1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef nsDocShellLoadState_h__
8 #define nsDocShellLoadState_h__
10 #include "mozilla/dom/BrowsingContext.h"
11 #include "mozilla/dom/SessionHistoryEntry.h"
14 #include "mozilla/Maybe.h"
17 #include "nsDocShellLoadTypes.h"
18 #include "nsTArrayForwardDeclare.h"
20 class nsIContentSecurityPolicy
;
26 class nsIReferrerInfo
;
28 class OriginAttributes
;
29 template <typename
, class>
32 class DocShellLoadStateInit
;
34 } // namespace mozilla
37 * nsDocShellLoadState contains setup information used in a nsIDocShell::loadURI
40 class nsDocShellLoadState final
{
41 using BrowsingContext
= mozilla::dom::BrowsingContext
;
43 using MaybeDiscarded
= mozilla::dom::MaybeDiscarded
<T
>;
46 NS_INLINE_DECL_REFCOUNTING(nsDocShellLoadState
);
48 explicit nsDocShellLoadState(nsIURI
* aURI
);
49 explicit nsDocShellLoadState(
50 const mozilla::dom::DocShellLoadStateInit
& aLoadState
,
51 mozilla::ipc::IProtocol
* aActor
, bool* aReadSuccess
);
52 explicit nsDocShellLoadState(const nsDocShellLoadState
& aOther
);
53 nsDocShellLoadState(nsIURI
* aURI
, uint64_t aLoadIdentifier
);
55 static nsresult
CreateFromPendingChannel(nsIChannel
* aPendingChannel
,
56 uint64_t aLoadIdentifier
,
58 nsDocShellLoadState
** aResult
);
60 static nsresult
CreateFromLoadURIOptions(
61 BrowsingContext
* aBrowsingContext
, const nsAString
& aURI
,
62 const mozilla::dom::LoadURIOptions
& aLoadURIOptions
,
63 nsDocShellLoadState
** aResult
);
64 static nsresult
CreateFromLoadURIOptions(
65 BrowsingContext
* aBrowsingContext
, nsIURI
* aURI
,
66 const mozilla::dom::LoadURIOptions
& aLoadURIOptions
,
67 nsDocShellLoadState
** aResult
);
69 // Getters and Setters
71 nsIReferrerInfo
* GetReferrerInfo() const;
73 void SetReferrerInfo(nsIReferrerInfo
* aReferrerInfo
);
77 void SetURI(nsIURI
* aURI
);
79 nsIURI
* OriginalURI() const;
81 void SetOriginalURI(nsIURI
* aOriginalURI
);
83 nsIURI
* ResultPrincipalURI() const;
85 void SetResultPrincipalURI(nsIURI
* aResultPrincipalURI
);
87 bool ResultPrincipalURIIsSome() const;
89 void SetResultPrincipalURIIsSome(bool aIsSome
);
91 bool KeepResultPrincipalURIIfSet() const;
93 void SetKeepResultPrincipalURIIfSet(bool aKeep
);
95 nsIPrincipal
* PrincipalToInherit() const;
97 void SetPrincipalToInherit(nsIPrincipal
* aPrincipalToInherit
);
99 nsIPrincipal
* PartitionedPrincipalToInherit() const;
101 void SetPartitionedPrincipalToInherit(
102 nsIPrincipal
* aPartitionedPrincipalToInherit
);
104 bool LoadReplace() const;
106 void SetLoadReplace(bool aLoadReplace
);
108 nsIPrincipal
* TriggeringPrincipal() const;
110 void SetTriggeringPrincipal(nsIPrincipal
* aTriggeringPrincipal
);
112 uint32_t TriggeringSandboxFlags() const;
114 void SetTriggeringSandboxFlags(uint32_t aTriggeringSandboxFlags
);
116 nsIContentSecurityPolicy
* Csp() const;
118 void SetCsp(nsIContentSecurityPolicy
* aCsp
);
120 bool InheritPrincipal() const;
122 void SetInheritPrincipal(bool aInheritPrincipal
);
124 bool PrincipalIsExplicit() const;
126 void SetPrincipalIsExplicit(bool aPrincipalIsExplicit
);
128 // If true, "beforeunload" event listeners were notified by the creater of the
129 // LoadState and given the chance to abort the navigation, and should not be
131 bool NotifiedBeforeUnloadListeners() const;
133 void SetNotifiedBeforeUnloadListeners(bool aNotifiedBeforeUnloadListeners
);
135 bool ForceAllowDataURI() const;
137 void SetForceAllowDataURI(bool aForceAllowDataURI
);
139 bool IsExemptFromHTTPSOnlyMode() const;
141 void SetIsExemptFromHTTPSOnlyMode(bool aIsExemptFromHTTPSOnlyMode
);
143 bool OriginalFrameSrc() const;
145 void SetOriginalFrameSrc(bool aOriginalFrameSrc
);
147 bool IsFormSubmission() const;
149 void SetIsFormSubmission(bool aIsFormSubmission
);
151 uint32_t LoadType() const;
153 void SetLoadType(uint32_t aLoadType
);
155 nsISHEntry
* SHEntry() const;
157 void SetSHEntry(nsISHEntry
* aSHEntry
);
159 const mozilla::dom::LoadingSessionHistoryInfo
* GetLoadingSessionHistoryInfo()
162 // Copies aLoadingInfo and stores the copy in this nsDocShellLoadState.
