1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef nsDocShellLoadState_h__
8 #define nsDocShellLoadState_h__
10 #include "mozilla/dom/BrowsingContext.h"
11 #include "mozilla/dom/SessionHistoryEntry.h"
14 #include "mozilla/Maybe.h"
17 #include "nsDocShellLoadTypes.h"
18 #include "nsTArrayForwardDeclare.h"
20 class nsIContentSecurityPolicy
;
26 class nsIReferrerInfo
;
28 class OriginAttributes
;
29 template <typename
, class>
32 class DocShellLoadStateInit
;
34 } // namespace mozilla
37 * nsDocShellLoadState contains setup information used in a nsIDocShell::loadURI
40 class nsDocShellLoadState final
{
41 using BrowsingContext
= mozilla::dom::BrowsingContext
;
43 using MaybeDiscarded
= mozilla::dom::MaybeDiscarded
<T
>;
46 NS_INLINE_DECL_REFCOUNTING(nsDocShellLoadState
);
48 explicit nsDocShellLoadState(nsIURI
* aURI
);
49 explicit nsDocShellLoadState(
50 const mozilla::dom::DocShellLoadStateInit
& aLoadState
,
51 mozilla::ipc::IProtocol
* aActor
, bool* aReadSuccess
);
52 explicit nsDocShellLoadState(const nsDocShellLoadState
& aOther
);
53 nsDocShellLoadState(nsIURI
* aURI
, uint64_t aLoadIdentifier
);
55 static nsresult
CreateFromPendingChannel(nsIChannel
* aPendingChannel
,
56 uint64_t aLoadIdentifier
,
58 nsDocShellLoadState
** aResult
);
60 static nsresult
CreateFromLoadURIOptions(
61 BrowsingContext
* aBrowsingContext
, const nsAString
& aURI
,
62 const mozilla::dom::LoadURIOptions
& aLoadURIOptions
,
63 nsDocShellLoadState
** aResult
);
64 static nsresult
CreateFromLoadURIOptions(
65 BrowsingContext
* aBrowsingContext
, nsIURI
* aURI
,
66 const mozilla::dom::LoadURIOptions
& aLoadURIOptions
,
67 nsDocShellLoadState
** aResult
);
69 // Getters and Setters
71 nsIReferrerInfo
* GetReferrerInfo() const;
73 void SetReferrerInfo(nsIReferrerInfo
* aReferrerInfo
);
77 void SetURI(nsIURI
* aURI
);
79 nsIURI
* OriginalURI() const;
81 void SetOriginalURI(nsIURI
* aOriginalURI
);
83 nsIURI
* ResultPrincipalURI() const;
85 void SetResultPrincipalURI(nsIURI
* aResultPrincipalURI
);
87 bool ResultPrincipalURIIsSome() const;
89 void SetResultPrincipalURIIsSome(bool aIsSome
);
91 bool KeepResultPrincipalURIIfSet() const;
93 void SetKeepResultPrincipalURIIfSet(bool aKeep
);
95 nsIPrincipal
* PrincipalToInherit() const;
97 void SetPrincipalToInherit(nsIPrincipal
* aPrincipalToInherit
);
99 nsIPrincipal
* PartitionedPrincipalToInherit() const;
101 void SetPartitionedPrincipalToInherit(
102 nsIPrincipal
* aPartitionedPrincipalToInherit
);
104 bool LoadReplace() const;
106 void SetLoadReplace(bool aLoadReplace
);
108 nsIPrincipal
* TriggeringPrincipal() const;
110 void SetTriggeringPrincipal(nsIPrincipal
* aTriggeringPrincipal
);
112 uint32_t TriggeringSandboxFlags() const;
114 void SetTriggeringSandboxFlags(uint32_t aTriggeringSandboxFlags
);
116 uint64_t TriggeringWindowId() const;
118 void SetTriggeringWindowId(uint64_t aTriggeringWindowId
);
120 bool TriggeringStorageAccess() const;
122 void SetTriggeringStorageAccess(bool aTriggeringStorageAccess
);
124 nsIContentSecurityPolicy
* Csp() const;
126 void SetCsp(nsIContentSecurityPolicy
* aCsp
);
128 bool InheritPrincipal() const;
130 void SetInheritPrincipal(bool aInheritPrincipal
);
132 bool PrincipalIsExplicit() const;
134 void SetPrincipalIsExplicit(bool aPrincipalIsExplicit
);
136 // If true, "beforeunload" event listeners were notified by the creater of the
137 // LoadState and given the chance to abort the navigation, and should not be
139 bool NotifiedBeforeUnloadListeners() const;
141 void SetNotifiedBeforeUnloadListeners(bool aNotifiedBeforeUnloadListeners
);
143 bool ForceAllowDataURI() const;
145 void SetForceAllowDataURI(bool aForceAllowDataURI
);
147 bool IsExemptFromHTTPSFirstMode() const;
149 void SetIsExemptFromHTTPSFirstMode(bool aIsExemptFromHTTPSFirstMode
);
151 bool OriginalFrameSrc() const;
153 void SetOriginalFrameSrc(bool aOriginalFrameSrc
);
155 bool IsFormSubmission() const;
157 void SetIsFormSubmission(bool aIsFormSubmission
);
159 uint32_t LoadType() const;
161 void SetLoadType(uint32_t aLoadType
);
163 nsISHEntry
* SHEntry() const;
165 void SetSHEntry(nsISHEntry
* aSHEntry
);
167 const mozilla::dom::LoadingSessionHistoryInfo
* GetLoadingSessionHistoryInfo()
170 // Copies aLoadingInfo and stores the copy in this nsDocShellLoadState.
