1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef nsMixedContentBlocker_h___ 8 #define nsMixedContentBlocker_h___ 9 10 #define NS_MIXEDCONTENTBLOCKER_CONTRACTID "@mozilla.org/mixedcontentblocker;1" 11 /* daf1461b-bf29-4f88-8d0e-4bcdf332c862 */ 12 #define NS_MIXEDCONTENTBLOCKER_CID \ 13 { \ 14 0xdaf1461b, 0xbf29, 0x4f88, { \ 15 0x8d, 0x0e, 0x4b, 0xcd, 0xf3, 0x32, 0xc8, 0x62 \ 16 } \ 17 } 18 19 // This enum defines type of content that is detected when an 20 // nsMixedContentEvent fires 21 enum MixedContentTypes { 22 // "Active" content, such as fonts, plugin content, JavaScript, stylesheets, 23 // iframes, WebSockets, and XHR 24 eMixedScript, 25 // "Display" content, such as images, audio, video, and <a ping> 26 eMixedDisplay 27 }; 28 29 #include "nsIContentPolicy.h" 30 #include "nsIChannel.h" 31 #include "nsIChannelEventSink.h" 32 #include "imgRequest.h" 33 34 using mozilla::OriginAttributes; 35 36 class nsILoadInfo; // forward declaration 37 namespace mozilla { 38 namespace net { 39 class nsProtocolProxyService; // forward declaration 40 } 41 } // namespace mozilla 42 43 class nsMixedContentBlocker : public nsIContentPolicy, 44 public nsIChannelEventSink { 45 private: 46 virtual ~nsMixedContentBlocker(); 47 48 public: 49 NS_DECL_ISUPPORTS 50 NS_DECL_NSICONTENTPOLICY 51 NS_DECL_NSICHANNELEVENTSINK 52 53 nsMixedContentBlocker() = default; 54 55 // See: 56 // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy 57 static bool IsPotentiallyTrustworthyLoopbackHost( 58 const nsACString& aAsciiHost); 59 static bool IsPotentiallyTrustworthyLoopbackURL(nsIURI* aURL); 60 static bool IsPotentiallyTrustworthyOnion(nsIURI* aURL); 61 static bool IsPotentiallyTrustworthyOrigin(nsIURI* aURI); 62 63 /* Static version of ShouldLoad() that contains all the Mixed Content Blocker 64 * logic. Called from non-static ShouldLoad(). 65 * Called directly from imageLib when an insecure redirect exists in a cached 66 * image load. 67 * @param aHadInsecureImageRedirect 68 * boolean flag indicating that an insecure redirect through http 69 * occured when this image was initially loaded and cached. 70 * @param aReportError 71 * boolean flag indicating if a rejection should automaticly be 72 * logged into the Console. 73 * Remaining parameters are from nsIContentPolicy::ShouldLoad(). 74 */ 75 static nsresult ShouldLoad(bool aHadInsecureImageRedirect, 76 nsIURI* aContentLocation, nsILoadInfo* aLoadInfo, 77 const nsACString& aMimeGuess, bool aReportError, 78 int16_t* aDecision); 79 static void AccumulateMixedContentHSTS( 80 nsIURI* aURI, bool aActive, const OriginAttributes& aOriginAttributes); 81 82 static bool URISafeToBeLoadedInSecureContext(nsIURI* aURI); 83 84 static void OnPrefChange(const char* aPref, void* aClosure); 85 static void GetSecureContextAllowList(nsACString& aList); 86 static void Shutdown(); 87 88 static bool sSecurecontextAllowlistCached; 89 static nsCString* sSecurecontextAllowlist; 90 }; 91 92 #endif /* nsMixedContentBlocker_h___ */ 93