search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
no bug - Import translations from android-l10n r=release a=l10n CLOSED TREE
[gecko.git] / netwerk / base / nsNetUtil.cpp
blob5f5fd2e6c6aa9a9d10964e100db66fc4c5b39194
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim:set ts=4 sw=2 sts=2 et cin: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 // HttpLog.h should generally be included first
8 #include "DecoderDoctorDiagnostics.h"
9 #include "HttpLog.h"
10
11 #include "nsNetUtil.h"
12
13 #include "mozilla/Atomics.h"
14 #include "mozilla/BasePrincipal.h"
15 #include "mozilla/Components.h"
16 #include "mozilla/Encoding.h"
17 #include "mozilla/LoadContext.h"
18 #include "mozilla/LoadInfo.h"
19 #include "mozilla/Monitor.h"
20 #include "mozilla/StaticPrefs_browser.h"
21 #include "mozilla/StaticPrefs_network.h"
22 #include "mozilla/StaticPrefs_privacy.h"
23 #include "mozilla/StoragePrincipalHelper.h"
24 #include "mozilla/TaskQueue.h"
25 #include "mozilla/Telemetry.h"
26 #include "nsAboutProtocolUtils.h"
27 #include "nsBufferedStreams.h"
28 #include "nsCategoryCache.h"
29 #include "nsComponentManagerUtils.h"
30 #include "nsContentUtils.h"
31 #include "nsEscape.h"
32 #include "nsFileStreams.h"
33 #include "nsHashKeys.h"
34 #include "nsHttp.h"
35 #include "nsMimeTypes.h"
36 #include "nsIAuthPrompt.h"
37 #include "nsIAuthPrompt2.h"
38 #include "nsIAuthPromptAdapterFactory.h"
39 #include "nsIBufferedStreams.h"
40 #include "nsBufferedStreams.h"
41 #include "nsIChannelEventSink.h"
42 #include "nsIContentSniffer.h"
43 #include "mozilla/dom/Document.h"
44 #include "nsIDownloader.h"
45 #include "nsIFileProtocolHandler.h"
46 #include "nsIFileStreams.h"
47 #include "nsIFileURL.h"
48 #include "nsIIDNService.h"
49 #include "nsIInputStreamChannel.h"
50 #include "nsIInputStreamPump.h"
51 #include "nsIInterfaceRequestorUtils.h"
52 #include "nsILoadContext.h"
53 #include "nsIMIMEHeaderParam.h"
54 #include "nsINode.h"
55 #include "nsIObjectLoadingContent.h"
56 #include "nsPersistentProperties.h"
57 #include "nsIPrivateBrowsingChannel.h"
58 #include "nsIPropertyBag2.h"
59 #include "nsIProtocolProxyService.h"
60 #include "mozilla/net/RedirectChannelRegistrar.h"
61 #include "nsRequestObserverProxy.h"
62 #include "nsISensitiveInfoHiddenURI.h"
63 #include "nsISimpleStreamListener.h"
64 #include "nsISocketProvider.h"
65 #include "nsIStandardURL.h"
66 #include "nsIStreamLoader.h"
67 #include "nsIIncrementalStreamLoader.h"
68 #include "nsStringStream.h"
69 #include "nsSyncStreamListener.h"
70 #include "nsITextToSubURI.h"
71 #include "nsIURIWithSpecialOrigin.h"
72 #include "nsIViewSourceChannel.h"
73 #include "nsInterfaceRequestorAgg.h"
74 #include "nsINestedURI.h"
75 #include "mozilla/dom/nsCSPUtils.h"
76 #include "mozilla/dom/nsHTTPSOnlyUtils.h"
77 #include "mozilla/dom/nsMixedContentBlocker.h"
78 #include "mozilla/dom/BlobURLProtocolHandler.h"
79 #include "mozilla/net/HttpBaseChannel.h"
80 #include "nsIScriptError.h"
81 #include "nsISiteSecurityService.h"
82 #include "nsHttpHandler.h"
83 #include "nsNSSComponent.h"
84 #include "nsIRedirectHistoryEntry.h"
85 #include "nsICertStorage.h"
86 #include "nsICertOverrideService.h"
87 #include "nsQueryObject.h"
88 #include "mozIThirdPartyUtil.h"
89 #include "../mime/nsMIMEHeaderParamImpl.h"
90 #include "nsStandardURL.h"
91 #include "DefaultURI.h"
92 #include "nsChromeProtocolHandler.h"
93 #include "nsJSProtocolHandler.h"
94 #include "nsDataHandler.h"
95 #include "mozilla/dom/BlobURLProtocolHandler.h"
96 #include "nsStreamUtils.h"
97 #include "nsSocketTransportService2.h"
98 #include "nsViewSourceHandler.h"
99 #include "nsJARURI.h"
100 #ifndef XP_IOS
101 # include "nsIconURI.h"
102 #endif
103 #include "nsAboutProtocolHandler.h"
104 #include "nsResProtocolHandler.h"
105 #include "mozilla/net/ExtensionProtocolHandler.h"
106 #include "mozilla/net/PageThumbProtocolHandler.h"
107 #include "mozilla/net/SFVService.h"
108 #include <limits>
109 #include "nsIXPConnect.h"
110 #include "nsParserConstants.h"
111 #include "nsCRT.h"
112 #include "nsServiceManagerUtils.h"
113 #include "mozilla/dom/MediaList.h"
114 #include "MediaContainerType.h"
115 #include "DecoderTraits.h"
116 #include "imgLoader.h"
117
118 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
119 # include "nsNewMailnewsURI.h"
120 #endif
121
122 using namespace mozilla;
123 using namespace mozilla::net;
124 using mozilla::dom::BlobURLProtocolHandler;
125 using mozilla::dom::ClientInfo;
126 using mozilla::dom::PerformanceStorage;
127 using mozilla::dom::ServiceWorkerDescriptor;
128
129 #define MAX_RECURSION_COUNT 50
130
131 already_AddRefed<nsIIOService> do_GetIOService(nsresult* error /* = 0 */) {
132 nsCOMPtr<nsIIOService> io;
133 io = mozilla::components::IO::Service();
134 if (error) *error = io ? NS_OK : NS_ERROR_FAILURE;
135 return io.forget();
136 }
137
138 nsresult NS_NewLocalFileInputStream(nsIInputStream** result, nsIFile* file,
139 int32_t ioFlags /* = -1 */,
140 int32_t perm /* = -1 */,
141 int32_t behaviorFlags /* = 0 */) {
142 nsresult rv;
143 nsCOMPtr<nsIFileInputStream> in =
144 do_CreateInstance(NS_LOCALFILEINPUTSTREAM_CONTRACTID, &rv);
145 if (NS_SUCCEEDED(rv)) {
146 rv = in->Init(file, ioFlags, perm, behaviorFlags);
147 if (NS_SUCCEEDED(rv)) in.forget(result);
148 }
149 return rv;
150 }
151
152 Result<nsCOMPtr<nsIInputStream>, nsresult> NS_NewLocalFileInputStream(
153 nsIFile* file, int32_t ioFlags /* = -1 */, int32_t perm /* = -1 */,
154 int32_t behaviorFlags /* = 0 */) {
155 nsCOMPtr<nsIInputStream> stream;
156 const nsresult rv = NS_NewLocalFileInputStream(getter_AddRefs(stream), file,
157 ioFlags, perm, behaviorFlags);
158 if (NS_SUCCEEDED(rv)) {
159 return stream;
160 }
161 return Err(rv);
162 }
163
164 nsresult NS_NewLocalFileOutputStream(nsIOutputStream** result, nsIFile* file,
165 int32_t ioFlags /* = -1 */,
166 int32_t perm /* = -1 */,
167 int32_t behaviorFlags /* = 0 */) {
168 nsresult rv;
169 nsCOMPtr<nsIFileOutputStream> out =
170 do_CreateInstance(NS_LOCALFILEOUTPUTSTREAM_CONTRACTID, &rv);
171 if (NS_SUCCEEDED(rv)) {
172 rv = out->Init(file, ioFlags, perm, behaviorFlags);
173 if (NS_SUCCEEDED(rv)) out.forget(result);
174 }
175 return rv;
176 }
177
178 Result<nsCOMPtr<nsIOutputStream>, nsresult> NS_NewLocalFileOutputStream(
179 nsIFile* file, int32_t ioFlags /* = -1 */, int32_t perm /* = -1 */,
180 int32_t behaviorFlags /* = 0 */) {
181 nsCOMPtr<nsIOutputStream> stream;
182 const nsresult rv = NS_NewLocalFileOutputStream(getter_AddRefs(stream), file,
183 ioFlags, perm, behaviorFlags);
184 if (NS_SUCCEEDED(rv)) {
185 return stream;
186 }
187 return Err(rv);
188 }
189
190 nsresult NS_NewLocalFileOutputStream(nsIOutputStream** result,
191 const mozilla::ipc::FileDescriptor& fd) {
192 nsCOMPtr<nsIFileOutputStream> out;
193 nsFileOutputStream::Create(NS_GET_IID(nsIFileOutputStream),
194 getter_AddRefs(out));
195
196 nsresult rv =
197 static_cast<nsFileOutputStream*>(out.get())->InitWithFileDescriptor(fd);
198 if (NS_FAILED(rv)) {
199 return rv;
200 }
201
202 out.forget(result);
203 return NS_OK;
204 }
205
206 nsresult net_EnsureIOService(nsIIOService** ios, nsCOMPtr<nsIIOService>& grip) {
207 nsresult rv = NS_OK;
208 if (!*ios) {
209 grip = do_GetIOService(&rv);
210 *ios = grip;
211 }
212 return rv;
213 }
214
215 nsresult NS_NewFileURI(
216 nsIURI** result, nsIFile* spec,
217 nsIIOService*
218 ioService /* = nullptr */) // pass in nsIIOService to optimize callers
219 {
220 nsresult rv;
221 nsCOMPtr<nsIIOService> grip;
222 rv = net_EnsureIOService(&ioService, grip);
223 if (ioService) rv = ioService->NewFileURI(spec, result);
224 return rv;
225 }
226
227 nsresult NS_GetURIWithNewRef(nsIURI* aInput, const nsACString& aRef,
228 nsIURI** aOutput) {
229 MOZ_DIAGNOSTIC_ASSERT(aRef.IsEmpty() || aRef[0] == '#');
230
231 if (NS_WARN_IF(!aInput || !aOutput)) {
232 return NS_ERROR_INVALID_ARG;
233 }
234
235 bool hasRef;
236 nsresult rv = aInput->GetHasRef(&hasRef);
237
238 nsAutoCString ref;
239 if (NS_SUCCEEDED(rv)) {
240 rv = aInput->GetRef(ref);
241 }
242
243 // If the ref is already equal to the new ref, we do not need to do anything.
244 // Also, if the GetRef failed (it could return NS_ERROR_NOT_IMPLEMENTED)
245 // we can assume SetRef would fail as well, so returning the original
246 // URI is OK.
247 //
248 // Note that aRef contains the hash, but ref doesn't, so need to account for
249 // that in the equality check.
250 if (NS_FAILED(rv) || (!hasRef && aRef.IsEmpty()) ||
251 (!aRef.IsEmpty() && hasRef &&
252 Substring(aRef.Data() + 1, aRef.Length() - 1) == ref)) {
253 nsCOMPtr<nsIURI> uri = aInput;
254 uri.forget(aOutput);
255 return NS_OK;
256 }
257
258 return NS_MutateURI(aInput).SetRef(aRef).Finalize(aOutput);
259 }
260
261 nsresult NS_GetURIWithoutRef(nsIURI* aInput, nsIURI** aOutput) {
262 return NS_GetURIWithNewRef(aInput, ""_ns, aOutput);
263 }
264
265 nsresult NS_NewChannelInternal(
266 nsIChannel** outChannel, nsIURI* aUri, nsILoadInfo* aLoadInfo,
267 PerformanceStorage* aPerformanceStorage /* = nullptr */,
268 nsILoadGroup* aLoadGroup /* = nullptr */,
269 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
270 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
271 nsIIOService* aIoService /* = nullptr */) {
272 // NS_NewChannelInternal is mostly called for channel redirects. We should
273 // allow the creation of a channel even if the original channel did not have a
274 // loadinfo attached.
275 NS_ENSURE_ARG_POINTER(outChannel);
276
277 nsCOMPtr<nsIIOService> grip;
278 nsresult rv = net_EnsureIOService(&aIoService, grip);
279 NS_ENSURE_SUCCESS(rv, rv);
280
281 nsCOMPtr<nsIChannel> channel;
282 rv = aIoService->NewChannelFromURIWithLoadInfo(aUri, aLoadInfo,
283 getter_AddRefs(channel));
284 NS_ENSURE_SUCCESS(rv, rv);
285
286 if (aLoadGroup) {
287 rv = channel->SetLoadGroup(aLoadGroup);
288 NS_ENSURE_SUCCESS(rv, rv);
289 }
290
291 if (aCallbacks) {
292 rv = channel->SetNotificationCallbacks(aCallbacks);
293 NS_ENSURE_SUCCESS(rv, rv);
294 }
295
296 #ifdef DEBUG
297 nsLoadFlags channelLoadFlags = 0;
298 channel->GetLoadFlags(&channelLoadFlags);
299 // Will be removed when we remove LOAD_REPLACE altogether
300 // This check is trying to catch protocol handlers that still
301 // try to set the LOAD_REPLACE flag.
302 MOZ_DIAGNOSTIC_ASSERT(!(channelLoadFlags & nsIChannel::LOAD_REPLACE));
303 #endif
304
305 if (aLoadFlags != nsIRequest::LOAD_NORMAL) {
306 rv = channel->SetLoadFlags(aLoadFlags);
307 NS_ENSURE_SUCCESS(rv, rv);
308 }
309
310 if (aPerformanceStorage) {
311 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
312 loadInfo->SetPerformanceStorage(aPerformanceStorage);
313 }
314
315 channel.forget(outChannel);
316 return NS_OK;
317 }
318
319 namespace {
320
321 void AssertLoadingPrincipalAndClientInfoMatch(
322 nsIPrincipal* aLoadingPrincipal, const ClientInfo& aLoadingClientInfo,
323 nsContentPolicyType aType) {
324 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
325 // Verify that the provided loading ClientInfo matches the loading
326 // principal. Unfortunately we can't just use nsIPrincipal::Equals() here
327 // because of some corner cases:
328 //
329 // 1. Worker debugger scripts want to use a system loading principal for
330 // worker scripts with a content principal. We exempt these from this
331 // check.
332 // 2. Null principals currently require exact object identity for
333 // nsIPrincipal::Equals() to return true. This doesn't work here because
334 // ClientInfo::GetPrincipal() uses PrincipalInfoToPrincipal() to allocate
335 // a new object. To work around this we compare the principal origin
336 // string itself. If bug 1431771 is fixed then we could switch to
337 // Equals().
338
339 // Allow worker debugger to load with a system principal.
340 if (aLoadingPrincipal->IsSystemPrincipal() &&
341 (aType == nsIContentPolicy::TYPE_INTERNAL_WORKER ||
342 aType == nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER ||
343 aType == nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER ||
344 aType == nsIContentPolicy::TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS ||
345 aType == nsIContentPolicy::TYPE_INTERNAL_WORKER_STATIC_MODULE)) {
346 return;
347 }
348
349 // Perform a fast comparison for most principal checks.
350 auto clientPrincipalOrErr(aLoadingClientInfo.GetPrincipal());
351 if (clientPrincipalOrErr.isOk()) {
352 nsCOMPtr<nsIPrincipal> clientPrincipal = clientPrincipalOrErr.unwrap();
353 if (aLoadingPrincipal->Equals(clientPrincipal)) {
354 return;
355 }
356 // Fall back to a slower origin equality test to support null principals.
357 nsAutoCString loadingOriginNoSuffix;
358 MOZ_ALWAYS_SUCCEEDS(
359 aLoadingPrincipal->GetOriginNoSuffix(loadingOriginNoSuffix));
360
361 nsAutoCString clientOriginNoSuffix;
362 MOZ_ALWAYS_SUCCEEDS(
363 clientPrincipal->GetOriginNoSuffix(clientOriginNoSuffix));
364
365 // The client principal will have the partitionKey set if it's in a third
366 // party context, but the loading principal won't. So, we ignore he
367 // partitionKey when doing the verification here.
368 MOZ_DIAGNOSTIC_ASSERT(loadingOriginNoSuffix == clientOriginNoSuffix);
369 MOZ_DIAGNOSTIC_ASSERT(
370 aLoadingPrincipal->OriginAttributesRef().EqualsIgnoringPartitionKey(
371 clientPrincipal->OriginAttributesRef()));
372 }
373 #endif
374 }
375
376 } // namespace
377
378 nsresult NS_NewChannel(nsIChannel** outChannel, nsIURI* aUri,
379 nsIPrincipal* aLoadingPrincipal,
380 nsSecurityFlags aSecurityFlags,
381 nsContentPolicyType aContentPolicyType,
382 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
383 PerformanceStorage* aPerformanceStorage /* = nullptr */,
384 nsILoadGroup* aLoadGroup /* = nullptr */,
385 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
386 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
387 nsIIOService* aIoService /* = nullptr */,
388 uint32_t aSandboxFlags /* = 0 */,
389 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
390 return NS_NewChannelInternal(
391 outChannel, aUri,
392 nullptr, // aLoadingNode,
393 aLoadingPrincipal,
394 nullptr, // aTriggeringPrincipal
395 Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
396 aContentPolicyType, aCookieJarSettings, aPerformanceStorage, aLoadGroup,
397 aCallbacks, aLoadFlags, aIoService, aSandboxFlags,
398 aSkipCheckForBrokenURLOrZeroSized);
399 }
400
401 nsresult NS_NewChannel(nsIChannel** outChannel, nsIURI* aUri,
402 nsIPrincipal* aLoadingPrincipal,
403 const ClientInfo& aLoadingClientInfo,
404 const Maybe<ServiceWorkerDescriptor>& aController,
405 nsSecurityFlags aSecurityFlags,
406 nsContentPolicyType aContentPolicyType,
407 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
408 PerformanceStorage* aPerformanceStorage /* = nullptr */,
409 nsILoadGroup* aLoadGroup /* = nullptr */,
410 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
411 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
412 nsIIOService* aIoService /* = nullptr */,
413 uint32_t aSandboxFlags /* = 0 */,
414 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
415 AssertLoadingPrincipalAndClientInfoMatch(
416 aLoadingPrincipal, aLoadingClientInfo, aContentPolicyType);
417
418 Maybe<ClientInfo> loadingClientInfo;
419 loadingClientInfo.emplace(aLoadingClientInfo);
420
421 return NS_NewChannelInternal(
422 outChannel, aUri,
423 nullptr, // aLoadingNode,
424 aLoadingPrincipal,
425 nullptr, // aTriggeringPrincipal
426 loadingClientInfo, aController, aSecurityFlags, aContentPolicyType,
427 aCookieJarSettings, aPerformanceStorage, aLoadGroup, aCallbacks,
428 aLoadFlags, aIoService, aSandboxFlags, aSkipCheckForBrokenURLOrZeroSized);
429 }
430
431 nsresult NS_NewChannelInternal(
432 nsIChannel** outChannel, nsIURI* aUri, nsINode* aLoadingNode,
433 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
434 const Maybe<ClientInfo>& aLoadingClientInfo,
435 const Maybe<ServiceWorkerDescriptor>& aController,
436 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
437 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
438 PerformanceStorage* aPerformanceStorage /* = nullptr */,
439 nsILoadGroup* aLoadGroup /* = nullptr */,
440 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
441 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
442 nsIIOService* aIoService /* = nullptr */, uint32_t aSandboxFlags /* = 0 */,
443 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
444 NS_ENSURE_ARG_POINTER(outChannel);
445
446 nsCOMPtr<nsIIOService> grip;
447 nsresult rv = net_EnsureIOService(&aIoService, grip);
448 NS_ENSURE_SUCCESS(rv, rv);
449
450 nsCOMPtr<nsIChannel> channel;
451 rv = aIoService->NewChannelFromURIWithClientAndController(
452 aUri, aLoadingNode, aLoadingPrincipal, aTriggeringPrincipal,
453 aLoadingClientInfo, aController, aSecurityFlags, aContentPolicyType,
454 aSandboxFlags, aSkipCheckForBrokenURLOrZeroSized,
455 getter_AddRefs(channel));
456 if (NS_FAILED(rv)) {
457 return rv;
458 }
459
460 if (aLoadGroup) {
461 rv = channel->SetLoadGroup(aLoadGroup);
462 NS_ENSURE_SUCCESS(rv, rv);
463 }
464
465 if (aCallbacks) {
466 rv = channel->SetNotificationCallbacks(aCallbacks);
467 NS_ENSURE_SUCCESS(rv, rv);
468 }
469
470 #ifdef DEBUG
471 nsLoadFlags channelLoadFlags = 0;
472 channel->GetLoadFlags(&channelLoadFlags);
473 // Will be removed when we remove LOAD_REPLACE altogether
474 // This check is trying to catch protocol handlers that still
475 // try to set the LOAD_REPLACE flag.
