netwerk/base/LoadInfo.h

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
   3 /* This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #ifndef mozilla_LoadInfo_h
   8 #define mozilla_LoadInfo_h
   9
  10 #include "nsIContentSecurityPolicy.h"
  11 #include "nsIInterceptionInfo.h"
  12 #include "nsILoadInfo.h"
  13 #include "nsIPrincipal.h"
  14 #include "nsIWeakReferenceUtils.h"  // for nsWeakPtr
  15 #include "nsIURI.h"
  16 #include "nsContentUtils.h"
  17 #include "nsString.h"
  18 #include "nsTArray.h"
  19
  20 #include "mozilla/BasePrincipal.h"
  21 #include "mozilla/dom/ClientInfo.h"
  22 #include "mozilla/dom/ServiceWorkerDescriptor.h"
  23
  24 class nsDocShell;
  25 class nsICookieJarSettings;
  26 class nsINode;
  27 class nsPIDOMWindowOuter;
  28
  29 namespace mozilla {
  30
  31 namespace dom {
  32 class PerformanceStorage;
  33 class XMLHttpRequestMainThread;
  34 class CanonicalBrowsingContext;
  35 class WindowGlobalParent;
  36 }  // namespace dom
  37
  38 namespace net {
  39 class EarlyHintPreloader;
  40 class LoadInfoArgs;
  41 class LoadInfo;
  42 }  // namespace net
  43
  44 namespace ipc {
  45 // we have to forward declare that function so we can use it as a friend.
  46 nsresult LoadInfoArgsToLoadInfo(const mozilla::net::LoadInfoArgs& aLoadInfoArgs,
  47                                 const nsACString& aOriginRemoteType,
  48                                 nsINode* aCspToInheritLoadingContext,
  49                                 net::LoadInfo** outLoadInfo);
  50 }  // namespace ipc
  51
  52 namespace net {
  53
  54 using RedirectHistoryArray = nsTArray<nsCOMPtr<nsIRedirectHistoryEntry>>;
  55
  56 /**
  57  * Class that provides an nsILoadInfo implementation.
  58  */
  59 class LoadInfo final : public nsILoadInfo {
  60   template <typename T, typename... Args>
  61   friend already_AddRefed<T> mozilla::MakeAndAddRef(Args&&... aArgs);
  62
  63  public:
  64   NS_DECL_ISUPPORTS
  65   NS_DECL_NSILOADINFO
  66
  67   // Used for TYPE_DOCUMENT load.
  68   static already_AddRefed<LoadInfo> CreateForDocument(
  69       dom::CanonicalBrowsingContext* aBrowsingContext, nsIURI* aURI,
  70       nsIPrincipal* aTriggeringPrincipal,
  71       const nsACString& aTriggeringRemoteType,
  72       const OriginAttributes& aOriginAttributes, nsSecurityFlags aSecurityFlags,
  73       uint32_t aSandboxFlags);
  74
  75   // Used for TYPE_FRAME or TYPE_IFRAME load.
  76   static already_AddRefed<LoadInfo> CreateForFrame(
  77       dom::CanonicalBrowsingContext* aBrowsingContext,
  78       nsIPrincipal* aTriggeringPrincipal,
  79       const nsACString& aTriggeringRemoteType, nsSecurityFlags aSecurityFlags,
  80       uint32_t aSandboxFlags);
  81
  82   // Use for non-{TYPE_DOCUMENT|TYPE_FRAME|TYPE_IFRAME} load.
  83   static already_AddRefed<LoadInfo> CreateForNonDocument(
  84       dom::WindowGlobalParent* aParentWGP, nsIPrincipal* aTriggeringPrincipal,
  85       nsContentPolicyType aContentPolicyType, nsSecurityFlags aSecurityFlags,
  86       uint32_t aSandboxFlags);
  87
  88   // aLoadingPrincipal MUST NOT BE NULL.
  89   LoadInfo(nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
  90            nsINode* aLoadingContext, nsSecurityFlags aSecurityFlags,
  91            nsContentPolicyType aContentPolicyType,
  92            const Maybe<mozilla::dom::ClientInfo>& aLoadingClientInfo =
  93                Maybe<mozilla::dom::ClientInfo>(),
  94            const Maybe<mozilla::dom::ServiceWorkerDescriptor>& aController =
  95                Maybe<mozilla::dom::ServiceWorkerDescriptor>(),
  96            uint32_t aSandboxFlags = 0,
  97            bool aSkipCheckForBrokenURLOrZeroSized = 0);
  98
  99   // Constructor used for TYPE_DOCUMENT loads which have a different
 100   // loadingContext than other loads. This ContextForTopLevelLoad is
 101   // only used for content policy checks.
