search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1843717 - Don't replace backslashes in the hash of the URL r=necko-reviewers...
[gecko.git] / netwerk / base / nsNetUtil.cpp
blob4c03cf63c312201c6fd31aac55412f6ff52cb06d
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim:set ts=4 sw=2 sts=2 et cin: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 // HttpLog.h should generally be included first
8 #include "DecoderDoctorDiagnostics.h"
9 #include "HttpLog.h"
10
11 #include "nsNetUtil.h"
12
13 #include "mozilla/Atomics.h"
14 #include "mozilla/BasePrincipal.h"
15 #include "mozilla/Components.h"
16 #include "mozilla/Encoding.h"
17 #include "mozilla/LoadContext.h"
18 #include "mozilla/LoadInfo.h"
19 #include "mozilla/Monitor.h"
20 #include "mozilla/StaticPrefs_browser.h"
21 #include "mozilla/StaticPrefs_network.h"
22 #include "mozilla/StaticPrefs_privacy.h"
23 #include "mozilla/StoragePrincipalHelper.h"
24 #include "mozilla/TaskQueue.h"
25 #include "mozilla/Telemetry.h"
26 #include "nsBufferedStreams.h"
27 #include "nsCategoryCache.h"
28 #include "nsComponentManagerUtils.h"
29 #include "nsContentUtils.h"
30 #include "nsEscape.h"
31 #include "nsFileStreams.h"
32 #include "nsHashKeys.h"
33 #include "nsHttp.h"
34 #include "nsMimeTypes.h"
35 #include "nsIAuthPrompt.h"
36 #include "nsIAuthPrompt2.h"
37 #include "nsIAuthPromptAdapterFactory.h"
38 #include "nsIBufferedStreams.h"
39 #include "nsBufferedStreams.h"
40 #include "nsIChannelEventSink.h"
41 #include "nsIContentSniffer.h"
42 #include "mozilla/dom/Document.h"
43 #include "nsIDownloader.h"
44 #include "nsIFileProtocolHandler.h"
45 #include "nsIFileStreams.h"
46 #include "nsIFileURL.h"
47 #include "nsIIDNService.h"
48 #include "nsIInputStreamChannel.h"
49 #include "nsIInputStreamPump.h"
50 #include "nsIInterfaceRequestorUtils.h"
51 #include "nsILoadContext.h"
52 #include "nsIMIMEHeaderParam.h"
53 #include "nsINode.h"
54 #include "nsIObjectLoadingContent.h"
55 #include "nsPersistentProperties.h"
56 #include "nsIPrivateBrowsingChannel.h"
57 #include "nsIPropertyBag2.h"
58 #include "nsIProtocolProxyService.h"
59 #include "mozilla/net/RedirectChannelRegistrar.h"
60 #include "nsRequestObserverProxy.h"
61 #include "nsISensitiveInfoHiddenURI.h"
62 #include "nsISimpleStreamListener.h"
63 #include "nsISocketProvider.h"
64 #include "nsIStandardURL.h"
65 #include "nsIStreamLoader.h"
66 #include "nsIIncrementalStreamLoader.h"
67 #include "nsStringStream.h"
68 #include "nsSyncStreamListener.h"
69 #include "nsITextToSubURI.h"
70 #include "nsIURIWithSpecialOrigin.h"
71 #include "nsIViewSourceChannel.h"
72 #include "nsInterfaceRequestorAgg.h"
73 #include "nsINestedURI.h"
74 #include "mozilla/dom/nsCSPUtils.h"
75 #include "mozilla/dom/nsHTTPSOnlyUtils.h"
76 #include "mozilla/dom/nsMixedContentBlocker.h"
77 #include "mozilla/dom/BlobURLProtocolHandler.h"
78 #include "mozilla/net/HttpBaseChannel.h"
79 #include "nsIScriptError.h"
80 #include "nsISiteSecurityService.h"
81 #include "nsHttpHandler.h"
82 #include "nsNSSComponent.h"
83 #include "nsIRedirectHistoryEntry.h"
84 #include "nsICertStorage.h"
85 #include "nsICertOverrideService.h"
86 #include "nsQueryObject.h"
87 #include "mozIThirdPartyUtil.h"
88 #include "../mime/nsMIMEHeaderParamImpl.h"
89 #include "nsStandardURL.h"
90 #include "DefaultURI.h"
91 #include "nsChromeProtocolHandler.h"
92 #include "nsJSProtocolHandler.h"
93 #include "nsDataHandler.h"
94 #include "mozilla/dom/BlobURLProtocolHandler.h"
95 #include "nsStreamUtils.h"
96 #include "nsSocketTransportService2.h"
97 #include "nsViewSourceHandler.h"
98 #include "nsJARURI.h"
99 #include "nsIconURI.h"
100 #include "nsAboutProtocolHandler.h"
101 #include "nsResProtocolHandler.h"
102 #include "mozilla/net/ExtensionProtocolHandler.h"
103 #include "mozilla/net/PageThumbProtocolHandler.h"
104 #include "mozilla/net/SFVService.h"
105 #include <limits>
106 #include "nsIXPConnect.h"
107 #include "nsParserConstants.h"
108 #include "nsCRT.h"
109 #include "nsServiceManagerUtils.h"
110 #include "mozilla/dom/MediaList.h"
111 #include "MediaContainerType.h"
112 #include "DecoderTraits.h"
113 #include "imgLoader.h"
114
115 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
116 # include "nsNewMailnewsURI.h"
117 #endif
118
119 using namespace mozilla;
120 using namespace mozilla::net;
121 using mozilla::dom::BlobURLProtocolHandler;
122 using mozilla::dom::ClientInfo;
123 using mozilla::dom::PerformanceStorage;
124 using mozilla::dom::ServiceWorkerDescriptor;
125
126 #define MAX_RECURSION_COUNT 50
127
128 already_AddRefed<nsIIOService> do_GetIOService(nsresult* error /* = 0 */) {
129 nsCOMPtr<nsIIOService> io = mozilla::components::IO::Service();
130 if (error) *error = io ? NS_OK : NS_ERROR_FAILURE;
131 return io.forget();
132 }
133
134 nsresult NS_NewLocalFileInputStream(nsIInputStream** result, nsIFile* file,
135 int32_t ioFlags /* = -1 */,
136 int32_t perm /* = -1 */,
137 int32_t behaviorFlags /* = 0 */) {
138 nsresult rv;
139 nsCOMPtr<nsIFileInputStream> in =
140 do_CreateInstance(NS_LOCALFILEINPUTSTREAM_CONTRACTID, &rv);
141 if (NS_SUCCEEDED(rv)) {
142 rv = in->Init(file, ioFlags, perm, behaviorFlags);
143 if (NS_SUCCEEDED(rv)) in.forget(result);
144 }
145 return rv;
146 }
147
148 Result<nsCOMPtr<nsIInputStream>, nsresult> NS_NewLocalFileInputStream(
149 nsIFile* file, int32_t ioFlags /* = -1 */, int32_t perm /* = -1 */,
150 int32_t behaviorFlags /* = 0 */) {
151 nsCOMPtr<nsIInputStream> stream;
152 const nsresult rv = NS_NewLocalFileInputStream(getter_AddRefs(stream), file,
153 ioFlags, perm, behaviorFlags);
154 if (NS_SUCCEEDED(rv)) {
155 return stream;
156 }
157 return Err(rv);
158 }
159
160 nsresult NS_NewLocalFileOutputStream(nsIOutputStream** result, nsIFile* file,
161 int32_t ioFlags /* = -1 */,
162 int32_t perm /* = -1 */,
163 int32_t behaviorFlags /* = 0 */) {
164 nsresult rv;
165 nsCOMPtr<nsIFileOutputStream> out =
166 do_CreateInstance(NS_LOCALFILEOUTPUTSTREAM_CONTRACTID, &rv);
167 if (NS_SUCCEEDED(rv)) {
168 rv = out->Init(file, ioFlags, perm, behaviorFlags);
169 if (NS_SUCCEEDED(rv)) out.forget(result);
170 }
171 return rv;
172 }
173
174 Result<nsCOMPtr<nsIOutputStream>, nsresult> NS_NewLocalFileOutputStream(
175 nsIFile* file, int32_t ioFlags /* = -1 */, int32_t perm /* = -1 */,
176 int32_t behaviorFlags /* = 0 */) {
177 nsCOMPtr<nsIOutputStream> stream;
178 const nsresult rv = NS_NewLocalFileOutputStream(getter_AddRefs(stream), file,
179 ioFlags, perm, behaviorFlags);
180 if (NS_SUCCEEDED(rv)) {
181 return stream;
182 }
183 return Err(rv);
184 }
185
186 nsresult NS_NewLocalFileOutputStream(nsIOutputStream** result,
187 const mozilla::ipc::FileDescriptor& fd) {
188 nsCOMPtr<nsIFileOutputStream> out;
189 nsFileOutputStream::Create(NS_GET_IID(nsIFileOutputStream),
190 getter_AddRefs(out));
191
192 nsresult rv =
193 static_cast<nsFileOutputStream*>(out.get())->InitWithFileDescriptor(fd);
194 if (NS_FAILED(rv)) {
195 return rv;
196 }
197
198 out.forget(result);
199 return NS_OK;
200 }
201
202 nsresult net_EnsureIOService(nsIIOService** ios, nsCOMPtr<nsIIOService>& grip) {
203 nsresult rv = NS_OK;
204 if (!*ios) {
205 grip = do_GetIOService(&rv);
206 *ios = grip;
207 }
208 return rv;
209 }
210
211 nsresult NS_NewFileURI(
212 nsIURI** result, nsIFile* spec,
213 nsIIOService*
214 ioService /* = nullptr */) // pass in nsIIOService to optimize callers
215 {
216 nsresult rv;
217 nsCOMPtr<nsIIOService> grip;
218 rv = net_EnsureIOService(&ioService, grip);
219 if (ioService) rv = ioService->NewFileURI(spec, result);
220 return rv;
221 }
222
223 nsresult NS_GetURIWithNewRef(nsIURI* aInput, const nsACString& aRef,
224 nsIURI** aOutput) {
225 MOZ_DIAGNOSTIC_ASSERT(aRef.IsEmpty() || aRef[0] == '#');
226
227 if (NS_WARN_IF(!aInput || !aOutput)) {
228 return NS_ERROR_INVALID_ARG;
229 }
230
231 bool hasRef;
232 nsresult rv = aInput->GetHasRef(&hasRef);
233
234 nsAutoCString ref;
235 if (NS_SUCCEEDED(rv)) {
236 rv = aInput->GetRef(ref);
237 }
238
239 // If the ref is already equal to the new ref, we do not need to do anything.
240 // Also, if the GetRef failed (it could return NS_ERROR_NOT_IMPLEMENTED)
241 // we can assume SetRef would fail as well, so returning the original
242 // URI is OK.
243 //
244 // Note that aRef contains the hash, but ref doesn't, so need to account for
245 // that in the equality check.
246 if (NS_FAILED(rv) || (!hasRef && aRef.IsEmpty()) ||
247 (!aRef.IsEmpty() && hasRef &&
248 Substring(aRef.Data() + 1, aRef.Length() - 1) == ref)) {
249 nsCOMPtr<nsIURI> uri = aInput;
250 uri.forget(aOutput);
251 return NS_OK;
252 }
253
254 return NS_MutateURI(aInput).SetRef(aRef).Finalize(aOutput);
255 }
256
257 nsresult NS_GetURIWithoutRef(nsIURI* aInput, nsIURI** aOutput) {
258 return NS_GetURIWithNewRef(aInput, ""_ns, aOutput);
259 }
260
261 nsresult NS_NewChannelInternal(
262 nsIChannel** outChannel, nsIURI* aUri, nsILoadInfo* aLoadInfo,
263 PerformanceStorage* aPerformanceStorage /* = nullptr */,
264 nsILoadGroup* aLoadGroup /* = nullptr */,
265 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
266 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
267 nsIIOService* aIoService /* = nullptr */) {
268 // NS_NewChannelInternal is mostly called for channel redirects. We should
269 // allow the creation of a channel even if the original channel did not have a
270 // loadinfo attached.
271 NS_ENSURE_ARG_POINTER(outChannel);
272
273 nsCOMPtr<nsIIOService> grip;
274 nsresult rv = net_EnsureIOService(&aIoService, grip);
275 NS_ENSURE_SUCCESS(rv, rv);
276
277 nsCOMPtr<nsIChannel> channel;
278 rv = aIoService->NewChannelFromURIWithLoadInfo(aUri, aLoadInfo,
279 getter_AddRefs(channel));
280 NS_ENSURE_SUCCESS(rv, rv);
281
282 if (aLoadGroup) {
283 rv = channel->SetLoadGroup(aLoadGroup);
284 NS_ENSURE_SUCCESS(rv, rv);
285 }
286
287 if (aCallbacks) {
288 rv = channel->SetNotificationCallbacks(aCallbacks);
289 NS_ENSURE_SUCCESS(rv, rv);
290 }
291
292 #ifdef DEBUG
293 nsLoadFlags channelLoadFlags = 0;
294 channel->GetLoadFlags(&channelLoadFlags);
295 // Will be removed when we remove LOAD_REPLACE altogether
296 // This check is trying to catch protocol handlers that still
297 // try to set the LOAD_REPLACE flag.
298 MOZ_DIAGNOSTIC_ASSERT(!(channelLoadFlags & nsIChannel::LOAD_REPLACE));
299 #endif
300
301 if (aLoadFlags != nsIRequest::LOAD_NORMAL) {
302 rv = channel->SetLoadFlags(aLoadFlags);
303 NS_ENSURE_SUCCESS(rv, rv);
304 }
305
306 if (aPerformanceStorage) {
307 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
308 loadInfo->SetPerformanceStorage(aPerformanceStorage);
309 }
310
311 channel.forget(outChannel);
312 return NS_OK;
313 }
314
315 namespace {
316
317 void AssertLoadingPrincipalAndClientInfoMatch(
318 nsIPrincipal* aLoadingPrincipal, const ClientInfo& aLoadingClientInfo,
319 nsContentPolicyType aType) {
320 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
321 // Verify that the provided loading ClientInfo matches the loading
322 // principal. Unfortunately we can't just use nsIPrincipal::Equals() here
323 // because of some corner cases:
324 //
325 // 1. Worker debugger scripts want to use a system loading principal for
326 // worker scripts with a content principal. We exempt these from this
327 // check.
328 // 2. Null principals currently require exact object identity for
329 // nsIPrincipal::Equals() to return true. This doesn't work here because
330 // ClientInfo::GetPrincipal() uses PrincipalInfoToPrincipal() to allocate
331 // a new object. To work around this we compare the principal origin
332 // string itself. If bug 1431771 is fixed then we could switch to
333 // Equals().
334
335 // Allow worker debugger to load with a system principal.
336 if (aLoadingPrincipal->IsSystemPrincipal() &&
337 (aType == nsIContentPolicy::TYPE_INTERNAL_WORKER ||
338 aType == nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER ||
339 aType == nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER ||
340 aType == nsIContentPolicy::TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS ||
341 aType == nsIContentPolicy::TYPE_INTERNAL_WORKER_STATIC_MODULE)) {
342 return;
343 }
344
345 // Perform a fast comparison for most principal checks.
346 auto clientPrincipalOrErr(aLoadingClientInfo.GetPrincipal());
347 if (clientPrincipalOrErr.isOk()) {
348 nsCOMPtr<nsIPrincipal> clientPrincipal = clientPrincipalOrErr.unwrap();
349 if (aLoadingPrincipal->Equals(clientPrincipal)) {
350 return;
351 }
352 // Fall back to a slower origin equality test to support null principals.
353 nsAutoCString loadingOriginNoSuffix;
354 MOZ_ALWAYS_SUCCEEDS(
355 aLoadingPrincipal->GetOriginNoSuffix(loadingOriginNoSuffix));
356
357 nsAutoCString clientOriginNoSuffix;
358 MOZ_ALWAYS_SUCCEEDS(
359 clientPrincipal->GetOriginNoSuffix(clientOriginNoSuffix));
360
361 // The client principal will have the partitionKey set if it's in a third
362 // party context, but the loading principal won't. So, we ignore he
363 // partitionKey when doing the verification here.
364 MOZ_DIAGNOSTIC_ASSERT(loadingOriginNoSuffix == clientOriginNoSuffix);
365 MOZ_DIAGNOSTIC_ASSERT(
366 aLoadingPrincipal->OriginAttributesRef().EqualsIgnoringPartitionKey(
367 clientPrincipal->OriginAttributesRef()));
368 }
369 #endif
370 }
371
372 } // namespace
373
374 nsresult NS_NewChannel(nsIChannel** outChannel, nsIURI* aUri,
375 nsIPrincipal* aLoadingPrincipal,
376 nsSecurityFlags aSecurityFlags,
377 nsContentPolicyType aContentPolicyType,
378 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
379 PerformanceStorage* aPerformanceStorage /* = nullptr */,
380 nsILoadGroup* aLoadGroup /* = nullptr */,
381 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
382 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
383 nsIIOService* aIoService /* = nullptr */,
384 uint32_t aSandboxFlags /* = 0 */,
385 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
386 return NS_NewChannelInternal(
387 outChannel, aUri,
388 nullptr, // aLoadingNode,
389 aLoadingPrincipal,
390 nullptr, // aTriggeringPrincipal
391 Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
392 aContentPolicyType, aCookieJarSettings, aPerformanceStorage, aLoadGroup,
393 aCallbacks, aLoadFlags, aIoService, aSandboxFlags,
394 aSkipCheckForBrokenURLOrZeroSized);
395 }
396
397 nsresult NS_NewChannel(nsIChannel** outChannel, nsIURI* aUri,
398 nsIPrincipal* aLoadingPrincipal,
399 const ClientInfo& aLoadingClientInfo,
400 const Maybe<ServiceWorkerDescriptor>& aController,
401 nsSecurityFlags aSecurityFlags,
402 nsContentPolicyType aContentPolicyType,
403 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
404 PerformanceStorage* aPerformanceStorage /* = nullptr */,
405 nsILoadGroup* aLoadGroup /* = nullptr */,
406 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
407 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
408 nsIIOService* aIoService /* = nullptr */,
409 uint32_t aSandboxFlags /* = 0 */,
410 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
411 AssertLoadingPrincipalAndClientInfoMatch(
412 aLoadingPrincipal, aLoadingClientInfo, aContentPolicyType);
413
414 Maybe<ClientInfo> loadingClientInfo;
415 loadingClientInfo.emplace(aLoadingClientInfo);
416
417 return NS_NewChannelInternal(
418 outChannel, aUri,
419 nullptr, // aLoadingNode,
420 aLoadingPrincipal,
421 nullptr, // aTriggeringPrincipal
422 loadingClientInfo, aController, aSecurityFlags, aContentPolicyType,
423 aCookieJarSettings, aPerformanceStorage, aLoadGroup, aCallbacks,
424 aLoadFlags, aIoService, aSandboxFlags, aSkipCheckForBrokenURLOrZeroSized);
425 }
426
427 nsresult NS_NewChannelInternal(
428 nsIChannel** outChannel, nsIURI* aUri, nsINode* aLoadingNode,
429 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
430 const Maybe<ClientInfo>& aLoadingClientInfo,
431 const Maybe<ServiceWorkerDescriptor>& aController,
432 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
433 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
434 PerformanceStorage* aPerformanceStorage /* = nullptr */,
435 nsILoadGroup* aLoadGroup /* = nullptr */,
436 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
437 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
438 nsIIOService* aIoService /* = nullptr */, uint32_t aSandboxFlags /* = 0 */,
439 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
440 NS_ENSURE_ARG_POINTER(outChannel);
441
442 nsCOMPtr<nsIIOService> grip;
443 nsresult rv = net_EnsureIOService(&aIoService, grip);
444 NS_ENSURE_SUCCESS(rv, rv);
445
446 nsCOMPtr<nsIChannel> channel;
447 rv = aIoService->NewChannelFromURIWithClientAndController(
448 aUri, aLoadingNode, aLoadingPrincipal, aTriggeringPrincipal,
449 aLoadingClientInfo, aController, aSecurityFlags, aContentPolicyType,
450 aSandboxFlags, aSkipCheckForBrokenURLOrZeroSized,
451 getter_AddRefs(channel));
452 if (NS_FAILED(rv)) {
453 return rv;
454 }
455
456 if (aLoadGroup) {
457 rv = channel->SetLoadGroup(aLoadGroup);
458 NS_ENSURE_SUCCESS(rv, rv);
459 }
460
461 if (aCallbacks) {
462 rv = channel->SetNotificationCallbacks(aCallbacks);
463 NS_ENSURE_SUCCESS(rv, rv);
464 }
465
466 #ifdef DEBUG
467 nsLoadFlags channelLoadFlags = 0;
468 channel->GetLoadFlags(&channelLoadFlags);
469 // Will be removed when we remove LOAD_REPLACE altogether
470 // This check is trying to catch protocol handlers that still
471 // try to set the LOAD_REPLACE flag.
