1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 sw=2 et tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include "mozilla/BasePrincipal.h"
9 #include "nsDocShell.h"
11 #include "ExpandedPrincipal.h"
12 #include "nsNetUtil.h"
13 #include "nsContentUtils.h"
14 #include "nsIOService.h"
15 #include "nsIURIWithSpecialOrigin.h"
16 #include "nsScriptSecurityManager.h"
17 #include "nsServiceManagerUtils.h"
18 #include "nsAboutProtocolUtils.h"
19 #include "ThirdPartyUtil.h"
20 #include "mozilla/ContentPrincipal.h"
21 #include "mozilla/ExtensionPolicyService.h"
22 #include "mozilla/NullPrincipal.h"
23 #include "mozilla/dom/BlobURLProtocolHandler.h"
24 #include "mozilla/dom/ChromeUtils.h"
25 #include "mozilla/dom/ReferrerInfo.h"
26 #include "mozilla/dom/ToJSValue.h"
27 #include "mozilla/dom/nsMixedContentBlocker.h"
28 #include "mozilla/Components.h"
29 #include "mozilla/dom/StorageUtils.h"
30 #include "mozilla/dom/StorageUtils.h"
32 #include "nsEffectiveTLDService.h"
33 #include "nsIURIMutator.h"
34 #include "mozilla/StaticPrefs_permissions.h"
35 #include "nsIURIMutator.h"
36 #include "nsMixedContentBlocker.h"
38 #include "nsIURIFixup.h"
39 #include "mozilla/dom/StorageUtils.h"
40 #include "mozilla/StorageAccess.h"
41 #include "nsPIDOMWindow.h"
42 #include "nsIURIMutator.h"
43 #include "mozilla/PermissionManager.h"
45 #include "json/json.h"
46 #include "nsSerializationHelper.h"
50 BasePrincipal::BasePrincipal(PrincipalKind aKind
,
51 const nsACString
& aOriginNoSuffix
,
52 const OriginAttributes
& aOriginAttributes
)
53 : mOriginNoSuffix(NS_Atomize(aOriginNoSuffix
)),
54 mOriginSuffix(aOriginAttributes
.CreateSuffixAtom()),
55 mOriginAttributes(aOriginAttributes
),
57 mHasExplicitDomain(false) {}
59 BasePrincipal::BasePrincipal(BasePrincipal
* aOther
,
60 const OriginAttributes
& aOriginAttributes
)
61 : mOriginNoSuffix(aOther
->mOriginNoSuffix
),
62 mOriginSuffix(aOriginAttributes
.CreateSuffixAtom()),
63 mOriginAttributes(aOriginAttributes
),
65 mHasExplicitDomain(aOther
->mHasExplicitDomain
) {}
67 BasePrincipal::~BasePrincipal() = default;
70 BasePrincipal::GetOrigin(nsACString
& aOrigin
) {
71 nsresult rv
= GetOriginNoSuffix(aOrigin
);
72 NS_ENSURE_SUCCESS(rv
, rv
);
75 rv
= GetOriginSuffix(suffix
);
76 NS_ENSURE_SUCCESS(rv
, rv
);
77 aOrigin
.Append(suffix
);
82 BasePrincipal::GetAsciiOrigin(nsACString
& aOrigin
) {
84 nsCOMPtr
<nsIURI
> prinURI
;
85 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
86 if (NS_FAILED(rv
) || !prinURI
) {
87 return NS_ERROR_NOT_AVAILABLE
;
89 return nsContentUtils::GetASCIIOrigin(prinURI
, aOrigin
);
93 BasePrincipal::GetHostPort(nsACString
& aRes
) {
95 nsCOMPtr
<nsIURI
> prinURI
;
96 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
97 if (NS_FAILED(rv
) || !prinURI
) {
100 return prinURI
->GetHostPort(aRes
);
104 BasePrincipal::GetHost(nsACString
& aRes
) {
106 nsCOMPtr
<nsIURI
> prinURI
;
107 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
108 if (NS_FAILED(rv
) || !prinURI
) {
111 return prinURI
->GetHost(aRes
);
115 BasePrincipal::GetOriginNoSuffix(nsACString
& aOrigin
) {
116 mOriginNoSuffix
->ToUTF8String(aOrigin
);
121 BasePrincipal::GetSiteOrigin(nsACString
& aSiteOrigin
) {
122 nsresult rv
= GetSiteOriginNoSuffix(aSiteOrigin
);
123 NS_ENSURE_SUCCESS(rv
, rv
);
125 nsAutoCString suffix
;
126 rv
= GetOriginSuffix(suffix
);
127 NS_ENSURE_SUCCESS(rv
, rv
);
128 aSiteOrigin
.Append(suffix
);
133 BasePrincipal::GetSiteOriginNoSuffix(nsACString
& aSiteOrigin
) {
134 return GetOriginNoSuffix(aSiteOrigin
);
137 // Returns the inner Json::value of the serialized principal
138 // Example input and return values:
140 // {"0":{"0":"moz-nullprincipal:{56cac540-864d-47e7-8e25-1614eab5155e}"}} ->
141 // {"0":"moz-nullprincipal:{56cac540-864d-47e7-8e25-1614eab5155e}"}
143 // Content principal:
144 // {"1":{"0":"https://mozilla.com"}} -> {"0":"https://mozilla.com"}
146 // Expanded principal:
147 // {"2":{"0":"<base64principal1>,<base64principal2>"}} ->
148 // {"0":"<base64principal1>,<base64principal2>"}
152 // The aKey passed in also returns the corresponding PrincipalKind enum
154 // Warning: The Json::Value* pointer is into the aRoot object
155 static const Json::Value
* GetPrincipalObject(const Json::Value
& aRoot
,
156 int& aOutPrincipalKind
) {
157 const Json::Value::Members members
= aRoot
.getMemberNames();
158 // We only support one top level key in the object
159 if (members
.size() != 1) {
162 // members[0] here is the "0", "1", "2", "3" principalKind
163 // that is the top level of the serialized JSON principal
164 const std::string stringPrincipalKind
= members
[0];
166 // Next we take the string value from the JSON
167 // and convert it into the int for the BasePrincipal::PrincipalKind enum
169 // Verify that the key is within the valid range
170 int principalKind
= std::stoi(stringPrincipalKind
);
171 MOZ_ASSERT(BasePrincipal::eNullPrincipal
== 0,
172 "We need to rely on 0 being a bounds check for the first "
174 if (principalKind
< 0 || principalKind
> BasePrincipal::eKindMax
) {
177 MOZ_ASSERT(principalKind
== BasePrincipal::eNullPrincipal
||
178 principalKind
== BasePrincipal::eContentPrincipal
||
179 principalKind
== BasePrincipal::eExpandedPrincipal
||
180 principalKind
== BasePrincipal::eSystemPrincipal
);
181 aOutPrincipalKind
= principalKind
;
183 if (!aRoot
[stringPrincipalKind
].isObject()) {
187 // Return the inner value of the principal object
188 return &aRoot
[stringPrincipalKind
];
191 // Accepts the JSON inner object without the wrapping principalKind
192 // (See GetPrincipalObject for the inner object response examples)
193 // Creates an array of KeyVal objects that are all defined on the principal
194 // Each principal type (null, content, expanded) has a KeyVal that stores the
195 // fields of the JSON
197 // This simplifies deserializing elsewhere as we do the checking for presence
198 // and string values here for the complete set of serializable keys that the
199 // corresponding principal supports.
