1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "mozilla/LoadInfo.h"
8
9 #include "js/Array.h" // JS::NewArrayObject
10 #include "mozilla/Assertions.h"
11 #include "mozilla/ExpandedPrincipal.h"
12 #include "mozilla/dom/CanonicalBrowsingContext.h"
13 #include "mozilla/dom/ClientIPCTypes.h"
14 #include "mozilla/dom/ClientSource.h"
15 #include "mozilla/dom/Performance.h"
16 #include "mozilla/dom/PerformanceStorage.h"
17 #include "mozilla/dom/BrowserChild.h"
18 #include "mozilla/dom/ToJSValue.h"
19 #include "mozilla/dom/BrowsingContext.h"
20 #include "mozilla/dom/WindowGlobalParent.h"
21 #include "mozilla/net/CookieJarSettings.h"
22 #include "mozilla/NullPrincipal.h"
23 #include "mozilla/StaticPrefs_network.h"
24 #include "mozilla/StaticPrefs_security.h"
25 #include "mozIThirdPartyUtil.h"
26 #include "ThirdPartyUtil.h"
27 #include "nsFrameLoader.h"
28 #include "nsFrameLoaderOwner.h"
29 #include "nsIContentSecurityPolicy.h"
30 #include "nsIDocShell.h"
31 #include "mozilla/dom/Document.h"
32 #include "nsIInterfaceRequestorUtils.h"
33 #include "nsIScriptElement.h"
34 #include "nsISupportsImpl.h"
35 #include "nsISupportsUtils.h"
36 #include "nsIXPConnect.h"
37 #include "nsDocShell.h"
38 #include "nsGlobalWindow.h"
39 #include "nsMixedContentBlocker.h"
40 #include "nsQueryObject.h"
41 #include "nsRedirectHistoryEntry.h"
42 #include "nsSandboxFlags.h"
43 #include "nsICookieService.h"
44
45 using namespace mozilla::dom;
46
47 namespace mozilla {
48 namespace net {
49
InternalContentPolicyTypeForFrame(CanonicalBrowsingContext * aBrowsingContext)50 static nsContentPolicyType InternalContentPolicyTypeForFrame(
51 CanonicalBrowsingContext* aBrowsingContext) {
52 const auto& maybeEmbedderElementType =
53 aBrowsingContext->GetEmbedderElementType();
54 MOZ_ASSERT(maybeEmbedderElementType.isSome());
55 auto embedderElementType = maybeEmbedderElementType.value();
56
57 // Assign same type as in nsDocShell::DetermineContentType.
58 // N.B. internal content policy type will never be TYPE_DOCUMENT
59 return embedderElementType.EqualsLiteral("iframe")
60 ? nsIContentPolicy::TYPE_INTERNAL_IFRAME
61 : nsIContentPolicy::TYPE_INTERNAL_FRAME;
62 }
63
CreateForDocument(dom::CanonicalBrowsingContext * aBrowsingContext,nsIPrincipal * aTriggeringPrincipal,const OriginAttributes & aOriginAttributes,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags)64 /* static */ already_AddRefed<LoadInfo> LoadInfo::CreateForDocument(
65 dom::CanonicalBrowsingContext* aBrowsingContext,
66 nsIPrincipal* aTriggeringPrincipal,
67 const OriginAttributes& aOriginAttributes, nsSecurityFlags aSecurityFlags,
68 uint32_t aSandboxFlags) {
69 return MakeAndAddRef<LoadInfo>(aBrowsingContext, aTriggeringPrincipal,
70 aOriginAttributes, aSecurityFlags,
71 aSandboxFlags);
72 }
73
CreateForFrame(dom::CanonicalBrowsingContext * aBrowsingContext,nsIPrincipal * aTriggeringPrincipal,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags)74 /* static */ already_AddRefed<LoadInfo> LoadInfo::CreateForFrame(
75 dom::CanonicalBrowsingContext* aBrowsingContext,
76 nsIPrincipal* aTriggeringPrincipal, nsSecurityFlags aSecurityFlags,
77 uint32_t aSandboxFlags) {
78 return MakeAndAddRef<LoadInfo>(aBrowsingContext, aTriggeringPrincipal,
79 aSecurityFlags, aSandboxFlags);
80 }
81
CreateForNonDocument(dom::WindowGlobalParent * aParentWGP,nsIPrincipal * aTriggeringPrincipal,nsContentPolicyType aContentPolicyType,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags)82 /* static */ already_AddRefed<LoadInfo> LoadInfo::CreateForNonDocument(
83 dom::WindowGlobalParent* aParentWGP, nsIPrincipal* aTriggeringPrincipal,
84 nsContentPolicyType aContentPolicyType, nsSecurityFlags aSecurityFlags,
85 uint32_t aSandboxFlags) {
86 return MakeAndAddRef<LoadInfo>(aParentWGP, aTriggeringPrincipal,
87 aContentPolicyType, aSecurityFlags,
88 aSandboxFlags);
89 }
90
LoadInfo(nsIPrincipal * aLoadingPrincipal,nsIPrincipal * aTriggeringPrincipal,nsINode * aLoadingContext,nsSecurityFlags aSecurityFlags,nsContentPolicyType aContentPolicyType,const Maybe<mozilla::dom::ClientInfo> & aLoadingClientInfo,const Maybe<mozilla::dom::ServiceWorkerDescriptor> & aController,uint32_t aSandboxFlags)91 LoadInfo::LoadInfo(
92 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
93 nsINode* aLoadingContext, nsSecurityFlags aSecurityFlags,
94 nsContentPolicyType aContentPolicyType,
95 const Maybe<mozilla::dom::ClientInfo>& aLoadingClientInfo,
96 const Maybe<mozilla::dom::ServiceWorkerDescriptor>& aController,
97 uint32_t aSandboxFlags)
98 : mLoadingPrincipal(aLoadingContext ? aLoadingContext->NodePrincipal()
99 : aLoadingPrincipal),
100 mTriggeringPrincipal(aTriggeringPrincipal ? aTriggeringPrincipal
101 : mLoadingPrincipal.get()),
102 mClientInfo(aLoadingClientInfo),
103 mController(aController),
104 mLoadingContext(do_GetWeakReference(aLoadingContext)),
105 mSecurityFlags(aSecurityFlags),
106 mSandboxFlags(aSandboxFlags),
107
108 mInternalContentPolicyType(aContentPolicyType) {
109 MOZ_ASSERT(mLoadingPrincipal);
110 MOZ_ASSERT(mTriggeringPrincipal);
111
112 #ifdef DEBUG
113 // TYPE_DOCUMENT loads initiated by javascript tests will go through
114 // nsIOService and use the wrong constructor. Don't enforce the
115 // !TYPE_DOCUMENT check in those cases
116 bool skipContentTypeCheck = false;
117 skipContentTypeCheck =
118 Preferences::GetBool("network.loadinfo.skip_type_assertion");
119 #endif
120
121 // This constructor shouldn't be used for TYPE_DOCUMENT loads that don't
122 // have a loadingPrincipal
123 MOZ_ASSERT(skipContentTypeCheck || mLoadingPrincipal ||
124 mInternalContentPolicyType != nsIContentPolicy::TYPE_DOCUMENT);
125
126 // We should only get an explicit controller for subresource requests.
127 MOZ_DIAGNOSTIC_ASSERT(aController.isNothing() ||
128 !nsContentUtils::IsNonSubresourceInternalPolicyType(
129 mInternalContentPolicyType));
130
131 // TODO(bug 1259873): Above, we initialize mIsThirdPartyContext to false
132 // meaning that consumers of LoadInfo that don't pass a context or pass a
133 // context from which we can't find a window will default to assuming that
134 // they're 1st party. It would be nice if we could default "safe" and assume
135 // that we are 3rd party until proven otherwise.