472 MOZ_DIAGNOSTIC_ASSERT(!(channelLoadFlags & nsIChannel::LOAD_REPLACE));
473 #endif
474
475 if (aLoadFlags != nsIRequest::LOAD_NORMAL) {
476 rv = channel->SetLoadFlags(aLoadFlags);
477 NS_ENSURE_SUCCESS(rv, rv);
478 }
479
480 if (aPerformanceStorage || aCookieJarSettings) {
481 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
482
483 if (aPerformanceStorage) {
484 loadInfo->SetPerformanceStorage(aPerformanceStorage);
485 }
486
487 if (aCookieJarSettings) {
488 loadInfo->SetCookieJarSettings(aCookieJarSettings);
489 }
490 }
491
492 channel.forget(outChannel);
493 return NS_OK;
494 }
495
496 nsresult /*NS_NewChannelWithNodeAndTriggeringPrincipal */
497 NS_NewChannelWithTriggeringPrincipal(
498 nsIChannel** outChannel, nsIURI* aUri, nsINode* aLoadingNode,
499 nsIPrincipal* aTriggeringPrincipal, nsSecurityFlags aSecurityFlags,
500 nsContentPolicyType aContentPolicyType,
501 PerformanceStorage* aPerformanceStorage /* = nullptr */,
502 nsILoadGroup* aLoadGroup /* = nullptr */,
503 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
504 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
505 nsIIOService* aIoService /* = nullptr */) {
506 MOZ_ASSERT(aLoadingNode);
507 NS_ASSERTION(aTriggeringPrincipal,
508 "Can not create channel without a triggering Principal!");
509 return NS_NewChannelInternal(
510 outChannel, aUri, aLoadingNode, aLoadingNode->NodePrincipal(),
511 aTriggeringPrincipal, Maybe<ClientInfo>(),
512 Maybe<ServiceWorkerDescriptor>(), aSecurityFlags, aContentPolicyType,
513 aLoadingNode->OwnerDoc()->CookieJarSettings(), aPerformanceStorage,
514 aLoadGroup, aCallbacks, aLoadFlags, aIoService);
515 }
516
517 // See NS_NewChannelInternal for usage and argument description
518 nsresult NS_NewChannelWithTriggeringPrincipal(
519 nsIChannel** outChannel, nsIURI* aUri, nsIPrincipal* aLoadingPrincipal,
520 nsIPrincipal* aTriggeringPrincipal, nsSecurityFlags aSecurityFlags,
521 nsContentPolicyType aContentPolicyType,
522 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
523 PerformanceStorage* aPerformanceStorage /* = nullptr */,
524 nsILoadGroup* aLoadGroup /* = nullptr */,
525 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
526 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
527 nsIIOService* aIoService /* = nullptr */) {
528 NS_ASSERTION(aLoadingPrincipal,
529 "Can not create channel without a loading Principal!");
530 return NS_NewChannelInternal(
531 outChannel, aUri,
532 nullptr, // aLoadingNode
533 aLoadingPrincipal, aTriggeringPrincipal, Maybe<ClientInfo>(),
534 Maybe<ServiceWorkerDescriptor>(), aSecurityFlags, aContentPolicyType,
535 aCookieJarSettings, aPerformanceStorage, aLoadGroup, aCallbacks,
536 aLoadFlags, aIoService);
537 }
538
539 // See NS_NewChannelInternal for usage and argument description
540 nsresult NS_NewChannelWithTriggeringPrincipal(
541 nsIChannel** outChannel, nsIURI* aUri, nsIPrincipal* aLoadingPrincipal,
542 nsIPrincipal* aTriggeringPrincipal, const ClientInfo& aLoadingClientInfo,
543 const Maybe<ServiceWorkerDescriptor>& aController,
544 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
545 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
546 PerformanceStorage* aPerformanceStorage /* = nullptr */,
547 nsILoadGroup* aLoadGroup /* = nullptr */,
548 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
549 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
550 nsIIOService* aIoService /* = nullptr */) {
551 AssertLoadingPrincipalAndClientInfoMatch(
552 aLoadingPrincipal, aLoadingClientInfo, aContentPolicyType);
553
554 Maybe<ClientInfo> loadingClientInfo;
555 loadingClientInfo.emplace(aLoadingClientInfo);
556
557 return NS_NewChannelInternal(
558 outChannel, aUri,
559 nullptr, // aLoadingNode
560 aLoadingPrincipal, aTriggeringPrincipal, loadingClientInfo, aController,
561 aSecurityFlags, aContentPolicyType, aCookieJarSettings,
562 aPerformanceStorage, aLoadGroup, aCallbacks, aLoadFlags, aIoService);
563 }
564
565 nsresult NS_NewChannel(nsIChannel** outChannel, nsIURI* aUri,
566 nsINode* aLoadingNode, nsSecurityFlags aSecurityFlags,
567 nsContentPolicyType aContentPolicyType,
568 PerformanceStorage* aPerformanceStorage /* = nullptr */,
569 nsILoadGroup* aLoadGroup /* = nullptr */,
570 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
571 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
572 nsIIOService* aIoService /* = nullptr */,
573 uint32_t aSandboxFlags /* = 0 */,
574 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
575 NS_ASSERTION(aLoadingNode, "Can not create channel without a loading Node!");
576 return NS_NewChannelInternal(
577 outChannel, aUri, aLoadingNode, aLoadingNode->NodePrincipal(),
578 nullptr, // aTriggeringPrincipal
579 Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
580 aContentPolicyType, aLoadingNode->OwnerDoc()->CookieJarSettings(),
581 aPerformanceStorage, aLoadGroup, aCallbacks, aLoadFlags, aIoService,
582 aSandboxFlags, aSkipCheckForBrokenURLOrZeroSized);
583 }
584
585 nsresult NS_GetIsDocumentChannel(nsIChannel* aChannel, bool* aIsDocument) {
586 // Check if this channel is going to be used to create a document. If it has
587 // LOAD_DOCUMENT_URI set it is trivially creating a document. If
588 // LOAD_HTML_OBJECT_DATA is set it may or may not be used to create a
589 // document, depending on its MIME type.
590
591 if (!aChannel || !aIsDocument) {
592 return NS_ERROR_NULL_POINTER;
593 }
594 *aIsDocument = false;
595 nsLoadFlags loadFlags;
596 nsresult rv = aChannel->GetLoadFlags(&loadFlags);
597 if (NS_FAILED(rv)) {
598 return rv;
599 }
600 if (loadFlags & nsIChannel::LOAD_DOCUMENT_URI) {
601 *aIsDocument = true;
602 return NS_OK;
603 }
604 if (!(loadFlags & nsIRequest::LOAD_HTML_OBJECT_DATA)) {
605 *aIsDocument = false;
606 return NS_OK;
607 }
608 nsAutoCString mimeType;
609 rv = aChannel->GetContentType(mimeType);
610 if (NS_FAILED(rv)) {
611 return rv;
612 }
613 if (nsContentUtils::HtmlObjectContentTypeForMIMEType(mimeType) ==
614 nsIObjectLoadingContent::TYPE_DOCUMENT) {
615 *aIsDocument = true;
616 return NS_OK;
617 }
618 *aIsDocument = false;
619 return NS_OK;
620 }
621
622 nsresult NS_MakeAbsoluteURI(nsACString& result, const nsACString& spec,
623 nsIURI* baseURI) {
624 nsresult rv;
625 if (!baseURI) {
626 NS_WARNING("It doesn't make sense to not supply a base URI");
627 result = spec;
628 rv = NS_OK;
629 } else if (spec.IsEmpty()) {
630 rv = baseURI->GetSpec(result);
631 } else {
632 rv = baseURI->Resolve(spec, result);
633 }
634 return rv;
635 }
636
637 nsresult NS_MakeAbsoluteURI(char** result, const char* spec, nsIURI* baseURI) {
638 nsresult rv;
639 nsAutoCString resultBuf;
640 rv = NS_MakeAbsoluteURI(resultBuf, nsDependentCString(spec), baseURI);
641 if (NS_SUCCEEDED(rv)) {
642 *result = ToNewCString(resultBuf, mozilla::fallible);
643 if (!*result) rv = NS_ERROR_OUT_OF_MEMORY;
644 }
645 return rv;
646 }
647
648 nsresult NS_MakeAbsoluteURI(nsAString& result, const nsAString& spec,
649 nsIURI* baseURI) {
650 nsresult rv;
651 if (!baseURI) {
652 NS_WARNING("It doesn't make sense to not supply a base URI");
653 result = spec;
654 rv = NS_OK;
655 } else {
656 nsAutoCString resultBuf;
657 if (spec.IsEmpty()) {
658 rv = baseURI->GetSpec(resultBuf);
659 } else {
660 rv = baseURI->Resolve(NS_ConvertUTF16toUTF8(spec), resultBuf);
661 }
662 if (NS_SUCCEEDED(rv)) CopyUTF8toUTF16(resultBuf, result);
663 }
664 return rv;
665 }
666
667 int32_t NS_GetDefaultPort(const char* scheme,
668 nsIIOService* ioService /* = nullptr */) {
669 nsresult rv;
670
671 // Getting the default port through the protocol handler previously had a lot
672 // of XPCOM overhead involved. We optimize the protocols that matter for Web
673 // pages (HTTP and HTTPS) by hardcoding their default ports here.
674 //
675 // XXX: This might not be necessary for performance anymore.
676 if (strncmp(scheme, "http", 4) == 0) {
677 if (scheme[4] == 's' && scheme[5] == '\0') {
678 return 443;
679 }
680 if (scheme[4] == '\0') {
681 return 80;
682 }
683 }
684
685 nsCOMPtr<nsIIOService> grip;
686 net_EnsureIOService(&ioService, grip);
687 if (!ioService) return -1;
688
689 int32_t port;
690 rv = ioService->GetDefaultPort(scheme, &port);
691 return NS_SUCCEEDED(rv) ? port : -1;
692 }
693
694 /**
695 * This function is a helper function to apply the ToAscii conversion
696 * to a string
697 */
698 bool NS_StringToACE(const nsACString& idn, nsACString& result) {
699 nsCOMPtr<nsIIDNService> idnSrv = do_GetService(NS_IDNSERVICE_CONTRACTID);
700 if (!idnSrv) return false;
701 nsresult rv = idnSrv->ConvertUTF8toACE(idn, result);
702 return NS_SUCCEEDED(rv);
703 }
704
705 int32_t NS_GetRealPort(nsIURI* aURI) {
706 int32_t port;
707 nsresult rv = aURI->GetPort(&port);
708 if (NS_FAILED(rv)) return -1;
709
710 if (port != -1) return port; // explicitly specified
711
712 // Otherwise, we have to get the default port from the protocol handler
713
714 // Need the scheme first
715 nsAutoCString scheme;
716 rv = aURI->GetScheme(scheme);
717 if (NS_FAILED(rv)) return -1;
718
719 return NS_GetDefaultPort(scheme.get());
720 }
721
722 nsresult NS_NewInputStreamChannelInternal(
723 nsIChannel** outChannel, nsIURI* aUri,
724 already_AddRefed<nsIInputStream> aStream, const nsACString& aContentType,
725 const nsACString& aContentCharset, nsILoadInfo* aLoadInfo) {
726 nsresult rv;
727 nsCOMPtr<nsIInputStreamChannel> isc =
728 do_CreateInstance(NS_INPUTSTREAMCHANNEL_CONTRACTID, &rv);
729 NS_ENSURE_SUCCESS(rv, rv);
730 rv = isc->SetURI(aUri);
731 NS_ENSURE_SUCCESS(rv, rv);
732
733 nsCOMPtr<nsIInputStream> stream = std::move(aStream);
734 rv = isc->SetContentStream(stream);
735 NS_ENSURE_SUCCESS(rv, rv);
736
737 nsCOMPtr<nsIChannel> channel = do_QueryInterface(isc, &rv);
738 NS_ENSURE_SUCCESS(rv, rv);
739
740 if (!aContentType.IsEmpty()) {
741 rv = channel->SetContentType(aContentType);
742 NS_ENSURE_SUCCESS(rv, rv);
743 }
744
745 if (!aContentCharset.IsEmpty()) {
746 rv = channel->SetContentCharset(aContentCharset);
747 NS_ENSURE_SUCCESS(rv, rv);
748 }
749
750 MOZ_ASSERT(aLoadInfo, "need a loadinfo to create a inputstreamchannel");
751 channel->SetLoadInfo(aLoadInfo);
752
753 // If we're sandboxed, make sure to clear any owner the channel
754 // might already have.
755 if (aLoadInfo && aLoadInfo->GetLoadingSandboxed()) {
756 channel->SetOwner(nullptr);
757 }
758
759 channel.forget(outChannel);
760 return NS_OK;
761 }
762
763 nsresult NS_NewInputStreamChannelInternal(
764 nsIChannel** outChannel, nsIURI* aUri,
765 already_AddRefed<nsIInputStream> aStream, const nsACString& aContentType,
766 const nsACString& aContentCharset, nsINode* aLoadingNode,
767 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
768 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType) {
769 nsCOMPtr<nsILoadInfo> loadInfo = new mozilla::net::LoadInfo(
770 aLoadingPrincipal, aTriggeringPrincipal, aLoadingNode, aSecurityFlags,
771 aContentPolicyType);
772 if (!loadInfo) {
773 return NS_ERROR_UNEXPECTED;
774 }
775
776 nsCOMPtr<nsIInputStream> stream = std::move(aStream);
777
778 return NS_NewInputStreamChannelInternal(outChannel, aUri, stream.forget(),
779 aContentType, aContentCharset,
780 loadInfo);
781 }
782
783 nsresult NS_NewInputStreamChannel(
784 nsIChannel** outChannel, nsIURI* aUri,
785 already_AddRefed<nsIInputStream> aStream, nsIPrincipal* aLoadingPrincipal,
786 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
787 const nsACString& aContentType /* = ""_ns */,
788 const nsACString& aContentCharset /* = ""_ns */) {
789 nsCOMPtr<nsIInputStream> stream = aStream;
790 return NS_NewInputStreamChannelInternal(outChannel, aUri, stream.forget(),
791 aContentType, aContentCharset,
792 nullptr, // aLoadingNode
793 aLoadingPrincipal,
794 nullptr, // aTriggeringPrincipal
795 aSecurityFlags, aContentPolicyType);
796 }
797
798 nsresult NS_NewInputStreamChannelInternal(nsIChannel** outChannel, nsIURI* aUri,
799 const nsAString& aData,
800 const nsACString& aContentType,
801 nsILoadInfo* aLoadInfo,
802 bool aIsSrcdocChannel /* = false */) {
803 nsresult rv;
804 nsCOMPtr<nsIStringInputStream> stream;
805 stream = do_CreateInstance(NS_STRINGINPUTSTREAM_CONTRACTID, &rv);
806 NS_ENSURE_SUCCESS(rv, rv);
807
808 uint32_t len;
809 char* utf8Bytes = ToNewUTF8String(aData, &len);
810 rv = stream->AdoptData(utf8Bytes, len);
811
812 nsCOMPtr<nsIChannel> channel;
813 rv = NS_NewInputStreamChannelInternal(getter_AddRefs(channel), aUri,
814 stream.forget(), aContentType,
815 "UTF-8"_ns, aLoadInfo);
816
817 NS_ENSURE_SUCCESS(rv, rv);
818
819 if (aIsSrcdocChannel) {
820 nsCOMPtr<nsIInputStreamChannel> inStrmChan = do_QueryInterface(channel);
821 NS_ENSURE_TRUE(inStrmChan, NS_ERROR_FAILURE);
822 inStrmChan->SetSrcdocData(aData);
823 }
824 channel.forget(outChannel);
825 return NS_OK;
826 }
827
828 nsresult NS_NewInputStreamChannelInternal(
829 nsIChannel** outChannel, nsIURI* aUri, const nsAString& aData,
830 const nsACString& aContentType, nsINode* aLoadingNode,
831 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
832 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
833 bool aIsSrcdocChannel /* = false */) {
834 nsCOMPtr<nsILoadInfo> loadInfo = new mozilla::net::LoadInfo(
835 aLoadingPrincipal, aTriggeringPrincipal, aLoadingNode, aSecurityFlags,
836 aContentPolicyType);
837 return NS_NewInputStreamChannelInternal(outChannel, aUri, aData, aContentType,
838 loadInfo, aIsSrcdocChannel);
839 }
840
841 nsresult NS_NewInputStreamChannel(nsIChannel** outChannel, nsIURI* aUri,
842 const nsAString& aData,
843 const nsACString& aContentType,
844 nsIPrincipal* aLoadingPrincipal,
845 nsSecurityFlags aSecurityFlags,
846 nsContentPolicyType aContentPolicyType,
847 bool aIsSrcdocChannel /* = false */) {
848 return NS_NewInputStreamChannelInternal(outChannel, aUri, aData, aContentType,
849 nullptr, // aLoadingNode
850 aLoadingPrincipal,
851 nullptr, // aTriggeringPrincipal
852 aSecurityFlags, aContentPolicyType,
853 aIsSrcdocChannel);
854 }
855
856 nsresult NS_NewInputStreamPump(
857 nsIInputStreamPump** aResult, already_AddRefed<nsIInputStream> aStream,
858 uint32_t aSegsize /* = 0 */, uint32_t aSegcount /* = 0 */,
859 bool aCloseWhenDone /* = false */,
860 nsISerialEventTarget* aMainThreadTarget /* = nullptr */) {
861 nsCOMPtr<nsIInputStream> stream = std::move(aStream);
862
863 nsresult rv;
864 nsCOMPtr<nsIInputStreamPump> pump =
865 do_CreateInstance(NS_INPUTSTREAMPUMP_CONTRACTID, &rv);
866 if (NS_SUCCEEDED(rv)) {
867 rv = pump->Init(stream, aSegsize, aSegcount, aCloseWhenDone,
868 aMainThreadTarget);
869 if (NS_SUCCEEDED(rv)) {
870 *aResult = nullptr;
871 pump.swap(*aResult);
872 }
873 }
874 return rv;
875 }
876
877 nsresult NS_NewLoadGroup(nsILoadGroup** result, nsIRequestObserver* obs) {
878 nsresult rv;
879 nsCOMPtr<nsILoadGroup> group =
880 do_CreateInstance(NS_LOADGROUP_CONTRACTID, &rv);
881 if (NS_SUCCEEDED(rv)) {
882 rv = group->SetGroupObserver(obs);
883 if (NS_SUCCEEDED(rv)) {
884 *result = nullptr;
885 group.swap(*result);
886 }
887 }
888 return rv;
889 }
890
891 bool NS_IsReasonableHTTPHeaderValue(const nsACString& aValue) {
892 return mozilla::net::nsHttp::IsReasonableHeaderValue(aValue);
893 }
894
895 bool NS_IsValidHTTPToken(const nsACString& aToken) {
896 return mozilla::net::nsHttp::IsValidToken(aToken);
897 }
898
899 void NS_TrimHTTPWhitespace(const nsACString& aSource, nsACString& aDest) {
900 mozilla::net::nsHttp::TrimHTTPWhitespace(aSource, aDest);
901 }
902
903 nsresult NS_NewLoadGroup(nsILoadGroup** aResult, nsIPrincipal* aPrincipal) {
904 using mozilla::LoadContext;
905 nsresult rv;
906
907 nsCOMPtr<nsILoadGroup> group =
908 do_CreateInstance(NS_LOADGROUP_CONTRACTID, &rv);
909 NS_ENSURE_SUCCESS(rv, rv);
910
911 RefPtr<LoadContext> loadContext = new LoadContext(aPrincipal);
912 rv = group->SetNotificationCallbacks(loadContext);
913 NS_ENSURE_SUCCESS(rv, rv);
914
915 group.forget(aResult);
916 return rv;
917 }
918
919 bool NS_LoadGroupMatchesPrincipal(nsILoadGroup* aLoadGroup,
920 nsIPrincipal* aPrincipal) {
921 if (!aPrincipal) {
922 return false;
923 }
924
925 // If this is a null principal then the load group doesn't really matter.
926 // The principal will not be allowed to perform any actions that actually
927 // use the load group. Unconditionally treat null principals as a match.