163 void SetLoadingSessionHistoryInfo(
164 const mozilla::dom::LoadingSessionHistoryInfo
& aLoadingInfo
);
166 // Stores aLoadingInfo in this nsDocShellLoadState.
167 void SetLoadingSessionHistoryInfo(
168 mozilla::UniquePtr
<mozilla::dom::LoadingSessionHistoryInfo
> aLoadingInfo
);
170 bool LoadIsFromSessionHistory() const;
172 const nsString
& Target() const;
174 void SetTarget(const nsAString
& aTarget
);
176 nsIInputStream
* PostDataStream() const;
178 void SetPostDataStream(nsIInputStream
* aStream
);
180 nsIInputStream
* HeadersStream() const;
182 void SetHeadersStream(nsIInputStream
* aHeadersStream
);
184 bool IsSrcdocLoad() const;
186 const nsString
& SrcdocData() const;
188 void SetSrcdocData(const nsAString
& aSrcdocData
);
190 const MaybeDiscarded
<BrowsingContext
>& SourceBrowsingContext() const {
191 return mSourceBrowsingContext
;
194 void SetSourceBrowsingContext(BrowsingContext
*);
196 void SetAllowFocusMove(bool aAllow
) { mAllowFocusMove
= aAllow
; }
198 bool AllowFocusMove() const { return mAllowFocusMove
; }
200 const MaybeDiscarded
<BrowsingContext
>& TargetBrowsingContext() const {
201 return mTargetBrowsingContext
;
204 void SetTargetBrowsingContext(BrowsingContext
* aTargetBrowsingContext
);
206 nsIURI
* BaseURI() const;
208 void SetBaseURI(nsIURI
* aBaseURI
);
210 // Helper function allowing convenient work with mozilla::Maybe in C++, hiding
211 // resultPrincipalURI and resultPrincipalURIIsSome attributes from the
213 void GetMaybeResultPrincipalURI(
214 mozilla::Maybe
<nsCOMPtr
<nsIURI
>>& aRPURI
) const;
216 void SetMaybeResultPrincipalURI(
217 mozilla::Maybe
<nsCOMPtr
<nsIURI
>> const& aRPURI
);
219 uint32_t LoadFlags() const;
221 void SetLoadFlags(uint32_t aFlags
);
223 void SetLoadFlag(uint32_t aFlag
);
225 void UnsetLoadFlag(uint32_t aFlag
);
227 bool HasLoadFlags(uint32_t aFlag
);
229 uint32_t InternalLoadFlags() const;
231 void SetInternalLoadFlags(uint32_t aFlags
);
233 void SetInternalLoadFlag(uint32_t aFlag
);
235 void UnsetInternalLoadFlag(uint32_t aFlag
);
237 bool HasInternalLoadFlags(uint32_t aFlag
);
239 bool FirstParty() const;
241 void SetFirstParty(bool aFirstParty
);
243 bool HasValidUserGestureActivation() const;
245 void SetHasValidUserGestureActivation(bool HasValidUserGestureActivation
);
247 const nsCString
& TypeHint() const;
249 void SetTypeHint(const nsCString
& aTypeHint
);
251 const nsString
& FileName() const;
253 void SetFileName(const nsAString
& aFileName
);
255 nsIURI
* GetUnstrippedURI() const;
257 void SetUnstrippedURI(nsIURI
* aUnstrippedURI
);
259 // Give the type of DocShell we're loading into (chrome/content/etc) and
260 // origin attributes for the URI we're loading, figure out if we should
261 // inherit our principal from the document the load was requested from, or
262 // else if the principal should be set up later in the process (after loads).
