| blob | e57a889841fcf093d7bd00293af3fc13fb41c9ca |
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 sw=2 et tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
46 }
49 NS_PRINCIPAL_CID)
58 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
59 // Assert that the URI we get here isn't any of the schemes that we know we
60 // should not get here. These schemes always either inherit their principal
61 // or fall back to a null principal. These are schemes which return
62 // URI_INHERITS_SECURITY_CONTEXT from their protocol handler's
63 // GetProtocolFlags function.
69 #endif
70 }
83 }
85 /* static */
90 }
95 }
100 // Handle non-strict file:// uris.
103 // If strict file origin policy is not in effect, all local files are
104 // considered to be same-origin, so return a known dummy origin here.
107 }
109 nsresult rv;
110 // NB: This is only compiled for Thunderbird/Suite.
111 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
118 }
119 #endif
121 // We want the invariant that prinA.origin == prinB.origin i.f.f.
122 // prinA.equals(prinB). However, this requires that we impose certain
123 // constraints on the behavior and origin semantics of principals, and in
124 // particular, forbid creating origin strings for principals whose equality
125 // constraints are not expressible as strings (i.e. object equality).
126 // Moreover, we want to forbid URIs containing the magic "^" we use as a
127 // separating character for origin attributes.
128 //
129 // These constraints can generally be achieved by restricting .origin to
130 // nsIStandardURL-based URIs, but there are a few other URI schemes that we
131 // need to handle.
134 // We generally consider two about:foo origins to be same-origin, but
135 // about:blank is special since it can be generated from different
136 // sources. We check for moz-safe-about:blank since origin is an
137 // innermost URI.
148 }
152 }
154 // These URIs could technically contain a '^', but they never should.
158 }
160 }
162 // This URL can be a blobURL. In this case, we should use the 'parent'
163 // principal instead.
169 }
171 // If we reached this branch, we can only create an origin if we have a
172 // nsIStandardURL. So, we query to a nsIStandardURL, and fail if we aren't
173 // an instance of an nsIStandardURL nsIStandardURLs have the good property
174 // of escaping the '^' character in their specs, which means that we can be
175 // sure that the caret character (which is reserved for delimiting the end
176 // of the spec, and the beginning of the origin attributes) is not present
177 // in the origin string
181 }
183 // See whether we have a useful hostPort. If we do, use that.
184 nsAutoCString hostPort;
188 }
195 }
200 // The origin, when taken from the spec, should not contain the ref part of
201 // the URL.
208 }
212 }
215 }
222 // For ContentPrincipal, Subsumes is equivalent to Equals.
225 }
227 // If either the subject or the object has changed its principal by
228 // explicitly setting document.domain then the other must also have
229 // done so in order to be considered the same origin. This prevents
230 // DNS spoofing based on document.domain (154930)
231 nsresult rv;
233 // Get .domain on each principal.
238 // If either has .domain set, we have equality i.f.f. the domains match.
239 // Otherwise, we fall through to the non-document-domain-considering case.
243 #ifdef DEBUG
251 }
252 #endif
254 }
255 }
257 // Compare uris.
262 }
264 NS_IMETHODIMP
268 }
273 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
281 }
283 OriginAttributes attrs;
287 }
288 #endif
295 }
297 // If this principal is associated with an addon, check whether that addon
298 // has been given permission to load from this domain.
301 }
305 }
307 // If strict file origin policy is in effect, local files will always fail
308 // SecurityCompareURIs unless they are identical. Explicitly check file origin
309 // policy, in that case.
313 }
316 }
325 };
327 }
329 NS_IMETHODIMP
334 }
338 }
340 NS_IMETHODIMP
347 // Set the changed-document-domain flag on compartments containing realms
348 // using this principal.
353 };
362 }
368 // Special handling for a file URI.
370 // If strict file origin policy is not in effect, all local files are
371 // considered to be same-origin, so return a known dummy domain here.
