search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1688354 [wpt PR 27298] - Treat 'rem' as an absolute unit for font size, a=testonly
[gecko.git] / dom / security / nsCSPUtils.h
blob9ba39d782994f47bd9c5adf05d97388bff890859
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #ifndef nsCSPUtils_h___
8 #define nsCSPUtils_h___
9
10 #include "nsCOMPtr.h"
11 #include "nsIContentSecurityPolicy.h"
12 #include "nsIURI.h"
13 #include "nsLiteralString.h"
14 #include "nsString.h"
15 #include "nsTArray.h"
16 #include "nsUnicharUtils.h"
17 #include "mozilla/Logging.h"
18
19 class nsIChannel;
20
21 namespace mozilla {
22 namespace dom {
23 struct CSP;
24 class Document;
25 } // namespace dom
26 } // namespace mozilla
27
28 /* =============== Logging =================== */
29
30 void CSP_LogLocalizedStr(const char* aName, const nsTArray<nsString>& aParams,
31 const nsAString& aSourceName,
32 const nsAString& aSourceLine, uint32_t aLineNumber,
33 uint32_t aColumnNumber, uint32_t aFlags,
34 const nsACString& aCategory, uint64_t aInnerWindowID,
35 bool aFromPrivateWindow);
36
37 void CSP_GetLocalizedStr(const char* aName, const nsTArray<nsString>& aParams,
38 nsAString& outResult);
39
40 void CSP_LogStrMessage(const nsAString& aMsg);
41
42 void CSP_LogMessage(const nsAString& aMessage, const nsAString& aSourceName,
43 const nsAString& aSourceLine, uint32_t aLineNumber,
44 uint32_t aColumnNumber, uint32_t aFlags,
45 const nsACString& aCategory, uint64_t aInnerWindowID,
46 bool aFromPrivateWindow);
47
48 /* =============== Constant and Type Definitions ================== */
49
50 #define INLINE_STYLE_VIOLATION_OBSERVER_TOPIC \
51 "violated base restriction: Inline Stylesheets will not apply"
52 #define INLINE_SCRIPT_VIOLATION_OBSERVER_TOPIC \
53 "violated base restriction: Inline Scripts will not execute"
54 #define EVAL_VIOLATION_OBSERVER_TOPIC \
55 "violated base restriction: Code will not be created from strings"
56 #define SCRIPT_NONCE_VIOLATION_OBSERVER_TOPIC "Inline Script had invalid nonce"
57 #define STYLE_NONCE_VIOLATION_OBSERVER_TOPIC "Inline Style had invalid nonce"
58 #define SCRIPT_HASH_VIOLATION_OBSERVER_TOPIC "Inline Script had invalid hash"
59 #define STYLE_HASH_VIOLATION_OBSERVER_TOPIC "Inline Style had invalid hash"
60
61 // these strings map to the CSPDirectives in nsIContentSecurityPolicy
62 // NOTE: When implementing a new directive, you will need to add it here but
63 // also add a corresponding entry to the constants in
64 // nsIContentSecurityPolicy.idl and also create an entry for the new directive
65 // in nsCSPDirective::toDomCSPStruct() and add it to CSPDictionaries.webidl.