263 // See comments in function for more info on principal selection algorithm
264 nsresult
SetupInheritingPrincipal(
265 mozilla::dom::BrowsingContext::Type aType
,
266 const mozilla::OriginAttributes
& aOriginAttributes
);
268 // If no triggering principal exists at the moment, create one using referrer
269 // information and origin attributes.
270 nsresult
SetupTriggeringPrincipal(
271 const mozilla::OriginAttributes
& aOriginAttributes
);
273 void SetIsFromProcessingFrameAttributes() {
274 mIsFromProcessingFrameAttributes
= true;
276 bool GetIsFromProcessingFrameAttributes() const {
277 return mIsFromProcessingFrameAttributes
;
280 nsIChannel
* GetPendingRedirectedChannel() {
281 return mPendingRedirectedChannel
;
284 uint64_t GetPendingRedirectChannelRegistrarId() const {
285 return mChannelRegistrarId
;
288 void SetOriginalURIString(const nsCString
& aOriginalURI
) {
289 mOriginalURIString
.emplace(aOriginalURI
);
291 const mozilla::Maybe
<nsCString
>& GetOriginalURIString() const {
292 return mOriginalURIString
;
295 void SetCancelContentJSEpoch(int32_t aCancelEpoch
) {
296 mCancelContentJSEpoch
.emplace(aCancelEpoch
);
298 const mozilla::Maybe
<int32_t>& GetCancelContentJSEpoch() const {
299 return mCancelContentJSEpoch
;
302 uint64_t GetLoadIdentifier() const { return mLoadIdentifier
; }
304 void SetChannelInitialized(bool aInitilized
) {
305 mChannelInitialized
= aInitilized
;
308 bool GetChannelInitialized() const { return mChannelInitialized
; }
310 void SetIsMetaRefresh(bool aMetaRefresh
) { mIsMetaRefresh
= aMetaRefresh
; }
312 bool IsMetaRefresh() const { return mIsMetaRefresh
; }
314 const mozilla::Maybe
<nsCString
>& GetRemoteTypeOverride() const {
315 return mRemoteTypeOverride
;
318 void SetRemoteTypeOverride(const nsCString
& aRemoteTypeOverride
) {
319 mRemoteTypeOverride
= mozilla::Some(aRemoteTypeOverride
);
322 // Determine the remote type of the process which should be considered
323 // responsible for this load for the purposes of security checks.
325 // This will generally be the process which created the nsDocShellLoadState
326 // originally, however non-errorpage history loads are always considered to be
327 // triggered by the parent process, as we can validate them against the
329 const nsCString
& GetEffectiveTriggeringRemoteType() const;
331 void SetTriggeringRemoteType(const nsACString
& aTriggeringRemoteType
);
333 // Diagnostic assert if this is a system-principal triggered load, and it is
334 // trivial to determine that the effective triggering remote type would not be
335 // allowed to perform this load.
337 // This is called early during the load to crash as close to the cause as
338 // possible. See bug 1838686 for details.
339 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
340 void AssertProcessCouldTriggerLoadIfSystem();
342 void AssertProcessCouldTriggerLoadIfSystem() {}
345 // When loading a document through nsDocShell::LoadURI(), a special set of
346 // flags needs to be set based on other values in nsDocShellLoadState. This
347 // function calculates those flags, before the LoadState is passed to
348 // nsDocShell::InternalLoad.
349 void CalculateLoadURIFlags();
351 // Compute the load flags to be used by creating channel. aUriModified and
352 // aIsXFOError are expected to be Nothing when called from Parent process.
353 nsLoadFlags
CalculateChannelLoadFlags(
354 mozilla::dom::BrowsingContext
* aBrowsingContext
,
355 mozilla::Maybe
<bool> aUriModified
, mozilla::Maybe
<bool> aIsXFOError
);
357 mozilla::dom::DocShellLoadStateInit
Serialize(
358 mozilla::ipc::IProtocol
* aActor
);
360 void SetLoadIsFromSessionHistory(int32_t aOffset
, bool aLoadingCurrentEntry
);
361 void ClearLoadIsFromSessionHistory();
363 void MaybeStripTrackerQueryStrings(mozilla::dom::BrowsingContext
* aContext
);
366 // Destructor can't be defaulted or inlined, as header doesn't have all type
367 // includes it needs to do so.