171 void SetLoadingSessionHistoryInfo(
172 const mozilla::dom::LoadingSessionHistoryInfo
& aLoadingInfo
);
174 // Stores aLoadingInfo in this nsDocShellLoadState.
175 void SetLoadingSessionHistoryInfo(
176 mozilla::UniquePtr
<mozilla::dom::LoadingSessionHistoryInfo
> aLoadingInfo
);
178 bool LoadIsFromSessionHistory() const;
180 const nsString
& Target() const;
182 void SetTarget(const nsAString
& aTarget
);
184 nsIInputStream
* PostDataStream() const;
186 void SetPostDataStream(nsIInputStream
* aStream
);
188 nsIInputStream
* HeadersStream() const;
190 void SetHeadersStream(nsIInputStream
* aHeadersStream
);
192 bool IsSrcdocLoad() const;
194 const nsString
& SrcdocData() const;
196 void SetSrcdocData(const nsAString
& aSrcdocData
);
198 const MaybeDiscarded
<BrowsingContext
>& SourceBrowsingContext() const {
199 return mSourceBrowsingContext
;
202 void SetSourceBrowsingContext(BrowsingContext
*);
204 void SetAllowFocusMove(bool aAllow
) { mAllowFocusMove
= aAllow
; }
206 bool AllowFocusMove() const { return mAllowFocusMove
; }
208 const MaybeDiscarded
<BrowsingContext
>& TargetBrowsingContext() const {
209 return mTargetBrowsingContext
;
212 void SetTargetBrowsingContext(BrowsingContext
* aTargetBrowsingContext
);
214 nsIURI
* BaseURI() const;
216 void SetBaseURI(nsIURI
* aBaseURI
);
218 // Helper function allowing convenient work with mozilla::Maybe in C++, hiding
219 // resultPrincipalURI and resultPrincipalURIIsSome attributes from the
221 void GetMaybeResultPrincipalURI(
222 mozilla::Maybe
<nsCOMPtr
<nsIURI
>>& aRPURI
) const;
224 void SetMaybeResultPrincipalURI(
225 mozilla::Maybe
<nsCOMPtr
<nsIURI
>> const& aRPURI
);
227 uint32_t LoadFlags() const;
229 void SetLoadFlags(uint32_t aFlags
);
231 void SetLoadFlag(uint32_t aFlag
);
233 void UnsetLoadFlag(uint32_t aFlag
);
235 bool HasLoadFlags(uint32_t aFlag
);
237 uint32_t InternalLoadFlags() const;
239 void SetInternalLoadFlags(uint32_t aFlags
);
241 void SetInternalLoadFlag(uint32_t aFlag
);
243 void UnsetInternalLoadFlag(uint32_t aFlag
);
245 bool HasInternalLoadFlags(uint32_t aFlag
);
247 bool FirstParty() const;
249 void SetFirstParty(bool aFirstParty
);
251 bool HasValidUserGestureActivation() const;
253 void SetHasValidUserGestureActivation(bool HasValidUserGestureActivation
);
255 const nsCString
& TypeHint() const;
257 void SetTypeHint(const nsCString
& aTypeHint
);
259 const nsString
& FileName() const;
261 void SetFileName(const nsAString
& aFileName
);
263 nsIURI
* GetUnstrippedURI() const;
265 void SetUnstrippedURI(nsIURI
* aUnstrippedURI
);
267 // Give the type of DocShell we're loading into (chrome/content/etc) and
268 // origin attributes for the URI we're loading, figure out if we should
269 // inherit our principal from the document the load was requested from, or
270 // else if the principal should be set up later in the process (after loads).