136
137 // if consumers pass both, aLoadingContext and aLoadingPrincipal
138 // then the loadingPrincipal must be the same as the node's principal
139 MOZ_ASSERT(!aLoadingContext || !aLoadingPrincipal ||
140 aLoadingContext->NodePrincipal() == aLoadingPrincipal);
141
142 // if the load is sandboxed, we can not also inherit the principal
143 if (mSandboxFlags & SANDBOXED_ORIGIN) {
144 mForceInheritPrincipalDropped =
145 (mSecurityFlags & nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL);
146 mSecurityFlags &= ~nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
147 }
148
149 ExtContentPolicyType externalType =
150 nsContentUtils::InternalContentPolicyTypeToExternal(aContentPolicyType);
151
152 if (aLoadingContext) {
153 // Ensure that all network requests for a window client have the ClientInfo
154 // properly set. Workers must currently pass the loading ClientInfo
155 // explicitly. We allow main thread requests to explicitly pass the value as
156 // well.
157 if (mClientInfo.isNothing()) {
158 mClientInfo = aLoadingContext->OwnerDoc()->GetClientInfo();
159 }
160
161 // For subresource loads set the service worker based on the calling
162 // context's controller. Workers must currently pass the controller in
163 // explicitly. We allow main thread requests to explicitly pass the value
164 // as well, but otherwise extract from the loading context here.
165 if (mController.isNothing() &&
166 !nsContentUtils::IsNonSubresourceInternalPolicyType(
167 mInternalContentPolicyType)) {
168 mController = aLoadingContext->OwnerDoc()->GetController();
169 }
170
171 nsCOMPtr<nsPIDOMWindowOuter> contextOuter =
172 aLoadingContext->OwnerDoc()->GetWindow();
173 if (contextOuter) {
174 ComputeIsThirdPartyContext(contextOuter);
175 RefPtr<dom::BrowsingContext> bc = contextOuter->GetBrowsingContext();
176 MOZ_ASSERT(bc);
177 mBrowsingContextID = bc->Id();
178
179 nsGlobalWindowInner* innerWindow =
180 nsGlobalWindowInner::Cast(contextOuter->GetCurrentInnerWindow());
181 if (innerWindow) {
182 mTopLevelPrincipal = innerWindow->GetTopLevelAntiTrackingPrincipal();
183
184 // The top-level-storage-area-principal is not null only for the first
185 // level of iframes (null for top-level contexts, and null for
186 // sub-iframes). If we are loading a sub-document resource, we must
187 // calculate what the top-level-storage-area-principal will be for the
188 // new context.
189 if (externalType != ExtContentPolicy::TYPE_SUBDOCUMENT) {
190 mTopLevelStorageAreaPrincipal =
191 innerWindow->GetTopLevelStorageAreaPrincipal();
192 } else if (bc->IsTop()) {
193 Document* doc = innerWindow->GetExtantDoc();
194 if (!doc || (!doc->StorageAccessSandboxed())) {
195 mTopLevelStorageAreaPrincipal = innerWindow->GetPrincipal();
196 }
197
198 // If this is the first level iframe, innerWindow is our top-level
199 // principal.
200 if (!mTopLevelPrincipal) {
201 mTopLevelPrincipal = innerWindow->GetPrincipal();
202 }
203 }
204 }
205
206 // Let's inherit the cookie behavior and permission from the parent
207 // document.
208 mCookieJarSettings = aLoadingContext->OwnerDoc()->CookieJarSettings();
209 }
210
211 mInnerWindowID = aLoadingContext->OwnerDoc()->InnerWindowID();
212 RefPtr<WindowContext> ctx = WindowContext::GetById(mInnerWindowID);
213 if (ctx) {
214 mLoadingEmbedderPolicy = ctx->GetEmbedderPolicy();
215 }
216 mDocumentHasUserInteracted =
217 aLoadingContext->OwnerDoc()->UserHasInteracted();
218
219 // Inherit HTTPS-Only Mode flags from parent document
220 mHttpsOnlyStatus |= aLoadingContext->OwnerDoc()->HttpsOnlyStatus();
221
222 // When the element being loaded is a frame, we choose the frame's window
223 // for the window ID and the frame element's window as the parent
224 // window. This is the behavior that Chrome exposes to add-ons.
225 // NB: If the frameLoaderOwner doesn't have a frame loader, then the load
226 // must be coming from an object (such as a plugin) that's loaded into it
227 // instead of a document being loaded. In that case, treat this object like
228 // any other non-document-loading element.
229 RefPtr<nsFrameLoaderOwner> frameLoaderOwner =
230 do_QueryObject(aLoadingContext);
231 RefPtr<nsFrameLoader> fl =
232 frameLoaderOwner ? frameLoaderOwner->GetFrameLoader() : nullptr;
233 if (fl) {
234 nsCOMPtr<nsIDocShell> docShell = fl->GetDocShell(IgnoreErrors());
235 if (docShell) {
236 nsCOMPtr<nsPIDOMWindowOuter> outerWindow = do_GetInterface(docShell);
237 if (outerWindow) {
238 RefPtr<dom::BrowsingContext> bc = outerWindow->GetBrowsingContext();
239 mFrameBrowsingContextID = bc ? bc->Id() : 0;
240 }
241 }
242 }
243
244 // if the document forces all mixed content to be blocked, then we
245 // store that bit for all requests on the loadinfo.
246 mBlockAllMixedContent =
247 aLoadingContext->OwnerDoc()->GetBlockAllMixedContent(false) ||
248 (nsContentUtils::IsPreloadType(mInternalContentPolicyType) &&
249 aLoadingContext->OwnerDoc()->GetBlockAllMixedContent(true));
250
251 // if the document forces all requests to be upgraded from http to https,
252 // then we should do that for all requests. If it only forces preloads to be
253 // upgraded then we should enforce upgrade insecure requests only for
254 // preloads.
255 mUpgradeInsecureRequests =
256 aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(false) ||
257 (nsContentUtils::IsPreloadType(mInternalContentPolicyType) &&
258 aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(true));
259
260 if (nsContentUtils::IsUpgradableDisplayType(externalType)) {
261 if (mLoadingPrincipal->SchemeIs("https")) {
262 if (StaticPrefs::security_mixed_content_upgrade_display_content()) {
263 mBrowserUpgradeInsecureRequests = true;
264 } else {
265 mBrowserWouldUpgradeInsecureRequests = true;
266 }
267 }
268 }
269 }
270 mOriginAttributes = mLoadingPrincipal->OriginAttributesRef();
271
272 // We need to do this after inheriting the document's origin attributes
273 // above, in case the loading principal ends up being the system principal.
274 if (aLoadingContext) {
275 nsCOMPtr<nsILoadContext> loadContext =
276 aLoadingContext->OwnerDoc()->GetLoadContext();
277 nsCOMPtr<nsIDocShell> docShell = aLoadingContext->OwnerDoc()->GetDocShell();
278 if (loadContext && docShell &&
279 docShell->GetBrowsingContext()->IsContent()) {
280 bool usePrivateBrowsing;
281 nsresult rv = loadContext->GetUsePrivateBrowsing(&usePrivateBrowsing);
282 if (NS_SUCCEEDED(rv)) {
283 mOriginAttributes.SyncAttributesWithPrivateBrowsing(usePrivateBrowsing);
284 }
285 }
286 }
287
288 // For chrome docshell, the mPrivateBrowsingId remains 0 even its
289 // UsePrivateBrowsing() is true, so we only update the mPrivateBrowsingId in
290 // origin attributes if the type of the docshell is content.
291 if (aLoadingContext) {
292 nsCOMPtr<nsIDocShell> docShell = aLoadingContext->OwnerDoc()->GetDocShell();
293 if (docShell) {
294 if (docShell->GetBrowsingContext()->IsChrome()) {
295 MOZ_ASSERT(mOriginAttributes.mPrivateBrowsingId == 0,
296 "chrome docshell shouldn't have mPrivateBrowsingId set.");
297 }
298 }
299 }
300
301 // in case this is a loadinfo for a parser generated script, then we store
302 // that bit of information so CSP strict-dynamic can query it.
