search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1845134 - Part 4: Update existing ui-icons to use the latest source from acorn...
[gecko.git] / netwerk / base / nsNetUtil.cpp
blob4e0ddd63ab7ea5a5a0c4a74b96f7ba1d5d4d77ee
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim:set ts=4 sw=2 sts=2 et cin: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 // HttpLog.h should generally be included first
8 #include "DecoderDoctorDiagnostics.h"
9 #include "HttpLog.h"
10
11 #include "nsNetUtil.h"
12
13 #include "mozilla/Atomics.h"
14 #include "mozilla/BasePrincipal.h"
15 #include "mozilla/Components.h"
16 #include "mozilla/Encoding.h"
17 #include "mozilla/LoadContext.h"
18 #include "mozilla/LoadInfo.h"
19 #include "mozilla/Monitor.h"
20 #include "mozilla/StaticPrefs_browser.h"
21 #include "mozilla/StaticPrefs_network.h"
22 #include "mozilla/StaticPrefs_privacy.h"
23 #include "mozilla/StoragePrincipalHelper.h"
24 #include "mozilla/TaskQueue.h"
25 #include "mozilla/Telemetry.h"
26 #include "nsBufferedStreams.h"
27 #include "nsCategoryCache.h"
28 #include "nsComponentManagerUtils.h"
29 #include "nsContentUtils.h"
30 #include "nsEscape.h"
31 #include "nsFileStreams.h"
32 #include "nsHashKeys.h"
33 #include "nsHttp.h"
34 #include "nsMimeTypes.h"
35 #include "nsIAuthPrompt.h"
36 #include "nsIAuthPrompt2.h"
37 #include "nsIAuthPromptAdapterFactory.h"
38 #include "nsIBufferedStreams.h"
39 #include "nsBufferedStreams.h"
40 #include "nsIChannelEventSink.h"
41 #include "nsIContentSniffer.h"
42 #include "mozilla/dom/Document.h"
43 #include "nsIDownloader.h"
44 #include "nsIFileProtocolHandler.h"
45 #include "nsIFileStreams.h"
46 #include "nsIFileURL.h"
47 #include "nsIIDNService.h"
48 #include "nsIInputStreamChannel.h"
49 #include "nsIInputStreamPump.h"
50 #include "nsIInterfaceRequestorUtils.h"
51 #include "nsILoadContext.h"
52 #include "nsIMIMEHeaderParam.h"
53 #include "nsINode.h"
54 #include "nsIObjectLoadingContent.h"
55 #include "nsPersistentProperties.h"
56 #include "nsIPrivateBrowsingChannel.h"
57 #include "nsIPropertyBag2.h"
58 #include "nsIProtocolProxyService.h"
59 #include "mozilla/net/RedirectChannelRegistrar.h"
60 #include "nsRequestObserverProxy.h"
61 #include "nsISensitiveInfoHiddenURI.h"
62 #include "nsISimpleStreamListener.h"
63 #include "nsISocketProvider.h"
64 #include "nsIStandardURL.h"
65 #include "nsIStreamLoader.h"
66 #include "nsIIncrementalStreamLoader.h"
67 #include "nsStringStream.h"
68 #include "nsSyncStreamListener.h"
69 #include "nsITextToSubURI.h"
70 #include "nsIURIWithSpecialOrigin.h"
71 #include "nsIViewSourceChannel.h"
72 #include "nsInterfaceRequestorAgg.h"
73 #include "nsINestedURI.h"
74 #include "mozilla/dom/nsCSPUtils.h"
75 #include "mozilla/dom/nsHTTPSOnlyUtils.h"
76 #include "mozilla/dom/nsMixedContentBlocker.h"
77 #include "mozilla/dom/BlobURLProtocolHandler.h"
78 #include "mozilla/net/HttpBaseChannel.h"
79 #include "nsIScriptError.h"
80 #include "nsISiteSecurityService.h"
81 #include "nsHttpHandler.h"
82 #include "nsNSSComponent.h"
83 #include "nsIRedirectHistoryEntry.h"
84 #include "nsICertStorage.h"
85 #include "nsICertOverrideService.h"
86 #include "nsQueryObject.h"
87 #include "mozIThirdPartyUtil.h"
88 #include "../mime/nsMIMEHeaderParamImpl.h"
89 #include "nsStandardURL.h"
90 #include "DefaultURI.h"
91 #include "nsChromeProtocolHandler.h"
92 #include "nsJSProtocolHandler.h"
93 #include "nsDataHandler.h"
94 #include "mozilla/dom/BlobURLProtocolHandler.h"
95 #include "nsStreamUtils.h"
96 #include "nsSocketTransportService2.h"
97 #include "nsViewSourceHandler.h"
98 #include "nsJARURI.h"
99 #ifndef XP_IOS
100 # include "nsIconURI.h"
101 #endif
102 #include "nsAboutProtocolHandler.h"
103 #include "nsResProtocolHandler.h"
104 #include "mozilla/net/ExtensionProtocolHandler.h"
105 #include "mozilla/net/PageThumbProtocolHandler.h"
106 #include "mozilla/net/SFVService.h"
107 #include <limits>
108 #include "nsIXPConnect.h"
109 #include "nsParserConstants.h"
110 #include "nsCRT.h"
111 #include "nsServiceManagerUtils.h"
112 #include "mozilla/dom/MediaList.h"
113 #include "MediaContainerType.h"
114 #include "DecoderTraits.h"
115 #include "imgLoader.h"
116
117 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
118 # include "nsNewMailnewsURI.h"
119 #endif
120
121 using namespace mozilla;
122 using namespace mozilla::net;
123 using mozilla::dom::BlobURLProtocolHandler;
124 using mozilla::dom::ClientInfo;
125 using mozilla::dom::PerformanceStorage;
126 using mozilla::dom::ServiceWorkerDescriptor;
127
128 #define MAX_RECURSION_COUNT 50
129
130 already_AddRefed<nsIIOService> do_GetIOService(nsresult* error /* = 0 */) {
131 nsCOMPtr<nsIIOService> io = mozilla::components::IO::Service();
132 if (error) *error = io ? NS_OK : NS_ERROR_FAILURE;
133 return io.forget();
134 }
135
136 nsresult NS_NewLocalFileInputStream(nsIInputStream** result, nsIFile* file,
137 int32_t ioFlags /* = -1 */,
138 int32_t perm /* = -1 */,
139 int32_t behaviorFlags /* = 0 */) {
140 nsresult rv;
141 nsCOMPtr<nsIFileInputStream> in =
142 do_CreateInstance(NS_LOCALFILEINPUTSTREAM_CONTRACTID, &rv);
143 if (NS_SUCCEEDED(rv)) {
144 rv = in->Init(file, ioFlags, perm, behaviorFlags);
145 if (NS_SUCCEEDED(rv)) in.forget(result);
146 }
147 return rv;
148 }
149
150 Result<nsCOMPtr<nsIInputStream>, nsresult> NS_NewLocalFileInputStream(
151 nsIFile* file, int32_t ioFlags /* = -1 */, int32_t perm /* = -1 */,
152 int32_t behaviorFlags /* = 0 */) {
153 nsCOMPtr<nsIInputStream> stream;
154 const nsresult rv = NS_NewLocalFileInputStream(getter_AddRefs(stream), file,
155 ioFlags, perm, behaviorFlags);
156 if (NS_SUCCEEDED(rv)) {
157 return stream;
158 }
159 return Err(rv);
160 }
161
162 nsresult NS_NewLocalFileOutputStream(nsIOutputStream** result, nsIFile* file,
163 int32_t ioFlags /* = -1 */,
164 int32_t perm /* = -1 */,
165 int32_t behaviorFlags /* = 0 */) {
166 nsresult rv;
167 nsCOMPtr<nsIFileOutputStream> out =
168 do_CreateInstance(NS_LOCALFILEOUTPUTSTREAM_CONTRACTID, &rv);
169 if (NS_SUCCEEDED(rv)) {
170 rv = out->Init(file, ioFlags, perm, behaviorFlags);
171 if (NS_SUCCEEDED(rv)) out.forget(result);
172 }
173 return rv;
174 }
175
176 Result<nsCOMPtr<nsIOutputStream>, nsresult> NS_NewLocalFileOutputStream(
177 nsIFile* file, int32_t ioFlags /* = -1 */, int32_t perm /* = -1 */,
178 int32_t behaviorFlags /* = 0 */) {
179 nsCOMPtr<nsIOutputStream> stream;
180 const nsresult rv = NS_NewLocalFileOutputStream(getter_AddRefs(stream), file,
181 ioFlags, perm, behaviorFlags);
182 if (NS_SUCCEEDED(rv)) {
183 return stream;
184 }
185 return Err(rv);
186 }
187
188 nsresult NS_NewLocalFileOutputStream(nsIOutputStream** result,
189 const mozilla::ipc::FileDescriptor& fd) {
190 nsCOMPtr<nsIFileOutputStream> out;
191 nsFileOutputStream::Create(NS_GET_IID(nsIFileOutputStream),
192 getter_AddRefs(out));
193
194 nsresult rv =
195 static_cast<nsFileOutputStream*>(out.get())->InitWithFileDescriptor(fd);
196 if (NS_FAILED(rv)) {
197 return rv;
198 }
199
200 out.forget(result);
201 return NS_OK;
202 }
203
204 nsresult net_EnsureIOService(nsIIOService** ios, nsCOMPtr<nsIIOService>& grip) {
205 nsresult rv = NS_OK;
206 if (!*ios) {
207 grip = do_GetIOService(&rv);
208 *ios = grip;
209 }
210 return rv;
211 }
212
213 nsresult NS_NewFileURI(
214 nsIURI** result, nsIFile* spec,
215 nsIIOService*
216 ioService /* = nullptr */) // pass in nsIIOService to optimize callers
217 {
218 nsresult rv;
219 nsCOMPtr<nsIIOService> grip;
220 rv = net_EnsureIOService(&ioService, grip);
221 if (ioService) rv = ioService->NewFileURI(spec, result);
222 return rv;
223 }
224
225 nsresult NS_GetURIWithNewRef(nsIURI* aInput, const nsACString& aRef,
226 nsIURI** aOutput) {
227 MOZ_DIAGNOSTIC_ASSERT(aRef.IsEmpty() || aRef[0] == '#');
228
229 if (NS_WARN_IF(!aInput || !aOutput)) {
230 return NS_ERROR_INVALID_ARG;
231 }
232
233 bool hasRef;
234 nsresult rv = aInput->GetHasRef(&hasRef);
235
236 nsAutoCString ref;
237 if (NS_SUCCEEDED(rv)) {
238 rv = aInput->GetRef(ref);
239 }
240
241 // If the ref is already equal to the new ref, we do not need to do anything.
242 // Also, if the GetRef failed (it could return NS_ERROR_NOT_IMPLEMENTED)
243 // we can assume SetRef would fail as well, so returning the original
244 // URI is OK.
245 //
246 // Note that aRef contains the hash, but ref doesn't, so need to account for
247 // that in the equality check.
248 if (NS_FAILED(rv) || (!hasRef && aRef.IsEmpty()) ||
249 (!aRef.IsEmpty() && hasRef &&
250 Substring(aRef.Data() + 1, aRef.Length() - 1) == ref)) {
251 nsCOMPtr<nsIURI> uri = aInput;
252 uri.forget(aOutput);
253 return NS_OK;
254 }
255
256 return NS_MutateURI(aInput).SetRef(aRef).Finalize(aOutput);
257 }
258
259 nsresult NS_GetURIWithoutRef(nsIURI* aInput, nsIURI** aOutput) {
260 return NS_GetURIWithNewRef(aInput, ""_ns, aOutput);
261 }
262
263 nsresult NS_NewChannelInternal(
264 nsIChannel** outChannel, nsIURI* aUri, nsILoadInfo* aLoadInfo,
265 PerformanceStorage* aPerformanceStorage /* = nullptr */,
266 nsILoadGroup* aLoadGroup /* = nullptr */,
267 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
268 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
269 nsIIOService* aIoService /* = nullptr */) {
270 // NS_NewChannelInternal is mostly called for channel redirects. We should
271 // allow the creation of a channel even if the original channel did not have a
272 // loadinfo attached.
273 NS_ENSURE_ARG_POINTER(outChannel);
274
275 nsCOMPtr<nsIIOService> grip;
276 nsresult rv = net_EnsureIOService(&aIoService, grip);
277 NS_ENSURE_SUCCESS(rv, rv);
278
279 nsCOMPtr<nsIChannel> channel;
280 rv = aIoService->NewChannelFromURIWithLoadInfo(aUri, aLoadInfo,
281 getter_AddRefs(channel));
282 NS_ENSURE_SUCCESS(rv, rv);
283
284 if (aLoadGroup) {
285 rv = channel->SetLoadGroup(aLoadGroup);
286 NS_ENSURE_SUCCESS(rv, rv);
287 }
288
289 if (aCallbacks) {
290 rv = channel->SetNotificationCallbacks(aCallbacks);
291 NS_ENSURE_SUCCESS(rv, rv);
292 }
293
294 #ifdef DEBUG
295 nsLoadFlags channelLoadFlags = 0;
296 channel->GetLoadFlags(&channelLoadFlags);
297 // Will be removed when we remove LOAD_REPLACE altogether
298 // This check is trying to catch protocol handlers that still
299 // try to set the LOAD_REPLACE flag.
300 MOZ_DIAGNOSTIC_ASSERT(!(channelLoadFlags & nsIChannel::LOAD_REPLACE));
301 #endif
302
303 if (aLoadFlags != nsIRequest::LOAD_NORMAL) {
304 rv = channel->SetLoadFlags(aLoadFlags);
305 NS_ENSURE_SUCCESS(rv, rv);
306 }
307
308 if (aPerformanceStorage) {
309 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
310 loadInfo->SetPerformanceStorage(aPerformanceStorage);
311 }
312
313 channel.forget(outChannel);
314 return NS_OK;
315 }
316
317 namespace {
318
319 void AssertLoadingPrincipalAndClientInfoMatch(
320 nsIPrincipal* aLoadingPrincipal, const ClientInfo& aLoadingClientInfo,
321 nsContentPolicyType aType) {
322 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
323 // Verify that the provided loading ClientInfo matches the loading
324 // principal. Unfortunately we can't just use nsIPrincipal::Equals() here
325 // because of some corner cases:
326 //
327 // 1. Worker debugger scripts want to use a system loading principal for
328 // worker scripts with a content principal. We exempt these from this
329 // check.
330 // 2. Null principals currently require exact object identity for
331 // nsIPrincipal::Equals() to return true. This doesn't work here because
332 // ClientInfo::GetPrincipal() uses PrincipalInfoToPrincipal() to allocate
333 // a new object. To work around this we compare the principal origin
334 // string itself. If bug 1431771 is fixed then we could switch to
335 // Equals().
336
337 // Allow worker debugger to load with a system principal.
338 if (aLoadingPrincipal->IsSystemPrincipal() &&
339 (aType == nsIContentPolicy::TYPE_INTERNAL_WORKER ||
340 aType == nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER ||
341 aType == nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER ||
342 aType == nsIContentPolicy::TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS ||
343 aType == nsIContentPolicy::TYPE_INTERNAL_WORKER_STATIC_MODULE)) {
344 return;
345 }
346
347 // Perform a fast comparison for most principal checks.
348 auto clientPrincipalOrErr(aLoadingClientInfo.GetPrincipal());
349 if (clientPrincipalOrErr.isOk()) {
350 nsCOMPtr<nsIPrincipal> clientPrincipal = clientPrincipalOrErr.unwrap();
351 if (aLoadingPrincipal->Equals(clientPrincipal)) {
352 return;
353 }
354 // Fall back to a slower origin equality test to support null principals.
355 nsAutoCString loadingOriginNoSuffix;
356 MOZ_ALWAYS_SUCCEEDS(
357 aLoadingPrincipal->GetOriginNoSuffix(loadingOriginNoSuffix));
358
359 nsAutoCString clientOriginNoSuffix;
360 MOZ_ALWAYS_SUCCEEDS(
361 clientPrincipal->GetOriginNoSuffix(clientOriginNoSuffix));
362
363 // The client principal will have the partitionKey set if it's in a third
364 // party context, but the loading principal won't. So, we ignore he
365 // partitionKey when doing the verification here.
366 MOZ_DIAGNOSTIC_ASSERT(loadingOriginNoSuffix == clientOriginNoSuffix);
367 MOZ_DIAGNOSTIC_ASSERT(
368 aLoadingPrincipal->OriginAttributesRef().EqualsIgnoringPartitionKey(
369 clientPrincipal->OriginAttributesRef()));
370 }
371 #endif
372 }
373
374 } // namespace
375
376 nsresult NS_NewChannel(nsIChannel** outChannel, nsIURI* aUri,
377 nsIPrincipal* aLoadingPrincipal,
378 nsSecurityFlags aSecurityFlags,
379 nsContentPolicyType aContentPolicyType,
380 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
381 PerformanceStorage* aPerformanceStorage /* = nullptr */,
382 nsILoadGroup* aLoadGroup /* = nullptr */,
383 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
384 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
385 nsIIOService* aIoService /* = nullptr */,
386 uint32_t aSandboxFlags /* = 0 */,
387 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
388 return NS_NewChannelInternal(
389 outChannel, aUri,
390 nullptr, // aLoadingNode,
391 aLoadingPrincipal,
392 nullptr, // aTriggeringPrincipal
393 Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
394 aContentPolicyType, aCookieJarSettings, aPerformanceStorage, aLoadGroup,
395 aCallbacks, aLoadFlags, aIoService, aSandboxFlags,
396 aSkipCheckForBrokenURLOrZeroSized);
397 }
398
399 nsresult NS_NewChannel(nsIChannel** outChannel, nsIURI* aUri,
400 nsIPrincipal* aLoadingPrincipal,
401 const ClientInfo& aLoadingClientInfo,
402 const Maybe<ServiceWorkerDescriptor>& aController,
403 nsSecurityFlags aSecurityFlags,
404 nsContentPolicyType aContentPolicyType,
405 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
406 PerformanceStorage* aPerformanceStorage /* = nullptr */,
407 nsILoadGroup* aLoadGroup /* = nullptr */,
408 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
409 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
410 nsIIOService* aIoService /* = nullptr */,
411 uint32_t aSandboxFlags /* = 0 */,
412 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
413 AssertLoadingPrincipalAndClientInfoMatch(
414 aLoadingPrincipal, aLoadingClientInfo, aContentPolicyType);
415
416 Maybe<ClientInfo> loadingClientInfo;
417 loadingClientInfo.emplace(aLoadingClientInfo);
418
419 return NS_NewChannelInternal(
420 outChannel, aUri,
421 nullptr, // aLoadingNode,
422 aLoadingPrincipal,
423 nullptr, // aTriggeringPrincipal
424 loadingClientInfo, aController, aSecurityFlags, aContentPolicyType,
425 aCookieJarSettings, aPerformanceStorage, aLoadGroup, aCallbacks,
426 aLoadFlags, aIoService, aSandboxFlags, aSkipCheckForBrokenURLOrZeroSized);
427 }
428
429 nsresult NS_NewChannelInternal(
430 nsIChannel** outChannel, nsIURI* aUri, nsINode* aLoadingNode,
431 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
432 const Maybe<ClientInfo>& aLoadingClientInfo,
433 const Maybe<ServiceWorkerDescriptor>& aController,
434 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
435 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
436 PerformanceStorage* aPerformanceStorage /* = nullptr */,
437 nsILoadGroup* aLoadGroup /* = nullptr */,
438 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
439 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
440 nsIIOService* aIoService /* = nullptr */, uint32_t aSandboxFlags /* = 0 */,
441 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
442 NS_ENSURE_ARG_POINTER(outChannel);
443
444 nsCOMPtr<nsIIOService> grip;
445 nsresult rv = net_EnsureIOService(&aIoService, grip);
446 NS_ENSURE_SUCCESS(rv, rv);
447
448 nsCOMPtr<nsIChannel> channel;
449 rv = aIoService->NewChannelFromURIWithClientAndController(
450 aUri, aLoadingNode, aLoadingPrincipal, aTriggeringPrincipal,
451 aLoadingClientInfo, aController, aSecurityFlags, aContentPolicyType,
452 aSandboxFlags, aSkipCheckForBrokenURLOrZeroSized,
453 getter_AddRefs(channel));
454 if (NS_FAILED(rv)) {
455 return rv;
456 }
457
458 if (aLoadGroup) {
459 rv = channel->SetLoadGroup(aLoadGroup);
460 NS_ENSURE_SUCCESS(rv, rv);
461 }
462
463 if (aCallbacks) {
464 rv = channel->SetNotificationCallbacks(aCallbacks);
465 NS_ENSURE_SUCCESS(rv, rv);
466 }
467
468 #ifdef DEBUG
469 nsLoadFlags channelLoadFlags = 0;
470 channel->GetLoadFlags(&channelLoadFlags);
471 // Will be removed when we remove LOAD_REPLACE altogether
472 // This check is trying to catch protocol handlers that still
473 // try to set the LOAD_REPLACE flag.
