1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4  * License, v. 2.0. If a copy of the MPL was not distributed with this
5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 
7 #ifndef mozilla_LoadInfo_h
8 #define mozilla_LoadInfo_h
9 
10 #include "nsIContentPolicy.h"
11 #include "nsILoadInfo.h"
12 #include "nsIPrincipal.h"
13 #include "nsIWeakReferenceUtils.h"  // for nsWeakPtr
14 #include "nsIURI.h"
15 #include "nsTArray.h"
16 
17 #include "mozilla/BasePrincipal.h"
18 #include "mozilla/dom/ClientInfo.h"
19 #include "mozilla/dom/ServiceWorkerDescriptor.h"
20 
21 class nsINode;
22 class nsPIDOMWindowOuter;
23 
24 namespace mozilla {
25 
26 namespace dom {
27 class PerformanceStorage;
28 class XMLHttpRequestMainThread;
29 }  // namespace dom
30 
31 namespace net {
32 class OptionalLoadInfoArgs;
33 }  // namespace net
34 
35 namespace ipc {
36 // we have to forward declare that function so we can use it as a friend.
37 nsresult LoadInfoArgsToLoadInfo(
38     const mozilla::net::OptionalLoadInfoArgs& aLoadInfoArgs,
39     nsILoadInfo** outLoadInfo);
40 }  // namespace ipc
41 
42 namespace net {
43 
44 typedef nsTArray<nsCOMPtr<nsIRedirectHistoryEntry>> RedirectHistoryArray;
45 
46 /**
47  * Class that provides an nsILoadInfo implementation.
48  */
49 class LoadInfo final : public nsILoadInfo {
50  public:
51   NS_DECL_ISUPPORTS
52   NS_DECL_NSILOADINFO
53 
54   // aLoadingPrincipal MUST NOT BE NULL.
55   LoadInfo(nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
56            nsINode* aLoadingContext, nsSecurityFlags aSecurityFlags,
57            nsContentPolicyType aContentPolicyType,
58            const Maybe<mozilla::dom::ClientInfo>& aLoadingClientInfo =
59                Maybe<mozilla::dom::ClientInfo>(),
60            const Maybe<mozilla::dom::ServiceWorkerDescriptor>& aController =
61                Maybe<mozilla::dom::ServiceWorkerDescriptor>());
62 
63   // Constructor used for TYPE_DOCUMENT loads which have a different
64   // loadingContext than other loads. This ContextForTopLevelLoad is
65   // only used for content policy checks.
66   LoadInfo(nsPIDOMWindowOuter* aOuterWindow, nsIPrincipal* aTriggeringPrincipal,
67            nsISupports* aContextForTopLevelLoad,
68            nsSecurityFlags aSecurityFlags);
69 
70   // create an exact copy of the loadinfo
71   already_AddRefed<nsILoadInfo> Clone() const;
72   // hands off!!! don't use CloneWithNewSecFlags unless you know
73   // exactly what you are doing - it should only be used within
74   // nsBaseChannel::Redirect()
75   already_AddRefed<nsILoadInfo> CloneWithNewSecFlags(
76       nsSecurityFlags aSecurityFlags) const;
77   // creates a copy of the loadinfo which is appropriate to use for a
78   // separate request. I.e. not for a redirect or an inner channel, but
79   // when a separate request is made with the same security properties.
80   already_AddRefed<nsILoadInfo> CloneForNewRequest() const;
81 
82   // The service worker and fetch specifications require returning the
83   // exact tainting level of the Response passed to FetchEvent.respondWith().
84   // This method allows us to override the tainting level in that case.
85   //
86   // NOTE: This should not be used outside of service worker code! Use
87   //       nsILoadInfo::MaybeIncreaseTainting() instead.
88   void SynthesizeServiceWorkerTainting(LoadTainting aTainting);
89 
90   void SetIsPreflight();
91   void SetUpgradeInsecureRequests();
92   void SetBrowserUpgradeInsecureRequests();
93   void SetIsFromProcessingFrameAttributes();
94 
95  private:
96   // private constructor that is only allowed to be called from within
97   // HttpChannelParent and FTPChannelParent declared as friends undeneath.
98   // In e10s we can not serialize nsINode, hence we store the innerWindowID.
99   // Please note that aRedirectChain uses swapElements.
