Bug 1882593 [wpt PR 44836] - Add test for unknown, invalid ancillary chunk which...
[gecko.git] / dom / security / ReferrerInfo.h
blobb62afbb93486a64c95f0da7d1d1ea8c90052fb6b
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef mozilla_dom_ReferrerInfo_h
8 #define mozilla_dom_ReferrerInfo_h
10 #include "nsCOMPtr.h"
11 #include "nsIReferrerInfo.h"
12 #include "nsReadableUtils.h"
13 #include "mozilla/Maybe.h"
14 #include "mozilla/HashFunctions.h"
15 #include "mozilla/dom/ReferrerPolicyBinding.h"
17 #define REFERRERINFOF_CONTRACTID "@mozilla.org/referrer-info;1"
18 // 041a129f-10ce-4bda-a60d-e027a26d5ed0
19 #define REFERRERINFO_CID \
20 { \
21 0x041a129f, 0x10ce, 0x4bda, { \
22 0xa6, 0x0d, 0xe0, 0x27, 0xa2, 0x6d, 0x5e, 0xd0 \
23 } \
26 class nsIHttpChannel;
27 class nsIURI;
28 class nsIChannel;
29 class nsILoadInfo;
30 class nsINode;
31 class nsIPrincipal;
33 namespace mozilla {
34 class StyleSheet;
35 class URLAndReferrerInfo;
37 namespace net {
38 class HttpBaseChannel;
39 class nsHttpChannel;
40 } // namespace net
41 } // namespace mozilla
43 namespace mozilla::dom {
45 /**
46 * The ReferrerInfo class holds the raw referrer and potentially a referrer
47 * policy which allows to query the computed referrer which should be applied to
48 * a channel as the actual referrer value.
50 * The ReferrerInfo class solely contains readonly fields and represents a 1:1
51 * sync to the referrer header of the corresponding channel. In turn that means
52 * the class is immutable - so any modifications require to clone the current
53 * ReferrerInfo.
55 * For example if a request undergoes a redirect, the new channel
56 * will need a new ReferrerInfo clone with members being updated accordingly.
59 class ReferrerInfo : public nsIReferrerInfo {
60 public:
61 typedef enum ReferrerPolicy ReferrerPolicyEnum;
62 ReferrerInfo();
64 explicit ReferrerInfo(
65 nsIURI* aOriginalReferrer,
66 ReferrerPolicyEnum aPolicy = ReferrerPolicy::_empty,
67 bool aSendReferrer = true,
68 const Maybe<nsCString>& aComputedReferrer = Maybe<nsCString>());
70 // Creates already initialized ReferrerInfo from an element or a document.
71 explicit ReferrerInfo(const Element&);
72 explicit ReferrerInfo(const Document&);
74 // Creates already initialized ReferrerInfo from an element or a document with
75 // a specific referrer policy.
76 ReferrerInfo(const Element&, ReferrerPolicyEnum);
78 // create an exact copy of the ReferrerInfo
79 already_AddRefed<ReferrerInfo> Clone() const;
81 // create an copy of the ReferrerInfo with new referrer policy
82 already_AddRefed<ReferrerInfo> CloneWithNewPolicy(
83 ReferrerPolicyEnum aPolicy) const;
85 // create an copy of the ReferrerInfo with new send referrer
86 already_AddRefed<ReferrerInfo> CloneWithNewSendReferrer(
87 bool aSendReferrer) const;
89 // create an copy of the ReferrerInfo with new original referrer
90 already_AddRefed<ReferrerInfo> CloneWithNewOriginalReferrer(
91 nsIURI* aOriginalReferrer) const;
93 // Record the telemetry for the referrer policy.
94 void RecordTelemetry(nsIHttpChannel* aChannel);
97 * Helper function to create a new ReferrerInfo object from a given document
98 * and override referrer policy if needed (for example, when parsing link
99 * header or speculative loading).
101 * @param aDocument the document to init referrerInfo object.
102 * @param aPolicyOverride referrer policy to override if necessary.
104 static already_AddRefed<nsIReferrerInfo> CreateFromDocumentAndPolicyOverride(
105 Document* aDoc, ReferrerPolicyEnum aPolicyOverride);
108 * Implements step 3.1 and 3.3 of the Determine request's Referrer algorithm
109 * from the Referrer Policy specification.