201 // The KeyVal object has the following fields:
202 // - valueWasSerialized: is true if the deserialized JSON contained a string
204 // - value: The string that was serialized for this key
205 // - key: an SerializableKeys enum value specific to the principal.
206 // For example content principal is an enum of: eURI, eDomain,
210 // Given an inner content principal:
211 // {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}
213 // ----------------------------- |
215 // Key ----------------------
219 // They Key "0" corresponds to ContentPrincipal::eURI
220 // They Key "1" corresponds to ContentPrincipal::eSuffix
221 template <typename T
>
222 static nsTArray
<typename
T::KeyVal
> GetJSONKeys(const Json::Value
* aInput
) {
223 int size
= T::eMax
+ 1;
224 nsTArray
<typename
T::KeyVal
> fields
;
225 for (int i
= 0; i
!= size
; i
++) {
226 typename
T::KeyVal
* field
= fields
.AppendElement();
227 // field->valueWasSerialized returns if the field was found in the
228 // deserialized code. This simplifies the consumers from having to check
230 field
->valueWasSerialized
= false;
231 field
->key
= static_cast<typename
T::SerializableKeys
>(i
);
232 const std::string key
= std::to_string(field
->key
);
233 if (aInput
->isMember(key
)) {
234 const Json::Value
& val
= (*aInput
)[key
];
235 if (val
.isString()) {
236 field
->value
.Append(nsDependentCString(val
.asCString()));
237 field
->valueWasSerialized
= true;
244 // Takes a JSON string and parses it turning it into a principal of the
245 // corresponding type
247 // Given a content principal:
251 // ---------------------------------------------------------
253 // {"1": {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}}
255 // | ----------------------------- |
257 // PrincipalKind | | |
258 // | ----------------------------
259 // SerializableKeys |
262 // The string is first deserialized with jsoncpp to get the Json::Value of the
263 // object. The inner JSON object is parsed with GetPrincipalObject which returns
264 // a KeyVal array of the inner object's fields. PrincipalKind is returned by
265 // GetPrincipalObject which is then used to decide which principal
266 // implementation of FromProperties to call. The corresponding FromProperties
267 // call takes the KeyVal fields and turns it into a principal.
268 already_AddRefed
<BasePrincipal
> BasePrincipal::FromJSON(
269 const nsACString
& aJSON
) {
271 Json::CharReaderBuilder builder
;
272 std::unique_ptr
<Json::CharReader
> const reader(builder
.newCharReader());
274 reader
->parse(aJSON
.BeginReading(), aJSON
.EndReading(), &root
, nullptr);
277 "Unable to parse string as JSON to deserialize as a principal");
281 int principalKind
= -1;
282 const Json::Value
* value
= GetPrincipalObject(root
, principalKind
);
285 fprintf(stderr
, "Unexpected JSON principal %s\n",
286 root
.toStyledString().c_str());
288 MOZ_ASSERT(false, "Unexpected JSON to deserialize as a principal");
292 MOZ_ASSERT(principalKind
!= -1,
293 "PrincipalKind should always be >=0 by this point");
295 if (principalKind
== eSystemPrincipal
) {
296 RefPtr
<BasePrincipal
> principal
=
297 BasePrincipal::Cast(nsContentUtils::GetSystemPrincipal());
298 return principal
.forget();
301 if (principalKind
== eNullPrincipal
) {
302 nsTArray
<NullPrincipal::KeyVal
> res
= GetJSONKeys
<NullPrincipal
>(value
);
303 return NullPrincipal::FromProperties(res
);
306 if (principalKind
== eContentPrincipal
) {
307 nsTArray
<ContentPrincipal::KeyVal
> res
=
308 GetJSONKeys
<ContentPrincipal
>(value
);
309 return ContentPrincipal::FromProperties(res
);
312 if (principalKind
== eExpandedPrincipal
) {
313 nsTArray
<ExpandedPrincipal::KeyVal
> res
=
314 GetJSONKeys
<ExpandedPrincipal
>(value
);
315 return ExpandedPrincipal::FromProperties(res
);
318 MOZ_RELEASE_ASSERT(false, "Unexpected enum to deserialize as a principal");
321 nsresult
BasePrincipal::PopulateJSONObject(Json::Value
& aObject
) {
325 // Returns a JSON representation of the principal.
326 // Calling BasePrincipal::FromJSON will deserialize the JSON into
327 // the corresponding principal type.
