search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1515105 - Turn off git commit.gpgSign when making temporary commits for try pushe...
[gecko.git] / caps / OriginAttributes.cpp
blob7f40e6549310b1328fb5fc7a25e917d611e50f8e
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 sw=2 et tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "mozilla/OriginAttributes.h"
8 #include "mozilla/Preferences.h"
9 #include "mozilla/dom/BlobURLProtocolHandler.h"
10 #include "mozilla/dom/URLSearchParams.h"
11 #include "mozilla/dom/quota/QuotaManager.h"
12 #include "nsIEffectiveTLDService.h"
13 #include "nsIURI.h"
14 #include "nsURLHelper.h"
15
16 namespace mozilla {
17
18 using dom::URLParams;
19
20 bool OriginAttributes::sFirstPartyIsolation = false;
21 bool OriginAttributes::sRestrictedOpenerAccess = false;
22 bool OriginAttributes::sBlockPostMessageForFPI = false;
23
24 void OriginAttributes::InitPrefs() {
25 MOZ_ASSERT(NS_IsMainThread());
26 static bool sInited = false;
27 if (!sInited) {
28 sInited = true;
29 Preferences::AddBoolVarCache(&sFirstPartyIsolation,
30 "privacy.firstparty.isolate");
31 Preferences::AddBoolVarCache(
32 &sRestrictedOpenerAccess,
33 "privacy.firstparty.isolate.restrict_opener_access");
34 Preferences::AddBoolVarCache(
35 &sBlockPostMessageForFPI,
36 "privacy.firstparty.isolate.block_post_message");
37 }
38 }
39
40 void OriginAttributes::SetFirstPartyDomain(const bool aIsTopLevelDocument,
41 nsIURI* aURI, bool aForced) {
42 bool isFirstPartyEnabled = IsFirstPartyEnabled();
43
44 // If the prefs are off or this is not a top level load, bail out.
45 if ((!isFirstPartyEnabled || !aIsTopLevelDocument) && !aForced) {
46 return;
47 }
48
49 nsCOMPtr<nsIEffectiveTLDService> tldService =
50 do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
51 MOZ_ASSERT(tldService);
52 if (!tldService) {
53 return;
54 }
55
56 nsAutoCString baseDomain;
57 nsresult rv = tldService->GetBaseDomain(aURI, 0, baseDomain);
58 if (NS_SUCCEEDED(rv)) {
59 mFirstPartyDomain = NS_ConvertUTF8toUTF16(baseDomain);
60 return;
61 }
62
63 if (rv == NS_ERROR_HOST_IS_IP_ADDRESS) {
64 // If the host is an IPv4/IPv6 address, we still accept it as a
65 // valid firstPartyDomain.
66 nsAutoCString ipAddr;
67 rv = aURI->GetHost(ipAddr);
68 NS_ENSURE_SUCCESS_VOID(rv);
69
70 if (net_IsValidIPv6Addr(ipAddr)) {
71 // According to RFC2732, the host of an IPv6 address should be an
72 // IPv6reference. The GetHost() of nsIURI will only return the IPv6
73 // address. So, we need to convert it back to IPv6reference here.
74 mFirstPartyDomain.Truncate();
75 mFirstPartyDomain.AssignLiteral("[");
76 mFirstPartyDomain.Append(NS_ConvertUTF8toUTF16(ipAddr));
77 mFirstPartyDomain.AppendLiteral("]");
78 } else {
79 mFirstPartyDomain = NS_ConvertUTF8toUTF16(ipAddr);
80 }
81
82 return;
83 }
84
85 // Saving isInsufficientDomainLevels before rv is overwritten.