476 MOZ_DIAGNOSTIC_ASSERT(!(channelLoadFlags & nsIChannel::LOAD_REPLACE));
477 #endif
478
479 if (aLoadFlags != nsIRequest::LOAD_NORMAL) {
480 rv = channel->SetLoadFlags(aLoadFlags);
481 NS_ENSURE_SUCCESS(rv, rv);
482 }
483
484 if (aPerformanceStorage || aCookieJarSettings) {
485 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
486
487 if (aPerformanceStorage) {
488 loadInfo->SetPerformanceStorage(aPerformanceStorage);
489 }
490
491 if (aCookieJarSettings) {
492 loadInfo->SetCookieJarSettings(aCookieJarSettings);
493 }
494 }
495
496 channel.forget(outChannel);
497 return NS_OK;
498 }
499
500 nsresult /*NS_NewChannelWithNodeAndTriggeringPrincipal */
501 NS_NewChannelWithTriggeringPrincipal(
502 nsIChannel** outChannel, nsIURI* aUri, nsINode* aLoadingNode,
503 nsIPrincipal* aTriggeringPrincipal, nsSecurityFlags aSecurityFlags,
504 nsContentPolicyType aContentPolicyType,
505 PerformanceStorage* aPerformanceStorage /* = nullptr */,
506 nsILoadGroup* aLoadGroup /* = nullptr */,
507 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
508 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
509 nsIIOService* aIoService /* = nullptr */) {
510 MOZ_ASSERT(aLoadingNode);
511 NS_ASSERTION(aTriggeringPrincipal,
512 "Can not create channel without a triggering Principal!");
513 return NS_NewChannelInternal(
514 outChannel, aUri, aLoadingNode, aLoadingNode->NodePrincipal(),
515 aTriggeringPrincipal, Maybe<ClientInfo>(),
516 Maybe<ServiceWorkerDescriptor>(), aSecurityFlags, aContentPolicyType,
517 aLoadingNode->OwnerDoc()->CookieJarSettings(), aPerformanceStorage,
518 aLoadGroup, aCallbacks, aLoadFlags, aIoService);
519 }
520
521 // See NS_NewChannelInternal for usage and argument description
522 nsresult NS_NewChannelWithTriggeringPrincipal(
523 nsIChannel** outChannel, nsIURI* aUri, nsIPrincipal* aLoadingPrincipal,
524 nsIPrincipal* aTriggeringPrincipal, nsSecurityFlags aSecurityFlags,
525 nsContentPolicyType aContentPolicyType,
526 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
527 PerformanceStorage* aPerformanceStorage /* = nullptr */,
528 nsILoadGroup* aLoadGroup /* = nullptr */,
529 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
530 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
531 nsIIOService* aIoService /* = nullptr */) {
532 NS_ASSERTION(aLoadingPrincipal,
533 "Can not create channel without a loading Principal!");
534 return NS_NewChannelInternal(
535 outChannel, aUri,
536 nullptr, // aLoadingNode
537 aLoadingPrincipal, aTriggeringPrincipal, Maybe<ClientInfo>(),
538 Maybe<ServiceWorkerDescriptor>(), aSecurityFlags, aContentPolicyType,
539 aCookieJarSettings, aPerformanceStorage, aLoadGroup, aCallbacks,
540 aLoadFlags, aIoService);
541 }
542
543 // See NS_NewChannelInternal for usage and argument description
544 nsresult NS_NewChannelWithTriggeringPrincipal(
545 nsIChannel** outChannel, nsIURI* aUri, nsIPrincipal* aLoadingPrincipal,
546 nsIPrincipal* aTriggeringPrincipal, const ClientInfo& aLoadingClientInfo,
547 const Maybe<ServiceWorkerDescriptor>& aController,
548 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
549 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
550 PerformanceStorage* aPerformanceStorage /* = nullptr */,
551 nsILoadGroup* aLoadGroup /* = nullptr */,
552 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
553 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
554 nsIIOService* aIoService /* = nullptr */) {
555 AssertLoadingPrincipalAndClientInfoMatch(
556 aLoadingPrincipal, aLoadingClientInfo, aContentPolicyType);
557
558 Maybe<ClientInfo> loadingClientInfo;
559 loadingClientInfo.emplace(aLoadingClientInfo);
560
561 return NS_NewChannelInternal(
562 outChannel, aUri,
563 nullptr, // aLoadingNode
564 aLoadingPrincipal, aTriggeringPrincipal, loadingClientInfo, aController,
565 aSecurityFlags, aContentPolicyType, aCookieJarSettings,
566 aPerformanceStorage, aLoadGroup, aCallbacks, aLoadFlags, aIoService);
567 }
568
569 nsresult NS_NewChannel(nsIChannel** outChannel, nsIURI* aUri,
570 nsINode* aLoadingNode, nsSecurityFlags aSecurityFlags,
571 nsContentPolicyType aContentPolicyType,
572 PerformanceStorage* aPerformanceStorage /* = nullptr */,
573 nsILoadGroup* aLoadGroup /* = nullptr */,
574 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
575 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
576 nsIIOService* aIoService /* = nullptr */,
577 uint32_t aSandboxFlags /* = 0 */,
578 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
579 NS_ASSERTION(aLoadingNode, "Can not create channel without a loading Node!");
580 return NS_NewChannelInternal(
581 outChannel, aUri, aLoadingNode, aLoadingNode->NodePrincipal(),
582 nullptr, // aTriggeringPrincipal
583 Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
584 aContentPolicyType, aLoadingNode->OwnerDoc()->CookieJarSettings(),
585 aPerformanceStorage, aLoadGroup, aCallbacks, aLoadFlags, aIoService,
586 aSandboxFlags, aSkipCheckForBrokenURLOrZeroSized);
587 }
588
589 nsresult NS_GetIsDocumentChannel(nsIChannel* aChannel, bool* aIsDocument) {
590 // Check if this channel is going to be used to create a document. If it has
591 // LOAD_DOCUMENT_URI set it is trivially creating a document. If
592 // LOAD_HTML_OBJECT_DATA is set it may or may not be used to create a
593 // document, depending on its MIME type.
594
595 if (!aChannel || !aIsDocument) {
596 return NS_ERROR_NULL_POINTER;
597 }
598 *aIsDocument = false;
599 nsLoadFlags loadFlags;
600 nsresult rv = aChannel->GetLoadFlags(&loadFlags);
601 if (NS_FAILED(rv)) {
602 return rv;
603 }
604 if (loadFlags & nsIChannel::LOAD_DOCUMENT_URI) {
605 *aIsDocument = true;
606 return NS_OK;
607 }
608 if (!(loadFlags & nsIRequest::LOAD_HTML_OBJECT_DATA)) {
609 *aIsDocument = false;
610 return NS_OK;
611 }
612 nsAutoCString mimeType;
613 rv = aChannel->GetContentType(mimeType);
614 if (NS_FAILED(rv)) {
615 return rv;
616 }
617 if (nsContentUtils::HtmlObjectContentTypeForMIMEType(mimeType) ==
618 nsIObjectLoadingContent::TYPE_DOCUMENT) {
619 *aIsDocument = true;
620 return NS_OK;
621 }
622 *aIsDocument = false;
623 return NS_OK;
624 }
625
626 nsresult NS_MakeAbsoluteURI(nsACString& result, const nsACString& spec,
627 nsIURI* baseURI) {
628 nsresult rv;
629 if (!baseURI) {
630 NS_WARNING("It doesn't make sense to not supply a base URI");
631 result = spec;
632 rv = NS_OK;
633 } else if (spec.IsEmpty()) {
634 rv = baseURI->GetSpec(result);
635 } else {
636 rv = baseURI->Resolve(spec, result);
637 }
638 return rv;
639 }
640
641 nsresult NS_MakeAbsoluteURI(char** result, const char* spec, nsIURI* baseURI) {
642 nsresult rv;
643 nsAutoCString resultBuf;
644 rv = NS_MakeAbsoluteURI(resultBuf, nsDependentCString(spec), baseURI);
645 if (NS_SUCCEEDED(rv)) {
646 *result = ToNewCString(resultBuf, mozilla::fallible);
647 if (!*result) rv = NS_ERROR_OUT_OF_MEMORY;
648 }
649 return rv;
650 }
651
652 nsresult NS_MakeAbsoluteURI(nsAString& result, const nsAString& spec,
653 nsIURI* baseURI) {
654 nsresult rv;
655 if (!baseURI) {
656 NS_WARNING("It doesn't make sense to not supply a base URI");
657 result = spec;
658 rv = NS_OK;
659 } else {
660 nsAutoCString resultBuf;
661 if (spec.IsEmpty()) {
662 rv = baseURI->GetSpec(resultBuf);
663 } else {
664 rv = baseURI->Resolve(NS_ConvertUTF16toUTF8(spec), resultBuf);
665 }
666 if (NS_SUCCEEDED(rv)) CopyUTF8toUTF16(resultBuf, result);
667 }
668 return rv;
669 }
670
671 int32_t NS_GetDefaultPort(const char* scheme,
672 nsIIOService* ioService /* = nullptr */) {
673 nsresult rv;
674
675 // Getting the default port through the protocol handler previously had a lot
676 // of XPCOM overhead involved. We optimize the protocols that matter for Web
677 // pages (HTTP and HTTPS) by hardcoding their default ports here.
678 //
679 // XXX: This might not be necessary for performance anymore.
680 if (strncmp(scheme, "http", 4) == 0) {
681 if (scheme[4] == 's' && scheme[5] == '\0') {
682 return 443;
683 }
684 if (scheme[4] == '\0') {
685 return 80;
686 }
687 }
688
689 nsCOMPtr<nsIIOService> grip;
690 net_EnsureIOService(&ioService, grip);
691 if (!ioService) return -1;
692
693 int32_t port;
694 rv = ioService->GetDefaultPort(scheme, &port);
695 return NS_SUCCEEDED(rv) ? port : -1;
696 }
697
698 int32_t NS_GetRealPort(nsIURI* aURI) {
699 int32_t port;
700 nsresult rv = aURI->GetPort(&port);
701 if (NS_FAILED(rv)) return -1;
702
703 if (port != -1) return port; // explicitly specified
704
705 // Otherwise, we have to get the default port from the protocol handler
706
707 // Need the scheme first
708 nsAutoCString scheme;
709 rv = aURI->GetScheme(scheme);
710 if (NS_FAILED(rv)) return -1;
711
712 return NS_GetDefaultPort(scheme.get());
713 }
714
715 nsresult NS_NewInputStreamChannelInternal(
716 nsIChannel** outChannel, nsIURI* aUri,
717 already_AddRefed<nsIInputStream> aStream, const nsACString& aContentType,
718 const nsACString& aContentCharset, nsILoadInfo* aLoadInfo) {
719 nsresult rv;
720 nsCOMPtr<nsIInputStreamChannel> isc =
721 do_CreateInstance(NS_INPUTSTREAMCHANNEL_CONTRACTID, &rv);
722 NS_ENSURE_SUCCESS(rv, rv);
723 rv = isc->SetURI(aUri);
724 NS_ENSURE_SUCCESS(rv, rv);
725
726 nsCOMPtr<nsIInputStream> stream = std::move(aStream);
727 rv = isc->SetContentStream(stream);
728 NS_ENSURE_SUCCESS(rv, rv);
729
730 nsCOMPtr<nsIChannel> channel = do_QueryInterface(isc, &rv);
731 NS_ENSURE_SUCCESS(rv, rv);
732
733 if (!aContentType.IsEmpty()) {
734 rv = channel->SetContentType(aContentType);
735 NS_ENSURE_SUCCESS(rv, rv);
736 }
737
738 if (!aContentCharset.IsEmpty()) {
739 rv = channel->SetContentCharset(aContentCharset);
740 NS_ENSURE_SUCCESS(rv, rv);
741 }
742
743 MOZ_ASSERT(aLoadInfo, "need a loadinfo to create a inputstreamchannel");
744 channel->SetLoadInfo(aLoadInfo);
745
746 // If we're sandboxed, make sure to clear any owner the channel
747 // might already have.
748 if (aLoadInfo && aLoadInfo->GetLoadingSandboxed()) {
749 channel->SetOwner(nullptr);
750 }
751
752 channel.forget(outChannel);
753 return NS_OK;
754 }
755
756 nsresult NS_NewInputStreamChannelInternal(
757 nsIChannel** outChannel, nsIURI* aUri,
758 already_AddRefed<nsIInputStream> aStream, const nsACString& aContentType,
759 const nsACString& aContentCharset, nsINode* aLoadingNode,
760 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
761 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType) {
762 nsCOMPtr<nsILoadInfo> loadInfo = new mozilla::net::LoadInfo(
763 aLoadingPrincipal, aTriggeringPrincipal, aLoadingNode, aSecurityFlags,
764 aContentPolicyType);
765 if (!loadInfo) {
766 return NS_ERROR_UNEXPECTED;
767 }
768
769 nsCOMPtr<nsIInputStream> stream = std::move(aStream);
770
771 return NS_NewInputStreamChannelInternal(outChannel, aUri, stream.forget(),
772 aContentType, aContentCharset,
773 loadInfo);
774 }
775
776 nsresult NS_NewInputStreamChannel(
777 nsIChannel** outChannel, nsIURI* aUri,
778 already_AddRefed<nsIInputStream> aStream, nsIPrincipal* aLoadingPrincipal,
779 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
780 const nsACString& aContentType /* = ""_ns */,
781 const nsACString& aContentCharset /* = ""_ns */) {
782 nsCOMPtr<nsIInputStream> stream = aStream;
783 return NS_NewInputStreamChannelInternal(outChannel, aUri, stream.forget(),
784 aContentType, aContentCharset,
785 nullptr, // aLoadingNode
786 aLoadingPrincipal,
787 nullptr, // aTriggeringPrincipal
788 aSecurityFlags, aContentPolicyType);
789 }
790
791 nsresult NS_NewInputStreamChannelInternal(nsIChannel** outChannel, nsIURI* aUri,
792 const nsAString& aData,
793 const nsACString& aContentType,
794 nsILoadInfo* aLoadInfo,
795 bool aIsSrcdocChannel /* = false */) {
796 nsresult rv;
797 nsCOMPtr<nsIStringInputStream> stream;
798 stream = do_CreateInstance(NS_STRINGINPUTSTREAM_CONTRACTID, &rv);
799 NS_ENSURE_SUCCESS(rv, rv);
800
801 uint32_t len;
802 char* utf8Bytes = ToNewUTF8String(aData, &len);
803 rv = stream->AdoptData(utf8Bytes, len);
804
805 nsCOMPtr<nsIChannel> channel;
806 rv = NS_NewInputStreamChannelInternal(getter_AddRefs(channel), aUri,
807 stream.forget(), aContentType,
808 "UTF-8"_ns, aLoadInfo);
809
810 NS_ENSURE_SUCCESS(rv, rv);
811
812 if (aIsSrcdocChannel) {
813 nsCOMPtr<nsIInputStreamChannel> inStrmChan = do_QueryInterface(channel);
814 NS_ENSURE_TRUE(inStrmChan, NS_ERROR_FAILURE);
815 inStrmChan->SetSrcdocData(aData);
816 }
817 channel.forget(outChannel);
818 return NS_OK;
819 }
820
821 nsresult NS_NewInputStreamChannelInternal(
822 nsIChannel** outChannel, nsIURI* aUri, const nsAString& aData,
823 const nsACString& aContentType, nsINode* aLoadingNode,
824 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
825 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
826 bool aIsSrcdocChannel /* = false */) {
827 nsCOMPtr<nsILoadInfo> loadInfo = new mozilla::net::LoadInfo(
828 aLoadingPrincipal, aTriggeringPrincipal, aLoadingNode, aSecurityFlags,
829 aContentPolicyType);
830 return NS_NewInputStreamChannelInternal(outChannel, aUri, aData, aContentType,
831 loadInfo, aIsSrcdocChannel);
832 }
833
834 nsresult NS_NewInputStreamChannel(nsIChannel** outChannel, nsIURI* aUri,
835 const nsAString& aData,
836 const nsACString& aContentType,
837 nsIPrincipal* aLoadingPrincipal,
838 nsSecurityFlags aSecurityFlags,
839 nsContentPolicyType aContentPolicyType,
840 bool aIsSrcdocChannel /* = false */) {
841 return NS_NewInputStreamChannelInternal(outChannel, aUri, aData, aContentType,
842 nullptr, // aLoadingNode
843 aLoadingPrincipal,
844 nullptr, // aTriggeringPrincipal
845 aSecurityFlags, aContentPolicyType,
846 aIsSrcdocChannel);
847 }
848
849 nsresult NS_NewInputStreamPump(
850 nsIInputStreamPump** aResult, already_AddRefed<nsIInputStream> aStream,
851 uint32_t aSegsize /* = 0 */, uint32_t aSegcount /* = 0 */,
852 bool aCloseWhenDone /* = false */,
853 nsISerialEventTarget* aMainThreadTarget /* = nullptr */) {
854 nsCOMPtr<nsIInputStream> stream = std::move(aStream);
855
856 nsresult rv;
857 nsCOMPtr<nsIInputStreamPump> pump =
858 do_CreateInstance(NS_INPUTSTREAMPUMP_CONTRACTID, &rv);
859 if (NS_SUCCEEDED(rv)) {
860 rv = pump->Init(stream, aSegsize, aSegcount, aCloseWhenDone,
861 aMainThreadTarget);
862 if (NS_SUCCEEDED(rv)) {
863 *aResult = nullptr;
864 pump.swap(*aResult);
865 }
866 }
867 return rv;
868 }
869
870 nsresult NS_NewLoadGroup(nsILoadGroup** result, nsIRequestObserver* obs) {
871 nsresult rv;
872 nsCOMPtr<nsILoadGroup> group =
873 do_CreateInstance(NS_LOADGROUP_CONTRACTID, &rv);
874 if (NS_SUCCEEDED(rv)) {
875 rv = group->SetGroupObserver(obs);
876 if (NS_SUCCEEDED(rv)) {
877 *result = nullptr;
878 group.swap(*result);
879 }
880 }
881 return rv;
882 }
883
884 bool NS_IsReasonableHTTPHeaderValue(const nsACString& aValue) {
885 return mozilla::net::nsHttp::IsReasonableHeaderValue(aValue);
886 }
887
888 bool NS_IsValidHTTPToken(const nsACString& aToken) {
889 return mozilla::net::nsHttp::IsValidToken(aToken);
890 }
891
892 void NS_TrimHTTPWhitespace(const nsACString& aSource, nsACString& aDest) {
893 mozilla::net::nsHttp::TrimHTTPWhitespace(aSource, aDest);
894 }
895
896 nsresult NS_NewLoadGroup(nsILoadGroup** aResult, nsIPrincipal* aPrincipal) {
897 using mozilla::LoadContext;
898 nsresult rv;
899
900 nsCOMPtr<nsILoadGroup> group =
901 do_CreateInstance(NS_LOADGROUP_CONTRACTID, &rv);
902 NS_ENSURE_SUCCESS(rv, rv);
903
904 RefPtr<LoadContext> loadContext = new LoadContext(aPrincipal);
905 rv = group->SetNotificationCallbacks(loadContext);
906 NS_ENSURE_SUCCESS(rv, rv);
907
908 group.forget(aResult);
909 return rv;
910 }
911
912 bool NS_LoadGroupMatchesPrincipal(nsILoadGroup* aLoadGroup,
913 nsIPrincipal* aPrincipal) {
914 if (!aPrincipal) {
915 return false;
916 }
917
918 // If this is a null principal then the load group doesn't really matter.
919 // The principal will not be allowed to perform any actions that actually
920 // use the load group. Unconditionally treat null principals as a match.
921 if (aPrincipal->GetIsNullPrincipal()) {
922 return true;
923 }
924
925 if (!aLoadGroup) {
926 return false;
927 }
928
929 nsCOMPtr<nsILoadContext> loadContext;
930 NS_QueryNotificationCallbacks(nullptr, aLoadGroup, NS_GET_IID(nsILoadContext),
931 getter_AddRefs(loadContext));
932 NS_ENSURE_TRUE(loadContext, false);
933
934 return true;
935 }
936
937 nsresult NS_NewDownloader(nsIStreamListener** result,
938 nsIDownloadObserver* observer,
939 nsIFile* downloadLocation /* = nullptr */) {
940 nsresult rv;
941 nsCOMPtr<nsIDownloader> downloader =
942 do_CreateInstance(NS_DOWNLOADER_CONTRACTID, &rv);
943 if (NS_SUCCEEDED(rv)) {
944 rv = downloader->Init(observer, downloadLocation);
945 if (NS_SUCCEEDED(rv)) {
946 downloader.forget(result);
947 }
948 }
949 return rv;
950 }
951
952 nsresult NS_NewIncrementalStreamLoader(
953 nsIIncrementalStreamLoader** result,
954 nsIIncrementalStreamLoaderObserver* observer) {
955 nsresult rv;
956 nsCOMPtr<nsIIncrementalStreamLoader> loader =
957 do_CreateInstance(NS_INCREMENTALSTREAMLOADER_CONTRACTID, &rv);
958 if (NS_SUCCEEDED(rv)) {
959 rv = loader->Init(observer);
960 if (NS_SUCCEEDED(rv)) {
961 *result = nullptr;
962 loader.swap(*result);
963 }
964 }
965 return rv;
966 }
967
968 nsresult NS_NewStreamLoader(
969 nsIStreamLoader** result, nsIStreamLoaderObserver* observer,
970 nsIRequestObserver* requestObserver /* = nullptr */) {
971 nsresult rv;
972 nsCOMPtr<nsIStreamLoader> loader =
973 do_CreateInstance(NS_STREAMLOADER_CONTRACTID, &rv);
974 if (NS_SUCCEEDED(rv)) {
975 rv = loader->Init(observer, requestObserver);
976 if (NS_SUCCEEDED(rv)) {
977 *result = nullptr;
978 loader.swap(*result);
979 }
980 }
981 return rv;
982 }
983
984 nsresult NS_NewStreamLoaderInternal(
985 nsIStreamLoader** outStream, nsIURI* aUri,
986 nsIStreamLoaderObserver* aObserver, nsINode* aLoadingNode,
987 nsIPrincipal* aLoadingPrincipal, nsSecurityFlags aSecurityFlags,
988 nsContentPolicyType aContentPolicyType,
989 nsILoadGroup* aLoadGroup /* = nullptr */,
990 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
991 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */) {
992 nsCOMPtr<nsIChannel> channel;
993 nsresult rv = NS_NewChannelInternal(
994 getter_AddRefs(channel), aUri, aLoadingNode, aLoadingPrincipal,
995 nullptr, // aTriggeringPrincipal
996 Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
997 aContentPolicyType,
998 nullptr, // nsICookieJarSettings
999 nullptr, // PerformanceStorage
1000 aLoadGroup, aCallbacks, aLoadFlags);
1001
1002 NS_ENSURE_SUCCESS(rv, rv);
1003 rv = NS_NewStreamLoader(outStream, aObserver);
1004 NS_ENSURE_SUCCESS(rv, rv);
1005 return channel->AsyncOpen(*outStream);
1006 }
1007
1008 nsresult NS_NewStreamLoader(
1009 nsIStreamLoader** outStream, nsIURI* aUri,
1010 nsIStreamLoaderObserver* aObserver, nsINode* aLoadingNode,
1011 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
1012 nsILoadGroup* aLoadGroup /* = nullptr */,
1013 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
1014 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */) {
1015 NS_ASSERTION(aLoadingNode,
1016 "Can not create stream loader without a loading Node!");
1017 return NS_NewStreamLoaderInternal(
1018 outStream, aUri, aObserver, aLoadingNode, aLoadingNode->NodePrincipal(),
1019 aSecurityFlags, aContentPolicyType, aLoadGroup, aCallbacks, aLoadFlags);
1020 }
1021
1022 nsresult NS_NewStreamLoader(
1023 nsIStreamLoader** outStream, nsIURI* aUri,
1024 nsIStreamLoaderObserver* aObserver, nsIPrincipal* aLoadingPrincipal,
1025 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
1026 nsILoadGroup* aLoadGroup /* = nullptr */,
1027 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
1028 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */) {
1029 return NS_NewStreamLoaderInternal(outStream, aUri, aObserver,
1030 nullptr, // aLoadingNode
1031 aLoadingPrincipal, aSecurityFlags,
1032 aContentPolicyType, aLoadGroup, aCallbacks,
1033 aLoadFlags);
1034 }
1035
1036 nsresult NS_NewSyncStreamListener(nsIStreamListener** result,
1037 nsIInputStream** stream) {
1038 nsCOMPtr<nsISyncStreamListener> listener = new nsSyncStreamListener();
1039 nsresult rv = listener->GetInputStream(stream);
1040 if (NS_SUCCEEDED(rv)) {
1041 listener.forget(result);
1042 }
1043 return rv;
1044 }
1045
1046 nsresult NS_ImplementChannelOpen(nsIChannel* channel, nsIInputStream** result) {
1047 nsCOMPtr<nsIStreamListener> listener;
1048 nsCOMPtr<nsIInputStream> stream;
1049 nsresult rv = NS_NewSyncStreamListener(getter_AddRefs(listener),
1050 getter_AddRefs(stream));
1051 NS_ENSURE_SUCCESS(rv, rv);
1052
1053 rv = channel->AsyncOpen(listener);
1054 NS_ENSURE_SUCCESS(rv, rv);
1055
1056 uint64_t n;
1057 // block until the initial response is received or an error occurs.