928 if (aPrincipal->GetIsNullPrincipal()) {
929 return true;
930 }
931
932 if (!aLoadGroup) {
933 return false;
934 }
935
936 nsCOMPtr<nsILoadContext> loadContext;
937 NS_QueryNotificationCallbacks(nullptr, aLoadGroup, NS_GET_IID(nsILoadContext),
938 getter_AddRefs(loadContext));
939 NS_ENSURE_TRUE(loadContext, false);
940
941 return true;
942 }
943
944 nsresult NS_NewDownloader(nsIStreamListener** result,
945 nsIDownloadObserver* observer,
946 nsIFile* downloadLocation /* = nullptr */) {
947 nsresult rv;
948 nsCOMPtr<nsIDownloader> downloader =
949 do_CreateInstance(NS_DOWNLOADER_CONTRACTID, &rv);
950 if (NS_SUCCEEDED(rv)) {
951 rv = downloader->Init(observer, downloadLocation);
952 if (NS_SUCCEEDED(rv)) {
953 downloader.forget(result);
954 }
955 }
956 return rv;
957 }
958
959 nsresult NS_NewIncrementalStreamLoader(
960 nsIIncrementalStreamLoader** result,
961 nsIIncrementalStreamLoaderObserver* observer) {
962 nsresult rv;
963 nsCOMPtr<nsIIncrementalStreamLoader> loader =
964 do_CreateInstance(NS_INCREMENTALSTREAMLOADER_CONTRACTID, &rv);
965 if (NS_SUCCEEDED(rv)) {
966 rv = loader->Init(observer);
967 if (NS_SUCCEEDED(rv)) {
968 *result = nullptr;
969 loader.swap(*result);
970 }
971 }
972 return rv;
973 }
974
975 nsresult NS_NewStreamLoader(
976 nsIStreamLoader** result, nsIStreamLoaderObserver* observer,
977 nsIRequestObserver* requestObserver /* = nullptr */) {
978 nsresult rv;
979 nsCOMPtr<nsIStreamLoader> loader =
980 do_CreateInstance(NS_STREAMLOADER_CONTRACTID, &rv);
981 if (NS_SUCCEEDED(rv)) {
982 rv = loader->Init(observer, requestObserver);
983 if (NS_SUCCEEDED(rv)) {
984 *result = nullptr;
985 loader.swap(*result);
986 }
987 }
988 return rv;
989 }
990
991 nsresult NS_NewStreamLoaderInternal(
992 nsIStreamLoader** outStream, nsIURI* aUri,
993 nsIStreamLoaderObserver* aObserver, nsINode* aLoadingNode,
994 nsIPrincipal* aLoadingPrincipal, nsSecurityFlags aSecurityFlags,
995 nsContentPolicyType aContentPolicyType,
996 nsILoadGroup* aLoadGroup /* = nullptr */,
997 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
998 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */) {
999 nsCOMPtr<nsIChannel> channel;
1000 nsresult rv = NS_NewChannelInternal(
1001 getter_AddRefs(channel), aUri, aLoadingNode, aLoadingPrincipal,
1002 nullptr, // aTriggeringPrincipal
1003 Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
1004 aContentPolicyType,
1005 nullptr, // nsICookieJarSettings
1006 nullptr, // PerformanceStorage
1007 aLoadGroup, aCallbacks, aLoadFlags);
1008
1009 NS_ENSURE_SUCCESS(rv, rv);
1010 rv = NS_NewStreamLoader(outStream, aObserver);
1011 NS_ENSURE_SUCCESS(rv, rv);
1012 return channel->AsyncOpen(*outStream);
1013 }
1014
1015 nsresult NS_NewStreamLoader(
1016 nsIStreamLoader** outStream, nsIURI* aUri,
1017 nsIStreamLoaderObserver* aObserver, nsINode* aLoadingNode,
1018 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
1019 nsILoadGroup* aLoadGroup /* = nullptr */,
1020 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
1021 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */) {
1022 NS_ASSERTION(aLoadingNode,
1023 "Can not create stream loader without a loading Node!");
1024 return NS_NewStreamLoaderInternal(
1025 outStream, aUri, aObserver, aLoadingNode, aLoadingNode->NodePrincipal(),
1026 aSecurityFlags, aContentPolicyType, aLoadGroup, aCallbacks, aLoadFlags);
1027 }
1028
1029 nsresult NS_NewStreamLoader(
1030 nsIStreamLoader** outStream, nsIURI* aUri,
1031 nsIStreamLoaderObserver* aObserver, nsIPrincipal* aLoadingPrincipal,
1032 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
1033 nsILoadGroup* aLoadGroup /* = nullptr */,
1034 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
1035 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */) {
1036 return NS_NewStreamLoaderInternal(outStream, aUri, aObserver,
1037 nullptr, // aLoadingNode
1038 aLoadingPrincipal, aSecurityFlags,
1039 aContentPolicyType, aLoadGroup, aCallbacks,
1040 aLoadFlags);
1041 }
1042
1043 nsresult NS_NewSyncStreamListener(nsIStreamListener** result,
1044 nsIInputStream** stream) {
1045 nsCOMPtr<nsISyncStreamListener> listener = new nsSyncStreamListener();
1046 nsresult rv = listener->GetInputStream(stream);
1047 if (NS_SUCCEEDED(rv)) {
1048 listener.forget(result);
1049 }
1050 return rv;
1051 }
1052
1053 nsresult NS_ImplementChannelOpen(nsIChannel* channel, nsIInputStream** result) {
1054 nsCOMPtr<nsIStreamListener> listener;
1055 nsCOMPtr<nsIInputStream> stream;
1056 nsresult rv = NS_NewSyncStreamListener(getter_AddRefs(listener),
1057 getter_AddRefs(stream));
1058 NS_ENSURE_SUCCESS(rv, rv);
1059
1060 rv = channel->AsyncOpen(listener);
1061 NS_ENSURE_SUCCESS(rv, rv);
1062
1063 uint64_t n;
1064 // block until the initial response is received or an error occurs.
1065 rv = stream->Available(&n);
1066 NS_ENSURE_SUCCESS(rv, rv);
1067
1068 *result = nullptr;
1069 stream.swap(*result);
1070
1071 return NS_OK;
1072 }
1073
1074 nsresult NS_NewRequestObserverProxy(nsIRequestObserver** result,
1075 nsIRequestObserver* observer,
1076 nsISupports* context) {
1077 nsCOMPtr<nsIRequestObserverProxy> proxy = new nsRequestObserverProxy();
1078 nsresult rv = proxy->Init(observer, context);
1079 if (NS_SUCCEEDED(rv)) {
1080 proxy.forget(result);
1081 }
1082 return rv;
1083 }
1084
1085 nsresult NS_NewSimpleStreamListener(
1086 nsIStreamListener** result, nsIOutputStream* sink,
1087 nsIRequestObserver* observer /* = nullptr */) {
1088 nsresult rv;
1089 nsCOMPtr<nsISimpleStreamListener> listener =
1090 do_CreateInstance(NS_SIMPLESTREAMLISTENER_CONTRACTID, &rv);
1091 if (NS_SUCCEEDED(rv)) {
1092 rv = listener->Init(sink, observer);
1093 if (NS_SUCCEEDED(rv)) {
1094 listener.forget(result);
1095 }
1096 }
1097 return rv;
1098 }
1099
1100 nsresult NS_CheckPortSafety(int32_t port, const char* scheme,
1101 nsIIOService* ioService /* = nullptr */) {
1102 nsresult rv;
1103 nsCOMPtr<nsIIOService> grip;
1104 rv = net_EnsureIOService(&ioService, grip);
1105 if (ioService) {
1106 bool allow;
1107 rv = ioService->AllowPort(port, scheme, &allow);
1108 if (NS_SUCCEEDED(rv) && !allow) {
1109 NS_WARNING("port blocked");
1110 rv = NS_ERROR_PORT_ACCESS_NOT_ALLOWED;
1111 }
1112 }
1113 return rv;
1114 }
1115
1116 nsresult NS_CheckPortSafety(nsIURI* uri) {
1117 int32_t port;
1118 nsresult rv = uri->GetPort(&port);
1119 if (NS_FAILED(rv) || port == -1) { // port undefined or default-valued
1120 return NS_OK;
1121 }
1122 nsAutoCString scheme;
1123 uri->GetScheme(scheme);
1124 return NS_CheckPortSafety(port, scheme.get());
1125 }
1126
1127 nsresult NS_NewProxyInfo(const nsACString& type, const nsACString& host,
1128 int32_t port, uint32_t flags, nsIProxyInfo** result) {
1129 nsresult rv;
1130 nsCOMPtr<nsIProtocolProxyService> pps =
1131 do_GetService(NS_PROTOCOLPROXYSERVICE_CONTRACTID, &rv);
1132 if (NS_SUCCEEDED(rv)) {
1133 rv = pps->NewProxyInfo(type, host, port, ""_ns, ""_ns, flags, UINT32_MAX,
1134 nullptr, result);
1135 }
1136 return rv;
1137 }
1138
1139 nsresult NS_GetFileProtocolHandler(nsIFileProtocolHandler** result,
1140 nsIIOService* ioService /* = nullptr */) {
1141 nsresult rv;
1142 nsCOMPtr<nsIIOService> grip;
1143 rv = net_EnsureIOService(&ioService, grip);
1144 if (ioService) {
1145 nsCOMPtr<nsIProtocolHandler> handler;
1146 rv = ioService->GetProtocolHandler("file", getter_AddRefs(handler));
1147 if (NS_SUCCEEDED(rv)) rv = CallQueryInterface(handler, result);
1148 }
1149 return rv;
1150 }
1151
1152 nsresult NS_GetFileFromURLSpec(const nsACString& inURL, nsIFile** result,
1153 nsIIOService* ioService /* = nullptr */) {
1154 nsresult rv;
1155 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1156 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1157 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetFileFromURLSpec(inURL, result);
1158 return rv;
1159 }
1160
1161 nsresult NS_GetURLSpecFromFile(nsIFile* file, nsACString& url,
1162 nsIIOService* ioService /* = nullptr */) {
1163 nsresult rv;
1164 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1165 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1166 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetURLSpecFromFile(file, url);
1167 return rv;
1168 }
1169
1170 nsresult NS_GetURLSpecFromActualFile(nsIFile* file, nsACString& url,
1171 nsIIOService* ioService /* = nullptr */) {
1172 nsresult rv;
1173 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1174 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1175 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetURLSpecFromActualFile(file, url);
1176 return rv;
1177 }
1178
1179 nsresult NS_GetURLSpecFromDir(nsIFile* file, nsACString& url,
1180 nsIIOService* ioService /* = nullptr */) {
1181 nsresult rv;
1182 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1183 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1184 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetURLSpecFromDir(file, url);
1185 return rv;
1186 }
1187
1188 void NS_GetReferrerFromChannel(nsIChannel* channel, nsIURI** referrer) {
1189 *referrer = nullptr;
1190
1191 if (nsCOMPtr<nsIPropertyBag2> props = do_QueryInterface(channel)) {
1192 // We have to check for a property on a property bag because the
1193 // referrer may be empty for security reasons (for example, when loading
1194 // an http page with an https referrer).
1195 nsresult rv;
1196 nsCOMPtr<nsIURI> uri(
1197 do_GetProperty(props, u"docshell.internalReferrer"_ns, &rv));
1198 if (NS_SUCCEEDED(rv)) {
1199 uri.forget(referrer);
1200 return;
1201 }
1202 }
1203
1204 // if that didn't work, we can still try to get the referrer from the
1205 // nsIHttpChannel (if we can QI to it)
1206 nsCOMPtr<nsIHttpChannel> chan(do_QueryInterface(channel));
1207 if (!chan) {
1208 return;
1209 }
1210
1211 nsCOMPtr<nsIReferrerInfo> referrerInfo = chan->GetReferrerInfo();
1212 if (!referrerInfo) {
1213 return;
1214 }
1215
1216 referrerInfo->GetOriginalReferrer(referrer);
1217 }
1218
1219 already_AddRefed<nsINetUtil> do_GetNetUtil(nsresult* error /* = 0 */) {
1220 nsCOMPtr<nsIIOService> io = mozilla::components::IO::Service();
1221 nsCOMPtr<nsINetUtil> util;
1222 if (io) util = do_QueryInterface(io);
1223
1224 if (error) *error = !!util ? NS_OK : NS_ERROR_FAILURE;
1225 return util.forget();
1226 }
1227
1228 nsresult NS_ParseRequestContentType(const nsACString& rawContentType,
1229 nsCString& contentType,
1230 nsCString& contentCharset) {
1231 // contentCharset is left untouched if not present in rawContentType
1232 nsresult rv;
1233 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
1234 NS_ENSURE_SUCCESS(rv, rv);
1235 nsCString charset;
1236 bool hadCharset;
1237 rv = util->ParseRequestContentType(rawContentType, charset, &hadCharset,
1238 contentType);
1239 if (NS_SUCCEEDED(rv) && hadCharset) contentCharset = charset;
1240 return rv;
1241 }
1242
1243 nsresult NS_ParseResponseContentType(const nsACString& rawContentType,
1244 nsCString& contentType,
1245 nsCString& contentCharset) {
1246 // contentCharset is left untouched if not present in rawContentType
1247 nsresult rv;
1248 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
1249 NS_ENSURE_SUCCESS(rv, rv);
1250 nsCString charset;
1251 bool hadCharset;
1252 rv = util->ParseResponseContentType(rawContentType, charset, &hadCharset,
1253 contentType);
1254 if (NS_SUCCEEDED(rv) && hadCharset) contentCharset = charset;
1255 return rv;
1256 }
1257
1258 nsresult NS_ExtractCharsetFromContentType(const nsACString& rawContentType,
1259 nsCString& contentCharset,
1260 bool* hadCharset,
1261 int32_t* charsetStart,
1262 int32_t* charsetEnd) {
1263 // contentCharset is left untouched if not present in rawContentType
1264 nsresult rv;
1265 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
1266 NS_ENSURE_SUCCESS(rv, rv);
1267
1268 return util->ExtractCharsetFromContentType(
1269 rawContentType, contentCharset, charsetStart, charsetEnd, hadCharset);
1270 }
1271
1272 nsresult NS_NewAtomicFileOutputStream(nsIOutputStream** result, nsIFile* file,
1273 int32_t ioFlags /* = -1 */,
1274 int32_t perm /* = -1 */,
1275 int32_t behaviorFlags /* = 0 */) {
1276 nsresult rv;
1277 nsCOMPtr<nsIFileOutputStream> out =
1278 do_CreateInstance(NS_ATOMICLOCALFILEOUTPUTSTREAM_CONTRACTID, &rv);
1279 if (NS_SUCCEEDED(rv)) {
1280 rv = out->Init(file, ioFlags, perm, behaviorFlags);
1281 if (NS_SUCCEEDED(rv)) out.forget(result);
1282 }
1283 return rv;
1284 }
1285
1286 nsresult NS_NewSafeLocalFileOutputStream(nsIOutputStream** result,
1287 nsIFile* file,
1288 int32_t ioFlags /* = -1 */,
1289 int32_t perm /* = -1 */,
1290 int32_t behaviorFlags /* = 0 */) {
1291 nsresult rv;
1292 nsCOMPtr<nsIFileOutputStream> out =
1293 do_CreateInstance(NS_SAFELOCALFILEOUTPUTSTREAM_CONTRACTID, &rv);
1294 if (NS_SUCCEEDED(rv)) {
1295 rv = out->Init(file, ioFlags, perm, behaviorFlags);
1296 if (NS_SUCCEEDED(rv)) out.forget(result);
1297 }
1298 return rv;
1299 }
1300
1301 nsresult NS_NewLocalFileRandomAccessStream(nsIRandomAccessStream** result,
1302 nsIFile* file,
1303 int32_t ioFlags /* = -1 */,
1304 int32_t perm /* = -1 */,
1305 int32_t behaviorFlags /* = 0 */) {
1306 nsCOMPtr<nsIFileRandomAccessStream> stream = new nsFileRandomAccessStream();
1307 nsresult rv = stream->Init(file, ioFlags, perm, behaviorFlags);
1308 if (NS_SUCCEEDED(rv)) {
1309 stream.forget(result);
1310 }
1311 return rv;
1312 }
1313
1314 mozilla::Result<nsCOMPtr<nsIRandomAccessStream>, nsresult>
1315 NS_NewLocalFileRandomAccessStream(nsIFile* file, int32_t ioFlags /* = -1 */,
1316 int32_t perm /* = -1 */,
1317 int32_t behaviorFlags /* = 0 */) {
1318 nsCOMPtr<nsIRandomAccessStream> stream;
1319 const nsresult rv = NS_NewLocalFileRandomAccessStream(
1320 getter_AddRefs(stream), file, ioFlags, perm, behaviorFlags);
1321 if (NS_SUCCEEDED(rv)) {
1322 return stream;
1323 }
1324 return Err(rv);
1325 }
1326
1327 nsresult NS_NewBufferedOutputStream(
1328 nsIOutputStream** aResult, already_AddRefed<nsIOutputStream> aOutputStream,
1329 uint32_t aBufferSize) {
1330 nsCOMPtr<nsIOutputStream> outputStream = std::move(aOutputStream);
1331
1332 nsresult rv;
1333 nsCOMPtr<nsIBufferedOutputStream> out =
1334 do_CreateInstance(NS_BUFFEREDOUTPUTSTREAM_CONTRACTID, &rv);
1335 if (NS_SUCCEEDED(rv)) {
1336 rv = out->Init(outputStream, aBufferSize);
1337 if (NS_SUCCEEDED(rv)) {
1338 out.forget(aResult);
1339 }
1340 }
1341 return rv;
1342 }
1343
1344 [[nodiscard]] nsresult NS_NewBufferedInputStream(
1345 nsIInputStream** aResult, already_AddRefed<nsIInputStream> aInputStream,
1346 uint32_t aBufferSize) {
1347 nsCOMPtr<nsIInputStream> inputStream = std::move(aInputStream);
1348
1349 nsCOMPtr<nsIBufferedInputStream> in;
1350 nsresult rv = nsBufferedInputStream::Create(
1351 NS_GET_IID(nsIBufferedInputStream), getter_AddRefs(in));
1352 if (NS_SUCCEEDED(rv)) {
1353 rv = in->Init(inputStream, aBufferSize);
1354 if (NS_SUCCEEDED(rv)) {
1355 *aResult = static_cast<nsBufferedInputStream*>(in.get())
1356 ->GetInputStream()
1357 .take();
1358 }
1359 }
1360 return rv;
1361 }
1362
1363 Result<nsCOMPtr<nsIInputStream>, nsresult> NS_NewBufferedInputStream(
1364 already_AddRefed<nsIInputStream> aInputStream, uint32_t aBufferSize) {
1365 nsCOMPtr<nsIInputStream> stream;
1366 const nsresult rv = NS_NewBufferedInputStream(
1367 getter_AddRefs(stream), std::move(aInputStream), aBufferSize);
1368 if (NS_SUCCEEDED(rv)) {
1369 return stream;
1370 }
1371 return Err(rv);
1372 }
1373
1374 namespace {
1375
1376 #define BUFFER_SIZE 8192
1377
1378 class BufferWriter final : public nsIInputStreamCallback {
1379 public:
1380 NS_DECL_THREADSAFE_ISUPPORTS
1381
1382 BufferWriter(nsIInputStream* aInputStream, void* aBuffer, int64_t aCount)
1383 : mMonitor("BufferWriter.mMonitor"),
1384 mInputStream(aInputStream),
1385 mBuffer(aBuffer),
1386 mCount(aCount),
1387 mWrittenData(0),
1388 mBufferType(aBuffer ? eExternal : eInternal),
1389 mBufferSize(0) {
1390 MOZ_ASSERT(aInputStream);
1391 MOZ_ASSERT(aCount == -1 || aCount > 0);
1392 MOZ_ASSERT_IF(mBuffer, aCount > 0);
1393 }
1394
1395 nsresult Write() {
1396 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1397
1398 // Let's make the inputStream buffered if it's not.
1399 if (!NS_InputStreamIsBuffered(mInputStream)) {
1400 nsCOMPtr<nsIInputStream> bufferedStream;
1401 nsresult rv = NS_NewBufferedInputStream(
1402 getter_AddRefs(bufferedStream), mInputStream.forget(), BUFFER_SIZE);
1403 NS_ENSURE_SUCCESS(rv, rv);
1404
1405 mInputStream = bufferedStream;
1406 }
1407
1408 mAsyncInputStream = do_QueryInterface(mInputStream);
1409
1410 if (!mAsyncInputStream) {
1411 return WriteSync();
1412 }
1413
1414 // Let's use mAsyncInputStream only.
1415 mInputStream = nullptr;
1416
1417 return WriteAsync();
1418 }
1419
1420 uint64_t WrittenData() const {
1421 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1422 return mWrittenData;
1423 }
1424
1425 void* StealBuffer() {
1426 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1427 MOZ_ASSERT(mBufferType == eInternal);
1428
1429 void* buffer = mBuffer;
1430
1431 mBuffer = nullptr;
1432 mBufferSize = 0;
1433
1434 return buffer;
1435 }
1436
1437 private:
1438 ~BufferWriter() {
1439 if (mBuffer && mBufferType == eInternal) {
1440 free(mBuffer);
1441 }
1442
1443 if (mTaskQueue) {
1444 mTaskQueue->BeginShutdown();
1445 }
1446 }
1447
1448 nsresult WriteSync() {
1449 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1450
1451 uint64_t length = (uint64_t)mCount;
1452
1453 if (mCount == -1) {
1454 nsresult rv = mInputStream->Available(&length);
1455 NS_ENSURE_SUCCESS(rv, rv);
1456
1457 if (length == 0) {
1458 // nothing to read.
1459 return NS_OK;
1460 }
1461 }
1462
1463 if (mBufferType == eInternal) {
1464 mBuffer = malloc(length);
1465 if (NS_WARN_IF(!mBuffer)) {
1466 return NS_ERROR_OUT_OF_MEMORY;
1467 }
1468 }
1469
1470 uint32_t writtenData;
1471 nsresult rv = mInputStream->ReadSegments(NS_CopySegmentToBuffer, mBuffer,
1472 length, &writtenData);
1473 NS_ENSURE_SUCCESS(rv, rv);
1474
1475 mWrittenData = writtenData;
1476 return NS_OK;
1477 }
1478
1479 nsresult WriteAsync() {
1480 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1481
1482 if (mCount > 0 && mBufferType == eInternal) {
1483 mBuffer = malloc(mCount);
1484 if (NS_WARN_IF(!mBuffer)) {
1485 return NS_ERROR_OUT_OF_MEMORY;
1486 }
1487 }
1488
1489 while (true) {
1490 if (mCount == -1 && !MaybeExpandBufferSize()) {
1491 return NS_ERROR_OUT_OF_MEMORY;
1492 }
1493
1494 uint64_t offset = mWrittenData;
1495 uint64_t length = mCount == -1 ? BUFFER_SIZE : mCount;
1496
1497 // Let's try to read data directly.
1498 uint32_t writtenData;
1499 nsresult rv = mAsyncInputStream->ReadSegments(
1500 NS_CopySegmentToBuffer, static_cast<char*>(mBuffer) + offset, length,
1501 &writtenData);
1502
1503 // Operation completed. Nothing more to read.
1504 if (NS_SUCCEEDED(rv) && writtenData == 0) {
1505 return NS_OK;
1506 }
1507
1508 // If we succeeded, let's try to read again.
1509 if (NS_SUCCEEDED(rv)) {
1510 mWrittenData += writtenData;
1511 if (mCount != -1) {
1512 MOZ_ASSERT(mCount >= writtenData);
1513 mCount -= writtenData;
1514
1515 // Is this the end of the reading?
1516 if (mCount == 0) {
1517 return NS_OK;
1518 }
1519 }
1520
1521 continue;
1522 }
1523
1524 // Async wait...