 102   LoadInfo(nsPIDOMWindowOuter* aOuterWindow, nsIURI* aURI,
 103            nsIPrincipal* aTriggeringPrincipal,
 104            nsISupports* aContextForTopLevelLoad, nsSecurityFlags aSecurityFlags,
 105            uint32_t aSandboxFlags);
 106
 107  private:
 108   // Use factory function CreateForDocument
 109   // Used for TYPE_DOCUMENT load.
 110   LoadInfo(dom::CanonicalBrowsingContext* aBrowsingContext, nsIURI* aURI,
 111            nsIPrincipal* aTriggeringPrincipal,
 112            const nsACString& aTriggeringRemoteType,
 113            const OriginAttributes& aOriginAttributes,
 114            nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags);
 115
 116   // Use factory function CreateForFrame
 117   // Used for TYPE_FRAME or TYPE_IFRAME load.
 118   LoadInfo(dom::CanonicalBrowsingContext* aBrowsingContext,
 119            nsIPrincipal* aTriggeringPrincipal,
 120            const nsACString& aTriggeringRemoteType,
 121            nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags);
 122
 123   // Used for loads initiated by DocumentLoadListener that are not TYPE_DOCUMENT
 124   // | TYPE_FRAME | TYPE_FRAME.
 125   LoadInfo(dom::WindowGlobalParent* aParentWGP,
 126            nsIPrincipal* aTriggeringPrincipal,
 127            const nsACString& aTriggeringRemoteType,
 128            nsContentPolicyType aContentPolicyType,
 129            nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags);
 130
 131  public:
 132   // Compute a list of ancestor principals and BrowsingContext IDs.
 133   // See methods AncestorPrincipals and AncestorBrowsingContextIDs
 134   // in nsILoadInfo.idl for details.
 135   static void ComputeAncestors(
 136       dom::CanonicalBrowsingContext* aBC,
 137       nsTArray<nsCOMPtr<nsIPrincipal>>& aAncestorPrincipals,
 138       nsTArray<uint64_t>& aBrowsingContextIDs);
 139
 140   // create an exact copy of the loadinfo
 141   already_AddRefed<nsILoadInfo> Clone() const;
 142
 143   // hands off!!! don't use CloneWithNewSecFlags unless you know
 144   // exactly what you are doing - it should only be used within
 145   // nsBaseChannel::Redirect()
 146   already_AddRefed<nsILoadInfo> CloneWithNewSecFlags(
 147       nsSecurityFlags aSecurityFlags) const;
 148   // creates a copy of the loadinfo which is appropriate to use for a
 149   // separate request. I.e. not for a redirect or an inner channel, but
 150   // when a separate request is made with the same security properties.
 151   already_AddRefed<nsILoadInfo> CloneForNewRequest() const;
 152
 153   // The `nsContentPolicyType GetExternalContentPolicyType()` version in the
 154   // base class is hidden by the implementation of
 155   // `GetExternalContentPolicyType(nsContentPolicyType* aResult)` in
 156   // LoadInfo.cpp. Explicit mark it visible.
 157   using nsILoadInfo::GetExternalContentPolicyType;
 158
 159   void SetIsPreflight();
 160   void SetUpgradeInsecureRequests(bool aValue);
 161   void SetBrowserUpgradeInsecureRequests();
 162   void SetBrowserWouldUpgradeInsecureRequests();
 163   void SetIsFromProcessingFrameAttributes();
 164
 165   // Hands off from the cspToInherit functionality!
 166   //
 167   // For navigations, GetCSPToInherit returns what the spec calls the
 168   // "request's client's global object's CSP list", or more precisely
 169   // a snapshot of it taken when the navigation starts.  For navigations
 170   // that need to inherit their CSP, this is the right CSP to use for
 171   // the new document.  We need a way to transfer the CSP from the
 172   // docshell (where the navigation starts) to the point where the new
 173   // document is created and decides whether to inherit its CSP, and
 174   // this is the mechanism we use for that.
 175   //
 176   // For example:
 177   // A document with a CSP triggers a new top-level data: URI load.
 178   // We pass the CSP of the document that triggered the load all the
 179   // way to docshell. Within docshell we call SetCSPToInherit() on the
 180   // loadinfo. Within Document::InitCSP() we check if the newly created
 181   // document needs to inherit the CSP. If so, we call GetCSPToInherit()
 182   // and set the inherited CSP as the CSP for the new document. Please
 183   // note that any additonal Meta CSP in that document will be merged
 184   // into that CSP. Any subresource loads within that document
 185   // subesquently will receive the correct CSP by querying
 186   // loadinfo->GetCsp() from that point on.
