Bug 1870499 - disable test_youtube_flash_embed.html on linux debug for causing multip...
[gecko.git] / caps / nsScriptSecurityManager.h
blobbc55a70ad6128c85b608d2e969c71e8481a393ae
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=4 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef nsScriptSecurityManager_h__
8 #define nsScriptSecurityManager_h__
10 #include "nsIScriptSecurityManager.h"
12 #include "mozilla/Maybe.h"
13 #include "nsIPrincipal.h"
14 #include "nsCOMPtr.h"
15 #include "nsServiceManagerUtils.h"
16 #include "nsStringFwd.h"
17 #include "js/TypeDecls.h"
19 #include <stdint.h>
21 class nsIIOService;
22 class nsIStringBundle;
24 namespace mozilla {
25 class OriginAttributes;
26 class SystemPrincipal;
27 } // namespace mozilla
29 namespace JS {
30 enum class RuntimeCode;
31 } // namespace JS
33 /////////////////////////////
34 // nsScriptSecurityManager //
35 /////////////////////////////
36 #define NS_SCRIPTSECURITYMANAGER_CID \
37 { \
38 0x7ee2a4c0, 0x4b93, 0x17d3, { \
39 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 \
40 } \
43 class nsScriptSecurityManager final : public nsIScriptSecurityManager {
44 public:
45 static void Shutdown();
47 NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
49 NS_DECL_ISUPPORTS
50 NS_DECL_NSISCRIPTSECURITYMANAGER
52 static nsScriptSecurityManager* GetScriptSecurityManager();
54 // Invoked exactly once, by XPConnect.
55 static void InitStatics();
57 void InitJSCallbacks(JSContext* aCx);
59 // This has to be static because it is called after gScriptSecMan is cleared.
60 static void ClearJSCallbacks(JSContext* aCx);
62 static already_AddRefed<mozilla::SystemPrincipal>
63 SystemPrincipalSingletonConstructor();
65 /**
66 * Utility method for comparing two URIs. For security purposes, two URIs
67 * are equivalent if their schemes, hosts, and ports (if any) match. This
68 * method returns true if aSubjectURI and aObjectURI have the same origin,
69 * false otherwise.
71 static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
72 static uint32_t SecurityHashURI(nsIURI* aURI);
74 static nsresult ReportError(const char* aMessageTag, nsIURI* aSource,
75 nsIURI* aTarget, bool aFromPrivateWindow,
76 uint64_t aInnerWindowID = 0);
77 static nsresult ReportError(const char* aMessageTag,
78 const nsACString& sourceSpec,
79 const nsACString& targetSpec,
80 bool aFromPrivateWindow,
81 uint64_t aInnerWindowID = 0);
83 static uint32_t HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
85 static bool GetStrictFileOriginPolicy() { return sStrictFileOriginPolicy; }
87 void DeactivateDomainPolicy();
89 private:
90 // GetScriptSecurityManager is the only call that can make one
91 nsScriptSecurityManager();
92 virtual ~nsScriptSecurityManager();
94 // Decides, based on CSP, whether or not eval() and stuff can be executed.
95 static bool ContentSecurityPolicyPermitsJSAction(JSContext* cx,
96 JS::RuntimeCode kind,
97 JS::Handle<JSString*> aCode);
99 static bool JSPrincipalsSubsume(JSPrincipals* first, JSPrincipals* second);
101 nsresult Init();
103 nsresult InitPrefs();
105 static void ScriptSecurityPrefChanged(const char* aPref, void* aSelf);
106 void ScriptSecurityPrefChanged(const char* aPref = nullptr);
108 inline void AddSitesToFileURIAllowlist(const nsCString& aSiteList);
110 nsresult GetChannelResultPrincipal(nsIChannel* aChannel,
111 nsIPrincipal** aPrincipal,
112 bool aIgnoreSandboxing);
114 nsresult CheckLoadURIFlags(nsIURI* aSourceURI, nsIURI* aTargetURI,
115 nsIURI* aSourceBaseURI, nsIURI* aTargetBaseURI,
116 uint32_t aFlags, bool aFromPrivateWindow,
117 uint64_t aInnerWindowID);
119 // Returns the file URI allowlist, initializing it if it has not been
120 // initialized.
121 const nsTArray<nsCOMPtr<nsIURI>>& EnsureFileURIAllowlist();
123 nsCOMPtr<nsIPrincipal> mSystemPrincipal;
124 bool mPrefInitialized;
125 bool mIsJavaScriptEnabled;
127 // List of URIs whose domains and sub-domains are allowlisted to allow
128 // access to file: URIs. Lazily initialized; isNothing() when not yet
129 // initialized.
130 mozilla::Maybe<nsTArray<nsCOMPtr<nsIURI>>> mFileURIAllowlist;
132 // This machinery controls new-style domain policies. The old-style
133 // policy machinery will be removed soon.
134 nsCOMPtr<nsIDomainPolicy> mDomainPolicy;
136 static std::atomic<bool> sStrictFileOriginPolicy;
138 static mozilla::StaticRefPtr<nsIIOService> sIOService;
139 static nsIStringBundle* sStrBundle;
142 #endif // nsScriptSecurityManager_h__