303 if (!nsContentUtils::IsPreloadType(mInternalContentPolicyType)) {
304 nsCOMPtr<nsIScriptElement> script = do_QueryInterface(aLoadingContext);
305 if (script && script->GetParserCreated() != mozilla::dom::NOT_FROM_PARSER) {
306 mParserCreatedScript = true;
307 }
308 }
309 }
310
311 /* Constructor takes an outer window, but no loadingNode or loadingPrincipal.
312 * This constructor should only be used for TYPE_DOCUMENT loads, since they
313 * have a null loadingNode and loadingPrincipal.
314 */
LoadInfo(nsPIDOMWindowOuter * aOuterWindow,nsIPrincipal * aTriggeringPrincipal,nsISupports * aContextForTopLevelLoad,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags)315 LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow,
316 nsIPrincipal* aTriggeringPrincipal,
317 nsISupports* aContextForTopLevelLoad,
318 nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags)
319 : mTriggeringPrincipal(aTriggeringPrincipal),
320 mContextForTopLevelLoad(do_GetWeakReference(aContextForTopLevelLoad)),
321 mSecurityFlags(aSecurityFlags),
322 mSandboxFlags(aSandboxFlags),
323
324 mInternalContentPolicyType(nsIContentPolicy::TYPE_DOCUMENT) {
325 // Top-level loads are never third-party
326 // Grab the information we can out of the window.
327 MOZ_ASSERT(aOuterWindow);
328 MOZ_ASSERT(mTriggeringPrincipal);
329
330 // if the load is sandboxed, we can not also inherit the principal
331 if (mSandboxFlags & SANDBOXED_ORIGIN) {
332 mForceInheritPrincipalDropped =
333 (mSecurityFlags & nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL);
334 mSecurityFlags &= ~nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
335 }
336
337 RefPtr<BrowsingContext> bc = aOuterWindow->GetBrowsingContext();
338 mBrowsingContextID = bc ? bc->Id() : 0;
339
340 // This should be removed in bug 1618557
341 nsGlobalWindowInner* innerWindow =
342 nsGlobalWindowInner::Cast(aOuterWindow->GetCurrentInnerWindow());
343 if (innerWindow) {
344 mTopLevelPrincipal = innerWindow->GetTopLevelAntiTrackingPrincipal();
345 // mTopLevelStorageAreaPrincipal is always null for top-level document
346 // loading.
347 }
348
349 // get the docshell from the outerwindow, and then get the originattributes
350 nsCOMPtr<nsIDocShell> docShell = aOuterWindow->GetDocShell();
351 MOZ_ASSERT(docShell);
352 mOriginAttributes = nsDocShell::Cast(docShell)->GetOriginAttributes();
353
354 // We sometimes use this constructor for security checks for outer windows
355 // that aren't top level.
356 if (aSecurityFlags != nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK) {
357 MOZ_ASSERT(aOuterWindow->GetBrowsingContext()->IsTop());
358 }
359
360 #ifdef DEBUG
361 if (docShell->GetBrowsingContext()->IsChrome()) {
362 MOZ_ASSERT(mOriginAttributes.mPrivateBrowsingId == 0,
363 "chrome docshell shouldn't have mPrivateBrowsingId set.");
364 }
365 #endif
366
367 // Let's take the current cookie behavior and current cookie permission
368 // for the documents' loadInfo. Note that for any other loadInfos,
369 // cookieBehavior will be BEHAVIOR_REJECT for security reasons.
370 bool isPrivate = mOriginAttributes.mPrivateBrowsingId > 0;
371 mCookieJarSettings = CookieJarSettings::Create(
372 isPrivate ? CookieJarSettings::ePrivate : CookieJarSettings::eRegular);
373 }
374
LoadInfo(dom::CanonicalBrowsingContext * aBrowsingContext,nsIPrincipal * aTriggeringPrincipal,const OriginAttributes & aOriginAttributes,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags)375 LoadInfo::LoadInfo(dom::CanonicalBrowsingContext* aBrowsingContext,
376 nsIPrincipal* aTriggeringPrincipal,
377 const OriginAttributes& aOriginAttributes,
378 nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags)
379 : mTriggeringPrincipal(aTriggeringPrincipal),
380 mSecurityFlags(aSecurityFlags),
381 mSandboxFlags(aSandboxFlags),
382
383 mInternalContentPolicyType(nsIContentPolicy::TYPE_DOCUMENT) {
384 // Top-level loads are never third-party
385 // Grab the information we can out of the window.
386 MOZ_ASSERT(aBrowsingContext);
387 MOZ_ASSERT(mTriggeringPrincipal);
388 MOZ_ASSERT(aSecurityFlags !=
389 nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK);
390
391 // if the load is sandboxed, we can not also inherit the principal
392 if (mSandboxFlags & SANDBOXED_ORIGIN) {
393 mForceInheritPrincipalDropped =
394 (mSecurityFlags & nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL);
395 mSecurityFlags &= ~nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
396 }
397
398 mBrowsingContextID = aBrowsingContext->Id();
399 mOriginAttributes = aOriginAttributes;
400
401 #ifdef DEBUG
402 if (aBrowsingContext->IsChrome()) {
403 MOZ_ASSERT(mOriginAttributes.mPrivateBrowsingId == 0,
404 "chrome docshell shouldn't have mPrivateBrowsingId set.");
405 }
406 #endif
407
408 // Let's take the current cookie behavior and current cookie permission
409 // for the documents' loadInfo. Note that for any other loadInfos,
410 // cookieBehavior will be BEHAVIOR_REJECT for security reasons.
411 bool isPrivate = mOriginAttributes.mPrivateBrowsingId > 0;
412 mCookieJarSettings = CookieJarSettings::Create(
413 isPrivate ? CookieJarSettings::ePrivate : CookieJarSettings::eRegular);
414 }
415
LoadInfo(dom::WindowGlobalParent * aParentWGP,nsIPrincipal * aTriggeringPrincipal,nsContentPolicyType aContentPolicyType,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags)416 LoadInfo::LoadInfo(dom::WindowGlobalParent* aParentWGP,
417 nsIPrincipal* aTriggeringPrincipal,
418 nsContentPolicyType aContentPolicyType,
419 nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags)
420 : mTriggeringPrincipal(aTriggeringPrincipal),
421 mSecurityFlags(aSecurityFlags),
422 mSandboxFlags(aSandboxFlags),
423 mInternalContentPolicyType(aContentPolicyType) {
424 CanonicalBrowsingContext* parentBC = aParentWGP->BrowsingContext();
425 MOZ_ASSERT(parentBC);
426 ComputeAncestors(parentBC, mAncestorPrincipals, mAncestorBrowsingContextIDs);
427
428 RefPtr<WindowGlobalParent> topLevelWGP = aParentWGP->TopWindowContext();
429
430 // if the load is sandboxed, we can not also inherit the principal
431 if (mSandboxFlags & SANDBOXED_ORIGIN) {
432 mForceInheritPrincipalDropped =
433 (mSecurityFlags & nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL);
434 mSecurityFlags &= ~nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
435 }
436
437 // Ensure that all network requests for a window client have the ClientInfo
438 // properly set.
439 mClientInfo = aParentWGP->GetClientInfo();
440 mLoadingPrincipal = aParentWGP->DocumentPrincipal();
441 ComputeIsThirdPartyContext(aParentWGP);
442
443 mBrowsingContextID = parentBC->Id();
444
445 // Let's inherit the cookie behavior and permission from the embedder
446 // document.
447 mCookieJarSettings = aParentWGP->CookieJarSettings();
448 if (topLevelWGP->BrowsingContext()->IsTop()) {
449 if (mCookieJarSettings) {
450 bool stopAtOurLevel = mCookieJarSettings->GetCookieBehavior() ==
451 nsICookieService::BEHAVIOR_REJECT_TRACKER;
452 if (!stopAtOurLevel ||
453 topLevelWGP->OuterWindowId() != aParentWGP->OuterWindowId()) {
454 mTopLevelPrincipal = topLevelWGP->DocumentPrincipal();
455 }
456 }
457 }
458
459 // The top-level-storage-area-principal is not null only for the first
460 // level of iframes (null for top-level contexts, and null for
461 // sub-iframes). If we are loading a sub-document resource, we must
462 // calculate what the top-level-storage-area-principal will be for the
463 // new context.