100   LoadInfo(nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
101            nsIPrincipal* aPrincipalToInherit,
102            nsIPrincipal* aSandboxedLoadingPrincipal,
103            nsIURI* aResultPrincipalURI,
104            const Maybe<mozilla::dom::ClientInfo>& aClientInfo,
105            const Maybe<mozilla::dom::ClientInfo>& aReservedClientInfo,
106            const Maybe<mozilla::dom::ClientInfo>& aInitialClientInfo,
107            const Maybe<mozilla::dom::ServiceWorkerDescriptor>& aController,
108            nsSecurityFlags aSecurityFlags,
109            nsContentPolicyType aContentPolicyType, LoadTainting aTainting,
110            bool aUpgradeInsecureRequests, bool aBrowserUpgradeInsecureRequests,
111            bool aVerifySignedContent, bool aEnforceSRI,
112            bool aAllowDocumentToBeAgnosticToCSP, bool aForceAllowDataURI,
113            bool aAllowInsecureRedirectToDataURI,
114            bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID,
115            uint64_t aOuterWindowID, uint64_t aParentOuterWindowID,
116            uint64_t aTopOuterWindowID, uint64_t aFrameOuterWindowID,
117            bool aEnforceSecurity, bool aInitialSecurityCheckDone,
118            bool aIsThirdPartyRequest, bool aIsDocshellReload,
119            const OriginAttributes& aOriginAttributes,
120            RedirectHistoryArray& aRedirectChainIncludingInternalRedirects,
121            RedirectHistoryArray& aRedirectChain,
122            nsTArray<nsCOMPtr<nsIPrincipal>>&& aAncestorPrincipals,
123            const nsTArray<uint64_t>& aAncestorOuterWindowIDs,
124            const nsTArray<nsCString>& aUnsafeHeaders, bool aForcePreflight,
125            bool aIsPreflight, bool aLoadTriggeredFromExternal,
126            bool aServiceWorkerTaintingSynthesized);
127   LoadInfo(const LoadInfo& rhs);
128 
129   NS_IMETHOD GetRedirects(JSContext* aCx,
130                           JS::MutableHandle<JS::Value> aRedirects,
131                           const RedirectHistoryArray& aArra);
132 
133   friend nsresult mozilla::ipc::LoadInfoArgsToLoadInfo(
134       const mozilla::net::OptionalLoadInfoArgs& aLoadInfoArgs,
135       nsILoadInfo** outLoadInfo);
136 
137   ~LoadInfo();
138 
139   void ComputeIsThirdPartyContext(nsPIDOMWindowOuter* aOuterWindow);
140 
141   // This function is the *only* function which can change the securityflags
142   // of a loadinfo. It only exists because of the XHR code. Don't call it
143   // from anywhere else!
144   void SetIncludeCookiesSecFlag();
145   friend class mozilla::dom::XMLHttpRequestMainThread;
146 
147   // if you add a member, please also update the copy constructor and consider
148   // if it should be merged from parent channel through
149   // ParentLoadInfoForwarderArgs.
150   nsCOMPtr<nsIPrincipal> mLoadingPrincipal;
151   nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
152   nsCOMPtr<nsIPrincipal> mPrincipalToInherit;
153   nsCOMPtr<nsIPrincipal> mSandboxedLoadingPrincipal;
154   nsCOMPtr<nsIURI> mResultPrincipalURI;
155 
156   Maybe<mozilla::dom::ClientInfo> mClientInfo;
157   UniquePtr<mozilla::dom::ClientSource> mReservedClientSource;
158   Maybe<mozilla::dom::ClientInfo> mReservedClientInfo;
159   Maybe<mozilla::dom::ClientInfo> mInitialClientInfo;
160   Maybe<mozilla::dom::ServiceWorkerDescriptor> mController;
161   RefPtr<mozilla::dom::PerformanceStorage> mPerformanceStorage;
162 
163   nsWeakPtr mLoadingContext;
164   nsWeakPtr mContextForTopLevelLoad;
165   nsSecurityFlags mSecurityFlags;
166   nsContentPolicyType mInternalContentPolicyType;
167   LoadTainting mTainting;
168   bool mUpgradeInsecureRequests;
169   bool mBrowserUpgradeInsecureRequests;
170   bool mVerifySignedContent;
171   bool mEnforceSRI;
172   bool mAllowDocumentToBeAgnosticToCSP;
173   bool mForceAllowDataURI;
174   bool mAllowInsecureRedirectToDataURI;
175   bool mOriginalFrameSrcLoad;
176   bool mForceInheritPrincipalDropped;
177   uint64_t mInnerWindowID;
178   uint64_t mOuterWindowID;
179   uint64_t mParentOuterWindowID;
180   uint64_t mTopOuterWindowID;
181   uint64_t mFrameOuterWindowID;
182   bool mEnforceSecurity;
183   bool mInitialSecurityCheckDone;
184   bool mIsThirdPartyContext;
185   bool mIsDocshellReload;
186   OriginAttributes mOriginAttributes;
187   RedirectHistoryArray mRedirectChainIncludingInternalRedirects;
188   RedirectHistoryArray mRedirectChain;
189   nsTArray<nsCOMPtr<nsIPrincipal>> mAncestorPrincipals;
190   nsTArray<uint64_t> mAncestorOuterWindowIDs;
191   nsTArray<nsCString> mCorsUnsafeHeaders;
192   bool mForcePreflight;
193   bool mIsPreflight;
194   bool mLoadTriggeredFromExternal;
195   bool mServiceWorkerTaintingSynthesized;
196 
197   // Is true if this load was triggered by processing the attributes of the
198   // browsing context container.
199   // See nsILoadInfo.isFromProcessingFrameAttributes
200   bool mIsFromProcessingFrameAttributes;
201 };
202 
203 }  // namespace net
204 }  // namespace mozilla
205 
206 #endif  // mozilla_LoadInfo_h
207