 187   void SetCSPToInherit(nsIContentSecurityPolicy* aCspToInherit) {
 188     mCspToInherit = aCspToInherit;
 189   }
 190
 191   bool HasIsThirdPartyContextToTopWindowSet() {
 192     return mIsThirdPartyContextToTopWindow.isSome();
 193   }
 194   void ClearIsThirdPartyContextToTopWindow() {
 195     mIsThirdPartyContextToTopWindow.reset();
 196   }
 197
 198 #ifdef DEBUG
 199   void MarkOverriddenFingerprintingSettingsAsSet() {
 200     mOverriddenFingerprintingSettingsIsSet = true;
 201   }
 202 #endif
 203
 204  private:
 205   // private constructor that is only allowed to be called from within
 206   // HttpChannelParent and FTPChannelParent declared as friends undeneath.
 207   // In e10s we can not serialize nsINode, hence we store the innerWindowID.
 208   // Please note that aRedirectChain uses swapElements.
 209   LoadInfo(
 210       nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
 211       nsIPrincipal* aPrincipalToInherit, nsIPrincipal* aTopLevelPrincipal,
 212       nsIURI* aResultPrincipalURI, nsICookieJarSettings* aCookieJarSettings,
 213       nsIContentSecurityPolicy* aCspToInherit,
 214       const nsACString& aTriggeringRemoteType,
 215       const nsID& aSandboxedNullPrincipalID,
 216       const Maybe<mozilla::dom::ClientInfo>& aClientInfo,
 217       const Maybe<mozilla::dom::ClientInfo>& aReservedClientInfo,
 218       const Maybe<mozilla::dom::ClientInfo>& aInitialClientInfo,
 219       const Maybe<mozilla::dom::ServiceWorkerDescriptor>& aController,
 220       nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags,
 221       uint32_t aTriggeringSandboxFlags, uint64_t aTriggeringWindowId,
 222       bool aTriggeringStorageAccess, nsContentPolicyType aContentPolicyType,
 223       LoadTainting aTainting, bool aBlockAllMixedContent,
 224       bool aUpgradeInsecureRequests, bool aBrowserUpgradeInsecureRequests,
 225       bool aBrowserDidUpgradeInsecureRequests,
 226       bool aBrowserWouldUpgradeInsecureRequests, bool aForceAllowDataURI,
 227       bool aAllowInsecureRedirectToDataURI,
 228       bool aSkipContentPolicyCheckForWebRequest, bool aOriginalFrameSrcLoad,
 229       bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID,
 230       uint64_t aBrowsingContextID, uint64_t aFrameBrowsingContextID,
 231       bool aInitialSecurityCheckDone, bool aIsThirdPartyContext,
 232       const Maybe<bool>& aIsThirdPartyContextToTopWindow,
 233       bool aIsFormSubmission, bool aSendCSPViolationEvents,
 234       const OriginAttributes& aOriginAttributes,
 235       RedirectHistoryArray&& aRedirectChainIncludingInternalRedirects,
 236       RedirectHistoryArray&& aRedirectChain,
 237       nsTArray<nsCOMPtr<nsIPrincipal>>&& aAncestorPrincipals,
 238       const nsTArray<uint64_t>& aAncestorBrowsingContextIDs,
 239       const nsTArray<nsCString>& aCorsUnsafeHeaders, bool aForcePreflight,
 240       bool aIsPreflight, bool aLoadTriggeredFromExternal,
 241       bool aServiceWorkerTaintingSynthesized, bool aDocumentHasUserInteracted,
 242       bool aAllowListFutureDocumentsCreatedFromThisRedirectChain,
 243       bool aNeedForCheckingAntiTrackingHeuristic, const nsAString& aCspNonce,
 244       const nsAString& aIntegrityMetadata, bool aSkipContentSniffing,
 245       uint32_t aHttpsOnlyStatus, bool aHstsStatus,
 246       bool aHasValidUserGestureActivation, bool aAllowDeprecatedSystemRequests,
 247       bool aIsInDevToolsContext, bool aParserCreatedScript,
 248       nsILoadInfo::StoragePermissionState aStoragePermission,
 249       const Maybe<RFPTarget>& aOverriddenFingerprintingSettings,
 250       bool aIsMetaRefresh, uint32_t aRequestBlockingReason,
 251       nsINode* aLoadingContext,
 252       nsILoadInfo::CrossOriginEmbedderPolicy aLoadingEmbedderPolicy,
 253       bool aIsOriginTrialCoepCredentiallessEnabledForTopLevel,
 254       nsIURI* aUnstrippedURI, nsIInterceptionInfo* aInterceptionInfo,
 255       bool aHasInjectedCookieForCookieBannerHandling, bool aWasSchemelessInput);
 256   LoadInfo(const LoadInfo& rhs);
 257
 258   NS_IMETHOD GetRedirects(JSContext* aCx,
 259                           JS::MutableHandle<JS::Value> aRedirects,
 260                           const RedirectHistoryArray& aArra);
 261
 262   friend nsresult mozilla::ipc::LoadInfoArgsToLoadInfo(
 263       const mozilla::net::LoadInfoArgs& aLoadInfoArgs,
 264       const nsACString& aOriginRemoteType, nsINode* aCspToInheritLoadingContext,
 265       net::LoadInfo** outLoadInfo);
 266
 267   ~LoadInfo();
 268
 269   void ComputeIsThirdPartyContext(nsPIDOMWindowOuter* aOuterWindow);
 270   void ComputeIsThirdPartyContext(dom::WindowGlobalParent* aGlobal);
 271
 272   // This function is the *only* function which can change the securityflags
 273   // of a loadinfo. It only exists because of the XHR code. Don't call it
 274   // from anywhere else!
