search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1873666 [wpt PR 43897] - Add VideoTrackGenerator IDL tests, a=testonly
[gecko.git] / netwerk / base / nsNetUtil.cpp
blobb83d491dd0933a9049698addff65f14402dff149
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim:set ts=4 sw=2 sts=2 et cin: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 // HttpLog.h should generally be included first
8 #include "DecoderDoctorDiagnostics.h"
9 #include "HttpLog.h"
10
11 #include "nsNetUtil.h"
12
13 #include "mozilla/Atomics.h"
14 #include "mozilla/BasePrincipal.h"
15 #include "mozilla/Components.h"
16 #include "mozilla/Encoding.h"
17 #include "mozilla/LoadContext.h"
18 #include "mozilla/LoadInfo.h"
19 #include "mozilla/Monitor.h"
20 #include "mozilla/StaticPrefs_browser.h"
21 #include "mozilla/StaticPrefs_network.h"
22 #include "mozilla/StaticPrefs_privacy.h"
23 #include "mozilla/StoragePrincipalHelper.h"
24 #include "mozilla/TaskQueue.h"
25 #include "mozilla/Telemetry.h"
26 #include "nsBufferedStreams.h"
27 #include "nsCategoryCache.h"
28 #include "nsComponentManagerUtils.h"
29 #include "nsContentUtils.h"
30 #include "nsEscape.h"
31 #include "nsFileStreams.h"
32 #include "nsHashKeys.h"
33 #include "nsHttp.h"
34 #include "nsMimeTypes.h"
35 #include "nsIAuthPrompt.h"
36 #include "nsIAuthPrompt2.h"
37 #include "nsIAuthPromptAdapterFactory.h"
38 #include "nsIBufferedStreams.h"
39 #include "nsBufferedStreams.h"
40 #include "nsIChannelEventSink.h"
41 #include "nsIContentSniffer.h"
42 #include "mozilla/dom/Document.h"
43 #include "nsIDownloader.h"
44 #include "nsIFileProtocolHandler.h"
45 #include "nsIFileStreams.h"
46 #include "nsIFileURL.h"
47 #include "nsIIDNService.h"
48 #include "nsIInputStreamChannel.h"
49 #include "nsIInputStreamPump.h"
50 #include "nsIInterfaceRequestorUtils.h"
51 #include "nsILoadContext.h"
52 #include "nsIMIMEHeaderParam.h"
53 #include "nsINode.h"
54 #include "nsIObjectLoadingContent.h"
55 #include "nsPersistentProperties.h"
56 #include "nsIPrivateBrowsingChannel.h"
57 #include "nsIPropertyBag2.h"
58 #include "nsIProtocolProxyService.h"
59 #include "mozilla/net/RedirectChannelRegistrar.h"
60 #include "nsRequestObserverProxy.h"
61 #include "nsISensitiveInfoHiddenURI.h"
62 #include "nsISimpleStreamListener.h"
63 #include "nsISocketProvider.h"
64 #include "nsIStandardURL.h"
65 #include "nsIStreamLoader.h"
66 #include "nsIIncrementalStreamLoader.h"
67 #include "nsStringStream.h"
68 #include "nsSyncStreamListener.h"
69 #include "nsITextToSubURI.h"
70 #include "nsIURIWithSpecialOrigin.h"
71 #include "nsIViewSourceChannel.h"
72 #include "nsInterfaceRequestorAgg.h"
73 #include "nsINestedURI.h"
74 #include "mozilla/dom/nsCSPUtils.h"
75 #include "mozilla/dom/nsHTTPSOnlyUtils.h"
76 #include "mozilla/dom/nsMixedContentBlocker.h"
77 #include "mozilla/dom/BlobURLProtocolHandler.h"
78 #include "mozilla/net/HttpBaseChannel.h"
79 #include "nsIScriptError.h"
80 #include "nsISiteSecurityService.h"
81 #include "nsHttpHandler.h"
82 #include "nsNSSComponent.h"
83 #include "nsIRedirectHistoryEntry.h"
84 #include "nsICertStorage.h"
85 #include "nsICertOverrideService.h"
86 #include "nsQueryObject.h"
87 #include "mozIThirdPartyUtil.h"
88 #include "../mime/nsMIMEHeaderParamImpl.h"
89 #include "nsStandardURL.h"
90 #include "DefaultURI.h"
91 #include "nsChromeProtocolHandler.h"
92 #include "nsJSProtocolHandler.h"
93 #include "nsDataHandler.h"
94 #include "mozilla/dom/BlobURLProtocolHandler.h"
95 #include "nsStreamUtils.h"
96 #include "nsSocketTransportService2.h"
97 #include "nsViewSourceHandler.h"
98 #include "nsJARURI.h"
99 #include "nsIconURI.h"
100 #include "nsAboutProtocolHandler.h"
101 #include "nsResProtocolHandler.h"
102 #include "mozilla/net/ExtensionProtocolHandler.h"
103 #include "mozilla/net/PageThumbProtocolHandler.h"
104 #include "mozilla/net/SFVService.h"
105 #include <limits>
106 #include "nsIXPConnect.h"
107 #include "nsParserConstants.h"
108 #include "nsCRT.h"
109 #include "nsServiceManagerUtils.h"
110 #include "mozilla/dom/MediaList.h"
111 #include "MediaContainerType.h"
112 #include "DecoderTraits.h"
113 #include "imgLoader.h"
114
115 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
116 # include "nsNewMailnewsURI.h"
117 #endif
118
119 using namespace mozilla;
120 using namespace mozilla::net;
121 using mozilla::dom::BlobURLProtocolHandler;
122 using mozilla::dom::ClientInfo;
123 using mozilla::dom::PerformanceStorage;
124 using mozilla::dom::ServiceWorkerDescriptor;
125
126 #define MAX_RECURSION_COUNT 50
127
128 already_AddRefed<nsIIOService> do_GetIOService(nsresult* error /* = 0 */) {
129 nsCOMPtr<nsIIOService> io = mozilla::components::IO::Service();
130 if (error) *error = io ? NS_OK : NS_ERROR_FAILURE;
131 return io.forget();
132 }
133
134 nsresult NS_NewLocalFileInputStream(nsIInputStream** result, nsIFile* file,
135 int32_t ioFlags /* = -1 */,
136 int32_t perm /* = -1 */,
137 int32_t behaviorFlags /* = 0 */) {
138 nsresult rv;
139 nsCOMPtr<nsIFileInputStream> in =
140 do_CreateInstance(NS_LOCALFILEINPUTSTREAM_CONTRACTID, &rv);
141 if (NS_SUCCEEDED(rv)) {
142 rv = in->Init(file, ioFlags, perm, behaviorFlags);
143 if (NS_SUCCEEDED(rv)) in.forget(result);
144 }
145 return rv;
146 }
147
148 Result<nsCOMPtr<nsIInputStream>, nsresult> NS_NewLocalFileInputStream(
149 nsIFile* file, int32_t ioFlags /* = -1 */, int32_t perm /* = -1 */,
150 int32_t behaviorFlags /* = 0 */) {
151 nsCOMPtr<nsIInputStream> stream;
152 const nsresult rv = NS_NewLocalFileInputStream(getter_AddRefs(stream), file,
153 ioFlags, perm, behaviorFlags);
154 if (NS_SUCCEEDED(rv)) {
155 return stream;
156 }
157 return Err(rv);
158 }
159
160 nsresult NS_NewLocalFileOutputStream(nsIOutputStream** result, nsIFile* file,
161 int32_t ioFlags /* = -1 */,
162 int32_t perm /* = -1 */,
163 int32_t behaviorFlags /* = 0 */) {
164 nsresult rv;
165 nsCOMPtr<nsIFileOutputStream> out =
166 do_CreateInstance(NS_LOCALFILEOUTPUTSTREAM_CONTRACTID, &rv);
167 if (NS_SUCCEEDED(rv)) {
168 rv = out->Init(file, ioFlags, perm, behaviorFlags);
169 if (NS_SUCCEEDED(rv)) out.forget(result);
170 }
171 return rv;
172 }
173
174 Result<nsCOMPtr<nsIOutputStream>, nsresult> NS_NewLocalFileOutputStream(
175 nsIFile* file, int32_t ioFlags /* = -1 */, int32_t perm /* = -1 */,
176 int32_t behaviorFlags /* = 0 */) {
177 nsCOMPtr<nsIOutputStream> stream;
178 const nsresult rv = NS_NewLocalFileOutputStream(getter_AddRefs(stream), file,
179 ioFlags, perm, behaviorFlags);
180 if (NS_SUCCEEDED(rv)) {
181 return stream;
182 }
183 return Err(rv);
184 }
185
186 nsresult NS_NewLocalFileOutputStream(nsIOutputStream** result,
187 const mozilla::ipc::FileDescriptor& fd) {
188 nsCOMPtr<nsIFileOutputStream> out;
189 nsFileOutputStream::Create(NS_GET_IID(nsIFileOutputStream),
190 getter_AddRefs(out));
191
192 nsresult rv =
193 static_cast<nsFileOutputStream*>(out.get())->InitWithFileDescriptor(fd);
194 if (NS_FAILED(rv)) {
195 return rv;
196 }
197
198 out.forget(result);
199 return NS_OK;
200 }
201
202 nsresult net_EnsureIOService(nsIIOService** ios, nsCOMPtr<nsIIOService>& grip) {
203 nsresult rv = NS_OK;
204 if (!*ios) {
205 grip = do_GetIOService(&rv);
206 *ios = grip;
207 }
208 return rv;
209 }
210
211 nsresult NS_NewFileURI(
212 nsIURI** result, nsIFile* spec,
213 nsIIOService*
214 ioService /* = nullptr */) // pass in nsIIOService to optimize callers
215 {
216 nsresult rv;
217 nsCOMPtr<nsIIOService> grip;
218 rv = net_EnsureIOService(&ioService, grip);
219 if (ioService) rv = ioService->NewFileURI(spec, result);
220 return rv;
221 }
222
223 nsresult NS_GetURIWithNewRef(nsIURI* aInput, const nsACString& aRef,
224 nsIURI** aOutput) {
225 MOZ_DIAGNOSTIC_ASSERT(aRef.IsEmpty() || aRef[0] == '#');
226
227 if (NS_WARN_IF(!aInput || !aOutput)) {
228 return NS_ERROR_INVALID_ARG;
229 }
230
231 bool hasRef;
232 nsresult rv = aInput->GetHasRef(&hasRef);
233
234 nsAutoCString ref;
235 if (NS_SUCCEEDED(rv)) {
236 rv = aInput->GetRef(ref);
237 }
238
239 // If the ref is already equal to the new ref, we do not need to do anything.
240 // Also, if the GetRef failed (it could return NS_ERROR_NOT_IMPLEMENTED)
241 // we can assume SetRef would fail as well, so returning the original
242 // URI is OK.
243 //
244 // Note that aRef contains the hash, but ref doesn't, so need to account for
245 // that in the equality check.
246 if (NS_FAILED(rv) || (!hasRef && aRef.IsEmpty()) ||
247 (!aRef.IsEmpty() && hasRef &&
248 Substring(aRef.Data() + 1, aRef.Length() - 1) == ref)) {
249 nsCOMPtr<nsIURI> uri = aInput;
250 uri.forget(aOutput);
251 return NS_OK;
252 }
253
254 return NS_MutateURI(aInput).SetRef(aRef).Finalize(aOutput);
255 }
256
257 nsresult NS_GetURIWithoutRef(nsIURI* aInput, nsIURI** aOutput) {
258 return NS_GetURIWithNewRef(aInput, ""_ns, aOutput);
259 }
260
261 nsresult NS_NewChannelInternal(
262 nsIChannel** outChannel, nsIURI* aUri, nsILoadInfo* aLoadInfo,
263 PerformanceStorage* aPerformanceStorage /* = nullptr */,
264 nsILoadGroup* aLoadGroup /* = nullptr */,
265 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
266 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
267 nsIIOService* aIoService /* = nullptr */) {
268 // NS_NewChannelInternal is mostly called for channel redirects. We should
269 // allow the creation of a channel even if the original channel did not have a
270 // loadinfo attached.
271 NS_ENSURE_ARG_POINTER(outChannel);
272
273 nsCOMPtr<nsIIOService> grip;
274 nsresult rv = net_EnsureIOService(&aIoService, grip);
275 NS_ENSURE_SUCCESS(rv, rv);
276
277 nsCOMPtr<nsIChannel> channel;
278 rv = aIoService->NewChannelFromURIWithLoadInfo(aUri, aLoadInfo,
279 getter_AddRefs(channel));
280 NS_ENSURE_SUCCESS(rv, rv);
281
282 if (aLoadGroup) {
283 rv = channel->SetLoadGroup(aLoadGroup);
284 NS_ENSURE_SUCCESS(rv, rv);
285 }
286
287 if (aCallbacks) {
288 rv = channel->SetNotificationCallbacks(aCallbacks);
289 NS_ENSURE_SUCCESS(rv, rv);
290 }
291
292 #ifdef DEBUG
293 nsLoadFlags channelLoadFlags = 0;
294 channel->GetLoadFlags(&channelLoadFlags);
295 // Will be removed when we remove LOAD_REPLACE altogether
296 // This check is trying to catch protocol handlers that still
297 // try to set the LOAD_REPLACE flag.
298 MOZ_DIAGNOSTIC_ASSERT(!(channelLoadFlags & nsIChannel::LOAD_REPLACE));
299 #endif
300
301 if (aLoadFlags != nsIRequest::LOAD_NORMAL) {
302 rv = channel->SetLoadFlags(aLoadFlags);
303 NS_ENSURE_SUCCESS(rv, rv);
304 }
305
306 if (aPerformanceStorage) {
307 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
308 loadInfo->SetPerformanceStorage(aPerformanceStorage);
309 }
310
311 channel.forget(outChannel);
312 return NS_OK;
313 }
314
315 namespace {
316
317 void AssertLoadingPrincipalAndClientInfoMatch(
318 nsIPrincipal* aLoadingPrincipal, const ClientInfo& aLoadingClientInfo,
319 nsContentPolicyType aType) {
320 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
321 // Verify that the provided loading ClientInfo matches the loading
322 // principal. Unfortunately we can't just use nsIPrincipal::Equals() here
323 // because of some corner cases:
324 //
325 // 1. Worker debugger scripts want to use a system loading principal for
326 // worker scripts with a content principal. We exempt these from this
327 // check.
328 // 2. Null principals currently require exact object identity for
329 // nsIPrincipal::Equals() to return true. This doesn't work here because
330 // ClientInfo::GetPrincipal() uses PrincipalInfoToPrincipal() to allocate
331 // a new object. To work around this we compare the principal origin
332 // string itself. If bug 1431771 is fixed then we could switch to
333 // Equals().
334
335 // Allow worker debugger to load with a system principal.
336 if (aLoadingPrincipal->IsSystemPrincipal() &&
337 (aType == nsIContentPolicy::TYPE_INTERNAL_WORKER ||
338 aType == nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER ||
339 aType == nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER ||
340 aType == nsIContentPolicy::TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS ||
341 aType == nsIContentPolicy::TYPE_INTERNAL_WORKER_STATIC_MODULE)) {
342 return;
343 }
344
345 // Perform a fast comparison for most principal checks.
346 auto clientPrincipalOrErr(aLoadingClientInfo.GetPrincipal());
347 if (clientPrincipalOrErr.isOk()) {
348 nsCOMPtr<nsIPrincipal> clientPrincipal = clientPrincipalOrErr.unwrap();
349 if (aLoadingPrincipal->Equals(clientPrincipal)) {
350 return;
351 }
352 // Fall back to a slower origin equality test to support null principals.
353 nsAutoCString loadingOriginNoSuffix;
354 MOZ_ALWAYS_SUCCEEDS(
355 aLoadingPrincipal->GetOriginNoSuffix(loadingOriginNoSuffix));
356
357 nsAutoCString clientOriginNoSuffix;
358 MOZ_ALWAYS_SUCCEEDS(
359 clientPrincipal->GetOriginNoSuffix(clientOriginNoSuffix));
360
361 // The client principal will have the partitionKey set if it's in a third
362 // party context, but the loading principal won't. So, we ignore he
363 // partitionKey when doing the verification here.
364 MOZ_DIAGNOSTIC_ASSERT(loadingOriginNoSuffix == clientOriginNoSuffix);
365 MOZ_DIAGNOSTIC_ASSERT(
366 aLoadingPrincipal->OriginAttributesRef().EqualsIgnoringPartitionKey(
367 clientPrincipal->OriginAttributesRef()));
368 }
369 #endif
370 }
371
372 } // namespace
373
374 nsresult NS_NewChannel(nsIChannel** outChannel, nsIURI* aUri,
375 nsIPrincipal* aLoadingPrincipal,
376 nsSecurityFlags aSecurityFlags,
377 nsContentPolicyType aContentPolicyType,
378 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
379 PerformanceStorage* aPerformanceStorage /* = nullptr */,
380 nsILoadGroup* aLoadGroup /* = nullptr */,
381 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
382 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
383 nsIIOService* aIoService /* = nullptr */,
384 uint32_t aSandboxFlags /* = 0 */,
385 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
386 return NS_NewChannelInternal(
387 outChannel, aUri,
388 nullptr, // aLoadingNode,
389 aLoadingPrincipal,
390 nullptr, // aTriggeringPrincipal
391 Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
392 aContentPolicyType, aCookieJarSettings, aPerformanceStorage, aLoadGroup,
393 aCallbacks, aLoadFlags, aIoService, aSandboxFlags,
394 aSkipCheckForBrokenURLOrZeroSized);
395 }
396
397 nsresult NS_NewChannel(nsIChannel** outChannel, nsIURI* aUri,
398 nsIPrincipal* aLoadingPrincipal,
399 const ClientInfo& aLoadingClientInfo,
400 const Maybe<ServiceWorkerDescriptor>& aController,
401 nsSecurityFlags aSecurityFlags,
402 nsContentPolicyType aContentPolicyType,
403 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
404 PerformanceStorage* aPerformanceStorage /* = nullptr */,
405 nsILoadGroup* aLoadGroup /* = nullptr */,
406 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
407 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
408 nsIIOService* aIoService /* = nullptr */,
409 uint32_t aSandboxFlags /* = 0 */,
410 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
411 AssertLoadingPrincipalAndClientInfoMatch(
412 aLoadingPrincipal, aLoadingClientInfo, aContentPolicyType);
413
414 Maybe<ClientInfo> loadingClientInfo;
415 loadingClientInfo.emplace(aLoadingClientInfo);
416
417 return NS_NewChannelInternal(
418 outChannel, aUri,
419 nullptr, // aLoadingNode,
420 aLoadingPrincipal,
421 nullptr, // aTriggeringPrincipal
422 loadingClientInfo, aController, aSecurityFlags, aContentPolicyType,
423 aCookieJarSettings, aPerformanceStorage, aLoadGroup, aCallbacks,
424 aLoadFlags, aIoService, aSandboxFlags, aSkipCheckForBrokenURLOrZeroSized);
425 }
426
427 nsresult NS_NewChannelInternal(
428 nsIChannel** outChannel, nsIURI* aUri, nsINode* aLoadingNode,
429 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
430 const Maybe<ClientInfo>& aLoadingClientInfo,
431 const Maybe<ServiceWorkerDescriptor>& aController,
432 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
433 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
434 PerformanceStorage* aPerformanceStorage /* = nullptr */,
435 nsILoadGroup* aLoadGroup /* = nullptr */,
436 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
437 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
438 nsIIOService* aIoService /* = nullptr */, uint32_t aSandboxFlags /* = 0 */,
439 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
440 NS_ENSURE_ARG_POINTER(outChannel);
441
442 nsCOMPtr<nsIIOService> grip;
443 nsresult rv = net_EnsureIOService(&aIoService, grip);
444 NS_ENSURE_SUCCESS(rv, rv);
445
446 nsCOMPtr<nsIChannel> channel;
447 rv = aIoService->NewChannelFromURIWithClientAndController(
448 aUri, aLoadingNode, aLoadingPrincipal, aTriggeringPrincipal,
449 aLoadingClientInfo, aController, aSecurityFlags, aContentPolicyType,
450 aSandboxFlags, aSkipCheckForBrokenURLOrZeroSized,
451 getter_AddRefs(channel));
452 if (NS_FAILED(rv)) {
453 return rv;
454 }
455
456 if (aLoadGroup) {
457 rv = channel->SetLoadGroup(aLoadGroup);
458 NS_ENSURE_SUCCESS(rv, rv);
459 }
460
461 if (aCallbacks) {
462 rv = channel->SetNotificationCallbacks(aCallbacks);
463 NS_ENSURE_SUCCESS(rv, rv);
464 }
465
466 #ifdef DEBUG
467 nsLoadFlags channelLoadFlags = 0;
468 channel->GetLoadFlags(&channelLoadFlags);
469 // Will be removed when we remove LOAD_REPLACE altogether
470 // This check is trying to catch protocol handlers that still
471 // try to set the LOAD_REPLACE flag.