464 if (parentBC->IsTop()) {
465 if (!Document::StorageAccessSandboxed(aParentWGP->SandboxFlags())) {
466 mTopLevelStorageAreaPrincipal = aParentWGP->DocumentPrincipal();
467 }
468
469 // If this is the first level iframe, embedder WindowGlobalParent's document
470 // principal is our top-level principal.
471 if (!mTopLevelPrincipal) {
472 mTopLevelPrincipal = aParentWGP->DocumentPrincipal();
473 }
474 }
475
476 mInnerWindowID = aParentWGP->InnerWindowId();
477 mDocumentHasUserInteracted = aParentWGP->DocumentHasUserInteracted();
478
479 // if the document forces all mixed content to be blocked, then we
480 // store that bit for all requests on the loadinfo.
481 mBlockAllMixedContent = aParentWGP->GetDocumentBlockAllMixedContent();
482
483 // if the document forces all requests to be upgraded from http to https,
484 // then we should do that for all requests. If it only forces preloads to be
485 // upgraded then we should enforce upgrade insecure requests only for
486 // preloads.
487 mUpgradeInsecureRequests = aParentWGP->GetDocumentUpgradeInsecureRequests();
488 mOriginAttributes = mLoadingPrincipal->OriginAttributesRef();
489
490 // We need to do this after inheriting the document's origin attributes
491 // above, in case the loading principal ends up being the system principal.
492 if (parentBC->IsContent()) {
493 mOriginAttributes.SyncAttributesWithPrivateBrowsing(
494 parentBC->UsePrivateBrowsing());
495 }
496
497 mHttpsOnlyStatus |= aParentWGP->HttpsOnlyStatus();
498
499 // For chrome BC, the mPrivateBrowsingId remains 0 even its
500 // UsePrivateBrowsing() is true, so we only update the mPrivateBrowsingId in
501 // origin attributes if the type of the BC is content.
502 if (parentBC->IsChrome()) {
503 MOZ_ASSERT(mOriginAttributes.mPrivateBrowsingId == 0,
504 "chrome docshell shouldn't have mPrivateBrowsingId set.");
505 }
506
507 RefPtr<WindowContext> ctx = WindowContext::GetById(mInnerWindowID);
508 if (ctx) {
509 mLoadingEmbedderPolicy = ctx->GetEmbedderPolicy();
510 }
511 }
512
513 // Used for TYPE_FRAME or TYPE_IFRAME load.
LoadInfo(dom::CanonicalBrowsingContext * aBrowsingContext,nsIPrincipal * aTriggeringPrincipal,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags)514 LoadInfo::LoadInfo(dom::CanonicalBrowsingContext* aBrowsingContext,
515 nsIPrincipal* aTriggeringPrincipal,
516 nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags)
517 : LoadInfo(aBrowsingContext->GetParentWindowContext(), aTriggeringPrincipal,
518 InternalContentPolicyTypeForFrame(aBrowsingContext),
519 aSecurityFlags, aSandboxFlags) {
520 mFrameBrowsingContextID = aBrowsingContext->Id();
521 }
522
LoadInfo(const LoadInfo & rhs)523 LoadInfo::LoadInfo(const LoadInfo& rhs)
524 : mLoadingPrincipal(rhs.mLoadingPrincipal),
525 mTriggeringPrincipal(rhs.mTriggeringPrincipal),
526 mPrincipalToInherit(rhs.mPrincipalToInherit),
527 mSandboxedLoadingPrincipal(rhs.mSandboxedLoadingPrincipal),
528 mTopLevelPrincipal(rhs.mTopLevelPrincipal),
529 mTopLevelStorageAreaPrincipal(rhs.mTopLevelStorageAreaPrincipal),
530 mResultPrincipalURI(rhs.mResultPrincipalURI),
531 mCookieJarSettings(rhs.mCookieJarSettings),
532 mCspToInherit(rhs.mCspToInherit),
533 mClientInfo(rhs.mClientInfo),
534 // mReservedClientSource must be handled specially during redirect
535 // mReservedClientInfo must be handled specially during redirect
536 // mInitialClientInfo must be handled specially during redirect
537 mController(rhs.mController),
538 mPerformanceStorage(rhs.mPerformanceStorage),
539 mLoadingContext(rhs.mLoadingContext),
540 mContextForTopLevelLoad(rhs.mContextForTopLevelLoad),
541 mSecurityFlags(rhs.mSecurityFlags),
542 mSandboxFlags(rhs.mSandboxFlags),
543 mTriggeringSandboxFlags(rhs.mTriggeringSandboxFlags),
544 mInternalContentPolicyType(rhs.mInternalContentPolicyType),
545 mTainting(rhs.mTainting),
546 mBlockAllMixedContent(rhs.mBlockAllMixedContent),
547 mUpgradeInsecureRequests(rhs.mUpgradeInsecureRequests),
548 mBrowserUpgradeInsecureRequests(rhs.mBrowserUpgradeInsecureRequests),
549 mBrowserDidUpgradeInsecureRequests(
550 rhs.mBrowserDidUpgradeInsecureRequests),
551 mBrowserWouldUpgradeInsecureRequests(
552 rhs.mBrowserWouldUpgradeInsecureRequests),
553 mForceAllowDataURI(rhs.mForceAllowDataURI),
554 mAllowInsecureRedirectToDataURI(rhs.mAllowInsecureRedirectToDataURI),
555 mSkipContentPolicyCheckForWebRequest(
556 rhs.mSkipContentPolicyCheckForWebRequest),
557 mOriginalFrameSrcLoad(rhs.mOriginalFrameSrcLoad),
558 mForceInheritPrincipalDropped(rhs.mForceInheritPrincipalDropped),
559 mInnerWindowID(rhs.mInnerWindowID),
560 mBrowsingContextID(rhs.mBrowsingContextID),
561 mFrameBrowsingContextID(rhs.mFrameBrowsingContextID),
562 mInitialSecurityCheckDone(rhs.mInitialSecurityCheckDone),
563 mIsThirdPartyContext(rhs.mIsThirdPartyContext),
564 mIsThirdPartyContextToTopWindow(rhs.mIsThirdPartyContextToTopWindow),
565 mIsFormSubmission(rhs.mIsFormSubmission),
566 mSendCSPViolationEvents(rhs.mSendCSPViolationEvents),
567 mOriginAttributes(rhs.mOriginAttributes),
568 mRedirectChainIncludingInternalRedirects(
569 rhs.mRedirectChainIncludingInternalRedirects.Clone()),
570 mRedirectChain(rhs.mRedirectChain.Clone()),
571 mAncestorPrincipals(rhs.mAncestorPrincipals.Clone()),
572 mAncestorBrowsingContextIDs(rhs.mAncestorBrowsingContextIDs.Clone()),
573 mCorsUnsafeHeaders(rhs.mCorsUnsafeHeaders.Clone()),
574 mRequestBlockingReason(rhs.mRequestBlockingReason),
575 mForcePreflight(rhs.mForcePreflight),
576 mIsPreflight(rhs.mIsPreflight),
577 mLoadTriggeredFromExternal(rhs.mLoadTriggeredFromExternal),
