| blob | 5aeecaf2bd426c49ca3a4275000803fae3bd763c |
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 sw=2 et tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
57 // We're just creating the principal, so no need to re-compute wrappers.
59 }
61 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
62 // Assert that the URI we get here isn't any of the schemes that we know we
63 // should not get here. These schemes always either inherit their principal
64 // or fall back to a null principal. These are schemes which return
65 // URI_INHERITS_SECURITY_CONTEXT from their protocol handler's
66 // GetProtocolFlags function.
72 #endif
73 }
86 }
88 /* static */
93 }
98 }
103 // Handle non-strict file:// uris.
106 // If strict file origin policy is not in effect, all local files are
107 // considered to be same-origin, so return a known dummy origin here.
110 }
112 nsresult rv;
113 // NB: This is only compiled for Thunderbird/Suite.
114 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
121 }
122 #endif
124 // We want the invariant that prinA.origin == prinB.origin i.f.f.
125 // prinA.equals(prinB). However, this requires that we impose certain
126 // constraints on the behavior and origin semantics of principals, and in
127 // particular, forbid creating origin strings for principals whose equality
128 // constraints are not expressible as strings (i.e. object equality).
129 // Moreover, we want to forbid URIs containing the magic "^" we use as a
130 // separating character for origin attributes.
131 //
132 // These constraints can generally be achieved by restricting .origin to
133 // nsIStandardURL-based URIs, but there are a few other URI schemes that we
134 // need to handle.
137 // We generally consider two about:foo origins to be same-origin, but
138 // about:blank is special since it can be generated from different
139 // sources. We check for moz-safe-about:blank since origin is an
140 // innermost URI.
151 }
155 }
157 // These URIs could technically contain a '^', but they never should.
161 }
163 }
165 // This URL can be a blobURL. In this case, we should use the 'parent'
166 // principal instead.
172 }
174 // If we reached this branch, we can only create an origin if we have a
175 // nsIStandardURL. So, we query to a nsIStandardURL, and fail if we aren't
176 // an instance of an nsIStandardURL nsIStandardURLs have the good property
177 // of escaping the '^' character in their specs, which means that we can be
178 // sure that the caret character (which is reserved for delimiting the end
179 // of the spec, and the beginning of the origin attributes) is not present
180 // in the origin string
184 }
186 // See whether we have a useful hostPort. If we do, use that.
187 nsAutoCString hostPort;
191 }
198 }
203 // The origin, when taken from the spec, should not contain the ref part of
204 // the URL.
211 }
215 }
218 }
225 // For ContentPrincipal, Subsumes is equivalent to Equals.
228 }
230 // If either the subject or the object has changed its principal by
231 // explicitly setting document.domain then the other must also have
232 // done so in order to be considered the same origin. This prevents
233 // DNS spoofing based on document.domain (154930)
235 // Get .domain on each principal.
240 // If either has .domain set, we have equality i.f.f. the domains match.
241 // Otherwise, we fall through to the non-document-domain-considering case.
245 #ifdef DEBUG
253 }
254 #endif
256 }
257 }
259 // Do a fast check (including origin attributes) or a slow uri comparison.
261 }
263 NS_IMETHODIMP
267 }
272 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
280 }
282 OriginAttributes attrs;
286 }
287 #endif
294 }
296 // If this principal is associated with an addon, check whether that addon
297 // has been given permission to load from this domain.
300 }
304 }
306 // If strict file origin policy is in effect, local files will always fail
307 // SecurityCompareURIs unless they are identical. Explicitly check file origin
308 // policy, in that case.
312 }
315 }
324 };
326 }
328 NS_IMETHODIMP
333 }
338 }
340 NS_IMETHODIMP
345 {
349 }
351 // Set the changed-document-domain flag on compartments containing realms
352 // using this principal.
357 };
366 }
372 // Special handling for a file URI.