474 MOZ_DIAGNOSTIC_ASSERT(!(channelLoadFlags & nsIChannel::LOAD_REPLACE));
475 #endif
476
477 if (aLoadFlags != nsIRequest::LOAD_NORMAL) {
478 rv = channel->SetLoadFlags(aLoadFlags);
479 NS_ENSURE_SUCCESS(rv, rv);
480 }
481
482 if (aPerformanceStorage || aCookieJarSettings) {
483 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
484
485 if (aPerformanceStorage) {
486 loadInfo->SetPerformanceStorage(aPerformanceStorage);
487 }
488
489 if (aCookieJarSettings) {
490 loadInfo->SetCookieJarSettings(aCookieJarSettings);
491 }
492 }
493
494 channel.forget(outChannel);
495 return NS_OK;
496 }
497
498 nsresult /*NS_NewChannelWithNodeAndTriggeringPrincipal */
499 NS_NewChannelWithTriggeringPrincipal(
500 nsIChannel** outChannel, nsIURI* aUri, nsINode* aLoadingNode,
501 nsIPrincipal* aTriggeringPrincipal, nsSecurityFlags aSecurityFlags,
502 nsContentPolicyType aContentPolicyType,
503 PerformanceStorage* aPerformanceStorage /* = nullptr */,
504 nsILoadGroup* aLoadGroup /* = nullptr */,
505 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
506 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
507 nsIIOService* aIoService /* = nullptr */) {
508 MOZ_ASSERT(aLoadingNode);
509 NS_ASSERTION(aTriggeringPrincipal,
510 "Can not create channel without a triggering Principal!");
511 return NS_NewChannelInternal(
512 outChannel, aUri, aLoadingNode, aLoadingNode->NodePrincipal(),
513 aTriggeringPrincipal, Maybe<ClientInfo>(),
514 Maybe<ServiceWorkerDescriptor>(), aSecurityFlags, aContentPolicyType,
515 aLoadingNode->OwnerDoc()->CookieJarSettings(), aPerformanceStorage,
516 aLoadGroup, aCallbacks, aLoadFlags, aIoService);
517 }
518
519 // See NS_NewChannelInternal for usage and argument description
520 nsresult NS_NewChannelWithTriggeringPrincipal(
521 nsIChannel** outChannel, nsIURI* aUri, nsIPrincipal* aLoadingPrincipal,
522 nsIPrincipal* aTriggeringPrincipal, nsSecurityFlags aSecurityFlags,
523 nsContentPolicyType aContentPolicyType,
524 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
525 PerformanceStorage* aPerformanceStorage /* = nullptr */,
526 nsILoadGroup* aLoadGroup /* = nullptr */,
527 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
528 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
529 nsIIOService* aIoService /* = nullptr */) {
530 NS_ASSERTION(aLoadingPrincipal,
531 "Can not create channel without a loading Principal!");
532 return NS_NewChannelInternal(
533 outChannel, aUri,
534 nullptr, // aLoadingNode
535 aLoadingPrincipal, aTriggeringPrincipal, Maybe<ClientInfo>(),
536 Maybe<ServiceWorkerDescriptor>(), aSecurityFlags, aContentPolicyType,
537 aCookieJarSettings, aPerformanceStorage, aLoadGroup, aCallbacks,
538 aLoadFlags, aIoService);
539 }
540
541 // See NS_NewChannelInternal for usage and argument description
542 nsresult NS_NewChannelWithTriggeringPrincipal(
543 nsIChannel** outChannel, nsIURI* aUri, nsIPrincipal* aLoadingPrincipal,
544 nsIPrincipal* aTriggeringPrincipal, const ClientInfo& aLoadingClientInfo,
545 const Maybe<ServiceWorkerDescriptor>& aController,
546 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
547 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
548 PerformanceStorage* aPerformanceStorage /* = nullptr */,
549 nsILoadGroup* aLoadGroup /* = nullptr */,
550 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
551 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
552 nsIIOService* aIoService /* = nullptr */) {
553 AssertLoadingPrincipalAndClientInfoMatch(
554 aLoadingPrincipal, aLoadingClientInfo, aContentPolicyType);
555
556 Maybe<ClientInfo> loadingClientInfo;
557 loadingClientInfo.emplace(aLoadingClientInfo);
558
559 return NS_NewChannelInternal(
560 outChannel, aUri,
561 nullptr, // aLoadingNode
562 aLoadingPrincipal, aTriggeringPrincipal, loadingClientInfo, aController,
563 aSecurityFlags, aContentPolicyType, aCookieJarSettings,
564 aPerformanceStorage, aLoadGroup, aCallbacks, aLoadFlags, aIoService);
565 }
566
567 nsresult NS_NewChannel(nsIChannel** outChannel, nsIURI* aUri,
568 nsINode* aLoadingNode, nsSecurityFlags aSecurityFlags,
569 nsContentPolicyType aContentPolicyType,
570 PerformanceStorage* aPerformanceStorage /* = nullptr */,
571 nsILoadGroup* aLoadGroup /* = nullptr */,
572 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
573 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
574 nsIIOService* aIoService /* = nullptr */,
575 uint32_t aSandboxFlags /* = 0 */,
576 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
577 NS_ASSERTION(aLoadingNode, "Can not create channel without a loading Node!");
578 return NS_NewChannelInternal(
579 outChannel, aUri, aLoadingNode, aLoadingNode->NodePrincipal(),
580 nullptr, // aTriggeringPrincipal
581 Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
582 aContentPolicyType, aLoadingNode->OwnerDoc()->CookieJarSettings(),
583 aPerformanceStorage, aLoadGroup, aCallbacks, aLoadFlags, aIoService,
584 aSandboxFlags, aSkipCheckForBrokenURLOrZeroSized);
585 }
586
587 nsresult NS_GetIsDocumentChannel(nsIChannel* aChannel, bool* aIsDocument) {
588 // Check if this channel is going to be used to create a document. If it has
589 // LOAD_DOCUMENT_URI set it is trivially creating a document. If
590 // LOAD_HTML_OBJECT_DATA is set it may or may not be used to create a
591 // document, depending on its MIME type.
592
593 if (!aChannel || !aIsDocument) {
594 return NS_ERROR_NULL_POINTER;
595 }
596 *aIsDocument = false;
597 nsLoadFlags loadFlags;
598 nsresult rv = aChannel->GetLoadFlags(&loadFlags);
599 if (NS_FAILED(rv)) {
600 return rv;
601 }
602 if (loadFlags & nsIChannel::LOAD_DOCUMENT_URI) {
603 *aIsDocument = true;
604 return NS_OK;
605 }
606 if (!(loadFlags & nsIRequest::LOAD_HTML_OBJECT_DATA)) {
607 *aIsDocument = false;
608 return NS_OK;
609 }
610 nsAutoCString mimeType;
611 rv = aChannel->GetContentType(mimeType);
612 if (NS_FAILED(rv)) {
613 return rv;
614 }
615 if (nsContentUtils::HtmlObjectContentTypeForMIMEType(mimeType) ==
616 nsIObjectLoadingContent::TYPE_DOCUMENT) {
617 *aIsDocument = true;
618 return NS_OK;
619 }
620 *aIsDocument = false;
621 return NS_OK;
622 }
623
624 nsresult NS_MakeAbsoluteURI(nsACString& result, const nsACString& spec,
625 nsIURI* baseURI) {
626 nsresult rv;
627 if (!baseURI) {
628 NS_WARNING("It doesn't make sense to not supply a base URI");
629 result = spec;
630 rv = NS_OK;
631 } else if (spec.IsEmpty()) {
632 rv = baseURI->GetSpec(result);
633 } else {
634 rv = baseURI->Resolve(spec, result);
635 }
636 return rv;
637 }
638
639 nsresult NS_MakeAbsoluteURI(char** result, const char* spec, nsIURI* baseURI) {
640 nsresult rv;
641 nsAutoCString resultBuf;
642 rv = NS_MakeAbsoluteURI(resultBuf, nsDependentCString(spec), baseURI);
643 if (NS_SUCCEEDED(rv)) {
644 *result = ToNewCString(resultBuf, mozilla::fallible);
645 if (!*result) rv = NS_ERROR_OUT_OF_MEMORY;
646 }
647 return rv;
648 }
649
650 nsresult NS_MakeAbsoluteURI(nsAString& result, const nsAString& spec,
651 nsIURI* baseURI) {
652 nsresult rv;
653 if (!baseURI) {
654 NS_WARNING("It doesn't make sense to not supply a base URI");
655 result = spec;
656 rv = NS_OK;
657 } else {
658 nsAutoCString resultBuf;
659 if (spec.IsEmpty()) {
660 rv = baseURI->GetSpec(resultBuf);
661 } else {
662 rv = baseURI->Resolve(NS_ConvertUTF16toUTF8(spec), resultBuf);
663 }
664 if (NS_SUCCEEDED(rv)) CopyUTF8toUTF16(resultBuf, result);
665 }
666 return rv;
667 }
668
669 int32_t NS_GetDefaultPort(const char* scheme,
670 nsIIOService* ioService /* = nullptr */) {
671 nsresult rv;
672
673 // Getting the default port through the protocol handler previously had a lot
674 // of XPCOM overhead involved. We optimize the protocols that matter for Web
675 // pages (HTTP and HTTPS) by hardcoding their default ports here.
676 //
677 // XXX: This might not be necessary for performance anymore.
678 if (strncmp(scheme, "http", 4) == 0) {
679 if (scheme[4] == 's' && scheme[5] == '\0') {
680 return 443;
681 }
682 if (scheme[4] == '\0') {
683 return 80;
684 }
685 }
686
687 nsCOMPtr<nsIIOService> grip;
688 net_EnsureIOService(&ioService, grip);
689 if (!ioService) return -1;
690
691 int32_t port;
692 rv = ioService->GetDefaultPort(scheme, &port);
693 return NS_SUCCEEDED(rv) ? port : -1;
694 }
695
696 int32_t NS_GetRealPort(nsIURI* aURI) {
697 int32_t port;
698 nsresult rv = aURI->GetPort(&port);
699 if (NS_FAILED(rv)) return -1;
700
701 if (port != -1) return port; // explicitly specified
702
703 // Otherwise, we have to get the default port from the protocol handler
704
705 // Need the scheme first
706 nsAutoCString scheme;
707 rv = aURI->GetScheme(scheme);
708 if (NS_FAILED(rv)) return -1;
709
710 return NS_GetDefaultPort(scheme.get());
711 }
712
713 nsresult NS_DomainToASCII(const nsACString& aHost, nsACString& aASCII) {
714 return nsStandardURL::GetIDNService()->ConvertUTF8toACE(aHost, aASCII);
715 }
716
717 nsresult NS_DomainToDisplay(const nsACString& aHost, nsACString& aDisplay) {
718 bool ignored;
719 return nsStandardURL::GetIDNService()->ConvertToDisplayIDN(aHost, &ignored,
720 aDisplay);
721 }
722
723 nsresult NS_DomainToUnicode(const nsACString& aHost, nsACString& aUnicode) {
724 return nsStandardURL::GetIDNService()->ConvertACEtoUTF8(aHost, aUnicode);
725 }
726
727 nsresult NS_NewInputStreamChannelInternal(
728 nsIChannel** outChannel, nsIURI* aUri,
729 already_AddRefed<nsIInputStream> aStream, const nsACString& aContentType,
730 const nsACString& aContentCharset, nsILoadInfo* aLoadInfo) {
731 nsresult rv;
732 nsCOMPtr<nsIInputStreamChannel> isc =
733 do_CreateInstance(NS_INPUTSTREAMCHANNEL_CONTRACTID, &rv);
734 NS_ENSURE_SUCCESS(rv, rv);
735 rv = isc->SetURI(aUri);
736 NS_ENSURE_SUCCESS(rv, rv);
737
738 nsCOMPtr<nsIInputStream> stream = std::move(aStream);
739 rv = isc->SetContentStream(stream);
740 NS_ENSURE_SUCCESS(rv, rv);
741
742 nsCOMPtr<nsIChannel> channel = do_QueryInterface(isc, &rv);
743 NS_ENSURE_SUCCESS(rv, rv);
744
745 if (!aContentType.IsEmpty()) {
746 rv = channel->SetContentType(aContentType);
747 NS_ENSURE_SUCCESS(rv, rv);
748 }
749
750 if (!aContentCharset.IsEmpty()) {
751 rv = channel->SetContentCharset(aContentCharset);
752 NS_ENSURE_SUCCESS(rv, rv);
753 }
754
755 MOZ_ASSERT(aLoadInfo, "need a loadinfo to create a inputstreamchannel");
756 channel->SetLoadInfo(aLoadInfo);
757
758 // If we're sandboxed, make sure to clear any owner the channel
759 // might already have.
760 if (aLoadInfo && aLoadInfo->GetLoadingSandboxed()) {
761 channel->SetOwner(nullptr);
762 }
763
764 channel.forget(outChannel);
765 return NS_OK;
766 }
767
768 nsresult NS_NewInputStreamChannelInternal(
769 nsIChannel** outChannel, nsIURI* aUri,
770 already_AddRefed<nsIInputStream> aStream, const nsACString& aContentType,
771 const nsACString& aContentCharset, nsINode* aLoadingNode,
772 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
773 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType) {
774 nsCOMPtr<nsILoadInfo> loadInfo = new mozilla::net::LoadInfo(
775 aLoadingPrincipal, aTriggeringPrincipal, aLoadingNode, aSecurityFlags,
776 aContentPolicyType);
777 if (!loadInfo) {
778 return NS_ERROR_UNEXPECTED;
779 }
780
781 nsCOMPtr<nsIInputStream> stream = std::move(aStream);
782
783 return NS_NewInputStreamChannelInternal(outChannel, aUri, stream.forget(),
784 aContentType, aContentCharset,
785 loadInfo);
786 }
787
788 nsresult NS_NewInputStreamChannel(
789 nsIChannel** outChannel, nsIURI* aUri,
790 already_AddRefed<nsIInputStream> aStream, nsIPrincipal* aLoadingPrincipal,
791 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
792 const nsACString& aContentType /* = ""_ns */,
793 const nsACString& aContentCharset /* = ""_ns */) {
794 nsCOMPtr<nsIInputStream> stream = aStream;
795 return NS_NewInputStreamChannelInternal(outChannel, aUri, stream.forget(),
796 aContentType, aContentCharset,
797 nullptr, // aLoadingNode
798 aLoadingPrincipal,
799 nullptr, // aTriggeringPrincipal
800 aSecurityFlags, aContentPolicyType);
801 }
802
803 nsresult NS_NewInputStreamChannelInternal(nsIChannel** outChannel, nsIURI* aUri,
804 const nsAString& aData,
805 const nsACString& aContentType,
806 nsILoadInfo* aLoadInfo,
807 bool aIsSrcdocChannel /* = false */) {
808 nsresult rv;
809 nsCOMPtr<nsIStringInputStream> stream;
810 stream = do_CreateInstance(NS_STRINGINPUTSTREAM_CONTRACTID, &rv);
811 NS_ENSURE_SUCCESS(rv, rv);
812
813 uint32_t len;
814 char* utf8Bytes = ToNewUTF8String(aData, &len);
815 rv = stream->AdoptData(utf8Bytes, len);
816
817 nsCOMPtr<nsIChannel> channel;
818 rv = NS_NewInputStreamChannelInternal(getter_AddRefs(channel), aUri,
819 stream.forget(), aContentType,
820 "UTF-8"_ns, aLoadInfo);
821
822 NS_ENSURE_SUCCESS(rv, rv);
823
824 if (aIsSrcdocChannel) {
825 nsCOMPtr<nsIInputStreamChannel> inStrmChan = do_QueryInterface(channel);
826 NS_ENSURE_TRUE(inStrmChan, NS_ERROR_FAILURE);
827 inStrmChan->SetSrcdocData(aData);
828 }
829 channel.forget(outChannel);
830 return NS_OK;
831 }
832
833 nsresult NS_NewInputStreamChannelInternal(
834 nsIChannel** outChannel, nsIURI* aUri, const nsAString& aData,
835 const nsACString& aContentType, nsINode* aLoadingNode,
836 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
837 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
838 bool aIsSrcdocChannel /* = false */) {
839 nsCOMPtr<nsILoadInfo> loadInfo = new mozilla::net::LoadInfo(
840 aLoadingPrincipal, aTriggeringPrincipal, aLoadingNode, aSecurityFlags,
841 aContentPolicyType);
842 return NS_NewInputStreamChannelInternal(outChannel, aUri, aData, aContentType,
843 loadInfo, aIsSrcdocChannel);
844 }
845
846 nsresult NS_NewInputStreamChannel(nsIChannel** outChannel, nsIURI* aUri,
847 const nsAString& aData,
848 const nsACString& aContentType,
849 nsIPrincipal* aLoadingPrincipal,
850 nsSecurityFlags aSecurityFlags,
851 nsContentPolicyType aContentPolicyType,
852 bool aIsSrcdocChannel /* = false */) {
853 return NS_NewInputStreamChannelInternal(outChannel, aUri, aData, aContentType,
854 nullptr, // aLoadingNode
855 aLoadingPrincipal,
856 nullptr, // aTriggeringPrincipal
857 aSecurityFlags, aContentPolicyType,
858 aIsSrcdocChannel);
859 }
860
861 nsresult NS_NewInputStreamPump(
862 nsIInputStreamPump** aResult, already_AddRefed<nsIInputStream> aStream,
863 uint32_t aSegsize /* = 0 */, uint32_t aSegcount /* = 0 */,
864 bool aCloseWhenDone /* = false */,
865 nsISerialEventTarget* aMainThreadTarget /* = nullptr */) {
866 nsCOMPtr<nsIInputStream> stream = std::move(aStream);
867
868 nsresult rv;
869 nsCOMPtr<nsIInputStreamPump> pump =
870 do_CreateInstance(NS_INPUTSTREAMPUMP_CONTRACTID, &rv);
871 if (NS_SUCCEEDED(rv)) {
872 rv = pump->Init(stream, aSegsize, aSegcount, aCloseWhenDone,
873 aMainThreadTarget);
874 if (NS_SUCCEEDED(rv)) {
875 *aResult = nullptr;
876 pump.swap(*aResult);
877 }
878 }
879 return rv;
880 }
881
882 nsresult NS_NewLoadGroup(nsILoadGroup** result, nsIRequestObserver* obs) {
883 nsresult rv;
884 nsCOMPtr<nsILoadGroup> group =
885 do_CreateInstance(NS_LOADGROUP_CONTRACTID, &rv);
886 if (NS_SUCCEEDED(rv)) {
887 rv = group->SetGroupObserver(obs);
888 if (NS_SUCCEEDED(rv)) {
889 *result = nullptr;
890 group.swap(*result);
891 }
892 }
893 return rv;
894 }
895
896 bool NS_IsReasonableHTTPHeaderValue(const nsACString& aValue) {
897 return mozilla::net::nsHttp::IsReasonableHeaderValue(aValue);
898 }
899
900 bool NS_IsValidHTTPToken(const nsACString& aToken) {
901 return mozilla::net::nsHttp::IsValidToken(aToken);
902 }
903
904 void NS_TrimHTTPWhitespace(const nsACString& aSource, nsACString& aDest) {
905 mozilla::net::nsHttp::TrimHTTPWhitespace(aSource, aDest);
906 }
907
908 nsresult NS_NewLoadGroup(nsILoadGroup** aResult, nsIPrincipal* aPrincipal) {
909 using mozilla::LoadContext;
910 nsresult rv;
911
912 nsCOMPtr<nsILoadGroup> group =
913 do_CreateInstance(NS_LOADGROUP_CONTRACTID, &rv);
914 NS_ENSURE_SUCCESS(rv, rv);
915
916 RefPtr<LoadContext> loadContext = new LoadContext(aPrincipal);
917 rv = group->SetNotificationCallbacks(loadContext);
918 NS_ENSURE_SUCCESS(rv, rv);
919
920 group.forget(aResult);
921 return rv;
922 }
923
924 bool NS_LoadGroupMatchesPrincipal(nsILoadGroup* aLoadGroup,
925 nsIPrincipal* aPrincipal) {
926 if (!aPrincipal) {
927 return false;
928 }
929
930 // If this is a null principal then the load group doesn't really matter.
931 // The principal will not be allowed to perform any actions that actually
932 // use the load group. Unconditionally treat null principals as a match.