66 // Order of elements below important! Make sure it matches the order as in
67 // nsIContentSecurityPolicy.idl
68 static const char* CSPStrDirectives[] = {
69 "-error-", // NO_DIRECTIVE
70 "default-src", // DEFAULT_SRC_DIRECTIVE
71 "script-src", // SCRIPT_SRC_DIRECTIVE
72 "object-src", // OBJECT_SRC_DIRECTIVE
73 "style-src", // STYLE_SRC_DIRECTIVE
74 "img-src", // IMG_SRC_DIRECTIVE
75 "media-src", // MEDIA_SRC_DIRECTIVE
76 "frame-src", // FRAME_SRC_DIRECTIVE
77 "font-src", // FONT_SRC_DIRECTIVE
78 "connect-src", // CONNECT_SRC_DIRECTIVE
79 "report-uri", // REPORT_URI_DIRECTIVE
80 "frame-ancestors", // FRAME_ANCESTORS_DIRECTIVE
81 "reflected-xss", // REFLECTED_XSS_DIRECTIVE
82 "base-uri", // BASE_URI_DIRECTIVE
83 "form-action", // FORM_ACTION_DIRECTIVE
84 "manifest-src", // MANIFEST_SRC_DIRECTIVE
85 "upgrade-insecure-requests", // UPGRADE_IF_INSECURE_DIRECTIVE
86 "child-src", // CHILD_SRC_DIRECTIVE
87 "block-all-mixed-content", // BLOCK_ALL_MIXED_CONTENT
88 "sandbox", // SANDBOX_DIRECTIVE
89 "worker-src", // WORKER_SRC_DIRECTIVE
90 "navigate-to" // NAVIGATE_TO_DIRECTIVE
91 };
92
93 inline const char* CSP_CSPDirectiveToString(CSPDirective aDir) {
94 return CSPStrDirectives[static_cast<uint32_t>(aDir)];
95 }
96
97 inline CSPDirective CSP_StringToCSPDirective(const nsAString& aDir) {
98 nsString lowerDir = PromiseFlatString(aDir);
99 ToLowerCase(lowerDir);
100
101 uint32_t numDirs = (sizeof(CSPStrDirectives) / sizeof(CSPStrDirectives[0]));
102 for (uint32_t i = 1; i < numDirs; i++) {
103 if (lowerDir.EqualsASCII(CSPStrDirectives[i])) {
104 return static_cast<CSPDirective>(i);
105 }
106 }
107 return nsIContentSecurityPolicy::NO_DIRECTIVE;
108 }
109
110 #define FOR_EACH_CSP_KEYWORD(MACRO) \
111 MACRO(CSP_SELF, "'self'") \
112 MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'") \
113 MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'") \
114 MACRO(CSP_NONE, "'none'") \
115 MACRO(CSP_NONCE, "'nonce-") \
116 MACRO(CSP_REPORT_SAMPLE, "'report-sample'") \
117 MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'") \
118 MACRO(CSP_UNSAFE_ALLOW_REDIRECTS, "'unsafe-allow-redirects'")
119
120 enum CSPKeyword {
121 #define KEYWORD_ENUM(id_, string_) id_,
122 FOR_EACH_CSP_KEYWORD(KEYWORD_ENUM)
123 #undef KEYWORD_ENUM
124
125 // CSP_LAST_KEYWORD_VALUE always needs to be the last element in the enum
126 // because we use it to calculate the size for the char* array.
127 CSP_LAST_KEYWORD_VALUE,
128
129 // Putting CSP_HASH after the delimitor, because CSP_HASH is not a valid
130 // keyword (hash uses e.g. sha256, sha512) but we use CSP_HASH internally
131 // to identify allowed hashes in ::allows.
132 CSP_HASH
133 };
134
135 // The keywords, in UTF-8 form.
136 static const char* gCSPUTF8Keywords[] = {
137 #define KEYWORD_UTF8_LITERAL(id_, string_) string_,
138 FOR_EACH_CSP_KEYWORD(KEYWORD_UTF8_LITERAL)
139 #undef KEYWORD_UTF8_LITERAL
140 };
141
142 // The keywords, in UTF-16 form.
143 static const char16_t* gCSPUTF16Keywords[] = {
144 #define KEYWORD_UTF16_LITERAL(id_, string_) u"" string_,
145 FOR_EACH_CSP_KEYWORD(KEYWORD_UTF16_LITERAL)
146 #undef KEYWORD_UTF16_LITERAL
147 };
148
149 #undef FOR_EACH_CSP_KEYWORD
150
151 inline const char* CSP_EnumToUTF8Keyword(enum CSPKeyword aKey) {
152 // Make sure all elements in enum CSPKeyword got added to gCSPUTF8Keywords.