578
579 mDocumentHasUserInteracted(rhs.mDocumentHasUserInteracted),
580 mAllowListFutureDocumentsCreatedFromThisRedirectChain(
581 rhs.mAllowListFutureDocumentsCreatedFromThisRedirectChain),
582 mNeedForCheckingAntiTrackingHeuristic(
583 rhs.mNeedForCheckingAntiTrackingHeuristic),
584 mCspNonce(rhs.mCspNonce),
585 mSkipContentSniffing(rhs.mSkipContentSniffing),
586 mHttpsOnlyStatus(rhs.mHttpsOnlyStatus),
587 mHasValidUserGestureActivation(rhs.mHasValidUserGestureActivation),
588 mAllowDeprecatedSystemRequests(rhs.mAllowDeprecatedSystemRequests),
589 mIsInDevToolsContext(rhs.mIsInDevToolsContext),
590 mParserCreatedScript(rhs.mParserCreatedScript),
591 mHasStoragePermission(rhs.mHasStoragePermission),
592 mIsMetaRefresh(rhs.mIsMetaRefresh),
593 mIsFromProcessingFrameAttributes(rhs.mIsFromProcessingFrameAttributes),
594 mIsMediaRequest(rhs.mIsMediaRequest),
595 mIsMediaInitialRequest(rhs.mIsMediaInitialRequest),
596 mIsFromObjectOrEmbed(rhs.mIsFromObjectOrEmbed),
597 mLoadingEmbedderPolicy(rhs.mLoadingEmbedderPolicy),
598 mUnstrippedURI(rhs.mUnstrippedURI) {}
599
LoadInfo(nsIPrincipal * aLoadingPrincipal,nsIPrincipal * aTriggeringPrincipal,nsIPrincipal * aPrincipalToInherit,nsIPrincipal * aSandboxedLoadingPrincipal,nsIPrincipal * aTopLevelPrincipal,nsIPrincipal * aTopLevelStorageAreaPrincipal,nsIURI * aResultPrincipalURI,nsICookieJarSettings * aCookieJarSettings,nsIContentSecurityPolicy * aCspToInherit,const Maybe<ClientInfo> & aClientInfo,const Maybe<ClientInfo> & aReservedClientInfo,const Maybe<ClientInfo> & aInitialClientInfo,const Maybe<ServiceWorkerDescriptor> & aController,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags,uint32_t aTriggeringSandboxFlags,nsContentPolicyType aContentPolicyType,LoadTainting aTainting,bool aBlockAllMixedContent,bool aUpgradeInsecureRequests,bool aBrowserUpgradeInsecureRequests,bool aBrowserDidUpgradeInsecureRequests,bool aBrowserWouldUpgradeInsecureRequests,bool aForceAllowDataURI,bool aAllowInsecureRedirectToDataURI,bool aSkipContentPolicyCheckForWebRequest,bool aOriginalFrameSrcLoad,bool aForceInheritPrincipalDropped,uint64_t aInnerWindowID,uint64_t aBrowsingContextID,uint64_t aFrameBrowsingContextID,bool aInitialSecurityCheckDone,bool aIsThirdPartyContext,bool aIsThirdPartyContextToTopWindow,bool aIsFormSubmission,bool aSendCSPViolationEvents,const OriginAttributes & aOriginAttributes,RedirectHistoryArray && aRedirectChainIncludingInternalRedirects,RedirectHistoryArray && aRedirectChain,nsTArray<nsCOMPtr<nsIPrincipal>> && aAncestorPrincipals,const nsTArray<uint64_t> & aAncestorBrowsingContextIDs,const nsTArray<nsCString> & aCorsUnsafeHeaders,bool aForcePreflight,bool aIsPreflight,bool aLoadTriggeredFromExternal,bool aServiceWorkerTaintingSynthesized,bool aDocumentHasUserInteracted,bool aAllowListFutureDocumentsCreatedFromThisRedirectChain,bool aNeedForCheckingAntiTrackingHeuristic,const nsAString & aCspNonce,bool aSkipContentSniffing,uint32_t aHttpsOnlyStatus,bool aHasValidUserGestureActivation,bool aAllowDeprecatedSystemRequests,bool aIsInDevToolsContext,bool aParserCreatedScript,bool aHasStoragePermission,bool aIsMetaRefresh,uint32_t aRequestBlockingReason,nsINode * aLoadingContext,nsILoadInfo::CrossOriginEmbedderPolicy aLoadingEmbedderPolicy,nsIURI * aUnstrippedURI)600 LoadInfo::LoadInfo(
601 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
602 nsIPrincipal* aPrincipalToInherit, nsIPrincipal* aSandboxedLoadingPrincipal,
603 nsIPrincipal* aTopLevelPrincipal,
604 nsIPrincipal* aTopLevelStorageAreaPrincipal, nsIURI* aResultPrincipalURI,
605 nsICookieJarSettings* aCookieJarSettings,
606 nsIContentSecurityPolicy* aCspToInherit,
607 const Maybe<ClientInfo>& aClientInfo,
608 const Maybe<ClientInfo>& aReservedClientInfo,
609 const Maybe<ClientInfo>& aInitialClientInfo,
610 const Maybe<ServiceWorkerDescriptor>& aController,
611 nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags,
612 uint32_t aTriggeringSandboxFlags, nsContentPolicyType aContentPolicyType,
613 LoadTainting aTainting, bool aBlockAllMixedContent,
614 bool aUpgradeInsecureRequests, bool aBrowserUpgradeInsecureRequests,
615 bool aBrowserDidUpgradeInsecureRequests,
616 bool aBrowserWouldUpgradeInsecureRequests, bool aForceAllowDataURI,
617 bool aAllowInsecureRedirectToDataURI,
618 bool aSkipContentPolicyCheckForWebRequest, bool aOriginalFrameSrcLoad,
619 bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID,
620 uint64_t aBrowsingContextID, uint64_t aFrameBrowsingContextID,
621 bool aInitialSecurityCheckDone, bool aIsThirdPartyContext,
622 bool aIsThirdPartyContextToTopWindow, bool aIsFormSubmission,
623 bool aSendCSPViolationEvents, const OriginAttributes& aOriginAttributes,
624 RedirectHistoryArray&& aRedirectChainIncludingInternalRedirects,
625 RedirectHistoryArray&& aRedirectChain,
626 nsTArray<nsCOMPtr<nsIPrincipal>>&& aAncestorPrincipals,
627 const nsTArray<uint64_t>& aAncestorBrowsingContextIDs,
628 const nsTArray<nsCString>& aCorsUnsafeHeaders, bool aForcePreflight,
629 bool aIsPreflight, bool aLoadTriggeredFromExternal,
630 bool aServiceWorkerTaintingSynthesized, bool aDocumentHasUserInteracted,
631 bool aAllowListFutureDocumentsCreatedFromThisRedirectChain,
632 bool aNeedForCheckingAntiTrackingHeuristic, const nsAString& aCspNonce,
633 bool aSkipContentSniffing, uint32_t aHttpsOnlyStatus,
634 bool aHasValidUserGestureActivation, bool aAllowDeprecatedSystemRequests,
635 bool aIsInDevToolsContext, bool aParserCreatedScript,
636 bool aHasStoragePermission, bool aIsMetaRefresh,