1525 if (rv == NS_BASE_STREAM_WOULD_BLOCK) {
1526 rv = MaybeCreateTaskQueue();
1527 if (NS_WARN_IF(NS_FAILED(rv))) {
1528 return rv;
1529 }
1530
1531 MonitorAutoLock lock(mMonitor);
1532
1533 rv = mAsyncInputStream->AsyncWait(this, 0, length, mTaskQueue);
1534 if (NS_WARN_IF(NS_FAILED(rv))) {
1535 return rv;
1536 }
1537
1538 lock.Wait();
1539 continue;
1540 }
1541
1542 // Otherwise, let's propagate the error.
1543 return rv;
1544 }
1545
1546 MOZ_ASSERT_UNREACHABLE("We should not be here");
1547 return NS_ERROR_FAILURE;
1548 }
1549
1550 nsresult MaybeCreateTaskQueue() {
1551 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1552
1553 if (!mTaskQueue) {
1554 nsCOMPtr<nsIEventTarget> target =
1555 do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID);
1556 if (!target) {
1557 return NS_ERROR_FAILURE;
1558 }
1559
1560 mTaskQueue = TaskQueue::Create(target.forget(), "nsNetUtil:BufferWriter");
1561 }
1562
1563 return NS_OK;
1564 }
1565
1566 NS_IMETHOD
1567 OnInputStreamReady(nsIAsyncInputStream* aStream) override {
1568 MOZ_ASSERT(!NS_IsMainThread());
1569
1570 // We have something to read. Let's unlock the main-thread.
1571 MonitorAutoLock lock(mMonitor);
1572 lock.Notify();
1573 return NS_OK;
1574 }
1575
1576 bool MaybeExpandBufferSize() {
1577 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1578
1579 MOZ_ASSERT(mCount == -1);
1580
1581 if (mBufferSize >= mWrittenData + BUFFER_SIZE) {
1582 // The buffer is big enough.
1583 return true;
1584 }
1585
1586 CheckedUint32 bufferSize =
1587 std::max<uint32_t>(static_cast<uint32_t>(mWrittenData), BUFFER_SIZE);
1588 while (bufferSize.isValid() &&
1589 bufferSize.value() < mWrittenData + BUFFER_SIZE) {
1590 bufferSize *= 2;
1591 }
1592
1593 if (!bufferSize.isValid()) {
1594 return false;
1595 }
1596
1597 void* buffer = realloc(mBuffer, bufferSize.value());
1598 if (!buffer) {
1599 return false;
1600 }
1601
1602 mBuffer = buffer;
1603 mBufferSize = bufferSize.value();
1604 return true;
1605 }
1606
1607 // All the members of this class are touched on the owning thread only. The
1608 // monitor is only used to communicate when there is more data to read.
1609 Monitor mMonitor MOZ_UNANNOTATED;
1610
1611 nsCOMPtr<nsIInputStream> mInputStream;
1612 nsCOMPtr<nsIAsyncInputStream> mAsyncInputStream;
1613
1614 RefPtr<TaskQueue> mTaskQueue;
1615
1616 void* mBuffer;
1617 int64_t mCount;
1618 uint64_t mWrittenData;
1619
1620 enum {
1621 // The buffer is allocated internally and this object must release it
1622 // in the DTOR if not stolen. The buffer can be reallocated.
1623 eInternal,
1624
1625 // The buffer is not owned by this object and it cannot be reallocated.
1626 eExternal,
1627 } mBufferType;
1628
1629 // The following set if needed for the async read.
1630 uint64_t mBufferSize;
1631 };
1632
1633 NS_IMPL_ISUPPORTS(BufferWriter, nsIInputStreamCallback)
1634
1635 } // anonymous namespace
1636
1637 nsresult NS_ReadInputStreamToBuffer(nsIInputStream* aInputStream, void** aDest,
1638 int64_t aCount, uint64_t* aWritten) {
1639 MOZ_ASSERT(aInputStream);
1640 MOZ_ASSERT(aCount >= -1);
1641
1642 uint64_t dummyWritten;
1643 if (!aWritten) {
1644 aWritten = &dummyWritten;
1645 }
1646
1647 if (aCount == 0) {
1648 *aWritten = 0;
1649 return NS_OK;
1650 }
1651
1652 // This will take care of allocating and reallocating aDest.
1653 RefPtr<BufferWriter> writer = new BufferWriter(aInputStream, *aDest, aCount);
1654
1655 nsresult rv = writer->Write();
1656 NS_ENSURE_SUCCESS(rv, rv);
1657
1658 *aWritten = writer->WrittenData();
1659
1660 if (!*aDest) {
1661 *aDest = writer->StealBuffer();
1662 }
1663
1664 return NS_OK;
1665 }
1666
1667 nsresult NS_ReadInputStreamToString(nsIInputStream* aInputStream,
1668 nsACString& aDest, int64_t aCount,
1669 uint64_t* aWritten) {
1670 uint64_t dummyWritten;
1671 if (!aWritten) {
1672 aWritten = &dummyWritten;
1673 }
1674
1675 // Nothing to do if aCount is 0.
1676 if (aCount == 0) {
1677 aDest.Truncate();
1678 *aWritten = 0;
1679 return NS_OK;
1680 }
1681
1682 // If we have the size, we can pre-allocate the buffer.
1683 if (aCount > 0) {
1684 if (NS_WARN_IF(aCount >= INT32_MAX) ||
1685 NS_WARN_IF(!aDest.SetLength(aCount, mozilla::fallible))) {
1686 return NS_ERROR_OUT_OF_MEMORY;
1687 }
1688
1689 void* dest = aDest.BeginWriting();
1690 nsresult rv =
1691 NS_ReadInputStreamToBuffer(aInputStream, &dest, aCount, aWritten);
1692 NS_ENSURE_SUCCESS(rv, rv);
1693
1694 if ((uint64_t)aCount > *aWritten) {
1695 aDest.Truncate(*aWritten);
1696 }
1697
1698 return NS_OK;
1699 }
1700
1701 // If the size is unknown, BufferWriter will allocate the buffer.
1702 void* dest = nullptr;
1703 nsresult rv =
1704 NS_ReadInputStreamToBuffer(aInputStream, &dest, aCount, aWritten);
1705 MOZ_ASSERT_IF(NS_FAILED(rv), dest == nullptr);
1706 NS_ENSURE_SUCCESS(rv, rv);
1707
1708 if (!dest) {
1709 MOZ_ASSERT(*aWritten == 0);
1710 aDest.Truncate();
1711 return NS_OK;
1712 }
1713
1714 aDest.Adopt(reinterpret_cast<char*>(dest), *aWritten);
1715 return NS_OK;
1716 }
1717
1718 nsresult NS_NewURI(nsIURI** result, const nsACString& spec,
1719 NotNull<const Encoding*> encoding,
1720 nsIURI* baseURI /* = nullptr */) {
1721 nsAutoCString charset;
1722 encoding->Name(charset);
1723 return NS_NewURI(result, spec, charset.get(), baseURI);
1724 }
1725
1726 nsresult NS_NewURI(nsIURI** result, const nsAString& aSpec,
1727 const char* charset /* = nullptr */,
1728 nsIURI* baseURI /* = nullptr */) {
1729 nsAutoCString spec;
1730 if (!AppendUTF16toUTF8(aSpec, spec, mozilla::fallible)) {
1731 return NS_ERROR_OUT_OF_MEMORY;
1732 }
1733 return NS_NewURI(result, spec, charset, baseURI);
1734 }
1735
1736 nsresult NS_NewURI(nsIURI** result, const nsAString& aSpec,
1737 NotNull<const Encoding*> encoding,
1738 nsIURI* baseURI /* = nullptr */) {
1739 nsAutoCString spec;
1740 if (!AppendUTF16toUTF8(aSpec, spec, mozilla::fallible)) {
1741 return NS_ERROR_OUT_OF_MEMORY;
1742 }
1743 return NS_NewURI(result, spec, encoding, baseURI);
1744 }
1745
1746 nsresult NS_NewURI(nsIURI** result, const char* spec,
1747 nsIURI* baseURI /* = nullptr */) {
1748 return NS_NewURI(result, nsDependentCString(spec), nullptr, baseURI);
1749 }
1750
1751 static nsresult NewStandardURI(const nsACString& aSpec, const char* aCharset,
1752 nsIURI* aBaseURI, int32_t aDefaultPort,
1753 nsIURI** aURI) {
1754 return NS_MutateURI(new nsStandardURL::Mutator())
1755 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_AUTHORITY,
1756 aDefaultPort, aSpec, aCharset, aBaseURI, nullptr)
1757 .Finalize(aURI);
1758 }
1759
1760 nsresult NS_GetSpecWithNSURLEncoding(nsACString& aResult,
1761 const nsACString& aSpec) {
1762 nsCOMPtr<nsIURI> uri;
1763 nsresult rv = NS_NewURIWithNSURLEncoding(getter_AddRefs(uri), aSpec);
1764 NS_ENSURE_SUCCESS(rv, rv);
1765 return uri->GetAsciiSpec(aResult);
1766 }
1767
1768 nsresult NS_NewURIWithNSURLEncoding(nsIURI** aResult, const nsACString& aSpec) {
1769 nsCOMPtr<nsIURI> uri;
1770 nsresult rv = NS_NewURI(getter_AddRefs(uri), aSpec);
1771 NS_ENSURE_SUCCESS(rv, rv);
1772
1773 // Escape the ref portion of the URL. NSURL is more strict about which
1774 // characters in the URL must be % encoded. For example, an unescaped '#'
1775 // to indicate the beginning of the ref component is accepted by NSURL, but
1776 // '#' characters in the ref must be escaped. Also adds encoding for other
1777 // characters not accepted by NSURL in the ref such as '{', '|', '}', and '^'.
1778 // The ref returned from GetRef() does not include the leading '#'.
1779 nsAutoCString ref, escapedRef;
1780 if (NS_SUCCEEDED(uri->GetRef(ref)) && !ref.IsEmpty()) {
1781 if (!NS_Escape(ref, escapedRef, url_NSURLRef)) {
1782 return NS_ERROR_INVALID_ARG;
1783 }
1784 rv = NS_MutateURI(uri).SetRef(escapedRef).Finalize(uri);
1785 NS_ENSURE_SUCCESS(rv, rv);
1786 }
1787
1788 uri.forget(aResult);
1789 return NS_OK;
1790 }
1791
1792 extern MOZ_THREAD_LOCAL(uint32_t) gTlsURLRecursionCount;
1793
1794 template <typename T>
1795 class TlsAutoIncrement {
1796 public:
1797 explicit TlsAutoIncrement(T& var) : mVar(var) {
1798 mValue = mVar.get();
1799 mVar.set(mValue + 1);
1800 }
1801 ~TlsAutoIncrement() {
1802 typename T::Type value = mVar.get();
1803 MOZ_ASSERT(value == mValue + 1);
1804 mVar.set(value - 1);
1805 }
1806
1807 typename T::Type value() { return mValue; }
1808
1809 private:
1810 typename T::Type mValue;
1811 T& mVar;
1812 };
1813
1814 nsresult NS_NewURI(nsIURI** aURI, const nsACString& aSpec,
1815 const char* aCharset /* = nullptr */,
1816 nsIURI* aBaseURI /* = nullptr */) {
1817 TlsAutoIncrement<decltype(gTlsURLRecursionCount)> inc(gTlsURLRecursionCount);
1818 if (inc.value() >= MAX_RECURSION_COUNT) {
1819 return NS_ERROR_MALFORMED_URI;
1820 }
1821
1822 nsCOMPtr<nsIIOService> ioService = do_GetIOService();
1823 if (!ioService) {
1824 // Individual protocol handlers unfortunately rely on the ioservice, let's
1825 // return an error here instead of causing unpredictable crashes later.
1826 return NS_ERROR_NOT_AVAILABLE;
1827 }
1828
1829 if (StaticPrefs::network_url_max_length() &&
1830 aSpec.Length() > StaticPrefs::network_url_max_length()) {
1831 return NS_ERROR_MALFORMED_URI;
1832 }
1833
1834 nsAutoCString scheme;
1835 nsresult rv = net_ExtractURLScheme(aSpec, scheme);
1836 if (NS_FAILED(rv)) {
1837 // then aSpec is relative
1838 if (!aBaseURI) {
1839 return NS_ERROR_MALFORMED_URI;
1840 }
1841
1842 if (!aSpec.IsEmpty() && aSpec[0] == '#') {
1843 // Looks like a reference instead of a fully-specified URI.
1844 // --> initialize |uri| as a clone of |aBaseURI|, with ref appended.
1845 return NS_GetURIWithNewRef(aBaseURI, aSpec, aURI);
1846 }
1847
1848 rv = aBaseURI->GetScheme(scheme);
1849 if (NS_FAILED(rv)) return rv;
1850 }
1851
1852 if (scheme.EqualsLiteral("http") || scheme.EqualsLiteral("ws")) {
1853 return NewStandardURI(aSpec, aCharset, aBaseURI, NS_HTTP_DEFAULT_PORT,
1854 aURI);
1855 }
1856 if (scheme.EqualsLiteral("https") || scheme.EqualsLiteral("wss")) {
1857 return NewStandardURI(aSpec, aCharset, aBaseURI, NS_HTTPS_DEFAULT_PORT,
1858 aURI);
1859 }
1860 if (scheme.EqualsLiteral("ftp")) {
1861 return NewStandardURI(aSpec, aCharset, aBaseURI, 21, aURI);
1862 }
1863
1864 if (scheme.EqualsLiteral("file")) {
1865 return NS_MutateURI(new nsStandardURL::Mutator())
1866 .Apply(&nsIFileURLMutator::MarkFileURL)
1867 .Apply(&nsIStandardURLMutator::Init,
1868 nsIStandardURL::URLTYPE_NO_AUTHORITY, -1, aSpec, aCharset,
1869 aBaseURI, nullptr)
1870 .Finalize(aURI);
1871 }
1872
1873 if (scheme.EqualsLiteral("data")) {
1874 return nsDataHandler::CreateNewURI(aSpec, aCharset, aBaseURI, aURI);
1875 }
1876
1877 if (scheme.EqualsLiteral("moz-safe-about") ||
1878 scheme.EqualsLiteral("page-icon") || scheme.EqualsLiteral("moz") ||
1879 scheme.EqualsLiteral("cached-favicon")) {
1880 return NS_MutateURI(new nsSimpleURI::Mutator())
1881 .SetSpec(aSpec)
1882 .Finalize(aURI);
1883 }
1884
1885 if (scheme.EqualsLiteral("chrome")) {
1886 return nsChromeProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI,
1887 aURI);
1888 }
1889
1890 if (scheme.EqualsLiteral("javascript")) {
1891 return nsJSProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI, aURI);
1892 }
1893
1894 if (scheme.EqualsLiteral("blob")) {
1895 return BlobURLProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI,
1896 aURI);
1897 }
1898
1899 if (scheme.EqualsLiteral("view-source")) {
1900 return nsViewSourceHandler::CreateNewURI(aSpec, aCharset, aBaseURI, aURI);
1901 }
1902
1903 if (scheme.EqualsLiteral("resource")) {
1904 RefPtr<nsResProtocolHandler> handler = nsResProtocolHandler::GetSingleton();
1905 if (!handler) {
1906 return NS_ERROR_NOT_AVAILABLE;
1907 }
1908 return handler->NewURI(aSpec, aCharset, aBaseURI, aURI);
1909 }
1910
1911 if (scheme.EqualsLiteral("indexeddb") || scheme.EqualsLiteral("uuid")) {
1912 return NS_MutateURI(new nsStandardURL::Mutator())
1913 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_AUTHORITY,
1914 0, aSpec, aCharset, aBaseURI, nullptr)
1915 .Finalize(aURI);
1916 }
1917
1918 if (scheme.EqualsLiteral("moz-extension")) {
1919 RefPtr<mozilla::net::ExtensionProtocolHandler> handler =
1920 mozilla::net::ExtensionProtocolHandler::GetSingleton();
1921 if (!handler) {
1922 return NS_ERROR_NOT_AVAILABLE;
1923 }
1924 return handler->NewURI(aSpec, aCharset, aBaseURI, aURI);
1925 }
1926
1927 if (scheme.EqualsLiteral("moz-page-thumb")) {
1928 // The moz-page-thumb service runs JS to resolve a URI to a
1929 // storage location, so this should only ever run on the main
1930 // thread.
1931 if (!NS_IsMainThread()) {
1932 return NS_ERROR_NOT_AVAILABLE;
1933 }
1934
1935 RefPtr<mozilla::net::PageThumbProtocolHandler> handler =
1936 mozilla::net::PageThumbProtocolHandler::GetSingleton();
1937 if (!handler) {
1938 return NS_ERROR_NOT_AVAILABLE;
1939 }
1940 return handler->NewURI(aSpec, aCharset, aBaseURI, aURI);
1941 }
1942
1943 if (scheme.EqualsLiteral("about")) {
1944 return nsAboutProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI,
1945 aURI);
1946 }
1947
1948 if (scheme.EqualsLiteral("jar")) {
1949 return NS_MutateURI(new nsJARURI::Mutator())
1950 .Apply(&nsIJARURIMutator::SetSpecBaseCharset, aSpec, aBaseURI, aCharset)
1951 .Finalize(aURI);
1952 }
1953
1954 if (scheme.EqualsLiteral("moz-icon")) {
1955 return NS_MutateURI(new nsMozIconURI::Mutator())
1956 .SetSpec(aSpec)
1957 .Finalize(aURI);
1958 }
1959
1960 #ifdef MOZ_WIDGET_GTK
1961 if (scheme.EqualsLiteral("smb") || scheme.EqualsLiteral("sftp")) {
1962 return NS_MutateURI(new nsStandardURL::Mutator())
1963 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_STANDARD,
1964 -1, aSpec, aCharset, aBaseURI, nullptr)
1965 .Finalize(aURI);
1966 }
1967 #endif
1968
1969 if (scheme.EqualsLiteral("android")) {
1970 return NS_MutateURI(NS_STANDARDURLMUTATOR_CONTRACTID)
1971 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_STANDARD,
1972 -1, aSpec, aCharset, aBaseURI, nullptr)
1973 .Finalize(aURI);
1974 }
1975
1976 // web-extensions can add custom protocol implementations with standard URLs
1977 // that have notion of hostname, authority and relative URLs. Below we
1978 // manually check agains set of known protocols schemes until more general
1979 // solution is in place (See Bug 1569733)
1980 if (!StaticPrefs::network_url_useDefaultURI()) {
1981 if (scheme.EqualsLiteral("ssh")) {
1982 return NewStandardURI(aSpec, aCharset, aBaseURI, 22, aURI);
1983 }
1984
1985 if (scheme.EqualsLiteral("dweb") || scheme.EqualsLiteral("dat") ||
1986 scheme.EqualsLiteral("ipfs") || scheme.EqualsLiteral("ipns") ||
1987 scheme.EqualsLiteral("ssb") || scheme.EqualsLiteral("wtp")) {
1988 return NewStandardURI(aSpec, aCharset, aBaseURI, -1, aURI);
1989 }
1990 }
1991
1992 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
1993 rv = NS_NewMailnewsURI(aURI, aSpec, aCharset, aBaseURI);
1994 if (rv != NS_ERROR_UNKNOWN_PROTOCOL) {
1995 return rv;
1996 }
1997 #endif
1998
1999 if (aBaseURI) {
2000 nsAutoCString newSpec;
2001 rv = aBaseURI->Resolve(aSpec, newSpec);
2002 NS_ENSURE_SUCCESS(rv, rv);
2003
2004 nsAutoCString newScheme;
2005 rv = net_ExtractURLScheme(newSpec, newScheme);
2006 if (NS_SUCCEEDED(rv)) {
2007 // The scheme shouldn't really change at this point.
2008 MOZ_DIAGNOSTIC_ASSERT(newScheme == scheme);
2009 }
2010
2011 if (StaticPrefs::network_url_useDefaultURI()) {
2012 return NS_MutateURI(new DefaultURI::Mutator())
2013 .SetSpec(newSpec)
2014 .Finalize(aURI);
2015 }
2016
2017 return NS_MutateURI(new nsSimpleURI::Mutator())
2018 .SetSpec(newSpec)
2019 .Finalize(aURI);
2020 }
2021
2022 if (StaticPrefs::network_url_useDefaultURI()) {
2023 return NS_MutateURI(new DefaultURI::Mutator())
2024 .SetSpec(aSpec)
2025 .Finalize(aURI);
2026 }
2027
2028 // Falls back to external protocol handler.