153 static_assert((sizeof(gCSPUTF8Keywords) / sizeof(gCSPUTF8Keywords[0]) ==
154 CSP_LAST_KEYWORD_VALUE),
155 "CSP_LAST_KEYWORD_VALUE != length(gCSPUTF8Keywords)");
156
157 if (static_cast<uint32_t>(aKey) <
158 static_cast<uint32_t>(CSP_LAST_KEYWORD_VALUE)) {
159 return gCSPUTF8Keywords[static_cast<uint32_t>(aKey)];
160 }
161 return "error: invalid keyword in CSP_EnumToUTF8Keyword";
162 }
163
164 inline const char16_t* CSP_EnumToUTF16Keyword(enum CSPKeyword aKey) {
165 // Make sure all elements in enum CSPKeyword got added to gCSPUTF16Keywords.
166 static_assert((sizeof(gCSPUTF16Keywords) / sizeof(gCSPUTF16Keywords[0]) ==
167 CSP_LAST_KEYWORD_VALUE),
168 "CSP_LAST_KEYWORD_VALUE != length(gCSPUTF16Keywords)");
169
170 if (static_cast<uint32_t>(aKey) <
171 static_cast<uint32_t>(CSP_LAST_KEYWORD_VALUE)) {
172 return gCSPUTF16Keywords[static_cast<uint32_t>(aKey)];
173 }
174 return u"error: invalid keyword in CSP_EnumToUTF16Keyword";
175 }
176
177 inline CSPKeyword CSP_UTF16KeywordToEnum(const nsAString& aKey) {
178 nsString lowerKey = PromiseFlatString(aKey);
179 ToLowerCase(lowerKey);
180
181 for (uint32_t i = 0; i < CSP_LAST_KEYWORD_VALUE; i++) {
182 if (lowerKey.Equals(gCSPUTF16Keywords[i])) {
183 return static_cast<CSPKeyword>(i);
184 }
185 }
186 NS_ASSERTION(false, "Can not convert unknown Keyword to Enum");
187 return CSP_LAST_KEYWORD_VALUE;
188 }
189
190 nsresult CSP_AppendCSPFromHeader(nsIContentSecurityPolicy* aCsp,
191 const nsAString& aHeaderValue,
192 bool aReportOnly);
193
194 /* =============== Helpers ================== */
195
196 class nsCSPHostSrc;
197
198 nsCSPHostSrc* CSP_CreateHostSrcFromSelfURI(nsIURI* aSelfURI);
199 bool CSP_IsEmptyDirective(const nsAString& aValue, const nsAString& aDir);
200 bool CSP_IsDirective(const nsAString& aValue, CSPDirective aDir);
201 bool CSP_IsKeyword(const nsAString& aValue, enum CSPKeyword aKey);
202 bool CSP_IsQuotelessKeyword(const nsAString& aKey);
203 CSPDirective CSP_ContentTypeToDirective(nsContentPolicyType aType);
204
205 class nsCSPSrcVisitor;
206
207 void CSP_PercentDecodeStr(const nsAString& aEncStr, nsAString& outDecStr);
208 bool CSP_ShouldResponseInheritCSP(nsIChannel* aChannel);
209
210 void CSP_ApplyMetaCSPToDoc(mozilla::dom::Document& aDoc,
211 const nsAString& aPolicyStr);
212
213 /* =============== nsCSPSrc ================== */
214
215 class nsCSPBaseSrc {
216 public:
217 nsCSPBaseSrc();
218 virtual ~nsCSPBaseSrc();
219
220 virtual bool permits(nsIURI* aUri, const nsAString& aNonce,
221 bool aWasRedirected, bool aReportOnly,
222 bool aUpgradeInsecure, bool aParserCreated) const;
223 virtual bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
224 bool aParserCreated) const;
225 virtual bool visit(nsCSPSrcVisitor* aVisitor) const = 0;
226 virtual void toString(nsAString& outStr) const = 0;
227
228 virtual void invalidate() const { mInvalidated = true; }
229
230 virtual bool isReportSample() const { return false; }
231
232 protected:
233 // invalidate srcs if 'script-dynamic' is present or also invalidate
234 // unsafe-inline' if nonce- or hash-source specified
235 mutable bool mInvalidated;
236 };
237
238 /* =============== nsCSPSchemeSrc ============ */
239
240 class nsCSPSchemeSrc : public nsCSPBaseSrc {
241 public:
242 explicit nsCSPSchemeSrc(const nsAString& aScheme);
243 virtual ~nsCSPSchemeSrc();
244
245 bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
246 bool aReportOnly, bool aUpgradeInsecure,
247 bool aParserCreated) const override;