328 nsresult
BasePrincipal::ToJSON(nsACString
& aResult
) {
329 MOZ_ASSERT(aResult
.IsEmpty(), "ToJSON only supports an empty result input");
332 Json::StreamWriterBuilder builder
;
333 builder
["indentation"] = "";
334 Json::Value innerJSONObject
= Json::objectValue
;
336 nsresult rv
= PopulateJSONObject(innerJSONObject
);
337 NS_ENSURE_SUCCESS(rv
, rv
);
339 Json::Value root
= Json::objectValue
;
340 std::string key
= std::to_string(Kind());
341 root
[key
] = innerJSONObject
;
342 std::string result
= Json::writeString(builder
, root
);
343 aResult
.Append(result
);
344 if (aResult
.Length() == 0) {
345 MOZ_ASSERT(false, "JSON writer failed to output a principal serialization");
346 return NS_ERROR_UNEXPECTED
;
351 bool BasePrincipal::FastSubsumesIgnoringFPD(
352 nsIPrincipal
* aOther
, DocumentDomainConsideration aConsideration
) {
355 if (Kind() == eContentPrincipal
&&
356 !dom::ChromeUtils::IsOriginAttributesEqualIgnoringFPD(
357 mOriginAttributes
, Cast(aOther
)->mOriginAttributes
)) {
361 return SubsumesInternal(aOther
, aConsideration
);
364 bool BasePrincipal::Subsumes(nsIPrincipal
* aOther
,
365 DocumentDomainConsideration aConsideration
) {
367 MOZ_ASSERT_IF(Kind() == eContentPrincipal
, mOriginSuffix
);
369 // Expanded principals handle origin attributes for each of their
370 // sub-principals individually, null principals do only simple checks for
371 // pointer equality, and system principals are immune to origin attributes
372 // checks, so only do this check for content principals.
373 if (Kind() == eContentPrincipal
&&
374 mOriginSuffix
!= Cast(aOther
)->mOriginSuffix
) {
378 return SubsumesInternal(aOther
, aConsideration
);
382 BasePrincipal::Equals(nsIPrincipal
* aOther
, bool* aResult
) {
383 NS_ENSURE_ARG_POINTER(aOther
);
385 *aResult
= FastEquals(aOther
);
391 BasePrincipal::EqualsForPermission(nsIPrincipal
* aOther
, bool aExactHost
,
394 NS_ENSURE_ARG_POINTER(aOther
);
395 NS_ENSURE_ARG_POINTER(aResult
);
397 auto* other
= Cast(aOther
);
398 if (Kind() != other
->Kind()) {
399 // Principals of different kinds can't be equal.
403 if (Kind() == eSystemPrincipal
) {
404 *aResult
= this == other
;
408 if (Kind() == eNullPrincipal
) {
409 // We don't store permissions for NullPrincipals.
413 MOZ_ASSERT(Kind() == eExpandedPrincipal
|| Kind() == eContentPrincipal
);
415 // Certain origin attributes should not be used to isolate permissions.
416 // Create a stripped copy of both OA sets to compare.
417 mozilla::OriginAttributes ourAttrs
= mOriginAttributes
;
418 PermissionManager::MaybeStripOriginAttributes(false, ourAttrs
);
419 mozilla::OriginAttributes theirAttrs
= aOther
->OriginAttributesRef();
420 PermissionManager::MaybeStripOriginAttributes(false, theirAttrs
);
422 if (ourAttrs
!= theirAttrs
) {
426 if (mOriginNoSuffix
== other
->mOriginNoSuffix
) {
431 // If we are matching with an exact host, we're done now - the permissions
432 // don't match otherwise, we need to start comparing subdomains!
437 nsCOMPtr
<nsIURI
> ourURI
;
438 nsresult rv
= GetURI(getter_AddRefs(ourURI
));
439 NS_ENSURE_SUCCESS(rv
, rv
);
440 // Some principal types may indicate success, but still return nullptr for
442 NS_ENSURE_TRUE(ourURI
, NS_ERROR_FAILURE
);
444 nsCOMPtr
<nsIURI
> otherURI
;
445 rv
= other
->GetURI(getter_AddRefs(otherURI
));
446 NS_ENSURE_SUCCESS(rv
, rv
);
447 NS_ENSURE_TRUE(otherURI
, NS_ERROR_FAILURE
);
450 nsAutoCString otherScheme
;
451 rv
= otherURI
->GetScheme(otherScheme
);
452 NS_ENSURE_SUCCESS(rv
, rv
);
454 nsAutoCString ourScheme
;
455 rv
= ourURI
->GetScheme(ourScheme
);
456 NS_ENSURE_SUCCESS(rv
, rv
);
458 if (otherScheme
!= ourScheme
) {
464 rv
= otherURI
->GetPort(&otherPort
);
465 NS_ENSURE_SUCCESS(rv
, rv
);
468 rv
= ourURI
->GetPort(&ourPort
);
469 NS_ENSURE_SUCCESS(rv
, rv
);
471 if (otherPort
!= ourPort
) {
475 // Check if the host or any subdomain of their host matches.
476 nsAutoCString otherHost
;
477 rv
= otherURI
->GetHost(otherHost
);
478 if (NS_FAILED(rv
) || otherHost
.IsEmpty()) {
482 nsAutoCString ourHost
;
483 rv
= ourURI
->GetHost(ourHost
);
484 if (NS_FAILED(rv
) || ourHost
.IsEmpty()) {
488 nsCOMPtr
<nsIEffectiveTLDService
> tldService
=
489 do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID
);
491 NS_ERROR("Should have a tld service!");
492 return NS_ERROR_FAILURE
;
495 // This loop will not loop forever, as GetNextSubDomain will eventually fail
496 // with NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS.
497 while (otherHost
!= ourHost
) {
498 rv
= tldService
->GetNextSubDomain(otherHost
, otherHost
);
500 if (rv
== NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS
) {
512 BasePrincipal::EqualsConsideringDomain(nsIPrincipal
* aOther
, bool* aResult
) {
513 NS_ENSURE_ARG_POINTER(aOther
);
515 *aResult
= FastEqualsConsideringDomain(aOther
);
521 BasePrincipal::EqualsURI(nsIURI
* aOtherURI
, bool* aResult
) {
523 nsCOMPtr
<nsIURI
> prinURI
;
524 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
525 if (NS_FAILED(rv
) || !prinURI
) {
528 return prinURI
->EqualsExceptRef(aOtherURI
, aResult
);
532 BasePrincipal::Subsumes(nsIPrincipal
* aOther
, bool* aResult
) {
533 NS_ENSURE_ARG_POINTER(aOther
);
535 *aResult
= FastSubsumes(aOther
);
541 BasePrincipal::SubsumesConsideringDomain(nsIPrincipal
* aOther
, bool* aResult
) {
542 NS_ENSURE_ARG_POINTER(aOther
);
544 *aResult
= FastSubsumesConsideringDomain(aOther
);
550 BasePrincipal::SubsumesConsideringDomainIgnoringFPD(nsIPrincipal
* aOther
,
552 NS_ENSURE_ARG_POINTER(aOther
);
554 *aResult
= FastSubsumesConsideringDomainIgnoringFPD(aOther
);
560 BasePrincipal::CheckMayLoad(nsIURI
* aURI
, bool aAllowIfInheritsPrincipal
) {
561 return CheckMayLoadHelper(aURI
, aAllowIfInheritsPrincipal
, false, 0);
565 BasePrincipal::CheckMayLoadWithReporting(nsIURI
* aURI
,
566 bool aAllowIfInheritsPrincipal
,
567 uint64_t aInnerWindowID
) {
568 return CheckMayLoadHelper(aURI
, aAllowIfInheritsPrincipal
, true,
572 nsresult
BasePrincipal::CheckMayLoadHelper(nsIURI
* aURI
,
573 bool aAllowIfInheritsPrincipal
,
575 uint64_t aInnerWindowID
) {
576 NS_ENSURE_ARG_POINTER(aURI
);
578 aReport
|| aInnerWindowID
== 0,
579 "Why do we have an inner window id if we're not supposed to report?");
581 // Check the internal method first, which allows us to quickly approve loads
582 // for the System Principal.