368 ~nsDocShellLoadState();
370 // Given the original `nsDocShellLoadState` which was sent to a content
371 // process, validate that they corespond to the same load.
372 // Returns a static (telemetry-safe) string naming what did not match, or
373 // nullptr if it succeeds.
374 const char* ValidateWithOriginalState(nsDocShellLoadState
* aOriginalState
);
376 static nsresult
CreateFromLoadURIOptions(
377 BrowsingContext
* aBrowsingContext
, nsIURI
* aURI
,
378 const mozilla::dom::LoadURIOptions
& aLoadURIOptions
,
379 uint32_t aLoadFlagsOverride
, nsIInputStream
* aPostDataOverride
,
380 nsDocShellLoadState
** aResult
);
382 // This is the referrer for the load.
383 nsCOMPtr
<nsIReferrerInfo
> mReferrerInfo
;
385 // The URI we are navigating to. Will not be null once set.
386 nsCOMPtr
<nsIURI
> mURI
;
388 // The URI to set as the originalURI on the channel that does the load. If
389 // null, aURI will be set as the originalURI.
390 nsCOMPtr
<nsIURI
> mOriginalURI
;
392 // The URI to be set to loadInfo.resultPrincipalURI
393 // - When Nothing, there will be no change
394 // - When Some, the principal URI will overwrite even
395 // with a null value.
397 // Valid only if mResultPrincipalURIIsSome is true (has the same meaning as
398 // isSome() on mozilla::Maybe.)
399 nsCOMPtr
<nsIURI
> mResultPrincipalURI
;
400 bool mResultPrincipalURIIsSome
;
402 // The principal of the load, that is, the entity responsible for causing the
403 // load to occur. In most cases the referrer and the triggeringPrincipal's URI
404 // will be identical.
406 // Please note that this is the principal that is used for security checks. If
407 // the argument aURI is provided by the web, then please do not pass a
408 // SystemPrincipal as the triggeringPrincipal.
409 nsCOMPtr
<nsIPrincipal
> mTriggeringPrincipal
;
411 // The SandboxFlags of the load, that are, the SandboxFlags of the entity
412 // responsible for causing the load to occur. Most likely this are the
413 // SandboxFlags of the document that started the load.
414 uint32_t mTriggeringSandboxFlags
;
416 // The CSP of the load, that is, the CSP of the entity responsible for causing
417 // the load to occur. Most likely this is the CSP of the document that started
418 // the load. In case the entity starting the load did not use a CSP, then mCsp
419 // can be null. Please note that this is also the CSP that will be applied to
420 // the load in case the load encounters a server side redirect.
421 nsCOMPtr
<nsIContentSecurityPolicy
> mCsp
;
423 // If a refresh is caused by http-equiv="refresh" we want to set
424 // aResultPrincipalURI, but we do not want to overwrite the channel's
425 // ResultPrincipalURI, if it has already been set on the channel by a protocol
427 bool mKeepResultPrincipalURIIfSet
;
429 // If set LOAD_REPLACE flag will be set on the channel. If aOriginalURI is
430 // null, this argument is ignored.
433 // If this attribute is true and no triggeringPrincipal is specified,
434 // copy the principal from the referring document.
435 bool mInheritPrincipal
;
437 // If this attribute is true only ever use the principal specified
438 // by the triggeringPrincipal and inheritPrincipal attributes.
439 // If there are security reasons for why this is unsafe, such
440 // as trying to use a systemprincipal as the triggeringPrincipal
441 // for a content docshell the load fails.
442 bool mPrincipalIsExplicit
;
444 bool mNotifiedBeforeUnloadListeners
;
446 // Principal we're inheriting. If null, this means the principal should be
447 // inherited from the current document. If set to NullPrincipal, the channel
448 // will fill in principal information later in the load. See internal comments
449 // of SetupInheritingPrincipal for more info.
451 // When passed to InternalLoad, If this argument is null then
452 // principalToInherit is computed differently. See nsDocShell::InternalLoad
453 // for more comments.
455 nsCOMPtr
<nsIPrincipal
> mPrincipalToInherit
;
457 nsCOMPtr
<nsIPrincipal
> mPartitionedPrincipalToInherit
;
459 // If this attribute is true, then a top-level navigation
460 // to a data URI will be allowed.
461 bool mForceAllowDataURI
;
463 // If this attribute is true, then the top-level navigaion
464 // will be exempt from HTTPS-Only-Mode upgrades.