248 bool visit(nsCSPSrcVisitor* aVisitor) const override;
249 void toString(nsAString& outStr) const override;
250
251 inline void getScheme(nsAString& outStr) const { outStr.Assign(mScheme); };
252
253 private:
254 nsString mScheme;
255 };
256
257 /* =============== nsCSPHostSrc ============== */
258
259 class nsCSPHostSrc : public nsCSPBaseSrc {
260 public:
261 explicit nsCSPHostSrc(const nsAString& aHost);
262 virtual ~nsCSPHostSrc();
263
264 bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
265 bool aReportOnly, bool aUpgradeInsecure,
266 bool aParserCreated) const override;
267 bool visit(nsCSPSrcVisitor* aVisitor) const override;
268 void toString(nsAString& outStr) const override;
269
270 void setScheme(const nsAString& aScheme);
271 void setPort(const nsAString& aPort);
272 void appendPath(const nsAString& aPath);
273
274 inline void setGeneratedFromSelfKeyword() const {
275 mGeneratedFromSelfKeyword = true;
276 }
277
278 inline void setIsUniqueOrigin() const { mIsUniqueOrigin = true; }
279
280 inline void setWithinFrameAncestorsDir(bool aValue) const {
281 mWithinFrameAncstorsDir = aValue;
282 }
283
284 inline void getScheme(nsAString& outStr) const { outStr.Assign(mScheme); };
285
286 inline void getHost(nsAString& outStr) const { outStr.Assign(mHost); };
287
288 inline void getPort(nsAString& outStr) const { outStr.Assign(mPort); };
289
290 inline void getPath(nsAString& outStr) const { outStr.Assign(mPath); };
291
292 private:
293 nsString mScheme;
294 nsString mHost;
295 nsString mPort;
296 nsString mPath;
297 mutable bool mGeneratedFromSelfKeyword;
298 mutable bool mIsUniqueOrigin;
299 mutable bool mWithinFrameAncstorsDir;
300 };
301
302 /* =============== nsCSPKeywordSrc ============ */
303
304 class nsCSPKeywordSrc : public nsCSPBaseSrc {
305 public:
306 explicit nsCSPKeywordSrc(CSPKeyword aKeyword);
307 virtual ~nsCSPKeywordSrc();
308
309 bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
310 bool aParserCreated) const override;
311 bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
312 bool aReportOnly, bool aUpgradeInsecure,
313 bool aParserCreated) const override;
314 bool visit(nsCSPSrcVisitor* aVisitor) const override;
315 void toString(nsAString& outStr) const override;
316
317 inline CSPKeyword getKeyword() const { return mKeyword; };
318
319 inline void invalidate() const override {
320 // keywords that need to invalidated
321 if (mKeyword == CSP_SELF || mKeyword == CSP_UNSAFE_INLINE ||
322 mKeyword == CSP_REPORT_SAMPLE) {
323 mInvalidated = true;
324 }
325 }
326
327 bool isReportSample() const override { return mKeyword == CSP_REPORT_SAMPLE; }
328
329 private:
330 CSPKeyword mKeyword;
331 };
332
333 /* =============== nsCSPNonceSource =========== */
334
335 class nsCSPNonceSrc : public nsCSPBaseSrc {
336 public:
337 explicit nsCSPNonceSrc(const nsAString& aNonce);
338 virtual ~nsCSPNonceSrc();
339
340 bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
341 bool aReportOnly, bool aUpgradeInsecure,
342 bool aParserCreated) const override;
343 bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
344 bool aParserCreated) const override;
345 bool visit(nsCSPSrcVisitor* aVisitor) const override;
346 void toString(nsAString& outStr) const override;
347
348 inline void getNonce(nsAString& outStr) const { outStr.Assign(mNonce); };
349
350 inline void invalidate() const override {
351 // overwrite nsCSPBaseSRC::invalidate() and explicitily
352 // do *not* invalidate, because 'strict-dynamic' should
353 // not invalidate nonces.
