| blob | 22097e2c8f0fd831bbbc55b6adee8af6eb1d7240 |
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 sw=2 et tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
46 NS_PRINCIPAL_CID)
58 // We're just creating the principal, so no need to re-compute wrappers.
60 }
62 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
63 // Assert that the URI we get here isn't any of the schemes that we know we
64 // should not get here. These schemes always either inherit their principal
65 // or fall back to a null principal. These are schemes which return
66 // URI_INHERITS_SECURITY_CONTEXT from their protocol handler's
67 // GetProtocolFlags function.
73 #endif
74 }
87 }
89 /* static */
94 }
99 }
104 // Handle non-strict file:// uris.
107 // If strict file origin policy is not in effect, all local files are
108 // considered to be same-origin, so return a known dummy origin here.
111 }
113 nsresult rv;
114 // NB: This is only compiled for Thunderbird/Suite.
115 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
122 }
123 #endif
125 // We want the invariant that prinA.origin == prinB.origin i.f.f.
126 // prinA.equals(prinB). However, this requires that we impose certain
127 // constraints on the behavior and origin semantics of principals, and in
128 // particular, forbid creating origin strings for principals whose equality
129 // constraints are not expressible as strings (i.e. object equality).
130 // Moreover, we want to forbid URIs containing the magic "^" we use as a
131 // separating character for origin attributes.
132 //
133 // These constraints can generally be achieved by restricting .origin to
134 // nsIStandardURL-based URIs, but there are a few other URI schemes that we
135 // need to handle.
138 // We generally consider two about:foo origins to be same-origin, but
139 // about:blank is special since it can be generated from different
140 // sources. We check for moz-safe-about:blank since origin is an
141 // innermost URI.
152 }
156 }
158 // These URIs could technically contain a '^', but they never should.
162 }
164 }
166 // This URL can be a blobURL. In this case, we should use the 'parent'
167 // principal instead.
173 }
175 // If we reached this branch, we can only create an origin if we have a
176 // nsIStandardURL. So, we query to a nsIStandardURL, and fail if we aren't
177 // an instance of an nsIStandardURL nsIStandardURLs have the good property
178 // of escaping the '^' character in their specs, which means that we can be
179 // sure that the caret character (which is reserved for delimiting the end
180 // of the spec, and the beginning of the origin attributes) is not present
181 // in the origin string
185 }
187 // See whether we have a useful hostPort. If we do, use that.
188 nsAutoCString hostPort;
192 }
199 }
204 // The origin, when taken from the spec, should not contain the ref part of
205 // the URL.
212 }
216 }
219 }
226 // For ContentPrincipal, Subsumes is equivalent to Equals.
229 }
231 // If either the subject or the object has changed its principal by
232 // explicitly setting document.domain then the other must also have
233 // done so in order to be considered the same origin. This prevents
234 // DNS spoofing based on document.domain (154930)
236 // Get .domain on each principal.
241 // If either has .domain set, we have equality i.f.f. the domains match.
242 // Otherwise, we fall through to the non-document-domain-considering case.
246 #ifdef DEBUG
254 }
255 #endif
257 }
258 }
260 // Do a fast check (including origin attributes) or a slow uri comparison.
262 }
264 NS_IMETHODIMP
268 }
273 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
281 }
283 OriginAttributes attrs;
287 }
288 #endif
295 }
297 // If this principal is associated with an addon, check whether that addon
298 // has been given permission to load from this domain.
301 }
305 }
307 // If strict file origin policy is in effect, local files will always fail
308 // SecurityCompareURIs unless they are identical. Explicitly check file origin
309 // policy, in that case.
313 }
316 }
325 };
327 }
329 NS_IMETHODIMP
334 }
339 }
341 NS_IMETHODIMP
346 {
350 }
352 // Set the changed-document-domain flag on compartments containing realms
353 // using this principal.
358 };
367 }
373 // Special handling for a file URI.