1058 rv = stream->Available(&n);
1059 NS_ENSURE_SUCCESS(rv, rv);
1060
1061 *result = nullptr;
1062 stream.swap(*result);
1063
1064 return NS_OK;
1065 }
1066
1067 nsresult NS_NewRequestObserverProxy(nsIRequestObserver** result,
1068 nsIRequestObserver* observer,
1069 nsISupports* context) {
1070 nsCOMPtr<nsIRequestObserverProxy> proxy = new nsRequestObserverProxy();
1071 nsresult rv = proxy->Init(observer, context);
1072 if (NS_SUCCEEDED(rv)) {
1073 proxy.forget(result);
1074 }
1075 return rv;
1076 }
1077
1078 nsresult NS_NewSimpleStreamListener(
1079 nsIStreamListener** result, nsIOutputStream* sink,
1080 nsIRequestObserver* observer /* = nullptr */) {
1081 nsresult rv;
1082 nsCOMPtr<nsISimpleStreamListener> listener =
1083 do_CreateInstance(NS_SIMPLESTREAMLISTENER_CONTRACTID, &rv);
1084 if (NS_SUCCEEDED(rv)) {
1085 rv = listener->Init(sink, observer);
1086 if (NS_SUCCEEDED(rv)) {
1087 listener.forget(result);
1088 }
1089 }
1090 return rv;
1091 }
1092
1093 nsresult NS_CheckPortSafety(int32_t port, const char* scheme,
1094 nsIIOService* ioService /* = nullptr */) {
1095 nsresult rv;
1096 nsCOMPtr<nsIIOService> grip;
1097 rv = net_EnsureIOService(&ioService, grip);
1098 if (ioService) {
1099 bool allow;
1100 rv = ioService->AllowPort(port, scheme, &allow);
1101 if (NS_SUCCEEDED(rv) && !allow) {
1102 NS_WARNING("port blocked");
1103 rv = NS_ERROR_PORT_ACCESS_NOT_ALLOWED;
1104 }
1105 }
1106 return rv;
1107 }
1108
1109 nsresult NS_CheckPortSafety(nsIURI* uri) {
1110 int32_t port;
1111 nsresult rv = uri->GetPort(&port);
1112 if (NS_FAILED(rv) || port == -1) { // port undefined or default-valued
1113 return NS_OK;
1114 }
1115 nsAutoCString scheme;
1116 uri->GetScheme(scheme);
1117 return NS_CheckPortSafety(port, scheme.get());
1118 }
1119
1120 nsresult NS_NewProxyInfo(const nsACString& type, const nsACString& host,
1121 int32_t port, uint32_t flags, nsIProxyInfo** result) {
1122 nsresult rv;
1123 nsCOMPtr<nsIProtocolProxyService> pps;
1124 pps = mozilla::components::ProtocolProxy::Service(&rv);
1125 if (NS_SUCCEEDED(rv)) {
1126 rv = pps->NewProxyInfo(type, host, port, ""_ns, ""_ns, flags, UINT32_MAX,
1127 nullptr, result);
1128 }
1129 return rv;
1130 }
1131
1132 nsresult NS_GetFileProtocolHandler(nsIFileProtocolHandler** result,
1133 nsIIOService* ioService /* = nullptr */) {
1134 nsresult rv;
1135 nsCOMPtr<nsIIOService> grip;
1136 rv = net_EnsureIOService(&ioService, grip);
1137 if (ioService) {
1138 nsCOMPtr<nsIProtocolHandler> handler;
1139 rv = ioService->GetProtocolHandler("file", getter_AddRefs(handler));
1140 if (NS_SUCCEEDED(rv)) rv = CallQueryInterface(handler, result);
1141 }
1142 return rv;
1143 }
1144
1145 nsresult NS_GetFileFromURLSpec(const nsACString& inURL, nsIFile** result,
1146 nsIIOService* ioService /* = nullptr */) {
1147 nsresult rv;
1148 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1149 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1150 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetFileFromURLSpec(inURL, result);
1151 return rv;
1152 }
1153
1154 nsresult NS_GetURLSpecFromFile(nsIFile* file, nsACString& url,
1155 nsIIOService* ioService /* = nullptr */) {
1156 nsresult rv;
1157 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1158 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1159 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetURLSpecFromFile(file, url);
1160 return rv;
1161 }
1162
1163 nsresult NS_GetURLSpecFromActualFile(nsIFile* file, nsACString& url,
1164 nsIIOService* ioService /* = nullptr */) {
1165 nsresult rv;
1166 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1167 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1168 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetURLSpecFromActualFile(file, url);
1169 return rv;
1170 }
1171
1172 nsresult NS_GetURLSpecFromDir(nsIFile* file, nsACString& url,
1173 nsIIOService* ioService /* = nullptr */) {
1174 nsresult rv;
1175 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1176 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1177 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetURLSpecFromDir(file, url);
1178 return rv;
1179 }
1180
1181 void NS_GetReferrerFromChannel(nsIChannel* channel, nsIURI** referrer) {
1182 *referrer = nullptr;
1183
1184 if (nsCOMPtr<nsIPropertyBag2> props = do_QueryInterface(channel)) {
1185 // We have to check for a property on a property bag because the
1186 // referrer may be empty for security reasons (for example, when loading
1187 // an http page with an https referrer).
1188 nsresult rv;
1189 nsCOMPtr<nsIURI> uri(
1190 do_GetProperty(props, u"docshell.internalReferrer"_ns, &rv));
1191 if (NS_SUCCEEDED(rv)) {
1192 uri.forget(referrer);
1193 return;
1194 }
1195 }
1196
1197 // if that didn't work, we can still try to get the referrer from the
1198 // nsIHttpChannel (if we can QI to it)
1199 nsCOMPtr<nsIHttpChannel> chan(do_QueryInterface(channel));
1200 if (!chan) {
1201 return;
1202 }
1203
1204 nsCOMPtr<nsIReferrerInfo> referrerInfo = chan->GetReferrerInfo();
1205 if (!referrerInfo) {
1206 return;
1207 }
1208
1209 referrerInfo->GetOriginalReferrer(referrer);
1210 }
1211
1212 already_AddRefed<nsINetUtil> do_GetNetUtil(nsresult* error /* = 0 */) {
1213 nsCOMPtr<nsIIOService> io;
1214 nsCOMPtr<nsINetUtil> util;
1215
1216 io = mozilla::components::IO::Service();
1217 if (io) util = do_QueryInterface(io);
1218
1219 if (error) *error = !!util ? NS_OK : NS_ERROR_FAILURE;
1220 return util.forget();
1221 }
1222
1223 nsresult NS_ParseRequestContentType(const nsACString& rawContentType,
1224 nsCString& contentType,
1225 nsCString& contentCharset) {
1226 // contentCharset is left untouched if not present in rawContentType
1227 nsresult rv;
1228 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
1229 NS_ENSURE_SUCCESS(rv, rv);
1230 nsCString charset;
1231 bool hadCharset;
1232 rv = util->ParseRequestContentType(rawContentType, charset, &hadCharset,
1233 contentType);
1234 if (NS_SUCCEEDED(rv) && hadCharset) contentCharset = charset;
1235 return rv;
1236 }
1237
1238 nsresult NS_ParseResponseContentType(const nsACString& rawContentType,
1239 nsCString& contentType,
1240 nsCString& contentCharset) {
1241 // contentCharset is left untouched if not present in rawContentType
1242 nsresult rv;
1243 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
1244 NS_ENSURE_SUCCESS(rv, rv);
1245 nsCString charset;
1246 bool hadCharset;
1247 rv = util->ParseResponseContentType(rawContentType, charset, &hadCharset,
1248 contentType);
1249 if (NS_SUCCEEDED(rv) && hadCharset) contentCharset = charset;
1250 return rv;
1251 }
1252
1253 nsresult NS_ExtractCharsetFromContentType(const nsACString& rawContentType,
1254 nsCString& contentCharset,
1255 bool* hadCharset,
1256 int32_t* charsetStart,
1257 int32_t* charsetEnd) {
1258 // contentCharset is left untouched if not present in rawContentType
1259 nsresult rv;
1260 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
1261 NS_ENSURE_SUCCESS(rv, rv);
1262
1263 return util->ExtractCharsetFromContentType(
1264 rawContentType, contentCharset, charsetStart, charsetEnd, hadCharset);
1265 }
1266
1267 nsresult NS_NewAtomicFileOutputStream(nsIOutputStream** result, nsIFile* file,
1268 int32_t ioFlags /* = -1 */,
1269 int32_t perm /* = -1 */,
1270 int32_t behaviorFlags /* = 0 */) {
1271 nsresult rv;
1272 nsCOMPtr<nsIFileOutputStream> out =
1273 do_CreateInstance(NS_ATOMICLOCALFILEOUTPUTSTREAM_CONTRACTID, &rv);
1274 if (NS_SUCCEEDED(rv)) {
1275 rv = out->Init(file, ioFlags, perm, behaviorFlags);
1276 if (NS_SUCCEEDED(rv)) out.forget(result);
1277 }
1278 return rv;
1279 }
1280
1281 nsresult NS_NewSafeLocalFileOutputStream(nsIOutputStream** result,
1282 nsIFile* file,
1283 int32_t ioFlags /* = -1 */,
1284 int32_t perm /* = -1 */,
1285 int32_t behaviorFlags /* = 0 */) {
1286 nsresult rv;
1287 nsCOMPtr<nsIFileOutputStream> out =
1288 do_CreateInstance(NS_SAFELOCALFILEOUTPUTSTREAM_CONTRACTID, &rv);
1289 if (NS_SUCCEEDED(rv)) {
1290 rv = out->Init(file, ioFlags, perm, behaviorFlags);
1291 if (NS_SUCCEEDED(rv)) out.forget(result);
1292 }
1293 return rv;
1294 }
1295
1296 nsresult NS_NewLocalFileRandomAccessStream(nsIRandomAccessStream** result,
1297 nsIFile* file,
1298 int32_t ioFlags /* = -1 */,
1299 int32_t perm /* = -1 */,
1300 int32_t behaviorFlags /* = 0 */) {
1301 nsCOMPtr<nsIFileRandomAccessStream> stream = new nsFileRandomAccessStream();
1302 nsresult rv = stream->Init(file, ioFlags, perm, behaviorFlags);
1303 if (NS_SUCCEEDED(rv)) {
1304 stream.forget(result);
1305 }
1306 return rv;
1307 }
1308
1309 mozilla::Result<nsCOMPtr<nsIRandomAccessStream>, nsresult>
1310 NS_NewLocalFileRandomAccessStream(nsIFile* file, int32_t ioFlags /* = -1 */,
1311 int32_t perm /* = -1 */,
1312 int32_t behaviorFlags /* = 0 */) {
1313 nsCOMPtr<nsIRandomAccessStream> stream;
1314 const nsresult rv = NS_NewLocalFileRandomAccessStream(
1315 getter_AddRefs(stream), file, ioFlags, perm, behaviorFlags);
1316 if (NS_SUCCEEDED(rv)) {
1317 return stream;
1318 }
1319 return Err(rv);
1320 }
1321
1322 nsresult NS_NewBufferedOutputStream(
1323 nsIOutputStream** aResult, already_AddRefed<nsIOutputStream> aOutputStream,
1324 uint32_t aBufferSize) {
1325 nsCOMPtr<nsIOutputStream> outputStream = std::move(aOutputStream);
1326
1327 nsresult rv;
1328 nsCOMPtr<nsIBufferedOutputStream> out =
1329 do_CreateInstance(NS_BUFFEREDOUTPUTSTREAM_CONTRACTID, &rv);
1330 if (NS_SUCCEEDED(rv)) {
1331 rv = out->Init(outputStream, aBufferSize);
1332 if (NS_SUCCEEDED(rv)) {
1333 out.forget(aResult);
1334 }
1335 }
1336 return rv;
1337 }
1338
1339 [[nodiscard]] nsresult NS_NewBufferedInputStream(
1340 nsIInputStream** aResult, already_AddRefed<nsIInputStream> aInputStream,
1341 uint32_t aBufferSize) {
1342 nsCOMPtr<nsIInputStream> inputStream = std::move(aInputStream);
1343
1344 nsCOMPtr<nsIBufferedInputStream> in;
1345 nsresult rv = nsBufferedInputStream::Create(
1346 NS_GET_IID(nsIBufferedInputStream), getter_AddRefs(in));
1347 if (NS_SUCCEEDED(rv)) {
1348 rv = in->Init(inputStream, aBufferSize);
1349 if (NS_SUCCEEDED(rv)) {
1350 *aResult = static_cast<nsBufferedInputStream*>(in.get())
1351 ->GetInputStream()
1352 .take();
1353 }
1354 }
1355 return rv;
1356 }
1357
1358 Result<nsCOMPtr<nsIInputStream>, nsresult> NS_NewBufferedInputStream(
1359 already_AddRefed<nsIInputStream> aInputStream, uint32_t aBufferSize) {
1360 nsCOMPtr<nsIInputStream> stream;
1361 const nsresult rv = NS_NewBufferedInputStream(
1362 getter_AddRefs(stream), std::move(aInputStream), aBufferSize);
1363 if (NS_SUCCEEDED(rv)) {
1364 return stream;
1365 }
1366 return Err(rv);
1367 }
1368
1369 namespace {
1370
1371 #define BUFFER_SIZE 8192
1372
1373 class BufferWriter final : public nsIInputStreamCallback {
1374 public:
1375 NS_DECL_THREADSAFE_ISUPPORTS
1376
1377 BufferWriter(nsIInputStream* aInputStream, void* aBuffer, int64_t aCount)
1378 : mMonitor("BufferWriter.mMonitor"),
1379 mInputStream(aInputStream),
1380 mBuffer(aBuffer),
1381 mCount(aCount),
1382 mWrittenData(0),
1383 mBufferType(aBuffer ? eExternal : eInternal),
1384 mBufferSize(0) {
1385 MOZ_ASSERT(aInputStream);
1386 MOZ_ASSERT(aCount == -1 || aCount > 0);
1387 MOZ_ASSERT_IF(mBuffer, aCount > 0);
1388 }
1389
1390 nsresult Write() {
1391 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1392
1393 // Let's make the inputStream buffered if it's not.
1394 if (!NS_InputStreamIsBuffered(mInputStream)) {
1395 nsCOMPtr<nsIInputStream> bufferedStream;
1396 nsresult rv = NS_NewBufferedInputStream(
1397 getter_AddRefs(bufferedStream), mInputStream.forget(), BUFFER_SIZE);
1398 NS_ENSURE_SUCCESS(rv, rv);
1399
1400 mInputStream = bufferedStream;
1401 }
1402
1403 mAsyncInputStream = do_QueryInterface(mInputStream);
1404
1405 if (!mAsyncInputStream) {
1406 return WriteSync();
1407 }
1408
1409 // Let's use mAsyncInputStream only.
1410 mInputStream = nullptr;
1411
1412 return WriteAsync();
1413 }
1414
1415 uint64_t WrittenData() const {
1416 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1417 return mWrittenData;
1418 }
1419
1420 void* StealBuffer() {
1421 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1422 MOZ_ASSERT(mBufferType == eInternal);
1423
1424 void* buffer = mBuffer;
1425
1426 mBuffer = nullptr;
1427 mBufferSize = 0;
1428
1429 return buffer;
1430 }
1431
1432 private:
1433 ~BufferWriter() {
1434 if (mBuffer && mBufferType == eInternal) {
1435 free(mBuffer);
1436 }
1437
1438 if (mTaskQueue) {
1439 mTaskQueue->BeginShutdown();
1440 }
1441 }
1442
1443 nsresult WriteSync() {
1444 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1445
1446 uint64_t length = (uint64_t)mCount;
1447
1448 if (mCount == -1) {
1449 nsresult rv = mInputStream->Available(&length);
1450 NS_ENSURE_SUCCESS(rv, rv);
1451
1452 if (length == 0) {
1453 // nothing to read.
1454 return NS_OK;
1455 }
1456 }
1457
1458 if (mBufferType == eInternal) {
1459 mBuffer = malloc(length);
1460 if (NS_WARN_IF(!mBuffer)) {
1461 return NS_ERROR_OUT_OF_MEMORY;
1462 }
1463 }
1464
1465 uint32_t writtenData;
1466 nsresult rv = mInputStream->ReadSegments(NS_CopySegmentToBuffer, mBuffer,
1467 length, &writtenData);
1468 NS_ENSURE_SUCCESS(rv, rv);
1469
1470 mWrittenData = writtenData;
1471 return NS_OK;
1472 }
1473
1474 nsresult WriteAsync() {
1475 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1476
1477 if (mCount > 0 && mBufferType == eInternal) {
1478 mBuffer = malloc(mCount);
1479 if (NS_WARN_IF(!mBuffer)) {
1480 return NS_ERROR_OUT_OF_MEMORY;
1481 }
1482 }
1483
1484 while (true) {
1485 if (mCount == -1 && !MaybeExpandBufferSize()) {
1486 return NS_ERROR_OUT_OF_MEMORY;
1487 }
1488
1489 uint64_t offset = mWrittenData;
1490 uint64_t length = mCount == -1 ? BUFFER_SIZE : mCount;
1491
1492 // Let's try to read data directly.
1493 uint32_t writtenData;
1494 nsresult rv = mAsyncInputStream->ReadSegments(
1495 NS_CopySegmentToBuffer, static_cast<char*>(mBuffer) + offset, length,
1496 &writtenData);
1497
1498 // Operation completed. Nothing more to read.
1499 if (NS_SUCCEEDED(rv) && writtenData == 0) {
1500 return NS_OK;
1501 }
1502
1503 // If we succeeded, let's try to read again.
1504 if (NS_SUCCEEDED(rv)) {
1505 mWrittenData += writtenData;
1506 if (mCount != -1) {
1507 MOZ_ASSERT(mCount >= writtenData);
1508 mCount -= writtenData;
1509
1510 // Is this the end of the reading?
1511 if (mCount == 0) {
1512 return NS_OK;
1513 }
1514 }
1515
1516 continue;
1517 }
1518
1519 // Async wait...
1520 if (rv == NS_BASE_STREAM_WOULD_BLOCK) {
1521 rv = MaybeCreateTaskQueue();
1522 if (NS_WARN_IF(NS_FAILED(rv))) {
1523 return rv;
1524 }
1525
1526 MonitorAutoLock lock(mMonitor);
1527
1528 rv = mAsyncInputStream->AsyncWait(this, 0, length, mTaskQueue);
1529 if (NS_WARN_IF(NS_FAILED(rv))) {
1530 return rv;
1531 }
1532
1533 lock.Wait();
1534 continue;
1535 }
1536
1537 // Otherwise, let's propagate the error.
1538 return rv;
1539 }
1540
1541 MOZ_ASSERT_UNREACHABLE("We should not be here");
1542 return NS_ERROR_FAILURE;
1543 }
1544
1545 nsresult MaybeCreateTaskQueue() {
1546 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1547
1548 if (!mTaskQueue) {
1549 nsCOMPtr<nsIEventTarget> target;
1550 target = mozilla::components::StreamTransport::Service();
1551 if (!target) {
1552 return NS_ERROR_FAILURE;
1553 }
1554
1555 mTaskQueue = TaskQueue::Create(target.forget(), "nsNetUtil:BufferWriter");
1556 }
1557
1558 return NS_OK;
1559 }
1560
1561 NS_IMETHOD
1562 OnInputStreamReady(nsIAsyncInputStream* aStream) override {
1563 MOZ_ASSERT(!NS_IsMainThread());
1564
1565 // We have something to read. Let's unlock the main-thread.
1566 MonitorAutoLock lock(mMonitor);
1567 lock.Notify();
1568 return NS_OK;
1569 }
1570
1571 bool MaybeExpandBufferSize() {
1572 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1573
1574 MOZ_ASSERT(mCount == -1);
1575
1576 if (mBufferSize >= mWrittenData + BUFFER_SIZE) {
1577 // The buffer is big enough.