933 if (aPrincipal->GetIsNullPrincipal()) {
934 return true;
935 }
936
937 if (!aLoadGroup) {
938 return false;
939 }
940
941 nsCOMPtr<nsILoadContext> loadContext;
942 NS_QueryNotificationCallbacks(nullptr, aLoadGroup, NS_GET_IID(nsILoadContext),
943 getter_AddRefs(loadContext));
944 NS_ENSURE_TRUE(loadContext, false);
945
946 return true;
947 }
948
949 nsresult NS_NewDownloader(nsIStreamListener** result,
950 nsIDownloadObserver* observer,
951 nsIFile* downloadLocation /* = nullptr */) {
952 nsresult rv;
953 nsCOMPtr<nsIDownloader> downloader =
954 do_CreateInstance(NS_DOWNLOADER_CONTRACTID, &rv);
955 if (NS_SUCCEEDED(rv)) {
956 rv = downloader->Init(observer, downloadLocation);
957 if (NS_SUCCEEDED(rv)) {
958 downloader.forget(result);
959 }
960 }
961 return rv;
962 }
963
964 nsresult NS_NewIncrementalStreamLoader(
965 nsIIncrementalStreamLoader** result,
966 nsIIncrementalStreamLoaderObserver* observer) {
967 nsresult rv;
968 nsCOMPtr<nsIIncrementalStreamLoader> loader =
969 do_CreateInstance(NS_INCREMENTALSTREAMLOADER_CONTRACTID, &rv);
970 if (NS_SUCCEEDED(rv)) {
971 rv = loader->Init(observer);
972 if (NS_SUCCEEDED(rv)) {
973 *result = nullptr;
974 loader.swap(*result);
975 }
976 }
977 return rv;
978 }
979
980 nsresult NS_NewStreamLoader(
981 nsIStreamLoader** result, nsIStreamLoaderObserver* observer,
982 nsIRequestObserver* requestObserver /* = nullptr */) {
983 nsresult rv;
984 nsCOMPtr<nsIStreamLoader> loader =
985 do_CreateInstance(NS_STREAMLOADER_CONTRACTID, &rv);
986 if (NS_SUCCEEDED(rv)) {
987 rv = loader->Init(observer, requestObserver);
988 if (NS_SUCCEEDED(rv)) {
989 *result = nullptr;
990 loader.swap(*result);
991 }
992 }
993 return rv;
994 }
995
996 nsresult NS_NewStreamLoaderInternal(
997 nsIStreamLoader** outStream, nsIURI* aUri,
998 nsIStreamLoaderObserver* aObserver, nsINode* aLoadingNode,
999 nsIPrincipal* aLoadingPrincipal, nsSecurityFlags aSecurityFlags,
1000 nsContentPolicyType aContentPolicyType,
1001 nsILoadGroup* aLoadGroup /* = nullptr */,
1002 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
1003 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */) {
1004 nsCOMPtr<nsIChannel> channel;
1005 nsresult rv = NS_NewChannelInternal(
1006 getter_AddRefs(channel), aUri, aLoadingNode, aLoadingPrincipal,
1007 nullptr, // aTriggeringPrincipal
1008 Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
1009 aContentPolicyType,
1010 nullptr, // nsICookieJarSettings
1011 nullptr, // PerformanceStorage
1012 aLoadGroup, aCallbacks, aLoadFlags);
1013
1014 NS_ENSURE_SUCCESS(rv, rv);
1015 rv = NS_NewStreamLoader(outStream, aObserver);
1016 NS_ENSURE_SUCCESS(rv, rv);
1017 return channel->AsyncOpen(*outStream);
1018 }
1019
1020 nsresult NS_NewStreamLoader(
1021 nsIStreamLoader** outStream, nsIURI* aUri,
1022 nsIStreamLoaderObserver* aObserver, nsINode* aLoadingNode,
1023 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
1024 nsILoadGroup* aLoadGroup /* = nullptr */,
1025 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
1026 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */) {
1027 NS_ASSERTION(aLoadingNode,
1028 "Can not create stream loader without a loading Node!");
1029 return NS_NewStreamLoaderInternal(
1030 outStream, aUri, aObserver, aLoadingNode, aLoadingNode->NodePrincipal(),
1031 aSecurityFlags, aContentPolicyType, aLoadGroup, aCallbacks, aLoadFlags);
1032 }
1033
1034 nsresult NS_NewStreamLoader(
1035 nsIStreamLoader** outStream, nsIURI* aUri,
1036 nsIStreamLoaderObserver* aObserver, nsIPrincipal* aLoadingPrincipal,
1037 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
1038 nsILoadGroup* aLoadGroup /* = nullptr */,
1039 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
1040 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */) {
1041 return NS_NewStreamLoaderInternal(outStream, aUri, aObserver,
1042 nullptr, // aLoadingNode
1043 aLoadingPrincipal, aSecurityFlags,
1044 aContentPolicyType, aLoadGroup, aCallbacks,
1045 aLoadFlags);
1046 }
1047
1048 nsresult NS_NewSyncStreamListener(nsIStreamListener** result,
1049 nsIInputStream** stream) {
1050 nsCOMPtr<nsISyncStreamListener> listener = new nsSyncStreamListener();
1051 nsresult rv = listener->GetInputStream(stream);
1052 if (NS_SUCCEEDED(rv)) {
1053 listener.forget(result);
1054 }
1055 return rv;
1056 }
1057
1058 nsresult NS_ImplementChannelOpen(nsIChannel* channel, nsIInputStream** result) {
1059 nsCOMPtr<nsIStreamListener> listener;
1060 nsCOMPtr<nsIInputStream> stream;
1061 nsresult rv = NS_NewSyncStreamListener(getter_AddRefs(listener),
1062 getter_AddRefs(stream));
1063 NS_ENSURE_SUCCESS(rv, rv);
1064
1065 rv = channel->AsyncOpen(listener);
1066 NS_ENSURE_SUCCESS(rv, rv);
1067
1068 uint64_t n;
1069 // block until the initial response is received or an error occurs.
1070 rv = stream->Available(&n);
1071 NS_ENSURE_SUCCESS(rv, rv);
1072
1073 *result = nullptr;
1074 stream.swap(*result);
1075
1076 return NS_OK;
1077 }
1078
1079 nsresult NS_NewRequestObserverProxy(nsIRequestObserver** result,
1080 nsIRequestObserver* observer,
1081 nsISupports* context) {
1082 nsCOMPtr<nsIRequestObserverProxy> proxy = new nsRequestObserverProxy();
1083 nsresult rv = proxy->Init(observer, context);
1084 if (NS_SUCCEEDED(rv)) {
1085 proxy.forget(result);
1086 }
1087 return rv;
1088 }
1089
1090 nsresult NS_NewSimpleStreamListener(
1091 nsIStreamListener** result, nsIOutputStream* sink,
1092 nsIRequestObserver* observer /* = nullptr */) {
1093 nsresult rv;
1094 nsCOMPtr<nsISimpleStreamListener> listener =
1095 do_CreateInstance(NS_SIMPLESTREAMLISTENER_CONTRACTID, &rv);
1096 if (NS_SUCCEEDED(rv)) {
1097 rv = listener->Init(sink, observer);
1098 if (NS_SUCCEEDED(rv)) {
1099 listener.forget(result);
1100 }
1101 }
1102 return rv;
1103 }
1104
1105 nsresult NS_CheckPortSafety(int32_t port, const char* scheme,
1106 nsIIOService* ioService /* = nullptr */) {
1107 nsresult rv;
1108 nsCOMPtr<nsIIOService> grip;
1109 rv = net_EnsureIOService(&ioService, grip);
1110 if (ioService) {
1111 bool allow;
1112 rv = ioService->AllowPort(port, scheme, &allow);
1113 if (NS_SUCCEEDED(rv) && !allow) {
1114 NS_WARNING("port blocked");
1115 rv = NS_ERROR_PORT_ACCESS_NOT_ALLOWED;
1116 }
1117 }
1118 return rv;
1119 }
1120
1121 nsresult NS_CheckPortSafety(nsIURI* uri) {
1122 int32_t port;
1123 nsresult rv = uri->GetPort(&port);
1124 if (NS_FAILED(rv) || port == -1) { // port undefined or default-valued
1125 return NS_OK;
1126 }
1127 nsAutoCString scheme;
1128 uri->GetScheme(scheme);
1129 return NS_CheckPortSafety(port, scheme.get());
1130 }
1131
1132 nsresult NS_NewProxyInfo(const nsACString& type, const nsACString& host,
1133 int32_t port, uint32_t flags, nsIProxyInfo** result) {
1134 nsresult rv;
1135 nsCOMPtr<nsIProtocolProxyService> pps =
1136 do_GetService(NS_PROTOCOLPROXYSERVICE_CONTRACTID, &rv);
1137 if (NS_SUCCEEDED(rv)) {
1138 rv = pps->NewProxyInfo(type, host, port, ""_ns, ""_ns, flags, UINT32_MAX,
1139 nullptr, result);
1140 }
1141 return rv;
1142 }
1143
1144 nsresult NS_GetFileProtocolHandler(nsIFileProtocolHandler** result,
1145 nsIIOService* ioService /* = nullptr */) {
1146 nsresult rv;
1147 nsCOMPtr<nsIIOService> grip;
1148 rv = net_EnsureIOService(&ioService, grip);
1149 if (ioService) {
1150 nsCOMPtr<nsIProtocolHandler> handler;
1151 rv = ioService->GetProtocolHandler("file", getter_AddRefs(handler));
1152 if (NS_SUCCEEDED(rv)) rv = CallQueryInterface(handler, result);
1153 }
1154 return rv;
1155 }
1156
1157 nsresult NS_GetFileFromURLSpec(const nsACString& inURL, nsIFile** result,
1158 nsIIOService* ioService /* = nullptr */) {
1159 nsresult rv;
1160 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1161 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1162 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetFileFromURLSpec(inURL, result);
1163 return rv;
1164 }
1165
1166 nsresult NS_GetURLSpecFromFile(nsIFile* file, nsACString& url,
1167 nsIIOService* ioService /* = nullptr */) {
1168 nsresult rv;
1169 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1170 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1171 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetURLSpecFromFile(file, url);
1172 return rv;
1173 }
1174
1175 nsresult NS_GetURLSpecFromActualFile(nsIFile* file, nsACString& url,
1176 nsIIOService* ioService /* = nullptr */) {
1177 nsresult rv;
1178 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1179 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1180 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetURLSpecFromActualFile(file, url);
1181 return rv;
1182 }
1183
1184 nsresult NS_GetURLSpecFromDir(nsIFile* file, nsACString& url,
1185 nsIIOService* ioService /* = nullptr */) {
1186 nsresult rv;
1187 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1188 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1189 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetURLSpecFromDir(file, url);
1190 return rv;
1191 }
1192
1193 void NS_GetReferrerFromChannel(nsIChannel* channel, nsIURI** referrer) {
1194 *referrer = nullptr;
1195
1196 if (nsCOMPtr<nsIPropertyBag2> props = do_QueryInterface(channel)) {
1197 // We have to check for a property on a property bag because the
1198 // referrer may be empty for security reasons (for example, when loading
1199 // an http page with an https referrer).
1200 nsresult rv;
1201 nsCOMPtr<nsIURI> uri(
1202 do_GetProperty(props, u"docshell.internalReferrer"_ns, &rv));
1203 if (NS_SUCCEEDED(rv)) {
1204 uri.forget(referrer);
1205 return;
1206 }
1207 }
1208
1209 // if that didn't work, we can still try to get the referrer from the
1210 // nsIHttpChannel (if we can QI to it)
1211 nsCOMPtr<nsIHttpChannel> chan(do_QueryInterface(channel));
1212 if (!chan) {
1213 return;
1214 }
1215
1216 nsCOMPtr<nsIReferrerInfo> referrerInfo = chan->GetReferrerInfo();
1217 if (!referrerInfo) {
1218 return;
1219 }
1220
1221 referrerInfo->GetOriginalReferrer(referrer);
1222 }
1223
1224 already_AddRefed<nsINetUtil> do_GetNetUtil(nsresult* error /* = 0 */) {
1225 nsCOMPtr<nsIIOService> io = mozilla::components::IO::Service();
1226 nsCOMPtr<nsINetUtil> util;
1227 if (io) util = do_QueryInterface(io);
1228
1229 if (error) *error = !!util ? NS_OK : NS_ERROR_FAILURE;
1230 return util.forget();
1231 }
1232
1233 nsresult NS_ParseRequestContentType(const nsACString& rawContentType,
1234 nsCString& contentType,
1235 nsCString& contentCharset) {
1236 // contentCharset is left untouched if not present in rawContentType
1237 nsresult rv;
1238 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
1239 NS_ENSURE_SUCCESS(rv, rv);
1240 nsCString charset;
1241 bool hadCharset;
1242 rv = util->ParseRequestContentType(rawContentType, charset, &hadCharset,
1243 contentType);
1244 if (NS_SUCCEEDED(rv) && hadCharset) contentCharset = charset;
1245 return rv;
1246 }
1247
1248 nsresult NS_ParseResponseContentType(const nsACString& rawContentType,
1249 nsCString& contentType,
1250 nsCString& contentCharset) {
1251 // contentCharset is left untouched if not present in rawContentType
1252 nsresult rv;
1253 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
1254 NS_ENSURE_SUCCESS(rv, rv);
1255 nsCString charset;
1256 bool hadCharset;
1257 rv = util->ParseResponseContentType(rawContentType, charset, &hadCharset,
1258 contentType);
1259 if (NS_SUCCEEDED(rv) && hadCharset) contentCharset = charset;
1260 return rv;
1261 }
1262
1263 nsresult NS_ExtractCharsetFromContentType(const nsACString& rawContentType,
1264 nsCString& contentCharset,
1265 bool* hadCharset,
1266 int32_t* charsetStart,
1267 int32_t* charsetEnd) {
1268 // contentCharset is left untouched if not present in rawContentType
1269 nsresult rv;
1270 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
1271 NS_ENSURE_SUCCESS(rv, rv);
1272
1273 return util->ExtractCharsetFromContentType(
1274 rawContentType, contentCharset, charsetStart, charsetEnd, hadCharset);
1275 }
1276
1277 nsresult NS_NewAtomicFileOutputStream(nsIOutputStream** result, nsIFile* file,
1278 int32_t ioFlags /* = -1 */,
1279 int32_t perm /* = -1 */,
1280 int32_t behaviorFlags /* = 0 */) {
1281 nsresult rv;
1282 nsCOMPtr<nsIFileOutputStream> out =
1283 do_CreateInstance(NS_ATOMICLOCALFILEOUTPUTSTREAM_CONTRACTID, &rv);
1284 if (NS_SUCCEEDED(rv)) {
1285 rv = out->Init(file, ioFlags, perm, behaviorFlags);
1286 if (NS_SUCCEEDED(rv)) out.forget(result);
1287 }
1288 return rv;
1289 }
1290
1291 nsresult NS_NewSafeLocalFileOutputStream(nsIOutputStream** result,
1292 nsIFile* file,
1293 int32_t ioFlags /* = -1 */,
1294 int32_t perm /* = -1 */,
1295 int32_t behaviorFlags /* = 0 */) {
1296 nsresult rv;
1297 nsCOMPtr<nsIFileOutputStream> out =
1298 do_CreateInstance(NS_SAFELOCALFILEOUTPUTSTREAM_CONTRACTID, &rv);
1299 if (NS_SUCCEEDED(rv)) {
1300 rv = out->Init(file, ioFlags, perm, behaviorFlags);
1301 if (NS_SUCCEEDED(rv)) out.forget(result);
1302 }
1303 return rv;
1304 }
1305
1306 nsresult NS_NewLocalFileRandomAccessStream(nsIRandomAccessStream** result,
1307 nsIFile* file,
1308 int32_t ioFlags /* = -1 */,
1309 int32_t perm /* = -1 */,
1310 int32_t behaviorFlags /* = 0 */) {
1311 nsCOMPtr<nsIFileRandomAccessStream> stream = new nsFileRandomAccessStream();
1312 nsresult rv = stream->Init(file, ioFlags, perm, behaviorFlags);
1313 if (NS_SUCCEEDED(rv)) {
1314 stream.forget(result);
1315 }
1316 return rv;
1317 }
1318
1319 mozilla::Result<nsCOMPtr<nsIRandomAccessStream>, nsresult>
1320 NS_NewLocalFileRandomAccessStream(nsIFile* file, int32_t ioFlags /* = -1 */,
1321 int32_t perm /* = -1 */,
1322 int32_t behaviorFlags /* = 0 */) {
1323 nsCOMPtr<nsIRandomAccessStream> stream;
1324 const nsresult rv = NS_NewLocalFileRandomAccessStream(
1325 getter_AddRefs(stream), file, ioFlags, perm, behaviorFlags);
1326 if (NS_SUCCEEDED(rv)) {
1327 return stream;
1328 }
1329 return Err(rv);
1330 }
1331
1332 nsresult NS_NewBufferedOutputStream(
1333 nsIOutputStream** aResult, already_AddRefed<nsIOutputStream> aOutputStream,
1334 uint32_t aBufferSize) {
1335 nsCOMPtr<nsIOutputStream> outputStream = std::move(aOutputStream);
1336
1337 nsresult rv;
1338 nsCOMPtr<nsIBufferedOutputStream> out =
1339 do_CreateInstance(NS_BUFFEREDOUTPUTSTREAM_CONTRACTID, &rv);
1340 if (NS_SUCCEEDED(rv)) {
1341 rv = out->Init(outputStream, aBufferSize);
1342 if (NS_SUCCEEDED(rv)) {
1343 out.forget(aResult);
1344 }
1345 }
1346 return rv;
1347 }
1348
1349 [[nodiscard]] nsresult NS_NewBufferedInputStream(
1350 nsIInputStream** aResult, already_AddRefed<nsIInputStream> aInputStream,
1351 uint32_t aBufferSize) {
1352 nsCOMPtr<nsIInputStream> inputStream = std::move(aInputStream);
1353
1354 nsCOMPtr<nsIBufferedInputStream> in;
1355 nsresult rv = nsBufferedInputStream::Create(
1356 NS_GET_IID(nsIBufferedInputStream), getter_AddRefs(in));
1357 if (NS_SUCCEEDED(rv)) {
1358 rv = in->Init(inputStream, aBufferSize);
1359 if (NS_SUCCEEDED(rv)) {
1360 *aResult = static_cast<nsBufferedInputStream*>(in.get())
1361 ->GetInputStream()
1362 .take();
1363 }
1364 }
1365 return rv;
1366 }
1367
1368 Result<nsCOMPtr<nsIInputStream>, nsresult> NS_NewBufferedInputStream(
1369 already_AddRefed<nsIInputStream> aInputStream, uint32_t aBufferSize) {
1370 nsCOMPtr<nsIInputStream> stream;
1371 const nsresult rv = NS_NewBufferedInputStream(
1372 getter_AddRefs(stream), std::move(aInputStream), aBufferSize);
1373 if (NS_SUCCEEDED(rv)) {
1374 return stream;
1375 }
1376 return Err(rv);
1377 }
1378
1379 namespace {
1380
1381 #define BUFFER_SIZE 8192
1382
1383 class BufferWriter final : public nsIInputStreamCallback {
1384 public:
1385 NS_DECL_THREADSAFE_ISUPPORTS
1386
1387 BufferWriter(nsIInputStream* aInputStream, void* aBuffer, int64_t aCount)
1388 : mMonitor("BufferWriter.mMonitor"),
1389 mInputStream(aInputStream),
1390 mBuffer(aBuffer),
1391 mCount(aCount),
1392 mWrittenData(0),
1393 mBufferType(aBuffer ? eExternal : eInternal),
1394 mBufferSize(0) {
1395 MOZ_ASSERT(aInputStream);
1396 MOZ_ASSERT(aCount == -1 || aCount > 0);
1397 MOZ_ASSERT_IF(mBuffer, aCount > 0);
1398 }
1399
1400 nsresult Write() {
1401 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1402
1403 // Let's make the inputStream buffered if it's not.
1404 if (!NS_InputStreamIsBuffered(mInputStream)) {
1405 nsCOMPtr<nsIInputStream> bufferedStream;
1406 nsresult rv = NS_NewBufferedInputStream(
1407 getter_AddRefs(bufferedStream), mInputStream.forget(), BUFFER_SIZE);
1408 NS_ENSURE_SUCCESS(rv, rv);
1409
1410 mInputStream = bufferedStream;
1411 }
1412
1413 mAsyncInputStream = do_QueryInterface(mInputStream);
1414
1415 if (!mAsyncInputStream) {
1416 return WriteSync();
1417 }
1418
1419 // Let's use mAsyncInputStream only.
1420 mInputStream = nullptr;
1421
1422 return WriteAsync();
1423 }
1424
1425 uint64_t WrittenData() const {
1426 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1427 return mWrittenData;
1428 }
1429
1430 void* StealBuffer() {
1431 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1432 MOZ_ASSERT(mBufferType == eInternal);
1433
1434 void* buffer = mBuffer;
1435
1436 mBuffer = nullptr;
1437 mBufferSize = 0;
1438
1439 return buffer;
1440 }
1441
1442 private:
1443 ~BufferWriter() {
1444 if (mBuffer && mBufferType == eInternal) {
1445 free(mBuffer);
1446 }
1447
1448 if (mTaskQueue) {
1449 mTaskQueue->BeginShutdown();
1450 }
1451 }
1452
1453 nsresult WriteSync() {
1454 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1455
1456 uint64_t length = (uint64_t)mCount;
1457
1458 if (mCount == -1) {
1459 nsresult rv = mInputStream->Available(&length);
1460 NS_ENSURE_SUCCESS(rv, rv);
1461
1462 if (length == 0) {
1463 // nothing to read.
1464 return NS_OK;
1465 }
1466 }
1467
1468 if (mBufferType == eInternal) {
1469 mBuffer = malloc(length);
1470 if (NS_WARN_IF(!mBuffer)) {
1471 return NS_ERROR_OUT_OF_MEMORY;
1472 }
1473 }
1474
1475 uint32_t writtenData;
1476 nsresult rv = mInputStream->ReadSegments(NS_CopySegmentToBuffer, mBuffer,
1477 length, &writtenData);
1478 NS_ENSURE_SUCCESS(rv, rv);
1479
1480 mWrittenData = writtenData;
1481 return NS_OK;
1482 }
1483
1484 nsresult WriteAsync() {
1485 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1486
1487 if (mCount > 0 && mBufferType == eInternal) {
1488 mBuffer = malloc(mCount);
1489 if (NS_WARN_IF(!mBuffer)) {
1490 return NS_ERROR_OUT_OF_MEMORY;
1491 }
1492 }
1493
1494 while (true) {
1495 if (mCount == -1 && !MaybeExpandBufferSize()) {
1496 return NS_ERROR_OUT_OF_MEMORY;
1497 }
1498
1499 uint64_t offset = mWrittenData;
1500 uint64_t length = mCount == -1 ? BUFFER_SIZE : mCount;
1501
1502 // Let's try to read data directly.
1503 uint32_t writtenData;
1504 nsresult rv = mAsyncInputStream->ReadSegments(
1505 NS_CopySegmentToBuffer, static_cast<char*>(mBuffer) + offset, length,
1506 &writtenData);
1507
1508 // Operation completed. Nothing more to read.
1509 if (NS_SUCCEEDED(rv) && writtenData == 0) {
1510 return NS_OK;
1511 }
1512
1513 // If we succeeded, let's try to read again.
1514 if (NS_SUCCEEDED(rv)) {
1515 mWrittenData += writtenData;
1516 if (mCount != -1) {
1517 MOZ_ASSERT(mCount >= writtenData);
1518 mCount -= writtenData;
1519
1520 // Is this the end of the reading?
1521 if (mCount == 0) {
1522 return NS_OK;
1523 }
1524 }
1525
1526 continue;
1527 }
1528
1529 // Async wait...