472 MOZ_DIAGNOSTIC_ASSERT(!(channelLoadFlags & nsIChannel::LOAD_REPLACE));
473 #endif
474
475 if (aLoadFlags != nsIRequest::LOAD_NORMAL) {
476 rv = channel->SetLoadFlags(aLoadFlags);
477 NS_ENSURE_SUCCESS(rv, rv);
478 }
479
480 if (aPerformanceStorage || aCookieJarSettings) {
481 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
482
483 if (aPerformanceStorage) {
484 loadInfo->SetPerformanceStorage(aPerformanceStorage);
485 }
486
487 if (aCookieJarSettings) {
488 loadInfo->SetCookieJarSettings(aCookieJarSettings);
489 }
490 }
491
492 channel.forget(outChannel);
493 return NS_OK;
494 }
495
496 nsresult /*NS_NewChannelWithNodeAndTriggeringPrincipal */
497 NS_NewChannelWithTriggeringPrincipal(
498 nsIChannel** outChannel, nsIURI* aUri, nsINode* aLoadingNode,
499 nsIPrincipal* aTriggeringPrincipal, nsSecurityFlags aSecurityFlags,
500 nsContentPolicyType aContentPolicyType,
501 PerformanceStorage* aPerformanceStorage /* = nullptr */,
502 nsILoadGroup* aLoadGroup /* = nullptr */,
503 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
504 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
505 nsIIOService* aIoService /* = nullptr */) {
506 MOZ_ASSERT(aLoadingNode);
507 NS_ASSERTION(aTriggeringPrincipal,
508 "Can not create channel without a triggering Principal!");
509 return NS_NewChannelInternal(
510 outChannel, aUri, aLoadingNode, aLoadingNode->NodePrincipal(),
511 aTriggeringPrincipal, Maybe<ClientInfo>(),
512 Maybe<ServiceWorkerDescriptor>(), aSecurityFlags, aContentPolicyType,
513 aLoadingNode->OwnerDoc()->CookieJarSettings(), aPerformanceStorage,
514 aLoadGroup, aCallbacks, aLoadFlags, aIoService);
515 }
516
517 // See NS_NewChannelInternal for usage and argument description
518 nsresult NS_NewChannelWithTriggeringPrincipal(
519 nsIChannel** outChannel, nsIURI* aUri, nsIPrincipal* aLoadingPrincipal,
520 nsIPrincipal* aTriggeringPrincipal, nsSecurityFlags aSecurityFlags,
521 nsContentPolicyType aContentPolicyType,
522 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
523 PerformanceStorage* aPerformanceStorage /* = nullptr */,
524 nsILoadGroup* aLoadGroup /* = nullptr */,
525 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
526 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
527 nsIIOService* aIoService /* = nullptr */) {
528 NS_ASSERTION(aLoadingPrincipal,
529 "Can not create channel without a loading Principal!");
530 return NS_NewChannelInternal(
531 outChannel, aUri,
532 nullptr, // aLoadingNode
533 aLoadingPrincipal, aTriggeringPrincipal, Maybe<ClientInfo>(),
534 Maybe<ServiceWorkerDescriptor>(), aSecurityFlags, aContentPolicyType,
535 aCookieJarSettings, aPerformanceStorage, aLoadGroup, aCallbacks,
536 aLoadFlags, aIoService);
537 }
538
539 // See NS_NewChannelInternal for usage and argument description
540 nsresult NS_NewChannelWithTriggeringPrincipal(
541 nsIChannel** outChannel, nsIURI* aUri, nsIPrincipal* aLoadingPrincipal,
542 nsIPrincipal* aTriggeringPrincipal, const ClientInfo& aLoadingClientInfo,
543 const Maybe<ServiceWorkerDescriptor>& aController,
544 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
545 nsICookieJarSettings* aCookieJarSettings /* = nullptr */,
546 PerformanceStorage* aPerformanceStorage /* = nullptr */,
547 nsILoadGroup* aLoadGroup /* = nullptr */,
548 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
549 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
550 nsIIOService* aIoService /* = nullptr */) {
551 AssertLoadingPrincipalAndClientInfoMatch(
552 aLoadingPrincipal, aLoadingClientInfo, aContentPolicyType);
553
554 Maybe<ClientInfo> loadingClientInfo;
555 loadingClientInfo.emplace(aLoadingClientInfo);
556
557 return NS_NewChannelInternal(
558 outChannel, aUri,
559 nullptr, // aLoadingNode
560 aLoadingPrincipal, aTriggeringPrincipal, loadingClientInfo, aController,
561 aSecurityFlags, aContentPolicyType, aCookieJarSettings,
562 aPerformanceStorage, aLoadGroup, aCallbacks, aLoadFlags, aIoService);
563 }
564
565 nsresult NS_NewChannel(nsIChannel** outChannel, nsIURI* aUri,
566 nsINode* aLoadingNode, nsSecurityFlags aSecurityFlags,
567 nsContentPolicyType aContentPolicyType,
568 PerformanceStorage* aPerformanceStorage /* = nullptr */,
569 nsILoadGroup* aLoadGroup /* = nullptr */,
570 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
571 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
572 nsIIOService* aIoService /* = nullptr */,
573 uint32_t aSandboxFlags /* = 0 */,
574 bool aSkipCheckForBrokenURLOrZeroSized /* = false */) {
575 NS_ASSERTION(aLoadingNode, "Can not create channel without a loading Node!");
576 return NS_NewChannelInternal(
577 outChannel, aUri, aLoadingNode, aLoadingNode->NodePrincipal(),
578 nullptr, // aTriggeringPrincipal
579 Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
580 aContentPolicyType, aLoadingNode->OwnerDoc()->CookieJarSettings(),
581 aPerformanceStorage, aLoadGroup, aCallbacks, aLoadFlags, aIoService,
582 aSandboxFlags, aSkipCheckForBrokenURLOrZeroSized);
583 }
584
585 nsresult NS_GetIsDocumentChannel(nsIChannel* aChannel, bool* aIsDocument) {
586 // Check if this channel is going to be used to create a document. If it has
587 // LOAD_DOCUMENT_URI set it is trivially creating a document. If
588 // LOAD_HTML_OBJECT_DATA is set it may or may not be used to create a
589 // document, depending on its MIME type.
590
591 if (!aChannel || !aIsDocument) {
592 return NS_ERROR_NULL_POINTER;
593 }
594 *aIsDocument = false;
595 nsLoadFlags loadFlags;
596 nsresult rv = aChannel->GetLoadFlags(&loadFlags);
597 if (NS_FAILED(rv)) {
598 return rv;
599 }
600 if (loadFlags & nsIChannel::LOAD_DOCUMENT_URI) {
601 *aIsDocument = true;
602 return NS_OK;
603 }
604 if (!(loadFlags & nsIRequest::LOAD_HTML_OBJECT_DATA)) {
605 *aIsDocument = false;
606 return NS_OK;
607 }
608 nsAutoCString mimeType;
609 rv = aChannel->GetContentType(mimeType);
610 if (NS_FAILED(rv)) {
611 return rv;
612 }
613 if (nsContentUtils::HtmlObjectContentTypeForMIMEType(mimeType, false) ==
614 nsIObjectLoadingContent::TYPE_DOCUMENT) {
615 *aIsDocument = true;
616 return NS_OK;
617 }
618 *aIsDocument = false;
619 return NS_OK;
620 }
621
622 nsresult NS_MakeAbsoluteURI(nsACString& result, const nsACString& spec,
623 nsIURI* baseURI) {
624 nsresult rv;
625 if (!baseURI) {
626 NS_WARNING("It doesn't make sense to not supply a base URI");
627 result = spec;
628 rv = NS_OK;
629 } else if (spec.IsEmpty()) {
630 rv = baseURI->GetSpec(result);
631 } else {
632 rv = baseURI->Resolve(spec, result);
633 }
634 return rv;
635 }
636
637 nsresult NS_MakeAbsoluteURI(char** result, const char* spec, nsIURI* baseURI) {
638 nsresult rv;
639 nsAutoCString resultBuf;
640 rv = NS_MakeAbsoluteURI(resultBuf, nsDependentCString(spec), baseURI);
641 if (NS_SUCCEEDED(rv)) {
642 *result = ToNewCString(resultBuf, mozilla::fallible);
643 if (!*result) rv = NS_ERROR_OUT_OF_MEMORY;
644 }
645 return rv;
646 }
647
648 nsresult NS_MakeAbsoluteURI(nsAString& result, const nsAString& spec,
649 nsIURI* baseURI) {
650 nsresult rv;
651 if (!baseURI) {
652 NS_WARNING("It doesn't make sense to not supply a base URI");
653 result = spec;
654 rv = NS_OK;
655 } else {
656 nsAutoCString resultBuf;
657 if (spec.IsEmpty()) {
658 rv = baseURI->GetSpec(resultBuf);
659 } else {
660 rv = baseURI->Resolve(NS_ConvertUTF16toUTF8(spec), resultBuf);
661 }
662 if (NS_SUCCEEDED(rv)) CopyUTF8toUTF16(resultBuf, result);
663 }
664 return rv;
665 }
666
667 int32_t NS_GetDefaultPort(const char* scheme,
668 nsIIOService* ioService /* = nullptr */) {
669 nsresult rv;
670
671 // Getting the default port through the protocol handler previously had a lot
672 // of XPCOM overhead involved. We optimize the protocols that matter for Web
673 // pages (HTTP and HTTPS) by hardcoding their default ports here.
674 //
675 // XXX: This might not be necessary for performance anymore.
676 if (strncmp(scheme, "http", 4) == 0) {
677 if (scheme[4] == 's' && scheme[5] == '\0') {
678 return 443;
679 }
680 if (scheme[4] == '\0') {
681 return 80;
682 }
683 }
684
685 nsCOMPtr<nsIIOService> grip;
686 net_EnsureIOService(&ioService, grip);
687 if (!ioService) return -1;
688
689 int32_t port;
690 rv = ioService->GetDefaultPort(scheme, &port);
691 return NS_SUCCEEDED(rv) ? port : -1;
692 }
693
694 /**
695 * This function is a helper function to apply the ToAscii conversion
696 * to a string
697 */
698 bool NS_StringToACE(const nsACString& idn, nsACString& result) {
699 nsCOMPtr<nsIIDNService> idnSrv = do_GetService(NS_IDNSERVICE_CONTRACTID);
700 if (!idnSrv) return false;
701 nsresult rv = idnSrv->ConvertUTF8toACE(idn, result);
702 return NS_SUCCEEDED(rv);
703 }
704
705 int32_t NS_GetRealPort(nsIURI* aURI) {
706 int32_t port;
707 nsresult rv = aURI->GetPort(&port);
708 if (NS_FAILED(rv)) return -1;
709
710 if (port != -1) return port; // explicitly specified
711
712 // Otherwise, we have to get the default port from the protocol handler
713
714 // Need the scheme first
715 nsAutoCString scheme;
716 rv = aURI->GetScheme(scheme);
717 if (NS_FAILED(rv)) return -1;
718
719 return NS_GetDefaultPort(scheme.get());
720 }
721
722 nsresult NS_NewInputStreamChannelInternal(
723 nsIChannel** outChannel, nsIURI* aUri,
724 already_AddRefed<nsIInputStream> aStream, const nsACString& aContentType,
725 const nsACString& aContentCharset, nsILoadInfo* aLoadInfo) {
726 nsresult rv;
727 nsCOMPtr<nsIInputStreamChannel> isc =
728 do_CreateInstance(NS_INPUTSTREAMCHANNEL_CONTRACTID, &rv);
729 NS_ENSURE_SUCCESS(rv, rv);
730 rv = isc->SetURI(aUri);
731 NS_ENSURE_SUCCESS(rv, rv);
732
733 nsCOMPtr<nsIInputStream> stream = std::move(aStream);
734 rv = isc->SetContentStream(stream);
735 NS_ENSURE_SUCCESS(rv, rv);
736
737 nsCOMPtr<nsIChannel> channel = do_QueryInterface(isc, &rv);
738 NS_ENSURE_SUCCESS(rv, rv);
739
740 if (!aContentType.IsEmpty()) {
741 rv = channel->SetContentType(aContentType);
742 NS_ENSURE_SUCCESS(rv, rv);
743 }
744
745 if (!aContentCharset.IsEmpty()) {
746 rv = channel->SetContentCharset(aContentCharset);
747 NS_ENSURE_SUCCESS(rv, rv);
748 }
749
750 MOZ_ASSERT(aLoadInfo, "need a loadinfo to create a inputstreamchannel");
751 channel->SetLoadInfo(aLoadInfo);
752
753 // If we're sandboxed, make sure to clear any owner the channel
754 // might already have.
755 if (aLoadInfo && aLoadInfo->GetLoadingSandboxed()) {
756 channel->SetOwner(nullptr);
757 }
758
759 channel.forget(outChannel);
760 return NS_OK;
761 }
762
763 nsresult NS_NewInputStreamChannelInternal(
764 nsIChannel** outChannel, nsIURI* aUri,
765 already_AddRefed<nsIInputStream> aStream, const nsACString& aContentType,
766 const nsACString& aContentCharset, nsINode* aLoadingNode,
767 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
768 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType) {
769 nsCOMPtr<nsILoadInfo> loadInfo = new mozilla::net::LoadInfo(
770 aLoadingPrincipal, aTriggeringPrincipal, aLoadingNode, aSecurityFlags,
771 aContentPolicyType);
772 if (!loadInfo) {
773 return NS_ERROR_UNEXPECTED;
774 }
775
776 nsCOMPtr<nsIInputStream> stream = std::move(aStream);
777
778 return NS_NewInputStreamChannelInternal(outChannel, aUri, stream.forget(),
779 aContentType, aContentCharset,
780 loadInfo);
781 }
782
783 nsresult NS_NewInputStreamChannel(
784 nsIChannel** outChannel, nsIURI* aUri,
785 already_AddRefed<nsIInputStream> aStream, nsIPrincipal* aLoadingPrincipal,
786 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
787 const nsACString& aContentType /* = ""_ns */,
788 const nsACString& aContentCharset /* = ""_ns */) {
789 nsCOMPtr<nsIInputStream> stream = aStream;
790 return NS_NewInputStreamChannelInternal(outChannel, aUri, stream.forget(),
791 aContentType, aContentCharset,
792 nullptr, // aLoadingNode
793 aLoadingPrincipal,
794 nullptr, // aTriggeringPrincipal
795 aSecurityFlags, aContentPolicyType);
796 }
797
798 nsresult NS_NewInputStreamChannelInternal(nsIChannel** outChannel, nsIURI* aUri,
799 const nsAString& aData,
800 const nsACString& aContentType,
801 nsILoadInfo* aLoadInfo,
802 bool aIsSrcdocChannel /* = false */) {
803 nsresult rv;
804 nsCOMPtr<nsIStringInputStream> stream;
805 stream = do_CreateInstance(NS_STRINGINPUTSTREAM_CONTRACTID, &rv);
806 NS_ENSURE_SUCCESS(rv, rv);
807
808 uint32_t len;
809 char* utf8Bytes = ToNewUTF8String(aData, &len);
810 rv = stream->AdoptData(utf8Bytes, len);
811
812 nsCOMPtr<nsIChannel> channel;
813 rv = NS_NewInputStreamChannelInternal(getter_AddRefs(channel), aUri,
814 stream.forget(), aContentType,
815 "UTF-8"_ns, aLoadInfo);
816
817 NS_ENSURE_SUCCESS(rv, rv);
818
819 if (aIsSrcdocChannel) {
820 nsCOMPtr<nsIInputStreamChannel> inStrmChan = do_QueryInterface(channel);
821 NS_ENSURE_TRUE(inStrmChan, NS_ERROR_FAILURE);
822 inStrmChan->SetSrcdocData(aData);
823 }
824 channel.forget(outChannel);
825 return NS_OK;
826 }
827
828 nsresult NS_NewInputStreamChannelInternal(
829 nsIChannel** outChannel, nsIURI* aUri, const nsAString& aData,
830 const nsACString& aContentType, nsINode* aLoadingNode,
831 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
832 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
833 bool aIsSrcdocChannel /* = false */) {
834 nsCOMPtr<nsILoadInfo> loadInfo = new mozilla::net::LoadInfo(
835 aLoadingPrincipal, aTriggeringPrincipal, aLoadingNode, aSecurityFlags,
836 aContentPolicyType);
837 return NS_NewInputStreamChannelInternal(outChannel, aUri, aData, aContentType,
838 loadInfo, aIsSrcdocChannel);
839 }
840
841 nsresult NS_NewInputStreamChannel(nsIChannel** outChannel, nsIURI* aUri,
842 const nsAString& aData,
843 const nsACString& aContentType,
844 nsIPrincipal* aLoadingPrincipal,
845 nsSecurityFlags aSecurityFlags,
846 nsContentPolicyType aContentPolicyType,
847 bool aIsSrcdocChannel /* = false */) {
848 return NS_NewInputStreamChannelInternal(outChannel, aUri, aData, aContentType,
849 nullptr, // aLoadingNode
850 aLoadingPrincipal,
851 nullptr, // aTriggeringPrincipal
852 aSecurityFlags, aContentPolicyType,
853 aIsSrcdocChannel);
854 }
855
856 nsresult NS_NewInputStreamPump(
857 nsIInputStreamPump** aResult, already_AddRefed<nsIInputStream> aStream,
858 uint32_t aSegsize /* = 0 */, uint32_t aSegcount /* = 0 */,
859 bool aCloseWhenDone /* = false */,
860 nsISerialEventTarget* aMainThreadTarget /* = nullptr */) {
861 nsCOMPtr<nsIInputStream> stream = std::move(aStream);
862
863 nsresult rv;
864 nsCOMPtr<nsIInputStreamPump> pump =
865 do_CreateInstance(NS_INPUTSTREAMPUMP_CONTRACTID, &rv);
866 if (NS_SUCCEEDED(rv)) {
867 rv = pump->Init(stream, aSegsize, aSegcount, aCloseWhenDone,
868 aMainThreadTarget);
869 if (NS_SUCCEEDED(rv)) {
870 *aResult = nullptr;
871 pump.swap(*aResult);
872 }
873 }
874 return rv;
875 }
876
877 nsresult NS_NewLoadGroup(nsILoadGroup** result, nsIRequestObserver* obs) {
878 nsresult rv;
879 nsCOMPtr<nsILoadGroup> group =
880 do_CreateInstance(NS_LOADGROUP_CONTRACTID, &rv);
881 if (NS_SUCCEEDED(rv)) {
882 rv = group->SetGroupObserver(obs);
883 if (NS_SUCCEEDED(rv)) {
884 *result = nullptr;
885 group.swap(*result);
886 }
887 }
888 return rv;
889 }
890
891 bool NS_IsReasonableHTTPHeaderValue(const nsACString& aValue) {
892 return mozilla::net::nsHttp::IsReasonableHeaderValue(aValue);
893 }
894
895 bool NS_IsValidHTTPToken(const nsACString& aToken) {
896 return mozilla::net::nsHttp::IsValidToken(aToken);
897 }
898
899 void NS_TrimHTTPWhitespace(const nsACString& aSource, nsACString& aDest) {
900 mozilla::net::nsHttp::TrimHTTPWhitespace(aSource, aDest);
901 }
902
903 nsresult NS_NewLoadGroup(nsILoadGroup** aResult, nsIPrincipal* aPrincipal) {
904 using mozilla::LoadContext;
905 nsresult rv;
906
907 nsCOMPtr<nsILoadGroup> group =
908 do_CreateInstance(NS_LOADGROUP_CONTRACTID, &rv);
909 NS_ENSURE_SUCCESS(rv, rv);
910
911 RefPtr<LoadContext> loadContext = new LoadContext(aPrincipal);
912 rv = group->SetNotificationCallbacks(loadContext);
913 NS_ENSURE_SUCCESS(rv, rv);
914
915 group.forget(aResult);
916 return rv;
917 }
918
919 bool NS_LoadGroupMatchesPrincipal(nsILoadGroup* aLoadGroup,
920 nsIPrincipal* aPrincipal) {
921 if (!aPrincipal) {
922 return false;
923 }
924
925 // If this is a null principal then the load group doesn't really matter.
926 // The principal will not be allowed to perform any actions that actually
927 // use the load group. Unconditionally treat null principals as a match.
