1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef nsCSPContext_h___
8 #define nsCSPContext_h___
10 #include "mozilla/dom/nsCSPUtils.h"
11 #include "mozilla/dom/SecurityPolicyViolationEvent.h"
12 #include "mozilla/StaticPrefs_security.h"
13 #include "nsIChannel.h"
14 #include "nsIChannelEventSink.h"
15 #include "nsIContentSecurityPolicy.h"
16 #include "nsIInterfaceRequestor.h"
17 #include "nsIStreamListener.h"
18 #include "nsIWeakReferenceUtils.h"
21 #define NS_CSPCONTEXT_CONTRACTID "@mozilla.org/cspcontext;1"
22 // 09d9ed1a-e5d4-4004-bfe0-27ceb923d9ac
23 #define NS_CSPCONTEXT_CID \
25 0x09d9ed1a, 0xe5d4, 0x4004, { \
26 0xbf, 0xe0, 0x27, 0xce, 0xb9, 0x23, 0xd9, 0xac \
30 class nsINetworkInterceptController
;
32 struct ConsoleMsgQueueElem
;
39 class ContentSecurityPolicy
;
41 } // namespace mozilla
43 class nsCSPContext
: public nsIContentSecurityPolicy
{
46 NS_DECL_NSICONTENTSECURITYPOLICY
47 NS_DECL_NSISERIALIZABLE
50 virtual ~nsCSPContext();
55 static bool Equals(nsIContentSecurityPolicy
* aCSP
,
56 nsIContentSecurityPolicy
* aOtherCSP
);
58 // Init a CSP from a different CSP
59 nsresult
InitFromOther(nsCSPContext
* otherContext
);
61 // Used to suppress errors and warnings produced by the parser.
62 // Use this when doing an one-off parsing of the CSP.
63 void SuppressParserLogMessages() { mSuppressParserLogMessages
= true; }
66 * SetRequestContextWithDocument() needs to be called before the
67 * innerWindowID is initialized on the document. Use this function
68 * to call back to flush queued up console messages and initialize
69 * the innerWindowID. Node, If SetRequestContextWithPrincipal() was
70 * called then we do not have a innerWindowID anyway and hence
71 * we can not flush messages to the correct console.
73 void flushConsoleMessages();
75 void logToConsole(const char* aName
, const nsTArray
<nsString
>& aParams
,
76 const nsAString
& aSourceName
, const nsAString
& aSourceLine
,
77 uint32_t aLineNumber
, uint32_t aColumnNumber
,
78 uint32_t aSeverityFlag
);
81 * Construct SecurityPolicyViolationEventInit structure.
84 * A nsIURI: the source of the violation.
86 * The original URI if the blocked content is a redirect, else null
87 * @param aViolatedDirective
88 * the directive that was violated (string).
90 * name of the file containing the inline script violation
91 * @param aScriptSample
92 * a sample of the violating inline script
94 * source line number of the violation (if available)
96 * source column number of the violation (if available)
97 * @param aViolationEventInit
100 nsresult
GatherSecurityPolicyViolationEventData(
101 nsIURI
* aBlockedURI
, const nsACString
& aBlockedString
,
102 nsIURI
* aOriginalURI
, const nsAString
& aViolatedDirective
,
103 uint32_t aViolatedPolicyIndex
, const nsAString
& aSourceFile
,
104 const nsAString
& aScriptSample
, uint32_t aLineNum
, uint32_t aColumnNum
,
105 mozilla::dom::SecurityPolicyViolationEventInit
& aViolationEventInit
);
107 nsresult
SendReports(
108 const mozilla::dom::SecurityPolicyViolationEventInit
& aViolationEventInit
,
109 uint32_t aViolatedPolicyIndex
);
111 nsresult
FireViolationEvent(
112 mozilla::dom::Element
* aTriggeringElement
,
113 nsICSPEventListener
* aCSPEventListener
,
114 const mozilla::dom::SecurityPolicyViolationEventInit
&
115 aViolationEventInit
);
117 enum BlockedContentSource
{
125 nsresult
AsyncReportViolation(
126 mozilla::dom::Element
* aTriggeringElement
,
127 nsICSPEventListener
* aCSPEventListener
, nsIURI
* aBlockedURI
,
128 BlockedContentSource aBlockedContentSource
, nsIURI
* aOriginalURI
,
129 const nsAString
& aViolatedDirective
,
130 const nsAString
& aViolatedDirectiveString
,
131 const CSPDirective aEffectiveDirective
, uint32_t aViolatedPolicyIndex
,
132 const nsAString
& aObserverSubject
, const nsAString
& aSourceFile
,
133 bool aReportSample
, const nsAString
& aScriptSample
, uint32_t aLineNum
,
134 uint32_t aColumnNum
);
136 // Hands off! Don't call this method unless you know what you
137 // are doing. It's only supposed to be called from within
138 // the principal destructor to avoid a tangling pointer.