374 // If strict file origin policy is not in effect, all local files are
375 // considered to be same-origin, so return a known dummy domain here.
380 }
382 // Otherwise, we return the file path.
388 }
389 }
396 }
398 // In case of FTP we want to get base domain via TLD service even if FTP
399 // protocol handler is disabled and the scheme is handled by external protocol
400 // handler which returns URI_NORELATIVE flag.
404 }
409 }
412 }
414 NS_IMETHODIMP
416 // Handle some special URIs first.
423 }
425 // For everything else, we ask the TLD service via the ThirdPartyUtil.
430 }
433 }
435 NS_IMETHODIMP
440 // It is possible for two principals with the same origin to have different
441 // mURI values. In order to ensure that two principals with matching origins
442 // also have matching siteOrigins, we derive the siteOrigin entirely from the
443 // origin string and do not rely on mURI at all here.
447 // We got an error parsing the origin as a URI? siteOrigin == origin
448 // aSiteOrigin was already filled with `OriginNoSuffix`
450 }
452 // Handle some special URIs first.
453 nsAutoCString baseDomain;
459 // This is a special URI ("file:", "about:", "view-source:", etc). Just
460 // return the origin.
462 }
464 // For everything else, we ask the TLD service. Note that, unlike in
465 // GetBaseDomain, we don't use ThirdPartyUtil.getBaseDomain because if the
466 // host is an IP address that returns the raw address and we can't use it with
467 // SetHost below because SetHost expects '[' and ']' around IPv6 addresses.
468 // See bug 1491728.
473 }
480 // If this is an IP address or something like "localhost", we just continue
481 // with gotBaseDomain = false.
486 }
487 }
489 // NOTE: Calling `SetHostPort` with a portless domain is insufficient to clear
490 // the port, so an extra `SetPort` call has to be made.
496 }
505 }
508 nsCString siteOrigin;
516 }
520 }
529 nsCString host;
532 }
535 }
537 }
539 NS_IMETHODIMP
545 }
547 }
549 NS_IMETHODIMP
558 }
561 // Enforce re-parsing about: URIs so that if they change, we continue to use
562 // their new principals correctly.
564 nsAutoCString spec;
567 NS_ERROR_FAILURE);
568 }
574 }
578 nsAutoCString suffix;
582 OriginAttributes attrs;
586 // Since Bug 965637 we do not serialize the CSP within the
587 // Principal anymore. Nevertheless there might still be
588 // serialized Principals that do have a serialized CSP.
589 // For now, we just read the CSP here but do not actually
590 // consume it. Please note that we deliberately ignore
591 // the return value to avoid CSP deserialization problems.
592 // After Bug 1508939 we will have a new serialization for
593 // Principals which allows us to update the code here.
594 // Additionally, the format for serialized CSPs changed
595 // within Bug 965637 which also can cause failures within
596 // the CSP deserialization code.
599 nsAutoCString originNoSuffix;
603 mPrincipal =
606 }
609 nsAutoCString principalURI;
613 // We turn each int enum field into a JSON string key of the object
614 // aObject is the inner JSON object that has stringified enum keys
615 // An example aObject might be:
616 //
617 // eURI eSuffix
618 // | |
619 // {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}
620 // | | | |
621 // ----------------------------- |
622 // | | |
623 // Key ----------------------
624 // |
625 // Value
629 nsAutoCString domainStr;
630 {
634 }
636 }
638 nsAutoCString suffix;
642 }
645 }
650 nsresult rv;
654 OriginAttributes attrs;
656 // The odd structure here is to make the code to not compile
657 // if all the switch enum cases haven't been codified
666 }
670 {
671 // Enforce re-parsing about: URIs so that if they change, we
672 // continue to use their new principals correctly.
674 nsAutoCString spec;
678 }
679 }
680 }
686 }
693 }
694 }
696 }
697 }
698 nsAutoCString originNoSuffix;
700 originNoSuffix);
703 }
709 }