271 // See comments in function for more info on principal selection algorithm
272 nsresult
SetupInheritingPrincipal(
273 mozilla::dom::BrowsingContext::Type aType
,
274 const mozilla::OriginAttributes
& aOriginAttributes
);
276 // If no triggering principal exists at the moment, create one using referrer
277 // information and origin attributes.
278 nsresult
SetupTriggeringPrincipal(
279 const mozilla::OriginAttributes
& aOriginAttributes
);
281 void SetIsFromProcessingFrameAttributes() {
282 mIsFromProcessingFrameAttributes
= true;
284 bool GetIsFromProcessingFrameAttributes() const {
285 return mIsFromProcessingFrameAttributes
;
288 nsIChannel
* GetPendingRedirectedChannel() {
289 return mPendingRedirectedChannel
;
292 uint64_t GetPendingRedirectChannelRegistrarId() const {
293 return mChannelRegistrarId
;
296 void SetOriginalURIString(const nsCString
& aOriginalURI
) {
297 mOriginalURIString
.emplace(aOriginalURI
);
299 const mozilla::Maybe
<nsCString
>& GetOriginalURIString() const {
300 return mOriginalURIString
;
303 void SetCancelContentJSEpoch(int32_t aCancelEpoch
) {
304 mCancelContentJSEpoch
.emplace(aCancelEpoch
);
306 const mozilla::Maybe
<int32_t>& GetCancelContentJSEpoch() const {
307 return mCancelContentJSEpoch
;
310 uint64_t GetLoadIdentifier() const { return mLoadIdentifier
; }
312 void SetChannelInitialized(bool aInitilized
) {
313 mChannelInitialized
= aInitilized
;
316 bool GetChannelInitialized() const { return mChannelInitialized
; }
318 void SetIsMetaRefresh(bool aMetaRefresh
) { mIsMetaRefresh
= aMetaRefresh
; }
320 bool IsMetaRefresh() const { return mIsMetaRefresh
; }
322 const mozilla::Maybe
<nsCString
>& GetRemoteTypeOverride() const {
323 return mRemoteTypeOverride
;
326 void SetRemoteTypeOverride(const nsCString
& aRemoteTypeOverride
) {
327 mRemoteTypeOverride
= mozilla::Some(aRemoteTypeOverride
);
330 void SetWasSchemelessInput(bool aWasSchemelessInput
) {
331 mWasSchemelessInput
= aWasSchemelessInput
;
334 bool GetWasSchemelessInput() { return mWasSchemelessInput
; }
336 // Determine the remote type of the process which should be considered
337 // responsible for this load for the purposes of security checks.
339 // This will generally be the process which created the nsDocShellLoadState
340 // originally, however non-errorpage history loads are always considered to be
341 // triggered by the parent process, as we can validate them against the
343 const nsCString
& GetEffectiveTriggeringRemoteType() const;
345 void SetTriggeringRemoteType(const nsACString
& aTriggeringRemoteType
);
347 // Diagnostic assert if this is a system-principal triggered load, and it is
348 // trivial to determine that the effective triggering remote type would not be
349 // allowed to perform this load.
351 // This is called early during the load to crash as close to the cause as
352 // possible. See bug 1838686 for details.
353 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
354 void AssertProcessCouldTriggerLoadIfSystem();
356 void AssertProcessCouldTriggerLoadIfSystem() {}
359 // When loading a document through nsDocShell::LoadURI(), a special set of
360 // flags needs to be set based on other values in nsDocShellLoadState. This
361 // function calculates those flags, before the LoadState is passed to
362 // nsDocShell::InternalLoad.
363 void CalculateLoadURIFlags();
365 // Compute the load flags to be used by creating channel. aUriModified and
366 // aIsEmbeddingBlockedError are expected to be Nothing when called from parent
368 nsLoadFlags
CalculateChannelLoadFlags(
369 mozilla::dom::BrowsingContext
* aBrowsingContext
,
370 mozilla::Maybe
<bool> aUriModified
,
371 mozilla::Maybe
<bool> aIsEmbeddingBlockedError
);
373 mozilla::dom::DocShellLoadStateInit
Serialize(
374 mozilla::ipc::IProtocol
* aActor
);
376 void SetLoadIsFromSessionHistory(int32_t aOffset
, bool aLoadingCurrentEntry
);
377 void ClearLoadIsFromSessionHistory();
379 void MaybeStripTrackerQueryStrings(mozilla::dom::BrowsingContext
* aContext
);
382 // Destructor can't be defaulted or inlined, as header doesn't have all type
383 // includes it needs to do so.
