| blob | aee023d3546ea6f856dead4c7f016d75a42737ae |
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 sw=2 et tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
47 }
50 NS_PRINCIPAL_CID)
59 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
60 // Assert that the URI we get here isn't any of the schemes that we know we
61 // should not get here. These schemes always either inherit their principal
62 // or fall back to a null principal. These are schemes which return
63 // URI_INHERITS_SECURITY_CONTEXT from their protocol handler's
64 // GetProtocolFlags function.
70 #endif
71 }
84 }
86 /* static */
91 }
96 }
101 // Handle non-strict file:// uris.
104 // If strict file origin policy is not in effect, all local files are
105 // considered to be same-origin, so return a known dummy origin here.
108 }
110 nsresult rv;
111 // NB: This is only compiled for Thunderbird/Suite.
112 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
119 }
120 #endif
122 // We want the invariant that prinA.origin == prinB.origin i.f.f.
123 // prinA.equals(prinB). However, this requires that we impose certain
124 // constraints on the behavior and origin semantics of principals, and in
125 // particular, forbid creating origin strings for principals whose equality
126 // constraints are not expressible as strings (i.e. object equality).
127 // Moreover, we want to forbid URIs containing the magic "^" we use as a
128 // separating character for origin attributes.
129 //
130 // These constraints can generally be achieved by restricting .origin to
131 // nsIStandardURL-based URIs, but there are a few other URI schemes that we
132 // need to handle.
135 // We generally consider two about:foo origins to be same-origin, but
136 // about:blank is special since it can be generated from different
137 // sources. We check for moz-safe-about:blank since origin is an
138 // innermost URI.
149 }
153 }
155 // These URIs could technically contain a '^', but they never should.
159 }
161 }
163 // This URL can be a blobURL. In this case, we should use the 'parent'
164 // principal instead.
170 }
172 // If we reached this branch, we can only create an origin if we have a
173 // nsIStandardURL. So, we query to a nsIStandardURL, and fail if we aren't
174 // an instance of an nsIStandardURL nsIStandardURLs have the good property
175 // of escaping the '^' character in their specs, which means that we can be
176 // sure that the caret character (which is reserved for delimiting the end
177 // of the spec, and the beginning of the origin attributes) is not present
178 // in the origin string
182 }
184 // See whether we have a useful hostPort. If we do, use that.
185 nsAutoCString hostPort;
189 }
196 }
201 // The origin, when taken from the spec, should not contain the ref part of
202 // the URL.
209 }
213 }
216 }
223 // For ContentPrincipal, Subsumes is equivalent to Equals.
226 }
228 // If either the subject or the object has changed its principal by
229 // explicitly setting document.domain then the other must also have
230 // done so in order to be considered the same origin. This prevents
231 // DNS spoofing based on document.domain (154930)
232 nsresult rv;
234 // Get .domain on each principal.
239 // If either has .domain set, we have equality i.f.f. the domains match.
240 // Otherwise, we fall through to the non-document-domain-considering case.
244 #ifdef DEBUG
252 }
253 #endif
255 }
256 }
258 // Compare uris.
263 }
265 NS_IMETHODIMP
269 }
274 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
282 }
284 OriginAttributes attrs;
288 }
289 #endif
296 }
298 // If this principal is associated with an addon, check whether that addon
299 // has been given permission to load from this domain.
302 }
306 }
308 // If strict file origin policy is in effect, local files will always fail
309 // SecurityCompareURIs unless they are identical. Explicitly check file origin
310 // policy, in that case.
314 }
317 }
326 };
328 }
330 NS_IMETHODIMP
335 }
339 }
341 NS_IMETHODIMP
348 // Set the changed-document-domain flag on compartments containing realms
349 // using this principal.
354 };
363 }
369 // Special handling for a file URI.
371 // If strict file origin policy is not in effect, all local files are
372 // considered to be same-origin, so return a known dummy domain here.