1530 if (rv == NS_BASE_STREAM_WOULD_BLOCK) {
1531 rv = MaybeCreateTaskQueue();
1532 if (NS_WARN_IF(NS_FAILED(rv))) {
1533 return rv;
1534 }
1535
1536 MonitorAutoLock lock(mMonitor);
1537
1538 rv = mAsyncInputStream->AsyncWait(this, 0, length, mTaskQueue);
1539 if (NS_WARN_IF(NS_FAILED(rv))) {
1540 return rv;
1541 }
1542
1543 lock.Wait();
1544 continue;
1545 }
1546
1547 // Otherwise, let's propagate the error.
1548 return rv;
1549 }
1550
1551 MOZ_ASSERT_UNREACHABLE("We should not be here");
1552 return NS_ERROR_FAILURE;
1553 }
1554
1555 nsresult MaybeCreateTaskQueue() {
1556 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1557
1558 if (!mTaskQueue) {
1559 nsCOMPtr<nsIEventTarget> target =
1560 do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID);
1561 if (!target) {
1562 return NS_ERROR_FAILURE;
1563 }
1564
1565 mTaskQueue = TaskQueue::Create(target.forget(), "nsNetUtil:BufferWriter");
1566 }
1567
1568 return NS_OK;
1569 }
1570
1571 NS_IMETHOD
1572 OnInputStreamReady(nsIAsyncInputStream* aStream) override {
1573 MOZ_ASSERT(!NS_IsMainThread());
1574
1575 // We have something to read. Let's unlock the main-thread.
1576 MonitorAutoLock lock(mMonitor);
1577 lock.Notify();
1578 return NS_OK;
1579 }
1580
1581 bool MaybeExpandBufferSize() {
1582 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1583
1584 MOZ_ASSERT(mCount == -1);
1585
1586 if (mBufferSize >= mWrittenData + BUFFER_SIZE) {
1587 // The buffer is big enough.
1588 return true;
1589 }
1590
1591 CheckedUint32 bufferSize =
1592 std::max<uint32_t>(static_cast<uint32_t>(mWrittenData), BUFFER_SIZE);
1593 while (bufferSize.isValid() &&
1594 bufferSize.value() < mWrittenData + BUFFER_SIZE) {
1595 bufferSize *= 2;
1596 }
1597
1598 if (!bufferSize.isValid()) {
1599 return false;
1600 }
1601
1602 void* buffer = realloc(mBuffer, bufferSize.value());
1603 if (!buffer) {
1604 return false;
1605 }
1606
1607 mBuffer = buffer;
1608 mBufferSize = bufferSize.value();
1609 return true;
1610 }
1611
1612 // All the members of this class are touched on the owning thread only. The
1613 // monitor is only used to communicate when there is more data to read.
1614 Monitor mMonitor MOZ_UNANNOTATED;
1615
1616 nsCOMPtr<nsIInputStream> mInputStream;
1617 nsCOMPtr<nsIAsyncInputStream> mAsyncInputStream;
1618
1619 RefPtr<TaskQueue> mTaskQueue;
1620
1621 void* mBuffer;
1622 int64_t mCount;
1623 uint64_t mWrittenData;
1624
1625 enum {
1626 // The buffer is allocated internally and this object must release it
1627 // in the DTOR if not stolen. The buffer can be reallocated.
1628 eInternal,
1629
1630 // The buffer is not owned by this object and it cannot be reallocated.
1631 eExternal,
1632 } mBufferType;
1633
1634 // The following set if needed for the async read.
1635 uint64_t mBufferSize;
1636 };
1637
1638 NS_IMPL_ISUPPORTS(BufferWriter, nsIInputStreamCallback)
1639
1640 } // anonymous namespace
1641
1642 nsresult NS_ReadInputStreamToBuffer(nsIInputStream* aInputStream, void** aDest,
1643 int64_t aCount, uint64_t* aWritten) {
1644 MOZ_ASSERT(aInputStream);
1645 MOZ_ASSERT(aCount >= -1);
1646
1647 uint64_t dummyWritten;
1648 if (!aWritten) {
1649 aWritten = &dummyWritten;
1650 }
1651
1652 if (aCount == 0) {
1653 *aWritten = 0;
1654 return NS_OK;
1655 }
1656
1657 // This will take care of allocating and reallocating aDest.
1658 RefPtr<BufferWriter> writer = new BufferWriter(aInputStream, *aDest, aCount);
1659
1660 nsresult rv = writer->Write();
1661 NS_ENSURE_SUCCESS(rv, rv);
1662
1663 *aWritten = writer->WrittenData();
1664
1665 if (!*aDest) {
1666 *aDest = writer->StealBuffer();
1667 }
1668
1669 return NS_OK;
1670 }
1671
1672 nsresult NS_ReadInputStreamToString(nsIInputStream* aInputStream,
1673 nsACString& aDest, int64_t aCount,
1674 uint64_t* aWritten) {
1675 uint64_t dummyWritten;
1676 if (!aWritten) {
1677 aWritten = &dummyWritten;
1678 }
1679
1680 // Nothing to do if aCount is 0.
1681 if (aCount == 0) {
1682 aDest.Truncate();
1683 *aWritten = 0;
1684 return NS_OK;
1685 }
1686
1687 // If we have the size, we can pre-allocate the buffer.
1688 if (aCount > 0) {
1689 if (NS_WARN_IF(aCount >= INT32_MAX) ||
1690 NS_WARN_IF(!aDest.SetLength(aCount, mozilla::fallible))) {
1691 return NS_ERROR_OUT_OF_MEMORY;
1692 }
1693
1694 void* dest = aDest.BeginWriting();
1695 nsresult rv =
1696 NS_ReadInputStreamToBuffer(aInputStream, &dest, aCount, aWritten);
1697 NS_ENSURE_SUCCESS(rv, rv);
1698
1699 if ((uint64_t)aCount > *aWritten) {
1700 aDest.Truncate(*aWritten);
1701 }
1702
1703 return NS_OK;
1704 }
1705
1706 // If the size is unknown, BufferWriter will allocate the buffer.
1707 void* dest = nullptr;
1708 nsresult rv =
1709 NS_ReadInputStreamToBuffer(aInputStream, &dest, aCount, aWritten);
1710 MOZ_ASSERT_IF(NS_FAILED(rv), dest == nullptr);
1711 NS_ENSURE_SUCCESS(rv, rv);
1712
1713 if (!dest) {
1714 MOZ_ASSERT(*aWritten == 0);
1715 aDest.Truncate();
1716 return NS_OK;
1717 }
1718
1719 aDest.Adopt(reinterpret_cast<char*>(dest), *aWritten);
1720 return NS_OK;
1721 }
1722
1723 nsresult NS_NewURI(nsIURI** result, const nsACString& spec,
1724 NotNull<const Encoding*> encoding,
1725 nsIURI* baseURI /* = nullptr */) {
1726 nsAutoCString charset;
1727 encoding->Name(charset);
1728 return NS_NewURI(result, spec, charset.get(), baseURI);
1729 }
1730
1731 nsresult NS_NewURI(nsIURI** result, const nsAString& aSpec,
1732 const char* charset /* = nullptr */,
1733 nsIURI* baseURI /* = nullptr */) {
1734 nsAutoCString spec;
1735 if (!AppendUTF16toUTF8(aSpec, spec, mozilla::fallible)) {
1736 return NS_ERROR_OUT_OF_MEMORY;
1737 }
1738 return NS_NewURI(result, spec, charset, baseURI);
1739 }
1740
1741 nsresult NS_NewURI(nsIURI** result, const nsAString& aSpec,
1742 NotNull<const Encoding*> encoding,
1743 nsIURI* baseURI /* = nullptr */) {
1744 nsAutoCString spec;
1745 if (!AppendUTF16toUTF8(aSpec, spec, mozilla::fallible)) {
1746 return NS_ERROR_OUT_OF_MEMORY;
1747 }
1748 return NS_NewURI(result, spec, encoding, baseURI);
1749 }
1750
1751 nsresult NS_NewURI(nsIURI** result, const char* spec,
1752 nsIURI* baseURI /* = nullptr */) {
1753 return NS_NewURI(result, nsDependentCString(spec), nullptr, baseURI);
1754 }
1755
1756 static nsresult NewStandardURI(const nsACString& aSpec, const char* aCharset,
1757 nsIURI* aBaseURI, int32_t aDefaultPort,
1758 nsIURI** aURI) {
1759 return NS_MutateURI(new nsStandardURL::Mutator())
1760 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_AUTHORITY,
1761 aDefaultPort, aSpec, aCharset, aBaseURI, nullptr)
1762 .Finalize(aURI);
1763 }
1764
1765 nsresult NS_GetSpecWithNSURLEncoding(nsACString& aResult,
1766 const nsACString& aSpec) {
1767 nsCOMPtr<nsIURI> uri;
1768 nsresult rv = NS_NewURIWithNSURLEncoding(getter_AddRefs(uri), aSpec);
1769 NS_ENSURE_SUCCESS(rv, rv);
1770 return uri->GetAsciiSpec(aResult);
1771 }
1772
1773 nsresult NS_NewURIWithNSURLEncoding(nsIURI** aResult, const nsACString& aSpec) {
1774 nsCOMPtr<nsIURI> uri;
1775 nsresult rv = NS_NewURI(getter_AddRefs(uri), aSpec);
1776 NS_ENSURE_SUCCESS(rv, rv);
1777
1778 // Escape the ref portion of the URL. NSURL is more strict about which
1779 // characters in the URL must be % encoded. For example, an unescaped '#'
1780 // to indicate the beginning of the ref component is accepted by NSURL, but
1781 // '#' characters in the ref must be escaped. Also adds encoding for other
1782 // characters not accepted by NSURL in the ref such as '{', '|', '}', and '^'.
1783 // The ref returned from GetRef() does not include the leading '#'.
1784 nsAutoCString ref, escapedRef;
1785 if (NS_SUCCEEDED(uri->GetRef(ref)) && !ref.IsEmpty()) {
1786 if (!NS_Escape(ref, escapedRef, url_NSURLRef)) {
1787 return NS_ERROR_INVALID_ARG;
1788 }
1789 rv = NS_MutateURI(uri).SetRef(escapedRef).Finalize(uri);
1790 NS_ENSURE_SUCCESS(rv, rv);
1791 }
1792
1793 uri.forget(aResult);
1794 return NS_OK;
1795 }
1796
1797 extern MOZ_THREAD_LOCAL(uint32_t) gTlsURLRecursionCount;
1798
1799 template <typename T>
1800 class TlsAutoIncrement {
1801 public:
1802 explicit TlsAutoIncrement(T& var) : mVar(var) {
1803 mValue = mVar.get();
1804 mVar.set(mValue + 1);
1805 }
1806 ~TlsAutoIncrement() {
1807 typename T::Type value = mVar.get();
1808 MOZ_ASSERT(value == mValue + 1);
1809 mVar.set(value - 1);
1810 }
1811
1812 typename T::Type value() { return mValue; }
1813
1814 private:
1815 typename T::Type mValue;
1816 T& mVar;
1817 };
1818
1819 nsresult NS_NewURI(nsIURI** aURI, const nsACString& aSpec,
1820 const char* aCharset /* = nullptr */,
1821 nsIURI* aBaseURI /* = nullptr */) {
1822 TlsAutoIncrement<decltype(gTlsURLRecursionCount)> inc(gTlsURLRecursionCount);
1823 if (inc.value() >= MAX_RECURSION_COUNT) {
1824 return NS_ERROR_MALFORMED_URI;
1825 }
1826
1827 nsCOMPtr<nsIIOService> ioService = do_GetIOService();
1828 if (!ioService) {
1829 // Individual protocol handlers unfortunately rely on the ioservice, let's
1830 // return an error here instead of causing unpredictable crashes later.
1831 return NS_ERROR_NOT_AVAILABLE;
1832 }
1833
1834 if (StaticPrefs::network_url_max_length() &&
1835 aSpec.Length() > StaticPrefs::network_url_max_length()) {
1836 return NS_ERROR_MALFORMED_URI;
1837 }
1838
1839 nsAutoCString scheme;
1840 nsresult rv = net_ExtractURLScheme(aSpec, scheme);
1841 if (NS_FAILED(rv)) {
1842 // then aSpec is relative
1843 if (!aBaseURI) {
1844 return NS_ERROR_MALFORMED_URI;
1845 }
1846
1847 if (!aSpec.IsEmpty() && aSpec[0] == '#') {
1848 // Looks like a reference instead of a fully-specified URI.
1849 // --> initialize |uri| as a clone of |aBaseURI|, with ref appended.
1850 return NS_GetURIWithNewRef(aBaseURI, aSpec, aURI);
1851 }
1852
1853 rv = aBaseURI->GetScheme(scheme);
1854 if (NS_FAILED(rv)) return rv;
1855 }
1856
1857 if (scheme.EqualsLiteral("http") || scheme.EqualsLiteral("ws")) {
1858 return NewStandardURI(aSpec, aCharset, aBaseURI, NS_HTTP_DEFAULT_PORT,
1859 aURI);
1860 }
1861 if (scheme.EqualsLiteral("https") || scheme.EqualsLiteral("wss")) {
1862 return NewStandardURI(aSpec, aCharset, aBaseURI, NS_HTTPS_DEFAULT_PORT,
1863 aURI);
1864 }
1865 if (scheme.EqualsLiteral("ftp")) {
1866 return NewStandardURI(aSpec, aCharset, aBaseURI, 21, aURI);
1867 }
1868
1869 if (scheme.EqualsLiteral("file")) {
1870 return NS_MutateURI(new nsStandardURL::Mutator())
1871 .Apply(&nsIFileURLMutator::MarkFileURL)
1872 .Apply(&nsIStandardURLMutator::Init,
1873 nsIStandardURL::URLTYPE_NO_AUTHORITY, -1, aSpec, aCharset,
1874 aBaseURI, nullptr)
1875 .Finalize(aURI);
1876 }
1877
1878 if (scheme.EqualsLiteral("data")) {
1879 return nsDataHandler::CreateNewURI(aSpec, aCharset, aBaseURI, aURI);
1880 }
1881
1882 if (scheme.EqualsLiteral("moz-safe-about") ||
1883 scheme.EqualsLiteral("page-icon") || scheme.EqualsLiteral("moz") ||
1884 scheme.EqualsLiteral("cached-favicon")) {
1885 return NS_MutateURI(new nsSimpleURI::Mutator())
1886 .SetSpec(aSpec)
1887 .Finalize(aURI);
1888 }
1889
1890 if (scheme.EqualsLiteral("chrome")) {
1891 return nsChromeProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI,
1892 aURI);
1893 }
1894
1895 if (scheme.EqualsLiteral("javascript")) {
1896 return nsJSProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI, aURI);
1897 }
1898
1899 if (scheme.EqualsLiteral("blob")) {
1900 return BlobURLProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI,
1901 aURI);
1902 }
1903
1904 if (scheme.EqualsLiteral("view-source")) {
1905 return nsViewSourceHandler::CreateNewURI(aSpec, aCharset, aBaseURI, aURI);
1906 }
1907
1908 if (scheme.EqualsLiteral("resource")) {
1909 RefPtr<nsResProtocolHandler> handler = nsResProtocolHandler::GetSingleton();
1910 if (!handler) {
1911 return NS_ERROR_NOT_AVAILABLE;
1912 }
1913 return handler->NewURI(aSpec, aCharset, aBaseURI, aURI);
1914 }
1915
1916 if (scheme.EqualsLiteral("indexeddb") || scheme.EqualsLiteral("uuid")) {
1917 return NS_MutateURI(new nsStandardURL::Mutator())
1918 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_AUTHORITY,
1919 0, aSpec, aCharset, aBaseURI, nullptr)
1920 .Finalize(aURI);
1921 }
1922
1923 if (scheme.EqualsLiteral("moz-extension")) {
1924 RefPtr<mozilla::net::ExtensionProtocolHandler> handler =
1925 mozilla::net::ExtensionProtocolHandler::GetSingleton();
1926 if (!handler) {
1927 return NS_ERROR_NOT_AVAILABLE;
1928 }
1929 return handler->NewURI(aSpec, aCharset, aBaseURI, aURI);
1930 }
1931
1932 if (scheme.EqualsLiteral("moz-page-thumb")) {
1933 // The moz-page-thumb service runs JS to resolve a URI to a
1934 // storage location, so this should only ever run on the main
1935 // thread.
1936 if (!NS_IsMainThread()) {
1937 return NS_ERROR_NOT_AVAILABLE;
1938 }
1939
1940 RefPtr<mozilla::net::PageThumbProtocolHandler> handler =
1941 mozilla::net::PageThumbProtocolHandler::GetSingleton();
1942 if (!handler) {
1943 return NS_ERROR_NOT_AVAILABLE;
1944 }
1945 return handler->NewURI(aSpec, aCharset, aBaseURI, aURI);
1946 }
1947
1948 if (scheme.EqualsLiteral("about")) {
1949 return nsAboutProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI,
1950 aURI);
1951 }
1952
1953 if (scheme.EqualsLiteral("jar")) {
1954 return NS_MutateURI(new nsJARURI::Mutator())
1955 .Apply(&nsIJARURIMutator::SetSpecBaseCharset, aSpec, aBaseURI, aCharset)
1956 .Finalize(aURI);
1957 }
1958
1959 #ifndef XP_IOS
1960 if (scheme.EqualsLiteral("moz-icon")) {
1961 return NS_MutateURI(new nsMozIconURI::Mutator())
1962 .SetSpec(aSpec)
1963 .Finalize(aURI);
1964 }
1965 #endif
1966
1967 #ifdef MOZ_WIDGET_GTK
1968 if (scheme.EqualsLiteral("smb") || scheme.EqualsLiteral("sftp")) {
1969 return NS_MutateURI(new nsStandardURL::Mutator())
1970 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_STANDARD,
1971 -1, aSpec, aCharset, aBaseURI, nullptr)
1972 .Finalize(aURI);
1973 }
1974 #endif
1975
1976 if (scheme.EqualsLiteral("android")) {
1977 return NS_MutateURI(NS_STANDARDURLMUTATOR_CONTRACTID)
1978 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_STANDARD,
1979 -1, aSpec, aCharset, aBaseURI, nullptr)
1980 .Finalize(aURI);
1981 }
1982
1983 // web-extensions can add custom protocol implementations with standard URLs
1984 // that have notion of hostname, authority and relative URLs. Below we
1985 // manually check agains set of known protocols schemes until more general
1986 // solution is in place (See Bug 1569733)
1987 if (!StaticPrefs::network_url_useDefaultURI()) {
1988 if (scheme.EqualsLiteral("ssh")) {
1989 return NewStandardURI(aSpec, aCharset, aBaseURI, 22, aURI);
1990 }
1991
1992 if (scheme.EqualsLiteral("dweb") || scheme.EqualsLiteral("dat") ||
1993 scheme.EqualsLiteral("ipfs") || scheme.EqualsLiteral("ipns") ||
1994 scheme.EqualsLiteral("ssb") || scheme.EqualsLiteral("wtp")) {
1995 return NewStandardURI(aSpec, aCharset, aBaseURI, -1, aURI);
1996 }
1997 }
1998
1999 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
2000 rv = NS_NewMailnewsURI(aURI, aSpec, aCharset, aBaseURI);
2001 if (rv != NS_ERROR_UNKNOWN_PROTOCOL) {
2002 return rv;
2003 }
2004 #endif
2005
2006 if (aBaseURI) {
2007 nsAutoCString newSpec;
2008 rv = aBaseURI->Resolve(aSpec, newSpec);
2009 NS_ENSURE_SUCCESS(rv, rv);
2010
2011 nsAutoCString newScheme;
2012 rv = net_ExtractURLScheme(newSpec, newScheme);
2013 if (NS_SUCCEEDED(rv)) {
2014 // The scheme shouldn't really change at this point.
2015 MOZ_DIAGNOSTIC_ASSERT(newScheme == scheme);
2016 }
2017
2018 if (StaticPrefs::network_url_useDefaultURI()) {
2019 return NS_MutateURI(new DefaultURI::Mutator())
2020 .SetSpec(newSpec)
2021 .Finalize(aURI);
2022 }
2023
2024 return NS_MutateURI(new nsSimpleURI::Mutator())
2025 .SetSpec(newSpec)
2026 .Finalize(aURI);
2027 }
2028
2029 if (StaticPrefs::network_url_useDefaultURI()) {
2030 return NS_MutateURI(new DefaultURI::Mutator())
2031 .SetSpec(aSpec)
2032 .Finalize(aURI);
2033 }
2034
2035 // Falls back to external protocol handler.
