| blob | 6152a0e0f7e8696831b3ec9e4e9d863ca7851462 |
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 sw=2 et tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
46 }
49 NS_PRINCIPAL_CID)
62 // Assert that the URI we get here isn't any of the schemes that we know we
63 // should not get here. These schemes always either inherit their principal
64 // or fall back to a null principal. These are schemes which return
65 // URI_INHERITS_SECURITY_CONTEXT from their protocol handler's
66 // GetProtocolFlags function.
78 }
90 }
94 }
96 /* static */
101 }
106 }
111 // Handle non-strict file:// uris.
114 // If strict file origin policy is not in effect, all local files are
115 // considered to be same-origin, so return a known dummy origin here.
118 }
120 nsresult rv;
121 // NB: This is only compiled for Thunderbird/Suite.
122 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
129 }
130 #endif
132 // We want the invariant that prinA.origin == prinB.origin i.f.f.
133 // prinA.equals(prinB). However, this requires that we impose certain
134 // constraints on the behavior and origin semantics of principals, and in
135 // particular, forbid creating origin strings for principals whose equality
136 // constraints are not expressible as strings (i.e. object equality).
137 // Moreover, we want to forbid URIs containing the magic "^" we use as a
138 // separating character for origin attributes.
139 //
140 // These constraints can generally be achieved by restricting .origin to
141 // nsIStandardURL-based URIs, but there are a few other URI schemes that we
142 // need to handle.
145 // We generally consider two about:foo origins to be same-origin, but
146 // about:blank is special since it can be generated from different
147 // sources. We check for moz-safe-about:blank since origin is an
148 // innermost URI.
159 }
163 }
165 // These URIs could technically contain a '^', but they never should.
169 }
171 }
173 // This URL can be a blobURL. In this case, we should use the 'parent'
174 // principal instead.
180 }
182 // If we reached this branch, we can only create an origin if we have a
183 // nsIStandardURL. So, we query to a nsIStandardURL, and fail if we aren't
184 // an instance of an nsIStandardURL nsIStandardURLs have the good property
185 // of escaping the '^' character in their specs, which means that we can be
186 // sure that the caret character (which is reserved for delimiting the end
187 // of the spec, and the beginning of the origin attributes) is not present
188 // in the origin string
192 }
194 // See whether we have a useful hostPort. If we do, use that.
195 nsAutoCString hostPort;
199 }
206 }
211 // The origin, when taken from the spec, should not contain the ref part of
212 // the URL.
219 }
223 }
226 }
233 // For ContentPrincipal, Subsumes is equivalent to Equals.
236 }
238 // If either the subject or the object has changed its principal by
239 // explicitly setting document.domain then the other must also have
240 // done so in order to be considered the same origin. This prevents
241 // DNS spoofing based on document.domain (154930)
242 nsresult rv;
244 // Get .domain on each principal.
249 // If either has .domain set, we have equality i.f.f. the domains match.
250 // Otherwise, we fall through to the non-document-domain-considering case.
254 #ifdef DEBUG
262 }
263 #endif
265 }
266 }
268 // Compare uris.
273 }
275 NS_IMETHODIMP
279 }
284 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
292 }
294 OriginAttributes attrs;
298 }
299 #endif
306 }
308 // If this principal is associated with an addon, check whether that addon
309 // has been given permission to load from this domain.
312 }
316 }
318 // If strict file origin policy is in effect, local files will always fail
319 // SecurityCompareURIs unless they are identical. Explicitly check file origin
320 // policy, in that case.
324 }
327 }
336 };
338 }
340 NS_IMETHODIMP
345 }
349 }
351 NS_IMETHODIMP
358 // Set the changed-document-domain flag on compartments containing realms
359 // using this principal.
364 };
373 }
379 // Special handling for a file URI.
381 // If strict file origin policy is not in effect, all local files are
382 // considered to be same-origin, so return a known dummy domain here.
387 }
389 // Otherwise, we return the file path.
395 }
396 }
403 }
405 // In case of FTP we want to get base domain via TLD service even if FTP
406 // protocol handler is disabled and the scheme is handled by external protocol
407 // handler which returns URI_NORELATIVE flag.
411 }
416 }
419 }
421 NS_IMETHODIMP
423 // Handle some special URIs first.
430 }
432 // For everything else, we ask the TLD service via the ThirdPartyUtil.
437 }
440 }
442 NS_IMETHODIMP
444 // Handle some special URIs first.
445 nsAutoCString baseDomain;
451 // This is a special URI ("file:", "about:", "view-source:", etc). Just
452 // return the origin.
454 }
456 // For everything else, we ask the TLD service. Note that, unlike in
457 // GetBaseDomain, we don't use ThirdPartyUtil.getBaseDomain because if the
458 // host is an IP address that returns the raw address and we can't use it with
459 // SetHost below because SetHost expects '[' and ']' around IPv6 addresses.
460 // See bug 1491728.
465 }
472 // If this is an IP address or something like "localhost", we just continue
473 // with gotBaseDomain = false.
477 }
478 }
480 // NOTE: Calling `SetHostPort` with a portless domain is insufficient to clear
481 // the port, so an extra `SetPort` call has to be made.
487 }
496 nsAutoCString suffix;
503 }
506 nsCString siteOrigin;
514 }
518 }
528 }
529 }
532 }
534 NS_IMETHODIMP
541 }
543 }
545 NS_IMETHODIMP
552 }
555 // Enforce re-parsing about: URIs so that if they change, we continue to use
556 // their new principals correctly.
558 nsAutoCString spec;
561 NS_ERROR_FAILURE);
562 }
568 }
572 nsAutoCString suffix;
576 OriginAttributes attrs;
580 // Since Bug 965637 we do not serialize the CSP within the
581 // Principal anymore. Nevertheless there might still be
582 // serialized Principals that do have a serialized CSP.
583 // For now, we just read the CSP here but do not actually
584 // consume it. Please note that we deliberately ignore
585 // the return value to avoid CSP deserialization problems.
586 // After Bug 1508939 we will have a new serialization for
587 // Principals which allows us to update the code here.
588 // Additionally, the format for serialized CSPs changed
589 // within Bug 965637 which also can cause failures within
590 // the CSP deserialization code.
593 nsAutoCString originNoSuffix;
600 // Note: we don't call SetDomain here because we don't need the wrapper
601 // recomputation code there (we just created this principal).
605 }
608 }
610 NS_IMETHODIMP
612 // Read is used still for legacy principals
615 }
618 nsAutoCString principalURI;
622 // We turn each int enum field into a JSON string key of the object
623 // aObject is the inner JSON object that has stringified enum keys
624 // An example aObject might be:
625 //
626 // eURI eSuffix
627 // | |
628 // {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}
629 // | | | |
630 // ----------------------------- |
631 // | | |
632 // Key ----------------------
633 // |
634 // Value
638 nsAutoCString domainStr;
642 }
644 nsAutoCString suffix;
648 }
651 }
656 nsresult rv;
660 OriginAttributes attrs;
662 // The odd structure here is to make the code to not compile
663 // if all the switch enum cases haven't been codified
672 }
676 {
677 // Enforce re-parsing about: URIs so that if they change, we
678 // continue to use their new principals correctly.
680 nsAutoCString spec;
684 }
685 }
686 }
692 }
699 }
700 }
702 }
703 }
704 nsAutoCString originNoSuffix;
706 originNoSuffix);
709 }
715 }
720 }
723 }