354 }
355
356 private:
357 nsString mNonce;
358 };
359
360 /* =============== nsCSPHashSource ============ */
361
362 class nsCSPHashSrc : public nsCSPBaseSrc {
363 public:
364 nsCSPHashSrc(const nsAString& algo, const nsAString& hash);
365 virtual ~nsCSPHashSrc();
366
367 bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
368 bool aParserCreated) const override;
369 void toString(nsAString& outStr) const override;
370 bool visit(nsCSPSrcVisitor* aVisitor) const override;
371
372 inline void getAlgorithm(nsAString& outStr) const {
373 outStr.Assign(mAlgorithm);
374 };
375
376 inline void getHash(nsAString& outStr) const { outStr.Assign(mHash); };
377
378 inline void invalidate() const override {
379 // overwrite nsCSPBaseSRC::invalidate() and explicitily
380 // do *not* invalidate, because 'strict-dynamic' should
381 // not invalidate hashes.
382 }
383
384 private:
385 nsString mAlgorithm;
386 nsString mHash;
387 };
388
389 /* =============== nsCSPReportURI ============ */
390
391 class nsCSPReportURI : public nsCSPBaseSrc {
392 public:
393 explicit nsCSPReportURI(nsIURI* aURI);
394 virtual ~nsCSPReportURI();
395
396 bool visit(nsCSPSrcVisitor* aVisitor) const override;
397 void toString(nsAString& outStr) const override;
398
399 private:
400 nsCOMPtr<nsIURI> mReportURI;
401 };
402
403 /* =============== nsCSPSandboxFlags ================== */
404
405 class nsCSPSandboxFlags : public nsCSPBaseSrc {
406 public:
407 explicit nsCSPSandboxFlags(const nsAString& aFlags);
408 virtual ~nsCSPSandboxFlags();
409
410 bool visit(nsCSPSrcVisitor* aVisitor) const override;
411 void toString(nsAString& outStr) const override;
412
413 private:
414 nsString mFlags;
415 };
416
417 /* =============== nsCSPSrcVisitor ================== */
418
419 class nsCSPSrcVisitor {
420 public:
421 virtual bool visitSchemeSrc(const nsCSPSchemeSrc& src) = 0;
422
423 virtual bool visitHostSrc(const nsCSPHostSrc& src) = 0;
424
425 virtual bool visitKeywordSrc(const nsCSPKeywordSrc& src) = 0;
426
427 virtual bool visitNonceSrc(const nsCSPNonceSrc& src) = 0;
428
429 virtual bool visitHashSrc(const nsCSPHashSrc& src) = 0;
430
431 protected:
432 explicit nsCSPSrcVisitor() = default;
433 virtual ~nsCSPSrcVisitor() = default;
434 };
435
436 /* =============== nsCSPDirective ============= */
437
438 class nsCSPDirective {
439 public:
440 explicit nsCSPDirective(CSPDirective aDirective);
441 virtual ~nsCSPDirective();
442
443 virtual bool permits(nsIURI* aUri, const nsAString& aNonce,
444 bool aWasRedirected, bool aReportOnly,
445 bool aUpgradeInsecure, bool aParserCreated) const;
446 virtual bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
447 bool aParserCreated) const;
448 virtual void toString(nsAString& outStr) const;
449 void toDomCSPStruct(mozilla::dom::CSP& outCSP) const;
450
451 virtual void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) {
452 mSrcs = aSrcs.Clone();
453 }
454
455 inline bool isDefaultDirective() const {
456 return mDirective == nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE;
457 }
458
459 virtual bool equals(CSPDirective aDirective) const;