86 bool isInsufficientDomainLevels = (rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS);
87 nsAutoCString scheme;
88 rv = aURI->GetScheme(scheme);
89 NS_ENSURE_SUCCESS_VOID(rv);
90 if (scheme.EqualsLiteral("about")) {
91 mFirstPartyDomain.AssignLiteral(ABOUT_URI_FIRST_PARTY_DOMAIN);
92 return;
93 }
94
95 nsCOMPtr<nsIPrincipal> blobPrincipal;
96 if (dom::BlobURLProtocolHandler::GetBlobURLPrincipal(
97 aURI, getter_AddRefs(blobPrincipal))) {
98 MOZ_ASSERT(blobPrincipal);
99 mFirstPartyDomain = blobPrincipal->OriginAttributesRef().mFirstPartyDomain;
100 return;
101 }
102
103 if (isInsufficientDomainLevels) {
104 nsAutoCString publicSuffix;
105 rv = tldService->GetPublicSuffix(aURI, publicSuffix);
106 if (NS_SUCCEEDED(rv)) {
107 mFirstPartyDomain = NS_ConvertUTF8toUTF16(publicSuffix);
108 }
109 return;
110 }
111 }
112
113 void OriginAttributes::SetFirstPartyDomain(const bool aIsTopLevelDocument,
114 const nsACString& aDomain) {
115 bool isFirstPartyEnabled = IsFirstPartyEnabled();
116
117 // If the pref is off or this is not a top level load, bail out.
118 if (!isFirstPartyEnabled || !aIsTopLevelDocument) {
119 return;
120 }
121
122 mFirstPartyDomain = NS_ConvertUTF8toUTF16(aDomain);
123 }
124
125 void OriginAttributes::CreateSuffix(nsACString& aStr) const {
126 URLParams params;
127 nsAutoString value;
128
129 //
130 // Important: While serializing any string-valued attributes, perform a
131 // release-mode assertion to make sure that they don't contain characters that
132 // will break the quota manager when it uses the serialization for file
133 // naming.
134 //
135
136 if (mInIsolatedMozBrowser) {
137 params.Set(NS_LITERAL_STRING("inBrowser"), NS_LITERAL_STRING("1"));
138 }
139
140 if (mUserContextId != nsIScriptSecurityManager::DEFAULT_USER_CONTEXT_ID) {
141 value.Truncate();
142 value.AppendInt(mUserContextId);
143 params.Set(NS_LITERAL_STRING("userContextId"), value);
144 }
145
146 if (mPrivateBrowsingId) {
147 value.Truncate();
148 value.AppendInt(mPrivateBrowsingId);
149 params.Set(NS_LITERAL_STRING("privateBrowsingId"), value);
150 }
151
152 if (!mFirstPartyDomain.IsEmpty()) {
153 nsAutoString sanitizedFirstPartyDomain(mFirstPartyDomain);
154 sanitizedFirstPartyDomain.ReplaceChar(
155 dom::quota::QuotaManager::kReplaceChars, '+');
156
157 params.Set(NS_LITERAL_STRING("firstPartyDomain"),
158 sanitizedFirstPartyDomain);
159 }
160
161 aStr.Truncate();
162
163 params.Serialize(value);
164 if (!value.IsEmpty()) {
165 aStr.AppendLiteral("^");
166 aStr.Append(NS_ConvertUTF16toUTF8(value));
167 }
168
169 // In debug builds, check the whole string for illegal characters too (just in
170 // case).
171 #ifdef DEBUG
172 nsAutoCString str;
173 str.Assign(aStr);
174 MOZ_ASSERT(str.FindCharInSet(dom::quota::QuotaManager::kReplaceChars) ==
175 kNotFound);
176 #endif
177 }
178
179 void OriginAttributes::CreateAnonymizedSuffix(nsACString& aStr) const {
180 OriginAttributes attrs = *this;
181
182 if (!attrs.mFirstPartyDomain.IsEmpty()) {
183 attrs.mFirstPartyDomain.AssignLiteral("_anonymizedFirstPartyDomain_");
184 }
185
186 attrs.CreateSuffix(aStr);
187 }
188
189 namespace {
190
191 class MOZ_STACK_CLASS PopulateFromSuffixIterator final
192 : public URLParams::ForEachIterator {
193 public:
194 explicit PopulateFromSuffixIterator(OriginAttributes* aOriginAttributes)
195 : mOriginAttributes(aOriginAttributes) {
196 MOZ_ASSERT(aOriginAttributes);
197 // If mPrivateBrowsingId is passed in as >0 and is not present in the
198 // suffix, then it will remain >0 when it should be 0 according to the
199 // suffix. Set to 0 before iterating to fix this.