111 * https://w3c.github.io/webappsec/specs/referrer-policy/#determine-requests-referrer
113 static already_AddRefed<nsIReferrerInfo> CreateForFetch(
114 nsIPrincipal* aPrincipal, Document* aDoc);
117 * Helper function to create new ReferrerInfo object from a given external
118 * stylesheet. The returned nsIReferrerInfo object will be used for any
119 * requests or resources referenced by the sheet.
121 * @param aSheet the stylesheet to init referrerInfo.
122 * @param aPolicy referrer policy from header if there's any.
124 static already_AddRefed<nsIReferrerInfo> CreateForExternalCSSResources(
125 StyleSheet* aExternalSheet,
126 ReferrerPolicyEnum aPolicy = ReferrerPolicy::_empty);
129 * Helper function to create new ReferrerInfo object from a given document.
130 * The returned nsIReferrerInfo object will be used for any requests or
131 * resources referenced by internal stylesheet (for example style="" or
132 * wrapped by <style> tag), as well as SVG resources.
134 * @param aDocument the document to init referrerInfo object.
136 static already_AddRefed<nsIReferrerInfo> CreateForInternalCSSAndSVGResources(
137 Document* aDocument);
140 * Check whether the given referrer's scheme is allowed to be computed and
141 * sent. The allowlist schemes are: http, https.
143 static bool IsReferrerSchemeAllowed(nsIURI* aReferrer);
146 * The Referrer Policy should be inherited for nested browsing contexts that
147 * are not created from responses. Such as: srcdoc, data, blob.
149 static bool ShouldResponseInheritReferrerInfo(nsIChannel* aChannel);
152 * Check whether referrer is allowed to send in secure to insecure scenario.
154 static nsresult HandleSecureToInsecureReferral(nsIURI* aOriginalURI,
155 nsIURI* aURI,
156 ReferrerPolicyEnum aPolicy,
157 bool& aAllowed);
160 * Returns true if the given channel is cross-origin request
162 * Computing whether the request is cross-origin may be expensive, so please
163 * do that in cases where we're going to use this information later on.
165 static bool IsCrossOriginRequest(nsIHttpChannel* aChannel);
168 * Returns true if aReferrer's origin and aChannel's URI are cross-origin.
170 static bool IsReferrerCrossOrigin(nsIHttpChannel* aChannel,
171 nsIURI* aReferrer);
174 * Returns true if the given channel is cross-site request.
176 static bool IsCrossSiteRequest(nsIHttpChannel* aChannel);
179 * Returns true if the given channel is suppressed by Referrer-Policy header
180 * and should set "null" to Origin header.
182 static bool ShouldSetNullOriginHeader(net::HttpBaseChannel* aChannel,
183 nsIURI* aOriginURI);
186 * Getter for network.http.sendRefererHeader.
188 static uint32_t GetUserReferrerSendingPolicy();
191 * Getter for network.http.referer.XOriginPolicy.
193 static uint32_t GetUserXOriginSendingPolicy();
196 * Getter for network.http.referer.trimmingPolicy.
198 static uint32_t GetUserTrimmingPolicy();
201 * Getter for network.http.referer.XOriginTrimmingPolicy.
203 static uint32_t GetUserXOriginTrimmingPolicy();
206 * Return default referrer policy which is controlled by user
207 * prefs:
208 * network.http.referer.defaultPolicy for regular mode
209 * network.http.referer.defaultPolicy.trackers for third-party trackers
210 * in regular mode
211 * network.http.referer.defaultPolicy.pbmode for private mode
212 * network.http.referer.defaultPolicy.trackers.pbmode for third-party trackers
213 * in private mode
215 static ReferrerPolicyEnum GetDefaultReferrerPolicy(
216 nsIHttpChannel* aChannel = nullptr, nsIURI* aURI = nullptr,
217 bool aPrivateBrowsing = false);
220 * Return default referrer policy for third party which is controlled by user
221 * prefs:
222 * network.http.referer.defaultPolicy.trackers for regular mode
223 * network.http.referer.defaultPolicy.trackers.pbmode for private mode
225 static ReferrerPolicyEnum GetDefaultThirdPartyReferrerPolicy(
226 bool aPrivateBrowsing = false);
229 * Helper function to parse ReferrerPolicy from meta tag referrer content.