460
461 void getReportURIs(nsTArray<nsString>& outReportURIs) const;
462
463 bool visitSrcs(nsCSPSrcVisitor* aVisitor) const;
464
465 virtual void getDirName(nsAString& outStr) const;
466
467 bool hasReportSampleKeyword() const;
468
469 protected:
470 CSPDirective mDirective;
471 nsTArray<nsCSPBaseSrc*> mSrcs;
472 };
473
474 /* =============== nsCSPChildSrcDirective ============= */
475
476 /*
477 * In CSP 3 child-src is deprecated. For backwards compatibility
478 * child-src needs to restrict:
479 * (*) frames, in case frame-src is not expicitly specified
480 * (*) workers, in case worker-src is not expicitly specified
481 */
482 class nsCSPChildSrcDirective : public nsCSPDirective {
483 public:
484 explicit nsCSPChildSrcDirective(CSPDirective aDirective);
485 virtual ~nsCSPChildSrcDirective();
486
487 void setRestrictFrames() { mRestrictFrames = true; }
488
489 void setRestrictWorkers() { mRestrictWorkers = true; }
490
491 virtual bool equals(CSPDirective aDirective) const override;
492
493 private:
494 bool mRestrictFrames;
495 bool mRestrictWorkers;
496 };
497
498 /* =============== nsCSPScriptSrcDirective ============= */
499
500 /*
501 * In CSP 3 worker-src restricts workers, for backwards compatibily
502 * script-src has to restrict workers as the ultimate fallback if
503 * neither worker-src nor child-src is present in a CSP.
504 */
505 class nsCSPScriptSrcDirective : public nsCSPDirective {
506 public:
507 explicit nsCSPScriptSrcDirective(CSPDirective aDirective);
508 virtual ~nsCSPScriptSrcDirective();
509
510 void setRestrictWorkers() { mRestrictWorkers = true; }
511
512 virtual bool equals(CSPDirective aDirective) const override;
513
514 private:
515 bool mRestrictWorkers;
516 };
517
518 /* =============== nsBlockAllMixedContentDirective === */
519
520 class nsBlockAllMixedContentDirective : public nsCSPDirective {
521 public:
522 explicit nsBlockAllMixedContentDirective(CSPDirective aDirective);
523 ~nsBlockAllMixedContentDirective();
524
525 bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
526 bool aReportOnly, bool aUpgradeInsecure,
527 bool aParserCreated) const override {
528 return false;
529 }
530
531 bool permits(nsIURI* aUri) const { return false; }
532
533 bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
534 bool aParserCreated) const override {
535 return false;
536 }
537
538 void toString(nsAString& outStr) const override;
539
540 void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) override {
541 MOZ_ASSERT(false, "block-all-mixed-content does not hold any srcs");
542 }
543
544 void getDirName(nsAString& outStr) const override;
545 };
546
547 /* =============== nsUpgradeInsecureDirective === */
548
549 /*
550 * Upgrading insecure requests includes the following actors:
551 * (1) CSP:
552 * The CSP implementation allowlists the http-request
553 * in case the policy is executed in enforcement mode.
554 * The CSP implementation however does not allow http
555 * requests to succeed if executed in report-only mode.
556 * In such a case the CSP implementation reports the
557 * error back to the page.