583 if (MayLoadInternal(aURI
)) {
588 if (aAllowIfInheritsPrincipal
) {
589 // If the caller specified to allow loads of URIs that inherit
590 // our principal, allow the load if this URI inherits its principal.
591 bool doesInheritSecurityContext
;
592 rv
= NS_URIChainHasFlags(aURI
,
593 nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT
,
594 &doesInheritSecurityContext
);
595 if (NS_SUCCEEDED(rv
) && doesInheritSecurityContext
) {
600 // Web Accessible Resources in MV2 Extensions are marked with
601 // URI_FETCHABLE_BY_ANYONE
602 bool fetchableByAnyone
;
603 rv
= NS_URIChainHasFlags(aURI
, nsIProtocolHandler::URI_FETCHABLE_BY_ANYONE
,
605 if (NS_SUCCEEDED(rv
) && fetchableByAnyone
) {
609 // Get the principal uri for the last flag check or error.
610 nsCOMPtr
<nsIURI
> prinURI
;
611 rv
= GetURI(getter_AddRefs(prinURI
));
612 if (!(NS_SUCCEEDED(rv
) && prinURI
)) {
613 return NS_ERROR_DOM_BAD_URI
;
616 // If MV3 Extension uris are web accessible by this principal it is allowed to
618 bool maybeWebAccessible
= false;
619 NS_URIChainHasFlags(aURI
, nsIProtocolHandler::WEBEXT_URI_WEB_ACCESSIBLE
,
620 &maybeWebAccessible
);
621 NS_ENSURE_SUCCESS(rv
, rv
);
622 if (maybeWebAccessible
) {
623 bool isWebAccessible
= false;
624 rv
= ExtensionPolicyService::GetSingleton().SourceMayLoadExtensionURI(
625 prinURI
, aURI
, &isWebAccessible
);
626 if (NS_SUCCEEDED(rv
) && isWebAccessible
) {
632 nsScriptSecurityManager::ReportError(
633 "CheckSameOriginError", prinURI
, aURI
,
634 mOriginAttributes
.mPrivateBrowsingId
> 0, aInnerWindowID
);
637 return NS_ERROR_DOM_BAD_URI
;
641 BasePrincipal::IsThirdPartyURI(nsIURI
* aURI
, bool* aRes
) {
642 if (IsSystemPrincipal() || (AddonPolicy() && AddonAllowsLoad(aURI
))) {
648 // If we do not have a URI its always 3rd party.
649 nsCOMPtr
<nsIURI
> prinURI
;
650 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
651 if (NS_FAILED(rv
) || !prinURI
) {
654 ThirdPartyUtil
* thirdPartyUtil
= ThirdPartyUtil::GetInstance();
655 return thirdPartyUtil
->IsThirdPartyURI(prinURI
, aURI
, aRes
);
659 BasePrincipal::IsThirdPartyPrincipal(nsIPrincipal
* aPrin
, bool* aRes
) {
661 nsCOMPtr
<nsIURI
> prinURI
;
662 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
663 if (NS_FAILED(rv
) || !prinURI
) {
666 return aPrin
->IsThirdPartyURI(prinURI
, aRes
);
669 BasePrincipal::IsThirdPartyChannel(nsIChannel
* aChan
, bool* aRes
) {
670 if (IsSystemPrincipal()) {
671 // Nothing is 3rd party to the system principal.
676 nsCOMPtr
<nsIURI
> prinURI
;
677 GetURI(getter_AddRefs(prinURI
));
678 ThirdPartyUtil
* thirdPartyUtil
= ThirdPartyUtil::GetInstance();
679 return thirdPartyUtil
->IsThirdPartyChannel(aChan
, prinURI
, aRes
);
683 BasePrincipal::IsSameOrigin(nsIURI
* aURI
, bool* aRes
) {
685 nsCOMPtr
<nsIURI
> prinURI
;
686 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
687 if (NS_FAILED(rv
) || !prinURI
) {
688 // Note that expanded and system principals return here, because they have
692 nsIScriptSecurityManager
* ssm
= nsContentUtils::GetSecurityManager();
696 bool reportError
= false;
697 bool isPrivateWindow
= false; // Only used for error reporting.
698 *aRes
= NS_SUCCEEDED(
699 ssm
->CheckSameOriginURI(prinURI
, aURI
, reportError
, isPrivateWindow
));
704 BasePrincipal::IsL10nAllowed(nsIURI
* aURI
, bool* aRes
) {
707 if (nsContentUtils::IsErrorPage(aURI
)) {
712 // The system principal is always allowed.
713 if (IsSystemPrincipal()) {
718 nsCOMPtr
<nsIURI
> uri
;
719 nsresult rv
= GetURI(getter_AddRefs(uri
));
720 NS_ENSURE_SUCCESS(rv
, NS_OK
);
724 // Allow access to uris that cannot be loaded by web content.
725 rv
= NS_URIChainHasFlags(uri
, nsIProtocolHandler::URI_DANGEROUS_TO_LOAD
,
727 NS_ENSURE_SUCCESS(rv
, NS_OK
);
733 // UI resources also get access.