384 ~nsDocShellLoadState();
386 // Given the original `nsDocShellLoadState` which was sent to a content
387 // process, validate that they corespond to the same load.
388 // Returns a static (telemetry-safe) string naming what did not match, or
389 // nullptr if it succeeds.
390 const char* ValidateWithOriginalState(nsDocShellLoadState
* aOriginalState
);
392 static nsresult
CreateFromLoadURIOptions(
393 BrowsingContext
* aBrowsingContext
, nsIURI
* aURI
,
394 const mozilla::dom::LoadURIOptions
& aLoadURIOptions
,
395 uint32_t aLoadFlagsOverride
, nsIInputStream
* aPostDataOverride
,
396 nsDocShellLoadState
** aResult
);
398 // This is the referrer for the load.
399 nsCOMPtr
<nsIReferrerInfo
> mReferrerInfo
;
401 // The URI we are navigating to. Will not be null once set.
402 nsCOMPtr
<nsIURI
> mURI
;
404 // The URI to set as the originalURI on the channel that does the load. If
405 // null, aURI will be set as the originalURI.
406 nsCOMPtr
<nsIURI
> mOriginalURI
;
408 // The URI to be set to loadInfo.resultPrincipalURI
409 // - When Nothing, there will be no change
410 // - When Some, the principal URI will overwrite even
411 // with a null value.
413 // Valid only if mResultPrincipalURIIsSome is true (has the same meaning as
414 // isSome() on mozilla::Maybe.)
415 nsCOMPtr
<nsIURI
> mResultPrincipalURI
;
416 bool mResultPrincipalURIIsSome
;
418 // The principal of the load, that is, the entity responsible for causing the
419 // load to occur. In most cases the referrer and the triggeringPrincipal's URI
420 // will be identical.
422 // Please note that this is the principal that is used for security checks. If
423 // the argument aURI is provided by the web, then please do not pass a
424 // SystemPrincipal as the triggeringPrincipal.
425 nsCOMPtr
<nsIPrincipal
> mTriggeringPrincipal
;
427 // The SandboxFlags of the load, that are, the SandboxFlags of the entity
428 // responsible for causing the load to occur. Most likely this are the
429 // SandboxFlags of the document that started the load.
430 uint32_t mTriggeringSandboxFlags
;
432 // The window ID and current "has storage access" value of the entity
433 // triggering the load. This allows the identification of self-initiated
434 // same-origin navigations that should propogate unpartitioned storage access.
435 uint64_t mTriggeringWindowId
;
436 bool mTriggeringStorageAccess
;
438 // The CSP of the load, that is, the CSP of the entity responsible for causing
439 // the load to occur. Most likely this is the CSP of the document that started
440 // the load. In case the entity starting the load did not use a CSP, then mCsp
441 // can be null. Please note that this is also the CSP that will be applied to
442 // the load in case the load encounters a server side redirect.
443 nsCOMPtr
<nsIContentSecurityPolicy
> mCsp
;
445 // If a refresh is caused by http-equiv="refresh" we want to set
446 // aResultPrincipalURI, but we do not want to overwrite the channel's
447 // ResultPrincipalURI, if it has already been set on the channel by a protocol
449 bool mKeepResultPrincipalURIIfSet
;
451 // If set LOAD_REPLACE flag will be set on the channel. If aOriginalURI is
452 // null, this argument is ignored.
455 // If this attribute is true and no triggeringPrincipal is specified,
456 // copy the principal from the referring document.
457 bool mInheritPrincipal
;
459 // If this attribute is true only ever use the principal specified
460 // by the triggeringPrincipal and inheritPrincipal attributes.
461 // If there are security reasons for why this is unsafe, such
462 // as trying to use a systemprincipal as the triggeringPrincipal
463 // for a content docshell the load fails.
464 bool mPrincipalIsExplicit
;
466 bool mNotifiedBeforeUnloadListeners
;
468 // Principal we're inheriting. If null, this means the principal should be
469 // inherited from the current document. If set to NullPrincipal, the channel
470 // will fill in principal information later in the load. See internal comments
471 // of SetupInheritingPrincipal for more info.
473 // When passed to InternalLoad, If this argument is null then
474 // principalToInherit is computed differently. See nsDocShell::InternalLoad
475 // for more comments.
477 nsCOMPtr
<nsIPrincipal
> mPrincipalToInherit
;
479 nsCOMPtr
<nsIPrincipal
> mPartitionedPrincipalToInherit
;
481 // If this attribute is true, then a top-level navigation
482 // to a data URI will be allowed.