2036 return NS_MutateURI(new nsSimpleURI::Mutator()).SetSpec(aSpec).Finalize(aURI);
2037 }
2038
2039 nsresult NS_GetSanitizedURIStringFromURI(nsIURI* aUri,
2040 nsAString& aSanitizedSpec) {
2041 aSanitizedSpec.Truncate();
2042
2043 nsCOMPtr<nsISensitiveInfoHiddenURI> safeUri = do_QueryInterface(aUri);
2044 nsAutoCString cSpec;
2045 nsresult rv;
2046 if (safeUri) {
2047 rv = safeUri->GetSensitiveInfoHiddenSpec(cSpec);
2048 } else {
2049 rv = aUri->GetSpec(cSpec);
2050 }
2051
2052 if (NS_SUCCEEDED(rv)) {
2053 aSanitizedSpec.Assign(NS_ConvertUTF8toUTF16(cSpec));
2054 }
2055 return rv;
2056 }
2057
2058 nsresult NS_LoadPersistentPropertiesFromURISpec(
2059 nsIPersistentProperties** outResult, const nsACString& aSpec) {
2060 nsCOMPtr<nsIURI> uri;
2061 nsresult rv = NS_NewURI(getter_AddRefs(uri), aSpec);
2062 NS_ENSURE_SUCCESS(rv, rv);
2063
2064 nsCOMPtr<nsIChannel> channel;
2065 rv = NS_NewChannel(getter_AddRefs(channel), uri,
2066 nsContentUtils::GetSystemPrincipal(),
2067 nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
2068 nsIContentPolicy::TYPE_OTHER);
2069 NS_ENSURE_SUCCESS(rv, rv);
2070 nsCOMPtr<nsIInputStream> in;
2071 rv = channel->Open(getter_AddRefs(in));
2072 NS_ENSURE_SUCCESS(rv, rv);
2073
2074 nsCOMPtr<nsIPersistentProperties> properties = new nsPersistentProperties();
2075 rv = properties->Load(in);
2076 NS_ENSURE_SUCCESS(rv, rv);
2077
2078 properties.swap(*outResult);
2079 return NS_OK;
2080 }
2081
2082 bool NS_UsePrivateBrowsing(nsIChannel* channel) {
2083 OriginAttributes attrs;
2084 bool result = StoragePrincipalHelper::GetOriginAttributes(
2085 channel, attrs, StoragePrincipalHelper::eRegularPrincipal);
2086 NS_ENSURE_TRUE(result, result);
2087 return attrs.mPrivateBrowsingId > 0;
2088 }
2089
2090 bool NS_HasBeenCrossOrigin(nsIChannel* aChannel, bool aReport) {
2091 nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
2092 // TYPE_DOCUMENT loads have a null LoadingPrincipal and can not be cross
2093 // origin.
2094 if (!loadInfo->GetLoadingPrincipal()) {
2095 return false;
2096 }
2097
2098 // Always treat tainted channels as cross-origin.
2099 if (loadInfo->GetTainting() != LoadTainting::Basic) {
2100 return true;
2101 }
2102
2103 nsCOMPtr<nsIPrincipal> loadingPrincipal = loadInfo->GetLoadingPrincipal();
2104 uint32_t mode = loadInfo->GetSecurityMode();
2105 bool dataInherits =
2106 mode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT ||
2107 mode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT ||
2108 mode == nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
2109
2110 bool aboutBlankInherits = dataInherits && loadInfo->GetAboutBlankInherits();
2111
2112 uint64_t innerWindowID = loadInfo->GetInnerWindowID();
2113
2114 for (nsIRedirectHistoryEntry* redirectHistoryEntry :
2115 loadInfo->RedirectChain()) {
2116 nsCOMPtr<nsIPrincipal> principal;
2117 redirectHistoryEntry->GetPrincipal(getter_AddRefs(principal));
2118 if (!principal) {
2119 return true;
2120 }
2121
2122 nsCOMPtr<nsIURI> uri;
2123 auto* basePrin = BasePrincipal::Cast(principal);
2124 basePrin->GetURI(getter_AddRefs(uri));
2125 if (!uri) {
2126 return true;
2127 }
2128
2129 if (aboutBlankInherits && NS_IsAboutBlank(uri)) {
2130 continue;
2131 }
2132
2133 nsresult res;
2134 if (aReport) {
2135 res = loadingPrincipal->CheckMayLoadWithReporting(uri, dataInherits,
2136 innerWindowID);
2137 } else {
2138 res = loadingPrincipal->CheckMayLoad(uri, dataInherits);
2139 }
2140 if (NS_FAILED(res)) {
2141 return true;
2142 }
2143 }
2144
2145 nsCOMPtr<nsIURI> uri;
2146 NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
2147 if (!uri) {
2148 return true;
2149 }
2150
2151 if (aboutBlankInherits && NS_IsAboutBlank(uri)) {
2152 return false;
2153 }
2154
2155 nsresult res;
2156 if (aReport) {
2157 res = loadingPrincipal->CheckMayLoadWithReporting(uri, dataInherits,
2158 innerWindowID);
2159 } else {
2160 res = loadingPrincipal->CheckMayLoad(uri, dataInherits);
2161 }
2162
2163 return NS_FAILED(res);
2164 }
2165
2166 bool NS_IsSafeMethodNav(nsIChannel* aChannel) {
2167 RefPtr<HttpBaseChannel> baseChan = do_QueryObject(aChannel);
2168 if (!baseChan) {
2169 return false;
2170 }
2171 nsHttpRequestHead* requestHead = baseChan->GetRequestHead();
2172 if (!requestHead) {
2173 return false;
2174 }
2175 return requestHead->IsSafeMethod();
2176 }
2177
2178 void NS_WrapAuthPrompt(nsIAuthPrompt* aAuthPrompt,
2179 nsIAuthPrompt2** aAuthPrompt2) {
2180 nsCOMPtr<nsIAuthPromptAdapterFactory> factory =
2181 do_GetService(NS_AUTHPROMPT_ADAPTER_FACTORY_CONTRACTID);
2182 if (!factory) return;
2183
2184 NS_WARNING("Using deprecated nsIAuthPrompt");
2185 factory->CreateAdapter(aAuthPrompt, aAuthPrompt2);
2186 }
2187
2188 void NS_QueryAuthPrompt2(nsIInterfaceRequestor* aCallbacks,
2189 nsIAuthPrompt2** aAuthPrompt) {
2190 CallGetInterface(aCallbacks, aAuthPrompt);
2191 if (*aAuthPrompt) return;
2192
2193 // Maybe only nsIAuthPrompt is provided and we have to wrap it.
2194 nsCOMPtr<nsIAuthPrompt> prompt(do_GetInterface(aCallbacks));
2195 if (!prompt) return;
2196
2197 NS_WrapAuthPrompt(prompt, aAuthPrompt);
2198 }
2199
2200 void NS_QueryAuthPrompt2(nsIChannel* aChannel, nsIAuthPrompt2** aAuthPrompt) {
2201 *aAuthPrompt = nullptr;
2202
2203 // We want to use any auth prompt we can find on the channel's callbacks,
2204 // and if that fails use the loadgroup's prompt (if any)
2205 // Therefore, we can't just use NS_QueryNotificationCallbacks, because
2206 // that would prefer a loadgroup's nsIAuthPrompt2 over a channel's
2207 // nsIAuthPrompt.
2208 nsCOMPtr<nsIInterfaceRequestor> callbacks;
2209 aChannel->GetNotificationCallbacks(getter_AddRefs(callbacks));
2210 if (callbacks) {
2211 NS_QueryAuthPrompt2(callbacks, aAuthPrompt);
2212 if (*aAuthPrompt) return;
2213 }
2214
2215 nsCOMPtr<nsILoadGroup> group;
2216 aChannel->GetLoadGroup(getter_AddRefs(group));
2217 if (!group) return;
2218
2219 group->GetNotificationCallbacks(getter_AddRefs(callbacks));
2220 if (!callbacks) return;
2221 NS_QueryAuthPrompt2(callbacks, aAuthPrompt);
2222 }
2223
2224 nsresult NS_NewNotificationCallbacksAggregation(
2225 nsIInterfaceRequestor* callbacks, nsILoadGroup* loadGroup,
2226 nsIEventTarget* target, nsIInterfaceRequestor** result) {
2227 nsCOMPtr<nsIInterfaceRequestor> cbs;
2228 if (loadGroup) loadGroup->GetNotificationCallbacks(getter_AddRefs(cbs));
2229 return NS_NewInterfaceRequestorAggregation(callbacks, cbs, target, result);
2230 }
2231
2232 nsresult NS_NewNotificationCallbacksAggregation(
2233 nsIInterfaceRequestor* callbacks, nsILoadGroup* loadGroup,
2234 nsIInterfaceRequestor** result) {
2235 return NS_NewNotificationCallbacksAggregation(callbacks, loadGroup, nullptr,
2236 result);
2237 }
2238
2239 nsresult NS_DoImplGetInnermostURI(nsINestedURI* nestedURI, nsIURI** result) {
2240 MOZ_ASSERT(nestedURI, "Must have a nested URI!");
2241 MOZ_ASSERT(!*result, "Must have null *result");
2242
2243 nsCOMPtr<nsIURI> inner;
2244 nsresult rv = nestedURI->GetInnerURI(getter_AddRefs(inner));
2245 NS_ENSURE_SUCCESS(rv, rv);
2246
2247 // We may need to loop here until we reach the innermost
2248 // URI.
2249 nsCOMPtr<nsINestedURI> nestedInner(do_QueryInterface(inner));
2250 while (nestedInner) {
2251 rv = nestedInner->GetInnerURI(getter_AddRefs(inner));
2252 NS_ENSURE_SUCCESS(rv, rv);
2253 nestedInner = do_QueryInterface(inner);
2254 }
2255
2256 // Found the innermost one if we reach here.
2257 inner.swap(*result);
2258
2259 return rv;
2260 }
2261
2262 nsresult NS_ImplGetInnermostURI(nsINestedURI* nestedURI, nsIURI** result) {
2263 // Make it safe to use swap()
2264 *result = nullptr;
2265
2266 return NS_DoImplGetInnermostURI(nestedURI, result);
2267 }
2268
2269 already_AddRefed<nsIURI> NS_GetInnermostURI(nsIURI* aURI) {
2270 MOZ_ASSERT(aURI, "Must have URI");
2271
2272 nsCOMPtr<nsIURI> uri = aURI;
2273
2274 nsCOMPtr<nsINestedURI> nestedURI(do_QueryInterface(uri));
2275 if (!nestedURI) {
2276 return uri.forget();
2277 }
2278
2279 nsresult rv = nestedURI->GetInnermostURI(getter_AddRefs(uri));
2280 if (NS_FAILED(rv)) {
2281 return nullptr;
2282 }
2283
2284 return uri.forget();
2285 }
2286
2287 nsresult NS_GetFinalChannelURI(nsIChannel* channel, nsIURI** uri) {
2288 *uri = nullptr;
2289
2290 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
2291 nsCOMPtr<nsIURI> resultPrincipalURI;
2292 loadInfo->GetResultPrincipalURI(getter_AddRefs(resultPrincipalURI));
2293 if (resultPrincipalURI) {
2294 resultPrincipalURI.forget(uri);
2295 return NS_OK;
2296 }
2297 return channel->GetOriginalURI(uri);
2298 }
2299
2300 nsresult NS_URIChainHasFlags(nsIURI* uri, uint32_t flags, bool* result) {
2301 nsresult rv;
2302 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
2303 NS_ENSURE_SUCCESS(rv, rv);
2304
2305 return util->URIChainHasFlags(uri, flags, result);
2306 }
2307
2308 uint32_t NS_SecurityHashURI(nsIURI* aURI) {
2309 nsCOMPtr<nsIURI> baseURI = NS_GetInnermostURI(aURI);
2310
2311 nsAutoCString scheme;
2312 uint32_t schemeHash = 0;
2313 if (NS_SUCCEEDED(baseURI->GetScheme(scheme))) {
2314 schemeHash = mozilla::HashString(scheme);
2315 }
2316
2317 // TODO figure out how to hash file:// URIs
2318 if (scheme.EqualsLiteral("file")) return schemeHash; // sad face
2319
2320 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
2321 bool hasFlag;
2322 if (NS_FAILED(NS_URIChainHasFlags(
2323 baseURI, nsIProtocolHandler::ORIGIN_IS_FULL_SPEC, &hasFlag)) ||
2324 hasFlag) {
2325 nsAutoCString spec;
2326 uint32_t specHash;
2327 nsresult res = baseURI->GetSpec(spec);
2328 if (NS_SUCCEEDED(res))
2329 specHash = mozilla::HashString(spec);
2330 else
2331 specHash = static_cast<uint32_t>(res);
2332 return specHash;
2333 }
2334 #endif
2335
2336 nsAutoCString host;
2337 uint32_t hostHash = 0;
2338 if (NS_SUCCEEDED(baseURI->GetAsciiHost(host))) {
2339 hostHash = mozilla::HashString(host);
2340 }
2341
2342 return mozilla::AddToHash(schemeHash, hostHash, NS_GetRealPort(baseURI));
2343 }
2344
2345 bool NS_SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI,
2346 bool aStrictFileOriginPolicy) {
2347 nsresult rv;
2348
2349 // Note that this is not an Equals() test on purpose -- for URIs that don't
2350 // support host/port, we want equality to basically be object identity, for
2351 // security purposes. Otherwise, for example, two javascript: URIs that
2352 // are otherwise unrelated could end up "same origin", which would be
2353 // unfortunate.
2354 if (aSourceURI && aSourceURI == aTargetURI) {
2355 return true;
2356 }
2357
2358 if (!aTargetURI || !aSourceURI) {
2359 return false;
2360 }
2361
2362 // If either URI is a nested URI, get the base URI
2363 nsCOMPtr<nsIURI> sourceBaseURI = NS_GetInnermostURI(aSourceURI);
2364 nsCOMPtr<nsIURI> targetBaseURI = NS_GetInnermostURI(aTargetURI);
2365
2366 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
2367 // Check if either URI has a special origin.
2368 nsCOMPtr<nsIURI> origin;
2369 nsCOMPtr<nsIURIWithSpecialOrigin> uriWithSpecialOrigin =
2370 do_QueryInterface(sourceBaseURI);
2371 if (uriWithSpecialOrigin) {
2372 rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
2373 if (NS_WARN_IF(NS_FAILED(rv))) {
2374 return false;
2375 }
2376 MOZ_ASSERT(origin);
2377 sourceBaseURI = origin;
2378 }
2379 uriWithSpecialOrigin = do_QueryInterface(targetBaseURI);
2380 if (uriWithSpecialOrigin) {
2381 rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
2382 if (NS_WARN_IF(NS_FAILED(rv))) {
2383 return false;
2384 }
2385 MOZ_ASSERT(origin);
2386 targetBaseURI = origin;
2387 }
2388 #endif
2389
2390 nsCOMPtr<nsIPrincipal> sourceBlobPrincipal;
2391 if (BlobURLProtocolHandler::GetBlobURLPrincipal(
2392 sourceBaseURI, getter_AddRefs(sourceBlobPrincipal))) {
2393 nsCOMPtr<nsIURI> sourceBlobOwnerURI;
2394 auto* basePrin = BasePrincipal::Cast(sourceBlobPrincipal);
2395 rv = basePrin->GetURI(getter_AddRefs(sourceBlobOwnerURI));
2396 if (NS_SUCCEEDED(rv)) {
2397 sourceBaseURI = sourceBlobOwnerURI;
2398 }
2399 }
2400
2401 nsCOMPtr<nsIPrincipal> targetBlobPrincipal;
2402 if (BlobURLProtocolHandler::GetBlobURLPrincipal(
2403 targetBaseURI, getter_AddRefs(targetBlobPrincipal))) {
2404 nsCOMPtr<nsIURI> targetBlobOwnerURI;
2405 auto* basePrin = BasePrincipal::Cast(targetBlobPrincipal);
2406 rv = basePrin->GetURI(getter_AddRefs(targetBlobOwnerURI));
2407 if (NS_SUCCEEDED(rv)) {
2408 targetBaseURI = targetBlobOwnerURI;
2409 }
2410 }
2411
2412 if (!sourceBaseURI || !targetBaseURI) return false;
2413
2414 // Compare schemes
2415 nsAutoCString targetScheme;
2416 bool sameScheme = false;
2417 if (NS_FAILED(targetBaseURI->GetScheme(targetScheme)) ||
2418 NS_FAILED(sourceBaseURI->SchemeIs(targetScheme.get(), &sameScheme)) ||
2419 !sameScheme) {
2420 // Not same-origin if schemes differ
2421 return false;
2422 }
2423
2424 // For file scheme, reject unless the files are identical. See
2425 // NS_RelaxStrictFileOriginPolicy for enforcing file same-origin checking
2426 if (targetScheme.EqualsLiteral("file")) {
2427 // in traditional unsafe behavior all files are the same origin
2428 if (!aStrictFileOriginPolicy) return true;
2429
2430 nsCOMPtr<nsIFileURL> sourceFileURL(do_QueryInterface(sourceBaseURI));
2431 nsCOMPtr<nsIFileURL> targetFileURL(do_QueryInterface(targetBaseURI));
2432
2433 if (!sourceFileURL || !targetFileURL) return false;
2434
2435 nsCOMPtr<nsIFile> sourceFile, targetFile;
2436
2437 sourceFileURL->GetFile(getter_AddRefs(sourceFile));
2438 targetFileURL->GetFile(getter_AddRefs(targetFile));
2439
2440 if (!sourceFile || !targetFile) return false;
2441
2442 // Otherwise they had better match
2443 bool filesAreEqual = false;
2444 rv = sourceFile->Equals(targetFile, &filesAreEqual);
2445 return NS_SUCCEEDED(rv) && filesAreEqual;
2446 }
2447
2448 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
2449 bool hasFlag;
2450 if (NS_FAILED(NS_URIChainHasFlags(
2451 targetBaseURI, nsIProtocolHandler::ORIGIN_IS_FULL_SPEC, &hasFlag)) ||
2452 hasFlag) {
2453 // URIs with this flag have the whole spec as a distinct trust
2454 // domain; use the whole spec for comparison
2455 nsAutoCString targetSpec;
2456 nsAutoCString sourceSpec;
2457 return (NS_SUCCEEDED(targetBaseURI->GetSpec(targetSpec)) &&
2458 NS_SUCCEEDED(sourceBaseURI->GetSpec(sourceSpec)) &&
2459 targetSpec.Equals(sourceSpec));
2460 }
2461 #endif
2462
2463 // Compare hosts
2464 nsAutoCString targetHost;
2465 nsAutoCString sourceHost;
2466 if (NS_FAILED(targetBaseURI->GetAsciiHost(targetHost)) ||
2467 NS_FAILED(sourceBaseURI->GetAsciiHost(sourceHost))) {
2468 return false;
2469 }
2470
2471 nsCOMPtr<nsIStandardURL> targetURL(do_QueryInterface(targetBaseURI));
2472 nsCOMPtr<nsIStandardURL> sourceURL(do_QueryInterface(sourceBaseURI));
2473 if (!targetURL || !sourceURL) {
2474 return false;
2475 }
2476
2477 if (!targetHost.Equals(sourceHost, nsCaseInsensitiveCStringComparator)) {
2478 return false;
2479 }
2480
2481 return NS_GetRealPort(targetBaseURI) == NS_GetRealPort(sourceBaseURI);
2482 }
2483
2484 bool NS_URIIsLocalFile(nsIURI* aURI) {
2485 nsCOMPtr<nsINetUtil> util = do_GetNetUtil();
2486
2487 bool isFile;
2488 return util &&
2489 NS_SUCCEEDED(util->ProtocolHasFlags(
2490 aURI, nsIProtocolHandler::URI_IS_LOCAL_FILE, &isFile)) &&
2491 isFile;
2492 }
2493
2494 bool NS_RelaxStrictFileOriginPolicy(nsIURI* aTargetURI, nsIURI* aSourceURI,
2495 bool aAllowDirectoryTarget /* = false */) {
2496 if (!NS_URIIsLocalFile(aTargetURI)) {
2497 // This is probably not what the caller intended
2498 MOZ_ASSERT_UNREACHABLE(
2499 "NS_RelaxStrictFileOriginPolicy called with non-file URI");
2500 return false;
2501 }
2502
2503 if (!NS_URIIsLocalFile(aSourceURI)) {
2504 // If the source is not also a file: uri then forget it
2505 // (don't want resource: principals in a file: doc)
2506 //
2507 // note: we're not de-nesting jar: uris here, we want to
2508 // keep archive content bottled up in its own little island
2509 return false;
2510 }
2511
2512 //
2513 // pull out the internal files
2514 //
2515 nsCOMPtr<nsIFileURL> targetFileURL(do_QueryInterface(aTargetURI));
2516 nsCOMPtr<nsIFileURL> sourceFileURL(do_QueryInterface(aSourceURI));
2517 nsCOMPtr<nsIFile> targetFile;
2518 nsCOMPtr<nsIFile> sourceFile;
2519 bool targetIsDir;
2520
2521 // Make sure targetFile is not a directory (bug 209234)
2522 // and that it exists w/out unescaping (bug 395343)
2523 if (!sourceFileURL || !targetFileURL ||
2524 NS_FAILED(targetFileURL->GetFile(getter_AddRefs(targetFile))) ||
2525 NS_FAILED(sourceFileURL->GetFile(getter_AddRefs(sourceFile))) ||
2526 !targetFile || !sourceFile || NS_FAILED(targetFile->Normalize()) ||
2527 #ifndef MOZ_WIDGET_ANDROID
2528 NS_FAILED(sourceFile->Normalize()) ||
2529 #endif
2530 (!aAllowDirectoryTarget &&
2531 (NS_FAILED(targetFile->IsDirectory(&targetIsDir)) || targetIsDir))) {
2532 return false;
2533 }
2534
2535 return false;
2536 }
2537
2538 bool NS_IsInternalSameURIRedirect(nsIChannel* aOldChannel,
2539 nsIChannel* aNewChannel, uint32_t aFlags) {
2540 if (!(aFlags & nsIChannelEventSink::REDIRECT_INTERNAL)) {
2541 return false;
2542 }
2543
2544 nsCOMPtr<nsIURI> oldURI, newURI;
2545 aOldChannel->GetURI(getter_AddRefs(oldURI));
2546 aNewChannel->GetURI(getter_AddRefs(newURI));
2547
2548 if (!oldURI || !newURI) {
2549 return false;
2550 }
2551
2552 bool res;
2553 return NS_SUCCEEDED(oldURI->Equals(newURI, &res)) && res;
2554 }
2555
2556 bool NS_IsHSTSUpgradeRedirect(nsIChannel* aOldChannel, nsIChannel* aNewChannel,
2557 uint32_t aFlags) {
2558 if (!(aFlags & nsIChannelEventSink::REDIRECT_STS_UPGRADE)) {
2559 return false;
2560 }
2561
2562 nsCOMPtr<nsIURI> oldURI, newURI;
2563 aOldChannel->GetURI(getter_AddRefs(oldURI));
2564 aNewChannel->GetURI(getter_AddRefs(newURI));
2565
2566 if (!oldURI || !newURI) {
2567 return false;
2568 }
2569
2570 if (!oldURI->SchemeIs("http")) {
2571 return false;
2572 }
2573
2574 nsCOMPtr<nsIURI> upgradedURI;
2575 nsresult rv = NS_GetSecureUpgradedURI(oldURI, getter_AddRefs(upgradedURI));
2576 if (NS_FAILED(rv)) {
2577 return false;
2578 }
2579
2580 bool res;
2581 return NS_SUCCEEDED(upgradedURI->Equals(newURI, &res)) && res;
2582 }
2583
2584 bool NS_ShouldRemoveAuthHeaderOnRedirect(nsIChannel* aOldChannel,
2585 nsIChannel* aNewChannel,
2586 uint32_t aFlags) {
2587 // we need to strip Authentication headers for external cross-origin redirects
2588 // Howerver, we should NOT strip auth headers for
2589 // - internal redirects/HSTS upgrades
2590 // - same origin redirects
2591 // Ref: https://fetch.spec.whatwg.org/#http-redirect-fetch
2592 if ((aFlags & (nsIChannelEventSink::REDIRECT_STS_UPGRADE |
2593 nsIChannelEventSink::REDIRECT_INTERNAL))) {
2594 // this is an internal redirect do not strip auth header
2595 return false;
2596 }
2597 nsCOMPtr<nsIURI> oldUri;
2598 MOZ_ALWAYS_SUCCEEDS(
2599 NS_GetFinalChannelURI(aOldChannel, getter_AddRefs(oldUri)));
2600
2601 nsCOMPtr<nsIURI> newUri;
2602 MOZ_ALWAYS_SUCCEEDS(
2603 NS_GetFinalChannelURI(aNewChannel, getter_AddRefs(newUri)));
2604
2605 nsresult rv = nsContentUtils::GetSecurityManager()->CheckSameOriginURI(
2606 newUri, oldUri, false, false);
2607
2608 return NS_FAILED(rv);
2609 }
2610
2611 nsresult NS_LinkRedirectChannels(uint64_t channelId,
2612 nsIParentChannel* parentChannel,
2613 nsIChannel** _result) {
2614 nsCOMPtr<nsIRedirectChannelRegistrar> registrar =
2615 RedirectChannelRegistrar::GetOrCreate();
2616 MOZ_ASSERT(registrar);
2617
2618 return registrar->LinkChannels(channelId, parentChannel, _result);
2619 }
2620
2621 nsILoadInfo::CrossOriginEmbedderPolicy
2622 NS_GetCrossOriginEmbedderPolicyFromHeader(
2623 const nsACString& aHeader, bool aIsOriginTrialCoepCredentiallessEnabled) {
2624 nsCOMPtr<nsISFVService> sfv = GetSFVService();
2625
2626 nsCOMPtr<nsISFVItem> item;
2627 nsresult rv = sfv->ParseItem(aHeader, getter_AddRefs(item));
2628 if (NS_FAILED(rv)) {
2629 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2630 }
2631
2632 nsCOMPtr<nsISFVBareItem> value;
2633 rv = item->GetValue(getter_AddRefs(value));
2634 if (NS_FAILED(rv)) {
2635 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2636 }
2637
2638 nsCOMPtr<nsISFVToken> token = do_QueryInterface(value);
2639 if (!token) {
2640 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2641 }
2642
2643 nsAutoCString embedderPolicy;
2644 rv = token->GetValue(embedderPolicy);
2645 if (NS_FAILED(rv)) {
2646 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2647 }
2648
2649 if (embedderPolicy.EqualsLiteral("require-corp")) {
2650 return nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP;
2651 } else if (embedderPolicy.EqualsLiteral("credentialless") &&
2652 IsCoepCredentiallessEnabled(
2653 aIsOriginTrialCoepCredentiallessEnabled)) {
2654 return nsILoadInfo::EMBEDDER_POLICY_CREDENTIALLESS;
2655 }
2656
2657 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2658 }
2659
2660 /** Given the first (disposition) token from a Content-Disposition header,
2661 * tell whether it indicates the content is inline or attachment
2662 * @param aDispToken the disposition token from the content-disposition header
2663 */
2664 uint32_t NS_GetContentDispositionFromToken(const nsAString& aDispToken) {
2665 // RFC 2183, section 2.8 says that an unknown disposition
2666 // value should be treated as "attachment"
2667 // If all of these tests eval to false, then we have a content-disposition of
2668 // "attachment" or unknown
2669 if (aDispToken.IsEmpty() || aDispToken.LowerCaseEqualsLiteral("inline") ||
2670 // Broken sites just send
2671 // Content-Disposition: filename="file"
2672 // without a disposition token... screen those out.
