>&& aAncestorPrincipals
,
238 const nsTArray
<uint64_t>& aAncestorBrowsingContextIDs
,
239 const nsTArray
<nsCString
>& aCorsUnsafeHeaders
, bool aForcePreflight
,
240 bool aIsPreflight
, bool aLoadTriggeredFromExternal
,
241 bool aServiceWorkerTaintingSynthesized
, bool aDocumentHasUserInteracted
,
242 bool aAllowListFutureDocumentsCreatedFromThisRedirectChain
,
243 bool aNeedForCheckingAntiTrackingHeuristic
, const nsAString
& aCspNonce
,
244 const nsAString
& aIntegrityMetadata
, bool aSkipContentSniffing
,
245 uint32_t aHttpsOnlyStatus
, bool aHstsStatus
,
246 bool aHasValidUserGestureActivation
, bool aAllowDeprecatedSystemRequests
,
247 bool aIsInDevToolsContext
, bool aParserCreatedScript
,
248 nsILoadInfo::StoragePermissionState aStoragePermission
,
249 const Maybe
<RFPTarget
>& aOverriddenFingerprintingSettings
,
250 bool aIsMetaRefresh
, uint32_t aRequestBlockingReason
,
251 nsINode
* aLoadingContext
,
252 nsILoadInfo::CrossOriginEmbedderPolicy aLoadingEmbedderPolicy
,
253 bool aIsOriginTrialCoepCredentiallessEnabledForTopLevel
,
254 nsIURI
* aUnstrippedURI
, nsIInterceptionInfo
* aInterceptionInfo
,
255 bool aHasInjectedCookieForCookieBannerHandling
, bool aWasSchemelessInput
);
256 LoadInfo(const LoadInfo
& rhs
);
258 NS_IMETHOD
GetRedirects(JSContext
* aCx
,
259 JS::MutableHandle
<JS::Value
> aRedirects
,
260 const RedirectHistoryArray
& aArra
);
262 friend nsresult
mozilla::ipc::LoadInfoArgsToLoadInfo(
263 const mozilla::net::LoadInfoArgs
& aLoadInfoArgs
,
264 const nsACString
& aOriginRemoteType
, nsINode
* aCspToInheritLoadingContext
,
265 net::LoadInfo
** outLoadInfo
);
269 void ComputeIsThirdPartyContext(nsPIDOMWindowOuter
* aOuterWindow
);
270 void ComputeIsThirdPartyContext(dom::WindowGlobalParent
* aGlobal
);
272 // This function is the *only* function which can change the securityflags
273 // of a loadinfo. It only exists because of the XHR code. Don't call it
274 // from anywhere else!
275 void SetIncludeCookiesSecFlag();
276 friend class mozilla::dom::XMLHttpRequestMainThread
;
278 // nsDocShell::OpenInitializedChannel and EarlyHintPreloader::OpenChannel
279 // needs to update the loadInfo with the correct browsingContext.
280 friend class ::nsDocShell
;
281 friend class mozilla::net::EarlyHintPreloader
;
282 void UpdateBrowsingContextID(uint64_t aBrowsingContextID
) {
283 mBrowsingContextID
= aBrowsingContextID
;
285 void UpdateFrameBrowsingContextID(uint64_t aFrameBrowsingContextID
) {
286 mFrameBrowsingContextID
= aFrameBrowsingContextID
;
288 MOZ_NEVER_INLINE
void ReleaseMembers();
290 // if you add a member, please also update the copy constructor and consider
291 // if it should be merged from parent channel through
292 // ParentLoadInfoForwarderArgs.
293 nsCOMPtr
<nsIPrincipal
> mLoadingPrincipal
;
294 nsCOMPtr
<nsIPrincipal
> mTriggeringPrincipal
;
295 nsCOMPtr
<nsIPrincipal
> mPrincipalToInherit
;
296 nsCOMPtr
<nsIPrincipal
> mTopLevelPrincipal
;
297 nsCOMPtr
<nsIURI
> mResultPrincipalURI
;
298 nsCOMPtr
<nsIURI
> mChannelCreationOriginalURI
;
299 nsCOMPtr
<nsICSPEventListener
> mCSPEventListener
;
300 nsCOMPtr
<nsICookieJarSettings
> mCookieJarSettings
;
301 nsCOMPtr
<nsIContentSecurityPolicy
> mCspToInherit
;
302 nsCString mTriggeringRemoteType
;
303 nsID mSandboxedNullPrincipalID
;
305 Maybe
<mozilla::dom::ClientInfo
> mClientInfo
;
306 UniquePtr
<mozilla::dom::ClientSource
> mReservedClientSource
;
307 Maybe
<mozilla::dom::ClientInfo
> mReservedClientInfo
;
308 Maybe
<mozilla::dom::ClientInfo
> mInitialClientInfo
;
309 Maybe
<mozilla::dom::ServiceWorkerDescriptor
> mController
;
310 RefPtr
<mozilla::dom::PerformanceStorage
> mPerformanceStorage
;
312 nsWeakPtr mLoadingContext
;
313 nsWeakPtr mContextForTopLevelLoad
;
314 nsSecurityFlags mSecurityFlags
;
315 uint32_t mSandboxFlags
;
316 uint32_t mTriggeringSandboxFlags
= 0;
317 uint64_t mTriggeringWindowId
= 0;
318 bool mTriggeringStorageAccess
= false;
319 nsContentPolicyType mInternalContentPolicyType
;
320 LoadTainting mTainting
= LoadTainting::Basic
;
321 bool mBlockAllMixedContent
= false;
322 bool mUpgradeInsecureRequests
= false;
323 bool mBrowserUpgradeInsecureRequests
= false;
324 bool mBrowserDidUpgradeInsecureRequests
= false;
325 bool mBrowserWouldUpgradeInsecureRequests
= false;
326 bool mForceAllowDataURI
= false;
327 bool mAllowInsecureRedirectToDataURI
= false;
328 bool mSkipContentPolicyCheckForWebRequest
= false;
329 bool mOriginalFrameSrcLoad
= false;
330 bool mForceInheritPrincipalDropped
= false;
331 uint64_t mInnerWindowID
= 0;
332 uint64_t mBrowsingContextID
= 0;
333 uint64_t mWorkerAssociatedBrowsingContextID
= 0;
334 uint64_t mFrameBrowsingContextID
= 0;
335 bool mInitialSecurityCheckDone
= false;
336 // NB: TYPE_DOCUMENT implies !third-party.