139 void clearLoadingPrincipal() { mLoadingPrincipal
= nullptr; }
141 nsWeakPtr
GetLoadingContext() { return mLoadingContext
; }
143 static uint32_t ScriptSampleMaxLength() {
145 mozilla::StaticPrefs::security_csp_reporting_script_sample_max_length(),
149 void AddIPCPolicy(const mozilla::ipc::ContentSecurityPolicy
& aPolicy
);
150 void SerializePolicies(
151 nsTArray
<mozilla::ipc::ContentSecurityPolicy
>& aPolicies
);
154 bool ShouldThrottleReport(
155 const mozilla::dom::SecurityPolicyViolationEventInit
&
156 aViolationEventInit
);
158 bool permitsInternal(CSPDirective aDir
,
159 mozilla::dom::Element
* aTriggeringElement
,
160 nsICSPEventListener
* aCSPEventListener
,
161 nsILoadInfo
* aLoadInfo
, nsIURI
* aContentLocation
,
162 nsIURI
* aOriginalURIIfRedirect
, bool aSpecific
,
163 bool aSendViolationReports
,
164 bool aSendContentLocationInViolationReports
);
166 // helper to report inline script/style violations
167 void reportInlineViolation(CSPDirective aDirective
,
168 mozilla::dom::Element
* aTriggeringElement
,
169 nsICSPEventListener
* aCSPEventListener
,
170 const nsAString
& aNonce
, bool aReportSample
,
171 const nsAString
& aSample
,
172 const nsAString
& aViolatedDirective
,
173 const nsAString
& aViolatedDirectiveString
,
174 CSPDirective aEffectiveDirective
,
175 uint32_t aViolatedPolicyIndex
,
176 uint32_t aLineNumber
, uint32_t aColumnNumber
);
179 uint64_t mInnerWindowID
; // used for web console logging
180 bool mSkipAllowInlineStyleCheck
; // used to allow Devtools to edit styles
181 // When deserializing an nsCSPContext instance, we initially just keep the
182 // policies unparsed. We will only reconstruct actual CSP policy instances
183 // when there's an attempt to use the CSP. Given a better way to serialize/
184 // deserialize individual nsCSPPolicy objects, this performance
185 // optimization could go away.
186 nsTArray
<mozilla::ipc::ContentSecurityPolicy
> mIPCPolicies
;
187 nsTArray
<nsCSPPolicy
*> mPolicies
;
188 nsCOMPtr
<nsIURI
> mSelfURI
;
189 nsCOMPtr
<nsILoadGroup
> mCallingChannelLoadGroup
;
190 nsWeakPtr mLoadingContext
;
191 nsCOMPtr
<nsIPrincipal
> mLoadingPrincipal
;
193 bool mSuppressParserLogMessages
= false;
195 // helper members used to queue up web console messages till
196 // the windowID becomes available. see flushConsoleMessages()
197 nsTArray
<ConsoleMsgQueueElem
> mConsoleMsgQueue
;
198 bool mQueueUpMessages
;
199 nsCOMPtr
<nsIEventTarget
> mEventTarget
;
201 mozilla::TimeStamp mSendReportLimitSpanStart
;
202 uint32_t mSendReportLimitCount
= 1;
203 bool mWarnedAboutTooManyReports
= false;
206 // Class that listens to violation report transmission and logs errors.
207 class CSPViolationReportListener
: public nsIStreamListener
{
209 NS_DECL_NSISTREAMLISTENER
210 NS_DECL_NSIREQUESTOBSERVER
214 CSPViolationReportListener();
217 virtual ~CSPViolationReportListener();
220 // The POST of the violation report (if it happens) should not follow
221 // redirects, per the spec. hence, we implement an nsIChannelEventSink
222 // with an object so we can tell XHR to abort if a redirect happens.
223 class CSPReportRedirectSink final
: public nsIChannelEventSink
,
224 public nsIInterfaceRequestor
{
226 NS_DECL_NSICHANNELEVENTSINK
227 NS_DECL_NSIINTERFACEREQUESTOR
231 CSPReportRedirectSink();
233 void SetInterceptController(
234 nsINetworkInterceptController
* aInterceptController
);
237 virtual ~CSPReportRedirectSink();
240 nsCOMPtr
<nsINetworkInterceptController
> mInterceptController
;
243 #endif /* nsCSPContext_h___ */