483 bool mForceAllowDataURI
;
485 // If this attribute is true, then the top-level navigaion
486 // will be exempt from HTTPS-Only-Mode upgrades.
487 bool mIsExemptFromHTTPSFirstMode
;
489 // If this attribute is true, this load corresponds to a frame
490 // element loading its original src (or srcdoc) attribute.
491 bool mOriginalFrameSrc
;
493 // If this attribute is true, then the load was initiated by a
495 bool mIsFormSubmission
;
497 // Contains a load type as specified by the nsDocShellLoadTypes::load*
501 // Active Session History entry (if loading from SH)
502 nsCOMPtr
<nsISHEntry
> mSHEntry
;
504 // Loading session history info for the load
505 mozilla::UniquePtr
<mozilla::dom::LoadingSessionHistoryInfo
>
506 mLoadingSessionHistoryInfo
;
508 // Target for load, like _content, _blank etc.
511 // When set, this is the Target Browsing Context for the navigation
512 // after retargeting.
513 MaybeDiscarded
<BrowsingContext
> mTargetBrowsingContext
;
515 // Post data stream (if POSTing)
516 nsCOMPtr
<nsIInputStream
> mPostDataStream
;
518 // Additional Headers
519 nsCOMPtr
<nsIInputStream
> mHeadersStream
;
521 // When set, the load will be interpreted as a srcdoc load, where contents of
522 // this string will be loaded instead of the URI. Setting srcdocData sets
523 // isSrcdocLoad to true
524 nsString mSrcdocData
;
526 // When set, this is the Source Browsing Context for the navigation.
527 MaybeDiscarded
<BrowsingContext
> mSourceBrowsingContext
;
529 // Used for srcdoc loads to give view-source knowledge of the load's base URI
530 // as this information isn't embedded in the load's URI.
531 nsCOMPtr
<nsIURI
> mBaseURI
;
533 // Set of Load Flags, taken from nsDocShellLoadTypes.h and nsIWebNavigation
536 // Set of internal load flags
537 uint32_t mInternalLoadFlags
;
539 // Is this a First Party Load?
542 // Is this load triggered by a user gesture?
543 bool mHasValidUserGestureActivation
;
545 // Whether this load can steal the focus from the source browsing context.
546 bool mAllowFocusMove
;
548 // A hint as to the content-type of the resulting data. If no hint, IsVoid()
549 // should return true.
552 // Non-void when the link should be downloaded as the given filename.
553 // mFileName being non-void but empty means that no filename hint was
554 // specified, but link should still trigger a download. If not a download,
555 // mFileName.IsVoid() should return true.
558 // This will be true if this load is triggered by attribute changes.
559 // See nsILoadInfo.isFromProcessingFrameAttributes
560 bool mIsFromProcessingFrameAttributes
;
562 // If set, a pending cross-process redirected channel should be used to
563 // perform the load. The channel will be stored in this value.
564 nsCOMPtr
<nsIChannel
> mPendingRedirectedChannel
;
566 // An optional string representation of mURI, before any
567 // fixups were applied, so that we can send it to a search
568 // engine service if needed.
569 mozilla::Maybe
<nsCString
> mOriginalURIString
;
571 // An optional value to pass to nsIDocShell::setCancelJSEpoch
572 // when initiating the load.
573 mozilla::Maybe
<int32_t> mCancelContentJSEpoch
;
575 // If mPendingRedirectChannel is set, then this is the identifier
576 // that the parent-process equivalent channel has been registered
577 // with using RedirectChannelRegistrar.
578 uint64_t mChannelRegistrarId
;
580 // An identifier to make it possible to examine if two loads are
581 // equal, and which browsing context they belong to (see
582 // BrowsingContext::{Get, Set}CurrentLoadIdentifier)
583 const uint64_t mLoadIdentifier
;
585 // Optional value to indicate that a channel has been
586 // pre-initialized in the parent process.
587 bool mChannelInitialized
;
589 // True if the load was triggered by a meta refresh.
592 // True if the nsDocShellLoadState was received over IPC.
593 bool mWasCreatedRemotely
= false;
595 // The original URI before query stripping happened. If it's present, it shows
596 // the query stripping happened. Otherwise, it will be a nullptr.
597 nsCOMPtr
<nsIURI
> mUnstrippedURI
;
599 // If set, the remote type which the load should be completed within.
600 mozilla::Maybe
<nsCString
> mRemoteTypeOverride
;
602 // Remote type of the process which originally requested the load.
603 nsCString mTriggeringRemoteType
;
605 // if the to-be-loaded address had it protocol added through a fixup
606 bool mWasSchemelessInput
= false;
609 #endif /* nsDocShellLoadState_h__ */