637 uint32_t aRequestBlockingReason, nsINode* aLoadingContext,
638 nsILoadInfo::CrossOriginEmbedderPolicy aLoadingEmbedderPolicy,
639 nsIURI* aUnstrippedURI)
640 : mLoadingPrincipal(aLoadingPrincipal),
641 mTriggeringPrincipal(aTriggeringPrincipal),
642 mPrincipalToInherit(aPrincipalToInherit),
643 mTopLevelPrincipal(aTopLevelPrincipal),
644 mTopLevelStorageAreaPrincipal(aTopLevelStorageAreaPrincipal),
645 mResultPrincipalURI(aResultPrincipalURI),
646 mCookieJarSettings(aCookieJarSettings),
647 mCspToInherit(aCspToInherit),
648 mClientInfo(aClientInfo),
649 mReservedClientInfo(aReservedClientInfo),
650 mInitialClientInfo(aInitialClientInfo),
651 mController(aController),
652 mLoadingContext(do_GetWeakReference(aLoadingContext)),
653 mSecurityFlags(aSecurityFlags),
654 mSandboxFlags(aSandboxFlags),
655 mTriggeringSandboxFlags(aTriggeringSandboxFlags),
656 mInternalContentPolicyType(aContentPolicyType),
657 mTainting(aTainting),
658 mBlockAllMixedContent(aBlockAllMixedContent),
659 mUpgradeInsecureRequests(aUpgradeInsecureRequests),
660 mBrowserUpgradeInsecureRequests(aBrowserUpgradeInsecureRequests),
661 mBrowserDidUpgradeInsecureRequests(aBrowserDidUpgradeInsecureRequests),
662 mBrowserWouldUpgradeInsecureRequests(
663 aBrowserWouldUpgradeInsecureRequests),
664 mForceAllowDataURI(aForceAllowDataURI),
665 mAllowInsecureRedirectToDataURI(aAllowInsecureRedirectToDataURI),
666 mSkipContentPolicyCheckForWebRequest(
667 aSkipContentPolicyCheckForWebRequest),
668 mOriginalFrameSrcLoad(aOriginalFrameSrcLoad),
669 mForceInheritPrincipalDropped(aForceInheritPrincipalDropped),
670 mInnerWindowID(aInnerWindowID),
671 mBrowsingContextID(aBrowsingContextID),
672 mFrameBrowsingContextID(aFrameBrowsingContextID),
673 mInitialSecurityCheckDone(aInitialSecurityCheckDone),
674 mIsThirdPartyContext(aIsThirdPartyContext),
675 mIsThirdPartyContextToTopWindow(aIsThirdPartyContextToTopWindow),
676 mIsFormSubmission(aIsFormSubmission),
677 mSendCSPViolationEvents(aSendCSPViolationEvents),
678 mOriginAttributes(aOriginAttributes),
679 mRedirectChainIncludingInternalRedirects(
680 std::move(aRedirectChainIncludingInternalRedirects)),
681 mRedirectChain(std::move(aRedirectChain)),
682 mAncestorPrincipals(std::move(aAncestorPrincipals)),
683 mAncestorBrowsingContextIDs(aAncestorBrowsingContextIDs.Clone()),
684 mCorsUnsafeHeaders(aCorsUnsafeHeaders.Clone()),
685 mRequestBlockingReason(aRequestBlockingReason),
686 mForcePreflight(aForcePreflight),
687 mIsPreflight(aIsPreflight),
688 mLoadTriggeredFromExternal(aLoadTriggeredFromExternal),
689 mServiceWorkerTaintingSynthesized(aServiceWorkerTaintingSynthesized),
690 mDocumentHasUserInteracted(aDocumentHasUserInteracted),
691 mAllowListFutureDocumentsCreatedFromThisRedirectChain(
692 aAllowListFutureDocumentsCreatedFromThisRedirectChain),
693 mNeedForCheckingAntiTrackingHeuristic(
694 aNeedForCheckingAntiTrackingHeuristic),
695 mCspNonce(aCspNonce),
696 mSkipContentSniffing(aSkipContentSniffing),
697 mHttpsOnlyStatus(aHttpsOnlyStatus),
698 mHasValidUserGestureActivation(aHasValidUserGestureActivation),
699 mAllowDeprecatedSystemRequests(aAllowDeprecatedSystemRequests),
700 mIsInDevToolsContext(aIsInDevToolsContext),
701 mParserCreatedScript(aParserCreatedScript),
702 mHasStoragePermission(aHasStoragePermission),
703 mIsMetaRefresh(aIsMetaRefresh),
704
705 mLoadingEmbedderPolicy(aLoadingEmbedderPolicy),
706 mUnstrippedURI(aUnstrippedURI) {
707 // Only top level TYPE_DOCUMENT loads can have a null loadingPrincipal
708 MOZ_ASSERT(mLoadingPrincipal ||
709 aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT);
710 MOZ_ASSERT(mTriggeringPrincipal);
711 }
712
713 // static
ComputeAncestors(CanonicalBrowsingContext * aBC,nsTArray<nsCOMPtr<nsIPrincipal>> & aAncestorPrincipals,nsTArray<uint64_t> & aBrowsingContextIDs)714 void LoadInfo::ComputeAncestors(
715 CanonicalBrowsingContext* aBC,
716 nsTArray<nsCOMPtr<nsIPrincipal>>& aAncestorPrincipals,
717 nsTArray<uint64_t>& aBrowsingContextIDs) {
718 MOZ_ASSERT(aAncestorPrincipals.IsEmpty());
719 MOZ_ASSERT(aBrowsingContextIDs.IsEmpty());
720 CanonicalBrowsingContext* ancestorBC = aBC;
721 // Iterate over ancestor WindowGlobalParents, collecting principals and outer
722 // window IDs.
723 while (WindowGlobalParent* ancestorWGP =
724 ancestorBC->GetParentWindowContext()) {
725 ancestorBC = ancestorWGP->BrowsingContext();
726
727 nsCOMPtr<nsIPrincipal> parentPrincipal = ancestorWGP->DocumentPrincipal();
728 MOZ_ASSERT(parentPrincipal, "Ancestor principal is null");
729 aAncestorPrincipals.AppendElement(parentPrincipal.forget());
730 aBrowsingContextIDs.AppendElement(ancestorBC->Id());
731 }
732 }
ComputeIsThirdPartyContext(nsPIDOMWindowOuter * aOuterWindow)733 void LoadInfo::ComputeIsThirdPartyContext(nsPIDOMWindowOuter* aOuterWindow) {
734 ExtContentPolicyType type =
735 nsContentUtils::InternalContentPolicyTypeToExternal(
736 mInternalContentPolicyType);
737 if (type == ExtContentPolicy::TYPE_DOCUMENT) {
738 // Top-level loads are never third-party.
739 mIsThirdPartyContext = false;
740 return;
741 }
742
743 nsCOMPtr<mozIThirdPartyUtil> util(do_GetService(THIRDPARTYUTIL_CONTRACTID));
744 if (NS_WARN_IF(!util)) {
745 return;
746 }
747
748 util->IsThirdPartyWindow(aOuterWindow, nullptr, &mIsThirdPartyContext);
749 }
750
ComputeIsThirdPartyContext(dom::WindowGlobalParent * aGlobal)751 void LoadInfo::ComputeIsThirdPartyContext(dom::WindowGlobalParent* aGlobal) {
752 if (nsILoadInfo::GetExternalContentPolicyType() ==
753 ExtContentPolicy::TYPE_DOCUMENT) {
754 // Top-level loads are never third-party.