2029 return NS_MutateURI(new nsSimpleURI::Mutator()).SetSpec(aSpec).Finalize(aURI);
2030 }
2031
2032 nsresult NS_GetSanitizedURIStringFromURI(nsIURI* aUri,
2033 nsAString& aSanitizedSpec) {
2034 aSanitizedSpec.Truncate();
2035
2036 nsCOMPtr<nsISensitiveInfoHiddenURI> safeUri = do_QueryInterface(aUri);
2037 nsAutoCString cSpec;
2038 nsresult rv;
2039 if (safeUri) {
2040 rv = safeUri->GetSensitiveInfoHiddenSpec(cSpec);
2041 } else {
2042 rv = aUri->GetSpec(cSpec);
2043 }
2044
2045 if (NS_SUCCEEDED(rv)) {
2046 aSanitizedSpec.Assign(NS_ConvertUTF8toUTF16(cSpec));
2047 }
2048 return rv;
2049 }
2050
2051 nsresult NS_LoadPersistentPropertiesFromURISpec(
2052 nsIPersistentProperties** outResult, const nsACString& aSpec) {
2053 nsCOMPtr<nsIURI> uri;
2054 nsresult rv = NS_NewURI(getter_AddRefs(uri), aSpec);
2055 NS_ENSURE_SUCCESS(rv, rv);
2056
2057 nsCOMPtr<nsIChannel> channel;
2058 rv = NS_NewChannel(getter_AddRefs(channel), uri,
2059 nsContentUtils::GetSystemPrincipal(),
2060 nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
2061 nsIContentPolicy::TYPE_OTHER);
2062 NS_ENSURE_SUCCESS(rv, rv);
2063 nsCOMPtr<nsIInputStream> in;
2064 rv = channel->Open(getter_AddRefs(in));
2065 NS_ENSURE_SUCCESS(rv, rv);
2066
2067 nsCOMPtr<nsIPersistentProperties> properties = new nsPersistentProperties();
2068 rv = properties->Load(in);
2069 NS_ENSURE_SUCCESS(rv, rv);
2070
2071 properties.swap(*outResult);
2072 return NS_OK;
2073 }
2074
2075 bool NS_UsePrivateBrowsing(nsIChannel* channel) {
2076 OriginAttributes attrs;
2077 bool result = StoragePrincipalHelper::GetOriginAttributes(
2078 channel, attrs, StoragePrincipalHelper::eRegularPrincipal);
2079 NS_ENSURE_TRUE(result, result);
2080 return attrs.mPrivateBrowsingId > 0;
2081 }
2082
2083 bool NS_HasBeenCrossOrigin(nsIChannel* aChannel, bool aReport) {
2084 nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
2085 // TYPE_DOCUMENT loads have a null LoadingPrincipal and can not be cross
2086 // origin.
2087 if (!loadInfo->GetLoadingPrincipal()) {
2088 return false;
2089 }
2090
2091 // Always treat tainted channels as cross-origin.
2092 if (loadInfo->GetTainting() != LoadTainting::Basic) {
2093 return true;
2094 }
2095
2096 nsCOMPtr<nsIPrincipal> loadingPrincipal = loadInfo->GetLoadingPrincipal();
2097 uint32_t mode = loadInfo->GetSecurityMode();
2098 bool dataInherits =
2099 mode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT ||
2100 mode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT ||
2101 mode == nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
2102
2103 bool aboutBlankInherits = dataInherits && loadInfo->GetAboutBlankInherits();
2104
2105 uint64_t innerWindowID = loadInfo->GetInnerWindowID();
2106
2107 for (nsIRedirectHistoryEntry* redirectHistoryEntry :
2108 loadInfo->RedirectChain()) {
2109 nsCOMPtr<nsIPrincipal> principal;
2110 redirectHistoryEntry->GetPrincipal(getter_AddRefs(principal));
2111 if (!principal) {
2112 return true;
2113 }
2114
2115 nsCOMPtr<nsIURI> uri;
2116 auto* basePrin = BasePrincipal::Cast(principal);
2117 basePrin->GetURI(getter_AddRefs(uri));
2118 if (!uri) {
2119 return true;
2120 }
2121
2122 if (aboutBlankInherits && NS_IsAboutBlank(uri)) {
2123 continue;
2124 }
2125
2126 nsresult res;
2127 if (aReport) {
2128 res = loadingPrincipal->CheckMayLoadWithReporting(uri, dataInherits,
2129 innerWindowID);
2130 } else {
2131 res = loadingPrincipal->CheckMayLoad(uri, dataInherits);
2132 }
2133 if (NS_FAILED(res)) {
2134 return true;
2135 }
2136 }
2137
2138 nsCOMPtr<nsIURI> uri;
2139 NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
2140 if (!uri) {
2141 return true;
2142 }
2143
2144 if (aboutBlankInherits && NS_IsAboutBlank(uri)) {
2145 return false;
2146 }
2147
2148 nsresult res;
2149 if (aReport) {
2150 res = loadingPrincipal->CheckMayLoadWithReporting(uri, dataInherits,
2151 innerWindowID);
2152 } else {
2153 res = loadingPrincipal->CheckMayLoad(uri, dataInherits);
2154 }
2155
2156 return NS_FAILED(res);
2157 }
2158
2159 bool NS_IsSafeMethodNav(nsIChannel* aChannel) {
2160 RefPtr<HttpBaseChannel> baseChan = do_QueryObject(aChannel);
2161 if (!baseChan) {
2162 return false;
2163 }
2164 nsHttpRequestHead* requestHead = baseChan->GetRequestHead();
2165 if (!requestHead) {
2166 return false;
2167 }
2168 return requestHead->IsSafeMethod();
2169 }
2170
2171 void NS_WrapAuthPrompt(nsIAuthPrompt* aAuthPrompt,
2172 nsIAuthPrompt2** aAuthPrompt2) {
2173 nsCOMPtr<nsIAuthPromptAdapterFactory> factory =
2174 do_GetService(NS_AUTHPROMPT_ADAPTER_FACTORY_CONTRACTID);
2175 if (!factory) return;
2176
2177 NS_WARNING("Using deprecated nsIAuthPrompt");
2178 factory->CreateAdapter(aAuthPrompt, aAuthPrompt2);
2179 }
2180
2181 void NS_QueryAuthPrompt2(nsIInterfaceRequestor* aCallbacks,
2182 nsIAuthPrompt2** aAuthPrompt) {
2183 CallGetInterface(aCallbacks, aAuthPrompt);
2184 if (*aAuthPrompt) return;
2185
2186 // Maybe only nsIAuthPrompt is provided and we have to wrap it.
2187 nsCOMPtr<nsIAuthPrompt> prompt(do_GetInterface(aCallbacks));
2188 if (!prompt) return;
2189
2190 NS_WrapAuthPrompt(prompt, aAuthPrompt);
2191 }
2192
2193 void NS_QueryAuthPrompt2(nsIChannel* aChannel, nsIAuthPrompt2** aAuthPrompt) {
2194 *aAuthPrompt = nullptr;
2195
2196 // We want to use any auth prompt we can find on the channel's callbacks,
2197 // and if that fails use the loadgroup's prompt (if any)
2198 // Therefore, we can't just use NS_QueryNotificationCallbacks, because
2199 // that would prefer a loadgroup's nsIAuthPrompt2 over a channel's
2200 // nsIAuthPrompt.
2201 nsCOMPtr<nsIInterfaceRequestor> callbacks;
2202 aChannel->GetNotificationCallbacks(getter_AddRefs(callbacks));
2203 if (callbacks) {
2204 NS_QueryAuthPrompt2(callbacks, aAuthPrompt);
2205 if (*aAuthPrompt) return;
2206 }
2207
2208 nsCOMPtr<nsILoadGroup> group;
2209 aChannel->GetLoadGroup(getter_AddRefs(group));
2210 if (!group) return;
2211
2212 group->GetNotificationCallbacks(getter_AddRefs(callbacks));
2213 if (!callbacks) return;
2214 NS_QueryAuthPrompt2(callbacks, aAuthPrompt);
2215 }
2216
2217 nsresult NS_NewNotificationCallbacksAggregation(
2218 nsIInterfaceRequestor* callbacks, nsILoadGroup* loadGroup,
2219 nsIEventTarget* target, nsIInterfaceRequestor** result) {
2220 nsCOMPtr<nsIInterfaceRequestor> cbs;
2221 if (loadGroup) loadGroup->GetNotificationCallbacks(getter_AddRefs(cbs));
2222 return NS_NewInterfaceRequestorAggregation(callbacks, cbs, target, result);
2223 }
2224
2225 nsresult NS_NewNotificationCallbacksAggregation(
2226 nsIInterfaceRequestor* callbacks, nsILoadGroup* loadGroup,
2227 nsIInterfaceRequestor** result) {
2228 return NS_NewNotificationCallbacksAggregation(callbacks, loadGroup, nullptr,
2229 result);
2230 }
2231
2232 nsresult NS_DoImplGetInnermostURI(nsINestedURI* nestedURI, nsIURI** result) {
2233 MOZ_ASSERT(nestedURI, "Must have a nested URI!");
2234 MOZ_ASSERT(!*result, "Must have null *result");
2235
2236 nsCOMPtr<nsIURI> inner;
2237 nsresult rv = nestedURI->GetInnerURI(getter_AddRefs(inner));
2238 NS_ENSURE_SUCCESS(rv, rv);
2239
2240 // We may need to loop here until we reach the innermost
2241 // URI.
2242 nsCOMPtr<nsINestedURI> nestedInner(do_QueryInterface(inner));
2243 while (nestedInner) {
2244 rv = nestedInner->GetInnerURI(getter_AddRefs(inner));
2245 NS_ENSURE_SUCCESS(rv, rv);
2246 nestedInner = do_QueryInterface(inner);
2247 }
2248
2249 // Found the innermost one if we reach here.
2250 inner.swap(*result);
2251
2252 return rv;
2253 }
2254
2255 nsresult NS_ImplGetInnermostURI(nsINestedURI* nestedURI, nsIURI** result) {
2256 // Make it safe to use swap()
2257 *result = nullptr;
2258
2259 return NS_DoImplGetInnermostURI(nestedURI, result);
2260 }
2261
2262 already_AddRefed<nsIURI> NS_GetInnermostURI(nsIURI* aURI) {
2263 MOZ_ASSERT(aURI, "Must have URI");
2264
2265 nsCOMPtr<nsIURI> uri = aURI;
2266
2267 nsCOMPtr<nsINestedURI> nestedURI(do_QueryInterface(uri));
2268 if (!nestedURI) {
2269 return uri.forget();
2270 }
2271
2272 nsresult rv = nestedURI->GetInnermostURI(getter_AddRefs(uri));
2273 if (NS_FAILED(rv)) {
2274 return nullptr;
2275 }
2276
2277 return uri.forget();
2278 }
2279
2280 nsresult NS_GetFinalChannelURI(nsIChannel* channel, nsIURI** uri) {
2281 *uri = nullptr;
2282
2283 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
2284 nsCOMPtr<nsIURI> resultPrincipalURI;
2285 loadInfo->GetResultPrincipalURI(getter_AddRefs(resultPrincipalURI));
2286 if (resultPrincipalURI) {
2287 resultPrincipalURI.forget(uri);
2288 return NS_OK;
2289 }
2290 return channel->GetOriginalURI(uri);
2291 }
2292
2293 nsresult NS_URIChainHasFlags(nsIURI* uri, uint32_t flags, bool* result) {
2294 nsresult rv;
2295 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
2296 NS_ENSURE_SUCCESS(rv, rv);
2297
2298 return util->URIChainHasFlags(uri, flags, result);
2299 }
2300
2301 uint32_t NS_SecurityHashURI(nsIURI* aURI) {
2302 nsCOMPtr<nsIURI> baseURI = NS_GetInnermostURI(aURI);
2303
2304 nsAutoCString scheme;
2305 uint32_t schemeHash = 0;
2306 if (NS_SUCCEEDED(baseURI->GetScheme(scheme))) {
2307 schemeHash = mozilla::HashString(scheme);
2308 }
2309
2310 // TODO figure out how to hash file:// URIs
2311 if (scheme.EqualsLiteral("file")) return schemeHash; // sad face
2312
2313 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
2314 bool hasFlag;
2315 if (NS_FAILED(NS_URIChainHasFlags(
2316 baseURI, nsIProtocolHandler::ORIGIN_IS_FULL_SPEC, &hasFlag)) ||
2317 hasFlag) {
2318 nsAutoCString spec;
2319 uint32_t specHash;
2320 nsresult res = baseURI->GetSpec(spec);
2321 if (NS_SUCCEEDED(res))
2322 specHash = mozilla::HashString(spec);
2323 else
2324 specHash = static_cast<uint32_t>(res);
2325 return specHash;
2326 }
2327 #endif
2328
2329 nsAutoCString host;
2330 uint32_t hostHash = 0;
2331 if (NS_SUCCEEDED(baseURI->GetAsciiHost(host))) {
2332 hostHash = mozilla::HashString(host);
2333 }
2334
2335 return mozilla::AddToHash(schemeHash, hostHash, NS_GetRealPort(baseURI));
2336 }
2337
2338 bool NS_SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI,
2339 bool aStrictFileOriginPolicy) {
2340 nsresult rv;
2341
2342 // Note that this is not an Equals() test on purpose -- for URIs that don't
2343 // support host/port, we want equality to basically be object identity, for
2344 // security purposes. Otherwise, for example, two javascript: URIs that
2345 // are otherwise unrelated could end up "same origin", which would be
2346 // unfortunate.
2347 if (aSourceURI && aSourceURI == aTargetURI) {
2348 return true;
2349 }
2350
2351 if (!aTargetURI || !aSourceURI) {
2352 return false;
2353 }
2354
2355 // If either URI is a nested URI, get the base URI
2356 nsCOMPtr<nsIURI> sourceBaseURI = NS_GetInnermostURI(aSourceURI);
2357 nsCOMPtr<nsIURI> targetBaseURI = NS_GetInnermostURI(aTargetURI);
2358
2359 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
2360 // Check if either URI has a special origin.
2361 nsCOMPtr<nsIURI> origin;
2362 nsCOMPtr<nsIURIWithSpecialOrigin> uriWithSpecialOrigin =
2363 do_QueryInterface(sourceBaseURI);
2364 if (uriWithSpecialOrigin) {
2365 rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
2366 if (NS_WARN_IF(NS_FAILED(rv))) {
2367 return false;
2368 }
2369 MOZ_ASSERT(origin);
2370 sourceBaseURI = origin;
2371 }
2372 uriWithSpecialOrigin = do_QueryInterface(targetBaseURI);
2373 if (uriWithSpecialOrigin) {
2374 rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
2375 if (NS_WARN_IF(NS_FAILED(rv))) {
2376 return false;
2377 }
2378 MOZ_ASSERT(origin);
2379 targetBaseURI = origin;
2380 }
2381 #endif
2382
2383 nsCOMPtr<nsIPrincipal> sourceBlobPrincipal;
2384 if (BlobURLProtocolHandler::GetBlobURLPrincipal(
2385 sourceBaseURI, getter_AddRefs(sourceBlobPrincipal))) {
2386 nsCOMPtr<nsIURI> sourceBlobOwnerURI;
2387 auto* basePrin = BasePrincipal::Cast(sourceBlobPrincipal);
2388 rv = basePrin->GetURI(getter_AddRefs(sourceBlobOwnerURI));
2389 if (NS_SUCCEEDED(rv)) {
2390 sourceBaseURI = sourceBlobOwnerURI;
2391 }
2392 }
2393
2394 nsCOMPtr<nsIPrincipal> targetBlobPrincipal;
2395 if (BlobURLProtocolHandler::GetBlobURLPrincipal(
2396 targetBaseURI, getter_AddRefs(targetBlobPrincipal))) {
2397 nsCOMPtr<nsIURI> targetBlobOwnerURI;
2398 auto* basePrin = BasePrincipal::Cast(targetBlobPrincipal);
2399 rv = basePrin->GetURI(getter_AddRefs(targetBlobOwnerURI));
2400 if (NS_SUCCEEDED(rv)) {
2401 targetBaseURI = targetBlobOwnerURI;
2402 }
2403 }
2404
2405 if (!sourceBaseURI || !targetBaseURI) return false;
2406
2407 // Compare schemes
2408 nsAutoCString targetScheme;
2409 bool sameScheme = false;
2410 if (NS_FAILED(targetBaseURI->GetScheme(targetScheme)) ||
2411 NS_FAILED(sourceBaseURI->SchemeIs(targetScheme.get(), &sameScheme)) ||
2412 !sameScheme) {
2413 // Not same-origin if schemes differ
2414 return false;
2415 }
2416
2417 // For file scheme, reject unless the files are identical. See
2418 // NS_RelaxStrictFileOriginPolicy for enforcing file same-origin checking
2419 if (targetScheme.EqualsLiteral("file")) {
2420 // in traditional unsafe behavior all files are the same origin
2421 if (!aStrictFileOriginPolicy) return true;
2422
2423 nsCOMPtr<nsIFileURL> sourceFileURL(do_QueryInterface(sourceBaseURI));
2424 nsCOMPtr<nsIFileURL> targetFileURL(do_QueryInterface(targetBaseURI));
2425
2426 if (!sourceFileURL || !targetFileURL) return false;
2427
2428 nsCOMPtr<nsIFile> sourceFile, targetFile;
2429
2430 sourceFileURL->GetFile(getter_AddRefs(sourceFile));
2431 targetFileURL->GetFile(getter_AddRefs(targetFile));
2432
2433 if (!sourceFile || !targetFile) return false;
2434
2435 // Otherwise they had better match
2436 bool filesAreEqual = false;
2437 rv = sourceFile->Equals(targetFile, &filesAreEqual);
2438 return NS_SUCCEEDED(rv) && filesAreEqual;
2439 }
2440
2441 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
2442 bool hasFlag;
2443 if (NS_FAILED(NS_URIChainHasFlags(
2444 targetBaseURI, nsIProtocolHandler::ORIGIN_IS_FULL_SPEC, &hasFlag)) ||
2445 hasFlag) {
2446 // URIs with this flag have the whole spec as a distinct trust
2447 // domain; use the whole spec for comparison
2448 nsAutoCString targetSpec;
2449 nsAutoCString sourceSpec;
2450 return (NS_SUCCEEDED(targetBaseURI->GetSpec(targetSpec)) &&
2451 NS_SUCCEEDED(sourceBaseURI->GetSpec(sourceSpec)) &&
2452 targetSpec.Equals(sourceSpec));
2453 }
2454 #endif
2455
2456 // Compare hosts
2457 nsAutoCString targetHost;
2458 nsAutoCString sourceHost;
2459 if (NS_FAILED(targetBaseURI->GetAsciiHost(targetHost)) ||
2460 NS_FAILED(sourceBaseURI->GetAsciiHost(sourceHost))) {
2461 return false;
2462 }
2463
2464 nsCOMPtr<nsIStandardURL> targetURL(do_QueryInterface(targetBaseURI));
2465 nsCOMPtr<nsIStandardURL> sourceURL(do_QueryInterface(sourceBaseURI));
2466 if (!targetURL || !sourceURL) {
2467 return false;
2468 }
2469
2470 if (!targetHost.Equals(sourceHost, nsCaseInsensitiveCStringComparator)) {
2471 return false;
2472 }
2473
2474 return NS_GetRealPort(targetBaseURI) == NS_GetRealPort(sourceBaseURI);
2475 }
2476
2477 bool NS_URIIsLocalFile(nsIURI* aURI) {
2478 nsCOMPtr<nsINetUtil> util = do_GetNetUtil();
2479
2480 bool isFile;
2481 return util &&
2482 NS_SUCCEEDED(util->ProtocolHasFlags(
2483 aURI, nsIProtocolHandler::URI_IS_LOCAL_FILE, &isFile)) &&
2484 isFile;
2485 }
2486
2487 bool NS_RelaxStrictFileOriginPolicy(nsIURI* aTargetURI, nsIURI* aSourceURI,
2488 bool aAllowDirectoryTarget /* = false */) {
2489 if (!NS_URIIsLocalFile(aTargetURI)) {
2490 // This is probably not what the caller intended
2491 MOZ_ASSERT_UNREACHABLE(
2492 "NS_RelaxStrictFileOriginPolicy called with non-file URI");
2493 return false;
2494 }
2495
2496 if (!NS_URIIsLocalFile(aSourceURI)) {
2497 // If the source is not also a file: uri then forget it
2498 // (don't want resource: principals in a file: doc)
2499 //
2500 // note: we're not de-nesting jar: uris here, we want to
2501 // keep archive content bottled up in its own little island
2502 return false;
2503 }
2504
2505 //
2506 // pull out the internal files
2507 //
2508 nsCOMPtr<nsIFileURL> targetFileURL(do_QueryInterface(aTargetURI));
2509 nsCOMPtr<nsIFileURL> sourceFileURL(do_QueryInterface(aSourceURI));
2510 nsCOMPtr<nsIFile> targetFile;
2511 nsCOMPtr<nsIFile> sourceFile;
2512 bool targetIsDir;
2513
2514 // Make sure targetFile is not a directory (bug 209234)
2515 // and that it exists w/out unescaping (bug 395343)
2516 if (!sourceFileURL || !targetFileURL ||
2517 NS_FAILED(targetFileURL->GetFile(getter_AddRefs(targetFile))) ||
2518 NS_FAILED(sourceFileURL->GetFile(getter_AddRefs(sourceFile))) ||
2519 !targetFile || !sourceFile || NS_FAILED(targetFile->Normalize()) ||
2520 #ifndef MOZ_WIDGET_ANDROID
2521 NS_FAILED(sourceFile->Normalize()) ||
2522 #endif
2523 (!aAllowDirectoryTarget &&
2524 (NS_FAILED(targetFile->IsDirectory(&targetIsDir)) || targetIsDir))) {
2525 return false;
2526 }
2527
2528 return false;
2529 }
2530
2531 bool NS_IsInternalSameURIRedirect(nsIChannel* aOldChannel,
2532 nsIChannel* aNewChannel, uint32_t aFlags) {
2533 if (!(aFlags & nsIChannelEventSink::REDIRECT_INTERNAL)) {
2534 return false;
2535 }
2536
2537 nsCOMPtr<nsIURI> oldURI, newURI;
2538 aOldChannel->GetURI(getter_AddRefs(oldURI));
2539 aNewChannel->GetURI(getter_AddRefs(newURI));
2540
2541 if (!oldURI || !newURI) {
2542 return false;
2543 }
2544
2545 bool res;
2546 return NS_SUCCEEDED(oldURI->Equals(newURI, &res)) && res;
2547 }
2548
2549 bool NS_IsHSTSUpgradeRedirect(nsIChannel* aOldChannel, nsIChannel* aNewChannel,
2550 uint32_t aFlags) {
2551 if (!(aFlags & nsIChannelEventSink::REDIRECT_STS_UPGRADE)) {
2552 return false;
2553 }
2554
2555 nsCOMPtr<nsIURI> oldURI, newURI;
2556 aOldChannel->GetURI(getter_AddRefs(oldURI));
2557 aNewChannel->GetURI(getter_AddRefs(newURI));
2558
2559 if (!oldURI || !newURI) {
2560 return false;
2561 }
2562
2563 if (!oldURI->SchemeIs("http")) {
2564 return false;
2565 }
2566
2567 nsCOMPtr<nsIURI> upgradedURI;
2568 nsresult rv = NS_GetSecureUpgradedURI(oldURI, getter_AddRefs(upgradedURI));
2569 if (NS_FAILED(rv)) {
2570 return false;
2571 }
2572
2573 bool res;
2574 return NS_SUCCEEDED(upgradedURI->Equals(newURI, &res)) && res;
2575 }
2576
2577 bool NS_ShouldRemoveAuthHeaderOnRedirect(nsIChannel* aOldChannel,
2578 nsIChannel* aNewChannel,
2579 uint32_t aFlags) {
2580 // we need to strip Authentication headers for external cross-origin redirects
2581 // Howerver, we should NOT strip auth headers for
2582 // - internal redirects/HSTS upgrades
2583 // - same origin redirects
2584 // Ref: https://fetch.spec.whatwg.org/#http-redirect-fetch
2585 if ((aFlags & (nsIChannelEventSink::REDIRECT_STS_UPGRADE |
2586 nsIChannelEventSink::REDIRECT_INTERNAL))) {
2587 // this is an internal redirect do not strip auth header
2588 return false;
2589 }
2590 nsCOMPtr<nsIURI> oldUri;
2591 MOZ_ALWAYS_SUCCEEDS(
2592 NS_GetFinalChannelURI(aOldChannel, getter_AddRefs(oldUri)));
2593
2594 nsCOMPtr<nsIURI> newUri;
2595 MOZ_ALWAYS_SUCCEEDS(
2596 NS_GetFinalChannelURI(aNewChannel, getter_AddRefs(newUri)));
2597
2598 nsresult rv = nsContentUtils::GetSecurityManager()->CheckSameOriginURI(
2599 newUri, oldUri, false, false);
2600
2601 return NS_FAILED(rv);
2602 }
2603
2604 nsresult NS_LinkRedirectChannels(uint64_t channelId,
2605 nsIParentChannel* parentChannel,
2606 nsIChannel** _result) {
2607 nsCOMPtr<nsIRedirectChannelRegistrar> registrar =
2608 RedirectChannelRegistrar::GetOrCreate();
2609 MOZ_ASSERT(registrar);
2610
2611 return registrar->LinkChannels(channelId, parentChannel, _result);
2612 }
2613
2614 nsILoadInfo::CrossOriginEmbedderPolicy
2615 NS_GetCrossOriginEmbedderPolicyFromHeader(
2616 const nsACString& aHeader, bool aIsOriginTrialCoepCredentiallessEnabled) {
2617 nsCOMPtr<nsISFVService> sfv = GetSFVService();
2618
2619 nsCOMPtr<nsISFVItem> item;
2620 nsresult rv = sfv->ParseItem(aHeader, getter_AddRefs(item));
2621 if (NS_FAILED(rv)) {
2622 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2623 }
2624
2625 nsCOMPtr<nsISFVBareItem> value;
2626 rv = item->GetValue(getter_AddRefs(value));
2627 if (NS_FAILED(rv)) {
2628 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2629 }
2630
2631 nsCOMPtr<nsISFVToken> token = do_QueryInterface(value);
2632 if (!token) {
2633 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2634 }
2635
2636 nsAutoCString embedderPolicy;
2637 rv = token->GetValue(embedderPolicy);
2638 if (NS_FAILED(rv)) {
2639 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2640 }
2641
2642 if (embedderPolicy.EqualsLiteral("require-corp")) {
2643 return nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP;
2644 } else if (embedderPolicy.EqualsLiteral("credentialless") &&
2645 IsCoepCredentiallessEnabled(
2646 aIsOriginTrialCoepCredentiallessEnabled)) {
2647 return nsILoadInfo::EMBEDDER_POLICY_CREDENTIALLESS;
2648 }
2649
2650 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2651 }
2652
2653 /** Given the first (disposition) token from a Content-Disposition header,
2654 * tell whether it indicates the content is inline or attachment
2655 * @param aDispToken the disposition token from the content-disposition header
2656 */
2657 uint32_t NS_GetContentDispositionFromToken(const nsAString& aDispToken) {
2658 // RFC 2183, section 2.8 says that an unknown disposition
2659 // value should be treated as "attachment"
2660 // If all of these tests eval to false, then we have a content-disposition of
2661 // "attachment" or unknown
2662 if (aDispToken.IsEmpty() || aDispToken.LowerCaseEqualsLiteral("inline") ||
2663 // Broken sites just send
2664 // Content-Disposition: filename="file"
2665 // without a disposition token... screen those out.