230 * For example: <meta name="referrer" content="origin">
232 * @param aContent content string to be transformed into ReferrerPolicyEnum,
233 * e.g. "origin".
235 static ReferrerPolicyEnum ReferrerPolicyFromMetaString(
236 const nsAString& aContent);
239 * Helper function to parse ReferrerPolicy from string content of
240 * referrerpolicy attribute.
241 * For example: <a href="http://example.com" referrerpolicy="no-referrer">
243 * @param aContent content string to be transformed into ReferrerPolicyEnum,
244 * e.g. "no-referrer".
246 static ReferrerPolicyEnum ReferrerPolicyAttributeFromString(
247 const nsAString& aContent);
250 * Helper function to parse ReferrerPolicy from string content of
251 * Referrer-Policy header.
252 * For example: Referrer-Policy: origin no-referrer
253 * https://www.w3.org/tr/referrer-policy/#parse-referrer-policy-from-header
255 * @param aContent content string to be transformed into ReferrerPolicyEnum.
256 * e.g. "origin no-referrer"
258 static ReferrerPolicyEnum ReferrerPolicyFromHeaderString(
259 const nsAString& aContent);
262 * Hash function for this object
264 HashNumber Hash() const;
266 NS_DECL_THREADSAFE_ISUPPORTS
267 NS_DECL_NSIREFERRERINFO
268 NS_DECL_NSISERIALIZABLE
270 private:
271 virtual ~ReferrerInfo() = default;
273 ReferrerInfo(const ReferrerInfo& rhs);
276 * Trimming policy when compute referrer, indicate how much information in the
277 * referrer will be sent. Order matters here.
279 enum TrimmingPolicy : uint32_t {
280 ePolicyFullURI = 0,
281 ePolicySchemeHostPortPath = 1,
282 ePolicySchemeHostPort = 2,
286 * Referrer sending policy, indicates type of action could trigger to send
287 * referrer header, not send at all, send only with user's action (click on a
288 * link) or send even with inline content request (image request).
289 * Order matters here.
291 enum ReferrerSendingPolicy : uint32_t {
292 ePolicyNotSend = 0,
293 ePolicySendWhenUserTrigger = 1,
294 ePolicySendInlineContent = 2,
298 * Sending referrer when cross origin policy, indicates when referrer should
299 * be send when compare 2 origins. Order matters here.
301 enum XOriginSendingPolicy : uint32_t {
302 ePolicyAlwaysSend = 0,
303 ePolicySendWhenSameDomain = 1,
304 ePolicySendWhenSameHost = 2,
308 * Handle user controlled pref network.http.referer.XOriginPolicy
310 nsresult HandleUserXOriginSendingPolicy(nsIURI* aURI, nsIURI* aReferrer,
311 bool& aAllowed) const;
314 * Handle user controlled pref network.http.sendRefererHeader
316 nsresult HandleUserReferrerSendingPolicy(nsIHttpChannel* aChannel,
317 bool& aAllowed) const;
320 * Compute trimming policy from user controlled prefs.
321 * This function is called when we already made sure a nonempty referrer is
322 * allowed to send.
324 TrimmingPolicy ComputeTrimmingPolicy(nsIHttpChannel* aChannel,
325 nsIURI* aReferrer) const;
327 // HttpBaseChannel could access IsInitialized() and ComputeReferrer();
328 friend class mozilla::net::HttpBaseChannel;
331 * Compute referrer for a given channel. The computation result then will be
332 * stored in this class and then used to set the actual referrer header of
333 * the channel. The computation could be controlled by several user prefs
334 * which are defined in StaticPrefList.yaml (see StaticPrefList.yaml for more
335 * details):
336 * network.http.sendRefererHeader
337 * network.http.referer.spoofSource
338 * network.http.referer.hideOnionSource
339 * network.http.referer.XOriginPolicy
340 * network.http.referer.trimmingPolicy
341 * network.http.referer.XOriginTrimmingPolicy
343 nsresult ComputeReferrer(nsIHttpChannel* aChannel);
346 * Check whether the ReferrerInfo has been initialized or not.