2673 StringHead(aDispToken, 8).LowerCaseEqualsLiteral("filename")) {
2674 return nsIChannel::DISPOSITION_INLINE;
2675 }
2676
2677 return nsIChannel::DISPOSITION_ATTACHMENT;
2678 }
2679
2680 uint32_t NS_GetContentDispositionFromHeader(const nsACString& aHeader,
2681 nsIChannel* aChan /* = nullptr */) {
2682 nsresult rv;
2683 nsCOMPtr<nsIMIMEHeaderParam> mimehdrpar =
2684 do_GetService(NS_MIMEHEADERPARAM_CONTRACTID, &rv);
2685 if (NS_FAILED(rv)) return nsIChannel::DISPOSITION_ATTACHMENT;
2686
2687 nsAutoString dispToken;
2688 rv = mimehdrpar->GetParameterHTTP(aHeader, "", ""_ns, true, nullptr,
2689 dispToken);
2690
2691 if (NS_FAILED(rv)) {
2692 // special case (see bug 272541): empty disposition type handled as "inline"
2693 if (rv == NS_ERROR_FIRST_HEADER_FIELD_COMPONENT_EMPTY) {
2694 return nsIChannel::DISPOSITION_INLINE;
2695 }
2696 return nsIChannel::DISPOSITION_ATTACHMENT;
2697 }
2698
2699 return NS_GetContentDispositionFromToken(dispToken);
2700 }
2701
2702 nsresult NS_GetFilenameFromDisposition(nsAString& aFilename,
2703 const nsACString& aDisposition) {
2704 aFilename.Truncate();
2705
2706 nsresult rv;
2707 nsCOMPtr<nsIMIMEHeaderParam> mimehdrpar =
2708 do_GetService(NS_MIMEHEADERPARAM_CONTRACTID, &rv);
2709 if (NS_FAILED(rv)) return rv;
2710
2711 // Get the value of 'filename' parameter
2712 rv = mimehdrpar->GetParameterHTTP(aDisposition, "filename", ""_ns, true,
2713 nullptr, aFilename);
2714
2715 if (NS_FAILED(rv)) {
2716 aFilename.Truncate();
2717 return rv;
2718 }
2719
2720 if (aFilename.IsEmpty()) return NS_ERROR_NOT_AVAILABLE;
2721
2722 // Filename may still be percent-encoded. Fix:
2723 if (aFilename.FindChar('%') != -1) {
2724 nsCOMPtr<nsITextToSubURI> textToSubURI =
2725 do_GetService(NS_ITEXTTOSUBURI_CONTRACTID, &rv);
2726 if (NS_SUCCEEDED(rv)) {
2727 nsAutoString unescaped;
2728 textToSubURI->UnEscapeURIForUI(NS_ConvertUTF16toUTF8(aFilename),
2729 /* dontEscape = */ true, unescaped);
2730 aFilename.Assign(unescaped);
2731 }
2732 }
2733
2734 return NS_OK;
2735 }
2736
2737 void net_EnsurePSMInit() {
2738 if (XRE_IsSocketProcess()) {
2739 EnsureNSSInitializedChromeOrContent();
2740 return;
2741 }
2742
2743 MOZ_ASSERT(XRE_IsParentProcess());
2744 MOZ_ASSERT(NS_IsMainThread());
2745
2746 DebugOnly<bool> rv = EnsureNSSInitializedChromeOrContent();
2747 MOZ_ASSERT(rv);
2748 }
2749
2750 bool NS_IsAboutBlank(nsIURI* uri) {
2751 // GetSpec can be expensive for some URIs, so check the scheme first.
2752 if (!uri->SchemeIs("about")) {
2753 return false;
2754 }
2755
2756 nsAutoCString spec;
2757 if (NS_FAILED(uri->GetSpec(spec))) {
2758 return false;
2759 }
2760
2761 return spec.EqualsLiteral("about:blank");
2762 }
2763
2764 bool NS_IsAboutSrcdoc(nsIURI* uri) {
2765 // GetSpec can be expensive for some URIs, so check the scheme first.
2766 if (!uri->SchemeIs("about")) {
2767 return false;
2768 }
2769
2770 nsAutoCString spec;
2771 if (NS_FAILED(uri->GetSpec(spec))) {
2772 return false;
2773 }
2774
2775 return spec.EqualsLiteral("about:srcdoc");
2776 }
2777
2778 nsresult NS_GenerateHostPort(const nsCString& host, int32_t port,
2779 nsACString& hostLine) {
2780 if (strchr(host.get(), ':')) {
2781 // host is an IPv6 address literal and must be encapsulated in []'s
2782 hostLine.Assign('[');
2783 // scope id is not needed for Host header.
2784 int scopeIdPos = host.FindChar('%');
2785 if (scopeIdPos == -1) {
2786 hostLine.Append(host);
2787 } else if (scopeIdPos > 0) {
2788 hostLine.Append(Substring(host, 0, scopeIdPos));
2789 } else {
2790 return NS_ERROR_MALFORMED_URI;
2791 }
2792 hostLine.Append(']');
2793 } else {
2794 hostLine.Assign(host);
2795 }
2796 if (port != -1) {
2797 hostLine.Append(':');
2798 hostLine.AppendInt(port);
2799 }
2800 return NS_OK;
2801 }
2802
2803 void NS_SniffContent(const char* aSnifferType, nsIRequest* aRequest,
2804 const uint8_t* aData, uint32_t aLength,
2805 nsACString& aSniffedType) {
2806 using ContentSnifferCache = nsCategoryCache<nsIContentSniffer>;
2807 extern ContentSnifferCache* gNetSniffers;
2808 extern ContentSnifferCache* gDataSniffers;
2809 extern ContentSnifferCache* gORBSniffers;
2810 extern ContentSnifferCache* gNetAndORBSniffers;
2811 ContentSnifferCache* cache = nullptr;
2812 if (!strcmp(aSnifferType, NS_CONTENT_SNIFFER_CATEGORY)) {
2813 if (!gNetSniffers) {
2814 gNetSniffers = new ContentSnifferCache(NS_CONTENT_SNIFFER_CATEGORY);
2815 }
2816 cache = gNetSniffers;
2817 } else if (!strcmp(aSnifferType, NS_DATA_SNIFFER_CATEGORY)) {
2818 if (!gDataSniffers) {
2819 gDataSniffers = new ContentSnifferCache(NS_DATA_SNIFFER_CATEGORY);
2820 }
2821 cache = gDataSniffers;
2822 } else if (!strcmp(aSnifferType, NS_ORB_SNIFFER_CATEGORY)) {
2823 if (!gORBSniffers) {
2824 gORBSniffers = new ContentSnifferCache(NS_ORB_SNIFFER_CATEGORY);
2825 }
2826 cache = gORBSniffers;
2827 } else if (!strcmp(aSnifferType, NS_CONTENT_AND_ORB_SNIFFER_CATEGORY)) {
2828 if (!gNetAndORBSniffers) {
2829 gNetAndORBSniffers =
2830 new ContentSnifferCache(NS_CONTENT_AND_ORB_SNIFFER_CATEGORY);
2831 }
2832 cache = gNetAndORBSniffers;
2833 } else {
2834 // Invalid content sniffer type was requested
2835 MOZ_ASSERT(false);
2836 return;
2837 }
2838
2839 // In case XCTO nosniff was present, we could just skip sniffing here
2840 nsCOMPtr<nsIChannel> channel = do_QueryInterface(aRequest);
2841 if (channel) {
2842 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
2843 if (loadInfo->GetSkipContentSniffing()) {
2844 /* Bug 1571742
2845 * We cannot skip snffing if the current MIME-Type might be a JSON.
2846 * The JSON-Viewer relies on its own sniffer to determine, if it can
2847 * render the page, so we need to make an exception if the Server provides
2848 * a application/ mime, as it might be json.
2849 */
2850 nsAutoCString currentContentType;
2851 channel->GetContentType(currentContentType);
2852 if (!StringBeginsWith(currentContentType, "application/"_ns)) {
2853 return;
2854 }
2855 }
2856 }
2857 nsCOMArray<nsIContentSniffer> sniffers;
2858 cache->GetEntries(sniffers);
2859 for (int32_t i = 0; i < sniffers.Count(); ++i) {
2860 nsresult rv = sniffers[i]->GetMIMETypeFromContent(aRequest, aData, aLength,
2861 aSniffedType);
2862 if (NS_SUCCEEDED(rv) && !aSniffedType.IsEmpty()) {
2863 return;
2864 }
2865 }
2866
2867 aSniffedType.Truncate();
2868 }
2869
2870 bool NS_IsSrcdocChannel(nsIChannel* aChannel) {
2871 bool isSrcdoc;
2872 nsCOMPtr<nsIInputStreamChannel> isr = do_QueryInterface(aChannel);
2873 if (isr) {
2874 isr->GetIsSrcdocChannel(&isSrcdoc);
2875 return isSrcdoc;
2876 }
2877 nsCOMPtr<nsIViewSourceChannel> vsc = do_QueryInterface(aChannel);
2878 if (vsc) {
2879 nsresult rv = vsc->GetIsSrcdocChannel(&isSrcdoc);
2880 if (NS_SUCCEEDED(rv)) {
2881 return isSrcdoc;
2882 }
2883 }
2884 return false;
2885 }
2886
2887 // helper function for NS_ShouldSecureUpgrade for checking HSTS
2888 bool handleResultFunc(bool aAllowSTS, bool aIsStsHost) {
2889 if (aIsStsHost) {
2890 LOG(("nsHttpChannel::Connect() STS permissions found\n"));
2891 if (aAllowSTS) {
2892 Telemetry::AccumulateCategorical(
2893 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::STS);
2894 return true;
2895 }
2896 Telemetry::AccumulateCategorical(
2897 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::PrefBlockedSTS);
2898 } else {
2899 Telemetry::AccumulateCategorical(
2900 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::NoReasonToUpgrade);
2901 }
2902 return false;
2903 };
2904 // That function is a helper function of NS_ShouldSecureUpgrade to check if
2905 // CSP upgrade-insecure-requests, Mixed content auto upgrading or HTTPs-Only/-
2906 // First should upgrade the given request.
2907 static bool ShouldSecureUpgradeNoHSTS(nsIURI* aURI, nsILoadInfo* aLoadInfo) {
2908 // 2. CSP upgrade-insecure-requests
2909 if (aLoadInfo->GetUpgradeInsecureRequests()) {
2910 // let's log a message to the console that we are upgrading a request
2911 nsAutoCString scheme;
2912 aURI->GetScheme(scheme);
2913 // append the additional 's' for security to the scheme :-)
2914 scheme.AppendLiteral("s");
2915 NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault());
2916 NS_ConvertUTF8toUTF16 reportScheme(scheme);
2917 AutoTArray<nsString, 2> params = {reportSpec, reportScheme};
2918 uint64_t innerWindowId = aLoadInfo->GetInnerWindowID();
2919 CSP_LogLocalizedStr("upgradeInsecureRequest", params,
2920 u""_ns, // aSourceFile
2921 u""_ns, // aScriptSample
2922 0, // aLineNumber
2923 1, // aColumnNumber
2924 nsIScriptError::warningFlag,
2925 "upgradeInsecureRequest"_ns, innerWindowId,
2926 !!aLoadInfo->GetOriginAttributes().mPrivateBrowsingId);
2927 Telemetry::AccumulateCategorical(
2928 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::CSP);
2929 return true;
2930 }
2931 // 3. Mixed content auto upgrading
2932 if (aLoadInfo->GetBrowserUpgradeInsecureRequests()) {
2933 // let's log a message to the console that we are upgrading a request
2934 nsAutoCString scheme;
2935 aURI->GetScheme(scheme);
2936 // append the additional 's' for security to the scheme :-)
2937 scheme.AppendLiteral("s");
2938 NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault());
2939 NS_ConvertUTF8toUTF16 reportScheme(scheme);
2940 AutoTArray<nsString, 2> params = {reportSpec, reportScheme};
2941
2942 nsAutoString localizedMsg;
2943 nsContentUtils::FormatLocalizedString(nsContentUtils::eSECURITY_PROPERTIES,
2944 "MixedContentAutoUpgrade", params,
2945 localizedMsg);
2946
2947 // Prepending ixed Content to the outgoing console message
2948 nsString message;
2949 message.AppendLiteral(u"Mixed Content: ");
2950 message.Append(localizedMsg);
2951
2952 uint64_t innerWindowId = aLoadInfo->GetInnerWindowID();
2953 nsContentUtils::ReportToConsoleByWindowID(
2954 message, nsIScriptError::warningFlag, "Mixed Content Message"_ns,
2955 innerWindowId, aURI);
2956
2957 // Set this flag so we know we'll upgrade because of
2958 // 'security.mixed_content.upgrade_display_content'.
2959 aLoadInfo->SetBrowserDidUpgradeInsecureRequests(true);
2960 Telemetry::AccumulateCategorical(
2961 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::BrowserDisplay);
2962
2963 return true;
2964 }
2965
2966 // 4. Https-Only
2967 if (nsHTTPSOnlyUtils::ShouldUpgradeRequest(aURI, aLoadInfo)) {
2968 Telemetry::AccumulateCategorical(
2969 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::HTTPSOnly);
2970 return true;
2971 }
2972 // 4.a Https-First
2973 if (nsHTTPSOnlyUtils::ShouldUpgradeHttpsFirstRequest(aURI, aLoadInfo)) {
2974 Telemetry::AccumulateCategorical(
2975 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::HTTPSFirst);
2976 return true;
2977 }
2978 return false;
2979 }
2980
2981 // Check if channel should be upgraded. check in the following order:
2982 // 1. HSTS
2983 // 2. CSP upgrade-insecure-requests
2984 // 3. Mixed content auto upgrading
2985 // 4. Https-Only / first
2986 // (5. Https RR - will be checked in nsHttpChannel)
2987 nsresult NS_ShouldSecureUpgrade(
2988 nsIURI* aURI, nsILoadInfo* aLoadInfo, nsIPrincipal* aChannelResultPrincipal,
2989 bool aAllowSTS, const OriginAttributes& aOriginAttributes,
2990 bool& aShouldUpgrade, std::function<void(bool, nsresult)>&& aResultCallback,
2991 bool& aWillCallback) {
2992 MOZ_ASSERT(XRE_IsParentProcess());
2993 if (!XRE_IsParentProcess()) {
2994 return NS_ERROR_NOT_AVAILABLE;
2995 }
2996
2997 aWillCallback = false;
2998 aShouldUpgrade = false;
2999
3000 // Even if we're in private browsing mode, we still enforce existing STS
3001 // data (it is read-only).
3002 // if the connection is not using SSL and either the exact host matches or
3003 // a superdomain wants to force HTTPS, do it.
3004 bool isHttps = aURI->SchemeIs("https");
3005
3006 // If request is https, then there is nothing to do here.
3007 if (isHttps) {
3008 Telemetry::AccumulateCategorical(
3009 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::AlreadyHTTPS);
3010 aShouldUpgrade = false;
3011 return NS_OK;
3012 }
3013 // If it is a mixed content trustworthy loopback, then we shouldn't upgrade
3014 // it.
3015 if (nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(aURI)) {
3016 aShouldUpgrade = false;
3017 return NS_OK;
3018 }
3019 // If no loadInfo exist there is nothing to upgrade here.
3020 if (!aLoadInfo) {
3021 aShouldUpgrade = false;
3022 return NS_OK;
3023 }
3024 MOZ_ASSERT(!aURI->SchemeIs("https"));
3025
3026 // enforce Strict-Transport-Security
3027 nsISiteSecurityService* sss = gHttpHandler->GetSSService();
3028 NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
3029
3030 bool isStsHost = false;
3031 // Calling |IsSecureURI| before the storage is ready to read will
3032 // block the main thread. Once the storage is ready, we can call it
3033 // from main thread.
3034 static Atomic<bool, Relaxed> storageReady(false);
3035 if (!storageReady && gSocketTransportService && aResultCallback) {
3036 nsCOMPtr<nsILoadInfo> loadInfo = aLoadInfo;
3037 nsCOMPtr<nsIURI> uri = aURI;
3038 auto callbackWrapper = [resultCallback{std::move(aResultCallback)}, uri,
3039 loadInfo](bool aShouldUpgrade, nsresult aStatus) {
3040 MOZ_ASSERT(NS_IsMainThread());
3041
3042 // 1. HSTS upgrade
3043 if (aShouldUpgrade || NS_FAILED(aStatus)) {
3044 resultCallback(aShouldUpgrade, aStatus);
3045 return;
3046 }
3047 // Check if we need to upgrade because of other reasons.