755 mIsThirdPartyContext = false;
756 return;
757 }
758
759 ThirdPartyUtil* thirdPartyUtil = ThirdPartyUtil::GetInstance();
760 if (!thirdPartyUtil) {
761 return;
762 }
763 thirdPartyUtil->IsThirdPartyGlobal(aGlobal, &mIsThirdPartyContext);
764 }
765
NS_IMPL_ISUPPORTS(LoadInfo,nsILoadInfo)766 NS_IMPL_ISUPPORTS(LoadInfo, nsILoadInfo)
767
768 already_AddRefed<nsILoadInfo> LoadInfo::Clone() const {
769 RefPtr<LoadInfo> copy(new LoadInfo(*this));
770 return copy.forget();
771 }
772
CloneWithNewSecFlags(nsSecurityFlags aSecurityFlags) const773 already_AddRefed<nsILoadInfo> LoadInfo::CloneWithNewSecFlags(
774 nsSecurityFlags aSecurityFlags) const {
775 RefPtr<LoadInfo> copy(new LoadInfo(*this));
776 copy->mSecurityFlags = aSecurityFlags;
777 return copy.forget();
778 }
779
CloneForNewRequest() const780 already_AddRefed<nsILoadInfo> LoadInfo::CloneForNewRequest() const {
781 RefPtr<LoadInfo> copy(new LoadInfo(*this));
782 copy->mInitialSecurityCheckDone = false;
783 copy->mRedirectChainIncludingInternalRedirects.Clear();
784 copy->mRedirectChain.Clear();
785 copy->mResultPrincipalURI = nullptr;
786 return copy.forget();
787 }
788
789 NS_IMETHODIMP
GetLoadingPrincipal(nsIPrincipal ** aLoadingPrincipal)790 LoadInfo::GetLoadingPrincipal(nsIPrincipal** aLoadingPrincipal) {
791 NS_IF_ADDREF(*aLoadingPrincipal = mLoadingPrincipal);
792 return NS_OK;
793 }
794
VirtualGetLoadingPrincipal()795 nsIPrincipal* LoadInfo::VirtualGetLoadingPrincipal() {
796 return mLoadingPrincipal;
797 }
798
799 NS_IMETHODIMP
GetTriggeringPrincipal(nsIPrincipal ** aTriggeringPrincipal)800 LoadInfo::GetTriggeringPrincipal(nsIPrincipal** aTriggeringPrincipal) {
801 *aTriggeringPrincipal = do_AddRef(mTriggeringPrincipal).take();
802 return NS_OK;
803 }
804
TriggeringPrincipal()805 nsIPrincipal* LoadInfo::TriggeringPrincipal() { return mTriggeringPrincipal; }
806
807 NS_IMETHODIMP
GetPrincipalToInherit(nsIPrincipal ** aPrincipalToInherit)808 LoadInfo::GetPrincipalToInherit(nsIPrincipal** aPrincipalToInherit) {
809 NS_IF_ADDREF(*aPrincipalToInherit = mPrincipalToInherit);
810 return NS_OK;
811 }
812
813 NS_IMETHODIMP
SetPrincipalToInherit(nsIPrincipal * aPrincipalToInherit)814 LoadInfo::SetPrincipalToInherit(nsIPrincipal* aPrincipalToInherit) {
815 MOZ_ASSERT(aPrincipalToInherit, "must be a valid principal to inherit");
816 mPrincipalToInherit = aPrincipalToInherit;
817 return NS_OK;
818 }
819
PrincipalToInherit()820 nsIPrincipal* LoadInfo::PrincipalToInherit() { return mPrincipalToInherit; }
821
FindPrincipalToInherit(nsIChannel * aChannel)822 nsIPrincipal* LoadInfo::FindPrincipalToInherit(nsIChannel* aChannel) {
823 if (mPrincipalToInherit) {
824 return mPrincipalToInherit;
825 }
826
827 nsCOMPtr<nsIURI> uri = mResultPrincipalURI;
828 if (!uri) {
829 Unused << aChannel->GetOriginalURI(getter_AddRefs(uri));
830 }
831
832 auto* prin = BasePrincipal::Cast(mTriggeringPrincipal);
833 return prin->PrincipalToInherit(uri);
834 }
835
GetSandboxedLoadingPrincipal()836 nsIPrincipal* LoadInfo::GetSandboxedLoadingPrincipal() {
837 if (!(mSandboxFlags & SANDBOXED_ORIGIN)) {
838 return nullptr;
839 }
840
841 if (!mSandboxedLoadingPrincipal) {
842 if (mLoadingPrincipal) {
843 mSandboxedLoadingPrincipal =
844 NullPrincipal::CreateWithInheritedAttributes(mLoadingPrincipal);
845 } else {
846 OriginAttributes attrs(mOriginAttributes);
847 mSandboxedLoadingPrincipal = NullPrincipal::Create(attrs);
848 }
849 }
850 MOZ_ASSERT(mSandboxedLoadingPrincipal);
851
852 return mSandboxedLoadingPrincipal;
853 }
854
GetTopLevelPrincipal()855 nsIPrincipal* LoadInfo::GetTopLevelPrincipal() { return mTopLevelPrincipal; }
856
GetTopLevelStorageAreaPrincipal()857 nsIPrincipal* LoadInfo::GetTopLevelStorageAreaPrincipal() {
858 return mTopLevelStorageAreaPrincipal;
859 }
860
861 NS_IMETHODIMP
GetLoadingDocument(Document ** aResult)862 LoadInfo::GetLoadingDocument(Document** aResult) {
863 if (nsCOMPtr<nsINode> node = do_QueryReferent(mLoadingContext)) {
864 RefPtr<Document> context = node->OwnerDoc();
865 context.forget(aResult);
866 }
867 return NS_OK;
868 }
869
LoadingNode()870 nsINode* LoadInfo::LoadingNode() {
871 nsCOMPtr<nsINode> node = do_QueryReferent(mLoadingContext);
872 return node;
873 }
874
ContextForTopLevelLoad()875 already_AddRefed<nsISupports> LoadInfo::ContextForTopLevelLoad() {
876 // Most likely you want to query LoadingNode() instead of
877 // ContextForTopLevelLoad() if this assertion fires.
878 MOZ_ASSERT(mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT,
879 "should only query this context for top level document loads");
880 nsCOMPtr<nsISupports> context = do_QueryReferent(mContextForTopLevelLoad);
881 return context.forget();
882 }
883
GetLoadingContext()884 already_AddRefed<nsISupports> LoadInfo::GetLoadingContext() {
885 nsCOMPtr<nsISupports> context;
886 if (mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT) {
887 context = ContextForTopLevelLoad();
888 } else {
889 context = LoadingNode();
890 }
891 return context.forget();
892 }
893
894 NS_IMETHODIMP
GetLoadingContextXPCOM(nsISupports ** aResult)895 LoadInfo::GetLoadingContextXPCOM(nsISupports** aResult) {
896 nsCOMPtr<nsISupports> context = GetLoadingContext();
897 context.forget(aResult);
898 return NS_OK;
899 }
900
901 NS_IMETHODIMP
GetSecurityFlags(nsSecurityFlags * aResult)902 LoadInfo::GetSecurityFlags(nsSecurityFlags* aResult) {
903 *aResult = mSecurityFlags;
904 return NS_OK;
905 }
906
907 NS_IMETHODIMP
GetSandboxFlags(uint32_t * aResult)908 LoadInfo::GetSandboxFlags(uint32_t* aResult) {
909 *aResult = mSandboxFlags;
910 return NS_OK;
911 }
912
913 NS_IMETHODIMP
GetTriggeringSandboxFlags(uint32_t * aResult)914 LoadInfo::GetTriggeringSandboxFlags(uint32_t* aResult) {
915 *aResult = mTriggeringSandboxFlags;
916 return NS_OK;
917 }
918
919 NS_IMETHODIMP
SetTriggeringSandboxFlags(uint32_t aFlags)920 LoadInfo::SetTriggeringSandboxFlags(uint32_t aFlags) {
921 mTriggeringSandboxFlags = aFlags;
922 return NS_OK;
923 }
924
925 NS_IMETHODIMP
GetSecurityMode(uint32_t * aFlags)926 LoadInfo::GetSecurityMode(uint32_t* aFlags) {
927 *aFlags = (mSecurityFlags &
928 (nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT |
929 nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED |
930 nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT |
931 nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL |
932 nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT));
933 return NS_OK;
934 }
935
936 NS_IMETHODIMP
GetIsInThirdPartyContext(bool * aIsInThirdPartyContext)937 LoadInfo::GetIsInThirdPartyContext(bool* aIsInThirdPartyContext) {
938 *aIsInThirdPartyContext = mIsThirdPartyContext;
939 return NS_OK;
940 }
941
942 NS_IMETHODIMP
SetIsInThirdPartyContext(bool aIsInThirdPartyContext)943 LoadInfo::SetIsInThirdPartyContext(bool aIsInThirdPartyContext) {
944 mIsThirdPartyContext = aIsInThirdPartyContext;
945 return NS_OK;
946 }
947
948 NS_IMETHODIMP
GetIsThirdPartyContextToTopWindow(bool * aIsThirdPartyContextToTopWindow)949 LoadInfo::GetIsThirdPartyContextToTopWindow(
950 bool* aIsThirdPartyContextToTopWindow) {
951 *aIsThirdPartyContextToTopWindow = mIsThirdPartyContextToTopWindow;
952 return NS_OK;
953 }
954
955 NS_IMETHODIMP
SetIsThirdPartyContextToTopWindow(bool aIsThirdPartyContextToTopWindow)956 LoadInfo::SetIsThirdPartyContextToTopWindow(
957 bool aIsThirdPartyContextToTopWindow) {
958 mIsThirdPartyContextToTopWindow = aIsThirdPartyContextToTopWindow;
959 return NS_OK;
960 }
961
962 static const uint32_t sCookiePolicyMask =
963 nsILoadInfo::SEC_COOKIES_DEFAULT | nsILoadInfo::SEC_COOKIES_INCLUDE |
964 nsILoadInfo::SEC_COOKIES_SAME_ORIGIN | nsILoadInfo::SEC_COOKIES_OMIT;
965
966 NS_IMETHODIMP
GetCookiePolicy(uint32_t * aResult)967 LoadInfo::GetCookiePolicy(uint32_t* aResult) {
968 uint32_t policy = mSecurityFlags & sCookiePolicyMask;
969 if (policy == nsILoadInfo::SEC_COOKIES_DEFAULT) {
970 policy = (mSecurityFlags & SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT)
971 ? nsILoadInfo::SEC_COOKIES_SAME_ORIGIN
972 : nsILoadInfo::SEC_COOKIES_INCLUDE;
973 }
974
975 *aResult = policy;
976 return NS_OK;
977 }
978
979 namespace {
980
CreateCookieJarSettings(nsContentPolicyType aContentPolicyType,bool aIsPrivate)981 already_AddRefed<nsICookieJarSettings> CreateCookieJarSettings(
982 nsContentPolicyType aContentPolicyType, bool aIsPrivate) {
983 if (StaticPrefs::network_cookieJarSettings_unblocked_for_testing()) {
984 return aIsPrivate ? CookieJarSettings::Create(CookieJarSettings::ePrivate)
985 : CookieJarSettings::Create(CookieJarSettings::eRegular);
986 }
987
988 // These contentPolictTypes require a real CookieJarSettings because favicon
989 // and save-as requests must send cookies. Anything else should not
990 // send/receive cookies.