1578 return true;
1579 }
1580
1581 CheckedUint32 bufferSize =
1582 std::max<uint32_t>(static_cast<uint32_t>(mWrittenData), BUFFER_SIZE);
1583 while (bufferSize.isValid() &&
1584 bufferSize.value() < mWrittenData + BUFFER_SIZE) {
1585 bufferSize *= 2;
1586 }
1587
1588 if (!bufferSize.isValid()) {
1589 return false;
1590 }
1591
1592 void* buffer = realloc(mBuffer, bufferSize.value());
1593 if (!buffer) {
1594 return false;
1595 }
1596
1597 mBuffer = buffer;
1598 mBufferSize = bufferSize.value();
1599 return true;
1600 }
1601
1602 // All the members of this class are touched on the owning thread only. The
1603 // monitor is only used to communicate when there is more data to read.
1604 Monitor mMonitor MOZ_UNANNOTATED;
1605
1606 nsCOMPtr<nsIInputStream> mInputStream;
1607 nsCOMPtr<nsIAsyncInputStream> mAsyncInputStream;
1608
1609 RefPtr<TaskQueue> mTaskQueue;
1610
1611 void* mBuffer;
1612 int64_t mCount;
1613 uint64_t mWrittenData;
1614
1615 enum {
1616 // The buffer is allocated internally and this object must release it
1617 // in the DTOR if not stolen. The buffer can be reallocated.
1618 eInternal,
1619
1620 // The buffer is not owned by this object and it cannot be reallocated.
1621 eExternal,
1622 } mBufferType;
1623
1624 // The following set if needed for the async read.
1625 uint64_t mBufferSize;
1626 };
1627
1628 NS_IMPL_ISUPPORTS(BufferWriter, nsIInputStreamCallback)
1629
1630 } // anonymous namespace
1631
1632 nsresult NS_ReadInputStreamToBuffer(nsIInputStream* aInputStream, void** aDest,
1633 int64_t aCount, uint64_t* aWritten) {
1634 MOZ_ASSERT(aInputStream);
1635 MOZ_ASSERT(aCount >= -1);
1636
1637 uint64_t dummyWritten;
1638 if (!aWritten) {
1639 aWritten = &dummyWritten;
1640 }
1641
1642 if (aCount == 0) {
1643 *aWritten = 0;
1644 return NS_OK;
1645 }
1646
1647 // This will take care of allocating and reallocating aDest.
1648 RefPtr<BufferWriter> writer = new BufferWriter(aInputStream, *aDest, aCount);
1649
1650 nsresult rv = writer->Write();
1651 NS_ENSURE_SUCCESS(rv, rv);
1652
1653 *aWritten = writer->WrittenData();
1654
1655 if (!*aDest) {
1656 *aDest = writer->StealBuffer();
1657 }
1658
1659 return NS_OK;
1660 }
1661
1662 nsresult NS_ReadInputStreamToString(nsIInputStream* aInputStream,
1663 nsACString& aDest, int64_t aCount,
1664 uint64_t* aWritten) {
1665 uint64_t dummyWritten;
1666 if (!aWritten) {
1667 aWritten = &dummyWritten;
1668 }
1669
1670 // Nothing to do if aCount is 0.
1671 if (aCount == 0) {
1672 aDest.Truncate();
1673 *aWritten = 0;
1674 return NS_OK;
1675 }
1676
1677 // If we have the size, we can pre-allocate the buffer.
1678 if (aCount > 0) {
1679 if (NS_WARN_IF(aCount >= INT32_MAX) ||
1680 NS_WARN_IF(!aDest.SetLength(aCount, mozilla::fallible))) {
1681 return NS_ERROR_OUT_OF_MEMORY;
1682 }
1683
1684 void* dest = aDest.BeginWriting();
1685 nsresult rv =
1686 NS_ReadInputStreamToBuffer(aInputStream, &dest, aCount, aWritten);
1687 NS_ENSURE_SUCCESS(rv, rv);
1688
1689 if ((uint64_t)aCount > *aWritten) {
1690 aDest.Truncate(*aWritten);
1691 }
1692
1693 return NS_OK;
1694 }
1695
1696 // If the size is unknown, BufferWriter will allocate the buffer.
1697 void* dest = nullptr;
1698 nsresult rv =
1699 NS_ReadInputStreamToBuffer(aInputStream, &dest, aCount, aWritten);
1700 MOZ_ASSERT_IF(NS_FAILED(rv), dest == nullptr);
1701 NS_ENSURE_SUCCESS(rv, rv);
1702
1703 if (!dest) {
1704 MOZ_ASSERT(*aWritten == 0);
1705 aDest.Truncate();
1706 return NS_OK;
1707 }
1708
1709 aDest.Adopt(reinterpret_cast<char*>(dest), *aWritten);
1710 return NS_OK;
1711 }
1712
1713 nsresult NS_NewURI(nsIURI** result, const nsACString& spec,
1714 NotNull<const Encoding*> encoding,
1715 nsIURI* baseURI /* = nullptr */) {
1716 nsAutoCString charset;
1717 encoding->Name(charset);
1718 return NS_NewURI(result, spec, charset.get(), baseURI);
1719 }
1720
1721 nsresult NS_NewURI(nsIURI** result, const nsAString& aSpec,
1722 const char* charset /* = nullptr */,
1723 nsIURI* baseURI /* = nullptr */) {
1724 nsAutoCString spec;
1725 if (!AppendUTF16toUTF8(aSpec, spec, mozilla::fallible)) {
1726 return NS_ERROR_OUT_OF_MEMORY;
1727 }
1728 return NS_NewURI(result, spec, charset, baseURI);
1729 }
1730
1731 nsresult NS_NewURI(nsIURI** result, const nsAString& aSpec,
1732 NotNull<const Encoding*> encoding,
1733 nsIURI* baseURI /* = nullptr */) {
1734 nsAutoCString spec;
1735 if (!AppendUTF16toUTF8(aSpec, spec, mozilla::fallible)) {
1736 return NS_ERROR_OUT_OF_MEMORY;
1737 }
1738 return NS_NewURI(result, spec, encoding, baseURI);
1739 }
1740
1741 nsresult NS_NewURI(nsIURI** result, const char* spec,
1742 nsIURI* baseURI /* = nullptr */) {
1743 return NS_NewURI(result, nsDependentCString(spec), nullptr, baseURI);
1744 }
1745
1746 static nsresult NewStandardURI(const nsACString& aSpec, const char* aCharset,
1747 nsIURI* aBaseURI, int32_t aDefaultPort,
1748 nsIURI** aURI) {
1749 return NS_MutateURI(new nsStandardURL::Mutator())
1750 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_AUTHORITY,
1751 aDefaultPort, aSpec, aCharset, aBaseURI, nullptr)
1752 .Finalize(aURI);
1753 }
1754
1755 nsresult NS_GetSpecWithNSURLEncoding(nsACString& aResult,
1756 const nsACString& aSpec) {
1757 nsCOMPtr<nsIURI> uri;
1758 nsresult rv = NS_NewURIWithNSURLEncoding(getter_AddRefs(uri), aSpec);
1759 NS_ENSURE_SUCCESS(rv, rv);
1760 return uri->GetAsciiSpec(aResult);
1761 }
1762
1763 nsresult NS_NewURIWithNSURLEncoding(nsIURI** aResult, const nsACString& aSpec) {
1764 nsCOMPtr<nsIURI> uri;
1765 nsresult rv = NS_NewURI(getter_AddRefs(uri), aSpec);
1766 NS_ENSURE_SUCCESS(rv, rv);
1767
1768 // Escape the ref portion of the URL. NSURL is more strict about which
1769 // characters in the URL must be % encoded. For example, an unescaped '#'
1770 // to indicate the beginning of the ref component is accepted by NSURL, but
1771 // '#' characters in the ref must be escaped. Also adds encoding for other
1772 // characters not accepted by NSURL in the ref such as '{', '|', '}', and '^'.
1773 // The ref returned from GetRef() does not include the leading '#'.
1774 nsAutoCString ref, escapedRef;
1775 if (NS_SUCCEEDED(uri->GetRef(ref)) && !ref.IsEmpty()) {
1776 if (!NS_Escape(ref, escapedRef, url_NSURLRef)) {
1777 return NS_ERROR_INVALID_ARG;
1778 }
1779 rv = NS_MutateURI(uri).SetRef(escapedRef).Finalize(uri);
1780 NS_ENSURE_SUCCESS(rv, rv);
1781 }
1782
1783 uri.forget(aResult);
1784 return NS_OK;
1785 }
1786
1787 extern MOZ_THREAD_LOCAL(uint32_t) gTlsURLRecursionCount;
1788
1789 template <typename T>
1790 class TlsAutoIncrement {
1791 public:
1792 explicit TlsAutoIncrement(T& var) : mVar(var) {
1793 mValue = mVar.get();
1794 mVar.set(mValue + 1);
1795 }
1796 ~TlsAutoIncrement() {
1797 typename T::Type value = mVar.get();
1798 MOZ_ASSERT(value == mValue + 1);
1799 mVar.set(value - 1);
1800 }
1801
1802 typename T::Type value() { return mValue; }
1803
1804 private:
1805 typename T::Type mValue;
1806 T& mVar;
1807 };
1808
1809 static nsTHashSet<nsCString> sSimpleURISchemes;
1810 static StaticRWLock sSchemeLock;
1811
1812 namespace mozilla::net {
1813
1814 void ParseSimpleURISchemes(const nsACString& schemeList) {
1815 StaticAutoWriteLock lock(sSchemeLock);
1816
1817 sSimpleURISchemes.Clear();
1818 for (const auto& scheme : schemeList.Split(',')) {
1819 nsAutoCString s(scheme);
1820 s.CompressWhitespace();
1821 if (!s.IsEmpty()) {
1822 sSimpleURISchemes.Insert(s);
1823 }
1824 }
1825 }
1826
1827 } // namespace mozilla::net
1828
1829 nsresult NS_NewURI(nsIURI** aURI, const nsACString& aSpec,
1830 const char* aCharset /* = nullptr */,
1831 nsIURI* aBaseURI /* = nullptr */) {
1832 TlsAutoIncrement<decltype(gTlsURLRecursionCount)> inc(gTlsURLRecursionCount);
1833 if (inc.value() >= MAX_RECURSION_COUNT) {
1834 return NS_ERROR_MALFORMED_URI;
1835 }
1836
1837 nsCOMPtr<nsIIOService> ioService = do_GetIOService();
1838 if (!ioService) {
1839 // Individual protocol handlers unfortunately rely on the ioservice, let's
1840 // return an error here instead of causing unpredictable crashes later.
1841 return NS_ERROR_NOT_AVAILABLE;
1842 }
1843
1844 if (StaticPrefs::network_url_max_length() &&
1845 aSpec.Length() > StaticPrefs::network_url_max_length()) {
1846 return NS_ERROR_MALFORMED_URI;
1847 }
1848
1849 nsAutoCString scheme;
1850 nsresult rv = net_ExtractURLScheme(aSpec, scheme);
1851 if (NS_FAILED(rv)) {
1852 // then aSpec is relative
1853 if (!aBaseURI) {
1854 return NS_ERROR_MALFORMED_URI;
1855 }
1856
1857 if (!aSpec.IsEmpty() && aSpec[0] == '#') {
1858 // Looks like a reference instead of a fully-specified URI.
1859 // --> initialize |uri| as a clone of |aBaseURI|, with ref appended.
1860 return NS_GetURIWithNewRef(aBaseURI, aSpec, aURI);
1861 }
1862
1863 rv = aBaseURI->GetScheme(scheme);
1864 if (NS_FAILED(rv)) return rv;
1865 }
1866
1867 if (scheme.EqualsLiteral("http") || scheme.EqualsLiteral("ws")) {
1868 return NewStandardURI(aSpec, aCharset, aBaseURI, NS_HTTP_DEFAULT_PORT,
1869 aURI);
1870 }
1871 if (scheme.EqualsLiteral("https") || scheme.EqualsLiteral("wss")) {
1872 return NewStandardURI(aSpec, aCharset, aBaseURI, NS_HTTPS_DEFAULT_PORT,
1873 aURI);
1874 }
1875 if (scheme.EqualsLiteral("ftp")) {
1876 return NewStandardURI(aSpec, aCharset, aBaseURI, 21, aURI);
1877 }
1878
1879 if (scheme.EqualsLiteral("file")) {
1880 return NS_MutateURI(new nsStandardURL::Mutator())
1881 .Apply(&nsIFileURLMutator::MarkFileURL)
1882 .Apply(&nsIStandardURLMutator::Init,
1883 nsIStandardURL::URLTYPE_NO_AUTHORITY, -1, aSpec, aCharset,
1884 aBaseURI, nullptr)
1885 .Finalize(aURI);
1886 }
1887
1888 if (scheme.EqualsLiteral("data")) {
1889 return nsDataHandler::CreateNewURI(aSpec, aCharset, aBaseURI, aURI);
1890 }
1891
1892 if (scheme.EqualsLiteral("moz-safe-about") ||
1893 scheme.EqualsLiteral("page-icon") || scheme.EqualsLiteral("moz") ||
1894 scheme.EqualsLiteral("cached-favicon")) {
1895 return NS_MutateURI(new nsSimpleURI::Mutator())
1896 .SetSpec(aSpec)
1897 .Finalize(aURI);
1898 }
1899
1900 if (scheme.EqualsLiteral("chrome")) {
1901 return nsChromeProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI,
1902 aURI);
1903 }
1904
1905 if (scheme.EqualsLiteral("javascript")) {
1906 return nsJSProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI, aURI);
1907 }
1908
1909 if (scheme.EqualsLiteral("blob")) {
1910 return BlobURLProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI,
1911 aURI);
1912 }
1913
1914 if (scheme.EqualsLiteral("view-source")) {
1915 return nsViewSourceHandler::CreateNewURI(aSpec, aCharset, aBaseURI, aURI);
1916 }
1917
1918 if (scheme.EqualsLiteral("resource")) {
1919 RefPtr<nsResProtocolHandler> handler = nsResProtocolHandler::GetSingleton();
1920 if (!handler) {
1921 return NS_ERROR_NOT_AVAILABLE;
1922 }
1923 return handler->NewURI(aSpec, aCharset, aBaseURI, aURI);
1924 }
1925
1926 if (scheme.EqualsLiteral("indexeddb") || scheme.EqualsLiteral("uuid")) {
1927 return NS_MutateURI(new nsStandardURL::Mutator())
1928 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_AUTHORITY,
1929 0, aSpec, aCharset, aBaseURI, nullptr)
1930 .Finalize(aURI);
1931 }
1932
1933 if (scheme.EqualsLiteral("moz-extension")) {
1934 RefPtr<mozilla::net::ExtensionProtocolHandler> handler =
1935 mozilla::net::ExtensionProtocolHandler::GetSingleton();
1936 if (!handler) {
1937 return NS_ERROR_NOT_AVAILABLE;
1938 }
1939 return handler->NewURI(aSpec, aCharset, aBaseURI, aURI);
1940 }
1941
1942 if (scheme.EqualsLiteral("moz-page-thumb")) {
1943 // The moz-page-thumb service runs JS to resolve a URI to a
1944 // storage location, so this should only ever run on the main
1945 // thread.
1946 if (!NS_IsMainThread()) {
1947 return NS_ERROR_NOT_AVAILABLE;
1948 }
1949
1950 RefPtr<mozilla::net::PageThumbProtocolHandler> handler =
1951 mozilla::net::PageThumbProtocolHandler::GetSingleton();
1952 if (!handler) {
1953 return NS_ERROR_NOT_AVAILABLE;
1954 }
1955 return handler->NewURI(aSpec, aCharset, aBaseURI, aURI);
1956 }
1957
1958 if (scheme.EqualsLiteral("about")) {
1959 return nsAboutProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI,
1960 aURI);
1961 }
1962
1963 if (scheme.EqualsLiteral("jar")) {
1964 return NS_MutateURI(new nsJARURI::Mutator())
1965 .Apply(&nsIJARURIMutator::SetSpecBaseCharset, aSpec, aBaseURI, aCharset)
1966 .Finalize(aURI);
1967 }
1968
1969 #ifndef XP_IOS
1970 if (scheme.EqualsLiteral("moz-icon")) {
1971 return NS_MutateURI(new nsMozIconURI::Mutator())
1972 .SetSpec(aSpec)
1973 .Finalize(aURI);
1974 }
1975 #endif
1976
1977 #ifdef MOZ_WIDGET_GTK
1978 if (scheme.EqualsLiteral("smb") || scheme.EqualsLiteral("sftp")) {
1979 return NS_MutateURI(new nsStandardURL::Mutator())
1980 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_STANDARD,
1981 -1, aSpec, aCharset, aBaseURI, nullptr)
1982 .Finalize(aURI);
1983 }
1984 #endif
1985
1986 if (scheme.EqualsLiteral("android")) {
1987 return NS_MutateURI(NS_STANDARDURLMUTATOR_CONTRACTID)
1988 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_STANDARD,
1989 -1, aSpec, aCharset, aBaseURI, nullptr)
1990 .Finalize(aURI);
1991 }
1992
1993 // web-extensions can add custom protocol implementations with standard URLs
1994 // that have notion of hostname, authority and relative URLs. Below we
1995 // manually check agains set of known protocols schemes until more general
1996 // solution is in place (See Bug 1569733)
1997 if (!StaticPrefs::network_url_useDefaultURI()) {
1998 if (scheme.EqualsLiteral("ssh")) {
1999 return NewStandardURI(aSpec, aCharset, aBaseURI, 22, aURI);
2000 }
2001
2002 if (scheme.EqualsLiteral("dweb") || scheme.EqualsLiteral("dat") ||
2003 scheme.EqualsLiteral("ipfs") || scheme.EqualsLiteral("ipns") ||
2004 scheme.EqualsLiteral("ssb") || scheme.EqualsLiteral("wtp")) {
2005 return NewStandardURI(aSpec, aCharset, aBaseURI, -1, aURI);
2006 }
2007 }
2008
2009 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
2010 rv = NS_NewMailnewsURI(aURI, aSpec, aCharset, aBaseURI);
2011 if (rv != NS_ERROR_UNKNOWN_PROTOCOL) {
2012 return rv;
2013 }
2014 #endif
2015
2016 auto mustUseSimpleURI = [](const nsCString& scheme) -> bool {
2017 if (!StaticPrefs::network_url_some_schemes_bypass_defaultURI_fallback()) {
2018 return false;
2019 }
2020 StaticAutoReadLock lock(sSchemeLock);
2021 return sSimpleURISchemes.Contains(scheme);
2022 };
2023
2024 if (aBaseURI) {
2025 nsAutoCString newSpec;
2026 rv = aBaseURI->Resolve(aSpec, newSpec);
2027 NS_ENSURE_SUCCESS(rv, rv);
2028
2029 nsAutoCString newScheme;
2030 rv = net_ExtractURLScheme(newSpec, newScheme);
2031 if (NS_SUCCEEDED(rv)) {
2032 // The scheme shouldn't really change at this point.
2033 MOZ_DIAGNOSTIC_ASSERT(newScheme == scheme);
2034 }
2035
2036 if (StaticPrefs::network_url_useDefaultURI()) {
2037 if (mustUseSimpleURI(scheme)) {
2038 return NS_MutateURI(new nsSimpleURI::Mutator())
2039 .SetSpec(newSpec)
2040 .Finalize(aURI);
2041 }
2042
2043 return NS_MutateURI(new DefaultURI::Mutator())
2044 .SetSpec(newSpec)
2045 .Finalize(aURI);
2046 }
2047
2048 return NS_MutateURI(new nsSimpleURI::Mutator())
2049 .SetSpec(newSpec)
2050 .Finalize(aURI);
2051 }
2052
2053 if (StaticPrefs::network_url_useDefaultURI()) {
2054 if (mustUseSimpleURI(scheme)) {
2055 return NS_MutateURI(new nsSimpleURI::Mutator())
2056 .SetSpec(aSpec)
2057 .Finalize(aURI);
2058 }
2059 return NS_MutateURI(new DefaultURI::Mutator())
2060 .SetSpec(aSpec)
2061 .Finalize(aURI);
2062 }
2063
2064 // Falls back to external protocol handler.
2065 return NS_MutateURI(new nsSimpleURI::Mutator()).SetSpec(aSpec).Finalize(aURI);
2066 }
2067
2068 nsresult NS_GetSanitizedURIStringFromURI(nsIURI* aUri,
2069 nsACString& aSanitizedSpec) {
2070 aSanitizedSpec.Truncate();
2071
2072 nsCOMPtr<nsISensitiveInfoHiddenURI> safeUri = do_QueryInterface(aUri);
2073 nsAutoCString cSpec;
2074 nsresult rv;
2075 if (safeUri) {
2076 rv = safeUri->GetSensitiveInfoHiddenSpec(cSpec);
2077 } else {
2078 rv = aUri->GetSpec(cSpec);
2079 }
2080
2081 if (NS_SUCCEEDED(rv)) {
2082 aSanitizedSpec.Assign(cSpec);
2083 }
2084 return rv;
2085 }
2086
2087 nsresult NS_LoadPersistentPropertiesFromURISpec(
2088 nsIPersistentProperties** outResult, const nsACString& aSpec) {
2089 nsCOMPtr<nsIURI> uri;
2090 nsresult rv = NS_NewURI(getter_AddRefs(uri), aSpec);
2091 NS_ENSURE_SUCCESS(rv, rv);
2092
2093 nsCOMPtr<nsIChannel> channel;
2094 rv = NS_NewChannel(getter_AddRefs(channel), uri,
2095 nsContentUtils::GetSystemPrincipal(),
2096 nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
2097 nsIContentPolicy::TYPE_OTHER);
2098 NS_ENSURE_SUCCESS(rv, rv);
2099 nsCOMPtr<nsIInputStream> in;
2100 rv = channel->Open(getter_AddRefs(in));
2101 NS_ENSURE_SUCCESS(rv, rv);
2102
2103 nsCOMPtr<nsIPersistentProperties> properties = new nsPersistentProperties();
2104 rv = properties->Load(in);
2105 NS_ENSURE_SUCCESS(rv, rv);
2106
2107 properties.swap(*outResult);
2108 return NS_OK;
2109 }
2110
2111 bool NS_UsePrivateBrowsing(nsIChannel* channel) {
2112 OriginAttributes attrs;
2113 bool result = StoragePrincipalHelper::GetOriginAttributes(
2114 channel, attrs, StoragePrincipalHelper::eRegularPrincipal);
2115 NS_ENSURE_TRUE(result, result);
2116 return attrs.IsPrivateBrowsing();
2117 }
2118
2119 bool NS_HasBeenCrossOrigin(nsIChannel* aChannel, bool aReport) {
2120 nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
2121 // TYPE_DOCUMENT loads have a null LoadingPrincipal and can not be cross
2122 // origin.