3048 // 2. CSP upgrade-insecure-requests
3049 // 3. Mixed content auto upgrading
3050 // 4. Https-Only / first
3051 bool shouldUpgrade = ShouldSecureUpgradeNoHSTS(uri, loadInfo);
3052 resultCallback(shouldUpgrade, aStatus);
3053 };
3054 nsCOMPtr<nsISiteSecurityService> service = sss;
3055 nsresult rv = gSocketTransportService->Dispatch(
3056 NS_NewRunnableFunction(
3057 "net::NS_ShouldSecureUpgrade",
3058 [service{std::move(service)}, uri{std::move(uri)},
3059 originAttributes(aOriginAttributes),
3060 handleResultFunc{std::move(handleResultFunc)},
3061 callbackWrapper{std::move(callbackWrapper)},
3062 allowSTS{std::move(aAllowSTS)}]() mutable {
3063 bool isStsHost = false;
3064 nsresult rv =
3065 service->IsSecureURI(uri, originAttributes, &isStsHost);
3066
3067 // Successfully get the result from |IsSecureURI| implies that
3068 // the storage is ready to read.
3069 storageReady = NS_SUCCEEDED(rv);
3070 bool shouldUpgrade = handleResultFunc(allowSTS, isStsHost);
3071 // Check if request should be upgraded.
3072 NS_DispatchToMainThread(NS_NewRunnableFunction(
3073 "net::NS_ShouldSecureUpgrade::ResultCallback",
3074 [rv, shouldUpgrade,
3075 callbackWrapper{std::move(callbackWrapper)}]() {
3076 callbackWrapper(shouldUpgrade, rv);
3077 }));
3078 }),
3079 NS_DISPATCH_NORMAL);
3080 aWillCallback = NS_SUCCEEDED(rv);
3081 return rv;
3082 }
3083
3084 nsresult rv = sss->IsSecureURI(aURI, aOriginAttributes, &isStsHost);
3085
3086 // if the SSS check fails, it's likely because this load is on a
3087 // malformed URI or something else in the setup is wrong, so any error
3088 // should be reported.
3089 NS_ENSURE_SUCCESS(rv, rv);
3090
3091 aShouldUpgrade = handleResultFunc(aAllowSTS, isStsHost);
3092 if (!aShouldUpgrade) {
3093 // Check for CSP upgrade-insecure-requests, Mixed content auto upgrading
3094 // and Https-Only / -First.
3095 aShouldUpgrade = ShouldSecureUpgradeNoHSTS(aURI, aLoadInfo);
3096 }
3097 return rv;
3098 }
3099
3100 nsresult NS_GetSecureUpgradedURI(nsIURI* aURI, nsIURI** aUpgradedURI) {
3101 NS_MutateURI mutator(aURI);
3102 mutator.SetScheme("https"_ns); // Change the scheme to HTTPS:
3103
3104 // Change the default port to 443:
3105 nsCOMPtr<nsIStandardURL> stdURL = do_QueryInterface(aURI);
3106 if (stdURL) {
3107 mutator.Apply(&nsIStandardURLMutator::SetDefaultPort, 443, nullptr);
3108 } else {
3109 // If we don't have a nsStandardURL, fall back to using GetPort/SetPort.
3110 // XXXdholbert Is this function even called with a non-nsStandardURL arg,
3111 // in practice?
3112 NS_WARNING("Calling NS_GetSecureUpgradedURI for non nsStandardURL");
3113 int32_t oldPort = -1;
3114 nsresult rv = aURI->GetPort(&oldPort);
3115 if (NS_FAILED(rv)) return rv;
3116
3117 // Keep any nonstandard ports so only the scheme is changed.
3118 // For example:
3119 // http://foo.com:80 -> https://foo.com:443
3120 // http://foo.com:81 -> https://foo.com:81
3121
3122 if (oldPort == 80 || oldPort == -1) {
3123 mutator.SetPort(-1);
3124 } else {
3125 mutator.SetPort(oldPort);
3126 }
3127 }
3128
3129 return mutator.Finalize(aUpgradedURI);
3130 }
3131
3132 nsresult NS_CompareLoadInfoAndLoadContext(nsIChannel* aChannel) {
3133 nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
3134
3135 nsCOMPtr<nsILoadContext> loadContext;
3136 NS_QueryNotificationCallbacks(aChannel, loadContext);
3137 if (!loadContext) {
3138 return NS_OK;
3139 }
3140
3141 // We try to skip about:newtab.
3142 // about:newtab will use SystemPrincipal to download thumbnails through
3143 // https:// and blob URLs.
3144 bool isAboutPage = false;
3145 nsINode* node = loadInfo->LoadingNode();
3146 if (node) {
3147 nsIURI* uri = node->OwnerDoc()->GetDocumentURI();
3148 isAboutPage = uri->SchemeIs("about");
3149 }
3150
3151 if (isAboutPage) {
3152 return NS_OK;
3153 }
3154
3155 // We skip the favicon loading here. The favicon loading might be
3156 // triggered by the XUL image. For that case, the loadContext will have
3157 // default originAttributes since the XUL image uses SystemPrincipal, but
3158 // the loadInfo will use originAttributes from the content. Thus, the
3159 // originAttributes between loadInfo and loadContext will be different.
3160 // That's why we have to skip the comparison for the favicon loading.
3161 if (loadInfo->GetLoadingPrincipal() &&
3162 loadInfo->GetLoadingPrincipal()->IsSystemPrincipal() &&
3163 loadInfo->InternalContentPolicyType() ==
3164 nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON) {
3165 return NS_OK;
3166 }
3167
3168 OriginAttributes originAttrsLoadInfo = loadInfo->GetOriginAttributes();
3169 OriginAttributes originAttrsLoadContext;
3170 loadContext->GetOriginAttributes(originAttrsLoadContext);
3171
3172 LOG(
3173 ("NS_CompareLoadInfoAndLoadContext - loadInfo: %d, %d; "
3174 "loadContext: %d, %d. [channel=%p]",
3175 originAttrsLoadInfo.mUserContextId,
3176 originAttrsLoadInfo.mPrivateBrowsingId,
3177 originAttrsLoadContext.mUserContextId,
3178 originAttrsLoadContext.mPrivateBrowsingId, aChannel));
3179
3180 MOZ_ASSERT(originAttrsLoadInfo.mUserContextId ==
3181 originAttrsLoadContext.mUserContextId,
3182 "The value of mUserContextId in the loadContext and in the "
3183 "loadInfo are not the same!");
3184
3185 MOZ_ASSERT(originAttrsLoadInfo.mPrivateBrowsingId ==
3186 originAttrsLoadContext.mPrivateBrowsingId,
3187 "The value of mPrivateBrowsingId in the loadContext and in the "
3188 "loadInfo are not the same!");
3189
3190 return NS_OK;
3191 }
3192
3193 nsresult NS_SetRequestBlockingReason(nsIChannel* channel, uint32_t reason) {
3194 NS_ENSURE_ARG(channel);
3195
3196 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
3197 return NS_SetRequestBlockingReason(loadInfo, reason);
3198 }
3199
3200 nsresult NS_SetRequestBlockingReason(nsILoadInfo* loadInfo, uint32_t reason) {
3201 NS_ENSURE_ARG(loadInfo);
3202
3203 return loadInfo->SetRequestBlockingReason(reason);
3204 }
3205
3206 nsresult NS_SetRequestBlockingReasonIfNull(nsILoadInfo* loadInfo,
3207 uint32_t reason) {
3208 NS_ENSURE_ARG(loadInfo);
3209
3210 uint32_t existingReason;
3211 if (NS_SUCCEEDED(loadInfo->GetRequestBlockingReason(&existingReason)) &&
3212 existingReason != nsILoadInfo::BLOCKING_REASON_NONE) {
3213 return NS_OK;
3214 }
3215
3216 return loadInfo->SetRequestBlockingReason(reason);
3217 }
3218
3219 bool NS_IsOffline() {
3220 bool offline = true;
3221 bool connectivity = true;
3222 nsCOMPtr<nsIIOService> ios = do_GetIOService();
3223 if (ios) {
3224 ios->GetOffline(&offline);
3225 ios->GetConnectivity(&connectivity);
3226 }
3227 return offline || !connectivity;
3228 }
3229
3230 /**
3231 * This function returns true if this channel should be classified by
3232 * the URL Classifier, false otherwise.
3233 *
3234 * The idea of the algorithm to determine if a channel should be
3235 * classified is based on:
3236 * 1. Channels created by non-privileged code should be classified.
3237 * 2. Top-level document’s channels, if loaded by privileged code
3238 * (system principal), should be classified.
3239 * 3. Any other channel, created by privileged code, is considered safe.
3240 *
3241 * A bad/hacked/corrupted safebrowsing database, plus a mistakenly
3242 * classified critical channel (this may result from a bug in the exemption
3243 * rules or incorrect information being passed into) can cause serious
3244 * problems. For example, if the updater channel is classified and blocked
3245 * by the Safe Browsing, Firefox can't update itself, and there is no way to
3246 * recover from that.
3247 *
3248 * So two safeguards are added to ensure critical channels are never
3249 * automatically classified either because there is a bug in the algorithm
3250 * or the data in loadinfo is wrong.
3251 * 1. beConservative, this is set by ServiceRequest and we treat
3252 * channel created for ServiceRequest as critical channels.
3253 * 2. nsIChannel::LOAD_BYPASS_URL_CLASSIFIER, channel's opener can use this
3254 * flag to enforce bypassing the URL classifier check.
3255 */
3256 bool NS_ShouldClassifyChannel(nsIChannel* aChannel) {
3257 nsLoadFlags loadFlags;
3258 Unused << aChannel->GetLoadFlags(&loadFlags);
3259 // If our load flags dictate that we must let this channel through without
3260 // URL classification, obey that here without performing more checks.
3261 if (loadFlags & nsIChannel::LOAD_BYPASS_URL_CLASSIFIER) {
3262 return false;
3263 }
3264
3265 nsCOMPtr<nsIHttpChannelInternal> httpChannel(do_QueryInterface(aChannel));
3266 if (httpChannel) {
3267 bool beConservative;
3268 nsresult rv = httpChannel->GetBeConservative(&beConservative);
3269
3270 // beConservative flag, set by ServiceRequest to ensure channels that
3271 // fetch update use conservative TLS setting, are used here to identify
3272 // channels are critical to bypass classification. for channels don't
3273 // support beConservative, continue to apply the exemption rules.
3274 if (NS_SUCCEEDED(rv) && beConservative) {
3275 return false;
3276 }
3277 }
3278
3279 nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
3280 ExtContentPolicyType type = loadInfo->GetExternalContentPolicyType();
3281 // Skip classifying channel triggered by system unless it is a top-level
3282 // load.
3283 return !(loadInfo->TriggeringPrincipal()->IsSystemPrincipal() &&
3284 ExtContentPolicy::TYPE_DOCUMENT != type);
3285 }
3286
3287 namespace mozilla {
3288 namespace net {
3289
3290 bool InScriptableRange(int64_t val) {
3291 return (val <= kJS_MAX_SAFE_INTEGER) && (val >= kJS_MIN_SAFE_INTEGER);
3292 }
3293
3294 bool InScriptableRange(uint64_t val) { return val <= kJS_MAX_SAFE_UINTEGER; }
3295
3296 nsresult GetParameterHTTP(const nsACString& aHeaderVal, const char* aParamName,
3297 nsAString& aResult) {
3298 return nsMIMEHeaderParamImpl::GetParameterHTTP(aHeaderVal, aParamName,
3299 aResult);
3300 }
3301
3302 bool ChannelIsPost(nsIChannel* aChannel) {
3303 if (nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel)) {
3304 nsAutoCString method;
3305 Unused << httpChannel->GetRequestMethod(method);
3306 return method.EqualsLiteral("POST");
3307 }
3308 return false;
3309 }
3310
3311 bool SchemeIsHTTP(nsIURI* aURI) {
3312 MOZ_ASSERT(aURI);
3313 return aURI->SchemeIs("http");
3314 }
3315
3316 bool SchemeIsHTTPS(nsIURI* aURI) {
3317 MOZ_ASSERT(aURI);
3318 return aURI->SchemeIs("https");
3319 }
3320
3321 bool SchemeIsJavascript(nsIURI* aURI) {
3322 MOZ_ASSERT(aURI);
3323 return aURI->SchemeIs("javascript");
3324 }
3325
3326 bool SchemeIsChrome(nsIURI* aURI) {
3327 MOZ_ASSERT(aURI);
3328 return aURI->SchemeIs("chrome");
3329 }
3330
3331 bool SchemeIsAbout(nsIURI* aURI) {
3332 MOZ_ASSERT(aURI);
3333 return aURI->SchemeIs("about");
3334 }
3335
3336 bool SchemeIsBlob(nsIURI* aURI) {
3337 MOZ_ASSERT(aURI);
3338 return aURI->SchemeIs("blob");
3339 }
3340
3341 bool SchemeIsFile(nsIURI* aURI) {
3342 MOZ_ASSERT(aURI);
3343 return aURI->SchemeIs("file");
3344 }
3345
3346 bool SchemeIsData(nsIURI* aURI) {
3347 MOZ_ASSERT(aURI);
3348 return aURI->SchemeIs("data");
3349 }
3350
3351 bool SchemeIsViewSource(nsIURI* aURI) {
3352 MOZ_ASSERT(aURI);
3353 return aURI->SchemeIs("view-source");
3354 }
3355
3356 bool SchemeIsResource(nsIURI* aURI) {
3357 MOZ_ASSERT(aURI);
3358 return aURI->SchemeIs("resource");
3359 }
3360
3361 bool SchemeIsFTP(nsIURI* aURI) {
3362 MOZ_ASSERT(aURI);
3363 return aURI->SchemeIs("ftp");
3364 }
3365
3366 bool SchemeIsSpecial(const nsACString& aScheme) {
3367 // See https://url.spec.whatwg.org/#special-scheme
3368 return aScheme.EqualsIgnoreCase("ftp") || aScheme.EqualsIgnoreCase("file") ||
3369 aScheme.EqualsIgnoreCase("http") ||
3370 aScheme.EqualsIgnoreCase("https") || aScheme.EqualsIgnoreCase("ws") ||
3371 aScheme.EqualsIgnoreCase("wss");
3372 }
3373
3374 bool IsSchemeChangePermitted(nsIURI* aOldURI, const nsACString& newScheme) {
3375 // See step 2.1 in https://url.spec.whatwg.org/#special-scheme
3376 // Note: The spec text uses "buffer" instead of newScheme, and "url"
3377 MOZ_ASSERT(aOldURI);
3378
3379 nsAutoCString tmp;
3380 nsresult rv = aOldURI->GetScheme(tmp);
3381 // If url's scheme is a special scheme and buffer is not a
3382 // special scheme, then return.
3383 // If url's scheme is not a special scheme and buffer is a
3384 // special scheme, then return.
3385 if (NS_FAILED(rv) || SchemeIsSpecial(tmp) != SchemeIsSpecial(newScheme)) {
3386 return false;
3387 }
3388
3389 // If url's scheme is "file" and its host is an empty host, then return.
3390 if (aOldURI->SchemeIs("file")) {
3391 rv = aOldURI->GetHost(tmp);
3392 if (NS_FAILED(rv) || tmp.IsEmpty()) {
3393 return false;
3394 }
3395 }
3396
3397 // URL Spec: If url includes credentials or has a non-null port, and
3398 // buffer is "file", then return.
3399 if (newScheme.EqualsIgnoreCase("file")) {
3400 bool hasUserPass;
3401 if (NS_FAILED(aOldURI->GetHasUserPass(&hasUserPass)) || hasUserPass) {
3402 return false;
3403 }
3404 int32_t port;
3405 rv = aOldURI->GetPort(&port);
3406 if (NS_FAILED(rv) || port != -1) {
3407 return false;
3408 }
3409 }
3410
3411 return true;
3412 }
3413
3414 already_AddRefed<nsIURI> TryChangeProtocol(nsIURI* aURI,
3415 const nsAString& aProtocol) {
3416 MOZ_ASSERT(aURI);
3417
3418 nsAString::const_iterator start;
3419 aProtocol.BeginReading(start);
3420
3421 nsAString::const_iterator end;
3422 aProtocol.EndReading(end);
3423
3424 nsAString::const_iterator iter(start);
3425 FindCharInReadable(':', iter, end);
3426
3427 // Changing the protocol of a URL, changes the "nature" of the URI
3428 // implementation. In order to do this properly, we have to serialize the
3429 // existing URL and reparse it in a new object.