928 if (aPrincipal->GetIsNullPrincipal()) {
929 return true;
930 }
931
932 if (!aLoadGroup) {
933 return false;
934 }
935
936 nsCOMPtr<nsILoadContext> loadContext;
937 NS_QueryNotificationCallbacks(nullptr, aLoadGroup, NS_GET_IID(nsILoadContext),
938 getter_AddRefs(loadContext));
939 NS_ENSURE_TRUE(loadContext, false);
940
941 return true;
942 }
943
944 nsresult NS_NewDownloader(nsIStreamListener** result,
945 nsIDownloadObserver* observer,
946 nsIFile* downloadLocation /* = nullptr */) {
947 nsresult rv;
948 nsCOMPtr<nsIDownloader> downloader =
949 do_CreateInstance(NS_DOWNLOADER_CONTRACTID, &rv);
950 if (NS_SUCCEEDED(rv)) {
951 rv = downloader->Init(observer, downloadLocation);
952 if (NS_SUCCEEDED(rv)) {
953 downloader.forget(result);
954 }
955 }
956 return rv;
957 }
958
959 nsresult NS_NewIncrementalStreamLoader(
960 nsIIncrementalStreamLoader** result,
961 nsIIncrementalStreamLoaderObserver* observer) {
962 nsresult rv;
963 nsCOMPtr<nsIIncrementalStreamLoader> loader =
964 do_CreateInstance(NS_INCREMENTALSTREAMLOADER_CONTRACTID, &rv);
965 if (NS_SUCCEEDED(rv)) {
966 rv = loader->Init(observer);
967 if (NS_SUCCEEDED(rv)) {
968 *result = nullptr;
969 loader.swap(*result);
970 }
971 }
972 return rv;
973 }
974
975 nsresult NS_NewStreamLoader(
976 nsIStreamLoader** result, nsIStreamLoaderObserver* observer,
977 nsIRequestObserver* requestObserver /* = nullptr */) {
978 nsresult rv;
979 nsCOMPtr<nsIStreamLoader> loader =
980 do_CreateInstance(NS_STREAMLOADER_CONTRACTID, &rv);
981 if (NS_SUCCEEDED(rv)) {
982 rv = loader->Init(observer, requestObserver);
983 if (NS_SUCCEEDED(rv)) {
984 *result = nullptr;
985 loader.swap(*result);
986 }
987 }
988 return rv;
989 }
990
991 nsresult NS_NewStreamLoaderInternal(
992 nsIStreamLoader** outStream, nsIURI* aUri,
993 nsIStreamLoaderObserver* aObserver, nsINode* aLoadingNode,
994 nsIPrincipal* aLoadingPrincipal, nsSecurityFlags aSecurityFlags,
995 nsContentPolicyType aContentPolicyType,
996 nsILoadGroup* aLoadGroup /* = nullptr */,
997 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
998 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */) {
999 nsCOMPtr<nsIChannel> channel;
1000 nsresult rv = NS_NewChannelInternal(
1001 getter_AddRefs(channel), aUri, aLoadingNode, aLoadingPrincipal,
1002 nullptr, // aTriggeringPrincipal
1003 Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
1004 aContentPolicyType,
1005 nullptr, // nsICookieJarSettings
1006 nullptr, // PerformanceStorage
1007 aLoadGroup, aCallbacks, aLoadFlags);
1008
1009 NS_ENSURE_SUCCESS(rv, rv);
1010 rv = NS_NewStreamLoader(outStream, aObserver);
1011 NS_ENSURE_SUCCESS(rv, rv);
1012 return channel->AsyncOpen(*outStream);
1013 }
1014
1015 nsresult NS_NewStreamLoader(
1016 nsIStreamLoader** outStream, nsIURI* aUri,
1017 nsIStreamLoaderObserver* aObserver, nsINode* aLoadingNode,
1018 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
1019 nsILoadGroup* aLoadGroup /* = nullptr */,
1020 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
1021 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */) {
1022 NS_ASSERTION(aLoadingNode,
1023 "Can not create stream loader without a loading Node!");
1024 return NS_NewStreamLoaderInternal(
1025 outStream, aUri, aObserver, aLoadingNode, aLoadingNode->NodePrincipal(),
1026 aSecurityFlags, aContentPolicyType, aLoadGroup, aCallbacks, aLoadFlags);
1027 }
1028
1029 nsresult NS_NewStreamLoader(
1030 nsIStreamLoader** outStream, nsIURI* aUri,
1031 nsIStreamLoaderObserver* aObserver, nsIPrincipal* aLoadingPrincipal,
1032 nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
1033 nsILoadGroup* aLoadGroup /* = nullptr */,
1034 nsIInterfaceRequestor* aCallbacks /* = nullptr */,
1035 nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */) {
1036 return NS_NewStreamLoaderInternal(outStream, aUri, aObserver,
1037 nullptr, // aLoadingNode
1038 aLoadingPrincipal, aSecurityFlags,
1039 aContentPolicyType, aLoadGroup, aCallbacks,
1040 aLoadFlags);
1041 }
1042
1043 nsresult NS_NewSyncStreamListener(nsIStreamListener** result,
1044 nsIInputStream** stream) {
1045 nsCOMPtr<nsISyncStreamListener> listener = new nsSyncStreamListener();
1046 nsresult rv = listener->GetInputStream(stream);
1047 if (NS_SUCCEEDED(rv)) {
1048 listener.forget(result);
1049 }
1050 return rv;
1051 }
1052
1053 nsresult NS_ImplementChannelOpen(nsIChannel* channel, nsIInputStream** result) {
1054 nsCOMPtr<nsIStreamListener> listener;
1055 nsCOMPtr<nsIInputStream> stream;
1056 nsresult rv = NS_NewSyncStreamListener(getter_AddRefs(listener),
1057 getter_AddRefs(stream));
1058 NS_ENSURE_SUCCESS(rv, rv);
1059
1060 rv = channel->AsyncOpen(listener);
1061 NS_ENSURE_SUCCESS(rv, rv);
1062
1063 uint64_t n;
1064 // block until the initial response is received or an error occurs.
1065 rv = stream->Available(&n);
1066 NS_ENSURE_SUCCESS(rv, rv);
1067
1068 *result = nullptr;
1069 stream.swap(*result);
1070
1071 return NS_OK;
1072 }
1073
1074 nsresult NS_NewRequestObserverProxy(nsIRequestObserver** result,
1075 nsIRequestObserver* observer,
1076 nsISupports* context) {
1077 nsCOMPtr<nsIRequestObserverProxy> proxy = new nsRequestObserverProxy();
1078 nsresult rv = proxy->Init(observer, context);
1079 if (NS_SUCCEEDED(rv)) {
1080 proxy.forget(result);
1081 }
1082 return rv;
1083 }
1084
1085 nsresult NS_NewSimpleStreamListener(
1086 nsIStreamListener** result, nsIOutputStream* sink,
1087 nsIRequestObserver* observer /* = nullptr */) {
1088 nsresult rv;
1089 nsCOMPtr<nsISimpleStreamListener> listener =
1090 do_CreateInstance(NS_SIMPLESTREAMLISTENER_CONTRACTID, &rv);
1091 if (NS_SUCCEEDED(rv)) {
1092 rv = listener->Init(sink, observer);
1093 if (NS_SUCCEEDED(rv)) {
1094 listener.forget(result);
1095 }
1096 }
1097 return rv;
1098 }
1099
1100 nsresult NS_CheckPortSafety(int32_t port, const char* scheme,
1101 nsIIOService* ioService /* = nullptr */) {
1102 nsresult rv;
1103 nsCOMPtr<nsIIOService> grip;
1104 rv = net_EnsureIOService(&ioService, grip);
1105 if (ioService) {
1106 bool allow;
1107 rv = ioService->AllowPort(port, scheme, &allow);
1108 if (NS_SUCCEEDED(rv) && !allow) {
1109 NS_WARNING("port blocked");
1110 rv = NS_ERROR_PORT_ACCESS_NOT_ALLOWED;
1111 }
1112 }
1113 return rv;
1114 }
1115
1116 nsresult NS_CheckPortSafety(nsIURI* uri) {
1117 int32_t port;
1118 nsresult rv = uri->GetPort(&port);
1119 if (NS_FAILED(rv) || port == -1) { // port undefined or default-valued
1120 return NS_OK;
1121 }
1122 nsAutoCString scheme;
1123 uri->GetScheme(scheme);
1124 return NS_CheckPortSafety(port, scheme.get());
1125 }
1126
1127 nsresult NS_NewProxyInfo(const nsACString& type, const nsACString& host,
1128 int32_t port, uint32_t flags, nsIProxyInfo** result) {
1129 nsresult rv;
1130 nsCOMPtr<nsIProtocolProxyService> pps =
1131 do_GetService(NS_PROTOCOLPROXYSERVICE_CONTRACTID, &rv);
1132 if (NS_SUCCEEDED(rv)) {
1133 rv = pps->NewProxyInfo(type, host, port, ""_ns, ""_ns, flags, UINT32_MAX,
1134 nullptr, result);
1135 }
1136 return rv;
1137 }
1138
1139 nsresult NS_GetFileProtocolHandler(nsIFileProtocolHandler** result,
1140 nsIIOService* ioService /* = nullptr */) {
1141 nsresult rv;
1142 nsCOMPtr<nsIIOService> grip;
1143 rv = net_EnsureIOService(&ioService, grip);
1144 if (ioService) {
1145 nsCOMPtr<nsIProtocolHandler> handler;
1146 rv = ioService->GetProtocolHandler("file", getter_AddRefs(handler));
1147 if (NS_SUCCEEDED(rv)) rv = CallQueryInterface(handler, result);
1148 }
1149 return rv;
1150 }
1151
1152 nsresult NS_GetFileFromURLSpec(const nsACString& inURL, nsIFile** result,
1153 nsIIOService* ioService /* = nullptr */) {
1154 nsresult rv;
1155 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1156 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1157 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetFileFromURLSpec(inURL, result);
1158 return rv;
1159 }
1160
1161 nsresult NS_GetURLSpecFromFile(nsIFile* file, nsACString& url,
1162 nsIIOService* ioService /* = nullptr */) {
1163 nsresult rv;
1164 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1165 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1166 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetURLSpecFromFile(file, url);
1167 return rv;
1168 }
1169
1170 nsresult NS_GetURLSpecFromActualFile(nsIFile* file, nsACString& url,
1171 nsIIOService* ioService /* = nullptr */) {
1172 nsresult rv;
1173 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1174 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1175 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetURLSpecFromActualFile(file, url);
1176 return rv;
1177 }
1178
1179 nsresult NS_GetURLSpecFromDir(nsIFile* file, nsACString& url,
1180 nsIIOService* ioService /* = nullptr */) {
1181 nsresult rv;
1182 nsCOMPtr<nsIFileProtocolHandler> fileHandler;
1183 rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService);
1184 if (NS_SUCCEEDED(rv)) rv = fileHandler->GetURLSpecFromDir(file, url);
1185 return rv;
1186 }
1187
1188 void NS_GetReferrerFromChannel(nsIChannel* channel, nsIURI** referrer) {
1189 *referrer = nullptr;
1190
1191 if (nsCOMPtr<nsIPropertyBag2> props = do_QueryInterface(channel)) {
1192 // We have to check for a property on a property bag because the
1193 // referrer may be empty for security reasons (for example, when loading
1194 // an http page with an https referrer).
1195 nsresult rv;
1196 nsCOMPtr<nsIURI> uri(
1197 do_GetProperty(props, u"docshell.internalReferrer"_ns, &rv));
1198 if (NS_SUCCEEDED(rv)) {
1199 uri.forget(referrer);
1200 return;
1201 }
1202 }
1203
1204 // if that didn't work, we can still try to get the referrer from the
1205 // nsIHttpChannel (if we can QI to it)
1206 nsCOMPtr<nsIHttpChannel> chan(do_QueryInterface(channel));
1207 if (!chan) {
1208 return;
1209 }
1210
1211 nsCOMPtr<nsIReferrerInfo> referrerInfo = chan->GetReferrerInfo();
1212 if (!referrerInfo) {
1213 return;
1214 }
1215
1216 referrerInfo->GetOriginalReferrer(referrer);
1217 }
1218
1219 already_AddRefed<nsINetUtil> do_GetNetUtil(nsresult* error /* = 0 */) {
1220 nsCOMPtr<nsIIOService> io = mozilla::components::IO::Service();
1221 nsCOMPtr<nsINetUtil> util;
1222 if (io) util = do_QueryInterface(io);
1223
1224 if (error) *error = !!util ? NS_OK : NS_ERROR_FAILURE;
1225 return util.forget();
1226 }
1227
1228 nsresult NS_ParseRequestContentType(const nsACString& rawContentType,
1229 nsCString& contentType,
1230 nsCString& contentCharset) {
1231 // contentCharset is left untouched if not present in rawContentType
1232 nsresult rv;
1233 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
1234 NS_ENSURE_SUCCESS(rv, rv);
1235 nsCString charset;
1236 bool hadCharset;
1237 rv = util->ParseRequestContentType(rawContentType, charset, &hadCharset,
1238 contentType);
1239 if (NS_SUCCEEDED(rv) && hadCharset) contentCharset = charset;
1240 return rv;
1241 }
1242
1243 nsresult NS_ParseResponseContentType(const nsACString& rawContentType,
1244 nsCString& contentType,
1245 nsCString& contentCharset) {
1246 // contentCharset is left untouched if not present in rawContentType
1247 nsresult rv;
1248 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
1249 NS_ENSURE_SUCCESS(rv, rv);
1250 nsCString charset;
1251 bool hadCharset;
1252 rv = util->ParseResponseContentType(rawContentType, charset, &hadCharset,
1253 contentType);
1254 if (NS_SUCCEEDED(rv) && hadCharset) contentCharset = charset;
1255 return rv;
1256 }
1257
1258 nsresult NS_ExtractCharsetFromContentType(const nsACString& rawContentType,
1259 nsCString& contentCharset,
1260 bool* hadCharset,
1261 int32_t* charsetStart,
1262 int32_t* charsetEnd) {
1263 // contentCharset is left untouched if not present in rawContentType
1264 nsresult rv;
1265 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
1266 NS_ENSURE_SUCCESS(rv, rv);
1267
1268 return util->ExtractCharsetFromContentType(
1269 rawContentType, contentCharset, charsetStart, charsetEnd, hadCharset);
1270 }
1271
1272 nsresult NS_NewAtomicFileOutputStream(nsIOutputStream** result, nsIFile* file,
1273 int32_t ioFlags /* = -1 */,
1274 int32_t perm /* = -1 */,
1275 int32_t behaviorFlags /* = 0 */) {
1276 nsresult rv;
1277 nsCOMPtr<nsIFileOutputStream> out =
1278 do_CreateInstance(NS_ATOMICLOCALFILEOUTPUTSTREAM_CONTRACTID, &rv);
1279 if (NS_SUCCEEDED(rv)) {
1280 rv = out->Init(file, ioFlags, perm, behaviorFlags);
1281 if (NS_SUCCEEDED(rv)) out.forget(result);
1282 }
1283 return rv;
1284 }
1285
1286 nsresult NS_NewSafeLocalFileOutputStream(nsIOutputStream** result,
1287 nsIFile* file,
1288 int32_t ioFlags /* = -1 */,
1289 int32_t perm /* = -1 */,
1290 int32_t behaviorFlags /* = 0 */) {
1291 nsresult rv;
1292 nsCOMPtr<nsIFileOutputStream> out =
1293 do_CreateInstance(NS_SAFELOCALFILEOUTPUTSTREAM_CONTRACTID, &rv);
1294 if (NS_SUCCEEDED(rv)) {
1295 rv = out->Init(file, ioFlags, perm, behaviorFlags);
1296 if (NS_SUCCEEDED(rv)) out.forget(result);
1297 }
1298 return rv;
1299 }
1300
1301 nsresult NS_NewLocalFileRandomAccessStream(nsIRandomAccessStream** result,
1302 nsIFile* file,
1303 int32_t ioFlags /* = -1 */,
1304 int32_t perm /* = -1 */,
1305 int32_t behaviorFlags /* = 0 */) {
1306 nsCOMPtr<nsIFileRandomAccessStream> stream = new nsFileRandomAccessStream();
1307 nsresult rv = stream->Init(file, ioFlags, perm, behaviorFlags);
1308 if (NS_SUCCEEDED(rv)) {
1309 stream.forget(result);
1310 }
1311 return rv;
1312 }
1313
1314 mozilla::Result<nsCOMPtr<nsIRandomAccessStream>, nsresult>
1315 NS_NewLocalFileRandomAccessStream(nsIFile* file, int32_t ioFlags /* = -1 */,
1316 int32_t perm /* = -1 */,
1317 int32_t behaviorFlags /* = 0 */) {
1318 nsCOMPtr<nsIRandomAccessStream> stream;
1319 const nsresult rv = NS_NewLocalFileRandomAccessStream(
1320 getter_AddRefs(stream), file, ioFlags, perm, behaviorFlags);
1321 if (NS_SUCCEEDED(rv)) {
1322 return stream;
1323 }
1324 return Err(rv);
1325 }
1326
1327 nsresult NS_NewBufferedOutputStream(
1328 nsIOutputStream** aResult, already_AddRefed<nsIOutputStream> aOutputStream,
1329 uint32_t aBufferSize) {
1330 nsCOMPtr<nsIOutputStream> outputStream = std::move(aOutputStream);
1331
1332 nsresult rv;
1333 nsCOMPtr<nsIBufferedOutputStream> out =
1334 do_CreateInstance(NS_BUFFEREDOUTPUTSTREAM_CONTRACTID, &rv);
1335 if (NS_SUCCEEDED(rv)) {
1336 rv = out->Init(outputStream, aBufferSize);
1337 if (NS_SUCCEEDED(rv)) {
1338 out.forget(aResult);
1339 }
1340 }
1341 return rv;
1342 }
1343
1344 [[nodiscard]] nsresult NS_NewBufferedInputStream(
1345 nsIInputStream** aResult, already_AddRefed<nsIInputStream> aInputStream,
1346 uint32_t aBufferSize) {
1347 nsCOMPtr<nsIInputStream> inputStream = std::move(aInputStream);
1348
1349 nsCOMPtr<nsIBufferedInputStream> in;
1350 nsresult rv = nsBufferedInputStream::Create(
1351 NS_GET_IID(nsIBufferedInputStream), getter_AddRefs(in));
1352 if (NS_SUCCEEDED(rv)) {
1353 rv = in->Init(inputStream, aBufferSize);
1354 if (NS_SUCCEEDED(rv)) {
1355 *aResult = static_cast<nsBufferedInputStream*>(in.get())
1356 ->GetInputStream()
1357 .take();
1358 }
1359 }
1360 return rv;
1361 }
1362
1363 Result<nsCOMPtr<nsIInputStream>, nsresult> NS_NewBufferedInputStream(
1364 already_AddRefed<nsIInputStream> aInputStream, uint32_t aBufferSize) {
1365 nsCOMPtr<nsIInputStream> stream;
1366 const nsresult rv = NS_NewBufferedInputStream(
1367 getter_AddRefs(stream), std::move(aInputStream), aBufferSize);
1368 if (NS_SUCCEEDED(rv)) {
1369 return stream;
1370 }
1371 return Err(rv);
1372 }
1373
1374 namespace {
1375
1376 #define BUFFER_SIZE 8192
1377
1378 class BufferWriter final : public nsIInputStreamCallback {
1379 public:
1380 NS_DECL_THREADSAFE_ISUPPORTS
1381
1382 BufferWriter(nsIInputStream* aInputStream, void* aBuffer, int64_t aCount)
1383 : mMonitor("BufferWriter.mMonitor"),
1384 mInputStream(aInputStream),
1385 mBuffer(aBuffer),
1386 mCount(aCount),
1387 mWrittenData(0),
1388 mBufferType(aBuffer ? eExternal : eInternal),
1389 mBufferSize(0) {
1390 MOZ_ASSERT(aInputStream);
1391 MOZ_ASSERT(aCount == -1 || aCount > 0);
1392 MOZ_ASSERT_IF(mBuffer, aCount > 0);
1393 }
1394
1395 nsresult Write() {
1396 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1397
1398 // Let's make the inputStream buffered if it's not.
1399 if (!NS_InputStreamIsBuffered(mInputStream)) {
1400 nsCOMPtr<nsIInputStream> bufferedStream;
1401 nsresult rv = NS_NewBufferedInputStream(
1402 getter_AddRefs(bufferedStream), mInputStream.forget(), BUFFER_SIZE);
1403 NS_ENSURE_SUCCESS(rv, rv);
1404
1405 mInputStream = bufferedStream;
1406 }
1407
1408 mAsyncInputStream = do_QueryInterface(mInputStream);
1409
1410 if (!mAsyncInputStream) {
1411 return WriteSync();
1412 }
1413
1414 // Let's use mAsyncInputStream only.
1415 mInputStream = nullptr;
1416
1417 return WriteAsync();
1418 }
1419
1420 uint64_t WrittenData() const {
1421 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1422 return mWrittenData;
1423 }
1424
1425 void* StealBuffer() {
1426 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1427 MOZ_ASSERT(mBufferType == eInternal);
1428
1429 void* buffer = mBuffer;
1430
1431 mBuffer = nullptr;
1432 mBufferSize = 0;
1433
1434 return buffer;
1435 }
1436
1437 private:
1438 ~BufferWriter() {
1439 if (mBuffer && mBufferType == eInternal) {
1440 free(mBuffer);
1441 }
1442
1443 if (mTaskQueue) {
1444 mTaskQueue->BeginShutdown();
1445 }
1446 }
1447
1448 nsresult WriteSync() {
1449 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1450
1451 uint64_t length = (uint64_t)mCount;
1452
1453 if (mCount == -1) {
1454 nsresult rv = mInputStream->Available(&length);
1455 NS_ENSURE_SUCCESS(rv, rv);
1456
1457 if (length == 0) {
1458 // nothing to read.
1459 return NS_OK;
1460 }
1461 }
1462
1463 if (mBufferType == eInternal) {
1464 mBuffer = malloc(length);
1465 if (NS_WARN_IF(!mBuffer)) {
1466 return NS_ERROR_OUT_OF_MEMORY;
1467 }
1468 }
1469
1470 uint32_t writtenData;
1471 nsresult rv = mInputStream->ReadSegments(NS_CopySegmentToBuffer, mBuffer,
1472 length, &writtenData);
1473 NS_ENSURE_SUCCESS(rv, rv);
1474
1475 mWrittenData = writtenData;
1476 return NS_OK;
1477 }
1478
1479 nsresult WriteAsync() {
1480 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1481
1482 if (mCount > 0 && mBufferType == eInternal) {
1483 mBuffer = malloc(mCount);
1484 if (NS_WARN_IF(!mBuffer)) {
1485 return NS_ERROR_OUT_OF_MEMORY;
1486 }
1487 }
1488
1489 while (true) {
1490 if (mCount == -1 && !MaybeExpandBufferSize()) {
1491 return NS_ERROR_OUT_OF_MEMORY;
1492 }
1493
1494 uint64_t offset = mWrittenData;
1495 uint64_t length = mCount == -1 ? BUFFER_SIZE : mCount;
1496
1497 // Let's try to read data directly.
1498 uint32_t writtenData;
1499 nsresult rv = mAsyncInputStream->ReadSegments(
1500 NS_CopySegmentToBuffer, static_cast<char*>(mBuffer) + offset, length,
1501 &writtenData);
1502
1503 // Operation completed. Nothing more to read.
1504 if (NS_SUCCEEDED(rv) && writtenData == 0) {
1505 return NS_OK;
1506 }
1507
1508 // If we succeeded, let's try to read again.
1509 if (NS_SUCCEEDED(rv)) {
1510 mWrittenData += writtenData;
1511 if (mCount != -1) {
1512 MOZ_ASSERT(mCount >= writtenData);
1513 mCount -= writtenData;
1514
1515 // Is this the end of the reading?
1516 if (mCount == 0) {
1517 return NS_OK;
1518 }
1519 }
1520
1521 continue;
1522 }
1523
1524 // Async wait...