2123 if (!loadInfo->GetLoadingPrincipal()) {
2124 return false;
2125 }
2126
2127 // Always treat tainted channels as cross-origin.
2128 if (loadInfo->GetTainting() != LoadTainting::Basic) {
2129 return true;
2130 }
2131
2132 nsCOMPtr<nsIPrincipal> loadingPrincipal = loadInfo->GetLoadingPrincipal();
2133 uint32_t mode = loadInfo->GetSecurityMode();
2134 bool dataInherits =
2135 mode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT ||
2136 mode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT ||
2137 mode == nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
2138
2139 bool aboutBlankInherits = dataInherits && loadInfo->GetAboutBlankInherits();
2140
2141 uint64_t innerWindowID = loadInfo->GetInnerWindowID();
2142
2143 for (nsIRedirectHistoryEntry* redirectHistoryEntry :
2144 loadInfo->RedirectChain()) {
2145 nsCOMPtr<nsIPrincipal> principal;
2146 redirectHistoryEntry->GetPrincipal(getter_AddRefs(principal));
2147 if (!principal) {
2148 return true;
2149 }
2150
2151 nsCOMPtr<nsIURI> uri;
2152 auto* basePrin = BasePrincipal::Cast(principal);
2153 basePrin->GetURI(getter_AddRefs(uri));
2154 if (!uri) {
2155 return true;
2156 }
2157
2158 if (aboutBlankInherits && NS_IsAboutBlank(uri)) {
2159 continue;
2160 }
2161
2162 nsresult res;
2163 if (aReport) {
2164 res = loadingPrincipal->CheckMayLoadWithReporting(uri, dataInherits,
2165 innerWindowID);
2166 } else {
2167 res = loadingPrincipal->CheckMayLoad(uri, dataInherits);
2168 }
2169 if (NS_FAILED(res)) {
2170 return true;
2171 }
2172 }
2173
2174 nsCOMPtr<nsIURI> uri;
2175 NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
2176 if (!uri) {
2177 return true;
2178 }
2179
2180 if (aboutBlankInherits && NS_IsAboutBlank(uri)) {
2181 return false;
2182 }
2183
2184 nsresult res;
2185 if (aReport) {
2186 res = loadingPrincipal->CheckMayLoadWithReporting(uri, dataInherits,
2187 innerWindowID);
2188 } else {
2189 res = loadingPrincipal->CheckMayLoad(uri, dataInherits);
2190 }
2191
2192 return NS_FAILED(res);
2193 }
2194
2195 bool NS_IsSafeMethodNav(nsIChannel* aChannel) {
2196 RefPtr<HttpBaseChannel> baseChan = do_QueryObject(aChannel);
2197 if (!baseChan) {
2198 return false;
2199 }
2200 nsHttpRequestHead* requestHead = baseChan->GetRequestHead();
2201 if (!requestHead) {
2202 return false;
2203 }
2204 return requestHead->IsSafeMethod();
2205 }
2206
2207 void NS_WrapAuthPrompt(nsIAuthPrompt* aAuthPrompt,
2208 nsIAuthPrompt2** aAuthPrompt2) {
2209 nsCOMPtr<nsIAuthPromptAdapterFactory> factory;
2210 factory = mozilla::components::AuthPromptAdapter::Service();
2211 if (!factory) return;
2212
2213 NS_WARNING("Using deprecated nsIAuthPrompt");
2214 factory->CreateAdapter(aAuthPrompt, aAuthPrompt2);
2215 }
2216
2217 void NS_QueryAuthPrompt2(nsIInterfaceRequestor* aCallbacks,
2218 nsIAuthPrompt2** aAuthPrompt) {
2219 CallGetInterface(aCallbacks, aAuthPrompt);
2220 if (*aAuthPrompt) return;
2221
2222 // Maybe only nsIAuthPrompt is provided and we have to wrap it.
2223 nsCOMPtr<nsIAuthPrompt> prompt(do_GetInterface(aCallbacks));
2224 if (!prompt) return;
2225
2226 NS_WrapAuthPrompt(prompt, aAuthPrompt);
2227 }
2228
2229 void NS_QueryAuthPrompt2(nsIChannel* aChannel, nsIAuthPrompt2** aAuthPrompt) {
2230 *aAuthPrompt = nullptr;
2231
2232 // We want to use any auth prompt we can find on the channel's callbacks,
2233 // and if that fails use the loadgroup's prompt (if any)
2234 // Therefore, we can't just use NS_QueryNotificationCallbacks, because
2235 // that would prefer a loadgroup's nsIAuthPrompt2 over a channel's
2236 // nsIAuthPrompt.
2237 nsCOMPtr<nsIInterfaceRequestor> callbacks;
2238 aChannel->GetNotificationCallbacks(getter_AddRefs(callbacks));
2239 if (callbacks) {
2240 NS_QueryAuthPrompt2(callbacks, aAuthPrompt);
2241 if (*aAuthPrompt) return;
2242 }
2243
2244 nsCOMPtr<nsILoadGroup> group;
2245 aChannel->GetLoadGroup(getter_AddRefs(group));
2246 if (!group) return;
2247
2248 group->GetNotificationCallbacks(getter_AddRefs(callbacks));
2249 if (!callbacks) return;
2250 NS_QueryAuthPrompt2(callbacks, aAuthPrompt);
2251 }
2252
2253 nsresult NS_NewNotificationCallbacksAggregation(
2254 nsIInterfaceRequestor* callbacks, nsILoadGroup* loadGroup,
2255 nsIEventTarget* target, nsIInterfaceRequestor** result) {
2256 nsCOMPtr<nsIInterfaceRequestor> cbs;
2257 if (loadGroup) loadGroup->GetNotificationCallbacks(getter_AddRefs(cbs));
2258 return NS_NewInterfaceRequestorAggregation(callbacks, cbs, target, result);
2259 }
2260
2261 nsresult NS_NewNotificationCallbacksAggregation(
2262 nsIInterfaceRequestor* callbacks, nsILoadGroup* loadGroup,
2263 nsIInterfaceRequestor** result) {
2264 return NS_NewNotificationCallbacksAggregation(callbacks, loadGroup, nullptr,
2265 result);
2266 }
2267
2268 nsresult NS_DoImplGetInnermostURI(nsINestedURI* nestedURI, nsIURI** result) {
2269 MOZ_ASSERT(nestedURI, "Must have a nested URI!");
2270 MOZ_ASSERT(!*result, "Must have null *result");
2271
2272 nsCOMPtr<nsIURI> inner;
2273 nsresult rv = nestedURI->GetInnerURI(getter_AddRefs(inner));
2274 NS_ENSURE_SUCCESS(rv, rv);
2275
2276 // We may need to loop here until we reach the innermost
2277 // URI.
2278 nsCOMPtr<nsINestedURI> nestedInner(do_QueryInterface(inner));
2279 while (nestedInner) {
2280 rv = nestedInner->GetInnerURI(getter_AddRefs(inner));
2281 NS_ENSURE_SUCCESS(rv, rv);
2282 nestedInner = do_QueryInterface(inner);
2283 }
2284
2285 // Found the innermost one if we reach here.
2286 inner.swap(*result);
2287
2288 return rv;
2289 }
2290
2291 nsresult NS_ImplGetInnermostURI(nsINestedURI* nestedURI, nsIURI** result) {
2292 // Make it safe to use swap()
2293 *result = nullptr;
2294
2295 return NS_DoImplGetInnermostURI(nestedURI, result);
2296 }
2297
2298 already_AddRefed<nsIURI> NS_GetInnermostURI(nsIURI* aURI) {
2299 MOZ_ASSERT(aURI, "Must have URI");
2300
2301 nsCOMPtr<nsIURI> uri = aURI;
2302
2303 nsCOMPtr<nsINestedURI> nestedURI(do_QueryInterface(uri));
2304 if (!nestedURI) {
2305 return uri.forget();
2306 }
2307
2308 nsresult rv = nestedURI->GetInnermostURI(getter_AddRefs(uri));
2309 if (NS_FAILED(rv)) {
2310 return nullptr;
2311 }
2312
2313 return uri.forget();
2314 }
2315
2316 nsresult NS_GetFinalChannelURI(nsIChannel* channel, nsIURI** uri) {
2317 *uri = nullptr;
2318
2319 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
2320 nsCOMPtr<nsIURI> resultPrincipalURI;
2321 loadInfo->GetResultPrincipalURI(getter_AddRefs(resultPrincipalURI));
2322 if (resultPrincipalURI) {
2323 resultPrincipalURI.forget(uri);
2324 return NS_OK;
2325 }
2326 return channel->GetOriginalURI(uri);
2327 }
2328
2329 nsresult NS_URIChainHasFlags(nsIURI* uri, uint32_t flags, bool* result) {
2330 nsresult rv;
2331 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
2332 NS_ENSURE_SUCCESS(rv, rv);
2333
2334 return util->URIChainHasFlags(uri, flags, result);
2335 }
2336
2337 uint32_t NS_SecurityHashURI(nsIURI* aURI) {
2338 nsCOMPtr<nsIURI> baseURI = NS_GetInnermostURI(aURI);
2339
2340 nsAutoCString scheme;
2341 uint32_t schemeHash = 0;
2342 if (NS_SUCCEEDED(baseURI->GetScheme(scheme))) {
2343 schemeHash = mozilla::HashString(scheme);
2344 }
2345
2346 // TODO figure out how to hash file:// URIs
2347 if (scheme.EqualsLiteral("file")) return schemeHash; // sad face
2348
2349 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
2350 bool hasFlag;
2351 if (NS_FAILED(NS_URIChainHasFlags(
2352 baseURI, nsIProtocolHandler::ORIGIN_IS_FULL_SPEC, &hasFlag)) ||
2353 hasFlag) {
2354 nsAutoCString spec;
2355 uint32_t specHash;
2356 nsresult res = baseURI->GetSpec(spec);
2357 if (NS_SUCCEEDED(res))
2358 specHash = mozilla::HashString(spec);
2359 else
2360 specHash = static_cast<uint32_t>(res);
2361 return specHash;
2362 }
2363 #endif
2364
2365 nsAutoCString host;
2366 uint32_t hostHash = 0;
2367 if (NS_SUCCEEDED(baseURI->GetAsciiHost(host))) {
2368 hostHash = mozilla::HashString(host);
2369 }
2370
2371 return mozilla::AddToHash(schemeHash, hostHash, NS_GetRealPort(baseURI));
2372 }
2373
2374 bool NS_SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI,
2375 bool aStrictFileOriginPolicy) {
2376 nsresult rv;
2377
2378 // Note that this is not an Equals() test on purpose -- for URIs that don't
2379 // support host/port, we want equality to basically be object identity, for
2380 // security purposes. Otherwise, for example, two javascript: URIs that
2381 // are otherwise unrelated could end up "same origin", which would be
2382 // unfortunate.
2383 if (aSourceURI && aSourceURI == aTargetURI) {
2384 return true;
2385 }
2386
2387 if (!aTargetURI || !aSourceURI) {
2388 return false;
2389 }
2390
2391 // If either URI is a nested URI, get the base URI
2392 nsCOMPtr<nsIURI> sourceBaseURI = NS_GetInnermostURI(aSourceURI);
2393 nsCOMPtr<nsIURI> targetBaseURI = NS_GetInnermostURI(aTargetURI);
2394
2395 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
2396 // Check if either URI has a special origin.
2397 nsCOMPtr<nsIURI> origin;
2398 nsCOMPtr<nsIURIWithSpecialOrigin> uriWithSpecialOrigin =
2399 do_QueryInterface(sourceBaseURI);
2400 if (uriWithSpecialOrigin) {
2401 rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
2402 if (NS_WARN_IF(NS_FAILED(rv))) {
2403 return false;
2404 }
2405 MOZ_ASSERT(origin);
2406 sourceBaseURI = origin;
2407 }
2408 uriWithSpecialOrigin = do_QueryInterface(targetBaseURI);
2409 if (uriWithSpecialOrigin) {
2410 rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
2411 if (NS_WARN_IF(NS_FAILED(rv))) {
2412 return false;
2413 }
2414 MOZ_ASSERT(origin);
2415 targetBaseURI = origin;
2416 }
2417 #endif
2418
2419 nsCOMPtr<nsIPrincipal> sourceBlobPrincipal;
2420 if (BlobURLProtocolHandler::GetBlobURLPrincipal(
2421 sourceBaseURI, getter_AddRefs(sourceBlobPrincipal))) {
2422 nsCOMPtr<nsIURI> sourceBlobOwnerURI;
2423 auto* basePrin = BasePrincipal::Cast(sourceBlobPrincipal);
2424 rv = basePrin->GetURI(getter_AddRefs(sourceBlobOwnerURI));
2425 if (NS_SUCCEEDED(rv)) {
2426 sourceBaseURI = sourceBlobOwnerURI;
2427 }
2428 }
2429
2430 nsCOMPtr<nsIPrincipal> targetBlobPrincipal;
2431 if (BlobURLProtocolHandler::GetBlobURLPrincipal(
2432 targetBaseURI, getter_AddRefs(targetBlobPrincipal))) {
2433 nsCOMPtr<nsIURI> targetBlobOwnerURI;
2434 auto* basePrin = BasePrincipal::Cast(targetBlobPrincipal);
2435 rv = basePrin->GetURI(getter_AddRefs(targetBlobOwnerURI));
2436 if (NS_SUCCEEDED(rv)) {
2437 targetBaseURI = targetBlobOwnerURI;
2438 }
2439 }
2440
2441 if (!sourceBaseURI || !targetBaseURI) return false;
2442
2443 // Compare schemes
2444 nsAutoCString targetScheme;
2445 bool sameScheme = false;
2446 if (NS_FAILED(targetBaseURI->GetScheme(targetScheme)) ||
2447 NS_FAILED(sourceBaseURI->SchemeIs(targetScheme.get(), &sameScheme)) ||
2448 !sameScheme) {
2449 // Not same-origin if schemes differ
2450 return false;
2451 }
2452
2453 // For file scheme, reject unless the files are identical. See
2454 // NS_RelaxStrictFileOriginPolicy for enforcing file same-origin checking
2455 if (targetScheme.EqualsLiteral("file")) {
2456 // in traditional unsafe behavior all files are the same origin
2457 if (!aStrictFileOriginPolicy) return true;
2458
2459 nsCOMPtr<nsIFileURL> sourceFileURL(do_QueryInterface(sourceBaseURI));
2460 nsCOMPtr<nsIFileURL> targetFileURL(do_QueryInterface(targetBaseURI));
2461
2462 if (!sourceFileURL || !targetFileURL) return false;
2463
2464 nsCOMPtr<nsIFile> sourceFile, targetFile;
2465
2466 sourceFileURL->GetFile(getter_AddRefs(sourceFile));
2467 targetFileURL->GetFile(getter_AddRefs(targetFile));
2468
2469 if (!sourceFile || !targetFile) return false;
2470
2471 // Otherwise they had better match
2472 bool filesAreEqual = false;
2473 rv = sourceFile->Equals(targetFile, &filesAreEqual);
2474 return NS_SUCCEEDED(rv) && filesAreEqual;
2475 }
2476
2477 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
2478 bool hasFlag;
2479 if (NS_FAILED(NS_URIChainHasFlags(
2480 targetBaseURI, nsIProtocolHandler::ORIGIN_IS_FULL_SPEC, &hasFlag)) ||
2481 hasFlag) {
2482 // URIs with this flag have the whole spec as a distinct trust
2483 // domain; use the whole spec for comparison
2484 nsAutoCString targetSpec;
2485 nsAutoCString sourceSpec;
2486 return (NS_SUCCEEDED(targetBaseURI->GetSpec(targetSpec)) &&
2487 NS_SUCCEEDED(sourceBaseURI->GetSpec(sourceSpec)) &&
2488 targetSpec.Equals(sourceSpec));
2489 }
2490 #endif
2491
2492 // Compare hosts
2493 nsAutoCString targetHost;
2494 nsAutoCString sourceHost;
2495 if (NS_FAILED(targetBaseURI->GetAsciiHost(targetHost)) ||
2496 NS_FAILED(sourceBaseURI->GetAsciiHost(sourceHost))) {
2497 return false;
2498 }
2499
2500 nsCOMPtr<nsIStandardURL> targetURL(do_QueryInterface(targetBaseURI));
2501 nsCOMPtr<nsIStandardURL> sourceURL(do_QueryInterface(sourceBaseURI));
2502 if (!targetURL || !sourceURL) {
2503 return false;
2504 }
2505
2506 if (!targetHost.Equals(sourceHost, nsCaseInsensitiveCStringComparator)) {
2507 return false;
2508 }
2509
2510 return NS_GetRealPort(targetBaseURI) == NS_GetRealPort(sourceBaseURI);
2511 }
2512
2513 bool NS_URIIsLocalFile(nsIURI* aURI) {
2514 nsCOMPtr<nsINetUtil> util = do_GetNetUtil();
2515
2516 bool isFile;
2517 return util &&
2518 NS_SUCCEEDED(util->ProtocolHasFlags(
2519 aURI, nsIProtocolHandler::URI_IS_LOCAL_FILE, &isFile)) &&
2520 isFile;
2521 }
2522
2523 bool NS_RelaxStrictFileOriginPolicy(nsIURI* aTargetURI, nsIURI* aSourceURI,
2524 bool aAllowDirectoryTarget /* = false */) {
2525 if (!NS_URIIsLocalFile(aTargetURI)) {
2526 // This is probably not what the caller intended
2527 MOZ_ASSERT_UNREACHABLE(
2528 "NS_RelaxStrictFileOriginPolicy called with non-file URI");
2529 return false;
2530 }
2531
2532 if (!NS_URIIsLocalFile(aSourceURI)) {
2533 // If the source is not also a file: uri then forget it
2534 // (don't want resource: principals in a file: doc)
2535 //
2536 // note: we're not de-nesting jar: uris here, we want to
2537 // keep archive content bottled up in its own little island
2538 return false;
2539 }
2540
2541 //
2542 // pull out the internal files
2543 //
2544 nsCOMPtr<nsIFileURL> targetFileURL(do_QueryInterface(aTargetURI));
2545 nsCOMPtr<nsIFileURL> sourceFileURL(do_QueryInterface(aSourceURI));
2546 nsCOMPtr<nsIFile> targetFile;
2547 nsCOMPtr<nsIFile> sourceFile;
2548 bool targetIsDir;
2549
2550 // Make sure targetFile is not a directory (bug 209234)
2551 // and that it exists w/out unescaping (bug 395343)
2552 if (!sourceFileURL || !targetFileURL ||
2553 NS_FAILED(targetFileURL->GetFile(getter_AddRefs(targetFile))) ||
2554 NS_FAILED(sourceFileURL->GetFile(getter_AddRefs(sourceFile))) ||
2555 !targetFile || !sourceFile || NS_FAILED(targetFile->Normalize()) ||
2556 #ifndef MOZ_WIDGET_ANDROID
2557 NS_FAILED(sourceFile->Normalize()) ||
2558 #endif
2559 (!aAllowDirectoryTarget &&
2560 (NS_FAILED(targetFile->IsDirectory(&targetIsDir)) || targetIsDir))) {
2561 return false;
2562 }
2563
2564 return false;
2565 }
2566
2567 bool NS_IsInternalSameURIRedirect(nsIChannel* aOldChannel,
2568 nsIChannel* aNewChannel, uint32_t aFlags) {
2569 if (!(aFlags & nsIChannelEventSink::REDIRECT_INTERNAL)) {
2570 return false;
2571 }
2572
2573 nsCOMPtr<nsIURI> oldURI, newURI;
2574 aOldChannel->GetURI(getter_AddRefs(oldURI));
2575 aNewChannel->GetURI(getter_AddRefs(newURI));
2576
2577 if (!oldURI || !newURI) {
2578 return false;
2579 }
2580
2581 bool res;
2582 return NS_SUCCEEDED(oldURI->Equals(newURI, &res)) && res;
2583 }
2584
2585 bool NS_IsHSTSUpgradeRedirect(nsIChannel* aOldChannel, nsIChannel* aNewChannel,
2586 uint32_t aFlags) {
2587 if (!(aFlags & nsIChannelEventSink::REDIRECT_STS_UPGRADE)) {
2588 return false;
2589 }
2590
2591 nsCOMPtr<nsIURI> oldURI, newURI;
2592 aOldChannel->GetURI(getter_AddRefs(oldURI));
2593 aNewChannel->GetURI(getter_AddRefs(newURI));
2594
2595 if (!oldURI || !newURI) {
2596 return false;
2597 }
2598
2599 if (!oldURI->SchemeIs("http")) {
2600 return false;
2601 }
2602
2603 nsCOMPtr<nsIURI> upgradedURI;
2604 nsresult rv = NS_GetSecureUpgradedURI(oldURI, getter_AddRefs(upgradedURI));
2605 if (NS_FAILED(rv)) {
2606 return false;
2607 }
2608
2609 bool res;
2610 return NS_SUCCEEDED(upgradedURI->Equals(newURI, &res)) && res;
2611 }
2612
2613 bool NS_ShouldRemoveAuthHeaderOnRedirect(nsIChannel* aOldChannel,
2614 nsIChannel* aNewChannel,
2615 uint32_t aFlags) {
2616 // we need to strip Authentication headers for external cross-origin redirects
2617 // Howerver, we should NOT strip auth headers for
2618 // - internal redirects/HSTS upgrades
2619 // - same origin redirects
2620 // Ref: https://fetch.spec.whatwg.org/#http-redirect-fetch
2621 if ((aFlags & (nsIChannelEventSink::REDIRECT_STS_UPGRADE |
2622 nsIChannelEventSink::REDIRECT_INTERNAL))) {
2623 // this is an internal redirect do not strip auth header
2624 return false;
2625 }
2626 nsCOMPtr<nsIURI> oldUri;
2627 MOZ_ALWAYS_SUCCEEDS(
2628 NS_GetFinalChannelURI(aOldChannel, getter_AddRefs(oldUri)));
2629
2630 nsCOMPtr<nsIURI> newUri;
2631 MOZ_ALWAYS_SUCCEEDS(
2632 NS_GetFinalChannelURI(aNewChannel, getter_AddRefs(newUri)));
2633
2634 nsresult rv = nsContentUtils::GetSecurityManager()->CheckSameOriginURI(
2635 newUri, oldUri, false, false);
2636
2637 return NS_FAILED(rv);
2638 }
2639
2640 nsresult NS_LinkRedirectChannels(uint64_t channelId,
2641 nsIParentChannel* parentChannel,
2642 nsIChannel** _result) {
2643 nsCOMPtr<nsIRedirectChannelRegistrar> registrar =
2644 RedirectChannelRegistrar::GetOrCreate();
2645 MOZ_ASSERT(registrar);
2646
2647 return registrar->LinkChannels(channelId, parentChannel, _result);
2648 }
2649
2650 nsILoadInfo::CrossOriginEmbedderPolicy
2651 NS_GetCrossOriginEmbedderPolicyFromHeader(
2652 const nsACString& aHeader, bool aIsOriginTrialCoepCredentiallessEnabled) {
2653 nsCOMPtr<nsISFVService> sfv = GetSFVService();
2654
2655 nsCOMPtr<nsISFVItem> item;
2656 nsresult rv = sfv->ParseItem(aHeader, getter_AddRefs(item));
2657 if (NS_FAILED(rv)) {
2658 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2659 }
2660
2661 nsCOMPtr<nsISFVBareItem> value;
2662 rv = item->GetValue(getter_AddRefs(value));
2663 if (NS_FAILED(rv)) {
2664 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2665 }
2666
2667 nsCOMPtr<nsISFVToken> token = do_QueryInterface(value);
2668 if (!token) {
2669 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2670 }
2671
2672 nsAutoCString embedderPolicy;
2673 rv = token->GetValue(embedderPolicy);
2674 if (NS_FAILED(rv)) {
2675 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2676 }
2677
2678 if (embedderPolicy.EqualsLiteral("require-corp")) {
2679 return nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP;
2680 } else if (embedderPolicy.EqualsLiteral("credentialless") &&
2681 IsCoepCredentiallessEnabled(
2682 aIsOriginTrialCoepCredentiallessEnabled)) {
2683 return nsILoadInfo::EMBEDDER_POLICY_CREDENTIALLESS;
2684 }
2685
2686 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2687 }
2688
2689 bool NS_GetForceLoadAtTopFromHeader(const nsACString& aHeader) {
2690 nsCOMPtr<nsISFVService> sfv = mozilla::net::GetSFVService();
2691
2692 nsCOMPtr<nsISFVDictionary> dict;
2693 if (NS_FAILED(sfv->ParseDictionary(aHeader, getter_AddRefs(dict)))) {
2694 return false;
2695 }
2696 nsCOMPtr<nsISFVItemOrInnerList> iil;
2697 if (NS_FAILED(dict->Get("force-load-at-top"_ns, getter_AddRefs(iil)))) {
2698 return false;
2699 }
2700
2701 nsCOMPtr<nsISFVItem> item(do_QueryInterface(iil));
2702 if (!item) {
2703 return false;
2704 }
2705
2706 nsCOMPtr<nsISFVBareItem> bareItem;
2707 if (NS_FAILED(item->GetValue(getter_AddRefs(bareItem)))) {
2708 return false;
2709 }
2710
2711 int32_t type;
2712 if (NS_FAILED(bareItem->GetType(&type))) {
2713 return false;
2714 }
2715
2716 nsCOMPtr<nsISFVBool> boolItem(do_QueryInterface(bareItem));
2717 if (!boolItem) {
2718 return false;
2719 }
2720
2721 bool b;
2722 if (NS_FAILED(boolItem->GetValue(&b))) {
2723 return false;
2724 }
2725
2726 return b;
2727 }
2728
2729 /** Given the first (disposition) token from a Content-Disposition header,
2730 * tell whether it indicates the content is inline or attachment
2731 * @param aDispToken the disposition token from the content-disposition header
2732 */
2733 uint32_t NS_GetContentDispositionFromToken(const nsAString& aDispToken) {
2734 // RFC 2183, section 2.8 says that an unknown disposition
2735 // value should be treated as "attachment"
2736 // If all of these tests eval to false, then we have a content-disposition of
2737 // "attachment" or unknown
2738 if (aDispToken.IsEmpty() || aDispToken.LowerCaseEqualsLiteral("inline") ||
2739 // Broken sites just send
2740 // Content-Disposition: filename="file"
2741 // without a disposition token... screen those out.