375 // If strict file origin policy is not in effect, all local files are
376 // considered to be same-origin, so return a known dummy domain here.
381 }
383 // Otherwise, we return the file path.
389 }
390 }
397 }
399 // In case of FTP we want to get base domain via TLD service even if FTP
400 // protocol handler is disabled and the scheme is handled by external protocol
401 // handler which returns URI_NORELATIVE flag.
405 }
410 }
413 }
415 NS_IMETHODIMP
417 // Handle some special URIs first.
424 }
426 // For everything else, we ask the TLD service via the ThirdPartyUtil.
431 }
434 }
436 NS_IMETHODIMP
441 // It is possible for two principals with the same origin to have different
442 // mURI values. In order to ensure that two principals with matching origins
443 // also have matching siteOrigins, we derive the siteOrigin entirely from the
444 // origin string and do not rely on mURI at all here.
448 // We got an error parsing the origin as a URI? siteOrigin == origin
449 // aSiteOrigin was already filled with `OriginNoSuffix`
451 }
453 // Handle some special URIs first.
454 nsAutoCString baseDomain;
460 // This is a special URI ("file:", "about:", "view-source:", etc). Just
461 // return the origin.
463 }
465 // For everything else, we ask the TLD service. Note that, unlike in
466 // GetBaseDomain, we don't use ThirdPartyUtil.getBaseDomain because if the
467 // host is an IP address that returns the raw address and we can't use it with
468 // SetHost below because SetHost expects '[' and ']' around IPv6 addresses.
469 // See bug 1491728.
474 }
481 // If this is an IP address or something like "localhost", we just continue
482 // with gotBaseDomain = false.
487 }
488 }
490 // NOTE: Calling `SetHostPort` with a portless domain is insufficient to clear
491 // the port, so an extra `SetPort` call has to be made.
497 }
506 }
509 nsCString siteOrigin;
517 }
521 }
530 nsCString host;
533 }
536 }
538 }
540 NS_IMETHODIMP
546 }
548 }
550 NS_IMETHODIMP
559 }
562 // Enforce re-parsing about: URIs so that if they change, we continue to use
563 // their new principals correctly.
565 nsAutoCString spec;
568 NS_ERROR_FAILURE);
569 }
575 }
579 nsAutoCString suffix;
583 OriginAttributes attrs;
587 // Since Bug 965637 we do not serialize the CSP within the
588 // Principal anymore. Nevertheless there might still be
589 // serialized Principals that do have a serialized CSP.
590 // For now, we just read the CSP here but do not actually
591 // consume it. Please note that we deliberately ignore
592 // the return value to avoid CSP deserialization problems.
593 // After Bug 1508939 we will have a new serialization for
594 // Principals which allows us to update the code here.
595 // Additionally, the format for serialized CSPs changed
596 // within Bug 965637 which also can cause failures within
597 // the CSP deserialization code.
600 nsAutoCString originNoSuffix;
604 mPrincipal =
607 }
610 nsAutoCString principalURI;
614 // We turn each int enum field into a JSON string key of the object
615 // aObject is the inner JSON object that has stringified enum keys
616 // An example aObject might be:
617 //
618 // eURI eSuffix
619 // | |
620 // {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}
621 // | | | |
622 // ----------------------------- |
623 // | | |
624 // Key ----------------------
625 // |
626 // Value
630 nsAutoCString domainStr;
631 {
635 }
637 }
639 nsAutoCString suffix;
643 }
646 }
651 nsresult rv;
655 OriginAttributes attrs;
657 // The odd structure here is to make the code to not compile
658 // if all the switch enum cases haven't been codified
667 }
671 {
672 // Enforce re-parsing about: URIs so that if they change, we
673 // continue to use their new principals correctly.
675 nsAutoCString spec;
679 }
680 }
681 }
687 }
694 }
695 }
697 }
698 }
699 nsAutoCString originNoSuffix;
701 originNoSuffix);
704 }
710 }