1525 if (rv == NS_BASE_STREAM_WOULD_BLOCK) {
1526 rv = MaybeCreateTaskQueue();
1527 if (NS_WARN_IF(NS_FAILED(rv))) {
1528 return rv;
1529 }
1530
1531 MonitorAutoLock lock(mMonitor);
1532
1533 rv = mAsyncInputStream->AsyncWait(this, 0, length, mTaskQueue);
1534 if (NS_WARN_IF(NS_FAILED(rv))) {
1535 return rv;
1536 }
1537
1538 lock.Wait();
1539 continue;
1540 }
1541
1542 // Otherwise, let's propagate the error.
1543 return rv;
1544 }
1545
1546 MOZ_ASSERT_UNREACHABLE("We should not be here");
1547 return NS_ERROR_FAILURE;
1548 }
1549
1550 nsresult MaybeCreateTaskQueue() {
1551 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1552
1553 if (!mTaskQueue) {
1554 nsCOMPtr<nsIEventTarget> target =
1555 do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID);
1556 if (!target) {
1557 return NS_ERROR_FAILURE;
1558 }
1559
1560 mTaskQueue = TaskQueue::Create(target.forget(), "nsNetUtil:BufferWriter");
1561 }
1562
1563 return NS_OK;
1564 }
1565
1566 NS_IMETHOD
1567 OnInputStreamReady(nsIAsyncInputStream* aStream) override {
1568 MOZ_ASSERT(!NS_IsMainThread());
1569
1570 // We have something to read. Let's unlock the main-thread.
1571 MonitorAutoLock lock(mMonitor);
1572 lock.Notify();
1573 return NS_OK;
1574 }
1575
1576 bool MaybeExpandBufferSize() {
1577 NS_ASSERT_OWNINGTHREAD(BufferWriter);
1578
1579 MOZ_ASSERT(mCount == -1);
1580
1581 if (mBufferSize >= mWrittenData + BUFFER_SIZE) {
1582 // The buffer is big enough.
1583 return true;
1584 }
1585
1586 CheckedUint32 bufferSize =
1587 std::max<uint32_t>(static_cast<uint32_t>(mWrittenData), BUFFER_SIZE);
1588 while (bufferSize.isValid() &&
1589 bufferSize.value() < mWrittenData + BUFFER_SIZE) {
1590 bufferSize *= 2;
1591 }
1592
1593 if (!bufferSize.isValid()) {
1594 return false;
1595 }
1596
1597 void* buffer = realloc(mBuffer, bufferSize.value());
1598 if (!buffer) {
1599 return false;
1600 }
1601
1602 mBuffer = buffer;
1603 mBufferSize = bufferSize.value();
1604 return true;
1605 }
1606
1607 // All the members of this class are touched on the owning thread only. The
1608 // monitor is only used to communicate when there is more data to read.
1609 Monitor mMonitor MOZ_UNANNOTATED;
1610
1611 nsCOMPtr<nsIInputStream> mInputStream;
1612 nsCOMPtr<nsIAsyncInputStream> mAsyncInputStream;
1613
1614 RefPtr<TaskQueue> mTaskQueue;
1615
1616 void* mBuffer;
1617 int64_t mCount;
1618 uint64_t mWrittenData;
1619
1620 enum {
1621 // The buffer is allocated internally and this object must release it
1622 // in the DTOR if not stolen. The buffer can be reallocated.
1623 eInternal,
1624
1625 // The buffer is not owned by this object and it cannot be reallocated.
1626 eExternal,
1627 } mBufferType;
1628
1629 // The following set if needed for the async read.
1630 uint64_t mBufferSize;
1631 };
1632
1633 NS_IMPL_ISUPPORTS(BufferWriter, nsIInputStreamCallback)
1634
1635 } // anonymous namespace
1636
1637 nsresult NS_ReadInputStreamToBuffer(nsIInputStream* aInputStream, void** aDest,
1638 int64_t aCount, uint64_t* aWritten) {
1639 MOZ_ASSERT(aInputStream);
1640 MOZ_ASSERT(aCount >= -1);
1641
1642 uint64_t dummyWritten;
1643 if (!aWritten) {
1644 aWritten = &dummyWritten;
1645 }
1646
1647 if (aCount == 0) {
1648 *aWritten = 0;
1649 return NS_OK;
1650 }
1651
1652 // This will take care of allocating and reallocating aDest.
1653 RefPtr<BufferWriter> writer = new BufferWriter(aInputStream, *aDest, aCount);
1654
1655 nsresult rv = writer->Write();
1656 NS_ENSURE_SUCCESS(rv, rv);
1657
1658 *aWritten = writer->WrittenData();
1659
1660 if (!*aDest) {
1661 *aDest = writer->StealBuffer();
1662 }
1663
1664 return NS_OK;
1665 }
1666
1667 nsresult NS_ReadInputStreamToString(nsIInputStream* aInputStream,
1668 nsACString& aDest, int64_t aCount,
1669 uint64_t* aWritten) {
1670 uint64_t dummyWritten;
1671 if (!aWritten) {
1672 aWritten = &dummyWritten;
1673 }
1674
1675 // Nothing to do if aCount is 0.
1676 if (aCount == 0) {
1677 aDest.Truncate();
1678 *aWritten = 0;
1679 return NS_OK;
1680 }
1681
1682 // If we have the size, we can pre-allocate the buffer.
1683 if (aCount > 0) {
1684 if (NS_WARN_IF(aCount >= INT32_MAX) ||
1685 NS_WARN_IF(!aDest.SetLength(aCount, mozilla::fallible))) {
1686 return NS_ERROR_OUT_OF_MEMORY;
1687 }
1688
1689 void* dest = aDest.BeginWriting();
1690 nsresult rv =
1691 NS_ReadInputStreamToBuffer(aInputStream, &dest, aCount, aWritten);
1692 NS_ENSURE_SUCCESS(rv, rv);
1693
1694 if ((uint64_t)aCount > *aWritten) {
1695 aDest.Truncate(*aWritten);
1696 }
1697
1698 return NS_OK;
1699 }
1700
1701 // If the size is unknown, BufferWriter will allocate the buffer.
1702 void* dest = nullptr;
1703 nsresult rv =
1704 NS_ReadInputStreamToBuffer(aInputStream, &dest, aCount, aWritten);
1705 MOZ_ASSERT_IF(NS_FAILED(rv), dest == nullptr);
1706 NS_ENSURE_SUCCESS(rv, rv);
1707
1708 if (!dest) {
1709 MOZ_ASSERT(*aWritten == 0);
1710 aDest.Truncate();
1711 return NS_OK;
1712 }
1713
1714 aDest.Adopt(reinterpret_cast<char*>(dest), *aWritten);
1715 return NS_OK;
1716 }
1717
1718 nsresult NS_NewURI(nsIURI** result, const nsACString& spec,
1719 NotNull<const Encoding*> encoding,
1720 nsIURI* baseURI /* = nullptr */) {
1721 nsAutoCString charset;
1722 encoding->Name(charset);
1723 return NS_NewURI(result, spec, charset.get(), baseURI);
1724 }
1725
1726 nsresult NS_NewURI(nsIURI** result, const nsAString& aSpec,
1727 const char* charset /* = nullptr */,
1728 nsIURI* baseURI /* = nullptr */) {
1729 nsAutoCString spec;
1730 if (!AppendUTF16toUTF8(aSpec, spec, mozilla::fallible)) {
1731 return NS_ERROR_OUT_OF_MEMORY;
1732 }
1733 return NS_NewURI(result, spec, charset, baseURI);
1734 }
1735
1736 nsresult NS_NewURI(nsIURI** result, const nsAString& aSpec,
1737 NotNull<const Encoding*> encoding,
1738 nsIURI* baseURI /* = nullptr */) {
1739 nsAutoCString spec;
1740 if (!AppendUTF16toUTF8(aSpec, spec, mozilla::fallible)) {
1741 return NS_ERROR_OUT_OF_MEMORY;
1742 }
1743 return NS_NewURI(result, spec, encoding, baseURI);
1744 }
1745
1746 nsresult NS_NewURI(nsIURI** result, const char* spec,
1747 nsIURI* baseURI /* = nullptr */) {
1748 return NS_NewURI(result, nsDependentCString(spec), nullptr, baseURI);
1749 }
1750
1751 static nsresult NewStandardURI(const nsACString& aSpec, const char* aCharset,
1752 nsIURI* aBaseURI, int32_t aDefaultPort,
1753 nsIURI** aURI) {
1754 return NS_MutateURI(new nsStandardURL::Mutator())
1755 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_AUTHORITY,
1756 aDefaultPort, aSpec, aCharset, aBaseURI, nullptr)
1757 .Finalize(aURI);
1758 }
1759
1760 nsresult NS_GetSpecWithNSURLEncoding(nsACString& aResult,
1761 const nsACString& aSpec) {
1762 nsCOMPtr<nsIURI> uri;
1763 nsresult rv = NS_NewURIWithNSURLEncoding(getter_AddRefs(uri), aSpec);
1764 NS_ENSURE_SUCCESS(rv, rv);
1765 return uri->GetAsciiSpec(aResult);
1766 }
1767
1768 nsresult NS_NewURIWithNSURLEncoding(nsIURI** aResult, const nsACString& aSpec) {
1769 nsCOMPtr<nsIURI> uri;
1770 nsresult rv = NS_NewURI(getter_AddRefs(uri), aSpec);
1771 NS_ENSURE_SUCCESS(rv, rv);
1772
1773 // Escape the ref portion of the URL. NSURL is more strict about which
1774 // characters in the URL must be % encoded. For example, an unescaped '#'
1775 // to indicate the beginning of the ref component is accepted by NSURL, but
1776 // '#' characters in the ref must be escaped. Also adds encoding for other
1777 // characters not accepted by NSURL in the ref such as '{', '|', '}', and '^'.
1778 // The ref returned from GetRef() does not include the leading '#'.
1779 nsAutoCString ref, escapedRef;
1780 if (NS_SUCCEEDED(uri->GetRef(ref)) && !ref.IsEmpty()) {
1781 if (!NS_Escape(ref, escapedRef, url_NSURLRef)) {
1782 return NS_ERROR_INVALID_ARG;
1783 }
1784 rv = NS_MutateURI(uri).SetRef(escapedRef).Finalize(uri);
1785 NS_ENSURE_SUCCESS(rv, rv);
1786 }
1787
1788 uri.forget(aResult);
1789 return NS_OK;
1790 }
1791
1792 extern MOZ_THREAD_LOCAL(uint32_t) gTlsURLRecursionCount;
1793
1794 template <typename T>
1795 class TlsAutoIncrement {
1796 public:
1797 explicit TlsAutoIncrement(T& var) : mVar(var) {
1798 mValue = mVar.get();
1799 mVar.set(mValue + 1);
1800 }
1801 ~TlsAutoIncrement() {
1802 typename T::Type value = mVar.get();
1803 MOZ_ASSERT(value == mValue + 1);
1804 mVar.set(value - 1);
1805 }
1806
1807 typename T::Type value() { return mValue; }
1808
1809 private:
1810 typename T::Type mValue;
1811 T& mVar;
1812 };
1813
1814 nsresult NS_NewURI(nsIURI** aURI, const nsACString& aSpec,
1815 const char* aCharset /* = nullptr */,
1816 nsIURI* aBaseURI /* = nullptr */) {
1817 TlsAutoIncrement<decltype(gTlsURLRecursionCount)> inc(gTlsURLRecursionCount);
1818 if (inc.value() >= MAX_RECURSION_COUNT) {
1819 return NS_ERROR_MALFORMED_URI;
1820 }
1821
1822 nsCOMPtr<nsIIOService> ioService = do_GetIOService();
1823 if (!ioService) {
1824 // Individual protocol handlers unfortunately rely on the ioservice, let's
1825 // return an error here instead of causing unpredictable crashes later.
1826 return NS_ERROR_NOT_AVAILABLE;
1827 }
1828
1829 if (StaticPrefs::network_url_max_length() &&
1830 aSpec.Length() > StaticPrefs::network_url_max_length()) {
1831 return NS_ERROR_MALFORMED_URI;
1832 }
1833
1834 nsAutoCString scheme;
1835 nsresult rv = net_ExtractURLScheme(aSpec, scheme);
1836 if (NS_FAILED(rv)) {
1837 // then aSpec is relative
1838 if (!aBaseURI) {
1839 return NS_ERROR_MALFORMED_URI;
1840 }
1841
1842 if (!aSpec.IsEmpty() && aSpec[0] == '#') {
1843 // Looks like a reference instead of a fully-specified URI.
1844 // --> initialize |uri| as a clone of |aBaseURI|, with ref appended.
1845 return NS_GetURIWithNewRef(aBaseURI, aSpec, aURI);
1846 }
1847
1848 rv = aBaseURI->GetScheme(scheme);
1849 if (NS_FAILED(rv)) return rv;
1850 }
1851
1852 if (scheme.EqualsLiteral("http") || scheme.EqualsLiteral("ws")) {
1853 return NewStandardURI(aSpec, aCharset, aBaseURI, NS_HTTP_DEFAULT_PORT,
1854 aURI);
1855 }
1856 if (scheme.EqualsLiteral("https") || scheme.EqualsLiteral("wss")) {
1857 return NewStandardURI(aSpec, aCharset, aBaseURI, NS_HTTPS_DEFAULT_PORT,
1858 aURI);
1859 }
1860 if (scheme.EqualsLiteral("ftp")) {
1861 return NewStandardURI(aSpec, aCharset, aBaseURI, 21, aURI);
1862 }
1863
1864 if (scheme.EqualsLiteral("file")) {
1865 nsAutoCString buf(aSpec);
1866 #if defined(XP_WIN)
1867 buf.Truncate();
1868 if (!net_NormalizeFileURL(aSpec, buf)) {
1869 buf = aSpec;
1870 }
1871 #endif
1872
1873 return NS_MutateURI(new nsStandardURL::Mutator())
1874 .Apply(&nsIFileURLMutator::MarkFileURL)
1875 .Apply(&nsIStandardURLMutator::Init,
1876 nsIStandardURL::URLTYPE_NO_AUTHORITY, -1, buf, aCharset,
1877 aBaseURI, nullptr)
1878 .Finalize(aURI);
1879 }
1880
1881 if (scheme.EqualsLiteral("data")) {
1882 return nsDataHandler::CreateNewURI(aSpec, aCharset, aBaseURI, aURI);
1883 }
1884
1885 if (scheme.EqualsLiteral("moz-safe-about") ||
1886 scheme.EqualsLiteral("page-icon") || scheme.EqualsLiteral("moz") ||
1887 scheme.EqualsLiteral("moz-anno")) {
1888 return NS_MutateURI(new nsSimpleURI::Mutator())
1889 .SetSpec(aSpec)
1890 .Finalize(aURI);
1891 }
1892
1893 if (scheme.EqualsLiteral("chrome")) {
1894 return nsChromeProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI,
1895 aURI);
1896 }
1897
1898 if (scheme.EqualsLiteral("javascript")) {
1899 return nsJSProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI, aURI);
1900 }
1901
1902 if (scheme.EqualsLiteral("blob")) {
1903 return BlobURLProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI,
1904 aURI);
1905 }
1906
1907 if (scheme.EqualsLiteral("view-source")) {
1908 return nsViewSourceHandler::CreateNewURI(aSpec, aCharset, aBaseURI, aURI);
1909 }
1910
1911 if (scheme.EqualsLiteral("resource")) {
1912 RefPtr<nsResProtocolHandler> handler = nsResProtocolHandler::GetSingleton();
1913 if (!handler) {
1914 return NS_ERROR_NOT_AVAILABLE;
1915 }
1916 return handler->NewURI(aSpec, aCharset, aBaseURI, aURI);
1917 }
1918
1919 if (scheme.EqualsLiteral("indexeddb") || scheme.EqualsLiteral("uuid")) {
1920 return NS_MutateURI(new nsStandardURL::Mutator())
1921 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_AUTHORITY,
1922 0, aSpec, aCharset, aBaseURI, nullptr)
1923 .Finalize(aURI);
1924 }
1925
1926 if (scheme.EqualsLiteral("moz-extension")) {
1927 RefPtr<mozilla::net::ExtensionProtocolHandler> handler =
1928 mozilla::net::ExtensionProtocolHandler::GetSingleton();
1929 if (!handler) {
1930 return NS_ERROR_NOT_AVAILABLE;
1931 }
1932 return handler->NewURI(aSpec, aCharset, aBaseURI, aURI);
1933 }
1934
1935 if (scheme.EqualsLiteral("moz-page-thumb")) {
1936 // The moz-page-thumb service runs JS to resolve a URI to a
1937 // storage location, so this should only ever run on the main
1938 // thread.
1939 if (!NS_IsMainThread()) {
1940 return NS_ERROR_NOT_AVAILABLE;
1941 }
1942
1943 RefPtr<mozilla::net::PageThumbProtocolHandler> handler =
1944 mozilla::net::PageThumbProtocolHandler::GetSingleton();
1945 if (!handler) {
1946 return NS_ERROR_NOT_AVAILABLE;
1947 }
1948 return handler->NewURI(aSpec, aCharset, aBaseURI, aURI);
1949 }
1950
1951 if (scheme.EqualsLiteral("about")) {
1952 return nsAboutProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI,
1953 aURI);
1954 }
1955
1956 if (scheme.EqualsLiteral("jar")) {
1957 return NS_MutateURI(new nsJARURI::Mutator())
1958 .Apply(&nsIJARURIMutator::SetSpecBaseCharset, aSpec, aBaseURI, aCharset)
1959 .Finalize(aURI);
1960 }
1961
1962 if (scheme.EqualsLiteral("moz-icon")) {
1963 return NS_MutateURI(new nsMozIconURI::Mutator())
1964 .SetSpec(aSpec)
1965 .Finalize(aURI);
1966 }
1967
1968 #ifdef MOZ_WIDGET_GTK
1969 if (scheme.EqualsLiteral("smb") || scheme.EqualsLiteral("sftp")) {
1970 return NS_MutateURI(new nsStandardURL::Mutator())
1971 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_STANDARD,
1972 -1, aSpec, aCharset, aBaseURI, nullptr)
1973 .Finalize(aURI);
1974 }
1975 #endif
1976
1977 if (scheme.EqualsLiteral("android")) {
1978 return NS_MutateURI(NS_STANDARDURLMUTATOR_CONTRACTID)
1979 .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_STANDARD,
1980 -1, aSpec, aCharset, aBaseURI, nullptr)
1981 .Finalize(aURI);
1982 }
1983
1984 // web-extensions can add custom protocol implementations with standard URLs
1985 // that have notion of hostname, authority and relative URLs. Below we
1986 // manually check agains set of known protocols schemes until more general
1987 // solution is in place (See Bug 1569733)
1988 if (!StaticPrefs::network_url_useDefaultURI()) {
1989 if (scheme.EqualsLiteral("ssh")) {
1990 return NewStandardURI(aSpec, aCharset, aBaseURI, 22, aURI);
1991 }
1992
1993 if (scheme.EqualsLiteral("dweb") || scheme.EqualsLiteral("dat") ||
1994 scheme.EqualsLiteral("ipfs") || scheme.EqualsLiteral("ipns") ||
1995 scheme.EqualsLiteral("ssb") || scheme.EqualsLiteral("wtp")) {
1996 return NewStandardURI(aSpec, aCharset, aBaseURI, -1, aURI);
1997 }
1998 }
1999
2000 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
2001 rv = NS_NewMailnewsURI(aURI, aSpec, aCharset, aBaseURI);
2002 if (rv != NS_ERROR_UNKNOWN_PROTOCOL) {
2003 return rv;
2004 }
2005 #endif
2006
2007 if (aBaseURI) {
2008 nsAutoCString newSpec;
2009 rv = aBaseURI->Resolve(aSpec, newSpec);
2010 NS_ENSURE_SUCCESS(rv, rv);
2011
2012 nsAutoCString newScheme;
2013 rv = net_ExtractURLScheme(newSpec, newScheme);
2014 if (NS_SUCCEEDED(rv)) {
2015 // The scheme shouldn't really change at this point.
2016 MOZ_DIAGNOSTIC_ASSERT(newScheme == scheme);
2017 }
2018
2019 if (StaticPrefs::network_url_useDefaultURI()) {
2020 return NS_MutateURI(new DefaultURI::Mutator())
2021 .SetSpec(newSpec)
2022 .Finalize(aURI);
2023 }
2024
2025 return NS_MutateURI(new nsSimpleURI::Mutator())
2026 .SetSpec(newSpec)
2027 .Finalize(aURI);
2028 }
2029
2030 if (StaticPrefs::network_url_useDefaultURI()) {
2031 return NS_MutateURI(new DefaultURI::Mutator())
2032 .SetSpec(aSpec)
2033 .Finalize(aURI);
2034 }
2035
2036 // Falls back to external protocol handler.
