search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1892041 - Part 1: Update test262 features. r=spidermonkey-reviewers,dminor
[gecko.git] / dom / security / nsMixedContentBlocker.h
blob05038ef0878ce32dc4595dafd5f04235530c35cd
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #ifndef nsMixedContentBlocker_h___
8 #define nsMixedContentBlocker_h___
9
10 #define NS_MIXEDCONTENTBLOCKER_CONTRACTID "@mozilla.org/mixedcontentblocker;1"
11 /* daf1461b-bf29-4f88-8d0e-4bcdf332c862 */
12 #define NS_MIXEDCONTENTBLOCKER_CID \
13 { \
14 0xdaf1461b, 0xbf29, 0x4f88, { \
15 0x8d, 0x0e, 0x4b, 0xcd, 0xf3, 0x32, 0xc8, 0x62 \
16 } \
17 }
18
19 // This enum defines type of content that is detected when an
20 // nsMixedContentEvent fires
21 enum MixedContentTypes {
22 // "Active" content, such as fonts, plugin content, JavaScript, stylesheets,
23 // iframes, WebSockets, and XHR
24 eMixedScript,
25 // "Display" content, such as images, audio, video, and <a ping>
26 eMixedDisplay
27 };
28
29 #include "nsIContentPolicy.h"
30 #include "nsIChannel.h"
31 #include "nsIChannelEventSink.h"
32 #include "imgRequest.h"
33
34 using mozilla::OriginAttributes;
35
36 class nsILoadInfo; // forward declaration
37 namespace mozilla::net {
38 class nsProtocolProxyService; // forward declaration
39 } // namespace mozilla::net
40
41 class nsMixedContentBlocker : public nsIContentPolicy,
42 public nsIChannelEventSink {
43 private:
44 virtual ~nsMixedContentBlocker();
45
46 public:
47 NS_DECL_ISUPPORTS
48 NS_DECL_NSICONTENTPOLICY
49 NS_DECL_NSICHANNELEVENTSINK
50
51 nsMixedContentBlocker() = default;
52
53 // See:
54 // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
55 static bool IsPotentiallyTrustworthyLoopbackHost(
56 const nsACString& aAsciiHost);
57 static bool IsPotentiallyTrustworthyLoopbackURL(nsIURI* aURL);
58 static bool IsPotentiallyTrustworthyOnion(nsIURI* aURL);
59 static bool IsPotentiallyTrustworthyOrigin(nsIURI* aURI);
60
61 /**
62 * Returns true if the provided content policy type is subject to the
63 * mixed content level 2 upgrading mechanism (audio, video, image).
64 *
65 * @param aConsiderPrefs A boolean that indicates whether the result of this
66 * functions takes the `security.mixed_content.upgrade_display_content`
67 * preferences into account.
68 */
69 static bool IsUpgradableContentType(nsContentPolicyType aType,
70 bool aConsiderPrefs);
71
72 /* Static version of ShouldLoad() that contains all the Mixed Content Blocker
73 * logic. Called from non-static ShouldLoad().
74 * Called directly from imageLib when an insecure redirect exists in a cached
75 * image load.
76 * @param aHadInsecureImageRedirect
77 * boolean flag indicating that an insecure redirect through http
78 * occured when this image was initially loaded and cached.
79 * @param aReportError
80 * boolean flag indicating if a rejection should automaticly be
81 * logged into the Console.
82 * Remaining parameters are from nsIContentPolicy::ShouldLoad().
83 */
84 static nsresult ShouldLoad(bool aHadInsecureImageRedirect,
85 nsIURI* aContentLocation, nsILoadInfo* aLoadInfo,
86 bool aReportError, int16_t* aDecision);
87 static void AccumulateMixedContentHSTS(
88 nsIURI* aURI, bool aActive, const OriginAttributes& aOriginAttributes);
89
90 static bool URISafeToBeLoadedInSecureContext(nsIURI* aURI);
91
92 static void OnPrefChange(const char* aPref, void* aClosure);
93 static void GetSecureContextAllowList(nsACString& aList);
94 static void Shutdown();
95
96 static bool sSecurecontextAllowlistCached;
97 static nsCString* sSecurecontextAllowlist;
98 };
99
100 #endif /* nsMixedContentBlocker_h___ */