337 bool mIsThirdPartyContext
= false;
338 Maybe
<bool> mIsThirdPartyContextToTopWindow
;
339 bool mIsFormSubmission
= false;
340 bool mSendCSPViolationEvents
= true;
341 OriginAttributes mOriginAttributes
;
342 RedirectHistoryArray mRedirectChainIncludingInternalRedirects
;
343 RedirectHistoryArray mRedirectChain
;
344 nsTArray
<nsCOMPtr
<nsIPrincipal
>> mAncestorPrincipals
;
345 nsTArray
<uint64_t> mAncestorBrowsingContextIDs
;
346 nsTArray
<nsCString
> mCorsUnsafeHeaders
;
347 uint32_t mRequestBlockingReason
= BLOCKING_REASON_NONE
;
348 bool mForcePreflight
= false;
349 bool mIsPreflight
= false;
350 bool mLoadTriggeredFromExternal
= false;
351 bool mServiceWorkerTaintingSynthesized
= false;
352 bool mDocumentHasUserInteracted
= false;
353 bool mAllowListFutureDocumentsCreatedFromThisRedirectChain
= false;
354 bool mNeedForCheckingAntiTrackingHeuristic
= false;
356 nsString mIntegrityMetadata
;
357 bool mSkipContentSniffing
= false;
358 uint32_t mHttpsOnlyStatus
= nsILoadInfo::HTTPS_ONLY_UNINITIALIZED
;
359 bool mHstsStatus
= false;
360 bool mHasValidUserGestureActivation
= false;
361 bool mAllowDeprecatedSystemRequests
= false;
362 bool mIsUserTriggeredSave
= false;
363 bool mIsInDevToolsContext
= false;
364 bool mParserCreatedScript
= false;
365 nsILoadInfo::StoragePermissionState mStoragePermission
=
366 nsILoadInfo::NoStoragePermission
;
367 Maybe
<RFPTarget
> mOverriddenFingerprintingSettings
;
369 // A boolean used to ensure the mOverriddenFingerprintingSettings is set
371 bool mOverriddenFingerprintingSettingsIsSet
= false;
373 bool mIsMetaRefresh
= false;
375 // Is true if this load was triggered by processing the attributes of the
376 // browsing context container.
377 // See nsILoadInfo.isFromProcessingFrameAttributes
378 bool mIsFromProcessingFrameAttributes
= false;
380 // See nsILoadInfo.isMediaRequest and nsILoadInfo.isMediaInitialRequest.
381 bool mIsMediaRequest
= false;
382 bool mIsMediaInitialRequest
= false;
384 // See nsILoadInfo.isFromObjectOrEmbed
385 bool mIsFromObjectOrEmbed
= false;
387 bool mSkipCheckForBrokenURLOrZeroSized
= false;
389 // The cross origin embedder policy that the loading need to respect.
390 // If the value is nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP, CORP checking
391 // must be performed for the loading.
392 // See https://wicg.github.io/cross-origin-embedder-policy/#corp-check.
393 nsILoadInfo::CrossOriginEmbedderPolicy mLoadingEmbedderPolicy
=
394 nsILoadInfo::EMBEDDER_POLICY_NULL
;
396 bool mIsOriginTrialCoepCredentiallessEnabledForTopLevel
= false;
398 nsCOMPtr
<nsIURI
> mUnstrippedURI
;
400 nsCOMPtr
<nsIInterceptionInfo
> mInterceptionInfo
;
402 bool mHasInjectedCookieForCookieBannerHandling
= false;
403 bool mWasSchemelessInput
= false;
406 // This is exposed solely for testing purposes and should not be used outside of
408 already_AddRefed
<nsIPrincipal
> CreateTruncatedPrincipal(nsIPrincipal
*);
411 } // namespace mozilla
413 #endif // mozilla_LoadInfo_h