2037 return NS_MutateURI(new nsSimpleURI::Mutator()).SetSpec(aSpec).Finalize(aURI);
2038 }
2039
2040 nsresult NS_GetSanitizedURIStringFromURI(nsIURI* aUri,
2041 nsAString& aSanitizedSpec) {
2042 aSanitizedSpec.Truncate();
2043
2044 nsCOMPtr<nsISensitiveInfoHiddenURI> safeUri = do_QueryInterface(aUri);
2045 nsAutoCString cSpec;
2046 nsresult rv;
2047 if (safeUri) {
2048 rv = safeUri->GetSensitiveInfoHiddenSpec(cSpec);
2049 } else {
2050 rv = aUri->GetSpec(cSpec);
2051 }
2052
2053 if (NS_SUCCEEDED(rv)) {
2054 aSanitizedSpec.Assign(NS_ConvertUTF8toUTF16(cSpec));
2055 }
2056 return rv;
2057 }
2058
2059 nsresult NS_LoadPersistentPropertiesFromURISpec(
2060 nsIPersistentProperties** outResult, const nsACString& aSpec) {
2061 nsCOMPtr<nsIURI> uri;
2062 nsresult rv = NS_NewURI(getter_AddRefs(uri), aSpec);
2063 NS_ENSURE_SUCCESS(rv, rv);
2064
2065 nsCOMPtr<nsIChannel> channel;
2066 rv = NS_NewChannel(getter_AddRefs(channel), uri,
2067 nsContentUtils::GetSystemPrincipal(),
2068 nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
2069 nsIContentPolicy::TYPE_OTHER);
2070 NS_ENSURE_SUCCESS(rv, rv);
2071 nsCOMPtr<nsIInputStream> in;
2072 rv = channel->Open(getter_AddRefs(in));
2073 NS_ENSURE_SUCCESS(rv, rv);
2074
2075 nsCOMPtr<nsIPersistentProperties> properties = new nsPersistentProperties();
2076 rv = properties->Load(in);
2077 NS_ENSURE_SUCCESS(rv, rv);
2078
2079 properties.swap(*outResult);
2080 return NS_OK;
2081 }
2082
2083 bool NS_UsePrivateBrowsing(nsIChannel* channel) {
2084 OriginAttributes attrs;
2085 bool result = StoragePrincipalHelper::GetOriginAttributes(
2086 channel, attrs, StoragePrincipalHelper::eRegularPrincipal);
2087 NS_ENSURE_TRUE(result, result);
2088 return attrs.mPrivateBrowsingId > 0;
2089 }
2090
2091 bool NS_HasBeenCrossOrigin(nsIChannel* aChannel, bool aReport) {
2092 nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
2093 // TYPE_DOCUMENT loads have a null LoadingPrincipal and can not be cross
2094 // origin.
2095 if (!loadInfo->GetLoadingPrincipal()) {
2096 return false;
2097 }
2098
2099 // Always treat tainted channels as cross-origin.
2100 if (loadInfo->GetTainting() != LoadTainting::Basic) {
2101 return true;
2102 }
2103
2104 nsCOMPtr<nsIPrincipal> loadingPrincipal = loadInfo->GetLoadingPrincipal();
2105 uint32_t mode = loadInfo->GetSecurityMode();
2106 bool dataInherits =
2107 mode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT ||
2108 mode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT ||
2109 mode == nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
2110
2111 bool aboutBlankInherits = dataInherits && loadInfo->GetAboutBlankInherits();
2112
2113 uint64_t innerWindowID = loadInfo->GetInnerWindowID();
2114
2115 for (nsIRedirectHistoryEntry* redirectHistoryEntry :
2116 loadInfo->RedirectChain()) {
2117 nsCOMPtr<nsIPrincipal> principal;
2118 redirectHistoryEntry->GetPrincipal(getter_AddRefs(principal));
2119 if (!principal) {
2120 return true;
2121 }
2122
2123 nsCOMPtr<nsIURI> uri;
2124 auto* basePrin = BasePrincipal::Cast(principal);
2125 basePrin->GetURI(getter_AddRefs(uri));
2126 if (!uri) {
2127 return true;
2128 }
2129
2130 if (aboutBlankInherits && NS_IsAboutBlank(uri)) {
2131 continue;
2132 }
2133
2134 nsresult res;
2135 if (aReport) {
2136 res = loadingPrincipal->CheckMayLoadWithReporting(uri, dataInherits,
2137 innerWindowID);
2138 } else {
2139 res = loadingPrincipal->CheckMayLoad(uri, dataInherits);
2140 }
2141 if (NS_FAILED(res)) {
2142 return true;
2143 }
2144 }
2145
2146 nsCOMPtr<nsIURI> uri;
2147 NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
2148 if (!uri) {
2149 return true;
2150 }
2151
2152 if (aboutBlankInherits && NS_IsAboutBlank(uri)) {
2153 return false;
2154 }
2155
2156 nsresult res;
2157 if (aReport) {
2158 res = loadingPrincipal->CheckMayLoadWithReporting(uri, dataInherits,
2159 innerWindowID);
2160 } else {
2161 res = loadingPrincipal->CheckMayLoad(uri, dataInherits);
2162 }
2163
2164 return NS_FAILED(res);
2165 }
2166
2167 bool NS_IsSafeMethodNav(nsIChannel* aChannel) {
2168 RefPtr<HttpBaseChannel> baseChan = do_QueryObject(aChannel);
2169 if (!baseChan) {
2170 return false;
2171 }
2172 nsHttpRequestHead* requestHead = baseChan->GetRequestHead();
2173 if (!requestHead) {
2174 return false;
2175 }
2176 return requestHead->IsSafeMethod();
2177 }
2178
2179 void NS_WrapAuthPrompt(nsIAuthPrompt* aAuthPrompt,
2180 nsIAuthPrompt2** aAuthPrompt2) {
2181 nsCOMPtr<nsIAuthPromptAdapterFactory> factory =
2182 do_GetService(NS_AUTHPROMPT_ADAPTER_FACTORY_CONTRACTID);
2183 if (!factory) return;
2184
2185 NS_WARNING("Using deprecated nsIAuthPrompt");
2186 factory->CreateAdapter(aAuthPrompt, aAuthPrompt2);
2187 }
2188
2189 void NS_QueryAuthPrompt2(nsIInterfaceRequestor* aCallbacks,
2190 nsIAuthPrompt2** aAuthPrompt) {
2191 CallGetInterface(aCallbacks, aAuthPrompt);
2192 if (*aAuthPrompt) return;
2193
2194 // Maybe only nsIAuthPrompt is provided and we have to wrap it.
2195 nsCOMPtr<nsIAuthPrompt> prompt(do_GetInterface(aCallbacks));
2196 if (!prompt) return;
2197
2198 NS_WrapAuthPrompt(prompt, aAuthPrompt);
2199 }
2200
2201 void NS_QueryAuthPrompt2(nsIChannel* aChannel, nsIAuthPrompt2** aAuthPrompt) {
2202 *aAuthPrompt = nullptr;
2203
2204 // We want to use any auth prompt we can find on the channel's callbacks,
2205 // and if that fails use the loadgroup's prompt (if any)
2206 // Therefore, we can't just use NS_QueryNotificationCallbacks, because
2207 // that would prefer a loadgroup's nsIAuthPrompt2 over a channel's
2208 // nsIAuthPrompt.
2209 nsCOMPtr<nsIInterfaceRequestor> callbacks;
2210 aChannel->GetNotificationCallbacks(getter_AddRefs(callbacks));
2211 if (callbacks) {
2212 NS_QueryAuthPrompt2(callbacks, aAuthPrompt);
2213 if (*aAuthPrompt) return;
2214 }
2215
2216 nsCOMPtr<nsILoadGroup> group;
2217 aChannel->GetLoadGroup(getter_AddRefs(group));
2218 if (!group) return;
2219
2220 group->GetNotificationCallbacks(getter_AddRefs(callbacks));
2221 if (!callbacks) return;
2222 NS_QueryAuthPrompt2(callbacks, aAuthPrompt);
2223 }
2224
2225 nsresult NS_NewNotificationCallbacksAggregation(
2226 nsIInterfaceRequestor* callbacks, nsILoadGroup* loadGroup,
2227 nsIEventTarget* target, nsIInterfaceRequestor** result) {
2228 nsCOMPtr<nsIInterfaceRequestor> cbs;
2229 if (loadGroup) loadGroup->GetNotificationCallbacks(getter_AddRefs(cbs));
2230 return NS_NewInterfaceRequestorAggregation(callbacks, cbs, target, result);
2231 }
2232
2233 nsresult NS_NewNotificationCallbacksAggregation(
2234 nsIInterfaceRequestor* callbacks, nsILoadGroup* loadGroup,
2235 nsIInterfaceRequestor** result) {
2236 return NS_NewNotificationCallbacksAggregation(callbacks, loadGroup, nullptr,
2237 result);
2238 }
2239
2240 nsresult NS_DoImplGetInnermostURI(nsINestedURI* nestedURI, nsIURI** result) {
2241 MOZ_ASSERT(nestedURI, "Must have a nested URI!");
2242 MOZ_ASSERT(!*result, "Must have null *result");
2243
2244 nsCOMPtr<nsIURI> inner;
2245 nsresult rv = nestedURI->GetInnerURI(getter_AddRefs(inner));
2246 NS_ENSURE_SUCCESS(rv, rv);
2247
2248 // We may need to loop here until we reach the innermost
2249 // URI.
2250 nsCOMPtr<nsINestedURI> nestedInner(do_QueryInterface(inner));
2251 while (nestedInner) {
2252 rv = nestedInner->GetInnerURI(getter_AddRefs(inner));
2253 NS_ENSURE_SUCCESS(rv, rv);
2254 nestedInner = do_QueryInterface(inner);
2255 }
2256
2257 // Found the innermost one if we reach here.
2258 inner.swap(*result);
2259
2260 return rv;
2261 }
2262
2263 nsresult NS_ImplGetInnermostURI(nsINestedURI* nestedURI, nsIURI** result) {
2264 // Make it safe to use swap()
2265 *result = nullptr;
2266
2267 return NS_DoImplGetInnermostURI(nestedURI, result);
2268 }
2269
2270 already_AddRefed<nsIURI> NS_GetInnermostURI(nsIURI* aURI) {
2271 MOZ_ASSERT(aURI, "Must have URI");
2272
2273 nsCOMPtr<nsIURI> uri = aURI;
2274
2275 nsCOMPtr<nsINestedURI> nestedURI(do_QueryInterface(uri));
2276 if (!nestedURI) {
2277 return uri.forget();
2278 }
2279
2280 nsresult rv = nestedURI->GetInnermostURI(getter_AddRefs(uri));
2281 if (NS_FAILED(rv)) {
2282 return nullptr;
2283 }
2284
2285 return uri.forget();
2286 }
2287
2288 nsresult NS_GetFinalChannelURI(nsIChannel* channel, nsIURI** uri) {
2289 *uri = nullptr;
2290
2291 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
2292 nsCOMPtr<nsIURI> resultPrincipalURI;
2293 loadInfo->GetResultPrincipalURI(getter_AddRefs(resultPrincipalURI));
2294 if (resultPrincipalURI) {
2295 resultPrincipalURI.forget(uri);
2296 return NS_OK;
2297 }
2298 return channel->GetOriginalURI(uri);
2299 }
2300
2301 nsresult NS_URIChainHasFlags(nsIURI* uri, uint32_t flags, bool* result) {
2302 nsresult rv;
2303 nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv);
2304 NS_ENSURE_SUCCESS(rv, rv);
2305
2306 return util->URIChainHasFlags(uri, flags, result);
2307 }
2308
2309 uint32_t NS_SecurityHashURI(nsIURI* aURI) {
2310 nsCOMPtr<nsIURI> baseURI = NS_GetInnermostURI(aURI);
2311
2312 nsAutoCString scheme;
2313 uint32_t schemeHash = 0;
2314 if (NS_SUCCEEDED(baseURI->GetScheme(scheme))) {
2315 schemeHash = mozilla::HashString(scheme);
2316 }
2317
2318 // TODO figure out how to hash file:// URIs
2319 if (scheme.EqualsLiteral("file")) return schemeHash; // sad face
2320
2321 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
2322 bool hasFlag;
2323 if (NS_FAILED(NS_URIChainHasFlags(
2324 baseURI, nsIProtocolHandler::ORIGIN_IS_FULL_SPEC, &hasFlag)) ||
2325 hasFlag) {
2326 nsAutoCString spec;
2327 uint32_t specHash;
2328 nsresult res = baseURI->GetSpec(spec);
2329 if (NS_SUCCEEDED(res))
2330 specHash = mozilla::HashString(spec);
2331 else
2332 specHash = static_cast<uint32_t>(res);
2333 return specHash;
2334 }
2335 #endif
2336
2337 nsAutoCString host;
2338 uint32_t hostHash = 0;
2339 if (NS_SUCCEEDED(baseURI->GetAsciiHost(host))) {
2340 hostHash = mozilla::HashString(host);
2341 }
2342
2343 return mozilla::AddToHash(schemeHash, hostHash, NS_GetRealPort(baseURI));
2344 }
2345
2346 bool NS_SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI,
2347 bool aStrictFileOriginPolicy) {
2348 nsresult rv;
2349
2350 // Note that this is not an Equals() test on purpose -- for URIs that don't
2351 // support host/port, we want equality to basically be object identity, for
2352 // security purposes. Otherwise, for example, two javascript: URIs that
2353 // are otherwise unrelated could end up "same origin", which would be
2354 // unfortunate.
2355 if (aSourceURI && aSourceURI == aTargetURI) {
2356 return true;
2357 }
2358
2359 if (!aTargetURI || !aSourceURI) {
2360 return false;
2361 }
2362
2363 // If either URI is a nested URI, get the base URI
2364 nsCOMPtr<nsIURI> sourceBaseURI = NS_GetInnermostURI(aSourceURI);
2365 nsCOMPtr<nsIURI> targetBaseURI = NS_GetInnermostURI(aTargetURI);
2366
2367 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
2368 // Check if either URI has a special origin.
2369 nsCOMPtr<nsIURI> origin;
2370 nsCOMPtr<nsIURIWithSpecialOrigin> uriWithSpecialOrigin =
2371 do_QueryInterface(sourceBaseURI);
2372 if (uriWithSpecialOrigin) {
2373 rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
2374 if (NS_WARN_IF(NS_FAILED(rv))) {
2375 return false;
2376 }
2377 MOZ_ASSERT(origin);
2378 sourceBaseURI = origin;
2379 }
2380 uriWithSpecialOrigin = do_QueryInterface(targetBaseURI);
2381 if (uriWithSpecialOrigin) {
2382 rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
2383 if (NS_WARN_IF(NS_FAILED(rv))) {
2384 return false;
2385 }
2386 MOZ_ASSERT(origin);
2387 targetBaseURI = origin;
2388 }
2389 #endif
2390
2391 nsCOMPtr<nsIPrincipal> sourceBlobPrincipal;
2392 if (BlobURLProtocolHandler::GetBlobURLPrincipal(
2393 sourceBaseURI, getter_AddRefs(sourceBlobPrincipal))) {
2394 nsCOMPtr<nsIURI> sourceBlobOwnerURI;
2395 auto* basePrin = BasePrincipal::Cast(sourceBlobPrincipal);
2396 rv = basePrin->GetURI(getter_AddRefs(sourceBlobOwnerURI));
2397 if (NS_SUCCEEDED(rv)) {
2398 sourceBaseURI = sourceBlobOwnerURI;
2399 }
2400 }
2401
2402 nsCOMPtr<nsIPrincipal> targetBlobPrincipal;
2403 if (BlobURLProtocolHandler::GetBlobURLPrincipal(
2404 targetBaseURI, getter_AddRefs(targetBlobPrincipal))) {
2405 nsCOMPtr<nsIURI> targetBlobOwnerURI;
2406 auto* basePrin = BasePrincipal::Cast(targetBlobPrincipal);
2407 rv = basePrin->GetURI(getter_AddRefs(targetBlobOwnerURI));
2408 if (NS_SUCCEEDED(rv)) {
2409 targetBaseURI = targetBlobOwnerURI;
2410 }
2411 }
2412
2413 if (!sourceBaseURI || !targetBaseURI) return false;
2414
2415 // Compare schemes
2416 nsAutoCString targetScheme;
2417 bool sameScheme = false;
2418 if (NS_FAILED(targetBaseURI->GetScheme(targetScheme)) ||
2419 NS_FAILED(sourceBaseURI->SchemeIs(targetScheme.get(), &sameScheme)) ||
2420 !sameScheme) {
2421 // Not same-origin if schemes differ
2422 return false;
2423 }
2424
2425 // For file scheme, reject unless the files are identical. See
2426 // NS_RelaxStrictFileOriginPolicy for enforcing file same-origin checking
2427 if (targetScheme.EqualsLiteral("file")) {
2428 // in traditional unsafe behavior all files are the same origin
2429 if (!aStrictFileOriginPolicy) return true;
2430
2431 nsCOMPtr<nsIFileURL> sourceFileURL(do_QueryInterface(sourceBaseURI));
2432 nsCOMPtr<nsIFileURL> targetFileURL(do_QueryInterface(targetBaseURI));
2433
2434 if (!sourceFileURL || !targetFileURL) return false;
2435
2436 nsCOMPtr<nsIFile> sourceFile, targetFile;
2437
2438 sourceFileURL->GetFile(getter_AddRefs(sourceFile));
2439 targetFileURL->GetFile(getter_AddRefs(targetFile));
2440
2441 if (!sourceFile || !targetFile) return false;
2442
2443 // Otherwise they had better match
2444 bool filesAreEqual = false;
2445 rv = sourceFile->Equals(targetFile, &filesAreEqual);
2446 return NS_SUCCEEDED(rv) && filesAreEqual;
2447 }
2448
2449 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
2450 bool hasFlag;
2451 if (NS_FAILED(NS_URIChainHasFlags(
2452 targetBaseURI, nsIProtocolHandler::ORIGIN_IS_FULL_SPEC, &hasFlag)) ||
2453 hasFlag) {
2454 // URIs with this flag have the whole spec as a distinct trust
2455 // domain; use the whole spec for comparison
2456 nsAutoCString targetSpec;
2457 nsAutoCString sourceSpec;
2458 return (NS_SUCCEEDED(targetBaseURI->GetSpec(targetSpec)) &&
2459 NS_SUCCEEDED(sourceBaseURI->GetSpec(sourceSpec)) &&
2460 targetSpec.Equals(sourceSpec));
2461 }
2462 #endif
2463
2464 // Compare hosts
2465 nsAutoCString targetHost;
2466 nsAutoCString sourceHost;
2467 if (NS_FAILED(targetBaseURI->GetAsciiHost(targetHost)) ||
2468 NS_FAILED(sourceBaseURI->GetAsciiHost(sourceHost))) {
2469 return false;
2470 }
2471
2472 nsCOMPtr<nsIStandardURL> targetURL(do_QueryInterface(targetBaseURI));
2473 nsCOMPtr<nsIStandardURL> sourceURL(do_QueryInterface(sourceBaseURI));
2474 if (!targetURL || !sourceURL) {
2475 return false;
2476 }
2477
2478 if (!targetHost.Equals(sourceHost, nsCaseInsensitiveCStringComparator)) {
2479 return false;
2480 }
2481
2482 return NS_GetRealPort(targetBaseURI) == NS_GetRealPort(sourceBaseURI);
2483 }
2484
2485 bool NS_URIIsLocalFile(nsIURI* aURI) {
2486 nsCOMPtr<nsINetUtil> util = do_GetNetUtil();
2487
2488 bool isFile;
2489 return util &&
2490 NS_SUCCEEDED(util->ProtocolHasFlags(
2491 aURI, nsIProtocolHandler::URI_IS_LOCAL_FILE, &isFile)) &&
2492 isFile;
2493 }
2494
2495 bool NS_RelaxStrictFileOriginPolicy(nsIURI* aTargetURI, nsIURI* aSourceURI,
2496 bool aAllowDirectoryTarget /* = false */) {
2497 if (!NS_URIIsLocalFile(aTargetURI)) {
2498 // This is probably not what the caller intended
2499 MOZ_ASSERT_UNREACHABLE(
2500 "NS_RelaxStrictFileOriginPolicy called with non-file URI");
2501 return false;
2502 }
2503
2504 if (!NS_URIIsLocalFile(aSourceURI)) {
2505 // If the source is not also a file: uri then forget it
2506 // (don't want resource: principals in a file: doc)
2507 //
2508 // note: we're not de-nesting jar: uris here, we want to
2509 // keep archive content bottled up in its own little island
2510 return false;
2511 }
2512
2513 //
2514 // pull out the internal files
2515 //
2516 nsCOMPtr<nsIFileURL> targetFileURL(do_QueryInterface(aTargetURI));
2517 nsCOMPtr<nsIFileURL> sourceFileURL(do_QueryInterface(aSourceURI));
2518 nsCOMPtr<nsIFile> targetFile;
2519 nsCOMPtr<nsIFile> sourceFile;
2520 bool targetIsDir;
2521
2522 // Make sure targetFile is not a directory (bug 209234)
2523 // and that it exists w/out unescaping (bug 395343)
2524 if (!sourceFileURL || !targetFileURL ||
2525 NS_FAILED(targetFileURL->GetFile(getter_AddRefs(targetFile))) ||
2526 NS_FAILED(sourceFileURL->GetFile(getter_AddRefs(sourceFile))) ||
2527 !targetFile || !sourceFile || NS_FAILED(targetFile->Normalize()) ||
2528 #ifndef MOZ_WIDGET_ANDROID
2529 NS_FAILED(sourceFile->Normalize()) ||
2530 #endif
2531 (!aAllowDirectoryTarget &&
2532 (NS_FAILED(targetFile->IsDirectory(&targetIsDir)) || targetIsDir))) {
2533 return false;
2534 }
2535
2536 return false;
2537 }
2538
2539 bool NS_IsInternalSameURIRedirect(nsIChannel* aOldChannel,
2540 nsIChannel* aNewChannel, uint32_t aFlags) {
2541 if (!(aFlags & nsIChannelEventSink::REDIRECT_INTERNAL)) {
2542 return false;
2543 }
2544
2545 nsCOMPtr<nsIURI> oldURI, newURI;
2546 aOldChannel->GetURI(getter_AddRefs(oldURI));
2547 aNewChannel->GetURI(getter_AddRefs(newURI));
2548
2549 if (!oldURI || !newURI) {
2550 return false;
2551 }
2552
2553 bool res;
2554 return NS_SUCCEEDED(oldURI->Equals(newURI, &res)) && res;
2555 }
2556
2557 bool NS_IsHSTSUpgradeRedirect(nsIChannel* aOldChannel, nsIChannel* aNewChannel,
2558 uint32_t aFlags) {
2559 if (!(aFlags & nsIChannelEventSink::REDIRECT_STS_UPGRADE)) {
2560 return false;
2561 }
2562
2563 nsCOMPtr<nsIURI> oldURI, newURI;
2564 aOldChannel->GetURI(getter_AddRefs(oldURI));
2565 aNewChannel->GetURI(getter_AddRefs(newURI));
2566
2567 if (!oldURI || !newURI) {
2568 return false;
2569 }
2570
2571 if (!oldURI->SchemeIs("http")) {
2572 return false;
2573 }
2574
2575 nsCOMPtr<nsIURI> upgradedURI;
2576 nsresult rv = NS_GetSecureUpgradedURI(oldURI, getter_AddRefs(upgradedURI));
2577 if (NS_FAILED(rv)) {
2578 return false;
2579 }
2580
2581 bool res;
2582 return NS_SUCCEEDED(upgradedURI->Equals(newURI, &res)) && res;
2583 }
2584
2585 bool NS_ShouldRemoveAuthHeaderOnRedirect(nsIChannel* aOldChannel,
2586 nsIChannel* aNewChannel,
2587 uint32_t aFlags) {
2588 // we need to strip Authentication headers for external cross-origin redirects
2589 // Howerver, we should NOT strip auth headers for
2590 // - internal redirects/HSTS upgrades
2591 // - same origin redirects
2592 // Ref: https://fetch.spec.whatwg.org/#http-redirect-fetch
2593 if ((aFlags & (nsIChannelEventSink::REDIRECT_STS_UPGRADE |
2594 nsIChannelEventSink::REDIRECT_INTERNAL))) {
2595 // this is an internal redirect do not strip auth header
2596 return false;
2597 }
2598 nsCOMPtr<nsIURI> oldUri;
2599 MOZ_ALWAYS_SUCCEEDS(
2600 NS_GetFinalChannelURI(aOldChannel, getter_AddRefs(oldUri)));
2601
2602 nsCOMPtr<nsIURI> newUri;
2603 MOZ_ALWAYS_SUCCEEDS(
2604 NS_GetFinalChannelURI(aNewChannel, getter_AddRefs(newUri)));
2605
2606 nsresult rv = nsContentUtils::GetSecurityManager()->CheckSameOriginURI(
2607 newUri, oldUri, false, false);
2608
2609 return NS_FAILED(rv);
2610 }
2611
2612 nsresult NS_LinkRedirectChannels(uint64_t channelId,
2613 nsIParentChannel* parentChannel,
2614 nsIChannel** _result) {
2615 nsCOMPtr<nsIRedirectChannelRegistrar> registrar =
2616 RedirectChannelRegistrar::GetOrCreate();
2617 MOZ_ASSERT(registrar);
2618
2619 return registrar->LinkChannels(channelId, parentChannel, _result);
2620 }
2621
2622 nsILoadInfo::CrossOriginEmbedderPolicy
2623 NS_GetCrossOriginEmbedderPolicyFromHeader(
2624 const nsACString& aHeader, bool aIsOriginTrialCoepCredentiallessEnabled) {
2625 nsCOMPtr<nsISFVService> sfv = GetSFVService();
2626
2627 nsCOMPtr<nsISFVItem> item;
2628 nsresult rv = sfv->ParseItem(aHeader, getter_AddRefs(item));
2629 if (NS_FAILED(rv)) {
2630 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2631 }
2632
2633 nsCOMPtr<nsISFVBareItem> value;
2634 rv = item->GetValue(getter_AddRefs(value));
2635 if (NS_FAILED(rv)) {
2636 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2637 }
2638
2639 nsCOMPtr<nsISFVToken> token = do_QueryInterface(value);
2640 if (!token) {
2641 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2642 }
2643
2644 nsAutoCString embedderPolicy;
2645 rv = token->GetValue(embedderPolicy);
2646 if (NS_FAILED(rv)) {
2647 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2648 }
2649
2650 if (embedderPolicy.EqualsLiteral("require-corp")) {
2651 return nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP;
2652 } else if (embedderPolicy.EqualsLiteral("credentialless") &&
2653 IsCoepCredentiallessEnabled(
2654 aIsOriginTrialCoepCredentiallessEnabled)) {
2655 return nsILoadInfo::EMBEDDER_POLICY_CREDENTIALLESS;
2656 }
2657
2658 return nsILoadInfo::EMBEDDER_POLICY_NULL;
2659 }
2660
2661 /** Given the first (disposition) token from a Content-Disposition header,
2662 * tell whether it indicates the content is inline or attachment
2663 * @param aDispToken the disposition token from the content-disposition header
2664 */
2665 uint32_t NS_GetContentDispositionFromToken(const nsAString& aDispToken) {
2666 // RFC 2183, section 2.8 says that an unknown disposition
2667 // value should be treated as "attachment"
2668 // If all of these tests eval to false, then we have a content-disposition of
2669 // "attachment" or unknown
2670 if (aDispToken.IsEmpty() || aDispToken.LowerCaseEqualsLiteral("inline") ||
2671 // Broken sites just send
2672 // Content-Disposition: filename="file"
2673 // without a disposition token... screen those out.
