image/ImageCacheKey.cpp

   1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* This Source Code Form is subject to the terms of the Mozilla Public
   3  * License, v. 2.0. If a copy of the MPL was not distributed with this
   4  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   5
   6 #include "ImageCacheKey.h"
   7
   8 #include <utility>
   9
  10 #include "mozilla/ContentBlocking.h"
  11 #include "mozilla/HashFunctions.h"
  12 #include "mozilla/StorageAccess.h"
  13 #include "mozilla/StoragePrincipalHelper.h"
  14 #include "mozilla/Unused.h"
  15 #include "mozilla/dom/BlobURLProtocolHandler.h"
  16 #include "mozilla/dom/Document.h"
  17 #include "mozilla/dom/File.h"
  18 #include "mozilla/dom/ServiceWorkerManager.h"
  19 #include "mozilla/StaticPrefs_privacy.h"
  20 #include "nsContentUtils.h"
  21 #include "nsHashKeys.h"
  22 #include "nsLayoutUtils.h"
  23 #include "nsPrintfCString.h"
  24 #include "nsString.h"
  25
  26 namespace mozilla {
  27
  28 using namespace dom;
  29
  30 namespace image {
  31
  32 static Maybe<uint64_t> BlobSerial(nsIURI* aURI) {
  33   nsAutoCString spec;
  34   aURI->GetSpec(spec);
  35
  36   RefPtr<BlobImpl> blob;
  37   if (NS_SUCCEEDED(NS_GetBlobForBlobURISpec(spec, getter_AddRefs(blob))) &&
  38       blob) {
  39     return Some(blob->GetSerialNumber());
  40   }
  41
  42   return Nothing();
  43 }
  44
  45 ImageCacheKey::ImageCacheKey(nsIURI* aURI, const OriginAttributes& aAttrs,
  46                              Document* aDocument)
  47     : mURI(aURI),
  48       mOriginAttributes(aAttrs),
  49       mControlledDocument(GetSpecialCaseDocumentToken(aDocument)),
  50       mIsolationKey(GetIsolationKey(aDocument, aURI)),
  51       mIsChrome(false) {
  52   if (mURI->SchemeIs("blob")) {
  53     mBlobSerial = BlobSerial(mURI);
  54   } else if (mURI->SchemeIs("chrome")) {
  55     mIsChrome = true;
  56   }
  57 }
  58
  59 ImageCacheKey::ImageCacheKey(const ImageCacheKey& aOther)
  60     : mURI(aOther.mURI),
  61       mBlobSerial(aOther.mBlobSerial),
  62       mBlobRef(aOther.mBlobRef),
  63       mOriginAttributes(aOther.mOriginAttributes),
  64       mControlledDocument(aOther.mControlledDocument),
  65       mIsolationKey(aOther.mIsolationKey),
  66       mHash(aOther.mHash),
  67       mIsChrome(aOther.mIsChrome) {}
  68
  69 ImageCacheKey::ImageCacheKey(ImageCacheKey&& aOther)
  70     : mURI(std::move(aOther.mURI)),
  71       mBlobSerial(std::move(aOther.mBlobSerial)),
  72       mBlobRef(std::move(aOther.mBlobRef)),
  73       mOriginAttributes(aOther.mOriginAttributes),
  74       mControlledDocument(aOther.mControlledDocument),
  75       mIsolationKey(aOther.mIsolationKey),
  76       mHash(aOther.mHash),
  77       mIsChrome(aOther.mIsChrome) {}
  78
  79 bool ImageCacheKey::operator==(const ImageCacheKey& aOther) const {
  80   // Don't share the image cache between a controlled document and anything
  81   // else.
  82   if (mControlledDocument != aOther.mControlledDocument) {
  83     return false;
  84   }
  85   // Don't share the image cache between two top-level documents of different
  86   // base domains.
  87   if (!mIsolationKey.Equals(aOther.mIsolationKey,
  88                             nsCaseInsensitiveCStringComparator)) {
  89     return false;
  90   }
  91   // The origin attributes always have to match.
  92   if (mOriginAttributes != aOther.mOriginAttributes) {
  93     return false;
  94   }
  95   if (mBlobSerial || aOther.mBlobSerial) {
  96     if (mBlobSerial && mBlobRef.IsEmpty()) {
  97       EnsureBlobRef();
  98     }
  99     if (aOther.mBlobSerial && aOther.mBlobRef.IsEmpty()) {
 100       aOther.EnsureBlobRef();
 101     }
 102     // If at least one of us has a blob serial, just compare the blob serial and
 103     // the ref portion of the URIs.
 104     return mBlobSerial == aOther.mBlobSerial && mBlobRef == aOther.mBlobRef;
 105   }
 106
 107   // For non-blob URIs, compare the URIs.