2666 StringHead(aDispToken, 8).LowerCaseEqualsLiteral("filename")) {
2667 return nsIChannel::DISPOSITION_INLINE;
2668 }
2669
2670 return nsIChannel::DISPOSITION_ATTACHMENT;
2671 }
2672
2673 uint32_t NS_GetContentDispositionFromHeader(const nsACString& aHeader,
2674 nsIChannel* aChan /* = nullptr */) {
2675 nsresult rv;
2676 nsCOMPtr<nsIMIMEHeaderParam> mimehdrpar =
2677 do_GetService(NS_MIMEHEADERPARAM_CONTRACTID, &rv);
2678 if (NS_FAILED(rv)) return nsIChannel::DISPOSITION_ATTACHMENT;
2679
2680 nsAutoString dispToken;
2681 rv = mimehdrpar->GetParameterHTTP(aHeader, "", ""_ns, true, nullptr,
2682 dispToken);
2683
2684 if (NS_FAILED(rv)) {
2685 // special case (see bug 272541): empty disposition type handled as "inline"
2686 if (rv == NS_ERROR_FIRST_HEADER_FIELD_COMPONENT_EMPTY) {
2687 return nsIChannel::DISPOSITION_INLINE;
2688 }
2689 return nsIChannel::DISPOSITION_ATTACHMENT;
2690 }
2691
2692 return NS_GetContentDispositionFromToken(dispToken);
2693 }
2694
2695 nsresult NS_GetFilenameFromDisposition(nsAString& aFilename,
2696 const nsACString& aDisposition) {
2697 aFilename.Truncate();
2698
2699 nsresult rv;
2700 nsCOMPtr<nsIMIMEHeaderParam> mimehdrpar =
2701 do_GetService(NS_MIMEHEADERPARAM_CONTRACTID, &rv);
2702 if (NS_FAILED(rv)) return rv;
2703
2704 // Get the value of 'filename' parameter
2705 rv = mimehdrpar->GetParameterHTTP(aDisposition, "filename", ""_ns, true,
2706 nullptr, aFilename);
2707
2708 if (NS_FAILED(rv)) {
2709 aFilename.Truncate();
2710 return rv;
2711 }
2712
2713 if (aFilename.IsEmpty()) return NS_ERROR_NOT_AVAILABLE;
2714
2715 // Filename may still be percent-encoded. Fix:
2716 if (aFilename.FindChar('%') != -1) {
2717 nsCOMPtr<nsITextToSubURI> textToSubURI =
2718 do_GetService(NS_ITEXTTOSUBURI_CONTRACTID, &rv);
2719 if (NS_SUCCEEDED(rv)) {
2720 nsAutoString unescaped;
2721 textToSubURI->UnEscapeURIForUI(NS_ConvertUTF16toUTF8(aFilename),
2722 /* dontEscape = */ true, unescaped);
2723 aFilename.Assign(unescaped);
2724 }
2725 }
2726
2727 return NS_OK;
2728 }
2729
2730 void net_EnsurePSMInit() {
2731 if (XRE_IsSocketProcess()) {
2732 EnsureNSSInitializedChromeOrContent();
2733 return;
2734 }
2735
2736 MOZ_ASSERT(XRE_IsParentProcess());
2737 MOZ_ASSERT(NS_IsMainThread());
2738
2739 DebugOnly<bool> rv = EnsureNSSInitializedChromeOrContent();
2740 MOZ_ASSERT(rv);
2741 }
2742
2743 bool NS_IsAboutBlank(nsIURI* uri) {
2744 // GetSpec can be expensive for some URIs, so check the scheme first.
2745 if (!uri->SchemeIs("about")) {
2746 return false;
2747 }
2748
2749 nsAutoCString spec;
2750 if (NS_FAILED(uri->GetSpec(spec))) {
2751 return false;
2752 }
2753
2754 return spec.EqualsLiteral("about:blank");
2755 }
2756
2757 bool NS_IsAboutSrcdoc(nsIURI* uri) {
2758 // GetSpec can be expensive for some URIs, so check the scheme first.
2759 if (!uri->SchemeIs("about")) {
2760 return false;
2761 }
2762
2763 nsAutoCString spec;
2764 if (NS_FAILED(uri->GetSpec(spec))) {
2765 return false;
2766 }
2767
2768 return spec.EqualsLiteral("about:srcdoc");
2769 }
2770
2771 nsresult NS_GenerateHostPort(const nsCString& host, int32_t port,
2772 nsACString& hostLine) {
2773 if (strchr(host.get(), ':')) {
2774 // host is an IPv6 address literal and must be encapsulated in []'s
2775 hostLine.Assign('[');
2776 // scope id is not needed for Host header.
2777 int scopeIdPos = host.FindChar('%');
2778 if (scopeIdPos == -1) {
2779 hostLine.Append(host);
2780 } else if (scopeIdPos > 0) {
2781 hostLine.Append(Substring(host, 0, scopeIdPos));
2782 } else {
2783 return NS_ERROR_MALFORMED_URI;
2784 }
2785 hostLine.Append(']');
2786 } else {
2787 hostLine.Assign(host);
2788 }
2789 if (port != -1) {
2790 hostLine.Append(':');
2791 hostLine.AppendInt(port);
2792 }
2793 return NS_OK;
2794 }
2795
2796 void NS_SniffContent(const char* aSnifferType, nsIRequest* aRequest,
2797 const uint8_t* aData, uint32_t aLength,
2798 nsACString& aSniffedType) {
2799 using ContentSnifferCache = nsCategoryCache<nsIContentSniffer>;
2800 extern ContentSnifferCache* gNetSniffers;
2801 extern ContentSnifferCache* gDataSniffers;
2802 extern ContentSnifferCache* gORBSniffers;
2803 extern ContentSnifferCache* gNetAndORBSniffers;
2804 ContentSnifferCache* cache = nullptr;
2805 if (!strcmp(aSnifferType, NS_CONTENT_SNIFFER_CATEGORY)) {
2806 if (!gNetSniffers) {
2807 gNetSniffers = new ContentSnifferCache(NS_CONTENT_SNIFFER_CATEGORY);
2808 }
2809 cache = gNetSniffers;
2810 } else if (!strcmp(aSnifferType, NS_DATA_SNIFFER_CATEGORY)) {
2811 if (!gDataSniffers) {
2812 gDataSniffers = new ContentSnifferCache(NS_DATA_SNIFFER_CATEGORY);
2813 }
2814 cache = gDataSniffers;
2815 } else if (!strcmp(aSnifferType, NS_ORB_SNIFFER_CATEGORY)) {
2816 if (!gORBSniffers) {
2817 gORBSniffers = new ContentSnifferCache(NS_ORB_SNIFFER_CATEGORY);
2818 }
2819 cache = gORBSniffers;
2820 } else if (!strcmp(aSnifferType, NS_CONTENT_AND_ORB_SNIFFER_CATEGORY)) {
2821 if (!gNetAndORBSniffers) {
2822 gNetAndORBSniffers =
2823 new ContentSnifferCache(NS_CONTENT_AND_ORB_SNIFFER_CATEGORY);
2824 }
2825 cache = gNetAndORBSniffers;
2826 } else {
2827 // Invalid content sniffer type was requested
2828 MOZ_ASSERT(false);
2829 return;
2830 }
2831
2832 // In case XCTO nosniff was present, we could just skip sniffing here
2833 nsCOMPtr<nsIChannel> channel = do_QueryInterface(aRequest);
2834 if (channel) {
2835 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
2836 if (loadInfo->GetSkipContentSniffing()) {
2837 /* Bug 1571742
2838 * We cannot skip snffing if the current MIME-Type might be a JSON.
2839 * The JSON-Viewer relies on its own sniffer to determine, if it can
2840 * render the page, so we need to make an exception if the Server provides
2841 * a application/ mime, as it might be json.
2842 */
2843 nsAutoCString currentContentType;
2844 channel->GetContentType(currentContentType);
2845 if (!StringBeginsWith(currentContentType, "application/"_ns)) {
2846 return;
2847 }
2848 }
2849 }
2850 nsCOMArray<nsIContentSniffer> sniffers;
2851 cache->GetEntries(sniffers);
2852 for (int32_t i = 0; i < sniffers.Count(); ++i) {
2853 nsresult rv = sniffers[i]->GetMIMETypeFromContent(aRequest, aData, aLength,
2854 aSniffedType);
2855 if (NS_SUCCEEDED(rv) && !aSniffedType.IsEmpty()) {
2856 return;
2857 }
2858 }
2859
2860 aSniffedType.Truncate();
2861 }
2862
2863 bool NS_IsSrcdocChannel(nsIChannel* aChannel) {
2864 bool isSrcdoc;
2865 nsCOMPtr<nsIInputStreamChannel> isr = do_QueryInterface(aChannel);
2866 if (isr) {
2867 isr->GetIsSrcdocChannel(&isSrcdoc);
2868 return isSrcdoc;
2869 }
2870 nsCOMPtr<nsIViewSourceChannel> vsc = do_QueryInterface(aChannel);
2871 if (vsc) {
2872 nsresult rv = vsc->GetIsSrcdocChannel(&isSrcdoc);
2873 if (NS_SUCCEEDED(rv)) {
2874 return isSrcdoc;
2875 }
2876 }
2877 return false;
2878 }
2879
2880 // helper function for NS_ShouldSecureUpgrade for checking HSTS
2881 bool handleResultFunc(bool aAllowSTS, bool aIsStsHost) {
2882 if (aIsStsHost) {
2883 LOG(("nsHttpChannel::Connect() STS permissions found\n"));
2884 if (aAllowSTS) {
2885 Telemetry::AccumulateCategorical(
2886 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::STS);
2887 return true;
2888 }
2889 Telemetry::AccumulateCategorical(
2890 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::PrefBlockedSTS);
2891 } else {
2892 Telemetry::AccumulateCategorical(
2893 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::NoReasonToUpgrade);
2894 }
2895 return false;
2896 };
2897 // That function is a helper function of NS_ShouldSecureUpgrade to check if
2898 // CSP upgrade-insecure-requests, Mixed content auto upgrading or HTTPs-Only/-
2899 // First should upgrade the given request.
2900 static bool ShouldSecureUpgradeNoHSTS(nsIURI* aURI, nsILoadInfo* aLoadInfo) {
2901 // 2. CSP upgrade-insecure-requests
2902 if (aLoadInfo->GetUpgradeInsecureRequests()) {
2903 // let's log a message to the console that we are upgrading a request
2904 nsAutoCString scheme;
2905 aURI->GetScheme(scheme);
2906 // append the additional 's' for security to the scheme :-)
2907 scheme.AppendLiteral("s");
2908 NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault());
2909 NS_ConvertUTF8toUTF16 reportScheme(scheme);
2910 AutoTArray<nsString, 2> params = {reportSpec, reportScheme};
2911 uint64_t innerWindowId = aLoadInfo->GetInnerWindowID();
2912 CSP_LogLocalizedStr("upgradeInsecureRequest", params,
2913 u""_ns, // aSourceFile
2914 u""_ns, // aScriptSample
2915 0, // aLineNumber
2916 1, // aColumnNumber
2917 nsIScriptError::warningFlag,
2918 "upgradeInsecureRequest"_ns, innerWindowId,
2919 !!aLoadInfo->GetOriginAttributes().mPrivateBrowsingId);
2920 Telemetry::AccumulateCategorical(
2921 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::CSP);
2922 return true;
2923 }
2924 // 3. Mixed content auto upgrading
2925 if (aLoadInfo->GetBrowserUpgradeInsecureRequests()) {
2926 // let's log a message to the console that we are upgrading a request
2927 nsAutoCString scheme;
2928 aURI->GetScheme(scheme);
2929 // append the additional 's' for security to the scheme :-)
2930 scheme.AppendLiteral("s");
2931 NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault());
2932 NS_ConvertUTF8toUTF16 reportScheme(scheme);
2933 AutoTArray<nsString, 2> params = {reportSpec, reportScheme};
2934
2935 nsAutoString localizedMsg;
2936 nsContentUtils::FormatLocalizedString(nsContentUtils::eSECURITY_PROPERTIES,
2937 "MixedContentAutoUpgrade", params,
2938 localizedMsg);
2939
2940 // Prepending ixed Content to the outgoing console message
2941 nsString message;
2942 message.AppendLiteral(u"Mixed Content: ");
2943 message.Append(localizedMsg);
2944
2945 uint64_t innerWindowId = aLoadInfo->GetInnerWindowID();
2946 nsContentUtils::ReportToConsoleByWindowID(
2947 message, nsIScriptError::warningFlag, "Mixed Content Message"_ns,
2948 innerWindowId, aURI);
2949
2950 // Set this flag so we know we'll upgrade because of
2951 // 'security.mixed_content.upgrade_display_content'.
2952 aLoadInfo->SetBrowserDidUpgradeInsecureRequests(true);
2953 Telemetry::AccumulateCategorical(
2954 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::BrowserDisplay);
2955
2956 return true;
2957 }
2958
2959 // 4. Https-Only
2960 if (nsHTTPSOnlyUtils::ShouldUpgradeRequest(aURI, aLoadInfo)) {
2961 Telemetry::AccumulateCategorical(
2962 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::HTTPSOnly);
2963 return true;
2964 }
2965 // 4.a Https-First
2966 if (nsHTTPSOnlyUtils::ShouldUpgradeHttpsFirstRequest(aURI, aLoadInfo)) {
2967 Telemetry::AccumulateCategorical(
2968 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::HTTPSFirst);
2969 return true;
2970 }
2971 return false;
2972 }
2973
2974 // Check if channel should be upgraded. check in the following order:
2975 // 1. HSTS
2976 // 2. CSP upgrade-insecure-requests
2977 // 3. Mixed content auto upgrading
2978 // 4. Https-Only / first
2979 // (5. Https RR - will be checked in nsHttpChannel)
2980 nsresult NS_ShouldSecureUpgrade(
2981 nsIURI* aURI, nsILoadInfo* aLoadInfo, nsIPrincipal* aChannelResultPrincipal,
2982 bool aAllowSTS, const OriginAttributes& aOriginAttributes,
2983 bool& aShouldUpgrade, std::function<void(bool, nsresult)>&& aResultCallback,
2984 bool& aWillCallback) {
2985 MOZ_ASSERT(XRE_IsParentProcess());
2986 if (!XRE_IsParentProcess()) {
2987 return NS_ERROR_NOT_AVAILABLE;
2988 }
2989
2990 aWillCallback = false;
2991 aShouldUpgrade = false;
2992
2993 // Even if we're in private browsing mode, we still enforce existing STS
2994 // data (it is read-only).
2995 // if the connection is not using SSL and either the exact host matches or
2996 // a superdomain wants to force HTTPS, do it.
2997 bool isHttps = aURI->SchemeIs("https");
2998
2999 // If request is https, then there is nothing to do here.
3000 if (isHttps) {
3001 Telemetry::AccumulateCategorical(
3002 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::AlreadyHTTPS);
3003 aShouldUpgrade = false;
3004 return NS_OK;
3005 }
3006 // If it is a mixed content trustworthy loopback, then we shouldn't upgrade
3007 // it.
3008 if (nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(aURI)) {
3009 aShouldUpgrade = false;
3010 return NS_OK;
3011 }
3012 // If no loadInfo exist there is nothing to upgrade here.
3013 if (!aLoadInfo) {
3014 aShouldUpgrade = false;
3015 return NS_OK;
3016 }
3017 MOZ_ASSERT(!aURI->SchemeIs("https"));
3018
3019 // enforce Strict-Transport-Security
3020 nsISiteSecurityService* sss = gHttpHandler->GetSSService();
3021 NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
3022
3023 bool isStsHost = false;
3024 // Calling |IsSecureURI| before the storage is ready to read will
3025 // block the main thread. Once the storage is ready, we can call it
3026 // from main thread.
3027 static Atomic<bool, Relaxed> storageReady(false);
3028 if (!storageReady && gSocketTransportService && aResultCallback) {
3029 nsCOMPtr<nsILoadInfo> loadInfo = aLoadInfo;
3030 nsCOMPtr<nsIURI> uri = aURI;
3031 auto callbackWrapper = [resultCallback{std::move(aResultCallback)}, uri,
3032 loadInfo](bool aShouldUpgrade, nsresult aStatus) {
3033 MOZ_ASSERT(NS_IsMainThread());
3034
3035 // 1. HSTS upgrade
3036 if (aShouldUpgrade || NS_FAILED(aStatus)) {
3037 resultCallback(aShouldUpgrade, aStatus);
3038 return;
3039 }
3040 // Check if we need to upgrade because of other reasons.