2674 StringHead(aDispToken, 8).LowerCaseEqualsLiteral("filename")) {
2675 return nsIChannel::DISPOSITION_INLINE;
2676 }
2677
2678 return nsIChannel::DISPOSITION_ATTACHMENT;
2679 }
2680
2681 uint32_t NS_GetContentDispositionFromHeader(const nsACString& aHeader,
2682 nsIChannel* aChan /* = nullptr */) {
2683 nsresult rv;
2684 nsCOMPtr<nsIMIMEHeaderParam> mimehdrpar =
2685 do_GetService(NS_MIMEHEADERPARAM_CONTRACTID, &rv);
2686 if (NS_FAILED(rv)) return nsIChannel::DISPOSITION_ATTACHMENT;
2687
2688 nsAutoString dispToken;
2689 rv = mimehdrpar->GetParameterHTTP(aHeader, "", ""_ns, true, nullptr,
2690 dispToken);
2691
2692 if (NS_FAILED(rv)) {
2693 // special case (see bug 272541): empty disposition type handled as "inline"
2694 if (rv == NS_ERROR_FIRST_HEADER_FIELD_COMPONENT_EMPTY) {
2695 return nsIChannel::DISPOSITION_INLINE;
2696 }
2697 return nsIChannel::DISPOSITION_ATTACHMENT;
2698 }
2699
2700 return NS_GetContentDispositionFromToken(dispToken);
2701 }
2702
2703 nsresult NS_GetFilenameFromDisposition(nsAString& aFilename,
2704 const nsACString& aDisposition) {
2705 aFilename.Truncate();
2706
2707 nsresult rv;
2708 nsCOMPtr<nsIMIMEHeaderParam> mimehdrpar =
2709 do_GetService(NS_MIMEHEADERPARAM_CONTRACTID, &rv);
2710 if (NS_FAILED(rv)) return rv;
2711
2712 // Get the value of 'filename' parameter
2713 rv = mimehdrpar->GetParameterHTTP(aDisposition, "filename", ""_ns, true,
2714 nullptr, aFilename);
2715
2716 if (NS_FAILED(rv)) {
2717 aFilename.Truncate();
2718 return rv;
2719 }
2720
2721 if (aFilename.IsEmpty()) return NS_ERROR_NOT_AVAILABLE;
2722
2723 // Filename may still be percent-encoded. Fix:
2724 if (aFilename.FindChar('%') != -1) {
2725 nsCOMPtr<nsITextToSubURI> textToSubURI =
2726 do_GetService(NS_ITEXTTOSUBURI_CONTRACTID, &rv);
2727 if (NS_SUCCEEDED(rv)) {
2728 nsAutoString unescaped;
2729 textToSubURI->UnEscapeURIForUI(NS_ConvertUTF16toUTF8(aFilename),
2730 /* dontEscape = */ true, unescaped);
2731 aFilename.Assign(unescaped);
2732 }
2733 }
2734
2735 return NS_OK;
2736 }
2737
2738 void net_EnsurePSMInit() {
2739 if (XRE_IsSocketProcess()) {
2740 EnsureNSSInitializedChromeOrContent();
2741 return;
2742 }
2743
2744 MOZ_ASSERT(XRE_IsParentProcess());
2745 MOZ_ASSERT(NS_IsMainThread());
2746
2747 DebugOnly<bool> rv = EnsureNSSInitializedChromeOrContent();
2748 MOZ_ASSERT(rv);
2749 }
2750
2751 bool NS_IsAboutBlank(nsIURI* uri) {
2752 // GetSpec can be expensive for some URIs, so check the scheme first.
2753 if (!uri->SchemeIs("about")) {
2754 return false;
2755 }
2756
2757 nsAutoCString spec;
2758 if (NS_FAILED(uri->GetSpec(spec))) {
2759 return false;
2760 }
2761
2762 return spec.EqualsLiteral("about:blank");
2763 }
2764
2765 bool NS_IsAboutSrcdoc(nsIURI* uri) {
2766 // GetSpec can be expensive for some URIs, so check the scheme first.
2767 if (!uri->SchemeIs("about")) {
2768 return false;
2769 }
2770
2771 nsAutoCString spec;
2772 if (NS_FAILED(uri->GetSpec(spec))) {
2773 return false;
2774 }
2775
2776 return spec.EqualsLiteral("about:srcdoc");
2777 }
2778
2779 nsresult NS_GenerateHostPort(const nsCString& host, int32_t port,
2780 nsACString& hostLine) {
2781 if (strchr(host.get(), ':')) {
2782 // host is an IPv6 address literal and must be encapsulated in []'s
2783 hostLine.Assign('[');
2784 // scope id is not needed for Host header.
2785 int scopeIdPos = host.FindChar('%');
2786 if (scopeIdPos == -1) {
2787 hostLine.Append(host);
2788 } else if (scopeIdPos > 0) {
2789 hostLine.Append(Substring(host, 0, scopeIdPos));
2790 } else {
2791 return NS_ERROR_MALFORMED_URI;
2792 }
2793 hostLine.Append(']');
2794 } else {
2795 hostLine.Assign(host);
2796 }
2797 if (port != -1) {
2798 hostLine.Append(':');
2799 hostLine.AppendInt(port);
2800 }
2801 return NS_OK;
2802 }
2803
2804 void NS_SniffContent(const char* aSnifferType, nsIRequest* aRequest,
2805 const uint8_t* aData, uint32_t aLength,
2806 nsACString& aSniffedType) {
2807 using ContentSnifferCache = nsCategoryCache<nsIContentSniffer>;
2808 extern ContentSnifferCache* gNetSniffers;
2809 extern ContentSnifferCache* gDataSniffers;
2810 extern ContentSnifferCache* gORBSniffers;
2811 extern ContentSnifferCache* gNetAndORBSniffers;
2812 ContentSnifferCache* cache = nullptr;
2813 if (!strcmp(aSnifferType, NS_CONTENT_SNIFFER_CATEGORY)) {
2814 if (!gNetSniffers) {
2815 gNetSniffers = new ContentSnifferCache(NS_CONTENT_SNIFFER_CATEGORY);
2816 }
2817 cache = gNetSniffers;
2818 } else if (!strcmp(aSnifferType, NS_DATA_SNIFFER_CATEGORY)) {
2819 if (!gDataSniffers) {
2820 gDataSniffers = new ContentSnifferCache(NS_DATA_SNIFFER_CATEGORY);
2821 }
2822 cache = gDataSniffers;
2823 } else if (!strcmp(aSnifferType, NS_ORB_SNIFFER_CATEGORY)) {
2824 if (!gORBSniffers) {
2825 gORBSniffers = new ContentSnifferCache(NS_ORB_SNIFFER_CATEGORY);
2826 }
2827 cache = gORBSniffers;
2828 } else if (!strcmp(aSnifferType, NS_CONTENT_AND_ORB_SNIFFER_CATEGORY)) {
2829 if (!gNetAndORBSniffers) {
2830 gNetAndORBSniffers =
2831 new ContentSnifferCache(NS_CONTENT_AND_ORB_SNIFFER_CATEGORY);
2832 }
2833 cache = gNetAndORBSniffers;
2834 } else {
2835 // Invalid content sniffer type was requested
2836 MOZ_ASSERT(false);
2837 return;
2838 }
2839
2840 // In case XCTO nosniff was present, we could just skip sniffing here
2841 nsCOMPtr<nsIChannel> channel = do_QueryInterface(aRequest);
2842 if (channel) {
2843 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
2844 if (loadInfo->GetSkipContentSniffing()) {
2845 /* Bug 1571742
2846 * We cannot skip snffing if the current MIME-Type might be a JSON.
2847 * The JSON-Viewer relies on its own sniffer to determine, if it can
2848 * render the page, so we need to make an exception if the Server provides
2849 * a application/ mime, as it might be json.
2850 */
2851 nsAutoCString currentContentType;
2852 channel->GetContentType(currentContentType);
2853 if (!StringBeginsWith(currentContentType, "application/"_ns)) {
2854 return;
2855 }
2856 }
2857 }
2858 nsCOMArray<nsIContentSniffer> sniffers;
2859 cache->GetEntries(sniffers);
2860 for (int32_t i = 0; i < sniffers.Count(); ++i) {
2861 nsresult rv = sniffers[i]->GetMIMETypeFromContent(aRequest, aData, aLength,
2862 aSniffedType);
2863 if (NS_SUCCEEDED(rv) && !aSniffedType.IsEmpty()) {
2864 return;
2865 }
2866 }
2867
2868 aSniffedType.Truncate();
2869 }
2870
2871 bool NS_IsSrcdocChannel(nsIChannel* aChannel) {
2872 bool isSrcdoc;
2873 nsCOMPtr<nsIInputStreamChannel> isr = do_QueryInterface(aChannel);
2874 if (isr) {
2875 isr->GetIsSrcdocChannel(&isSrcdoc);
2876 return isSrcdoc;
2877 }
2878 nsCOMPtr<nsIViewSourceChannel> vsc = do_QueryInterface(aChannel);
2879 if (vsc) {
2880 nsresult rv = vsc->GetIsSrcdocChannel(&isSrcdoc);
2881 if (NS_SUCCEEDED(rv)) {
2882 return isSrcdoc;
2883 }
2884 }
2885 return false;
2886 }
2887
2888 // helper function for NS_ShouldSecureUpgrade for checking HSTS
2889 bool handleResultFunc(bool aAllowSTS, bool aIsStsHost) {
2890 if (aIsStsHost) {
2891 LOG(("nsHttpChannel::Connect() STS permissions found\n"));
2892 if (aAllowSTS) {
2893 Telemetry::AccumulateCategorical(
2894 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::STS);
2895 return true;
2896 }
2897 Telemetry::AccumulateCategorical(
2898 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::PrefBlockedSTS);
2899 } else {
2900 Telemetry::AccumulateCategorical(
2901 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::NoReasonToUpgrade);
2902 }
2903 return false;
2904 };
2905 // That function is a helper function of NS_ShouldSecureUpgrade to check if
2906 // CSP upgrade-insecure-requests, Mixed content auto upgrading or HTTPs-Only/-
2907 // First should upgrade the given request.
2908 static bool ShouldSecureUpgradeNoHSTS(nsIURI* aURI, nsILoadInfo* aLoadInfo) {
2909 // 2. CSP upgrade-insecure-requests
2910 if (aLoadInfo->GetUpgradeInsecureRequests()) {
2911 // let's log a message to the console that we are upgrading a request
2912 nsAutoCString scheme;
2913 aURI->GetScheme(scheme);
2914 // append the additional 's' for security to the scheme :-)
2915 scheme.AppendLiteral("s");
2916 NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault());
2917 NS_ConvertUTF8toUTF16 reportScheme(scheme);
2918 AutoTArray<nsString, 2> params = {reportSpec, reportScheme};
2919 uint64_t innerWindowId = aLoadInfo->GetInnerWindowID();
2920 CSP_LogLocalizedStr("upgradeInsecureRequest", params,
2921 u""_ns, // aSourceFile
2922 u""_ns, // aScriptSample
2923 0, // aLineNumber
2924 1, // aColumnNumber
2925 nsIScriptError::warningFlag,
2926 "upgradeInsecureRequest"_ns, innerWindowId,
2927 !!aLoadInfo->GetOriginAttributes().mPrivateBrowsingId);
2928 Telemetry::AccumulateCategorical(
2929 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::CSP);
2930 return true;
2931 }
2932 // 3. Mixed content auto upgrading
2933 if (aLoadInfo->GetBrowserUpgradeInsecureRequests()) {
2934 // let's log a message to the console that we are upgrading a request
2935 nsAutoCString scheme;
2936 aURI->GetScheme(scheme);
2937 // append the additional 's' for security to the scheme :-)
2938 scheme.AppendLiteral("s");
2939 NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault());
2940 NS_ConvertUTF8toUTF16 reportScheme(scheme);
2941 AutoTArray<nsString, 2> params = {reportSpec, reportScheme};
2942
2943 nsAutoString localizedMsg;
2944 nsContentUtils::FormatLocalizedString(nsContentUtils::eSECURITY_PROPERTIES,
2945 "MixedContentAutoUpgrade", params,
2946 localizedMsg);
2947
2948 // Prepending ixed Content to the outgoing console message
2949 nsString message;
2950 message.AppendLiteral(u"Mixed Content: ");
2951 message.Append(localizedMsg);
2952
2953 uint64_t innerWindowId = aLoadInfo->GetInnerWindowID();
2954 nsContentUtils::ReportToConsoleByWindowID(
2955 message, nsIScriptError::warningFlag, "Mixed Content Message"_ns,
2956 innerWindowId, aURI);
2957
2958 // Set this flag so we know we'll upgrade because of
2959 // 'security.mixed_content.upgrade_display_content'.
2960 aLoadInfo->SetBrowserDidUpgradeInsecureRequests(true);
2961 Telemetry::AccumulateCategorical(
2962 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::BrowserDisplay);
2963
2964 return true;
2965 }
2966
2967 // 4. Https-Only
2968 if (nsHTTPSOnlyUtils::ShouldUpgradeRequest(aURI, aLoadInfo)) {
2969 Telemetry::AccumulateCategorical(
2970 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::HTTPSOnly);
2971 return true;
2972 }
2973 // 4.a Https-First
2974 if (nsHTTPSOnlyUtils::ShouldUpgradeHttpsFirstRequest(aURI, aLoadInfo)) {
2975 Telemetry::AccumulateCategorical(
2976 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::HTTPSFirst);
2977 return true;
2978 }
2979 return false;
2980 }
2981
2982 // Check if channel should be upgraded. check in the following order:
2983 // 1. HSTS
2984 // 2. CSP upgrade-insecure-requests
2985 // 3. Mixed content auto upgrading
2986 // 4. Https-Only / first
2987 // (5. Https RR - will be checked in nsHttpChannel)
2988 nsresult NS_ShouldSecureUpgrade(
2989 nsIURI* aURI, nsILoadInfo* aLoadInfo, nsIPrincipal* aChannelResultPrincipal,
2990 bool aAllowSTS, const OriginAttributes& aOriginAttributes,
2991 bool& aShouldUpgrade, std::function<void(bool, nsresult)>&& aResultCallback,
2992 bool& aWillCallback) {
2993 MOZ_ASSERT(XRE_IsParentProcess());
2994 if (!XRE_IsParentProcess()) {
2995 return NS_ERROR_NOT_AVAILABLE;
2996 }
2997
2998 aWillCallback = false;
2999 aShouldUpgrade = false;
3000
3001 // Even if we're in private browsing mode, we still enforce existing STS
3002 // data (it is read-only).
3003 // if the connection is not using SSL and either the exact host matches or
3004 // a superdomain wants to force HTTPS, do it.
3005 bool isHttps = aURI->SchemeIs("https");
3006
3007 // If request is https, then there is nothing to do here.
3008 if (isHttps) {
3009 Telemetry::AccumulateCategorical(
3010 Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::AlreadyHTTPS);
3011 aShouldUpgrade = false;
3012 return NS_OK;
3013 }
3014 // If it is a mixed content trustworthy loopback, then we shouldn't upgrade
3015 // it.
3016 if (nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(aURI)) {
3017 aShouldUpgrade = false;
3018 return NS_OK;
3019 }
3020 // If no loadInfo exist there is nothing to upgrade here.
3021 if (!aLoadInfo) {
3022 aShouldUpgrade = false;
3023 return NS_OK;
3024 }
3025 MOZ_ASSERT(!aURI->SchemeIs("https"));
3026
3027 // enforce Strict-Transport-Security
3028 nsISiteSecurityService* sss = gHttpHandler->GetSSService();
3029 NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
3030
3031 bool isStsHost = false;
3032 // Calling |IsSecureURI| before the storage is ready to read will
3033 // block the main thread. Once the storage is ready, we can call it
3034 // from main thread.
3035 static Atomic<bool, Relaxed> storageReady(false);
3036 if (!storageReady && gSocketTransportService && aResultCallback) {
3037 nsCOMPtr<nsILoadInfo> loadInfo = aLoadInfo;
3038 nsCOMPtr<nsIURI> uri = aURI;
3039 auto callbackWrapper = [resultCallback{std::move(aResultCallback)}, uri,
3040 loadInfo](bool aShouldUpgrade, nsresult aStatus) {
3041 MOZ_ASSERT(NS_IsMainThread());
3042
3043 // 1. HSTS upgrade
3044 if (aShouldUpgrade || NS_FAILED(aStatus)) {
3045 resultCallback(aShouldUpgrade, aStatus);
3046 return;
3047 }
3048 // Check if we need to upgrade because of other reasons.