200 mOriginAttributes->mPrivateBrowsingId = 0;
201 }
202
203 bool URLParamsIterator(const nsAString& aName,
204 const nsAString& aValue) override {
205 if (aName.EqualsLiteral("inBrowser")) {
206 if (!aValue.EqualsLiteral("1")) {
207 return false;
208 }
209
210 mOriginAttributes->mInIsolatedMozBrowser = true;
211 return true;
212 }
213
214 if (aName.EqualsLiteral("addonId") || aName.EqualsLiteral("appId")) {
215 // No longer supported. Silently ignore so that legacy origin strings
216 // don't cause failures.
217 return true;
218 }
219
220 if (aName.EqualsLiteral("userContextId")) {
221 nsresult rv;
222 int64_t val = aValue.ToInteger64(&rv);
223 NS_ENSURE_SUCCESS(rv, false);
224 NS_ENSURE_TRUE(val <= UINT32_MAX, false);
225 mOriginAttributes->mUserContextId = static_cast<uint32_t>(val);
226
227 return true;
228 }
229
230 if (aName.EqualsLiteral("privateBrowsingId")) {
231 nsresult rv;
232 int64_t val = aValue.ToInteger64(&rv);
233 NS_ENSURE_SUCCESS(rv, false);
234 NS_ENSURE_TRUE(val >= 0 && val <= UINT32_MAX, false);
235 mOriginAttributes->mPrivateBrowsingId = static_cast<uint32_t>(val);
236
237 return true;
238 }
239
240 if (aName.EqualsLiteral("firstPartyDomain")) {
241 MOZ_RELEASE_ASSERT(mOriginAttributes->mFirstPartyDomain.IsEmpty());
242 mOriginAttributes->mFirstPartyDomain.Assign(aValue);
243 return true;
244 }
245
246 // No other attributes are supported.
247 return false;
248 }
249
250 private:
251 OriginAttributes* mOriginAttributes;
252 };
253
254 } // namespace
255
256 bool OriginAttributes::PopulateFromSuffix(const nsACString& aStr) {
257 if (aStr.IsEmpty()) {
258 return true;
259 }
260
261 if (aStr[0] != '^') {
262 return false;
263 }
264
265 PopulateFromSuffixIterator iterator(this);
266 return URLParams::Parse(Substring(aStr, 1, aStr.Length() - 1), iterator);
267 }
268
269 bool OriginAttributes::PopulateFromOrigin(const nsACString& aOrigin,
270 nsACString& aOriginNoSuffix) {
271 // RFindChar is only available on nsCString.
272 nsCString origin(aOrigin);
273 int32_t pos = origin.RFindChar('^');
274
275 if (pos == kNotFound) {
276 aOriginNoSuffix = origin;
277 return true;
278 }
279
280 aOriginNoSuffix = Substring(origin, 0, pos);
281 return PopulateFromSuffix(Substring(origin, pos));
282 }
283
284 void OriginAttributes::SyncAttributesWithPrivateBrowsing(
285 bool aInPrivateBrowsing) {
286 mPrivateBrowsingId = aInPrivateBrowsing ? 1 : 0;
287 }
288
289 /* static */
290 bool OriginAttributes::IsPrivateBrowsing(const nsACString& aOrigin) {
291 nsAutoCString dummy;
292 OriginAttributes attrs;
293 if (NS_WARN_IF(!attrs.PopulateFromOrigin(aOrigin, dummy))) {
294 return false;
295 }
296
297 return !!attrs.mPrivateBrowsingId;
298 }
299
300 } // namespace mozilla