348 bool IsInitialized() { return mInitialized; }
350 // nsHttpChannel, Document could access IsPolicyOverrided();
351 friend class mozilla::net::nsHttpChannel;
352 friend class mozilla::dom::Document;
354 * Check whether if unset referrer policy is overrided by default or not
356 bool IsPolicyOverrided() { return mOverridePolicyByDefault; }
359 * Get origin string from a given valid referrer URI (http, https)
361 * @aReferrer - the full referrer URI
362 * @aResult - the resulting aReferrer in string format.
364 nsresult GetOriginFromReferrerURI(nsIURI* aReferrer,
365 nsACString& aResult) const;
368 * Trim a given referrer with a given a trimming policy,
370 nsresult TrimReferrerWithPolicy(nsIURI* aReferrer,
371 TrimmingPolicy aTrimmingPolicy,
372 nsACString& aResult) const;
375 * Returns true if we should ignore less restricted referrer policies,
376 * including 'unsafe_url', 'no_referrer_when_downgrade' and
377 * 'origin_when_cross_origin', for the given channel. We only apply this
378 * restriction for cross-site requests. For the same-site request, we will
379 * still allow overriding the default referrer policy with less restricted
380 * one.
382 * Note that the channel triggered by the system and the extension will be
383 * exempt from this restriction.
385 bool ShouldIgnoreLessRestrictedPolicies(
386 nsIHttpChannel* aChannel, const ReferrerPolicyEnum aPolicy) const;
389 * Limit referrer length using the following ruleset:
390 * - If the length of referrer URL is over max length, strip down to origin.
391 * - If the origin is still over max length, remove the referrer entirely.
393 * This function comlements TrimReferrerPolicy and needs to be called right
394 * after TrimReferrerPolicy.
396 * @aChannel - used to query information needed for logging to the console.
397 * @aReferrer - the full referrer URI; needs to be identical to aReferrer
398 * passed to TrimReferrerPolicy.
399 * @aTrimmingPolicy - represents the trimming policy which was applied to the
400 * referrer; needs to be identical to aTrimmingPolicy
401 * passed to TrimReferrerPolicy.
402 * @aInAndOutTrimmedReferrer - an in and outgoing argument representing the
403 * referrer value. Please pass the result of
404 * TrimReferrerWithPolicy as
405 * aInAndOutTrimmedReferrer which will then be
406 * reduced to the origin or completely truncated
407 * in case the referrer value exceeds the length
408 * limitation.
410 nsresult LimitReferrerLength(nsIHttpChannel* aChannel, nsIURI* aReferrer,
411 TrimmingPolicy aTrimmingPolicy,
412 nsACString& aInAndOutTrimmedReferrer) const;
415 * The helper function to read the old data format before gecko 100 for
416 * deserialization.
418 nsresult ReadTailDataBeforeGecko100(const uint32_t& aData,
419 nsIObjectInputStream* aInputStream);
422 * Write message to the error console
424 void LogMessageToConsole(nsIHttpChannel* aChannel, const char* aMsg,
425 const nsTArray<nsString>& aParams) const;
427 friend class mozilla::URLAndReferrerInfo;
429 nsCOMPtr<nsIURI> mOriginalReferrer;
431 ReferrerPolicyEnum mPolicy;
433 // The referrer policy that has been set originally for the channel. Note that
434 // the policy may have been overridden by the default referrer policy, so we
435 // need to keep track of this if we need to recover the original referrer
436 // policy.
437 ReferrerPolicyEnum mOriginalPolicy;
439 // Indicates if the referrer should be sent or not even when it's available
440 // (default is true).
441 bool mSendReferrer;
443 // Since the ReferrerInfo is immutable, we use this member as a helper to
444 // ensure no one can call e.g. init() twice to modify state of the
445 // ReferrerInfo.
446 bool mInitialized;
448 // Indicates if unset referrer policy is overrided by default
449 bool mOverridePolicyByDefault;
451 // Store a computed referrer for a given channel
452 Maybe<nsCString> mComputedReferrer;
454 #ifdef DEBUG
455 // Indicates if the telemetry has been recorded. This is used to make sure the
456 // telemetry will be only recored once.
457 bool mTelemetryRecorded = false;
458 #endif // DEBUG
461 } // namespace mozilla::dom
463 #endif // mozilla_dom_ReferrerInfo_h