558 *
559 * (2) MixedContent:
560 * The evalution of MixedContent allowlists all http
561 * requests with the promise that the http requests
562 * gets upgraded to https before any data is fetched
563 * from the network.
564 *
565 * (3) CORS:
566 * Does not consider the http request to be of a
567 * different origin in case the scheme is the only
568 * difference in otherwise matching URIs.
569 *
570 * (4) nsHttpChannel:
571 * Before connecting, the channel gets redirected
572 * to use https.
573 *
574 * (5) WebSocketChannel:
575 * Similar to the httpChannel, the websocketchannel
576 * gets upgraded from ws to wss.
577 */
578 class nsUpgradeInsecureDirective : public nsCSPDirective {
579 public:
580 explicit nsUpgradeInsecureDirective(CSPDirective aDirective);
581 ~nsUpgradeInsecureDirective();
582
583 bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
584 bool aReportOnly, bool aUpgradeInsecure,
585 bool aParserCreated) const override {
586 return false;
587 }
588
589 bool permits(nsIURI* aUri) const { return false; }
590
591 bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
592 bool aParserCreated) const override {
593 return false;
594 }
595
596 void toString(nsAString& outStr) const override;
597
598 void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) override {
599 MOZ_ASSERT(false, "upgrade-insecure-requests does not hold any srcs");
600 }
601
602 void getDirName(nsAString& outStr) const override;
603 };
604
605 /* =============== nsCSPPolicy ================== */
606
607 class nsCSPPolicy {
608 public:
609 nsCSPPolicy();
610 virtual ~nsCSPPolicy();
611
612 bool permits(CSPDirective aDirective, nsIURI* aUri, const nsAString& aNonce,
613 bool aWasRedirected, bool aSpecific, bool aParserCreated,
614 nsAString& outViolatedDirective) const;
615 bool allows(CSPDirective aDirective, enum CSPKeyword aKeyword,
616 const nsAString& aHashOrNonce, bool aParserCreated) const;
617 void toString(nsAString& outStr) const;
618 void toDomCSPStruct(mozilla::dom::CSP& outCSP) const;
619
620 inline void addDirective(nsCSPDirective* aDir) {
621 mDirectives.AppendElement(aDir);
622 }
623
624 inline void addUpgradeInsecDir(nsUpgradeInsecureDirective* aDir) {
625 mUpgradeInsecDir = aDir;
626 addDirective(aDir);
627 }
628
629 bool hasDirective(CSPDirective aDir) const;
630
631 inline void setDeliveredViaMetaTagFlag(bool aFlag) {
632 mDeliveredViaMetaTag = aFlag;
633 }
634
635 inline bool getDeliveredViaMetaTagFlag() const {
636 return mDeliveredViaMetaTag;
637 }
638
639 inline void setReportOnlyFlag(bool aFlag) { mReportOnly = aFlag; }
640
641 inline bool getReportOnlyFlag() const { return mReportOnly; }
642
643 void getReportURIs(nsTArray<nsString>& outReportURIs) const;
644
645 void getDirectiveStringAndReportSampleForContentType(
646 CSPDirective aDirective, nsAString& outDirective,
647 bool* aReportSample) const;
648
649 void getDirectiveAsString(CSPDirective aDir, nsAString& outDirective) const;
650
651 uint32_t getSandboxFlags() const;
652
653 inline uint32_t getNumDirectives() const { return mDirectives.Length(); }
654
655 bool visitDirectiveSrcs(CSPDirective aDir, nsCSPSrcVisitor* aVisitor) const;
656
657 bool allowsNavigateTo(nsIURI* aURI, bool aWasRedirected,
658 bool aEnforceAllowlist) const;
659
660 private:
661 nsUpgradeInsecureDirective* mUpgradeInsecDir;
662 nsTArray<nsCSPDirective*> mDirectives;
663 bool mReportOnly;
664 bool mDeliveredViaMetaTag;
665 };
666
667 #endif /* nsCSPUtils_h___ */