3049 // 2. CSP upgrade-insecure-requests
3050 // 3. Mixed content auto upgrading
3051 // 4. Https-Only / first
3052 bool shouldUpgrade = ShouldSecureUpgradeNoHSTS(uri, loadInfo);
3053 resultCallback(shouldUpgrade, aStatus);
3054 };
3055 nsCOMPtr<nsISiteSecurityService> service = sss;
3056 nsresult rv = gSocketTransportService->Dispatch(
3057 NS_NewRunnableFunction(
3058 "net::NS_ShouldSecureUpgrade",
3059 [service{std::move(service)}, uri{std::move(uri)},
3060 originAttributes(aOriginAttributes),
3061 handleResultFunc{std::move(handleResultFunc)},
3062 callbackWrapper{std::move(callbackWrapper)},
3063 allowSTS{std::move(aAllowSTS)}]() mutable {
3064 bool isStsHost = false;
3065 nsresult rv =
3066 service->IsSecureURI(uri, originAttributes, &isStsHost);
3067
3068 // Successfully get the result from |IsSecureURI| implies that
3069 // the storage is ready to read.
3070 storageReady = NS_SUCCEEDED(rv);
3071 bool shouldUpgrade = handleResultFunc(allowSTS, isStsHost);
3072 // Check if request should be upgraded.
3073 NS_DispatchToMainThread(NS_NewRunnableFunction(
3074 "net::NS_ShouldSecureUpgrade::ResultCallback",
3075 [rv, shouldUpgrade,
3076 callbackWrapper{std::move(callbackWrapper)}]() {
3077 callbackWrapper(shouldUpgrade, rv);
3078 }));
3079 }),
3080 NS_DISPATCH_NORMAL);
3081 aWillCallback = NS_SUCCEEDED(rv);
3082 return rv;
3083 }
3084
3085 nsresult rv = sss->IsSecureURI(aURI, aOriginAttributes, &isStsHost);
3086
3087 // if the SSS check fails, it's likely because this load is on a
3088 // malformed URI or something else in the setup is wrong, so any error
3089 // should be reported.
3090 NS_ENSURE_SUCCESS(rv, rv);
3091
3092 aShouldUpgrade = handleResultFunc(aAllowSTS, isStsHost);
3093 if (!aShouldUpgrade) {
3094 // Check for CSP upgrade-insecure-requests, Mixed content auto upgrading
3095 // and Https-Only / -First.
3096 aShouldUpgrade = ShouldSecureUpgradeNoHSTS(aURI, aLoadInfo);
3097 }
3098 return rv;
3099 }
3100
3101 nsresult NS_GetSecureUpgradedURI(nsIURI* aURI, nsIURI** aUpgradedURI) {
3102 NS_MutateURI mutator(aURI);
3103 mutator.SetScheme("https"_ns); // Change the scheme to HTTPS:
3104
3105 // Change the default port to 443:
3106 nsCOMPtr<nsIStandardURL> stdURL = do_QueryInterface(aURI);
3107 if (stdURL) {
3108 mutator.Apply(&nsIStandardURLMutator::SetDefaultPort, 443, nullptr);
3109 } else {
3110 // If we don't have a nsStandardURL, fall back to using GetPort/SetPort.
3111 // XXXdholbert Is this function even called with a non-nsStandardURL arg,
3112 // in practice?
3113 NS_WARNING("Calling NS_GetSecureUpgradedURI for non nsStandardURL");
3114 int32_t oldPort = -1;
3115 nsresult rv = aURI->GetPort(&oldPort);
3116 if (NS_FAILED(rv)) return rv;
3117
3118 // Keep any nonstandard ports so only the scheme is changed.
3119 // For example:
3120 // http://foo.com:80 -> https://foo.com:443
3121 // http://foo.com:81 -> https://foo.com:81
3122
3123 if (oldPort == 80 || oldPort == -1) {
3124 mutator.SetPort(-1);
3125 } else {
3126 mutator.SetPort(oldPort);
3127 }
3128 }
3129
3130 return mutator.Finalize(aUpgradedURI);
3131 }
3132
3133 nsresult NS_CompareLoadInfoAndLoadContext(nsIChannel* aChannel) {
3134 nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
3135
3136 nsCOMPtr<nsILoadContext> loadContext;
3137 NS_QueryNotificationCallbacks(aChannel, loadContext);
3138 if (!loadContext) {
3139 return NS_OK;
3140 }
3141
3142 // We try to skip about:newtab.
3143 // about:newtab will use SystemPrincipal to download thumbnails through
3144 // https:// and blob URLs.
3145 bool isAboutPage = false;
3146 nsINode* node = loadInfo->LoadingNode();
3147 if (node) {
3148 nsIURI* uri = node->OwnerDoc()->GetDocumentURI();
3149 isAboutPage = uri->SchemeIs("about");
3150 }
3151
3152 if (isAboutPage) {
3153 return NS_OK;
3154 }
3155
3156 // We skip the favicon loading here. The favicon loading might be
3157 // triggered by the XUL image. For that case, the loadContext will have
3158 // default originAttributes since the XUL image uses SystemPrincipal, but
3159 // the loadInfo will use originAttributes from the content. Thus, the
3160 // originAttributes between loadInfo and loadContext will be different.
3161 // That's why we have to skip the comparison for the favicon loading.
3162 if (loadInfo->GetLoadingPrincipal() &&
3163 loadInfo->GetLoadingPrincipal()->IsSystemPrincipal() &&
3164 loadInfo->InternalContentPolicyType() ==
3165 nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON) {
3166 return NS_OK;
3167 }
3168
3169 OriginAttributes originAttrsLoadInfo = loadInfo->GetOriginAttributes();
3170 OriginAttributes originAttrsLoadContext;
3171 loadContext->GetOriginAttributes(originAttrsLoadContext);
3172
3173 LOG(
3174 ("NS_CompareLoadInfoAndLoadContext - loadInfo: %d, %d; "
3175 "loadContext: %d, %d. [channel=%p]",
3176 originAttrsLoadInfo.mUserContextId,
3177 originAttrsLoadInfo.mPrivateBrowsingId,
3178 originAttrsLoadContext.mUserContextId,
3179 originAttrsLoadContext.mPrivateBrowsingId, aChannel));
3180
3181 MOZ_ASSERT(originAttrsLoadInfo.mUserContextId ==
3182 originAttrsLoadContext.mUserContextId,
3183 "The value of mUserContextId in the loadContext and in the "
3184 "loadInfo are not the same!");
3185
3186 MOZ_ASSERT(originAttrsLoadInfo.mPrivateBrowsingId ==
3187 originAttrsLoadContext.mPrivateBrowsingId,
3188 "The value of mPrivateBrowsingId in the loadContext and in the "
3189 "loadInfo are not the same!");
3190
3191 return NS_OK;
3192 }
3193
3194 nsresult NS_SetRequestBlockingReason(nsIChannel* channel, uint32_t reason) {
3195 NS_ENSURE_ARG(channel);
3196
3197 nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
3198 return NS_SetRequestBlockingReason(loadInfo, reason);
3199 }
3200
3201 nsresult NS_SetRequestBlockingReason(nsILoadInfo* loadInfo, uint32_t reason) {
3202 NS_ENSURE_ARG(loadInfo);
3203
3204 return loadInfo->SetRequestBlockingReason(reason);
3205 }
3206
3207 nsresult NS_SetRequestBlockingReasonIfNull(nsILoadInfo* loadInfo,
3208 uint32_t reason) {
3209 NS_ENSURE_ARG(loadInfo);
3210
3211 uint32_t existingReason;
3212 if (NS_SUCCEEDED(loadInfo->GetRequestBlockingReason(&existingReason)) &&
3213 existingReason != nsILoadInfo::BLOCKING_REASON_NONE) {
3214 return NS_OK;
3215 }
3216
3217 return loadInfo->SetRequestBlockingReason(reason);
3218 }
3219
3220 bool NS_IsOffline() {
3221 bool offline = true;
3222 bool connectivity = true;
3223 nsCOMPtr<nsIIOService> ios = do_GetIOService();
3224 if (ios) {
3225 ios->GetOffline(&offline);
3226 ios->GetConnectivity(&connectivity);
3227 }
3228 return offline || !connectivity;
3229 }
3230
3231 /**
3232 * This function returns true if this channel should be classified by
3233 * the URL Classifier, false otherwise.
3234 *
3235 * The idea of the algorithm to determine if a channel should be
3236 * classified is based on:
3237 * 1. Channels created by non-privileged code should be classified.
3238 * 2. Top-level document’s channels, if loaded by privileged code
3239 * (system principal), should be classified.
3240 * 3. Any other channel, created by privileged code, is considered safe.
3241 *
3242 * A bad/hacked/corrupted safebrowsing database, plus a mistakenly
3243 * classified critical channel (this may result from a bug in the exemption
3244 * rules or incorrect information being passed into) can cause serious
3245 * problems. For example, if the updater channel is classified and blocked
3246 * by the Safe Browsing, Firefox can't update itself, and there is no way to
3247 * recover from that.
3248 *
3249 * So two safeguards are added to ensure critical channels are never
3250 * automatically classified either because there is a bug in the algorithm
3251 * or the data in loadinfo is wrong.
3252 * 1. beConservative, this is set by ServiceRequest and we treat
3253 * channel created for ServiceRequest as critical channels.
3254 * 2. nsIChannel::LOAD_BYPASS_URL_CLASSIFIER, channel's opener can use this
3255 * flag to enforce bypassing the URL classifier check.
3256 */
3257 bool NS_ShouldClassifyChannel(nsIChannel* aChannel) {
3258 nsLoadFlags loadFlags;
3259 Unused << aChannel->GetLoadFlags(&loadFlags);
3260 // If our load flags dictate that we must let this channel through without
3261 // URL classification, obey that here without performing more checks.
3262 if (loadFlags & nsIChannel::LOAD_BYPASS_URL_CLASSIFIER) {
3263 return false;
3264 }
3265
3266 nsCOMPtr<nsIHttpChannelInternal> httpChannel(do_QueryInterface(aChannel));
3267 if (httpChannel) {
3268 bool beConservative;
3269 nsresult rv = httpChannel->GetBeConservative(&beConservative);
3270
3271 // beConservative flag, set by ServiceRequest to ensure channels that
3272 // fetch update use conservative TLS setting, are used here to identify
3273 // channels are critical to bypass classification. for channels don't
3274 // support beConservative, continue to apply the exemption rules.
3275 if (NS_SUCCEEDED(rv) && beConservative) {
3276 return false;
3277 }
3278 }
3279
3280 nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
3281 ExtContentPolicyType type = loadInfo->GetExternalContentPolicyType();
3282 // Skip classifying channel triggered by system unless it is a top-level
3283 // load.
3284 return !(loadInfo->TriggeringPrincipal()->IsSystemPrincipal() &&
3285 ExtContentPolicy::TYPE_DOCUMENT != type);
3286 }
3287
3288 namespace mozilla {
3289 namespace net {
3290
3291 bool InScriptableRange(int64_t val) {
3292 return (val <= kJS_MAX_SAFE_INTEGER) && (val >= kJS_MIN_SAFE_INTEGER);
3293 }
3294
3295 bool InScriptableRange(uint64_t val) { return val <= kJS_MAX_SAFE_UINTEGER; }
3296
3297 nsresult GetParameterHTTP(const nsACString& aHeaderVal, const char* aParamName,
3298 nsAString& aResult) {
3299 return nsMIMEHeaderParamImpl::GetParameterHTTP(aHeaderVal, aParamName,
3300 aResult);
3301 }
3302
3303 bool ChannelIsPost(nsIChannel* aChannel) {
3304 if (nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel)) {
3305 nsAutoCString method;
3306 Unused << httpChannel->GetRequestMethod(method);
3307 return method.EqualsLiteral("POST");
3308 }
3309 return false;
3310 }
3311
3312 bool SchemeIsHTTP(nsIURI* aURI) {
3313 MOZ_ASSERT(aURI);
3314 return aURI->SchemeIs("http");
3315 }
3316
3317 bool SchemeIsHTTPS(nsIURI* aURI) {
3318 MOZ_ASSERT(aURI);
3319 return aURI->SchemeIs("https");
3320 }
3321
3322 bool SchemeIsJavascript(nsIURI* aURI) {
3323 MOZ_ASSERT(aURI);
3324 return aURI->SchemeIs("javascript");
3325 }
3326
3327 bool SchemeIsChrome(nsIURI* aURI) {
3328 MOZ_ASSERT(aURI);
3329 return aURI->SchemeIs("chrome");
3330 }
3331
3332 bool SchemeIsAbout(nsIURI* aURI) {
3333 MOZ_ASSERT(aURI);
3334 return aURI->SchemeIs("about");
3335 }
3336
3337 bool SchemeIsBlob(nsIURI* aURI) {
3338 MOZ_ASSERT(aURI);
3339 return aURI->SchemeIs("blob");
3340 }
3341
3342 bool SchemeIsFile(nsIURI* aURI) {
3343 MOZ_ASSERT(aURI);
3344 return aURI->SchemeIs("file");
3345 }
3346
3347 bool SchemeIsData(nsIURI* aURI) {
3348 MOZ_ASSERT(aURI);
3349 return aURI->SchemeIs("data");
3350 }
3351
3352 bool SchemeIsViewSource(nsIURI* aURI) {
3353 MOZ_ASSERT(aURI);
3354 return aURI->SchemeIs("view-source");
3355 }
3356
3357 bool SchemeIsResource(nsIURI* aURI) {
3358 MOZ_ASSERT(aURI);
3359 return aURI->SchemeIs("resource");
3360 }
3361
3362 bool SchemeIsFTP(nsIURI* aURI) {
3363 MOZ_ASSERT(aURI);
3364 return aURI->SchemeIs("ftp");
3365 }
3366
3367 bool SchemeIsSpecial(const nsACString& aScheme) {
3368 // See https://url.spec.whatwg.org/#special-scheme
3369 return aScheme.EqualsIgnoreCase("ftp") || aScheme.EqualsIgnoreCase("file") ||
3370 aScheme.EqualsIgnoreCase("http") ||
3371 aScheme.EqualsIgnoreCase("https") || aScheme.EqualsIgnoreCase("ws") ||
3372 aScheme.EqualsIgnoreCase("wss");
3373 }
3374
3375 bool IsSchemeChangePermitted(nsIURI* aOldURI, const nsACString& newScheme) {
3376 // See step 2.1 in https://url.spec.whatwg.org/#special-scheme
3377 // Note: The spec text uses "buffer" instead of newScheme, and "url"
3378 MOZ_ASSERT(aOldURI);
3379
3380 nsAutoCString tmp;
3381 nsresult rv = aOldURI->GetScheme(tmp);
3382 // If url's scheme is a special scheme and buffer is not a
3383 // special scheme, then return.
3384 // If url's scheme is not a special scheme and buffer is a
3385 // special scheme, then return.
3386 if (NS_FAILED(rv) || SchemeIsSpecial(tmp) != SchemeIsSpecial(newScheme)) {
3387 return false;
3388 }
3389
3390 // If url's scheme is "file" and its host is an empty host, then return.
3391 if (aOldURI->SchemeIs("file")) {
3392 rv = aOldURI->GetHost(tmp);
3393 if (NS_FAILED(rv) || tmp.IsEmpty()) {
3394 return false;
3395 }
3396 }
3397
3398 // URL Spec: If url includes credentials or has a non-null port, and
3399 // buffer is "file", then return.
3400 if (newScheme.EqualsIgnoreCase("file")) {
3401 bool hasUserPass;
3402 if (NS_FAILED(aOldURI->GetHasUserPass(&hasUserPass)) || hasUserPass) {
3403 return false;
3404 }
3405 int32_t port;
3406 rv = aOldURI->GetPort(&port);
3407 if (NS_FAILED(rv) || port != -1) {
3408 return false;
3409 }
3410 }
3411
3412 return true;
3413 }
3414
3415 already_AddRefed<nsIURI> TryChangeProtocol(nsIURI* aURI,
3416 const nsAString& aProtocol) {
3417 MOZ_ASSERT(aURI);
3418
3419 nsAString::const_iterator start;
3420 aProtocol.BeginReading(start);
3421
3422 nsAString::const_iterator end;
3423 aProtocol.EndReading(end);
3424
3425 nsAString::const_iterator iter(start);
3426 FindCharInReadable(':', iter, end);
3427
3428 // Changing the protocol of a URL, changes the "nature" of the URI
3429 // implementation. In order to do this properly, we have to serialize the
3430 // existing URL and reparse it in a new object.