 108   bool equals = false;
 109   nsresult rv = mURI->Equals(aOther.mURI, &equals);
 110   return NS_SUCCEEDED(rv) && equals;
 111 }
 112
 113 void ImageCacheKey::EnsureBlobRef() const {
 114   MOZ_ASSERT(mBlobSerial);
 115   MOZ_ASSERT(mBlobRef.IsEmpty());
 116
 117   nsresult rv = mURI->GetRef(mBlobRef);
 118   NS_ENSURE_SUCCESS_VOID(rv);
 119 }
 120
 121 void ImageCacheKey::EnsureHash() const {
 122   MOZ_ASSERT(mHash.isNothing());
 123   PLDHashNumber hash = 0;
 124
 125   // Since we frequently call Hash() several times in a row on the same
 126   // ImageCacheKey, as an optimization we compute our hash once and store it.
 127
 128   nsPrintfCString ptr("%p", mControlledDocument);
 129   nsAutoCString suffix;
 130   mOriginAttributes.CreateSuffix(suffix);
 131
 132   if (mBlobSerial) {
 133     if (mBlobRef.IsEmpty()) {
 134       EnsureBlobRef();
 135     }
 136     hash = HashGeneric(*mBlobSerial, HashString(mBlobRef));
 137   } else {
 138     nsAutoCString spec;
 139     Unused << mURI->GetSpec(spec);
 140     hash = HashString(spec);
 141   }
 142
 143   hash = AddToHash(hash, HashString(suffix), HashString(mIsolationKey),
 144                    HashString(ptr));
 145   mHash.emplace(hash);
 146 }
 147
 148 /* static */
 149 void* ImageCacheKey::GetSpecialCaseDocumentToken(Document* aDocument) {
 150   // Cookie-averse documents can never have storage granted to them.  Since they
 151   // may not have inner windows, they would require special handling below, so
 152   // just bail out early here.
 153   if (!aDocument || aDocument->IsCookieAverse()) {
 154     return nullptr;
 155   }
 156
 157   // For controlled documents, we cast the pointer into a void* to avoid
 158   // dereferencing it (since we only use it for comparisons).
 159   RefPtr<ServiceWorkerManager> swm = ServiceWorkerManager::GetInstance();
 160   if (swm && aDocument->GetController().isSome()) {
 161     return aDocument;
 162   }
 163
 164   return nullptr;
 165 }
 166
 167 /* static */
 168 nsCString ImageCacheKey::GetIsolationKey(Document* aDocument, nsIURI* aURI) {
 169   if (!aDocument || !aDocument->GetInnerWindow()) {
 170     return EmptyCString();
 171   }
 172
 173   // Network-state isolation
 174   if (StaticPrefs::privacy_partition_network_state()) {
 175     OriginAttributes oa;
 176     StoragePrincipalHelper::GetOriginAttributesForNetworkState(aDocument, oa);
 177
 178     nsAutoCString suffix;
 179     oa.CreateSuffix(suffix);
 180
 181     return std::move(suffix);
 182   }
 183
 184   // If the window is 3rd party resource, let's see if first-party storage
 185   // access is granted for this image.
 186   if (nsContentUtils::IsThirdPartyWindowOrChannel(aDocument->GetInnerWindow(),
 187                                                   nullptr, nullptr)) {
 188     return StorageDisabledByAntiTracking(aDocument, aURI)
 189                ? aDocument->GetBaseDomain()
 190                : EmptyCString();
 191   }
 192
 193   // Another scenario is if this image is a 3rd party resource loaded by a
 194   // first party context. In this case, we should check if the nsIChannel has
 195   // been marked as tracking resource, but we don't have the channel yet at
 196   // this point.  The best approach here is to be conservative: if we are sure
 197   // that the permission is granted, let's return 0. Otherwise, let's make a
 198   // unique image cache per the top-level document eTLD+1.
 199   if (!ContentBlocking::ApproximateAllowAccessForWithoutChannel(
 200           aDocument->GetInnerWindow(), aURI)) {
 201     nsPIDOMWindowOuter* top =
 202         aDocument->GetInnerWindow()->GetInProcessScriptableTop();
 203     nsPIDOMWindowInner* topInner = top ? top->GetCurrentInnerWindow() : nullptr;
 204     if (!topInner) {
 205       return aDocument
 206           ->GetBaseDomain();  // because we don't have anything better!
 207     }
 208     return topInner->GetExtantDoc() ? topInner->GetExtantDoc()->GetBaseDomain()
 209                                     : EmptyCString();
 210   }
 211
 212   return EmptyCString();
 213 }
 214
 215 }  // namespace image
 216 }  // namespace mozilla