2742 StringHead(aDispToken, 8).LowerCaseEqualsLiteral("filename")) {
2743 return nsIChannel::DISPOSITION_INLINE;
2744 }
2745
2746 return nsIChannel::DISPOSITION_ATTACHMENT;
2747 }
2748
2749 uint32_t NS_GetContentDispositionFromHeader(const nsACString& aHeader,
2750 nsIChannel* aChan /* = nullptr */) {
2751 nsresult rv;
2752 nsCOMPtr<nsIMIMEHeaderParam> mimehdrpar;
2753 mimehdrpar = mozilla::components::MimeHeaderParam::Service(&rv);
2754 if (NS_FAILED(rv)) return nsIChannel::DISPOSITION_ATTACHMENT;
2755
2756 nsAutoString dispToken;
2757 rv = mimehdrpar->GetParameterHTTP(aHeader, "", ""_ns, true, nullptr,
2758 dispToken);
2759
2760 if (NS_FAILED(rv)) {
2761 // special case (see bug 272541): empty disposition type handled as "inline"
2762 if (rv == NS_ERROR_FIRST_HEADER_FIELD_COMPONENT_EMPTY) {
2763 return nsIChannel::DISPOSITION_INLINE;
2764 }
2765 return nsIChannel::DISPOSITION_ATTACHMENT;
2766 }
2767
2768 return NS_GetContentDispositionFromToken(dispToken);
2769 }
2770
2771 nsresult NS_GetFilenameFromDisposition(nsAString& aFilename,
2772 const nsACString& aDisposition) {
2773 aFilename.Truncate();
2774
2775 nsresult rv;
2776 nsCOMPtr<nsIMIMEHeaderParam> mimehdrpar;
2777 mimehdrpar = mozilla::components::MimeHeaderParam::Service(&rv);
2778 if (NS_FAILED(rv)) return rv;
2779
2780 // Get the value of 'filename' parameter
2781 rv = mimehdrpar->GetParameterHTTP(aDisposition, "filename", ""_ns, true,
2782 nullptr, aFilename);
2783
2784 if (NS_FAILED(rv)) {
2785 aFilename.Truncate();
2786 return rv;
2787 }
2788
2789 if (aFilename.IsEmpty()) return NS_ERROR_NOT_AVAILABLE;
2790
2791 // Filename may still be percent-encoded. Fix:
2792 if (aFilename.FindChar('%') != -1) {
2793 nsCOMPtr<nsITextToSubURI> textToSubURI;
2794 textToSubURI = mozilla::components::TextToSubURI::Service(&rv);
2795 if (NS_SUCCEEDED(rv)) {
2796 nsAutoString unescaped;
2797 textToSubURI->UnEscapeURIForUI(NS_ConvertUTF16toUTF8(aFilename),
2798 /* dontEscape = */ true, unescaped);
2799 aFilename.Assign(unescaped);
2800 }
2801 }
2802
2803 return NS_OK;
2804 }
2805
2806 void net_EnsurePSMInit() {
2807 if (XRE_IsSocketProcess()) {
2808 EnsureNSSInitializedChromeOrContent();
2809 return;
2810 }
2811
2812 MOZ_ASSERT(XRE_IsParentProcess());
2813 MOZ_ASSERT(NS_IsMainThread());
2814
2815 DebugOnly<bool> rv = EnsureNSSInitializedChromeOrContent();
2816 MOZ_ASSERT(rv);
2817 }
2818
2819 bool NS_IsAboutBlank(nsIURI* uri) {
2820 // GetSpec can be expensive for some URIs, so check the scheme first.
2821 if (!uri->SchemeIs("about")) {
2822 return false;
2823 }
2824
2825 nsAutoCString spec;
2826 if (NS_FAILED(uri->GetSpec(spec))) {
2827 return false;
2828 }
2829
2830 return spec.EqualsLiteral("about:blank");
2831 }
2832
2833 bool NS_IsAboutBlankAllowQueryAndFragment(nsIURI* uri) {
2834 // GetSpec can be expensive for some URIs, so check the scheme first.
2835 if (!uri->SchemeIs("about")) {
2836 return false;
2837 }
2838
2839 nsAutoCString name;
2840 if (NS_FAILED(NS_GetAboutModuleName(uri, name))) {
2841 return false;
2842 }
2843
2844 return name.EqualsLiteral("blank");
2845 }
2846
2847 bool NS_IsAboutSrcdoc(nsIURI* uri) {
2848 // GetSpec can be expensive for some URIs, so check the scheme first.
2849 if (!uri->SchemeIs("about")) {
2850 return false;
2851 }
2852
2853 nsAutoCString spec;
2854 if (NS_FAILED(uri->GetSpec(spec))) {
2855 return false;
2856 }
2857
2858 return spec.EqualsLiteral("about:srcdoc");
2859 }
2860
2861 nsresult NS_GenerateHostPort(const nsCString& host, int32_t port,
2862 nsACString& hostLine) {
2863 if (strchr(host.get(), ':')) {
2864 // host is an IPv6 address literal and must be encapsulated in []'s
2865 hostLine.Assign('[');
2866 // scope id is not needed for Host header.
2867 int scopeIdPos = host.FindChar('%');
2868 if (scopeIdPos == -1) {
2869 hostLine.Append(host);
2870 } else if (scopeIdPos > 0) {
2871 hostLine.Append(Substring(host, 0, scopeIdPos));
2872 } else {
2873 return NS_ERROR_MALFORMED_URI;
2874 }
2875 hostLine.Append(']');
2876 } else {
2877 hostLine.Assign(host);
2878 }
2879 if (port != -1) {
2880 hostLine.Append(':');
2881 hostLine.AppendInt(port);
2882 }
2883 return NS_OK;
2884 }
2885
2886 void NS_SniffContent(const char* aSnifferType, nsIRequest* aRequest,
2887 const uint8_t* aData, uint32_t aLength,
2888 nsACString& aSniffedType) {
2889 using ContentSnifferCache = nsCategoryCache<nsIContentSniffer>;
2890 extern ContentSnifferCache* gNetSniffers;
2891 extern ContentSnifferCache* gDataSniffers;
2892 extern ContentSnifferCache* gORBSniffers;
2893 extern ContentSnifferCache* gNetAndORBSniffers;
2894 ContentSnifferCache* cache = nullptr;
2895 if (!strcmp(aSnifferType, NS_CONTENT_SNIFFER_CATEGORY)) {
2896 if (!gNetSniffers) {
2897 gNetSniffers = new ContentSnifferCache(NS_CONTENT_SNIFFER_CATEGORY);
2898 }
2899 cache = gNetSniffers;
2900 } else if (!strcmp(aSnifferType, NS_DATA_SNIFFER_CATEGORY)) {
2901 if (!gDataSniffers) {
2902 gDataSniffers = new ContentSnifferCache(NS_DATA_SNIFFER_CATEGORY);
2903 }
2904 cache = gDataSniffers;
2905 } else if (!strcmp(aSnifferType, NS_ORB_SNIFFER_CATEGORY)) {
2906 if (!gORBSniffers) {
2907 gORBSniffers = new ContentSnifferCache(NS_ORB_SNIFFER_CATEGORY);
2908 }
2909 cache = gORBSniffers;
2910 } else if (!strcmp(aSnifferType, NS_CONTENT_AND_ORB_SNIFFER_CATEGORY)) {
2911 if (!gNetAndORBSniffers) {
2912 gNetAndORBSniffers =
2913 new ContentSnifferCache(NS_CONTENT_AND_ORB_SNIFFER_CATEGORY);
2914 }
2915 cache = gNetAndORBSniffers;
2916 } else {
2917 // Invalid content sniffer type was requested
2918 MOZ_ASSERT(false);
2919 return;
2920 }
2921
2922 // In case XCTO nosniff was present, we could just skip sniffing here
2923 nsCOMPtr<nsIChannel> channel = do_QueryInterface(aRequest);
2924 if (channel) {
2925 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
2926 if (loadInfo->GetSkipContentSniffing()) {
2927 /* Bug 1571742
2928 * We cannot skip snffing if the current MIME-Type might be a JSON.
2929 * The JSON-Viewer relies on its own sniffer to determine, if it can
2930 * render the page, so we need to make an exception if the Server provides
2931 * a application/ mime, as it might be json.
2932 */
2933 nsAutoCString currentContentType;
2934 channel->GetContentType(currentContentType);
2935 if (!StringBeginsWith(currentContentType, "application/"_ns)) {
2936 return;
2937 }
2938 }
2939 }
2940 nsCOMArray<nsIContentSniffer> sniffers;
2941 cache->GetEntries(sniffers);
2942 for (int32_t i = 0; i < sniffers.Count(); ++i) {
2943 nsresult rv = sniffers[i]->GetMIMETypeFromContent(aRequest, aData, aLength,
2944 aSniffedType);
2945 if (NS_SUCCEEDED(rv) && !aSniffedType.IsEmpty()) {
2946 return;
2947 }
2948 }
2949
2950 aSniffedType.Truncate();
2951 }
2952
2953 bool NS_IsSrcdocChannel(nsIChannel* aChannel) {
2954 bool isSrcdoc;
2955 nsCOMPtr<nsIInputStreamChannel> isr = do_QueryInterface(aChannel);
2956 if (isr) {
2957 isr->GetIsSrcdocChannel(&isSrcdoc);
2958 return isSrcdoc;
2959 }
2960 nsCOMPtr<nsIViewSourceChannel> vsc = do_QueryInterface(aChannel);
2961 if (vsc) {
2962 nsresult rv = vsc->GetIsSrcdocChannel(&isSrcdoc);
2963 if (NS_SUCCEEDED(rv)) {
2964 return isSrcdoc;
2965 }
2966 }
2967 return false;
2968 }
2969
2970 // helper function for NS_ShouldSecureUpgrade for checking HSTS
2971 bool handleResultFunc(bool aAllowSTS, bool aIsStsHost) {
2972 if (aIsStsHost) {
2973 LOG(("nsHttpChannel::Connect() STS permissions found\n"));
2974 if (aAllowSTS) {
2975 return true;
2976 }
2977 }
2978 return false;
2979 };
2980 // That function is a helper function of NS_ShouldSecureUpgrade to check if
2981 // CSP upgrade-insecure-requests, Mixed content auto upgrading or HTTPs-Only/-
2982 // First should upgrade the given request.
2983 static bool ShouldSecureUpgradeNoHSTS(nsIURI* aURI, nsILoadInfo* aLoadInfo) {
2984 // 2. CSP upgrade-insecure-requests
2985 if (aLoadInfo->GetUpgradeInsecureRequests()) {
2986 // let's log a message to the console that we are upgrading a request
2987 nsAutoCString scheme;
2988 aURI->GetScheme(scheme);
2989 // append the additional 's' for security to the scheme :-)
2990 scheme.AppendLiteral("s");
2991 NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault());
2992 NS_ConvertUTF8toUTF16 reportScheme(scheme);
2993 AutoTArray<nsString, 2> params = {reportSpec, reportScheme};
2994 uint64_t innerWindowId = aLoadInfo->GetInnerWindowID();
2995 CSP_LogLocalizedStr("upgradeInsecureRequest", params,
2996 ""_ns, // aSourceFile
2997 u""_ns, // aScriptSample
2998 0, // aLineNumber
2999 1, // aColumnNumber
3000 nsIScriptError::warningFlag,
3001 "upgradeInsecureRequest"_ns, innerWindowId,
3002 aLoadInfo->GetOriginAttributes().IsPrivateBrowsing());
3003 aLoadInfo->SetHttpsUpgradeTelemetry(nsILoadInfo::CSP_UIR);
3004 return true;
3005 }
3006 // 3. Mixed content auto upgrading
3007 if (aLoadInfo->GetBrowserUpgradeInsecureRequests()) {
3008 // let's log a message to the console that we are upgrading a request
3009 nsAutoCString scheme;
3010 aURI->GetScheme(scheme);
3011 // append the additional 's' for security to the scheme :-)
3012 scheme.AppendLiteral("s");
3013 NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault());
3014 NS_ConvertUTF8toUTF16 reportScheme(scheme);
3015 AutoTArray<nsString, 2> params = {reportSpec, reportScheme};
3016
3017 nsAutoString localizedMsg;
3018 nsContentUtils::FormatLocalizedString(nsContentUtils::eSECURITY_PROPERTIES,
3019 "MixedContentAutoUpgrade", params,
3020 localizedMsg);
3021
3022 // Prepending ixed Content to the outgoing console message
3023 nsString message;
3024 message.AppendLiteral(u"Mixed Content: ");
3025 message.Append(localizedMsg);
3026
3027 uint64_t innerWindowId = aLoadInfo->GetInnerWindowID();
3028 nsContentUtils::ReportToConsoleByWindowID(
3029 message, nsIScriptError::warningFlag, "Mixed Content Message"_ns,
3030 innerWindowId, SourceLocation(aURI));
3031
3032 // Set this flag so we know we'll upgrade because of
3033 // 'security.mixed_content.upgrade_display_content'.
3034 aLoadInfo->SetBrowserDidUpgradeInsecureRequests(true);
3035 return true;
3036 }
3037
3038 // 4. Https-Only
3039 if (nsHTTPSOnlyUtils::ShouldUpgradeRequest(aURI, aLoadInfo)) {
3040 aLoadInfo->SetHttpsUpgradeTelemetry(nsILoadInfo::HTTPS_ONLY_UPGRADE);
3041 return true;
3042 }
3043 // 4.a Https-First
3044 if (nsHTTPSOnlyUtils::ShouldUpgradeHttpsFirstRequest(aURI, aLoadInfo)) {
3045 if (aLoadInfo->GetWasSchemelessInput()) {
3046 aLoadInfo->SetHttpsUpgradeTelemetry(
3047 nsILoadInfo::HTTPS_FIRST_SCHEMELESS_UPGRADE);
3048 } else {
3049 aLoadInfo->SetHttpsUpgradeTelemetry(nsILoadInfo::HTTPS_FIRST_UPGRADE);
3050 }
3051 return true;
3052 }
3053 return false;
3054 }
3055
3056 // Check if channel should be upgraded. check in the following order:
3057 // 1. HSTS
3058 // 2. CSP upgrade-insecure-requests
3059 // 3. Mixed content auto upgrading
3060 // 4. Https-Only / first
3061 // (5. Https RR - will be checked in nsHttpChannel)
3062 nsresult NS_ShouldSecureUpgrade(
3063 nsIURI* aURI, nsILoadInfo* aLoadInfo, nsIPrincipal* aChannelResultPrincipal,
3064 bool aAllowSTS, const OriginAttributes& aOriginAttributes,
3065 bool& aShouldUpgrade, std::function<void(bool, nsresult)>&& aResultCallback,
3066 bool& aWillCallback) {
3067 MOZ_ASSERT(XRE_IsParentProcess());
3068 if (!XRE_IsParentProcess()) {
3069 return NS_ERROR_NOT_AVAILABLE;
3070 }
3071
3072 aWillCallback = false;
3073 aShouldUpgrade = false;
3074
3075 // Even if we're in private browsing mode, we still enforce existing STS
3076 // data (it is read-only).
3077 // if the connection is not using SSL and either the exact host matches or
3078 // a superdomain wants to force HTTPS, do it.
3079 bool isHttps = aURI->SchemeIs("https");
3080
3081 // If request is https, then there is nothing to do here.
3082 if (isHttps) {
3083 aLoadInfo->SetHttpsUpgradeTelemetry(nsILoadInfo::ALREADY_HTTPS);
3084 aShouldUpgrade = false;
3085 return NS_OK;
3086 }
3087 // If it is a mixed content trustworthy loopback, then we shouldn't upgrade
3088 // it.
3089 if (nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(aURI)) {
3090 aShouldUpgrade = false;
3091 return NS_OK;
3092 }
3093 // If no loadInfo exist there is nothing to upgrade here.
3094 if (!aLoadInfo) {
3095 aShouldUpgrade = false;
3096 return NS_OK;
3097 }
3098 MOZ_ASSERT(!aURI->SchemeIs("https"));
3099
3100 // enforce Strict-Transport-Security
3101 nsISiteSecurityService* sss = gHttpHandler->GetSSService();
3102 NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
3103
3104 bool isStsHost = false;
3105 // Calling |IsSecureURI| before the storage is ready to read will
3106 // block the main thread. Once the storage is ready, we can call it
3107 // from main thread.
3108 static Atomic<bool, Relaxed> storageReady(false);
3109 if (!storageReady && gSocketTransportService && aResultCallback) {
3110 nsCOMPtr<nsILoadInfo> loadInfo = aLoadInfo;
3111 nsCOMPtr<nsIURI> uri = aURI;
3112 auto callbackWrapper = [resultCallback{std::move(aResultCallback)}, uri,
3113 loadInfo](bool aShouldUpgrade, nsresult aStatus) {
3114 MOZ_ASSERT(NS_IsMainThread());
3115
3116 // 1. HSTS upgrade
3117 if (aShouldUpgrade || NS_FAILED(aStatus)) {
3118 resultCallback(aShouldUpgrade, aStatus);
3119 return;
3120 }
3121 // Check if we need to upgrade because of other reasons.