3041 // 2. CSP upgrade-insecure-requests
3042 // 3. Mixed content auto upgrading
3043 // 4. Https-Only / first
3044 bool shouldUpgrade = ShouldSecureUpgradeNoHSTS(uri, loadInfo);
3045 resultCallback(shouldUpgrade, aStatus);
3046 };
3047 nsCOMPtr<nsISiteSecurityService> service = sss;
3048 nsresult rv = gSocketTransportService->Dispatch(
3049 NS_NewRunnableFunction(
3050 "net::NS_ShouldSecureUpgrade",
3051 [service{std::move(service)}, uri{std::move(uri)},
3052 originAttributes(aOriginAttributes),
3053 handleResultFunc{std::move(handleResultFunc)},
3054 callbackWrapper{std::move(callbackWrapper)},
3055 allowSTS{std::move(aAllowSTS)}]() mutable {
3056 bool isStsHost = false;
3057 nsresult rv =
3058 service->IsSecureURI(uri, originAttributes, &isStsHost);
3059
3060 // Successfully get the result from |IsSecureURI| implies that
3061 // the storage is ready to read.
3062 storageReady = NS_SUCCEEDED(rv);
3063 bool shouldUpgrade = handleResultFunc(allowSTS, isStsHost);
3064 // Check if request should be upgraded.
3065 NS_DispatchToMainThread(NS_NewRunnableFunction(
3066 "net::NS_ShouldSecureUpgrade::ResultCallback",
3067 [rv, shouldUpgrade,
3068 callbackWrapper{std::move(callbackWrapper)}]() {
3069 callbackWrapper(shouldUpgrade, rv);
3070 }));
3071 }),
3072 NS_DISPATCH_NORMAL);
3073 aWillCallback = NS_SUCCEEDED(rv);
3074 return rv;
3075 }
3076
3077 nsresult rv = sss->IsSecureURI(aURI, aOriginAttributes, &isStsHost);
3078
3079 // if the SSS check fails, it's likely because this load is on a
3080 // malformed URI or something else in the setup is wrong, so any error
3081 // should be reported.
3082 NS_ENSURE_SUCCESS(rv, rv);
3083
3084 aShouldUpgrade = handleResultFunc(aAllowSTS, isStsHost);
3085 if (!aShouldUpgrade) {
3086 // Check for CSP upgrade-insecure-requests, Mixed content auto upgrading
3087 // and Https-Only / -First.
3088 aShouldUpgrade = ShouldSecureUpgradeNoHSTS(aURI, aLoadInfo);
3089 }
3090 return rv;
3091 }
3092
3093 nsresult NS_GetSecureUpgradedURI(nsIURI* aURI, nsIURI** aUpgradedURI) {
3094 NS_MutateURI mutator(aURI);
3095 mutator.SetScheme("https"_ns); // Change the scheme to HTTPS:
3096
3097 // Change the default port to 443:
3098 nsCOMPtr<nsIStandardURL> stdURL = do_QueryInterface(aURI);
3099 if (stdURL) {
3100 mutator.Apply(&nsIStandardURLMutator::SetDefaultPort, 443, nullptr);
3101 } else {
3102 // If we don't have a nsStandardURL, fall back to using GetPort/SetPort.
3103 // XXXdholbert Is this function even called with a non-nsStandardURL arg,
3104 // in practice?
3105 NS_WARNING("Calling NS_GetSecureUpgradedURI for non nsStandardURL");
3106 int32_t oldPort = -1;
3107 nsresult rv = aURI->GetPort(&oldPort);
3108 if (NS_FAILED(rv)) return rv;
3109
3110 // Keep any nonstandard ports so only the scheme is changed.
3111 // For example:
3112 // http://foo.com:80 -> https://foo.com:443
3113 // http://foo.com:81 -> https://foo.com:81
3114
3115 if (oldPort == 80 || oldPort == -1) {
3116 mutator.SetPort(-1);
3117 } else {
3118 mutator.SetPort(oldPort);
3119 }
3120 }
3121
3122 return mutator.Finalize(aUpgradedURI);
3123 }
3124
3125 nsresult NS_CompareLoadInfoAndLoadContext(nsIChannel* aChannel) {
3126 nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
3127
3128 nsCOMPtr<nsILoadContext> loadContext;
3129 NS_QueryNotificationCallbacks(aChannel, loadContext);
3130 if (!loadContext) {
3131 return NS_OK;
3132 }
3133
3134 // We try to skip about:newtab.
3135 // about:newtab will use SystemPrincipal to download thumbnails through
3136 // https:// and blob URLs.
3137 bool isAboutPage = false;
3138 nsINode* node = loadInfo->LoadingNode();
3139 if (node) {
3140 nsIURI* uri = node->OwnerDoc()->GetDocumentURI();
3141 isAboutPage = uri->SchemeIs("about");
3142 }
3143
3144 if (isAboutPage) {
3145 return NS_OK;
3146 }
3147
3148 // We skip the favicon loading here. The favicon loading might be
3149 // triggered by the XUL image. For that case, the loadContext will have
3150 // default originAttributes since the XUL image uses SystemPrincipal, but
3151 // the loadInfo will use originAttributes from the content. Thus, the
3152 // originAttributes between loadInfo and loadContext will be different.
3153 // That's why we have to skip the comparison for the favicon loading.
3154 if (loadInfo->GetLoadingPrincipal() &&
3155 loadInfo->GetLoadingPrincipal()->IsSystemPrincipal() &&
3156 loadInfo->InternalContentPolicyType() ==
3157 nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON) {
3158 return NS_OK;
3159 }
3160
3161 OriginAttributes originAttrsLoadInfo = loadInfo->GetOriginAttributes();
3162 OriginAttributes originAttrsLoadContext;
3163 loadContext->GetOriginAttributes(originAttrsLoadContext);
3164
3165 LOG(
3166 ("NS_CompareLoadInfoAndLoadContext - loadInfo: %d, %d; "
3167 "loadContext: %d, %d. [channel=%p]",
3168 originAttrsLoadInfo.mUserContextId,
3169 originAttrsLoadInfo.mPrivateBrowsingId,
3170 originAttrsLoadContext.mUserContextId,
3171 originAttrsLoadContext.mPrivateBrowsingId, aChannel));
3172
3173 MOZ_ASSERT(originAttrsLoadInfo.mUserContextId ==
3174 originAttrsLoadContext.mUserContextId,
3175 "The value of mUserContextId in the loadContext and in the "
3176 "loadInfo are not the same!");
3177
3178 MOZ_ASSERT(originAttrsLoadInfo.mPrivateBrowsingId ==
3179 originAttrsLoadContext.mPrivateBrowsingId,
3180 "The value of mPrivateBrowsingId in the loadContext and in the "
3181 "loadInfo are not the same!");
3182
3183 return NS_OK;
3184 }
3185
3186 nsresult NS_SetRequestBlockingReason(nsIChannel* channel, uint32_t reason) {
3187 NS_ENSURE_ARG(channel);
3188
3189 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
3190 return NS_SetRequestBlockingReason(loadInfo, reason);
3191 }
3192
3193 nsresult NS_SetRequestBlockingReason(nsILoadInfo* loadInfo, uint32_t reason) {
3194 NS_ENSURE_ARG(loadInfo);
3195
3196 return loadInfo->SetRequestBlockingReason(reason);
3197 }
3198
3199 nsresult NS_SetRequestBlockingReasonIfNull(nsILoadInfo* loadInfo,
3200 uint32_t reason) {
3201 NS_ENSURE_ARG(loadInfo);
3202
3203 uint32_t existingReason;
3204 if (NS_SUCCEEDED(loadInfo->GetRequestBlockingReason(&existingReason)) &&
3205 existingReason != nsILoadInfo::BLOCKING_REASON_NONE) {
3206 return NS_OK;
3207 }
3208
3209 return loadInfo->SetRequestBlockingReason(reason);
3210 }
3211
3212 bool NS_IsOffline() {
3213 bool offline = true;
3214 bool connectivity = true;
3215 nsCOMPtr<nsIIOService> ios = do_GetIOService();
3216 if (ios) {
3217 ios->GetOffline(&offline);
3218 ios->GetConnectivity(&connectivity);
3219 }
3220 return offline || !connectivity;
3221 }
3222
3223 /**
3224 * This function returns true if this channel should be classified by
3225 * the URL Classifier, false otherwise.
3226 *
3227 * The idea of the algorithm to determine if a channel should be
3228 * classified is based on:
3229 * 1. Channels created by non-privileged code should be classified.
3230 * 2. Top-level document’s channels, if loaded by privileged code
3231 * (system principal), should be classified.
3232 * 3. Any other channel, created by privileged code, is considered safe.
3233 *
3234 * A bad/hacked/corrupted safebrowsing database, plus a mistakenly
3235 * classified critical channel (this may result from a bug in the exemption
3236 * rules or incorrect information being passed into) can cause serious
3237 * problems. For example, if the updater channel is classified and blocked
3238 * by the Safe Browsing, Firefox can't update itself, and there is no way to
3239 * recover from that.
3240 *
3241 * So two safeguards are added to ensure critical channels are never
3242 * automatically classified either because there is a bug in the algorithm
3243 * or the data in loadinfo is wrong.
3244 * 1. beConservative, this is set by ServiceRequest and we treat
3245 * channel created for ServiceRequest as critical channels.
3246 * 2. nsIChannel::LOAD_BYPASS_URL_CLASSIFIER, channel's opener can use this
3247 * flag to enforce bypassing the URL classifier check.
3248 */
3249 bool NS_ShouldClassifyChannel(nsIChannel* aChannel) {
3250 nsLoadFlags loadFlags;
3251 Unused << aChannel->GetLoadFlags(&loadFlags);
3252 // If our load flags dictate that we must let this channel through without
3253 // URL classification, obey that here without performing more checks.
3254 if (loadFlags & nsIChannel::LOAD_BYPASS_URL_CLASSIFIER) {
3255 return false;
3256 }
3257
3258 nsCOMPtr<nsIHttpChannelInternal> httpChannel(do_QueryInterface(aChannel));
3259 if (httpChannel) {
3260 bool beConservative;
3261 nsresult rv = httpChannel->GetBeConservative(&beConservative);
3262
3263 // beConservative flag, set by ServiceRequest to ensure channels that
3264 // fetch update use conservative TLS setting, are used here to identify
3265 // channels are critical to bypass classification. for channels don't
3266 // support beConservative, continue to apply the exemption rules.
3267 if (NS_SUCCEEDED(rv) && beConservative) {
3268 return false;
3269 }
3270 }
3271
3272 nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
3273 ExtContentPolicyType type = loadInfo->GetExternalContentPolicyType();
3274 // Skip classifying channel triggered by system unless it is a top-level
3275 // load.
3276 return !(loadInfo->TriggeringPrincipal()->IsSystemPrincipal() &&
3277 ExtContentPolicy::TYPE_DOCUMENT != type);
3278 }
3279
3280 namespace mozilla {
3281 namespace net {
3282
3283 bool InScriptableRange(int64_t val) {
3284 return (val <= kJS_MAX_SAFE_INTEGER) && (val >= kJS_MIN_SAFE_INTEGER);
3285 }
3286
3287 bool InScriptableRange(uint64_t val) { return val <= kJS_MAX_SAFE_UINTEGER; }
3288
3289 nsresult GetParameterHTTP(const nsACString& aHeaderVal, const char* aParamName,
3290 nsAString& aResult) {
3291 return nsMIMEHeaderParamImpl::GetParameterHTTP(aHeaderVal, aParamName,
3292 aResult);
3293 }
3294
3295 bool ChannelIsPost(nsIChannel* aChannel) {
3296 if (nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel)) {
3297 nsAutoCString method;
3298 Unused << httpChannel->GetRequestMethod(method);
3299 return method.EqualsLiteral("POST");
3300 }
3301 return false;
3302 }
3303
3304 bool SchemeIsHTTP(nsIURI* aURI) {
3305 MOZ_ASSERT(aURI);
3306 return aURI->SchemeIs("http");
3307 }
3308
3309 bool SchemeIsHTTPS(nsIURI* aURI) {
3310 MOZ_ASSERT(aURI);
3311 return aURI->SchemeIs("https");
3312 }
3313
3314 bool SchemeIsJavascript(nsIURI* aURI) {
3315 MOZ_ASSERT(aURI);
3316 return aURI->SchemeIs("javascript");
3317 }
3318
3319 bool SchemeIsChrome(nsIURI* aURI) {
3320 MOZ_ASSERT(aURI);
3321 return aURI->SchemeIs("chrome");
3322 }
3323
3324 bool SchemeIsAbout(nsIURI* aURI) {
3325 MOZ_ASSERT(aURI);
3326 return aURI->SchemeIs("about");
3327 }
3328
3329 bool SchemeIsBlob(nsIURI* aURI) {
3330 MOZ_ASSERT(aURI);
3331 return aURI->SchemeIs("blob");
3332 }
3333
3334 bool SchemeIsFile(nsIURI* aURI) {
3335 MOZ_ASSERT(aURI);
3336 return aURI->SchemeIs("file");
3337 }
3338
3339 bool SchemeIsData(nsIURI* aURI) {
3340 MOZ_ASSERT(aURI);
3341 return aURI->SchemeIs("data");
3342 }
3343
3344 bool SchemeIsViewSource(nsIURI* aURI) {
3345 MOZ_ASSERT(aURI);
3346 return aURI->SchemeIs("view-source");
3347 }
3348
3349 bool SchemeIsResource(nsIURI* aURI) {
3350 MOZ_ASSERT(aURI);
3351 return aURI->SchemeIs("resource");
3352 }
3353
3354 bool SchemeIsFTP(nsIURI* aURI) {
3355 MOZ_ASSERT(aURI);
3356 return aURI->SchemeIs("ftp");
3357 }
3358
3359 bool SchemeIsSpecial(const nsACString& aScheme) {
3360 // See https://url.spec.whatwg.org/#special-scheme
3361 return aScheme.EqualsIgnoreCase("ftp") || aScheme.EqualsIgnoreCase("file") ||
3362 aScheme.EqualsIgnoreCase("http") ||
3363 aScheme.EqualsIgnoreCase("https") || aScheme.EqualsIgnoreCase("ws") ||
3364 aScheme.EqualsIgnoreCase("wss");
3365 }
3366
3367 bool IsSchemeChangePermitted(nsIURI* aOldURI, const nsACString& newScheme) {
3368 // See step 2.1 in https://url.spec.whatwg.org/#special-scheme
3369 // Note: The spec text uses "buffer" instead of newScheme, and "url"
3370 MOZ_ASSERT(aOldURI);
3371
3372 nsAutoCString tmp;
3373 nsresult rv = aOldURI->GetScheme(tmp);
3374 // If url's scheme is a special scheme and buffer is not a
3375 // special scheme, then return.
3376 // If url's scheme is not a special scheme and buffer is a
3377 // special scheme, then return.
3378 if (NS_FAILED(rv) || SchemeIsSpecial(tmp) != SchemeIsSpecial(newScheme)) {
3379 return false;
3380 }
3381
3382 // If url's scheme is "file" and its host is an empty host, then return.
3383 if (aOldURI->SchemeIs("file")) {
3384 rv = aOldURI->GetHost(tmp);
3385 if (NS_FAILED(rv) || tmp.IsEmpty()) {
3386 return false;
3387 }
3388 }
3389
3390 // URL Spec: If url includes credentials or has a non-null port, and
3391 // buffer is "file", then return.
3392 if (newScheme.EqualsIgnoreCase("file")) {
3393 bool hasUserPass;
3394 if (NS_FAILED(aOldURI->GetHasUserPass(&hasUserPass)) || hasUserPass) {
3395 return false;
3396 }
3397 int32_t port;
3398 rv = aOldURI->GetPort(&port);
3399 if (NS_FAILED(rv) || port != -1) {
3400 return false;
3401 }
3402 }
3403
3404 return true;
3405 }
3406
3407 already_AddRefed<nsIURI> TryChangeProtocol(nsIURI* aURI,
3408 const nsAString& aProtocol) {
3409 MOZ_ASSERT(aURI);
3410
3411 nsAString::const_iterator start;
3412 aProtocol.BeginReading(start);
3413
3414 nsAString::const_iterator end;
3415 aProtocol.EndReading(end);
3416
3417 nsAString::const_iterator iter(start);
3418 FindCharInReadable(':', iter, end);
3419
3420 // Changing the protocol of a URL, changes the "nature" of the URI
3421 // implementation. In order to do this properly, we have to serialize the
3422 // existing URL and reparse it in a new object.