3430 nsCOMPtr<nsIURI> clone;
3431 nsresult rv = NS_MutateURI(aURI)
3432 .SetScheme(NS_ConvertUTF16toUTF8(Substring(start, iter)))
3433 .Finalize(clone);
3434 if (NS_WARN_IF(NS_FAILED(rv))) {
3435 return nullptr;
3436 }
3437
3438 if (StaticPrefs::network_url_strict_protocol_setter()) {
3439 nsAutoCString newScheme;
3440 rv = clone->GetScheme(newScheme);
3441 if (NS_FAILED(rv) || !net::IsSchemeChangePermitted(aURI, newScheme)) {
3442 nsAutoCString url;
3443 Unused << clone->GetSpec(url);
3444 AutoTArray<nsString, 2> params;
3445 params.AppendElement(NS_ConvertUTF8toUTF16(url));
3446 params.AppendElement(NS_ConvertUTF8toUTF16(newScheme));
3447 nsContentUtils::ReportToConsole(
3448 nsIScriptError::warningFlag, "Strict Url Protocol Setter"_ns, nullptr,
3449 nsContentUtils::eNECKO_PROPERTIES, "StrictUrlProtocolSetter", params);
3450 return nullptr;
3451 }
3452 }
3453
3454 nsAutoCString href;
3455 rv = clone->GetSpec(href);
3456 if (NS_WARN_IF(NS_FAILED(rv))) {
3457 return nullptr;
3458 }
3459
3460 RefPtr<nsIURI> uri;
3461 rv = NS_NewURI(getter_AddRefs(uri), href);
3462 if (NS_WARN_IF(NS_FAILED(rv))) {
3463 return nullptr;
3464 }
3465 return uri.forget();
3466 }
3467
3468 // Decode a parameter value using the encoding defined in RFC 5987 (in place)
3469 //
3470 // charset "'" [ language ] "'" value-chars
3471 //
3472 // returns true when decoding happened successfully (otherwise leaves
3473 // passed value alone)
3474 static bool Decode5987Format(nsAString& aEncoded) {
3475 nsresult rv;
3476 nsCOMPtr<nsIMIMEHeaderParam> mimehdrpar =
3477 do_GetService(NS_MIMEHEADERPARAM_CONTRACTID, &rv);
3478 if (NS_FAILED(rv)) return false;
3479
3480 nsAutoCString asciiValue;
3481
3482 const char16_t* encstart = aEncoded.BeginReading();
3483 const char16_t* encend = aEncoded.EndReading();
3484
3485 // create a plain ASCII string, aborting if we can't do that
3486 // converted form is always shorter than input
3487 while (encstart != encend) {
3488 if (*encstart > 0 && *encstart < 128) {
3489 asciiValue.Append((char)*encstart);
3490 } else {
3491 return false;
3492 }
3493 encstart++;
3494 }
3495
3496 nsAutoString decoded;
3497 nsAutoCString language;
3498
3499 rv = mimehdrpar->DecodeRFC5987Param(asciiValue, language, decoded);
3500 if (NS_FAILED(rv)) return false;
3501
3502 aEncoded = decoded;
3503 return true;
3504 }
3505
3506 LinkHeader::LinkHeader() { mCrossOrigin.SetIsVoid(true); }
3507
3508 void LinkHeader::Reset() {
3509 mHref.Truncate();
3510 mRel.Truncate();
3511 mTitle.Truncate();
3512 mNonce.Truncate();
3513 mIntegrity.Truncate();
3514 mSrcset.Truncate();
3515 mSizes.Truncate();
3516 mType.Truncate();
3517 mMedia.Truncate();
3518 mAnchor.Truncate();
3519 mCrossOrigin.Truncate();
3520 mReferrerPolicy.Truncate();
3521 mAs.Truncate();
3522 mCrossOrigin.SetIsVoid(true);
3523 mFetchPriority.Truncate();
3524 }
3525
3526 nsresult LinkHeader::NewResolveHref(nsIURI** aOutURI, nsIURI* aBaseURI) const {
3527 if (mAnchor.IsEmpty()) {
3528 // use the base uri
3529 return NS_NewURI(aOutURI, mHref, nullptr, aBaseURI);
3530 }
3531
3532 // compute the anchored URI
3533 nsCOMPtr<nsIURI> anchoredURI;
3534 nsresult rv =
3535 NS_NewURI(getter_AddRefs(anchoredURI), mAnchor, nullptr, aBaseURI);
3536 NS_ENSURE_SUCCESS(rv, rv);
3537
3538 return NS_NewURI(aOutURI, mHref, nullptr, anchoredURI);
3539 }
3540
3541 bool LinkHeader::operator==(const LinkHeader& rhs) const {
3542 return mHref == rhs.mHref && mRel == rhs.mRel && mTitle == rhs.mTitle &&
3543 mNonce == rhs.mNonce && mIntegrity == rhs.mIntegrity &&
3544 mSrcset == rhs.mSrcset && mSizes == rhs.mSizes && mType == rhs.mType &&
3545 mMedia == rhs.mMedia && mAnchor == rhs.mAnchor &&
3546 mCrossOrigin == rhs.mCrossOrigin &&
3547 mReferrerPolicy == rhs.mReferrerPolicy && mAs == rhs.mAs &&
3548 mFetchPriority == rhs.mFetchPriority;
3549 }
3550
3551 constexpr auto kTitleStar = "title*"_ns;
3552
3553 nsTArray<LinkHeader> ParseLinkHeader(const nsAString& aLinkData) {
3554 nsTArray<LinkHeader> linkHeaders;
3555
3556 // keep track where we are within the header field
3557 bool seenParameters = false;
3558
3559 // parse link content and add to array
3560 LinkHeader header;
3561 nsAutoString titleStar;
3562
3563 // copy to work buffer
3564 nsAutoString stringList(aLinkData);
3565
3566 // put an extra null at the end
3567 stringList.Append(kNullCh);
3568
3569 char16_t* start = stringList.BeginWriting();
3570
3571 while (*start != kNullCh) {
3572 // parse link content and call process style link
3573
3574 // skip leading space
3575 while ((*start != kNullCh) && nsCRT::IsAsciiSpace(*start)) {
3576 ++start;
3577 }
3578
3579 char16_t* end = start;
3580 char16_t* last = end - 1;
3581
3582 bool wasQuotedString = false;
3583
3584 // look for semicolon or comma
3585 while (*end != kNullCh && *end != kSemicolon && *end != kComma) {
3586 char16_t ch = *end;
3587
3588 if (ch == kQuote || ch == kLessThan) {
3589 // quoted string
3590
3591 char16_t quote = ch;
3592 if (quote == kLessThan) {
3593 quote = kGreaterThan;
3594 }
3595
3596 wasQuotedString = (ch == kQuote);
3597
3598 char16_t* closeQuote = (end + 1);
3599
3600 // seek closing quote
3601 while (*closeQuote != kNullCh && quote != *closeQuote) {
3602 // in quoted-string, "\" is an escape character
3603 if (wasQuotedString && *closeQuote == kBackSlash &&
3604 *(closeQuote + 1) != kNullCh) {
3605 ++closeQuote;
3606 }
3607
3608 ++closeQuote;
3609 }
3610
3611 if (quote == *closeQuote) {
3612 // found closer
3613
3614 // skip to close quote
3615 end = closeQuote;
3616
3617 last = end - 1;
3618
3619 ch = *(end + 1);
3620
3621 if (ch != kNullCh && ch != kSemicolon && ch != kComma) {
3622 // end string here
3623 *(++end) = kNullCh;
3624
3625 ch = *(end + 1);
3626
3627 // keep going until semi or comma
3628 while (ch != kNullCh && ch != kSemicolon && ch != kComma) {
3629 ++end;
3630
3631 ch = *(end + 1);
3632 }
3633 }
3634 }
3635 }
3636
3637 ++end;
3638 ++last;
3639 }
3640
3641 char16_t endCh = *end;
3642
3643 // end string here
3644 *end = kNullCh;
3645
3646 if (start < end) {
3647 if ((*start == kLessThan) && (*last == kGreaterThan)) {
3648 *last = kNullCh;
3649
3650 // first instance of <...> wins
3651 // also, do not allow hrefs after the first param was seen
3652 if (header.mHref.IsEmpty() && !seenParameters) {
3653 header.mHref = (start + 1);
3654 header.mHref.StripWhitespace();
3655 }
3656 } else {
3657 char16_t* equals = start;
3658 seenParameters = true;
3659
3660 while ((*equals != kNullCh) && (*equals != kEqual)) {
3661 equals++;
3662 }
3663
3664 const bool hadEquals = *equals != kNullCh;
3665 *equals = kNullCh;
3666 nsAutoString attr(start);
3667 attr.StripWhitespace();
3668
3669 char16_t* value = hadEquals ? ++equals : equals;
3670 while (nsCRT::IsAsciiSpace(*value)) {
3671 value++;
3672 }
3673
3674 if ((*value == kQuote) && (*value == *last)) {
3675 *last = kNullCh;
3676 value++;
3677 }
3678
3679 if (wasQuotedString) {
3680 // unescape in-place
3681 char16_t* unescaped = value;
3682 char16_t* src = value;
3683
3684 while (*src != kNullCh) {
3685 if (*src == kBackSlash && *(src + 1) != kNullCh) {
3686 src++;
3687 }
3688 *unescaped++ = *src++;
3689 }
3690
3691 *unescaped = kNullCh;
3692 }
3693
3694 if (attr.LowerCaseEqualsASCII(kTitleStar.get())) {
3695 if (titleStar.IsEmpty() && !wasQuotedString) {
3696 // RFC 5987 encoding; uses token format only, so skip if we get
3697 // here with a quoted-string
3698 nsAutoString tmp;
3699 tmp = value;
3700 if (Decode5987Format(tmp)) {
3701 titleStar = tmp;
3702 titleStar.CompressWhitespace();
3703 } else {
3704 // header value did not parse, throw it away
3705 titleStar.Truncate();
3706 }
3707 }
3708 } else {
3709 header.MaybeUpdateAttribute(attr, value);
3710 }
3711 }
3712 }
3713
3714 if (endCh == kComma) {
3715 // hit a comma, process what we've got so far
3716
3717 header.mHref.Trim(" \t\n\r\f"); // trim HTML5 whitespace
3718 if (!header.mHref.IsEmpty() && !header.mRel.IsEmpty()) {
3719 if (!titleStar.IsEmpty()) {
3720 // prefer RFC 5987 variant over non-I18zed version
3721 header.mTitle = titleStar;
3722 }
3723 linkHeaders.AppendElement(header);
3724 }
3725
3726 titleStar.Truncate();
3727 header.Reset();
3728
3729 seenParameters = false;
3730 }
3731
3732 start = ++end;
3733 }
3734
3735 header.mHref.Trim(" \t\n\r\f"); // trim HTML5 whitespace
3736 if (!header.mHref.IsEmpty() && !header.mRel.IsEmpty()) {
3737 if (!titleStar.IsEmpty()) {
3738 // prefer RFC 5987 variant over non-I18zed version
3739 header.mTitle = titleStar;
3740 }
3741 linkHeaders.AppendElement(header);
3742 }
3743
3744 return linkHeaders;
3745 }
3746
3747 void LinkHeader::MaybeUpdateAttribute(const nsAString& aAttribute,
3748 const char16_t* aValue) {
3749 MOZ_ASSERT(!aAttribute.LowerCaseEqualsASCII(kTitleStar.get()));
3750
3751 if (aAttribute.LowerCaseEqualsLiteral("rel")) {
3752 if (mRel.IsEmpty()) {
3753 mRel = aValue;
3754 mRel.CompressWhitespace();
3755 }
3756 } else if (aAttribute.LowerCaseEqualsLiteral("title")) {
3757 if (mTitle.IsEmpty()) {
3758 mTitle = aValue;
3759 mTitle.CompressWhitespace();
3760 }
3761 } else if (aAttribute.LowerCaseEqualsLiteral("type")) {
3762 if (mType.IsEmpty()) {
3763 mType = aValue;
3764 mType.StripWhitespace();
3765 }
3766 } else if (aAttribute.LowerCaseEqualsLiteral("media")) {
3767 if (mMedia.IsEmpty()) {
3768 mMedia = aValue;
3769
3770 // The HTML5 spec is formulated in terms of the CSS3 spec,
3771 // which specifies that media queries are case insensitive.
3772 nsContentUtils::ASCIIToLower(mMedia);
3773 }
3774 } else if (aAttribute.LowerCaseEqualsLiteral("anchor")) {
3775 if (mAnchor.IsEmpty()) {
3776 mAnchor = aValue;
3777 mAnchor.StripWhitespace();
3778 }
3779 } else if (aAttribute.LowerCaseEqualsLiteral("crossorigin")) {
3780 if (mCrossOrigin.IsVoid()) {
3781 mCrossOrigin.SetIsVoid(false);
3782 mCrossOrigin = aValue;
3783 mCrossOrigin.StripWhitespace();
3784 }
3785 } else if (aAttribute.LowerCaseEqualsLiteral("as")) {
3786 if (mAs.IsEmpty()) {
3787 mAs = aValue;
3788 mAs.CompressWhitespace();
3789 }
3790 } else if (aAttribute.LowerCaseEqualsLiteral("referrerpolicy")) {
3791 // https://html.spec.whatwg.org/multipage/urls-and-fetching.html#referrer-policy-attribute
3792 // Specs says referrer policy attribute is an enumerated attribute,
3793 // case insensitive and includes the empty string
3794 // We will parse the aValue with AttributeReferrerPolicyFromString
3795 // later, which will handle parsing it as an enumerated attribute.
3796 if (mReferrerPolicy.IsEmpty()) {
3797 mReferrerPolicy = aValue;
3798 }
3799
3800 } else if (aAttribute.LowerCaseEqualsLiteral("nonce")) {
3801 if (mNonce.IsEmpty()) {
3802 mNonce = aValue;
3803 }
3804 } else if (aAttribute.LowerCaseEqualsLiteral("integrity")) {
3805 if (mIntegrity.IsEmpty()) {
3806 mIntegrity = aValue;
3807 }
3808 } else if (aAttribute.LowerCaseEqualsLiteral("imagesrcset")) {
3809 if (mSrcset.IsEmpty()) {
3810 mSrcset = aValue;
3811 }
3812 } else if (aAttribute.LowerCaseEqualsLiteral("imagesizes")) {
3813 if (mSizes.IsEmpty()) {
3814 mSizes = aValue;
3815 }
3816 } else if (aAttribute.LowerCaseEqualsLiteral("fetchpriority")) {
3817 if (mFetchPriority.IsEmpty()) {
3818 LOG(("Update fetchPriority to \"%s\"",
3819 NS_ConvertUTF16toUTF8(aValue).get()));
3820 mFetchPriority = aValue;
3821 }
3822 }
3823 }
3824
3825 // We will use official mime-types from:
3826 // https://www.iana.org/assignments/media-types/media-types.xhtml#font
3827 // We do not support old deprecated mime-types for preload feature.
3828 // (We currectly do not support font/collection)
3829 static uint32_t StyleLinkElementFontMimeTypesNum = 5;
3830 static const char* StyleLinkElementFontMimeTypes[] = {
3831 "font/otf", "font/sfnt", "font/ttf", "font/woff", "font/woff2"};
3832
3833 bool IsFontMimeType(const nsAString& aType) {
3834 if (aType.IsEmpty()) {
3835 return true;
3836 }
3837 for (uint32_t i = 0; i < StyleLinkElementFontMimeTypesNum; i++) {
3838 if (aType.EqualsASCII(StyleLinkElementFontMimeTypes[i])) {
3839 return true;
3840 }
3841 }
3842 return false;
3843 }
3844
3845 static const nsAttrValue::EnumTable kAsAttributeTable[] = {
3846 {"", DESTINATION_INVALID}, {"audio", DESTINATION_AUDIO},
3847 {"font", DESTINATION_FONT}, {"image", DESTINATION_IMAGE},
3848 {"script", DESTINATION_SCRIPT}, {"style", DESTINATION_STYLE},
3849 {"track", DESTINATION_TRACK}, {"video", DESTINATION_VIDEO},
3850 {"fetch", DESTINATION_FETCH}, {nullptr, 0}};
3851
3852 void ParseAsValue(const nsAString& aValue, nsAttrValue& aResult) {
3853 DebugOnly<bool> success =
3854 aResult.ParseEnumValue(aValue, kAsAttributeTable, false,
3855 // default value is a empty string
3856 // if aValue is not a value we
3857 // understand
3858 &kAsAttributeTable[0]);
3859 MOZ_ASSERT(success);
3860 }
3861
3862 nsContentPolicyType AsValueToContentPolicy(const nsAttrValue& aValue) {
3863 switch (aValue.GetEnumValue()) {
3864 case DESTINATION_INVALID:
3865 return nsIContentPolicy::TYPE_INVALID;
3866 case DESTINATION_AUDIO:
3867 return nsIContentPolicy::TYPE_INTERNAL_AUDIO;
3868 case DESTINATION_TRACK:
3869 return nsIContentPolicy::TYPE_INTERNAL_TRACK;
3870 case DESTINATION_VIDEO:
3871 return nsIContentPolicy::TYPE_INTERNAL_VIDEO;
3872 case DESTINATION_FONT:
3873 return nsIContentPolicy::TYPE_FONT;
3874 case DESTINATION_IMAGE:
3875 return nsIContentPolicy::TYPE_IMAGE;
3876 case DESTINATION_SCRIPT:
3877 return nsIContentPolicy::TYPE_SCRIPT;
3878 case DESTINATION_STYLE:
3879 return nsIContentPolicy::TYPE_STYLESHEET;
3880 case DESTINATION_FETCH:
3881 return nsIContentPolicy::TYPE_INTERNAL_FETCH_PRELOAD;
3882 }
3883 return nsIContentPolicy::TYPE_INVALID;
3884 }
3885
3886 // TODO: implement this using nsAttrValue's destination enums when support for
3887 // the new destinations is added; see this diff for a possible start:
3888 // https://phabricator.services.mozilla.com/D172368?vs=705114&id=708720
3889 bool IsScriptLikeOrInvalid(const nsAString& aAs) {
3890 return !(
3891 aAs.LowerCaseEqualsASCII("fetch") || aAs.LowerCaseEqualsASCII("audio") ||
3892 aAs.LowerCaseEqualsASCII("document") ||
3893 aAs.LowerCaseEqualsASCII("embed") || aAs.LowerCaseEqualsASCII("font") ||
3894 aAs.LowerCaseEqualsASCII("frame") || aAs.LowerCaseEqualsASCII("iframe") ||
3895 aAs.LowerCaseEqualsASCII("image") ||
3896 aAs.LowerCaseEqualsASCII("manifest") ||
3897 aAs.LowerCaseEqualsASCII("object") ||
3898 aAs.LowerCaseEqualsASCII("report") || aAs.LowerCaseEqualsASCII("style") ||
3899 aAs.LowerCaseEqualsASCII("track") || aAs.LowerCaseEqualsASCII("video") ||
3900 aAs.LowerCaseEqualsASCII("webidentity") ||
3901 aAs.LowerCaseEqualsASCII("xslt"));
3902 }
3903
3904 bool CheckPreloadAttrs(const nsAttrValue& aAs, const nsAString& aType,
3905 const nsAString& aMedia,
3906 mozilla::dom::Document* aDocument) {
3907 nsContentPolicyType policyType = AsValueToContentPolicy(aAs);
3908 if (policyType == nsIContentPolicy::TYPE_INVALID) {
3909 return false;
3910 }
3911
3912 // Check if media attribute is valid.
3913 if (!aMedia.IsEmpty()) {
3914 RefPtr<mozilla::dom::MediaList> mediaList =
3915 mozilla::dom::MediaList::Create(NS_ConvertUTF16toUTF8(aMedia));
3916 if (!mediaList->Matches(*aDocument)) {
3917 return false;
3918 }
3919 }
3920
3921 if (aType.IsEmpty()) {
3922 return true;
3923 }
3924
3925 if (policyType == nsIContentPolicy::TYPE_INTERNAL_FETCH_PRELOAD) {
3926 return true;
3927 }
3928
3929 nsAutoString type(aType);
3930 ToLowerCase(type);
3931 if (policyType == nsIContentPolicy::TYPE_MEDIA) {
3932 if (aAs.GetEnumValue() == DESTINATION_TRACK) {
3933 return type.EqualsASCII("text/vtt");
3934 }
3935 Maybe<MediaContainerType> mimeType = MakeMediaContainerType(aType);
3936 if (!mimeType) {
3937 return false;
3938 }
3939 DecoderDoctorDiagnostics diagnostics;
3940 CanPlayStatus status =
3941 DecoderTraits::CanHandleContainerType(*mimeType, &diagnostics);
3942 // Preload if this return CANPLAY_YES and CANPLAY_MAYBE.
3943 return status != CANPLAY_NO;
3944 }
3945 if (policyType == nsIContentPolicy::TYPE_FONT) {
3946 return IsFontMimeType(type);
3947 }
3948 if (policyType == nsIContentPolicy::TYPE_IMAGE) {
3949 return imgLoader::SupportImageWithMimeType(
3950 NS_ConvertUTF16toUTF8(type), AcceptedMimeTypes::IMAGES_AND_DOCUMENTS);
3951 }
3952 if (policyType == nsIContentPolicy::TYPE_SCRIPT) {
3953 return nsContentUtils::IsJavascriptMIMEType(type);
3954 }
3955 if (policyType == nsIContentPolicy::TYPE_STYLESHEET) {
3956 return type.EqualsASCII("text/css");
3957 }
3958 return false;
3959 }
3960
3961 void WarnIgnoredPreload(const mozilla::dom::Document& aDoc, nsIURI& aURI) {
3962 AutoTArray<nsString, 1> params;
3963 {
3964 nsCString uri = nsContentUtils::TruncatedURLForDisplay(&aURI);
3965 AppendUTF8toUTF16(uri, *params.AppendElement());
3966 }
3967 nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, "DOM"_ns, &aDoc,
3968 nsContentUtils::eDOM_PROPERTIES,
3969 "PreloadIgnoredInvalidAttr", params);
3970 }
3971
3972 nsresult HasRootDomain(const nsACString& aInput, const nsACString& aHost,
3973 bool* aResult) {
3974 if (NS_WARN_IF(!aResult)) {
3975 return NS_ERROR_FAILURE;
3976 }
3977
3978 *aResult = false;
3979
3980 // If the strings are the same, we obviously have a match.
3981 if (aInput == aHost) {
3982 *aResult = true;
3983 return NS_OK;
3984 }
3985
3986 // If aHost is not found, we know we do not have it as a root domain.
3987 int32_t index = nsAutoCString(aInput).Find(aHost);
3988 if (index == kNotFound) {
3989 return NS_OK;
3990 }
3991
3992 // Otherwise, we have aHost as our root domain iff the index of aHost is
3993 // aHost.length subtracted from our length and (since we do not have an
3994 // exact match) the character before the index is a dot or slash.
3995 *aResult = index > 0 && (uint32_t)index == aInput.Length() - aHost.Length() &&
3996 (aInput[index - 1] == '.' || aInput[index - 1] == '/');
3997 return NS_OK;
3998 }
3999
4000 void CheckForBrokenChromeURL(nsILoadInfo* aLoadInfo, nsIURI* aURI) {
4001 if (!aURI) {
4002 return;
4003 }
4004 nsAutoCString scheme;
4005 aURI->GetScheme(scheme);
4006 if (!scheme.EqualsLiteral("chrome") && !scheme.EqualsLiteral("resource")) {
4007 return;
4008 }
4009 nsAutoCString host;
4010 aURI->GetHost(host);
4011 // Ignore test hits.
4012 if (host.EqualsLiteral("mochitests") || host.EqualsLiteral("reftest")) {
4013 return;
4014 }
4015
4016 nsAutoCString filePath;
4017 aURI->GetFilePath(filePath);
4018 // Fluent likes checking for files everywhere and expects failure.
4019 if (StringEndsWith(filePath, ".ftl"_ns)) {
4020 return;
4021 }
4022
4023 // Ignore fetches/xhrs, as they are frequently used in a way where
4024 // non-existence is OK (ie with fallbacks). This risks false negatives (ie
4025 // files that *should* be there but aren't) - which we accept for now.
4026 ExtContentPolicy policy = aLoadInfo
4027 ? aLoadInfo->GetExternalContentPolicyType()
4028 : ExtContentPolicy::TYPE_OTHER;
4029 if (policy == ExtContentPolicy::TYPE_FETCH ||
4030 policy == ExtContentPolicy::TYPE_XMLHTTPREQUEST) {
4031 return;
4032 }
4033
4034 if (aLoadInfo) {
4035 bool shouldSkipCheckForBrokenURLOrZeroSized;
4036 MOZ_ALWAYS_SUCCEEDS(aLoadInfo->GetShouldSkipCheckForBrokenURLOrZeroSized(
4037 &shouldSkipCheckForBrokenURLOrZeroSized));
4038 if (shouldSkipCheckForBrokenURLOrZeroSized) {
4039 return;
4040 }
4041 }
4042
4043 nsCString spec;
4044 aURI->GetSpec(spec);
4045
4046 #ifdef ANDROID
4047 // Various toolkit files use this and are shipped on android, but
4048 // info-pages.css and aboutLicense.css are not - bug 1808987
4049 if (StringEndsWith(spec, "info-pages.css"_ns) ||
4050 StringEndsWith(spec, "aboutLicense.css"_ns) ||
4051 // Error page CSS is also missing: bug 1810039
4052 StringEndsWith(spec, "aboutNetError.css"_ns) ||
4053 StringEndsWith(spec, "aboutHttpsOnlyError.css"_ns) ||
4054 StringEndsWith(spec, "error-pages.css"_ns) ||
4055 // popup.css is used in a single mochitest: bug 1810577
4056 StringEndsWith(spec, "/popup.css"_ns) ||
4057 // Used by an extension installation test - bug 1809650
4058 StringBeginsWith(spec, "resource://android/assets/web_extensions/"_ns)) {
4059 return;
4060 }
4061 #endif
4062
4063 // DTD files from gre may not exist when requested by tests.
4064 if (StringBeginsWith(spec, "resource://gre/res/dtd/"_ns)) {
4065 return;
4066 }
4067
4068 // The background task machinery allows the caller to specify a JSM on the
4069 // command line, which is then looked up in both app-specific and toolkit-wide
4070 // locations.
4071 if (spec.Find("backgroundtasks") != kNotFound) {
4072 return;
4073 }
4074
4075 if (xpc::IsInAutomation()) {
4076 #ifdef DEBUG
4077 if (NS_IsMainThread()) {
4078 nsCOMPtr<nsIXPConnect> xpc = nsIXPConnect::XPConnect();
4079 Unused << xpc->DebugDumpJSStack(false, false, false);
4080 }
4081 #endif
4082 MOZ_CRASH_UNSAFE_PRINTF("Missing chrome or resource URLs: %s", spec.get());
4083 } else {
4084 printf_stderr("Missing chrome or resource URL: %s\n", spec.get());
4085 }
4086 }
4087
4088 bool IsCoepCredentiallessEnabled(bool aIsOriginTrialCoepCredentiallessEnabled) {
4089 return StaticPrefs::
4090 browser_tabs_remote_coep_credentialless_DoNotUseDirectly() ||
4091 aIsOriginTrialCoepCredentiallessEnabled;
4092 }
4093
4094 } // namespace net
4095 } // namespace mozilla