 275   void SetIncludeCookiesSecFlag();
 276   friend class mozilla::dom::XMLHttpRequestMainThread;
 277
 278   // nsDocShell::OpenInitializedChannel and EarlyHintPreloader::OpenChannel
 279   // needs to update the loadInfo with the correct browsingContext.
 280   friend class ::nsDocShell;
 281   friend class mozilla::net::EarlyHintPreloader;
 282   void UpdateBrowsingContextID(uint64_t aBrowsingContextID) {
 283     mBrowsingContextID = aBrowsingContextID;
 284   }
 285   void UpdateFrameBrowsingContextID(uint64_t aFrameBrowsingContextID) {
 286     mFrameBrowsingContextID = aFrameBrowsingContextID;
 287   }
 288   MOZ_NEVER_INLINE void ReleaseMembers();
 289
 290   // if you add a member, please also update the copy constructor and consider
 291   // if it should be merged from parent channel through
 292   // ParentLoadInfoForwarderArgs.
 293   nsCOMPtr<nsIPrincipal> mLoadingPrincipal;
 294   nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
 295   nsCOMPtr<nsIPrincipal> mPrincipalToInherit;
 296   nsCOMPtr<nsIPrincipal> mTopLevelPrincipal;
 297   nsCOMPtr<nsIURI> mResultPrincipalURI;
 298   nsCOMPtr<nsIURI> mChannelCreationOriginalURI;
 299   nsCOMPtr<nsICSPEventListener> mCSPEventListener;
 300   nsCOMPtr<nsICookieJarSettings> mCookieJarSettings;
 301   nsCOMPtr<nsIContentSecurityPolicy> mCspToInherit;
 302   nsCString mTriggeringRemoteType;
 303   nsID mSandboxedNullPrincipalID;
 304
 305   Maybe<mozilla::dom::ClientInfo> mClientInfo;
 306   UniquePtr<mozilla::dom::ClientSource> mReservedClientSource;
 307   Maybe<mozilla::dom::ClientInfo> mReservedClientInfo;
 308   Maybe<mozilla::dom::ClientInfo> mInitialClientInfo;
 309   Maybe<mozilla::dom::ServiceWorkerDescriptor> mController;
 310   RefPtr<mozilla::dom::PerformanceStorage> mPerformanceStorage;
 311
 312   nsWeakPtr mLoadingContext;
 313   nsWeakPtr mContextForTopLevelLoad;
 314   nsSecurityFlags mSecurityFlags;
 315   uint32_t mSandboxFlags;
 316   uint32_t mTriggeringSandboxFlags = 0;
 317   uint64_t mTriggeringWindowId = 0;
 318   bool mTriggeringStorageAccess = false;
 319   nsContentPolicyType mInternalContentPolicyType;
 320   LoadTainting mTainting = LoadTainting::Basic;
 321   bool mBlockAllMixedContent = false;
 322   bool mUpgradeInsecureRequests = false;
 323   bool mBrowserUpgradeInsecureRequests = false;
 324   bool mBrowserDidUpgradeInsecureRequests = false;
 325   bool mBrowserWouldUpgradeInsecureRequests = false;
 326   bool mForceAllowDataURI = false;
 327   bool mAllowInsecureRedirectToDataURI = false;
 328   bool mSkipContentPolicyCheckForWebRequest = false;
 329   bool mOriginalFrameSrcLoad = false;
 330   bool mForceInheritPrincipalDropped = false;
 331   uint64_t mInnerWindowID = 0;
 332   uint64_t mBrowsingContextID = 0;
 333   uint64_t mWorkerAssociatedBrowsingContextID = 0;
 334   uint64_t mFrameBrowsingContextID = 0;
 335   bool mInitialSecurityCheckDone = false;
 336   // NB: TYPE_DOCUMENT implies !third-party.