3122 // 2. CSP upgrade-insecure-requests
3123 // 3. Mixed content auto upgrading
3124 // 4. Https-Only / first
3125 bool shouldUpgrade = ShouldSecureUpgradeNoHSTS(uri, loadInfo);
3126 resultCallback(shouldUpgrade, aStatus);
3127 };
3128 nsCOMPtr<nsISiteSecurityService> service = sss;
3129 nsresult rv = gSocketTransportService->Dispatch(
3130 NS_NewRunnableFunction(
3131 "net::NS_ShouldSecureUpgrade",
3132 [service{std::move(service)}, uri{std::move(uri)},
3133 originAttributes(aOriginAttributes),
3134 handleResultFunc{std::move(handleResultFunc)},
3135 callbackWrapper{std::move(callbackWrapper)},
3136 allowSTS{std::move(aAllowSTS)}]() mutable {
3137 bool isStsHost = false;
3138 nsresult rv =
3139 service->IsSecureURI(uri, originAttributes, &isStsHost);
3140
3141 // Successfully get the result from |IsSecureURI| implies that
3142 // the storage is ready to read.
3143 storageReady = NS_SUCCEEDED(rv);
3144 bool shouldUpgrade = handleResultFunc(allowSTS, isStsHost);
3145 // Check if request should be upgraded.
3146 NS_DispatchToMainThread(NS_NewRunnableFunction(
3147 "net::NS_ShouldSecureUpgrade::ResultCallback",
3148 [rv, shouldUpgrade,
3149 callbackWrapper{std::move(callbackWrapper)}]() {
3150 callbackWrapper(shouldUpgrade, rv);
3151 }));
3152 }),
3153 NS_DISPATCH_NORMAL);
3154 aWillCallback = NS_SUCCEEDED(rv);
3155 return rv;
3156 }
3157
3158 nsresult rv = sss->IsSecureURI(aURI, aOriginAttributes, &isStsHost);
3159
3160 // if the SSS check fails, it's likely because this load is on a
3161 // malformed URI or something else in the setup is wrong, so any error
3162 // should be reported.
3163 NS_ENSURE_SUCCESS(rv, rv);
3164
3165 aShouldUpgrade = handleResultFunc(aAllowSTS, isStsHost);
3166 // we can't pass the loadinfo to handleResultFunc since it's not threadsafe
3167 // hence we set the http telemetry information on the loadinfo here.
3168 if (aShouldUpgrade) {
3169 aLoadInfo->SetHttpsUpgradeTelemetry(nsILoadInfo::HSTS);
3170 }
3171 if (!aShouldUpgrade) {
3172 // Check for CSP upgrade-insecure-requests, Mixed content auto upgrading
3173 // and Https-Only / -First.
3174 aShouldUpgrade = ShouldSecureUpgradeNoHSTS(aURI, aLoadInfo);
3175 }
3176 return rv;
3177 }
3178
3179 nsresult NS_GetSecureUpgradedURI(nsIURI* aURI, nsIURI** aUpgradedURI) {
3180 NS_MutateURI mutator(aURI);
3181 mutator.SetScheme("https"_ns); // Change the scheme to HTTPS:
3182
3183 // Change the default port to 443:
3184 nsCOMPtr<nsIStandardURL> stdURL = do_QueryInterface(aURI);
3185 if (stdURL) {
3186 mutator.Apply(&nsIStandardURLMutator::SetDefaultPort, 443, nullptr);
3187 } else {
3188 // If we don't have a nsStandardURL, fall back to using GetPort/SetPort.
3189 // XXXdholbert Is this function even called with a non-nsStandardURL arg,
3190 // in practice?
3191 NS_WARNING("Calling NS_GetSecureUpgradedURI for non nsStandardURL");
3192 int32_t oldPort = -1;
3193 nsresult rv = aURI->GetPort(&oldPort);
3194 if (NS_FAILED(rv)) return rv;
3195
3196 // Keep any nonstandard ports so only the scheme is changed.
3197 // For example:
3198 // http://foo.com:80 -> https://foo.com:443
3199 // http://foo.com:81 -> https://foo.com:81
3200
3201 if (oldPort == 80 || oldPort == -1) {
3202 mutator.SetPort(-1);
3203 } else {
3204 mutator.SetPort(oldPort);
3205 }
3206 }
3207
3208 return mutator.Finalize(aUpgradedURI);
3209 }
3210
3211 nsresult NS_CompareLoadInfoAndLoadContext(nsIChannel* aChannel) {
3212 nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
3213
3214 nsCOMPtr<nsILoadContext> loadContext;
3215 NS_QueryNotificationCallbacks(aChannel, loadContext);
3216 if (!loadContext) {
3217 return NS_OK;
3218 }
3219
3220 // We try to skip about:newtab.
3221 // about:newtab will use SystemPrincipal to download thumbnails through
3222 // https:// and blob URLs.
3223 bool isAboutPage = false;
3224 nsINode* node = loadInfo->LoadingNode();
3225 if (node) {
3226 nsIURI* uri = node->OwnerDoc()->GetDocumentURI();
3227 isAboutPage = uri->SchemeIs("about");
3228 }
3229
3230 if (isAboutPage) {
3231 return NS_OK;
3232 }
3233
3234 // We skip the favicon loading here. The favicon loading might be
3235 // triggered by the XUL image. For that case, the loadContext will have
3236 // default originAttributes since the XUL image uses SystemPrincipal, but
3237 // the loadInfo will use originAttributes from the content. Thus, the
3238 // originAttributes between loadInfo and loadContext will be different.
3239 // That's why we have to skip the comparison for the favicon loading.
3240 if (loadInfo->GetLoadingPrincipal() &&
3241 loadInfo->GetLoadingPrincipal()->IsSystemPrincipal() &&
3242 loadInfo->InternalContentPolicyType() ==
3243 nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON) {
3244 return NS_OK;
3245 }
3246
3247 OriginAttributes originAttrsLoadInfo = loadInfo->GetOriginAttributes();
3248 OriginAttributes originAttrsLoadContext;
3249 loadContext->GetOriginAttributes(originAttrsLoadContext);
3250
3251 LOG(
3252 ("NS_CompareLoadInfoAndLoadContext - loadInfo: %d, %d; "
3253 "loadContext: %d, %d. [channel=%p]",
3254 originAttrsLoadInfo.mUserContextId,
3255 originAttrsLoadInfo.mPrivateBrowsingId,
3256 originAttrsLoadContext.mUserContextId,
3257 originAttrsLoadContext.mPrivateBrowsingId, aChannel));
3258
3259 MOZ_ASSERT(originAttrsLoadInfo.mUserContextId ==
3260 originAttrsLoadContext.mUserContextId,
3261 "The value of mUserContextId in the loadContext and in the "
3262 "loadInfo are not the same!");
3263
3264 MOZ_ASSERT(originAttrsLoadInfo.mPrivateBrowsingId ==
3265 originAttrsLoadContext.mPrivateBrowsingId,
3266 "The value of mPrivateBrowsingId in the loadContext and in the "
3267 "loadInfo are not the same!");
3268
3269 return NS_OK;
3270 }
3271
3272 nsresult NS_SetRequestBlockingReason(nsIChannel* channel, uint32_t reason) {
3273 NS_ENSURE_ARG(channel);
3274
3275 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
3276 return NS_SetRequestBlockingReason(loadInfo, reason);
3277 }
3278
3279 nsresult NS_SetRequestBlockingReason(nsILoadInfo* loadInfo, uint32_t reason) {
3280 NS_ENSURE_ARG(loadInfo);
3281
3282 return loadInfo->SetRequestBlockingReason(reason);
3283 }
3284
3285 nsresult NS_SetRequestBlockingReasonIfNull(nsILoadInfo* loadInfo,
3286 uint32_t reason) {
3287 NS_ENSURE_ARG(loadInfo);
3288
3289 uint32_t existingReason;
3290 if (NS_SUCCEEDED(loadInfo->GetRequestBlockingReason(&existingReason)) &&
3291 existingReason != nsILoadInfo::BLOCKING_REASON_NONE) {
3292 return NS_OK;
3293 }
3294
3295 return loadInfo->SetRequestBlockingReason(reason);
3296 }
3297
3298 bool NS_IsOffline() {
3299 bool offline = true;
3300 bool connectivity = true;
3301 nsCOMPtr<nsIIOService> ios = do_GetIOService();
3302 if (ios) {
3303 ios->GetOffline(&offline);
3304 ios->GetConnectivity(&connectivity);
3305 }
3306 return offline || !connectivity;
3307 }
3308
3309 /**
3310 * This function returns true if this channel should be classified by
3311 * the URL Classifier, false otherwise.
3312 *
3313 * The idea of the algorithm to determine if a channel should be
3314 * classified is based on:
3315 * 1. Channels created by non-privileged code should be classified.
3316 * 2. Top-level document’s channels, if loaded by privileged code
3317 * (system principal), should be classified.
3318 * 3. Any other channel, created by privileged code, is considered safe.
3319 *
3320 * A bad/hacked/corrupted safebrowsing database, plus a mistakenly
3321 * classified critical channel (this may result from a bug in the exemption
3322 * rules or incorrect information being passed into) can cause serious
3323 * problems. For example, if the updater channel is classified and blocked
3324 * by the Safe Browsing, Firefox can't update itself, and there is no way to
3325 * recover from that.
3326 *
3327 * So two safeguards are added to ensure critical channels are never
3328 * automatically classified either because there is a bug in the algorithm
3329 * or the data in loadinfo is wrong.
3330 * 1. beConservative, this is set by ServiceRequest and we treat
3331 * channel created for ServiceRequest as critical channels.
3332 * 2. nsIChannel::LOAD_BYPASS_URL_CLASSIFIER, channel's opener can use this
3333 * flag to enforce bypassing the URL classifier check.
3334 */
3335 bool NS_ShouldClassifyChannel(nsIChannel* aChannel) {
3336 nsLoadFlags loadFlags;
3337 Unused << aChannel->GetLoadFlags(&loadFlags);
3338 // If our load flags dictate that we must let this channel through without
3339 // URL classification, obey that here without performing more checks.
3340 if (loadFlags & nsIChannel::LOAD_BYPASS_URL_CLASSIFIER) {
3341 return false;
3342 }
3343
3344 nsCOMPtr<nsIHttpChannelInternal> httpChannel(do_QueryInterface(aChannel));
3345 if (httpChannel) {
3346 bool beConservative;
3347 nsresult rv = httpChannel->GetBeConservative(&beConservative);
3348
3349 // beConservative flag, set by ServiceRequest to ensure channels that
3350 // fetch update use conservative TLS setting, are used here to identify
3351 // channels are critical to bypass classification. for channels don't
3352 // support beConservative, continue to apply the exemption rules.
3353 if (NS_SUCCEEDED(rv) && beConservative) {
3354 return false;
3355 }
3356 }
3357
3358 nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
3359 ExtContentPolicyType type = loadInfo->GetExternalContentPolicyType();
3360 // Skip classifying channel triggered by system unless it is a top-level
3361 // load.
3362 return !(loadInfo->TriggeringPrincipal()->IsSystemPrincipal() &&
3363 ExtContentPolicy::TYPE_DOCUMENT != type);
3364 }
3365
3366 namespace mozilla {
3367 namespace net {
3368
3369 bool InScriptableRange(int64_t val) {
3370 return (val <= kJS_MAX_SAFE_INTEGER) && (val >= kJS_MIN_SAFE_INTEGER);
3371 }
3372
3373 bool InScriptableRange(uint64_t val) { return val <= kJS_MAX_SAFE_UINTEGER; }
3374
3375 nsresult GetParameterHTTP(const nsACString& aHeaderVal, const char* aParamName,
3376 nsAString& aResult) {
3377 return nsMIMEHeaderParamImpl::GetParameterHTTP(aHeaderVal, aParamName,
3378 aResult);
3379 }
3380
3381 bool ChannelIsPost(nsIChannel* aChannel) {
3382 if (nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel)) {
3383 nsAutoCString method;
3384 Unused << httpChannel->GetRequestMethod(method);
3385 return method.EqualsLiteral("POST");
3386 }
3387 return false;
3388 }
3389
3390 bool SchemeIsHTTP(nsIURI* aURI) {
3391 MOZ_ASSERT(aURI);
3392 return aURI->SchemeIs("http");
3393 }
3394
3395 bool SchemeIsHTTPS(nsIURI* aURI) {
3396 MOZ_ASSERT(aURI);
3397 return aURI->SchemeIs("https");
3398 }
3399
3400 bool SchemeIsJavascript(nsIURI* aURI) {
3401 MOZ_ASSERT(aURI);
3402 return aURI->SchemeIs("javascript");
3403 }
3404
3405 bool SchemeIsChrome(nsIURI* aURI) {
3406 MOZ_ASSERT(aURI);
3407 return aURI->SchemeIs("chrome");
3408 }
3409
3410 bool SchemeIsAbout(nsIURI* aURI) {
3411 MOZ_ASSERT(aURI);
3412 return aURI->SchemeIs("about");
3413 }
3414
3415 bool SchemeIsBlob(nsIURI* aURI) {
3416 MOZ_ASSERT(aURI);
3417 return aURI->SchemeIs("blob");
3418 }
3419
3420 bool SchemeIsFile(nsIURI* aURI) {
3421 MOZ_ASSERT(aURI);
3422 return aURI->SchemeIs("file");
3423 }
3424
3425 bool SchemeIsData(nsIURI* aURI) {
3426 MOZ_ASSERT(aURI);
3427 return aURI->SchemeIs("data");
3428 }
3429
3430 bool SchemeIsViewSource(nsIURI* aURI) {
3431 MOZ_ASSERT(aURI);
3432 return aURI->SchemeIs("view-source");
3433 }
3434
3435 bool SchemeIsResource(nsIURI* aURI) {
3436 MOZ_ASSERT(aURI);
3437 return aURI->SchemeIs("resource");
3438 }
3439
3440 bool SchemeIsFTP(nsIURI* aURI) {
3441 MOZ_ASSERT(aURI);
3442 return aURI->SchemeIs("ftp");
3443 }
3444
3445 bool SchemeIsSpecial(const nsACString& aScheme) {
3446 // See https://url.spec.whatwg.org/#special-scheme
3447 return aScheme.EqualsIgnoreCase("ftp") || aScheme.EqualsIgnoreCase("file") ||
3448 aScheme.EqualsIgnoreCase("http") ||
3449 aScheme.EqualsIgnoreCase("https") || aScheme.EqualsIgnoreCase("ws") ||
3450 aScheme.EqualsIgnoreCase("wss");
3451 }
3452
3453 bool IsSchemeChangePermitted(nsIURI* aOldURI, const nsACString& newScheme) {
3454 // See step 2.1 in https://url.spec.whatwg.org/#special-scheme
3455 // Note: The spec text uses "buffer" instead of newScheme, and "url"
3456 MOZ_ASSERT(aOldURI);
3457
3458 nsAutoCString tmp;
3459 nsresult rv = aOldURI->GetScheme(tmp);
3460 // If url's scheme is a special scheme and buffer is not a
3461 // special scheme, then return.
3462 // If url's scheme is not a special scheme and buffer is a
3463 // special scheme, then return.
3464 if (NS_FAILED(rv) || SchemeIsSpecial(tmp) != SchemeIsSpecial(newScheme)) {
3465 return false;
3466 }
3467
3468 // If url's scheme is "file" and its host is an empty host, then return.
3469 if (aOldURI->SchemeIs("file")) {
3470 rv = aOldURI->GetHost(tmp);
3471 if (NS_FAILED(rv) || tmp.IsEmpty()) {
3472 return false;
3473 }
3474 }
3475
3476 // URL Spec: If url includes credentials or has a non-null port, and
3477 // buffer is "file", then return.
3478 if (newScheme.EqualsIgnoreCase("file")) {
3479 bool hasUserPass;
3480 if (NS_FAILED(aOldURI->GetHasUserPass(&hasUserPass)) || hasUserPass) {
3481 return false;
3482 }
3483 int32_t port;
3484 rv = aOldURI->GetPort(&port);
3485 if (NS_FAILED(rv) || port != -1) {
3486 return false;
3487 }
3488 }
3489
3490 return true;
3491 }
3492
3493 already_AddRefed<nsIURI> TryChangeProtocol(nsIURI* aURI,
3494 const nsACString& aProtocol) {
3495 MOZ_ASSERT(aURI);
3496
3497 nsACString::const_iterator start;
3498 aProtocol.BeginReading(start);
3499
3500 nsACString::const_iterator end;
3501 aProtocol.EndReading(end);
3502
3503 nsACString::const_iterator iter(start);
3504 FindCharInReadable(':', iter, end);
3505
3506 // Changing the protocol of a URL, changes the "nature" of the URI
3507 // implementation. In order to do this properly, we have to serialize the
3508 // existing URL and reparse it in a new object.
