1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4  * License, v. 2.0. If a copy of the MPL was not distributed with this
5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 
7 #ifndef nsMixedContentBlocker_h___
8 #define nsMixedContentBlocker_h___
9 
10 #define NS_MIXEDCONTENTBLOCKER_CONTRACTID "@mozilla.org/mixedcontentblocker;1"
11 /* daf1461b-bf29-4f88-8d0e-4bcdf332c862 */
12 #define NS_MIXEDCONTENTBLOCKER_CID                   \
13   {                                                  \
14     0xdaf1461b, 0xbf29, 0x4f88, {                    \
15       0x8d, 0x0e, 0x4b, 0xcd, 0xf3, 0x32, 0xc8, 0x62 \
16     }                                                \
17   }
18 
19 // This enum defines type of content that is detected when an
20 // nsMixedContentEvent fires
21 enum MixedContentTypes {
22   // "Active" content, such as fonts, plugin content, JavaScript, stylesheets,
23   // iframes, WebSockets, and XHR
24   eMixedScript,
25   // "Display" content, such as images, audio, video, and <a ping>
26   eMixedDisplay
27 };
28 
29 #include "nsIContentPolicy.h"
30 #include "nsIChannel.h"
31 #include "nsIChannelEventSink.h"
32 #include "imgRequest.h"
33 
34 using mozilla::OriginAttributes;
35 
36 class nsILoadInfo;  // forward declaration
37 namespace mozilla {
38 namespace net {
39 class nsProtocolProxyService;  // forward declaration
40 }
41 }  // namespace mozilla
42 
43 class nsMixedContentBlocker : public nsIContentPolicy,
44                               public nsIChannelEventSink {
45  private:
46   virtual ~nsMixedContentBlocker();
47 
48  public:
49   NS_DECL_ISUPPORTS
50   NS_DECL_NSICONTENTPOLICY
51   NS_DECL_NSICHANNELEVENTSINK
52 
53   nsMixedContentBlocker() = default;
54 
55   // See:
56   // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
57   static bool IsPotentiallyTrustworthyLoopbackHost(
58       const nsACString& aAsciiHost);
59   static bool IsPotentiallyTrustworthyLoopbackURL(nsIURI* aURL);
60   static bool IsPotentiallyTrustworthyOnion(nsIURI* aURL);
61   static bool IsPotentiallyTrustworthyOrigin(nsIURI* aURI);
62 
63   /* Static version of ShouldLoad() that contains all the Mixed Content Blocker
64    * logic.  Called from non-static ShouldLoad().
65    * Called directly from imageLib when an insecure redirect exists in a cached
66    * image load.
67    * @param aHadInsecureImageRedirect
68    *        boolean flag indicating that an insecure redirect through http
69    *        occured when this image was initially loaded and cached.
70    * @param aReportError
71    *        boolean flag indicating if a rejection should automaticly be
72    *        logged into the Console.
73    * Remaining parameters are from nsIContentPolicy::ShouldLoad().
74    */
75   static nsresult ShouldLoad(bool aHadInsecureImageRedirect,
76                              nsIURI* aContentLocation, nsILoadInfo* aLoadInfo,
77                              const nsACString& aMimeGuess, bool aReportError,
78                              int16_t* aDecision);
79   static void AccumulateMixedContentHSTS(
80       nsIURI* aURI, bool aActive, const OriginAttributes& aOriginAttributes);
81 
82   static bool URISafeToBeLoadedInSecureContext(nsIURI* aURI);
83 
84   static void OnPrefChange(const char* aPref, void* aClosure);
85   static void GetSecureContextAllowList(nsACString& aList);
86   static void Shutdown();
87 
88   static bool sSecurecontextAllowlistCached;
89   static nsCString* sSecurecontextAllowlist;
90 };
91 
92 #endif /* nsMixedContentBlocker_h___ */
93