734 rv
= NS_URIChainHasFlags(uri
, nsIProtocolHandler::URI_IS_UI_RESOURCE
,
736 NS_ENSURE_SUCCESS(rv
, NS_OK
);
742 auto policy
= AddonPolicy();
743 *aRes
= (policy
&& policy
->IsPrivileged());
748 BasePrincipal::AllowsRelaxStrictFileOriginPolicy(nsIURI
* aURI
, bool* aRes
) {
750 nsCOMPtr
<nsIURI
> prinURI
;
751 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
752 if (NS_FAILED(rv
) || !prinURI
) {
755 *aRes
= NS_RelaxStrictFileOriginPolicy(aURI
, prinURI
);
760 BasePrincipal::GetPrefLightCacheKey(nsIURI
* aURI
, bool aWithCredentials
,
761 const OriginAttributes
& aOriginAttributes
,
762 nsACString
& _retval
) {
764 constexpr auto space
= " "_ns
;
766 nsCOMPtr
<nsIURI
> uri
;
767 nsresult rv
= GetURI(getter_AddRefs(uri
));
768 NS_ENSURE_SUCCESS(rv
, rv
);
770 nsAutoCString scheme
, host
, port
;
772 uri
->GetScheme(scheme
);
774 port
.AppendInt(NS_GetRealPort(uri
));
777 if (aWithCredentials
) {
778 _retval
.AssignLiteral("cred");
780 _retval
.AssignLiteral("nocred");
784 rv
= aURI
->GetSpec(spec
);
785 NS_ENSURE_SUCCESS(rv
, rv
);
787 nsAutoCString originAttributesSuffix
;
788 aOriginAttributes
.CreateSuffix(originAttributesSuffix
);
790 _retval
.Append(space
+ scheme
+ space
+ host
+ space
+ port
+ space
+ spec
+
791 space
+ originAttributesSuffix
);
797 BasePrincipal::HasFirstpartyStorageAccess(mozIDOMWindow
* aCheckWindow
,
798 uint32_t* aRejectedReason
,
800 *aRejectedReason
= 0;
801 *aOutAllowed
= false;
803 nsPIDOMWindowInner
* win
= nsPIDOMWindowInner::From(aCheckWindow
);
804 nsCOMPtr
<nsIURI
> uri
;
805 nsresult rv
= GetURI(getter_AddRefs(uri
));
809 *aOutAllowed
= ShouldAllowAccessFor(win
, uri
, aRejectedReason
);
814 BasePrincipal::GetIsNullPrincipal(bool* aResult
) {
815 *aResult
= Kind() == eNullPrincipal
;
820 BasePrincipal::GetIsContentPrincipal(bool* aResult
) {
821 *aResult
= Kind() == eContentPrincipal
;
826 BasePrincipal::GetIsExpandedPrincipal(bool* aResult
) {
827 *aResult
= Kind() == eExpandedPrincipal
;
832 BasePrincipal::GetAsciiSpec(nsACString
& aSpec
) {
834 nsCOMPtr
<nsIURI
> prinURI
;
835 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
836 if (NS_FAILED(rv
) || !prinURI
) {
839 return prinURI
->GetAsciiSpec(aSpec
);
843 BasePrincipal::GetSpec(nsACString
& aSpec
) {
845 nsCOMPtr
<nsIURI
> prinURI
;
846 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
847 if (NS_FAILED(rv
) || !prinURI
) {
850 return prinURI
->GetSpec(aSpec
);
854 BasePrincipal::GetAsciiHost(nsACString
& aHost
) {
856 nsCOMPtr
<nsIURI
> prinURI
;
857 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
858 if (NS_FAILED(rv
) || !prinURI
) {
861 return prinURI
->GetAsciiHost(aHost
);
865 BasePrincipal::GetExposablePrePath(nsACString
& aPrepath
) {
867 nsCOMPtr
<nsIURI
> prinURI
;
868 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
869 if (NS_FAILED(rv
) || !prinURI
) {
873 nsCOMPtr
<nsIURI
> exposableURI
= net::nsIOService::CreateExposableURI(prinURI
);
874 return exposableURI
->GetDisplayPrePath(aPrepath
);
878 BasePrincipal::GetExposableSpec(nsACString
& aSpec
) {
880 nsCOMPtr
<nsIURI
> prinURI
;
881 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
882 if (NS_FAILED(rv
) || !prinURI
) {
885 nsCOMPtr
<nsIURI
> clone
;
886 rv
= NS_MutateURI(prinURI
)
891 NS_ENSURE_SUCCESS(rv
, rv
);
892 return clone
->GetAsciiSpec(aSpec
);
896 BasePrincipal::GetPrePath(nsACString
& aPath
) {
898 nsCOMPtr
<nsIURI
> prinURI
;
899 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
900 if (NS_FAILED(rv
) || !prinURI
) {
903 return prinURI
->GetPrePath(aPath
);
907 BasePrincipal::GetFilePath(nsACString
& aPath
) {
909 nsCOMPtr
<nsIURI
> prinURI
;
910 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
911 if (NS_FAILED(rv
) || !prinURI
) {
914 return prinURI
->GetFilePath(aPath
);
918 BasePrincipal::GetIsSystemPrincipal(bool* aResult
) {
919 *aResult
= IsSystemPrincipal();
924 BasePrincipal::GetIsAddonOrExpandedAddonPrincipal(bool* aResult
) {
925 *aResult
= AddonPolicy() || ContentScriptAddonPolicy();
929 NS_IMETHODIMP
BasePrincipal::GetIsOnion(bool* aIsOnion
) {
931 nsCOMPtr
<nsIURI
> prinURI
;
932 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
933 if (NS_FAILED(rv
) || !prinURI
) {
938 rv
= prinURI
->GetHost(host
);
942 *aIsOnion
= StringEndsWith(host
, ".onion"_ns
);
946 NS_IMETHODIMP
BasePrincipal::GetIsIpAddress(bool* aIsIpAddress
) {
947 *aIsIpAddress
= false;
949 nsCOMPtr
<nsIURI
> prinURI
;
950 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
951 if (NS_FAILED(rv
) || !prinURI
) {
956 rv
= prinURI
->GetHost(host
);
962 memset(&prAddr
, 0, sizeof(prAddr
));
964 if (PR_StringToNetAddr(host
.get(), &prAddr
) == PR_SUCCESS
) {
965 *aIsIpAddress
= true;
971 NS_IMETHODIMP
BasePrincipal::GetIsLocalIpAddress(bool* aIsIpAddress
) {