3423 nsCOMPtr<nsIURI> clone;
3424 nsresult rv = NS_MutateURI(aURI)
3425 .SetScheme(NS_ConvertUTF16toUTF8(Substring(start, iter)))
3426 .Finalize(clone);
3427 if (NS_WARN_IF(NS_FAILED(rv))) {
3428 return nullptr;
3429 }
3430
3431 if (StaticPrefs::network_url_strict_protocol_setter()) {
3432 nsAutoCString newScheme;
3433 rv = clone->GetScheme(newScheme);
3434 if (NS_FAILED(rv) || !net::IsSchemeChangePermitted(aURI, newScheme)) {
3435 nsAutoCString url;
3436 Unused << clone->GetSpec(url);
3437 AutoTArray<nsString, 2> params;
3438 params.AppendElement(NS_ConvertUTF8toUTF16(url));
3439 params.AppendElement(NS_ConvertUTF8toUTF16(newScheme));
3440 nsContentUtils::ReportToConsole(
3441 nsIScriptError::warningFlag, "Strict Url Protocol Setter"_ns, nullptr,
3442 nsContentUtils::eNECKO_PROPERTIES, "StrictUrlProtocolSetter", params);
3443 return nullptr;
3444 }
3445 }
3446
3447 nsAutoCString href;
3448 rv = clone->GetSpec(href);
3449 if (NS_WARN_IF(NS_FAILED(rv))) {
3450 return nullptr;
3451 }
3452
3453 RefPtr<nsIURI> uri;
3454 rv = NS_NewURI(getter_AddRefs(uri), href);
3455 if (NS_WARN_IF(NS_FAILED(rv))) {
3456 return nullptr;
3457 }
3458 return uri.forget();
3459 }
3460
3461 // Decode a parameter value using the encoding defined in RFC 5987 (in place)
3462 //
3463 // charset "'" [ language ] "'" value-chars
3464 //
3465 // returns true when decoding happened successfully (otherwise leaves
3466 // passed value alone)
3467 static bool Decode5987Format(nsAString& aEncoded) {
3468 nsresult rv;
3469 nsCOMPtr<nsIMIMEHeaderParam> mimehdrpar =
3470 do_GetService(NS_MIMEHEADERPARAM_CONTRACTID, &rv);
3471 if (NS_FAILED(rv)) return false;
3472
3473 nsAutoCString asciiValue;
3474
3475 const char16_t* encstart = aEncoded.BeginReading();
3476 const char16_t* encend = aEncoded.EndReading();
3477
3478 // create a plain ASCII string, aborting if we can't do that
3479 // converted form is always shorter than input
3480 while (encstart != encend) {
3481 if (*encstart > 0 && *encstart < 128) {
3482 asciiValue.Append((char)*encstart);
3483 } else {
3484 return false;
3485 }
3486 encstart++;
3487 }
3488
3489 nsAutoString decoded;
3490 nsAutoCString language;
3491
3492 rv = mimehdrpar->DecodeRFC5987Param(asciiValue, language, decoded);
3493 if (NS_FAILED(rv)) return false;
3494
3495 aEncoded = decoded;
3496 return true;
3497 }
3498
3499 LinkHeader::LinkHeader() { mCrossOrigin.SetIsVoid(true); }
3500
3501 void LinkHeader::Reset() {
3502 mHref.Truncate();
3503 mRel.Truncate();
3504 mTitle.Truncate();
3505 mNonce.Truncate();
3506 mIntegrity.Truncate();
3507 mSrcset.Truncate();
3508 mSizes.Truncate();
3509 mType.Truncate();
3510 mMedia.Truncate();
3511 mAnchor.Truncate();
3512 mCrossOrigin.Truncate();
3513 mReferrerPolicy.Truncate();
3514 mAs.Truncate();
3515 mCrossOrigin.SetIsVoid(true);
3516 mFetchPriority.Truncate();
3517 }
3518
3519 nsresult LinkHeader::NewResolveHref(nsIURI** aOutURI, nsIURI* aBaseURI) const {
3520 if (mAnchor.IsEmpty()) {
3521 // use the base uri
3522 return NS_NewURI(aOutURI, mHref, nullptr, aBaseURI);
3523 }
3524
3525 // compute the anchored URI
3526 nsCOMPtr<nsIURI> anchoredURI;
3527 nsresult rv =
3528 NS_NewURI(getter_AddRefs(anchoredURI), mAnchor, nullptr, aBaseURI);
3529 NS_ENSURE_SUCCESS(rv, rv);
3530
3531 return NS_NewURI(aOutURI, mHref, nullptr, anchoredURI);
3532 }
3533
3534 bool LinkHeader::operator==(const LinkHeader& rhs) const {
3535 return mHref == rhs.mHref && mRel == rhs.mRel && mTitle == rhs.mTitle &&
3536 mNonce == rhs.mNonce && mIntegrity == rhs.mIntegrity &&
3537 mSrcset == rhs.mSrcset && mSizes == rhs.mSizes && mType == rhs.mType &&
3538 mMedia == rhs.mMedia && mAnchor == rhs.mAnchor &&
3539 mCrossOrigin == rhs.mCrossOrigin &&
3540 mReferrerPolicy == rhs.mReferrerPolicy && mAs == rhs.mAs &&
3541 mFetchPriority == rhs.mFetchPriority;
3542 }
3543
3544 constexpr auto kTitleStar = "title*"_ns;
3545
3546 nsTArray<LinkHeader> ParseLinkHeader(const nsAString& aLinkData) {
3547 nsTArray<LinkHeader> linkHeaders;
3548
3549 // keep track where we are within the header field
3550 bool seenParameters = false;
3551
3552 // parse link content and add to array
3553 LinkHeader header;
3554 nsAutoString titleStar;
3555
3556 // copy to work buffer
3557 nsAutoString stringList(aLinkData);
3558
3559 // put an extra null at the end
3560 stringList.Append(kNullCh);
3561
3562 char16_t* start = stringList.BeginWriting();
3563
3564 while (*start != kNullCh) {
3565 // parse link content and call process style link
3566
3567 // skip leading space
3568 while ((*start != kNullCh) && nsCRT::IsAsciiSpace(*start)) {
3569 ++start;
3570 }
3571
3572 char16_t* end = start;
3573 char16_t* last = end - 1;
3574
3575 bool wasQuotedString = false;
3576
3577 // look for semicolon or comma
3578 while (*end != kNullCh && *end != kSemicolon && *end != kComma) {
3579 char16_t ch = *end;
3580
3581 if (ch == kQuote || ch == kLessThan) {
3582 // quoted string
3583
3584 char16_t quote = ch;
3585 if (quote == kLessThan) {
3586 quote = kGreaterThan;
3587 }
3588
3589 wasQuotedString = (ch == kQuote);
3590
3591 char16_t* closeQuote = (end + 1);
3592
3593 // seek closing quote
3594 while (*closeQuote != kNullCh && quote != *closeQuote) {
3595 // in quoted-string, "\" is an escape character
3596 if (wasQuotedString && *closeQuote == kBackSlash &&
3597 *(closeQuote + 1) != kNullCh) {
3598 ++closeQuote;
3599 }
3600
3601 ++closeQuote;
3602 }
3603
3604 if (quote == *closeQuote) {
3605 // found closer
3606
3607 // skip to close quote
3608 end = closeQuote;
3609
3610 last = end - 1;
3611
3612 ch = *(end + 1);
3613
3614 if (ch != kNullCh && ch != kSemicolon && ch != kComma) {
3615 // end string here
3616 *(++end) = kNullCh;
3617
3618 ch = *(end + 1);
3619
3620 // keep going until semi or comma
3621 while (ch != kNullCh && ch != kSemicolon && ch != kComma) {
3622 ++end;
3623
3624 ch = *(end + 1);
3625 }
3626 }
3627 }
3628 }
3629
3630 ++end;
3631 ++last;
3632 }
3633
3634 char16_t endCh = *end;
3635
3636 // end string here
3637 *end = kNullCh;
3638
3639 if (start < end) {
3640 if ((*start == kLessThan) && (*last == kGreaterThan)) {
3641 *last = kNullCh;
3642
3643 // first instance of <...> wins
3644 // also, do not allow hrefs after the first param was seen
3645 if (header.mHref.IsEmpty() && !seenParameters) {
3646 header.mHref = (start + 1);
3647 header.mHref.StripWhitespace();
3648 }
3649 } else {
3650 char16_t* equals = start;
3651 seenParameters = true;
3652
3653 while ((*equals != kNullCh) && (*equals != kEqual)) {
3654 equals++;
3655 }
3656
3657 const bool hadEquals = *equals != kNullCh;
3658 *equals = kNullCh;
3659 nsAutoString attr(start);
3660 attr.StripWhitespace();
3661
3662 char16_t* value = hadEquals ? ++equals : equals;
3663 while (nsCRT::IsAsciiSpace(*value)) {
3664 value++;
3665 }
3666
3667 if ((*value == kQuote) && (*value == *last)) {
3668 *last = kNullCh;
3669 value++;
3670 }
3671
3672 if (wasQuotedString) {
3673 // unescape in-place
3674 char16_t* unescaped = value;
3675 char16_t* src = value;
3676
3677 while (*src != kNullCh) {
3678 if (*src == kBackSlash && *(src + 1) != kNullCh) {
3679 src++;
3680 }
3681 *unescaped++ = *src++;
3682 }
3683
3684 *unescaped = kNullCh;
3685 }
3686
3687 if (attr.LowerCaseEqualsASCII(kTitleStar.get())) {
3688 if (titleStar.IsEmpty() && !wasQuotedString) {
3689 // RFC 5987 encoding; uses token format only, so skip if we get
3690 // here with a quoted-string
3691 nsAutoString tmp;
3692 tmp = value;
3693 if (Decode5987Format(tmp)) {
3694 titleStar = tmp;
3695 titleStar.CompressWhitespace();
3696 } else {
3697 // header value did not parse, throw it away
3698 titleStar.Truncate();
3699 }
3700 }
3701 } else {
3702 header.MaybeUpdateAttribute(attr, value);
3703 }
3704 }
3705 }
3706
3707 if (endCh == kComma) {
3708 // hit a comma, process what we've got so far
3709
3710 header.mHref.Trim(" \t\n\r\f"); // trim HTML5 whitespace
3711 if (!header.mHref.IsEmpty() && !header.mRel.IsEmpty()) {
3712 if (!titleStar.IsEmpty()) {
3713 // prefer RFC 5987 variant over non-I18zed version
3714 header.mTitle = titleStar;
3715 }
3716 linkHeaders.AppendElement(header);
3717 }
3718
3719 titleStar.Truncate();
3720 header.Reset();
3721
3722 seenParameters = false;
3723 }
3724
3725 start = ++end;
3726 }
3727
3728 header.mHref.Trim(" \t\n\r\f"); // trim HTML5 whitespace
3729 if (!header.mHref.IsEmpty() && !header.mRel.IsEmpty()) {
3730 if (!titleStar.IsEmpty()) {
3731 // prefer RFC 5987 variant over non-I18zed version
3732 header.mTitle = titleStar;
3733 }
3734 linkHeaders.AppendElement(header);
3735 }
3736
3737 return linkHeaders;
3738 }
3739
3740 void LinkHeader::MaybeUpdateAttribute(const nsAString& aAttribute,
3741 const char16_t* aValue) {
3742 MOZ_ASSERT(!aAttribute.LowerCaseEqualsASCII(kTitleStar.get()));
3743
3744 if (aAttribute.LowerCaseEqualsLiteral("rel")) {
3745 if (mRel.IsEmpty()) {
3746 mRel = aValue;
3747 mRel.CompressWhitespace();
3748 }
3749 } else if (aAttribute.LowerCaseEqualsLiteral("title")) {
3750 if (mTitle.IsEmpty()) {
3751 mTitle = aValue;
3752 mTitle.CompressWhitespace();
3753 }
3754 } else if (aAttribute.LowerCaseEqualsLiteral("type")) {
3755 if (mType.IsEmpty()) {
3756 mType = aValue;
3757 mType.StripWhitespace();
3758 }
3759 } else if (aAttribute.LowerCaseEqualsLiteral("media")) {
3760 if (mMedia.IsEmpty()) {
3761 mMedia = aValue;
3762
3763 // The HTML5 spec is formulated in terms of the CSS3 spec,
3764 // which specifies that media queries are case insensitive.
3765 nsContentUtils::ASCIIToLower(mMedia);
3766 }
3767 } else if (aAttribute.LowerCaseEqualsLiteral("anchor")) {
3768 if (mAnchor.IsEmpty()) {
3769 mAnchor = aValue;
3770 mAnchor.StripWhitespace();
3771 }
3772 } else if (aAttribute.LowerCaseEqualsLiteral("crossorigin")) {
3773 if (mCrossOrigin.IsVoid()) {
3774 mCrossOrigin.SetIsVoid(false);
3775 mCrossOrigin = aValue;
3776 mCrossOrigin.StripWhitespace();
3777 }
3778 } else if (aAttribute.LowerCaseEqualsLiteral("as")) {
3779 if (mAs.IsEmpty()) {
3780 mAs = aValue;
3781 mAs.CompressWhitespace();
3782 }
3783 } else if (aAttribute.LowerCaseEqualsLiteral("referrerpolicy")) {
3784 // https://html.spec.whatwg.org/multipage/urls-and-fetching.html#referrer-policy-attribute
3785 // Specs says referrer policy attribute is an enumerated attribute,
3786 // case insensitive and includes the empty string
3787 // We will parse the aValue with AttributeReferrerPolicyFromString
3788 // later, which will handle parsing it as an enumerated attribute.
3789 if (mReferrerPolicy.IsEmpty()) {
3790 mReferrerPolicy = aValue;
3791 }
3792
3793 } else if (aAttribute.LowerCaseEqualsLiteral("nonce")) {
3794 if (mNonce.IsEmpty()) {
3795 mNonce = aValue;
3796 }
3797 } else if (aAttribute.LowerCaseEqualsLiteral("integrity")) {
3798 if (mIntegrity.IsEmpty()) {
3799 mIntegrity = aValue;
3800 }
3801 } else if (aAttribute.LowerCaseEqualsLiteral("imagesrcset")) {
3802 if (mSrcset.IsEmpty()) {
3803 mSrcset = aValue;
3804 }
3805 } else if (aAttribute.LowerCaseEqualsLiteral("imagesizes")) {
3806 if (mSizes.IsEmpty()) {
3807 mSizes = aValue;
3808 }
3809 } else if (aAttribute.LowerCaseEqualsLiteral("fetchpriority")) {
3810 if (mFetchPriority.IsEmpty()) {
3811 LOG(("Update fetchPriority to \"%s\"",
3812 NS_ConvertUTF16toUTF8(aValue).get()));
3813 mFetchPriority = aValue;
3814 }
3815 }
3816 }
3817
3818 // We will use official mime-types from:
3819 // https://www.iana.org/assignments/media-types/media-types.xhtml#font
3820 // We do not support old deprecated mime-types for preload feature.
3821 // (We currectly do not support font/collection)
3822 static uint32_t StyleLinkElementFontMimeTypesNum = 5;
3823 static const char* StyleLinkElementFontMimeTypes[] = {
3824 "font/otf", "font/sfnt", "font/ttf", "font/woff", "font/woff2"};
3825
3826 bool IsFontMimeType(const nsAString& aType) {
3827 if (aType.IsEmpty()) {
3828 return true;
3829 }
3830 for (uint32_t i = 0; i < StyleLinkElementFontMimeTypesNum; i++) {
3831 if (aType.EqualsASCII(StyleLinkElementFontMimeTypes[i])) {
3832 return true;
3833 }
3834 }
3835 return false;
3836 }
3837
3838 static const nsAttrValue::EnumTable kAsAttributeTable[] = {
3839 {"", DESTINATION_INVALID}, {"audio", DESTINATION_AUDIO},
3840 {"font", DESTINATION_FONT}, {"image", DESTINATION_IMAGE},
3841 {"script", DESTINATION_SCRIPT}, {"style", DESTINATION_STYLE},
3842 {"track", DESTINATION_TRACK}, {"video", DESTINATION_VIDEO},
3843 {"fetch", DESTINATION_FETCH}, {nullptr, 0}};
3844
3845 void ParseAsValue(const nsAString& aValue, nsAttrValue& aResult) {
3846 DebugOnly<bool> success =
3847 aResult.ParseEnumValue(aValue, kAsAttributeTable, false,
3848 // default value is a empty string
3849 // if aValue is not a value we
3850 // understand
3851 &kAsAttributeTable[0]);
3852 MOZ_ASSERT(success);
3853 }
3854
3855 nsContentPolicyType AsValueToContentPolicy(const nsAttrValue& aValue) {
3856 switch (aValue.GetEnumValue()) {
3857 case DESTINATION_INVALID:
3858 return nsIContentPolicy::TYPE_INVALID;
3859 case DESTINATION_AUDIO:
3860 return nsIContentPolicy::TYPE_INTERNAL_AUDIO;
3861 case DESTINATION_TRACK:
3862 return nsIContentPolicy::TYPE_INTERNAL_TRACK;
3863 case DESTINATION_VIDEO:
3864 return nsIContentPolicy::TYPE_INTERNAL_VIDEO;
3865 case DESTINATION_FONT:
3866 return nsIContentPolicy::TYPE_FONT;
3867 case DESTINATION_IMAGE:
3868 return nsIContentPolicy::TYPE_IMAGE;
3869 case DESTINATION_SCRIPT:
3870 return nsIContentPolicy::TYPE_SCRIPT;
3871 case DESTINATION_STYLE:
3872 return nsIContentPolicy::TYPE_STYLESHEET;
3873 case DESTINATION_FETCH:
3874 return nsIContentPolicy::TYPE_INTERNAL_FETCH_PRELOAD;
3875 }
3876 return nsIContentPolicy::TYPE_INVALID;
3877 }
3878
3879 // TODO: implement this using nsAttrValue's destination enums when support for
3880 // the new destinations is added; see this diff for a possible start:
3881 // https://phabricator.services.mozilla.com/D172368?vs=705114&id=708720
3882 bool IsScriptLikeOrInvalid(const nsAString& aAs) {
3883 return !(
3884 aAs.LowerCaseEqualsASCII("fetch") || aAs.LowerCaseEqualsASCII("audio") ||
3885 aAs.LowerCaseEqualsASCII("document") ||
3886 aAs.LowerCaseEqualsASCII("embed") || aAs.LowerCaseEqualsASCII("font") ||
3887 aAs.LowerCaseEqualsASCII("frame") || aAs.LowerCaseEqualsASCII("iframe") ||
3888 aAs.LowerCaseEqualsASCII("image") ||
3889 aAs.LowerCaseEqualsASCII("manifest") ||
3890 aAs.LowerCaseEqualsASCII("object") ||
3891 aAs.LowerCaseEqualsASCII("report") || aAs.LowerCaseEqualsASCII("style") ||
3892 aAs.LowerCaseEqualsASCII("track") || aAs.LowerCaseEqualsASCII("video") ||
3893 aAs.LowerCaseEqualsASCII("webidentity") ||
3894 aAs.LowerCaseEqualsASCII("xslt"));
3895 }
3896
3897 bool CheckPreloadAttrs(const nsAttrValue& aAs, const nsAString& aType,
3898 const nsAString& aMedia,
3899 mozilla::dom::Document* aDocument) {
3900 nsContentPolicyType policyType = AsValueToContentPolicy(aAs);
3901 if (policyType == nsIContentPolicy::TYPE_INVALID) {
3902 return false;
3903 }
3904
3905 // Check if media attribute is valid.
3906 if (!aMedia.IsEmpty()) {
3907 RefPtr<mozilla::dom::MediaList> mediaList =
3908 mozilla::dom::MediaList::Create(NS_ConvertUTF16toUTF8(aMedia));
3909 if (!mediaList->Matches(*aDocument)) {
3910 return false;
3911 }
3912 }
3913
3914 if (aType.IsEmpty()) {
3915 return true;
3916 }
3917
3918 if (policyType == nsIContentPolicy::TYPE_INTERNAL_FETCH_PRELOAD) {
3919 return true;
3920 }
3921
3922 nsAutoString type(aType);
3923 ToLowerCase(type);
3924 if (policyType == nsIContentPolicy::TYPE_MEDIA) {
3925 if (aAs.GetEnumValue() == DESTINATION_TRACK) {
3926 return type.EqualsASCII("text/vtt");
3927 }
3928 Maybe<MediaContainerType> mimeType = MakeMediaContainerType(aType);
3929 if (!mimeType) {
3930 return false;
3931 }
3932 DecoderDoctorDiagnostics diagnostics;
3933 CanPlayStatus status =
3934 DecoderTraits::CanHandleContainerType(*mimeType, &diagnostics);
3935 // Preload if this return CANPLAY_YES and CANPLAY_MAYBE.
3936 return status != CANPLAY_NO;
3937 }
3938 if (policyType == nsIContentPolicy::TYPE_FONT) {
3939 return IsFontMimeType(type);
3940 }
3941 if (policyType == nsIContentPolicy::TYPE_IMAGE) {
3942 return imgLoader::SupportImageWithMimeType(
3943 NS_ConvertUTF16toUTF8(type), AcceptedMimeTypes::IMAGES_AND_DOCUMENTS);
3944 }
3945 if (policyType == nsIContentPolicy::TYPE_SCRIPT) {
3946 return nsContentUtils::IsJavascriptMIMEType(type);
3947 }
3948 if (policyType == nsIContentPolicy::TYPE_STYLESHEET) {
3949 return type.EqualsASCII("text/css");
3950 }
3951 return false;
3952 }
3953
3954 void WarnIgnoredPreload(const mozilla::dom::Document& aDoc, nsIURI& aURI) {
3955 AutoTArray<nsString, 1> params;
3956 {
3957 nsCString uri = nsContentUtils::TruncatedURLForDisplay(&aURI);
3958 AppendUTF8toUTF16(uri, *params.AppendElement());
3959 }
3960 nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, "DOM"_ns, &aDoc,
3961 nsContentUtils::eDOM_PROPERTIES,
3962 "PreloadIgnoredInvalidAttr", params);
3963 }
3964
3965 nsresult HasRootDomain(const nsACString& aInput, const nsACString& aHost,
3966 bool* aResult) {
3967 if (NS_WARN_IF(!aResult)) {
3968 return NS_ERROR_FAILURE;
3969 }
3970
3971 *aResult = false;
3972
3973 // If the strings are the same, we obviously have a match.
3974 if (aInput == aHost) {
3975 *aResult = true;
3976 return NS_OK;
3977 }
3978
3979 // If aHost is not found, we know we do not have it as a root domain.
3980 int32_t index = nsAutoCString(aInput).Find(aHost);
3981 if (index == kNotFound) {
3982 return NS_OK;
3983 }
3984
3985 // Otherwise, we have aHost as our root domain iff the index of aHost is
3986 // aHost.length subtracted from our length and (since we do not have an
3987 // exact match) the character before the index is a dot or slash.
3988 *aResult = index > 0 && (uint32_t)index == aInput.Length() - aHost.Length() &&
3989 (aInput[index - 1] == '.' || aInput[index - 1] == '/');
3990 return NS_OK;
3991 }
3992
3993 void CheckForBrokenChromeURL(nsILoadInfo* aLoadInfo, nsIURI* aURI) {
3994 if (!aURI) {
3995 return;
3996 }
3997 nsAutoCString scheme;
3998 aURI->GetScheme(scheme);
3999 if (!scheme.EqualsLiteral("chrome") && !scheme.EqualsLiteral("resource")) {
4000 return;
4001 }
4002 nsAutoCString host;
4003 aURI->GetHost(host);
4004 // Ignore test hits.
4005 if (host.EqualsLiteral("mochitests") || host.EqualsLiteral("reftest")) {
4006 return;
4007 }
4008
4009 nsAutoCString filePath;
4010 aURI->GetFilePath(filePath);
4011 // Fluent likes checking for files everywhere and expects failure.
4012 if (StringEndsWith(filePath, ".ftl"_ns)) {
4013 return;
4014 }
4015
4016 // Ignore fetches/xhrs, as they are frequently used in a way where
4017 // non-existence is OK (ie with fallbacks). This risks false negatives (ie
4018 // files that *should* be there but aren't) - which we accept for now.
4019 ExtContentPolicy policy = aLoadInfo
4020 ? aLoadInfo->GetExternalContentPolicyType()
4021 : ExtContentPolicy::TYPE_OTHER;
4022 if (policy == ExtContentPolicy::TYPE_FETCH ||
4023 policy == ExtContentPolicy::TYPE_XMLHTTPREQUEST) {
4024 return;
4025 }
4026
4027 if (aLoadInfo) {
4028 bool shouldSkipCheckForBrokenURLOrZeroSized;
4029 MOZ_ALWAYS_SUCCEEDS(aLoadInfo->GetShouldSkipCheckForBrokenURLOrZeroSized(
4030 &shouldSkipCheckForBrokenURLOrZeroSized));
4031 if (shouldSkipCheckForBrokenURLOrZeroSized) {
4032 return;
4033 }
4034 }
4035
4036 nsCString spec;
4037 aURI->GetSpec(spec);
4038
4039 #ifdef ANDROID
4040 // Various toolkit files use this and are shipped on android, but
4041 // info-pages.css and aboutLicense.css are not - bug 1808987
4042 if (StringEndsWith(spec, "info-pages.css"_ns) ||
4043 StringEndsWith(spec, "aboutLicense.css"_ns) ||
4044 // Error page CSS is also missing: bug 1810039
4045 StringEndsWith(spec, "aboutNetError.css"_ns) ||
4046 StringEndsWith(spec, "aboutHttpsOnlyError.css"_ns) ||
4047 StringEndsWith(spec, "error-pages.css"_ns) ||
4048 // popup.css is used in a single mochitest: bug 1810577
4049 StringEndsWith(spec, "/popup.css"_ns) ||
4050 // Used by an extension installation test - bug 1809650
4051 StringBeginsWith(spec, "resource://android/assets/web_extensions/"_ns)) {
4052 return;
4053 }
4054 #endif
4055
4056 // DTD files from gre may not exist when requested by tests.
4057 if (StringBeginsWith(spec, "resource://gre/res/dtd/"_ns)) {
4058 return;
4059 }
4060
4061 // The background task machinery allows the caller to specify a JSM on the
4062 // command line, which is then looked up in both app-specific and toolkit-wide
4063 // locations.
4064 if (spec.Find("backgroundtasks") != kNotFound) {
4065 return;
4066 }
4067
4068 if (xpc::IsInAutomation()) {
4069 #ifdef DEBUG
4070 if (NS_IsMainThread()) {
4071 nsCOMPtr<nsIXPConnect> xpc = nsIXPConnect::XPConnect();
4072 Unused << xpc->DebugDumpJSStack(false, false, false);
4073 }
4074 #endif
4075 MOZ_CRASH_UNSAFE_PRINTF("Missing chrome or resource URLs: %s", spec.get());
4076 } else {
4077 printf_stderr("Missing chrome or resource URL: %s\n", spec.get());
4078 }
4079 }
4080
4081 bool IsCoepCredentiallessEnabled(bool aIsOriginTrialCoepCredentiallessEnabled) {
4082 return StaticPrefs::
4083 browser_tabs_remote_coep_credentialless_DoNotUseDirectly() ||
4084 aIsOriginTrialCoepCredentiallessEnabled;
4085 }
4086
4087 } // namespace net
4088 } // namespace mozilla