 337   bool mIsThirdPartyContext = false;
 338   Maybe<bool> mIsThirdPartyContextToTopWindow;
 339   bool mIsFormSubmission = false;
 340   bool mSendCSPViolationEvents = true;
 341   OriginAttributes mOriginAttributes;
 342   RedirectHistoryArray mRedirectChainIncludingInternalRedirects;
 343   RedirectHistoryArray mRedirectChain;
 344   nsTArray<nsCOMPtr<nsIPrincipal>> mAncestorPrincipals;
 345   nsTArray<uint64_t> mAncestorBrowsingContextIDs;
 346   nsTArray<nsCString> mCorsUnsafeHeaders;
 347   uint32_t mRequestBlockingReason = BLOCKING_REASON_NONE;
 348   bool mForcePreflight = false;
 349   bool mIsPreflight = false;
 350   bool mLoadTriggeredFromExternal = false;
 351   bool mServiceWorkerTaintingSynthesized = false;
 352   bool mDocumentHasUserInteracted = false;
 353   bool mAllowListFutureDocumentsCreatedFromThisRedirectChain = false;
 354   bool mNeedForCheckingAntiTrackingHeuristic = false;
 355   nsString mCspNonce;
 356   nsString mIntegrityMetadata;
 357   bool mSkipContentSniffing = false;
 358   uint32_t mHttpsOnlyStatus = nsILoadInfo::HTTPS_ONLY_UNINITIALIZED;
 359   bool mHstsStatus = false;
 360   bool mHasValidUserGestureActivation = false;
 361   bool mAllowDeprecatedSystemRequests = false;
 362   bool mIsUserTriggeredSave = false;
 363   bool mIsInDevToolsContext = false;
 364   bool mParserCreatedScript = false;
 365   nsILoadInfo::StoragePermissionState mStoragePermission =
 366       nsILoadInfo::NoStoragePermission;
 367   Maybe<RFPTarget> mOverriddenFingerprintingSettings;
 368 #ifdef DEBUG
 369   // A boolean used to ensure the mOverriddenFingerprintingSettings is set
 370   // before use it.
 371   bool mOverriddenFingerprintingSettingsIsSet = false;
 372 #endif
 373   bool mIsMetaRefresh = false;
 374
 375   // Is true if this load was triggered by processing the attributes of the
 376   // browsing context container.
 377   // See nsILoadInfo.isFromProcessingFrameAttributes
 378   bool mIsFromProcessingFrameAttributes = false;
 379
 380   // See nsILoadInfo.isMediaRequest and nsILoadInfo.isMediaInitialRequest.
 381   bool mIsMediaRequest = false;
 382   bool mIsMediaInitialRequest = false;
 383
 384   // See nsILoadInfo.isFromObjectOrEmbed
 385   bool mIsFromObjectOrEmbed = false;
 386
 387   bool mSkipCheckForBrokenURLOrZeroSized = false;
 388
 389   // The cross origin embedder policy that the loading need to respect.
 390   // If the value is nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP, CORP checking
 391   // must be performed for the loading.
 392   // See https://wicg.github.io/cross-origin-embedder-policy/#corp-check.
 393   nsILoadInfo::CrossOriginEmbedderPolicy mLoadingEmbedderPolicy =
 394       nsILoadInfo::EMBEDDER_POLICY_NULL;
 395
 396   bool mIsOriginTrialCoepCredentiallessEnabledForTopLevel = false;
 397
 398   nsCOMPtr<nsIURI> mUnstrippedURI;
 399
 400   nsCOMPtr<nsIInterceptionInfo> mInterceptionInfo;
 401
 402   bool mHasInjectedCookieForCookieBannerHandling = false;
 403   bool mWasSchemelessInput = false;
 404 };
 405
 406 // This is exposed solely for testing purposes and should not be used outside of
 407 // LoadInfo
 408 already_AddRefed<nsIPrincipal> CreateTruncatedPrincipal(nsIPrincipal*);
 409
 410 }  // namespace net
 411 }  // namespace mozilla
 412
 413 #endif  // mozilla_LoadInfo_h