465 bool mIsExemptFromHTTPSOnlyMode
;
467 // If this attribute is true, this load corresponds to a frame
468 // element loading its original src (or srcdoc) attribute.
469 bool mOriginalFrameSrc
;
471 // If this attribute is true, then the load was initiated by a
472 // form submission. This is important to know for the CSP directive
474 bool mIsFormSubmission
;
476 // Contains a load type as specified by the nsDocShellLoadTypes::load*
480 // Active Session History entry (if loading from SH)
481 nsCOMPtr
<nsISHEntry
> mSHEntry
;
483 // Loading session history info for the load
484 mozilla::UniquePtr
<mozilla::dom::LoadingSessionHistoryInfo
>
485 mLoadingSessionHistoryInfo
;
487 // Target for load, like _content, _blank etc.
490 // When set, this is the Target Browsing Context for the navigation
491 // after retargeting.
492 MaybeDiscarded
<BrowsingContext
> mTargetBrowsingContext
;
494 // Post data stream (if POSTing)
495 nsCOMPtr
<nsIInputStream
> mPostDataStream
;
497 // Additional Headers
498 nsCOMPtr
<nsIInputStream
> mHeadersStream
;
500 // When set, the load will be interpreted as a srcdoc load, where contents of
501 // this string will be loaded instead of the URI. Setting srcdocData sets
502 // isSrcdocLoad to true
503 nsString mSrcdocData
;
505 // When set, this is the Source Browsing Context for the navigation.
506 MaybeDiscarded
<BrowsingContext
> mSourceBrowsingContext
;
508 // Used for srcdoc loads to give view-source knowledge of the load's base URI
509 // as this information isn't embedded in the load's URI.
510 nsCOMPtr
<nsIURI
> mBaseURI
;
512 // Set of Load Flags, taken from nsDocShellLoadTypes.h and nsIWebNavigation
515 // Set of internal load flags
516 uint32_t mInternalLoadFlags
;
518 // Is this a First Party Load?
521 // Is this load triggered by a user gesture?
522 bool mHasValidUserGestureActivation
;
524 // Whether this load can steal the focus from the source browsing context.
525 bool mAllowFocusMove
;
527 // A hint as to the content-type of the resulting data. If no hint, IsVoid()
528 // should return true.
531 // Non-void when the link should be downloaded as the given filename.
532 // mFileName being non-void but empty means that no filename hint was
533 // specified, but link should still trigger a download. If not a download,
534 // mFileName.IsVoid() should return true.
537 // This will be true if this load is triggered by attribute changes.
538 // See nsILoadInfo.isFromProcessingFrameAttributes
539 bool mIsFromProcessingFrameAttributes
;
541 // If set, a pending cross-process redirected channel should be used to
542 // perform the load. The channel will be stored in this value.
543 nsCOMPtr
<nsIChannel
> mPendingRedirectedChannel
;
545 // An optional string representation of mURI, before any
546 // fixups were applied, so that we can send it to a search
547 // engine service if needed.
548 mozilla::Maybe
<nsCString
> mOriginalURIString
;
550 // An optional value to pass to nsIDocShell::setCancelJSEpoch
551 // when initiating the load.
552 mozilla::Maybe
<int32_t> mCancelContentJSEpoch
;
554 // If mPendingRedirectChannel is set, then this is the identifier
555 // that the parent-process equivalent channel has been registered
556 // with using RedirectChannelRegistrar.
557 uint64_t mChannelRegistrarId
;
559 // An identifier to make it possible to examine if two loads are
560 // equal, and which browsing context they belong to (see
561 // BrowsingContext::{Get, Set}CurrentLoadIdentifier)
562 const uint64_t mLoadIdentifier
;
564 // Optional value to indicate that a channel has been
565 // pre-initialized in the parent process.
566 bool mChannelInitialized
;
568 // True if the load was triggered by a meta refresh.
571 // True if the nsDocShellLoadState was received over IPC.
572 bool mWasCreatedRemotely
= false;
574 // The original URI before query stripping happened. If it's present, it shows
575 // the query stripping happened. Otherwise, it will be a nullptr.
576 nsCOMPtr
<nsIURI
> mUnstrippedURI
;
578 // If set, the remote type which the load should be completed within.
579 mozilla::Maybe
<nsCString
> mRemoteTypeOverride
;
581 // Remote type of the process which originally requested the load.
582 nsCString mTriggeringRemoteType
;
585 #endif /* nsDocShellLoadState_h__ */