972 *aIsIpAddress
= false;
974 nsCOMPtr
<nsIURI
> prinURI
;
975 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
976 if (NS_FAILED(rv
) || !prinURI
) {
980 nsCOMPtr
<nsIIOService
> ioService
= do_GetIOService(&rv
);
981 if (NS_FAILED(rv
) || !ioService
) {
984 rv
= ioService
->HostnameIsLocalIPAddress(prinURI
, aIsIpAddress
);
986 *aIsIpAddress
= false;
992 BasePrincipal::GetScheme(nsACString
& aScheme
) {
995 nsCOMPtr
<nsIURI
> prinURI
;
996 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
997 if (NS_FAILED(rv
) || !prinURI
) {
1001 return prinURI
->GetScheme(aScheme
);
1005 BasePrincipal::SchemeIs(const char* aScheme
, bool* aResult
) {
1007 nsCOMPtr
<nsIURI
> prinURI
;
1008 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
1009 if (NS_WARN_IF(NS_FAILED(rv
)) || !prinURI
) {
1012 *aResult
= prinURI
->SchemeIs(aScheme
);
1017 BasePrincipal::IsURIInPrefList(const char* aPref
, bool* aResult
) {
1019 nsCOMPtr
<nsIURI
> prinURI
;
1020 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
1021 if (NS_FAILED(rv
) || !prinURI
) {
1024 *aResult
= nsContentUtils::IsURIInPrefList(prinURI
, aPref
);
1029 BasePrincipal::IsURIInList(const nsACString
& aList
, bool* aResult
) {
1031 nsCOMPtr
<nsIURI
> prinURI
;
1033 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
1034 if (NS_FAILED(rv
) || !prinURI
) {
1038 *aResult
= nsContentUtils::IsURIInList(prinURI
, nsCString(aList
));
1043 BasePrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult
) {
1044 MOZ_ASSERT(NS_IsMainThread());
1047 nsCOMPtr
<nsIURI
> uri
;
1048 nsresult rv
= GetURI(getter_AddRefs(uri
));
1049 if (NS_FAILED(rv
) || !uri
) {
1053 *aResult
= nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(uri
);
1058 BasePrincipal::GetAboutModuleFlags(uint32_t* flags
) {
1060 nsCOMPtr
<nsIURI
> prinURI
;
1061 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
1062 if (NS_FAILED(rv
) || !prinURI
) {
1063 return NS_ERROR_NOT_AVAILABLE
;
1065 if (!prinURI
->SchemeIs("about")) {
1069 nsCOMPtr
<nsIAboutModule
> aboutModule
;
1070 rv
= NS_GetAboutModule(prinURI
, getter_AddRefs(aboutModule
));
1071 if (NS_FAILED(rv
) || !aboutModule
) {
1074 return aboutModule
->GetURIFlags(prinURI
, flags
);
1078 BasePrincipal::GetOriginAttributes(JSContext
* aCx
,
1079 JS::MutableHandle
<JS::Value
> aVal
) {
1080 if (NS_WARN_IF(!ToJSValue(aCx
, mOriginAttributes
, aVal
))) {
1081 return NS_ERROR_FAILURE
;
1087 BasePrincipal::GetOriginSuffix(nsACString
& aOriginAttributes
) {
1088 MOZ_ASSERT(mOriginSuffix
);
1089 mOriginSuffix
->ToUTF8String(aOriginAttributes
);
1094 BasePrincipal::GetUserContextId(uint32_t* aUserContextId
) {
1095 *aUserContextId
= UserContextId();
1100 BasePrincipal::GetPrivateBrowsingId(uint32_t* aPrivateBrowsingId
) {
1101 *aPrivateBrowsingId
= PrivateBrowsingId();
1106 BasePrincipal::GetIsInIsolatedMozBrowserElement(
1107 bool* aIsInIsolatedMozBrowserElement
) {
1108 *aIsInIsolatedMozBrowserElement
= IsInIsolatedMozBrowserElement();
1112 nsresult
BasePrincipal::GetAddonPolicy(
1113 extensions::WebExtensionPolicy
** aResult
) {
1114 RefPtr
<extensions::WebExtensionPolicy
> policy(AddonPolicy());
1115 policy
.forget(aResult
);
1119 extensions::WebExtensionPolicy
* BasePrincipal::AddonPolicy() {
1120 if (Is
<ContentPrincipal
>()) {
1121 return As
<ContentPrincipal
>()->AddonPolicy();
1126 bool BasePrincipal::AddonHasPermission(const nsAtom
* aPerm
) {
1127 if (auto policy
= AddonPolicy()) {
1128 return policy
->HasPermission(aPerm
);
1133 nsIPrincipal
* BasePrincipal::PrincipalToInherit(nsIURI
* aRequestedURI
) {
1134 if (Is
<ExpandedPrincipal
>()) {
1135 return As
<ExpandedPrincipal
>()->PrincipalToInherit(aRequestedURI
);
1140 bool BasePrincipal::IsLoopbackHost() {
1142 nsresult rv
= GetHost(host
);
1143 NS_ENSURE_SUCCESS(rv
, false);
1144 return nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackHost(host
);
1147 already_AddRefed
<BasePrincipal
> BasePrincipal::CreateContentPrincipal(
1148 nsIURI
* aURI
, const OriginAttributes
& aAttrs
) {
1151 nsAutoCString originNoSuffix
;
1153 ContentPrincipal::GenerateOriginNoSuffixFromURI(aURI
, originNoSuffix
);
1154 if (NS_FAILED(rv
)) {
1155 // If the generation of the origin fails, we still want to have a valid
1156 // principal. Better to return a null principal here.
1157 return NullPrincipal::Create(aAttrs
);
1160 return CreateContentPrincipal(aURI
, aAttrs
, originNoSuffix
);
1163 already_AddRefed
<BasePrincipal
> BasePrincipal::CreateContentPrincipal(
1164 nsIURI
* aURI
, const OriginAttributes
& aAttrs
,
1165 const nsACString
& aOriginNoSuffix
) {
1167 MOZ_ASSERT(!aOriginNoSuffix
.IsEmpty());
1169 // If the URI is supposed to inherit the security context of whoever loads it,
1170 // we shouldn't make a content principal for it.