376 }
378 // Otherwise, we return the file path.
384 }
385 }
392 }
394 // In case of FTP we want to get base domain via TLD service even if FTP
395 // protocol handler is disabled and the scheme is handled by external protocol
396 // handler which returns URI_NORELATIVE flag.
400 }
405 }
408 }
410 NS_IMETHODIMP
412 // Handle some special URIs first.
419 }
421 // For everything else, we ask the TLD service via the ThirdPartyUtil.
426 }
429 }
431 NS_IMETHODIMP
436 // It is possible for two principals with the same origin to have different
437 // mURI values. In order to ensure that two principals with matching origins
438 // also have matching siteOrigins, we derive the siteOrigin entirely from the
439 // origin string and do not rely on mURI at all here.
443 // We got an error parsing the origin as a URI? siteOrigin == origin
444 // aSiteOrigin was already filled with `OriginNoSuffix`
446 }
448 // Handle some special URIs first.
449 nsAutoCString baseDomain;
455 // This is a special URI ("file:", "about:", "view-source:", etc). Just
456 // return the origin.
458 }
460 // For everything else, we ask the TLD service. Note that, unlike in
461 // GetBaseDomain, we don't use ThirdPartyUtil.getBaseDomain because if the
462 // host is an IP address that returns the raw address and we can't use it with
463 // SetHost below because SetHost expects '[' and ']' around IPv6 addresses.
464 // See bug 1491728.
469 }
476 // If this is an IP address or something like "localhost", we just continue
477 // with gotBaseDomain = false.
481 }
482 }
484 // NOTE: Calling `SetHostPort` with a portless domain is insufficient to clear
485 // the port, so an extra `SetPort` call has to be made.
491 }
500 }
503 nsCString siteOrigin;
511 }
515 }
525 }
526 }
529 }
531 NS_IMETHODIMP
538 }
540 }
542 NS_IMETHODIMP
551 }
554 // Enforce re-parsing about: URIs so that if they change, we continue to use
555 // their new principals correctly.
557 nsAutoCString spec;
560 NS_ERROR_FAILURE);
561 }
567 }
571 nsAutoCString suffix;
575 OriginAttributes attrs;
579 // Since Bug 965637 we do not serialize the CSP within the
580 // Principal anymore. Nevertheless there might still be
581 // serialized Principals that do have a serialized CSP.
582 // For now, we just read the CSP here but do not actually
583 // consume it. Please note that we deliberately ignore
584 // the return value to avoid CSP deserialization problems.
585 // After Bug 1508939 we will have a new serialization for
586 // Principals which allows us to update the code here.
587 // Additionally, the format for serialized CSPs changed
588 // within Bug 965637 which also can cause failures within
589 // the CSP deserialization code.
592 nsAutoCString originNoSuffix;
599 // Note: we don't call SetDomain here because we don't need the wrapper
600 // recomputation code there (we just created this principal).
604 }
608 }
611 nsAutoCString principalURI;
615 // We turn each int enum field into a JSON string key of the object
616 // aObject is the inner JSON object that has stringified enum keys
617 // An example aObject might be:
618 //
619 // eURI eSuffix
620 // | |
621 // {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}
622 // | | | |
623 // ----------------------------- |
624 // | | |
625 // Key ----------------------
626 // |
627 // Value
631 nsAutoCString domainStr;
635 }
637 nsAutoCString suffix;
641 }
644 }
649 nsresult rv;
653 OriginAttributes attrs;
655 // The odd structure here is to make the code to not compile
656 // if all the switch enum cases haven't been codified
665 }
669 {
670 // Enforce re-parsing about: URIs so that if they change, we
671 // continue to use their new principals correctly.
673 nsAutoCString spec;
677 }
678 }
679 }
685 }
692 }
693 }
695 }
696 }
697 nsAutoCString originNoSuffix;
699 originNoSuffix);
702 }
710 }
713 }