3431 nsCOMPtr<nsIURI> clone;
3432 nsresult rv = NS_MutateURI(aURI)
3433 .SetScheme(NS_ConvertUTF16toUTF8(Substring(start, iter)))
3434 .Finalize(clone);
3435 if (NS_WARN_IF(NS_FAILED(rv))) {
3436 return nullptr;
3437 }
3438
3439 if (StaticPrefs::network_url_strict_protocol_setter()) {
3440 nsAutoCString newScheme;
3441 rv = clone->GetScheme(newScheme);
3442 if (NS_FAILED(rv) || !net::IsSchemeChangePermitted(aURI, newScheme)) {
3443 nsAutoCString url;
3444 Unused << clone->GetSpec(url);
3445 AutoTArray<nsString, 2> params;
3446 params.AppendElement(NS_ConvertUTF8toUTF16(url));
3447 params.AppendElement(NS_ConvertUTF8toUTF16(newScheme));
3448 nsContentUtils::ReportToConsole(
3449 nsIScriptError::warningFlag, "Strict Url Protocol Setter"_ns, nullptr,
3450 nsContentUtils::eNECKO_PROPERTIES, "StrictUrlProtocolSetter", params);
3451 return nullptr;
3452 }
3453 }
3454
3455 nsAutoCString href;
3456 rv = clone->GetSpec(href);
3457 if (NS_WARN_IF(NS_FAILED(rv))) {
3458 return nullptr;
3459 }
3460
3461 RefPtr<nsIURI> uri;
3462 rv = NS_NewURI(getter_AddRefs(uri), href);
3463 if (NS_WARN_IF(NS_FAILED(rv))) {
3464 return nullptr;
3465 }
3466 return uri.forget();
3467 }
3468
3469 // Decode a parameter value using the encoding defined in RFC 5987 (in place)
3470 //
3471 // charset "'" [ language ] "'" value-chars
3472 //
3473 // returns true when decoding happened successfully (otherwise leaves
3474 // passed value alone)
3475 static bool Decode5987Format(nsAString& aEncoded) {
3476 nsresult rv;
3477 nsCOMPtr<nsIMIMEHeaderParam> mimehdrpar =
3478 do_GetService(NS_MIMEHEADERPARAM_CONTRACTID, &rv);
3479 if (NS_FAILED(rv)) return false;
3480
3481 nsAutoCString asciiValue;
3482
3483 const char16_t* encstart = aEncoded.BeginReading();
3484 const char16_t* encend = aEncoded.EndReading();
3485
3486 // create a plain ASCII string, aborting if we can't do that
3487 // converted form is always shorter than input
3488 while (encstart != encend) {
3489 if (*encstart > 0 && *encstart < 128) {
3490 asciiValue.Append((char)*encstart);
3491 } else {
3492 return false;
3493 }
3494 encstart++;
3495 }
3496
3497 nsAutoString decoded;
3498 nsAutoCString language;
3499
3500 rv = mimehdrpar->DecodeRFC5987Param(asciiValue, language, decoded);
3501 if (NS_FAILED(rv)) return false;
3502
3503 aEncoded = decoded;
3504 return true;
3505 }
3506
3507 LinkHeader::LinkHeader() { mCrossOrigin.SetIsVoid(true); }
3508
3509 void LinkHeader::Reset() {
3510 mHref.Truncate();
3511 mRel.Truncate();
3512 mTitle.Truncate();
3513 mNonce.Truncate();
3514 mIntegrity.Truncate();
3515 mSrcset.Truncate();
3516 mSizes.Truncate();
3517 mType.Truncate();
3518 mMedia.Truncate();
3519 mAnchor.Truncate();
3520 mCrossOrigin.Truncate();
3521 mReferrerPolicy.Truncate();
3522 mAs.Truncate();
3523 mCrossOrigin.SetIsVoid(true);
3524 mFetchPriority.Truncate();
3525 }
3526
3527 nsresult LinkHeader::NewResolveHref(nsIURI** aOutURI, nsIURI* aBaseURI) const {
3528 if (mAnchor.IsEmpty()) {
3529 // use the base uri
3530 return NS_NewURI(aOutURI, mHref, nullptr, aBaseURI);
3531 }
3532
3533 // compute the anchored URI
3534 nsCOMPtr<nsIURI> anchoredURI;
3535 nsresult rv =
3536 NS_NewURI(getter_AddRefs(anchoredURI), mAnchor, nullptr, aBaseURI);
3537 NS_ENSURE_SUCCESS(rv, rv);
3538
3539 return NS_NewURI(aOutURI, mHref, nullptr, anchoredURI);
3540 }
3541
3542 bool LinkHeader::operator==(const LinkHeader& rhs) const {
3543 return mHref == rhs.mHref && mRel == rhs.mRel && mTitle == rhs.mTitle &&
3544 mNonce == rhs.mNonce && mIntegrity == rhs.mIntegrity &&
3545 mSrcset == rhs.mSrcset && mSizes == rhs.mSizes && mType == rhs.mType &&
3546 mMedia == rhs.mMedia && mAnchor == rhs.mAnchor &&
3547 mCrossOrigin == rhs.mCrossOrigin &&
3548 mReferrerPolicy == rhs.mReferrerPolicy && mAs == rhs.mAs &&
3549 mFetchPriority == rhs.mFetchPriority;
3550 }
3551
3552 constexpr auto kTitleStar = "title*"_ns;
3553
3554 nsTArray<LinkHeader> ParseLinkHeader(const nsAString& aLinkData) {
3555 nsTArray<LinkHeader> linkHeaders;
3556
3557 // keep track where we are within the header field
3558 bool seenParameters = false;
3559
3560 // parse link content and add to array
3561 LinkHeader header;
3562 nsAutoString titleStar;
3563
3564 // copy to work buffer
3565 nsAutoString stringList(aLinkData);
3566
3567 // put an extra null at the end
3568 stringList.Append(kNullCh);
3569
3570 char16_t* start = stringList.BeginWriting();
3571
3572 while (*start != kNullCh) {
3573 // parse link content and call process style link
3574
3575 // skip leading space
3576 while ((*start != kNullCh) && nsCRT::IsAsciiSpace(*start)) {
3577 ++start;
3578 }
3579
3580 char16_t* end = start;
3581 char16_t* last = end - 1;
3582
3583 bool wasQuotedString = false;
3584
3585 // look for semicolon or comma
3586 while (*end != kNullCh && *end != kSemicolon && *end != kComma) {
3587 char16_t ch = *end;
3588
3589 if (ch == kQuote || ch == kLessThan) {
3590 // quoted string
3591
3592 char16_t quote = ch;
3593 if (quote == kLessThan) {
3594 quote = kGreaterThan;
3595 }
3596
3597 wasQuotedString = (ch == kQuote);
3598
3599 char16_t* closeQuote = (end + 1);
3600
3601 // seek closing quote
3602 while (*closeQuote != kNullCh && quote != *closeQuote) {
3603 // in quoted-string, "\" is an escape character
3604 if (wasQuotedString && *closeQuote == kBackSlash &&
3605 *(closeQuote + 1) != kNullCh) {
3606 ++closeQuote;
3607 }
3608
3609 ++closeQuote;
3610 }
3611
3612 if (quote == *closeQuote) {
3613 // found closer
3614
3615 // skip to close quote
3616 end = closeQuote;
3617
3618 last = end - 1;
3619
3620 ch = *(end + 1);
3621
3622 if (ch != kNullCh && ch != kSemicolon && ch != kComma) {
3623 // end string here
3624 *(++end) = kNullCh;
3625
3626 ch = *(end + 1);
3627
3628 // keep going until semi or comma
3629 while (ch != kNullCh && ch != kSemicolon && ch != kComma) {
3630 ++end;
3631
3632 ch = *(end + 1);
3633 }
3634 }
3635 }
3636 }
3637
3638 ++end;
3639 ++last;
3640 }
3641
3642 char16_t endCh = *end;
3643
3644 // end string here
3645 *end = kNullCh;
3646
3647 if (start < end) {
3648 if ((*start == kLessThan) && (*last == kGreaterThan)) {
3649 *last = kNullCh;
3650
3651 // first instance of <...> wins
3652 // also, do not allow hrefs after the first param was seen
3653 if (header.mHref.IsEmpty() && !seenParameters) {
3654 header.mHref = (start + 1);
3655 header.mHref.StripWhitespace();
3656 }
3657 } else {
3658 char16_t* equals = start;
3659 seenParameters = true;
3660
3661 while ((*equals != kNullCh) && (*equals != kEqual)) {
3662 equals++;
3663 }
3664
3665 const bool hadEquals = *equals != kNullCh;
3666 *equals = kNullCh;
3667 nsAutoString attr(start);
3668 attr.StripWhitespace();
3669
3670 char16_t* value = hadEquals ? ++equals : equals;
3671 while (nsCRT::IsAsciiSpace(*value)) {
3672 value++;
3673 }
3674
3675 if ((*value == kQuote) && (*value == *last)) {
3676 *last = kNullCh;
3677 value++;
3678 }
3679
3680 if (wasQuotedString) {
3681 // unescape in-place
3682 char16_t* unescaped = value;
3683 char16_t* src = value;
3684
3685 while (*src != kNullCh) {
3686 if (*src == kBackSlash && *(src + 1) != kNullCh) {
3687 src++;
3688 }
3689 *unescaped++ = *src++;
3690 }
3691
3692 *unescaped = kNullCh;
3693 }
3694
3695 if (attr.LowerCaseEqualsASCII(kTitleStar.get())) {
3696 if (titleStar.IsEmpty() && !wasQuotedString) {
3697 // RFC 5987 encoding; uses token format only, so skip if we get
3698 // here with a quoted-string
3699 nsAutoString tmp;
3700 tmp = value;
3701 if (Decode5987Format(tmp)) {
3702 titleStar = tmp;
3703 titleStar.CompressWhitespace();
3704 } else {
3705 // header value did not parse, throw it away
3706 titleStar.Truncate();
3707 }
3708 }
3709 } else {
3710 header.MaybeUpdateAttribute(attr, value);
3711 }
3712 }
3713 }
3714
3715 if (endCh == kComma) {
3716 // hit a comma, process what we've got so far
3717
3718 header.mHref.Trim(" \t\n\r\f"); // trim HTML5 whitespace
3719 if (!header.mHref.IsEmpty() && !header.mRel.IsEmpty()) {
3720 if (!titleStar.IsEmpty()) {
3721 // prefer RFC 5987 variant over non-I18zed version
3722 header.mTitle = titleStar;
3723 }
3724 linkHeaders.AppendElement(header);
3725 }
3726
3727 titleStar.Truncate();
3728 header.Reset();
3729
3730 seenParameters = false;
3731 }
3732
3733 start = ++end;
3734 }
3735
3736 header.mHref.Trim(" \t\n\r\f"); // trim HTML5 whitespace
3737 if (!header.mHref.IsEmpty() && !header.mRel.IsEmpty()) {
3738 if (!titleStar.IsEmpty()) {
3739 // prefer RFC 5987 variant over non-I18zed version
3740 header.mTitle = titleStar;
3741 }
3742 linkHeaders.AppendElement(header);
3743 }
3744
3745 return linkHeaders;
3746 }
3747
3748 void LinkHeader::MaybeUpdateAttribute(const nsAString& aAttribute,
3749 const char16_t* aValue) {
3750 MOZ_ASSERT(!aAttribute.LowerCaseEqualsASCII(kTitleStar.get()));
3751
3752 if (aAttribute.LowerCaseEqualsLiteral("rel")) {
3753 if (mRel.IsEmpty()) {
3754 mRel = aValue;
3755 mRel.CompressWhitespace();
3756 }
3757 } else if (aAttribute.LowerCaseEqualsLiteral("title")) {
3758 if (mTitle.IsEmpty()) {
3759 mTitle = aValue;
3760 mTitle.CompressWhitespace();
3761 }
3762 } else if (aAttribute.LowerCaseEqualsLiteral("type")) {
3763 if (mType.IsEmpty()) {
3764 mType = aValue;
3765 mType.StripWhitespace();
3766 }
3767 } else if (aAttribute.LowerCaseEqualsLiteral("media")) {
3768 if (mMedia.IsEmpty()) {
3769 mMedia = aValue;
3770
3771 // The HTML5 spec is formulated in terms of the CSS3 spec,
3772 // which specifies that media queries are case insensitive.
3773 nsContentUtils::ASCIIToLower(mMedia);
3774 }
3775 } else if (aAttribute.LowerCaseEqualsLiteral("anchor")) {
3776 if (mAnchor.IsEmpty()) {
3777 mAnchor = aValue;
3778 mAnchor.StripWhitespace();
3779 }
3780 } else if (aAttribute.LowerCaseEqualsLiteral("crossorigin")) {
3781 if (mCrossOrigin.IsVoid()) {
3782 mCrossOrigin.SetIsVoid(false);
3783 mCrossOrigin = aValue;
3784 mCrossOrigin.StripWhitespace();
3785 }
3786 } else if (aAttribute.LowerCaseEqualsLiteral("as")) {
3787 if (mAs.IsEmpty()) {
3788 mAs = aValue;
3789 mAs.CompressWhitespace();
3790 }
3791 } else if (aAttribute.LowerCaseEqualsLiteral("referrerpolicy")) {
3792 // https://html.spec.whatwg.org/multipage/urls-and-fetching.html#referrer-policy-attribute
3793 // Specs says referrer policy attribute is an enumerated attribute,
3794 // case insensitive and includes the empty string
3795 // We will parse the aValue with AttributeReferrerPolicyFromString
3796 // later, which will handle parsing it as an enumerated attribute.
3797 if (mReferrerPolicy.IsEmpty()) {
3798 mReferrerPolicy = aValue;
3799 }
3800
3801 } else if (aAttribute.LowerCaseEqualsLiteral("nonce")) {
3802 if (mNonce.IsEmpty()) {
3803 mNonce = aValue;
3804 }
3805 } else if (aAttribute.LowerCaseEqualsLiteral("integrity")) {
3806 if (mIntegrity.IsEmpty()) {
3807 mIntegrity = aValue;
3808 }
3809 } else if (aAttribute.LowerCaseEqualsLiteral("imagesrcset")) {
3810 if (mSrcset.IsEmpty()) {
3811 mSrcset = aValue;
3812 }
3813 } else if (aAttribute.LowerCaseEqualsLiteral("imagesizes")) {
3814 if (mSizes.IsEmpty()) {
3815 mSizes = aValue;
3816 }
3817 } else if (aAttribute.LowerCaseEqualsLiteral("fetchpriority")) {
3818 if (mFetchPriority.IsEmpty()) {
3819 LOG(("Update fetchPriority to \"%s\"",
3820 NS_ConvertUTF16toUTF8(aValue).get()));
3821 mFetchPriority = aValue;
3822 }
3823 }
3824 }
3825
3826 // We will use official mime-types from:
3827 // https://www.iana.org/assignments/media-types/media-types.xhtml#font
3828 // We do not support old deprecated mime-types for preload feature.
3829 // (We currectly do not support font/collection)
3830 static uint32_t StyleLinkElementFontMimeTypesNum = 5;
3831 static const char* StyleLinkElementFontMimeTypes[] = {
3832 "font/otf", "font/sfnt", "font/ttf", "font/woff", "font/woff2"};
3833
3834 bool IsFontMimeType(const nsAString& aType) {
3835 if (aType.IsEmpty()) {
3836 return true;
3837 }
3838 for (uint32_t i = 0; i < StyleLinkElementFontMimeTypesNum; i++) {
3839 if (aType.EqualsASCII(StyleLinkElementFontMimeTypes[i])) {
3840 return true;
3841 }
3842 }
3843 return false;
3844 }
3845
3846 static const nsAttrValue::EnumTable kAsAttributeTable[] = {
3847 {"", DESTINATION_INVALID}, {"audio", DESTINATION_AUDIO},
3848 {"font", DESTINATION_FONT}, {"image", DESTINATION_IMAGE},
3849 {"script", DESTINATION_SCRIPT}, {"style", DESTINATION_STYLE},
3850 {"track", DESTINATION_TRACK}, {"video", DESTINATION_VIDEO},
3851 {"fetch", DESTINATION_FETCH}, {nullptr, 0}};
3852
3853 void ParseAsValue(const nsAString& aValue, nsAttrValue& aResult) {
3854 DebugOnly<bool> success =
3855 aResult.ParseEnumValue(aValue, kAsAttributeTable, false,
3856 // default value is a empty string
3857 // if aValue is not a value we
3858 // understand
3859 &kAsAttributeTable[0]);
3860 MOZ_ASSERT(success);
3861 }
3862
3863 nsContentPolicyType AsValueToContentPolicy(const nsAttrValue& aValue) {
3864 switch (aValue.GetEnumValue()) {
3865 case DESTINATION_INVALID:
3866 return nsIContentPolicy::TYPE_INVALID;
3867 case DESTINATION_AUDIO:
3868 return nsIContentPolicy::TYPE_INTERNAL_AUDIO;
3869 case DESTINATION_TRACK:
3870 return nsIContentPolicy::TYPE_INTERNAL_TRACK;
3871 case DESTINATION_VIDEO:
3872 return nsIContentPolicy::TYPE_INTERNAL_VIDEO;
3873 case DESTINATION_FONT:
3874 return nsIContentPolicy::TYPE_FONT;
3875 case DESTINATION_IMAGE:
3876 return nsIContentPolicy::TYPE_IMAGE;
3877 case DESTINATION_SCRIPT:
3878 return nsIContentPolicy::TYPE_SCRIPT;
3879 case DESTINATION_STYLE:
3880 return nsIContentPolicy::TYPE_STYLESHEET;
3881 case DESTINATION_FETCH:
3882 return nsIContentPolicy::TYPE_INTERNAL_FETCH_PRELOAD;
3883 }
3884 return nsIContentPolicy::TYPE_INVALID;
3885 }
3886
3887 // TODO: implement this using nsAttrValue's destination enums when support for
3888 // the new destinations is added; see this diff for a possible start:
3889 // https://phabricator.services.mozilla.com/D172368?vs=705114&id=708720
3890 bool IsScriptLikeOrInvalid(const nsAString& aAs) {
3891 return !(
3892 aAs.LowerCaseEqualsASCII("fetch") || aAs.LowerCaseEqualsASCII("audio") ||
3893 aAs.LowerCaseEqualsASCII("document") ||
3894 aAs.LowerCaseEqualsASCII("embed") || aAs.LowerCaseEqualsASCII("font") ||
3895 aAs.LowerCaseEqualsASCII("frame") || aAs.LowerCaseEqualsASCII("iframe") ||
3896 aAs.LowerCaseEqualsASCII("image") ||
3897 aAs.LowerCaseEqualsASCII("manifest") ||
3898 aAs.LowerCaseEqualsASCII("object") ||
3899 aAs.LowerCaseEqualsASCII("report") || aAs.LowerCaseEqualsASCII("style") ||
3900 aAs.LowerCaseEqualsASCII("track") || aAs.LowerCaseEqualsASCII("video") ||
3901 aAs.LowerCaseEqualsASCII("webidentity") ||
3902 aAs.LowerCaseEqualsASCII("xslt"));
3903 }
3904
3905 bool CheckPreloadAttrs(const nsAttrValue& aAs, const nsAString& aType,
3906 const nsAString& aMedia,
3907 mozilla::dom::Document* aDocument) {
3908 nsContentPolicyType policyType = AsValueToContentPolicy(aAs);
3909 if (policyType == nsIContentPolicy::TYPE_INVALID) {
3910 return false;
3911 }
3912
3913 // Check if media attribute is valid.
3914 if (!aMedia.IsEmpty()) {
3915 RefPtr<mozilla::dom::MediaList> mediaList =
3916 mozilla::dom::MediaList::Create(NS_ConvertUTF16toUTF8(aMedia));
3917 if (!mediaList->Matches(*aDocument)) {
3918 return false;
3919 }
3920 }
3921
3922 if (aType.IsEmpty()) {
3923 return true;
3924 }
3925
3926 if (policyType == nsIContentPolicy::TYPE_INTERNAL_FETCH_PRELOAD) {
3927 return true;
3928 }
3929
3930 nsAutoString type(aType);
3931 ToLowerCase(type);
3932 if (policyType == nsIContentPolicy::TYPE_MEDIA) {
3933 if (aAs.GetEnumValue() == DESTINATION_TRACK) {
3934 return type.EqualsASCII("text/vtt");
3935 }
3936 Maybe<MediaContainerType> mimeType = MakeMediaContainerType(aType);
3937 if (!mimeType) {
3938 return false;
3939 }
3940 DecoderDoctorDiagnostics diagnostics;
3941 CanPlayStatus status =
3942 DecoderTraits::CanHandleContainerType(*mimeType, &diagnostics);
3943 // Preload if this return CANPLAY_YES and CANPLAY_MAYBE.
3944 return status != CANPLAY_NO;
3945 }
3946 if (policyType == nsIContentPolicy::TYPE_FONT) {
3947 return IsFontMimeType(type);
3948 }
3949 if (policyType == nsIContentPolicy::TYPE_IMAGE) {
3950 return imgLoader::SupportImageWithMimeType(
3951 NS_ConvertUTF16toUTF8(type), AcceptedMimeTypes::IMAGES_AND_DOCUMENTS);
3952 }
3953 if (policyType == nsIContentPolicy::TYPE_SCRIPT) {
3954 return nsContentUtils::IsJavascriptMIMEType(type);
3955 }
3956 if (policyType == nsIContentPolicy::TYPE_STYLESHEET) {
3957 return type.EqualsASCII("text/css");
3958 }
3959 return false;
3960 }
3961
3962 void WarnIgnoredPreload(const mozilla::dom::Document& aDoc, nsIURI& aURI) {
3963 AutoTArray<nsString, 1> params;
3964 {
3965 nsCString uri = nsContentUtils::TruncatedURLForDisplay(&aURI);
3966 AppendUTF8toUTF16(uri, *params.AppendElement());
3967 }
3968 nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, "DOM"_ns, &aDoc,
3969 nsContentUtils::eDOM_PROPERTIES,
3970 "PreloadIgnoredInvalidAttr", params);
3971 }
3972
3973 nsresult HasRootDomain(const nsACString& aInput, const nsACString& aHost,
3974 bool* aResult) {
3975 if (NS_WARN_IF(!aResult)) {
3976 return NS_ERROR_FAILURE;
3977 }
3978
3979 *aResult = false;
3980
3981 // If the strings are the same, we obviously have a match.
3982 if (aInput == aHost) {
3983 *aResult = true;
3984 return NS_OK;
3985 }
3986
3987 // If aHost is not found, we know we do not have it as a root domain.
3988 int32_t index = nsAutoCString(aInput).Find(aHost);
3989 if (index == kNotFound) {
3990 return NS_OK;
3991 }
3992
3993 // Otherwise, we have aHost as our root domain iff the index of aHost is
3994 // aHost.length subtracted from our length and (since we do not have an
3995 // exact match) the character before the index is a dot or slash.
3996 *aResult = index > 0 && (uint32_t)index == aInput.Length() - aHost.Length() &&
3997 (aInput[index - 1] == '.' || aInput[index - 1] == '/');
3998 return NS_OK;
3999 }
4000
4001 void CheckForBrokenChromeURL(nsILoadInfo* aLoadInfo, nsIURI* aURI) {
4002 if (!aURI) {
4003 return;
4004 }
4005 nsAutoCString scheme;
4006 aURI->GetScheme(scheme);
4007 if (!scheme.EqualsLiteral("chrome") && !scheme.EqualsLiteral("resource")) {
4008 return;
4009 }
4010 nsAutoCString host;
4011 aURI->GetHost(host);
4012 // Ignore test hits.
4013 if (host.EqualsLiteral("mochitests") || host.EqualsLiteral("reftest")) {
4014 return;
4015 }
4016
4017 nsAutoCString filePath;
4018 aURI->GetFilePath(filePath);
4019 // Fluent likes checking for files everywhere and expects failure.
4020 if (StringEndsWith(filePath, ".ftl"_ns)) {
4021 return;
4022 }
4023
4024 // Ignore fetches/xhrs, as they are frequently used in a way where
4025 // non-existence is OK (ie with fallbacks). This risks false negatives (ie
4026 // files that *should* be there but aren't) - which we accept for now.
4027 ExtContentPolicy policy = aLoadInfo
4028 ? aLoadInfo->GetExternalContentPolicyType()
4029 : ExtContentPolicy::TYPE_OTHER;
4030 if (policy == ExtContentPolicy::TYPE_FETCH ||
4031 policy == ExtContentPolicy::TYPE_XMLHTTPREQUEST) {
4032 return;
4033 }
4034
4035 if (aLoadInfo) {
4036 bool shouldSkipCheckForBrokenURLOrZeroSized;
4037 MOZ_ALWAYS_SUCCEEDS(aLoadInfo->GetShouldSkipCheckForBrokenURLOrZeroSized(
4038 &shouldSkipCheckForBrokenURLOrZeroSized));
4039 if (shouldSkipCheckForBrokenURLOrZeroSized) {
4040 return;
4041 }
4042 }
4043
4044 nsCString spec;
4045 aURI->GetSpec(spec);
4046
4047 #ifdef ANDROID
4048 // Various toolkit files use this and are shipped on android, but
4049 // info-pages.css and aboutLicense.css are not - bug 1808987
4050 if (StringEndsWith(spec, "info-pages.css"_ns) ||
4051 StringEndsWith(spec, "aboutLicense.css"_ns) ||
4052 // Error page CSS is also missing: bug 1810039
4053 StringEndsWith(spec, "aboutNetError.css"_ns) ||
4054 StringEndsWith(spec, "aboutHttpsOnlyError.css"_ns) ||
4055 StringEndsWith(spec, "error-pages.css"_ns) ||
4056 // popup.css is used in a single mochitest: bug 1810577
4057 StringEndsWith(spec, "/popup.css"_ns) ||
4058 // Used by an extension installation test - bug 1809650
4059 StringBeginsWith(spec, "resource://android/assets/web_extensions/"_ns)) {
4060 return;
4061 }
4062 #endif
4063
4064 // DTD files from gre may not exist when requested by tests.
4065 if (StringBeginsWith(spec, "resource://gre/res/dtd/"_ns)) {
4066 return;
4067 }
4068
4069 // The background task machinery allows the caller to specify a JSM on the
4070 // command line, which is then looked up in both app-specific and toolkit-wide
4071 // locations.
4072 if (spec.Find("backgroundtasks") != kNotFound) {
4073 return;
4074 }
4075
4076 if (xpc::IsInAutomation()) {
4077 #ifdef DEBUG
4078 if (NS_IsMainThread()) {
4079 nsCOMPtr<nsIXPConnect> xpc = nsIXPConnect::XPConnect();
4080 Unused << xpc->DebugDumpJSStack(false, false, false);
4081 }
4082 #endif
4083 MOZ_CRASH_UNSAFE_PRINTF("Missing chrome or resource URLs: %s", spec.get());
4084 } else {
4085 printf_stderr("Missing chrome or resource URL: %s\n", spec.get());
4086 }
4087 }
4088
4089 bool IsCoepCredentiallessEnabled(bool aIsOriginTrialCoepCredentiallessEnabled) {
4090 return StaticPrefs::
4091 browser_tabs_remote_coep_credentialless_DoNotUseDirectly() ||
4092 aIsOriginTrialCoepCredentiallessEnabled;
4093 }
4094
4095 } // namespace net
4096 } // namespace mozilla