377 }
379 // Otherwise, we return the file path.
385 }
386 }
393 }
395 // In case of FTP we want to get base domain via TLD service even if FTP
396 // protocol handler is disabled and the scheme is handled by external protocol
397 // handler which returns URI_NORELATIVE flag.
401 }
406 }
409 }
411 NS_IMETHODIMP
413 // Handle some special URIs first.
420 }
422 // For everything else, we ask the TLD service via the ThirdPartyUtil.
427 }
430 }
432 NS_IMETHODIMP
437 // It is possible for two principals with the same origin to have different
438 // mURI values. In order to ensure that two principals with matching origins
439 // also have matching siteOrigins, we derive the siteOrigin entirely from the
440 // origin string and do not rely on mURI at all here.
444 // We got an error parsing the origin as a URI? siteOrigin == origin
445 // aSiteOrigin was already filled with `OriginNoSuffix`
447 }
449 // Handle some special URIs first.
450 nsAutoCString baseDomain;
456 // This is a special URI ("file:", "about:", "view-source:", etc). Just
457 // return the origin.
459 }
461 // For everything else, we ask the TLD service. Note that, unlike in
462 // GetBaseDomain, we don't use ThirdPartyUtil.getBaseDomain because if the
463 // host is an IP address that returns the raw address and we can't use it with
464 // SetHost below because SetHost expects '[' and ']' around IPv6 addresses.
465 // See bug 1491728.
470 }
477 // If this is an IP address or something like "localhost", we just continue
478 // with gotBaseDomain = false.
482 }
483 }
485 // NOTE: Calling `SetHostPort` with a portless domain is insufficient to clear
486 // the port, so an extra `SetPort` call has to be made.
492 }
501 }
504 nsCString siteOrigin;
512 }
516 }
526 }
527 }
530 }
532 NS_IMETHODIMP
539 }
541 }
543 NS_IMETHODIMP
552 }
555 // Enforce re-parsing about: URIs so that if they change, we continue to use
556 // their new principals correctly.
558 nsAutoCString spec;
561 NS_ERROR_FAILURE);
562 }
568 }
572 nsAutoCString suffix;
576 OriginAttributes attrs;
580 // Since Bug 965637 we do not serialize the CSP within the
581 // Principal anymore. Nevertheless there might still be
582 // serialized Principals that do have a serialized CSP.
583 // For now, we just read the CSP here but do not actually
584 // consume it. Please note that we deliberately ignore
585 // the return value to avoid CSP deserialization problems.
586 // After Bug 1508939 we will have a new serialization for
587 // Principals which allows us to update the code here.
588 // Additionally, the format for serialized CSPs changed
589 // within Bug 965637 which also can cause failures within
590 // the CSP deserialization code.
593 nsAutoCString originNoSuffix;
600 // Note: we don't call SetDomain here because we don't need the wrapper
601 // recomputation code there (we just created this principal).
605 }
609 }
612 nsAutoCString principalURI;
616 // We turn each int enum field into a JSON string key of the object
617 // aObject is the inner JSON object that has stringified enum keys
618 // An example aObject might be:
619 //
620 // eURI eSuffix
621 // | |
622 // {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}
623 // | | | |
624 // ----------------------------- |
625 // | | |
626 // Key ----------------------
627 // |
628 // Value
632 nsAutoCString domainStr;
636 }
638 nsAutoCString suffix;
642 }
645 }
650 nsresult rv;
654 OriginAttributes attrs;
656 // The odd structure here is to make the code to not compile
657 // if all the switch enum cases haven't been codified
666 }
670 {
671 // Enforce re-parsing about: URIs so that if they change, we
672 // continue to use their new principals correctly.
674 nsAutoCString spec;
678 }
679 }
680 }
686 }
693 }
694 }
696 }
697 }
698 nsAutoCString originNoSuffix;
700 originNoSuffix);
703 }
711 }
714 }