1171 bool inheritsPrincipal
;
1172 nsresult rv
= NS_URIChainHasFlags(
1173 aURI
, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT
,
1174 &inheritsPrincipal
);
1175 if (NS_FAILED(rv
) || inheritsPrincipal
) {
1176 return NullPrincipal::Create(aAttrs
);
1179 // Check whether the URI knows what its principal is supposed to be.
1180 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
1181 nsCOMPtr
<nsIURIWithSpecialOrigin
> uriWithSpecialOrigin
=
1182 do_QueryInterface(aURI
);
1183 if (uriWithSpecialOrigin
) {
1184 nsCOMPtr
<nsIURI
> origin
;
1185 rv
= uriWithSpecialOrigin
->GetOrigin(getter_AddRefs(origin
));
1186 if (NS_WARN_IF(NS_FAILED(rv
))) {
1190 OriginAttributes attrs
;
1191 RefPtr
<BasePrincipal
> principal
= CreateContentPrincipal(origin
, attrs
);
1192 return principal
.forget();
1196 nsCOMPtr
<nsIPrincipal
> blobPrincipal
;
1197 if (dom::BlobURLProtocolHandler::GetBlobURLPrincipal(
1198 aURI
, getter_AddRefs(blobPrincipal
))) {
1199 MOZ_ASSERT(blobPrincipal
);
1200 RefPtr
<BasePrincipal
> principal
= Cast(blobPrincipal
);
1201 return principal
.forget();
1204 // Mint a content principal.
1205 RefPtr
<ContentPrincipal
> principal
=
1206 new ContentPrincipal(aURI
, aAttrs
, aOriginNoSuffix
);
1207 return principal
.forget();
1210 already_AddRefed
<BasePrincipal
> BasePrincipal::CreateContentPrincipal(
1211 const nsACString
& aOrigin
) {
1212 MOZ_ASSERT(!StringBeginsWith(aOrigin
, "["_ns
),
1213 "CreateContentPrincipal does not support System and Expanded "
1217 !StringBeginsWith(aOrigin
, nsLiteralCString(NS_NULLPRINCIPAL_SCHEME
":")),
1218 "CreateContentPrincipal does not support NullPrincipal");
1220 nsAutoCString originNoSuffix
;
1221 OriginAttributes attrs
;
1222 if (!attrs
.PopulateFromOrigin(aOrigin
, originNoSuffix
)) {
1226 nsCOMPtr
<nsIURI
> uri
;
1227 nsresult rv
= NS_NewURI(getter_AddRefs(uri
), originNoSuffix
);
1228 NS_ENSURE_SUCCESS(rv
, nullptr);
1230 return BasePrincipal::CreateContentPrincipal(uri
, attrs
);
1233 already_AddRefed
<BasePrincipal
> BasePrincipal::CloneForcingOriginAttributes(
1234 const OriginAttributes
& aOriginAttributes
) {
1235 if (NS_WARN_IF(!IsContentPrincipal())) {
1239 nsAutoCString originNoSuffix
;
1240 nsresult rv
= GetOriginNoSuffix(originNoSuffix
);
1241 NS_ENSURE_SUCCESS(rv
, nullptr);
1243 nsCOMPtr
<nsIURI
> uri
;
1244 MOZ_ALWAYS_SUCCEEDS(GetURI(getter_AddRefs(uri
)));
1246 RefPtr
<ContentPrincipal
> copy
=
1247 new ContentPrincipal(uri
, aOriginAttributes
, originNoSuffix
);
1248 return copy
.forget();
1251 extensions::WebExtensionPolicy
* BasePrincipal::ContentScriptAddonPolicy() {
1252 if (!Is
<ExpandedPrincipal
>()) {
1256 auto expanded
= As
<ExpandedPrincipal
>();
1257 for (auto& prin
: expanded
->AllowList()) {
1258 if (auto policy
= BasePrincipal::Cast(prin
)->AddonPolicy()) {
1266 bool BasePrincipal::AddonAllowsLoad(nsIURI
* aURI
,
1267 bool aExplicit
/* = false */) {
1268 if (Is
<ExpandedPrincipal
>()) {
1269 return As
<ExpandedPrincipal
>()->AddonAllowsLoad(aURI
, aExplicit
);
1271 if (auto policy
= AddonPolicy()) {
1272 return policy
->CanAccessURI(aURI
, aExplicit
);
1278 BasePrincipal::GetLocalStorageQuotaKey(nsACString
& aKey
) {
1281 nsCOMPtr
<nsIURI
> uri
;
1282 nsresult rv
= GetURI(getter_AddRefs(uri
));
1283 NS_ENSURE_SUCCESS(rv
, rv
);
1284 NS_ENSURE_TRUE(uri
, NS_ERROR_UNEXPECTED
);
1286 // The special handling of the file scheme should be consistent with
1287 // GetStorageOriginKey.