3509 nsCOMPtr<nsIURI> clone;
3510 nsresult rv =
3511 NS_MutateURI(aURI).SetScheme(Substring(start, iter)).Finalize(clone);
3512 if (NS_WARN_IF(NS_FAILED(rv))) {
3513 return nullptr;
3514 }
3515
3516 if (StaticPrefs::network_url_strict_protocol_setter()) {
3517 nsAutoCString newScheme;
3518 rv = clone->GetScheme(newScheme);
3519 if (NS_FAILED(rv) || !net::IsSchemeChangePermitted(aURI, newScheme)) {
3520 nsAutoCString url;
3521 Unused << clone->GetSpec(url);
3522 AutoTArray<nsString, 2> params;
3523 params.AppendElement(NS_ConvertUTF8toUTF16(url));
3524 params.AppendElement(NS_ConvertUTF8toUTF16(newScheme));
3525 nsContentUtils::ReportToConsole(
3526 nsIScriptError::warningFlag, "Strict Url Protocol Setter"_ns, nullptr,
3527 nsContentUtils::eNECKO_PROPERTIES, "StrictUrlProtocolSetter", params);
3528 return nullptr;
3529 }
3530 }
3531
3532 nsAutoCString href;
3533 rv = clone->GetSpec(href);
3534 if (NS_WARN_IF(NS_FAILED(rv))) {
3535 return nullptr;
3536 }
3537
3538 RefPtr<nsIURI> uri;
3539 rv = NS_NewURI(getter_AddRefs(uri), href);
3540 if (NS_WARN_IF(NS_FAILED(rv))) {
3541 return nullptr;
3542 }
3543 return uri.forget();
3544 }
3545
3546 // Decode a parameter value using the encoding defined in RFC 5987 (in place)
3547 //
3548 // charset "'" [ language ] "'" value-chars
3549 //
3550 // returns true when decoding happened successfully (otherwise leaves
3551 // passed value alone)
3552 static bool Decode5987Format(nsAString& aEncoded) {
3553 nsresult rv;
3554 nsCOMPtr<nsIMIMEHeaderParam> mimehdrpar;
3555 mimehdrpar = mozilla::components::MimeHeaderParam::Service(&rv);
3556 if (NS_FAILED(rv)) return false;
3557
3558 nsAutoCString asciiValue;
3559
3560 const char16_t* encstart = aEncoded.BeginReading();
3561 const char16_t* encend = aEncoded.EndReading();
3562
3563 // create a plain ASCII string, aborting if we can't do that
3564 // converted form is always shorter than input
3565 while (encstart != encend) {
3566 if (*encstart > 0 && *encstart < 128) {
3567 asciiValue.Append((char)*encstart);
3568 } else {
3569 return false;
3570 }
3571 encstart++;
3572 }
3573
3574 nsAutoString decoded;
3575 nsAutoCString language;
3576
3577 rv = mimehdrpar->DecodeRFC5987Param(asciiValue, language, decoded);
3578 if (NS_FAILED(rv)) return false;
3579
3580 aEncoded = decoded;
3581 return true;
3582 }
3583
3584 LinkHeader::LinkHeader() { mCrossOrigin.SetIsVoid(true); }
3585
3586 void LinkHeader::Reset() {
3587 mHref.Truncate();
3588 mRel.Truncate();
3589 mTitle.Truncate();
3590 mNonce.Truncate();
3591 mIntegrity.Truncate();
3592 mSrcset.Truncate();
3593 mSizes.Truncate();
3594 mType.Truncate();
3595 mMedia.Truncate();
3596 mAnchor.Truncate();
3597 mCrossOrigin.Truncate();
3598 mReferrerPolicy.Truncate();
3599 mAs.Truncate();
3600 mCrossOrigin.SetIsVoid(true);
3601 mFetchPriority.Truncate();
3602 }
3603
3604 nsresult LinkHeader::NewResolveHref(nsIURI** aOutURI, nsIURI* aBaseURI) const {
3605 if (mAnchor.IsEmpty()) {
3606 // use the base uri
3607 return NS_NewURI(aOutURI, mHref, nullptr, aBaseURI);
3608 }
3609
3610 // compute the anchored URI
3611 nsCOMPtr<nsIURI> anchoredURI;
3612 nsresult rv =
3613 NS_NewURI(getter_AddRefs(anchoredURI), mAnchor, nullptr, aBaseURI);
3614 NS_ENSURE_SUCCESS(rv, rv);
3615
3616 return NS_NewURI(aOutURI, mHref, nullptr, anchoredURI);
3617 }
3618
3619 bool LinkHeader::operator==(const LinkHeader& rhs) const {
3620 return mHref == rhs.mHref && mRel == rhs.mRel && mTitle == rhs.mTitle &&
3621 mNonce == rhs.mNonce && mIntegrity == rhs.mIntegrity &&
3622 mSrcset == rhs.mSrcset && mSizes == rhs.mSizes && mType == rhs.mType &&
3623 mMedia == rhs.mMedia && mAnchor == rhs.mAnchor &&
3624 mCrossOrigin == rhs.mCrossOrigin &&
3625 mReferrerPolicy == rhs.mReferrerPolicy && mAs == rhs.mAs &&
3626 mFetchPriority == rhs.mFetchPriority;
3627 }
3628
3629 constexpr auto kTitleStar = "title*"_ns;
3630
3631 nsTArray<LinkHeader> ParseLinkHeader(const nsAString& aLinkData) {
3632 nsTArray<LinkHeader> linkHeaders;
3633
3634 // keep track where we are within the header field
3635 bool seenParameters = false;
3636
3637 // parse link content and add to array
3638 LinkHeader header;
3639 nsAutoString titleStar;
3640
3641 // copy to work buffer
3642 nsAutoString stringList(aLinkData);
3643
3644 // put an extra null at the end
3645 stringList.Append(kNullCh);
3646
3647 char16_t* start = stringList.BeginWriting();
3648
3649 while (*start != kNullCh) {
3650 // parse link content and call process style link
3651
3652 // skip leading space
3653 while ((*start != kNullCh) && nsCRT::IsAsciiSpace(*start)) {
3654 ++start;
3655 }
3656
3657 char16_t* end = start;
3658 char16_t* last = end - 1;
3659
3660 bool wasQuotedString = false;
3661
3662 // look for semicolon or comma
3663 while (*end != kNullCh && *end != kSemicolon && *end != kComma) {
3664 char16_t ch = *end;
3665
3666 if (ch == kQuote || ch == kLessThan) {
3667 // quoted string
3668
3669 char16_t quote = ch;
3670 if (quote == kLessThan) {
3671 quote = kGreaterThan;
3672 }
3673
3674 wasQuotedString = (ch == kQuote);
3675
3676 char16_t* closeQuote = (end + 1);
3677
3678 // seek closing quote
3679 while (*closeQuote != kNullCh && quote != *closeQuote) {
3680 // in quoted-string, "\" is an escape character
3681 if (wasQuotedString && *closeQuote == kBackSlash &&
3682 *(closeQuote + 1) != kNullCh) {
3683 ++closeQuote;
3684 }
3685
3686 ++closeQuote;
3687 }
3688
3689 if (quote == *closeQuote) {
3690 // found closer
3691
3692 // skip to close quote
3693 end = closeQuote;
3694
3695 last = end - 1;
3696
3697 ch = *(end + 1);
3698
3699 if (ch != kNullCh && ch != kSemicolon && ch != kComma) {
3700 // end string here
3701 *(++end) = kNullCh;
3702
3703 ch = *(end + 1);
3704
3705 // keep going until semi or comma
3706 while (ch != kNullCh && ch != kSemicolon && ch != kComma) {
3707 ++end;
3708
3709 ch = *(end + 1);
3710 }
3711 }
3712 }
3713 }
3714
3715 ++end;
3716 ++last;
3717 }
3718
3719 char16_t endCh = *end;
3720
3721 // end string here
3722 *end = kNullCh;
3723
3724 if (start < end) {
3725 if ((*start == kLessThan) && (*last == kGreaterThan)) {
3726 *last = kNullCh;
3727
3728 // first instance of <...> wins
3729 // also, do not allow hrefs after the first param was seen
3730 if (header.mHref.IsEmpty() && !seenParameters) {
3731 header.mHref = (start + 1);
3732 header.mHref.StripWhitespace();
3733 }
3734 } else {
3735 char16_t* equals = start;
3736 seenParameters = true;
3737
3738 while ((*equals != kNullCh) && (*equals != kEqual)) {
3739 equals++;
3740 }
3741
3742 const bool hadEquals = *equals != kNullCh;
3743 *equals = kNullCh;
3744 nsAutoString attr(start);
3745 attr.StripWhitespace();
3746
3747 char16_t* value = hadEquals ? ++equals : equals;
3748 while (nsCRT::IsAsciiSpace(*value)) {
3749 value++;
3750 }
3751
3752 if ((*value == kQuote) && (*value == *last)) {
3753 *last = kNullCh;
3754 value++;
3755 }
3756
3757 if (wasQuotedString) {
3758 // unescape in-place
3759 char16_t* unescaped = value;
3760 char16_t* src = value;
3761
3762 while (*src != kNullCh) {
3763 if (*src == kBackSlash && *(src + 1) != kNullCh) {
3764 src++;
3765 }
3766 *unescaped++ = *src++;
3767 }
3768
3769 *unescaped = kNullCh;
3770 }
3771
3772 if (attr.LowerCaseEqualsASCII(kTitleStar.get())) {
3773 if (titleStar.IsEmpty() && !wasQuotedString) {
3774 // RFC 5987 encoding; uses token format only, so skip if we get
3775 // here with a quoted-string
3776 nsAutoString tmp;
3777 tmp = value;
3778 if (Decode5987Format(tmp)) {
3779 titleStar = tmp;
3780 titleStar.CompressWhitespace();
3781 } else {
3782 // header value did not parse, throw it away
3783 titleStar.Truncate();
3784 }
3785 }
3786 } else {
3787 header.MaybeUpdateAttribute(attr, value);
3788 }
3789 }
3790 }
3791
3792 if (endCh == kComma) {
3793 // hit a comma, process what we've got so far
3794
3795 header.mHref.Trim(" \t\n\r\f"); // trim HTML5 whitespace
3796 if (!header.mHref.IsEmpty() && !header.mRel.IsEmpty()) {
3797 if (!titleStar.IsEmpty()) {
3798 // prefer RFC 5987 variant over non-I18zed version
3799 header.mTitle = titleStar;
3800 }
3801 linkHeaders.AppendElement(header);
3802 }
3803
3804 titleStar.Truncate();
3805 header.Reset();
3806
3807 seenParameters = false;
3808 }
3809
3810 start = ++end;
3811 }
3812
3813 header.mHref.Trim(" \t\n\r\f"); // trim HTML5 whitespace
3814 if (!header.mHref.IsEmpty() && !header.mRel.IsEmpty()) {
3815 if (!titleStar.IsEmpty()) {
3816 // prefer RFC 5987 variant over non-I18zed version
3817 header.mTitle = titleStar;
3818 }
3819 linkHeaders.AppendElement(header);
3820 }
3821
3822 return linkHeaders;
3823 }
3824
3825 void LinkHeader::MaybeUpdateAttribute(const nsAString& aAttribute,
3826 const char16_t* aValue) {
3827 MOZ_ASSERT(!aAttribute.LowerCaseEqualsASCII(kTitleStar.get()));
3828
3829 if (aAttribute.LowerCaseEqualsLiteral("rel")) {
3830 if (mRel.IsEmpty()) {
3831 mRel = aValue;
3832 mRel.CompressWhitespace();
3833 }
3834 } else if (aAttribute.LowerCaseEqualsLiteral("title")) {
3835 if (mTitle.IsEmpty()) {
3836 mTitle = aValue;
3837 mTitle.CompressWhitespace();
3838 }
3839 } else if (aAttribute.LowerCaseEqualsLiteral("type")) {
3840 if (mType.IsEmpty()) {
3841 mType = aValue;
3842 mType.StripWhitespace();
3843 }
3844 } else if (aAttribute.LowerCaseEqualsLiteral("media")) {
3845 if (mMedia.IsEmpty()) {
3846 mMedia = aValue;
3847
3848 // The HTML5 spec is formulated in terms of the CSS3 spec,
3849 // which specifies that media queries are case insensitive.
3850 nsContentUtils::ASCIIToLower(mMedia);
3851 }
3852 } else if (aAttribute.LowerCaseEqualsLiteral("anchor")) {
3853 if (mAnchor.IsEmpty()) {
3854 mAnchor = aValue;
3855 mAnchor.StripWhitespace();
3856 }
3857 } else if (aAttribute.LowerCaseEqualsLiteral("crossorigin")) {
3858 if (mCrossOrigin.IsVoid()) {
3859 mCrossOrigin.SetIsVoid(false);
3860 mCrossOrigin = aValue;
3861 mCrossOrigin.StripWhitespace();
3862 }
3863 } else if (aAttribute.LowerCaseEqualsLiteral("as")) {
3864 if (mAs.IsEmpty()) {
3865 mAs = aValue;
3866 mAs.CompressWhitespace();
3867 }
3868 } else if (aAttribute.LowerCaseEqualsLiteral("referrerpolicy")) {
3869 // https://html.spec.whatwg.org/multipage/urls-and-fetching.html#referrer-policy-attribute
3870 // Specs says referrer policy attribute is an enumerated attribute,
3871 // case insensitive and includes the empty string
3872 // We will parse the aValue with AttributeReferrerPolicyFromString
3873 // later, which will handle parsing it as an enumerated attribute.
3874 if (mReferrerPolicy.IsEmpty()) {
3875 mReferrerPolicy = aValue;
3876 }
3877
3878 } else if (aAttribute.LowerCaseEqualsLiteral("nonce")) {
3879 if (mNonce.IsEmpty()) {
3880 mNonce = aValue;
3881 }
3882 } else if (aAttribute.LowerCaseEqualsLiteral("integrity")) {
3883 if (mIntegrity.IsEmpty()) {
3884 mIntegrity = aValue;
3885 }
3886 } else if (aAttribute.LowerCaseEqualsLiteral("imagesrcset")) {
3887 if (mSrcset.IsEmpty()) {
3888 mSrcset = aValue;
3889 }
3890 } else if (aAttribute.LowerCaseEqualsLiteral("imagesizes")) {
3891 if (mSizes.IsEmpty()) {
3892 mSizes = aValue;
3893 }
3894 } else if (aAttribute.LowerCaseEqualsLiteral("fetchpriority")) {
3895 if (mFetchPriority.IsEmpty()) {
3896 LOG(("Update fetchPriority to \"%s\"",
3897 NS_ConvertUTF16toUTF8(aValue).get()));
3898 mFetchPriority = aValue;
3899 }
3900 }
3901 }
3902
3903 // We will use official mime-types from:
3904 // https://www.iana.org/assignments/media-types/media-types.xhtml#font
3905 // We do not support old deprecated mime-types for preload feature.
3906 // (We currectly do not support font/collection)
3907 static uint32_t StyleLinkElementFontMimeTypesNum = 5;
3908 static const char* StyleLinkElementFontMimeTypes[] = {
3909 "font/otf", "font/sfnt", "font/ttf", "font/woff", "font/woff2"};
3910
3911 bool IsFontMimeType(const nsAString& aType) {
3912 if (aType.IsEmpty()) {
3913 return true;
3914 }
3915 for (uint32_t i = 0; i < StyleLinkElementFontMimeTypesNum; i++) {
3916 if (aType.EqualsASCII(StyleLinkElementFontMimeTypes[i])) {
3917 return true;
3918 }
3919 }
3920 return false;
3921 }
3922
3923 static const nsAttrValue::EnumTable kAsAttributeTable[] = {
3924 {"", DESTINATION_INVALID}, {"audio", DESTINATION_AUDIO},
3925 {"font", DESTINATION_FONT}, {"image", DESTINATION_IMAGE},
3926 {"script", DESTINATION_SCRIPT}, {"style", DESTINATION_STYLE},
3927 {"track", DESTINATION_TRACK}, {"video", DESTINATION_VIDEO},
3928 {"fetch", DESTINATION_FETCH}, {nullptr, 0}};
3929
3930 void ParseAsValue(const nsAString& aValue, nsAttrValue& aResult) {
3931 DebugOnly<bool> success =
3932 aResult.ParseEnumValue(aValue, kAsAttributeTable, false,
3933 // default value is a empty string
3934 // if aValue is not a value we
3935 // understand
3936 &kAsAttributeTable[0]);
3937 MOZ_ASSERT(success);
3938 }
3939
3940 nsContentPolicyType AsValueToContentPolicy(const nsAttrValue& aValue) {
3941 switch (aValue.GetEnumValue()) {
3942 case DESTINATION_INVALID:
3943 return nsIContentPolicy::TYPE_INVALID;
3944 case DESTINATION_AUDIO:
3945 return nsIContentPolicy::TYPE_INTERNAL_AUDIO;
3946 case DESTINATION_TRACK:
3947 return nsIContentPolicy::TYPE_INTERNAL_TRACK;
3948 case DESTINATION_VIDEO:
3949 return nsIContentPolicy::TYPE_INTERNAL_VIDEO;
3950 case DESTINATION_FONT:
3951 return nsIContentPolicy::TYPE_FONT;
3952 case DESTINATION_IMAGE:
3953 return nsIContentPolicy::TYPE_IMAGE;
3954 case DESTINATION_SCRIPT:
3955 return nsIContentPolicy::TYPE_SCRIPT;
3956 case DESTINATION_STYLE:
3957 return nsIContentPolicy::TYPE_STYLESHEET;
3958 case DESTINATION_FETCH:
3959 return nsIContentPolicy::TYPE_INTERNAL_FETCH_PRELOAD;
3960 }
3961 return nsIContentPolicy::TYPE_INVALID;
3962 }
3963
3964 // TODO: implement this using nsAttrValue's destination enums when support for
3965 // the new destinations is added; see this diff for a possible start:
3966 // https://phabricator.services.mozilla.com/D172368?vs=705114&id=708720
3967 bool IsScriptLikeOrInvalid(const nsAString& aAs) {
3968 return !(
3969 aAs.LowerCaseEqualsASCII("fetch") || aAs.LowerCaseEqualsASCII("audio") ||
3970 aAs.LowerCaseEqualsASCII("document") ||
3971 aAs.LowerCaseEqualsASCII("embed") || aAs.LowerCaseEqualsASCII("font") ||
3972 aAs.LowerCaseEqualsASCII("frame") || aAs.LowerCaseEqualsASCII("iframe") ||
3973 aAs.LowerCaseEqualsASCII("image") ||
3974 aAs.LowerCaseEqualsASCII("manifest") ||
3975 aAs.LowerCaseEqualsASCII("object") ||
3976 aAs.LowerCaseEqualsASCII("report") || aAs.LowerCaseEqualsASCII("style") ||
3977 aAs.LowerCaseEqualsASCII("track") || aAs.LowerCaseEqualsASCII("video") ||
3978 aAs.LowerCaseEqualsASCII("webidentity") ||
3979 aAs.LowerCaseEqualsASCII("xslt"));
3980 }
3981
3982 bool CheckPreloadAttrs(const nsAttrValue& aAs, const nsAString& aType,
3983 const nsAString& aMedia,
3984 mozilla::dom::Document* aDocument) {
3985 nsContentPolicyType policyType = AsValueToContentPolicy(aAs);
3986 if (policyType == nsIContentPolicy::TYPE_INVALID) {
3987 return false;
3988 }
3989
3990 // Check if media attribute is valid.
3991 if (!aMedia.IsEmpty()) {
3992 RefPtr<mozilla::dom::MediaList> mediaList =
3993 mozilla::dom::MediaList::Create(NS_ConvertUTF16toUTF8(aMedia));
3994 if (!mediaList->Matches(*aDocument)) {
3995 return false;
3996 }
3997 }
3998
3999 if (aType.IsEmpty()) {
4000 return true;
4001 }
4002
4003 if (policyType == nsIContentPolicy::TYPE_INTERNAL_FETCH_PRELOAD) {
4004 return true;
4005 }
4006
4007 nsAutoString type(aType);
4008 ToLowerCase(type);
4009 if (policyType == nsIContentPolicy::TYPE_MEDIA) {
4010 if (aAs.GetEnumValue() == DESTINATION_TRACK) {
4011 return type.EqualsASCII("text/vtt");
4012 }
4013 Maybe<MediaContainerType> mimeType = MakeMediaContainerType(aType);
4014 if (!mimeType) {
4015 return false;
4016 }
4017 DecoderDoctorDiagnostics diagnostics;
4018 CanPlayStatus status =
4019 DecoderTraits::CanHandleContainerType(*mimeType, &diagnostics);
4020 // Preload if this return CANPLAY_YES and CANPLAY_MAYBE.
4021 return status != CANPLAY_NO;
4022 }
4023 if (policyType == nsIContentPolicy::TYPE_FONT) {
4024 return IsFontMimeType(type);
4025 }
4026 if (policyType == nsIContentPolicy::TYPE_IMAGE) {
4027 return imgLoader::SupportImageWithMimeType(
4028 NS_ConvertUTF16toUTF8(type), AcceptedMimeTypes::IMAGES_AND_DOCUMENTS);
4029 }
4030 if (policyType == nsIContentPolicy::TYPE_SCRIPT) {
4031 return nsContentUtils::IsJavascriptMIMEType(type);
4032 }
4033 if (policyType == nsIContentPolicy::TYPE_STYLESHEET) {
4034 return type.EqualsASCII("text/css");
4035 }
4036 return false;
4037 }
4038
4039 void WarnIgnoredPreload(const mozilla::dom::Document& aDoc, nsIURI& aURI) {
4040 AutoTArray<nsString, 1> params;
4041 {
4042 nsCString uri = nsContentUtils::TruncatedURLForDisplay(&aURI);
4043 AppendUTF8toUTF16(uri, *params.AppendElement());
4044 }
4045 nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, "DOM"_ns, &aDoc,
4046 nsContentUtils::eDOM_PROPERTIES,
4047 "PreloadIgnoredInvalidAttr", params);
4048 }
4049
4050 nsresult HasRootDomain(const nsACString& aInput, const nsACString& aHost,
4051 bool* aResult) {
4052 if (NS_WARN_IF(!aResult)) {
4053 return NS_ERROR_FAILURE;
4054 }
4055
4056 *aResult = false;
4057
4058 // If the strings are the same, we obviously have a match.
4059 if (aInput == aHost) {
4060 *aResult = true;
4061 return NS_OK;
4062 }
4063
4064 // If aHost is not found, we know we do not have it as a root domain.
4065 int32_t index = nsAutoCString(aInput).Find(aHost);
4066 if (index == kNotFound) {
4067 return NS_OK;
4068 }
4069
4070 // Otherwise, we have aHost as our root domain iff the index of aHost is
4071 // aHost.length subtracted from our length and (since we do not have an
4072 // exact match) the character before the index is a dot or slash.
4073 *aResult = index > 0 && (uint32_t)index == aInput.Length() - aHost.Length() &&
4074 (aInput[index - 1] == '.' || aInput[index - 1] == '/');
4075 return NS_OK;
4076 }
4077
4078 void CheckForBrokenChromeURL(nsILoadInfo* aLoadInfo, nsIURI* aURI) {
4079 if (!aURI) {
4080 return;
4081 }
4082 nsAutoCString scheme;
4083 aURI->GetScheme(scheme);
4084 if (!scheme.EqualsLiteral("chrome") && !scheme.EqualsLiteral("resource")) {
4085 return;
4086 }
4087 nsAutoCString host;
4088 aURI->GetHost(host);
4089 // Ignore test hits.
4090 if (host.EqualsLiteral("mochitests") || host.EqualsLiteral("reftest")) {
4091 return;
4092 }
4093
4094 nsAutoCString filePath;
4095 aURI->GetFilePath(filePath);
4096 // Fluent likes checking for files everywhere and expects failure.
4097 if (StringEndsWith(filePath, ".ftl"_ns)) {
4098 return;
4099 }
4100
4101 // Ignore fetches/xhrs, as they are frequently used in a way where
4102 // non-existence is OK (ie with fallbacks). This risks false negatives (ie
4103 // files that *should* be there but aren't) - which we accept for now.
4104 ExtContentPolicy policy = aLoadInfo
4105 ? aLoadInfo->GetExternalContentPolicyType()
4106 : ExtContentPolicy::TYPE_OTHER;
4107 if (policy == ExtContentPolicy::TYPE_FETCH ||
4108 policy == ExtContentPolicy::TYPE_XMLHTTPREQUEST) {
4109 return;
4110 }
4111
4112 if (aLoadInfo) {
4113 bool shouldSkipCheckForBrokenURLOrZeroSized;
4114 MOZ_ALWAYS_SUCCEEDS(aLoadInfo->GetShouldSkipCheckForBrokenURLOrZeroSized(
4115 &shouldSkipCheckForBrokenURLOrZeroSized));
4116 if (shouldSkipCheckForBrokenURLOrZeroSized) {
4117 return;
4118 }
4119 }
4120
4121 nsCString spec;
4122 aURI->GetSpec(spec);
4123
4124 #ifdef ANDROID
4125 // Various toolkit files use this and are shipped on android, but
4126 // info-pages.css and aboutLicense.css are not - bug 1808987
4127 if (StringEndsWith(spec, "info-pages.css"_ns) ||
4128 StringEndsWith(spec, "aboutLicense.css"_ns) ||
4129 // Error page CSS is also missing: bug 1810039
4130 StringEndsWith(spec, "aboutNetError.css"_ns) ||
4131 StringEndsWith(spec, "aboutHttpsOnlyError.css"_ns) ||
4132 StringEndsWith(spec, "error-pages.css"_ns) ||
4133 // popup.css is used in a single mochitest: bug 1810577
4134 StringEndsWith(spec, "/popup.css"_ns) ||
4135 // Used by an extension installation test - bug 1809650
4136 StringBeginsWith(spec, "resource://android/assets/web_extensions/"_ns)) {
4137 return;
4138 }
4139 #endif
4140
4141 // DTD files from gre may not exist when requested by tests.
4142 if (StringBeginsWith(spec, "resource://gre/res/dtd/"_ns)) {
4143 return;
4144 }
4145
4146 // The background task machinery allows the caller to specify a JSM on the
4147 // command line, which is then looked up in both app-specific and toolkit-wide
4148 // locations.
4149 if (spec.Find("backgroundtasks") != kNotFound) {
4150 return;
4151 }
4152
4153 if (xpc::IsInAutomation()) {
4154 #ifdef DEBUG
4155 if (NS_IsMainThread()) {
4156 nsCOMPtr<nsIXPConnect> xpc = nsIXPConnect::XPConnect();
4157 Unused << xpc->DebugDumpJSStack(false, false, false);
4158 }
4159 #endif
4160 MOZ_CRASH_UNSAFE_PRINTF("Missing chrome or resource URLs: %s", spec.get());
4161 } else {
4162 printf_stderr("Missing chrome or resource URL: %s\n", spec.get());
4163 }
4164 }
4165
4166 bool IsCoepCredentiallessEnabled(bool aIsOriginTrialCoepCredentiallessEnabled) {
4167 return StaticPrefs::
4168 browser_tabs_remote_coep_credentialless_DoNotUseDirectly() ||
4169 aIsOriginTrialCoepCredentiallessEnabled;
4170 }
4171
4172 } // namespace net
4173 } // namespace mozilla