1289 nsAutoCString baseDomain
;
1290 rv
= uri
->GetAsciiHost(baseDomain
);
1291 NS_ENSURE_SUCCESS(rv
, rv
);
1293 if (baseDomain
.IsEmpty() && uri
->SchemeIs("file")) {
1294 nsCOMPtr
<nsIURL
> url
= do_QueryInterface(uri
, &rv
);
1295 NS_ENSURE_SUCCESS(rv
, rv
);
1297 rv
= url
->GetDirectory(baseDomain
);
1298 NS_ENSURE_SUCCESS(rv
, rv
);
1300 nsCOMPtr
<nsIEffectiveTLDService
> eTLDService(
1301 do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID
, &rv
));
1302 NS_ENSURE_SUCCESS(rv
, rv
);
1304 nsAutoCString eTLDplusOne
;
1305 rv
= eTLDService
->GetBaseDomain(uri
, 0, eTLDplusOne
);
1306 if (NS_SUCCEEDED(rv
)) {
1307 baseDomain
= eTLDplusOne
;
1308 } else if (rv
== NS_ERROR_HOST_IS_IP_ADDRESS
||
1309 rv
== NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS
) {
1312 NS_ENSURE_SUCCESS(rv
, rv
);
1315 OriginAttributesRef().CreateSuffix(aKey
);
1317 nsAutoCString subdomainsDBKey
;
1318 rv
= dom::StorageUtils::CreateReversedDomain(baseDomain
, subdomainsDBKey
);
1319 NS_ENSURE_SUCCESS(rv
, rv
);
1322 aKey
.Append(subdomainsDBKey
);
1328 BasePrincipal::GetNextSubDomainPrincipal(
1329 nsIPrincipal
** aNextSubDomainPrincipal
) {
1330 nsCOMPtr
<nsIURI
> uri
;
1331 nsresult rv
= GetURI(getter_AddRefs(uri
));
1332 if (NS_FAILED(rv
) || !uri
) {
1337 rv
= uri
->GetHost(host
);
1338 if (NS_FAILED(rv
) || host
.IsEmpty()) {
1342 nsCString subDomain
;
1343 rv
= nsEffectiveTLDService::GetInstance()->GetNextSubDomain(host
, subDomain
);
1345 if (NS_FAILED(rv
) || subDomain
.IsEmpty()) {
1349 nsCOMPtr
<nsIURI
> subDomainURI
;
1350 rv
= NS_MutateURI(uri
).SetHost(subDomain
).Finalize(subDomainURI
);
1351 if (NS_FAILED(rv
) || !subDomainURI
) {
1354 // Copy the attributes over
1355 mozilla::OriginAttributes attrs
= OriginAttributesRef();
1357 if (!StaticPrefs::permissions_isolateBy_userContext()) {
1358 // Disable userContext for permissions.
1359 attrs
.StripAttributes(mozilla::OriginAttributes::STRIP_USER_CONTEXT_ID
);
1361 RefPtr
<nsIPrincipal
> principal
=
1362 mozilla::BasePrincipal::CreateContentPrincipal(subDomainURI
, attrs
);
1367 principal
.forget(aNextSubDomainPrincipal
);
1372 BasePrincipal::GetStorageOriginKey(nsACString
& aOriginKey
) {
1373 aOriginKey
.Truncate();
1375 nsCOMPtr
<nsIURI
> uri
;
1376 nsresult rv
= GetURI(getter_AddRefs(uri
));
1377 NS_ENSURE_SUCCESS(rv
, rv
);
1378 NS_ENSURE_TRUE(uri
, NS_ERROR_UNEXPECTED
);
1380 // The special handling of the file scheme should be consistent with
1381 // GetLocalStorageQuotaKey.
1383 nsAutoCString domainOrigin
;
1384 rv
= uri
->GetAsciiHost(domainOrigin
);
1385 NS_ENSURE_SUCCESS(rv
, rv
);
1387 if (domainOrigin
.IsEmpty()) {
1388 // For the file:/// protocol use the exact directory as domain.
1389 if (uri
->SchemeIs("file")) {
1390 nsCOMPtr
<nsIURL
> url
= do_QueryInterface(uri
, &rv
);
1391 NS_ENSURE_SUCCESS(rv
, rv
);
1392 rv
= url
->GetDirectory(domainOrigin
);
1393 NS_ENSURE_SUCCESS(rv
, rv
);
1397 // Append reversed domain
1398 nsAutoCString reverseDomain
;
1399 rv
= dom::StorageUtils::CreateReversedDomain(domainOrigin
, reverseDomain
);
1400 NS_ENSURE_SUCCESS(rv
, rv
);
1402 aOriginKey
.Append(reverseDomain
);
1405 nsAutoCString scheme
;
1406 rv
= uri
->GetScheme(scheme
);
1407 NS_ENSURE_SUCCESS(rv
, rv
);
1409 aOriginKey
.Append(':');
1410 aOriginKey
.Append(scheme
);
1412 // Append port if any
1413 int32_t port
= NS_GetRealPort(uri
);
1415 aOriginKey
.Append(nsPrintfCString(":%d", port
));
1422 BasePrincipal::GetIsScriptAllowedByPolicy(bool* aIsScriptAllowedByPolicy
) {
1423 *aIsScriptAllowedByPolicy
= false;
1424 nsCOMPtr
<nsIURI
> prinURI
;
1425 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
1426 if (NS_FAILED(rv
) || !prinURI
) {
1429 nsIScriptSecurityManager
* ssm
= nsContentUtils::GetSecurityManager();
1431 return NS_ERROR_UNEXPECTED
;
1433 return ssm
->PolicyAllowsScript(prinURI
, aIsScriptAllowedByPolicy
);
1436 bool SiteIdentifier::Equals(const SiteIdentifier
& aOther
) const {
1437 MOZ_ASSERT(IsInitialized());
1438 MOZ_ASSERT(aOther
.IsInitialized());
1439 return mPrincipal
->FastEquals(aOther
.mPrincipal
);
1443 BasePrincipal::CreateReferrerInfo(mozilla::dom::ReferrerPolicy aReferrerPolicy
,
1444 nsIReferrerInfo
** _retval
) {
1445 nsCOMPtr
<nsIURI
> prinURI
;
1446 RefPtr
<dom::ReferrerInfo
> info
;
1447 nsresult rv
= GetURI(getter_AddRefs(prinURI
));
1448 if (NS_FAILED(rv
) || !prinURI
) {
1449 info
= new dom::ReferrerInfo(nullptr);
1450 info
.forget(_retval
);
1453 info
= new dom::ReferrerInfo(prinURI
, aReferrerPolicy
);
1454 info
.forget(_retval
);
1459 BasePrincipal::GetPrecursorPrincipal(nsIPrincipal
** aPrecursor
) {
1460 *aPrecursor
= nullptr;
1464 NS_IMPL_ADDREF(BasePrincipal::Deserializer
)
1465 NS_IMPL_RELEASE(BasePrincipal::Deserializer
)
1467 NS_INTERFACE_MAP_BEGIN(BasePrincipal::Deserializer
)
1468 NS_INTERFACE_MAP_ENTRY(nsISupports
)
1469 NS_INTERFACE_MAP_ENTRY(nsISerializable
)
1471 return mPrincipal
->QueryInterface(aIID
, aInstancePtr
);
1473 NS_INTERFACE_MAP_END
1476 BasePrincipal::Deserializer::Write(nsIObjectOutputStream
* aStream
) {
1477 // Read is used still for legacy principals
1478 MOZ_RELEASE_ASSERT(false, "Old style serialization is removed");
1482 } // namespace mozilla