991 if (aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON ||
992 aContentPolicyType == nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD) {
993 return aIsPrivate ? CookieJarSettings::Create(CookieJarSettings::ePrivate)
994 : CookieJarSettings::Create(CookieJarSettings::eRegular);
995 }
996
997 return CookieJarSettings::GetBlockingAll();
998 }
999
1000 } // namespace
1001
1002 NS_IMETHODIMP
GetCookieJarSettings(nsICookieJarSettings ** aCookieJarSettings)1003 LoadInfo::GetCookieJarSettings(nsICookieJarSettings** aCookieJarSettings) {
1004 if (!mCookieJarSettings) {
1005 bool isPrivate = mOriginAttributes.mPrivateBrowsingId > 0;
1006 mCookieJarSettings =
1007 CreateCookieJarSettings(mInternalContentPolicyType, isPrivate);
1008 }
1009
1010 nsCOMPtr<nsICookieJarSettings> cookieJarSettings = mCookieJarSettings;
1011 cookieJarSettings.forget(aCookieJarSettings);
1012 return NS_OK;
1013 }
1014
1015 NS_IMETHODIMP
SetCookieJarSettings(nsICookieJarSettings * aCookieJarSettings)1016 LoadInfo::SetCookieJarSettings(nsICookieJarSettings* aCookieJarSettings) {
1017 MOZ_ASSERT(aCookieJarSettings);
1018 // We allow the overwrite of CookieJarSettings.
1019 mCookieJarSettings = aCookieJarSettings;
1020 return NS_OK;
1021 }
1022
1023 NS_IMETHODIMP
GetHasStoragePermission(bool * aHasStoragePermission)1024 LoadInfo::GetHasStoragePermission(bool* aHasStoragePermission) {
1025 *aHasStoragePermission = mHasStoragePermission;
1026 return NS_OK;
1027 }
1028
1029 NS_IMETHODIMP
SetHasStoragePermission(bool aHasStoragePermission)1030 LoadInfo::SetHasStoragePermission(bool aHasStoragePermission) {
1031 mHasStoragePermission = aHasStoragePermission;
1032 return NS_OK;
1033 }
1034
1035 NS_IMETHODIMP
GetIsMetaRefresh(bool * aIsMetaRefresh)1036 LoadInfo::GetIsMetaRefresh(bool* aIsMetaRefresh) {
1037 *aIsMetaRefresh = mIsMetaRefresh;
1038 return NS_OK;
1039 }
1040
1041 NS_IMETHODIMP
SetIsMetaRefresh(bool aIsMetaRefresh)1042 LoadInfo::SetIsMetaRefresh(bool aIsMetaRefresh) {
1043 mIsMetaRefresh = aIsMetaRefresh;
1044 return NS_OK;
1045 }
1046
SetIncludeCookiesSecFlag()1047 void LoadInfo::SetIncludeCookiesSecFlag() {
1048 MOZ_ASSERT((mSecurityFlags & sCookiePolicyMask) ==
1049 nsILoadInfo::SEC_COOKIES_DEFAULT);
1050 mSecurityFlags =
1051 (mSecurityFlags & ~sCookiePolicyMask) | nsILoadInfo::SEC_COOKIES_INCLUDE;
1052 }
1053
1054 NS_IMETHODIMP
GetForceInheritPrincipal(bool * aInheritPrincipal)1055 LoadInfo::GetForceInheritPrincipal(bool* aInheritPrincipal) {
1056 *aInheritPrincipal =
1057 (mSecurityFlags & nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL);
1058 return NS_OK;
1059 }
1060
1061 NS_IMETHODIMP
GetForceInheritPrincipalOverruleOwner(bool * aInheritPrincipal)1062 LoadInfo::GetForceInheritPrincipalOverruleOwner(bool* aInheritPrincipal) {
1063 *aInheritPrincipal =
1064 (mSecurityFlags &
1065 nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER);
1066 return NS_OK;
1067 }
1068
1069 NS_IMETHODIMP
GetLoadingSandboxed(bool * aLoadingSandboxed)1070 LoadInfo::GetLoadingSandboxed(bool* aLoadingSandboxed) {
1071 *aLoadingSandboxed = (mSandboxFlags & SANDBOXED_ORIGIN);
1072 return NS_OK;
1073 }
1074
1075 NS_IMETHODIMP
GetAboutBlankInherits(bool * aResult)1076 LoadInfo::GetAboutBlankInherits(bool* aResult) {
1077 *aResult = (mSecurityFlags & nsILoadInfo::SEC_ABOUT_BLANK_INHERITS);
1078 return NS_OK;
1079 }
1080
1081 NS_IMETHODIMP
GetAllowChrome(bool * aResult)1082 LoadInfo::GetAllowChrome(bool* aResult) {
1083 *aResult = (mSecurityFlags & nsILoadInfo::SEC_ALLOW_CHROME);
1084 return NS_OK;
1085 }
1086
1087 NS_IMETHODIMP
GetDisallowScript(bool * aResult)1088 LoadInfo::GetDisallowScript(bool* aResult) {
1089 *aResult = (mSecurityFlags & nsILoadInfo::SEC_DISALLOW_SCRIPT);
1090 return NS_OK;
1091 }
1092
1093 NS_IMETHODIMP
GetDontFollowRedirects(bool * aResult)1094 LoadInfo::GetDontFollowRedirects(bool* aResult) {
1095 *aResult = (mSecurityFlags & nsILoadInfo::SEC_DONT_FOLLOW_REDIRECTS);
1096 return NS_OK;
1097 }
1098
1099 NS_IMETHODIMP
GetLoadErrorPage(bool * aResult)1100 LoadInfo::GetLoadErrorPage(bool* aResult) {
1101 *aResult = (mSecurityFlags & nsILoadInfo::SEC_LOAD_ERROR_PAGE);
1102 return NS_OK;
1103 }
1104
1105 NS_IMETHODIMP
GetIsFormSubmission(bool * aResult)1106 LoadInfo::GetIsFormSubmission(bool* aResult) {
1107 *aResult = mIsFormSubmission;
1108 return NS_OK;
1109 }
1110
1111 NS_IMETHODIMP
SetIsFormSubmission(bool aValue)1112 LoadInfo::SetIsFormSubmission(bool aValue) {
1113 mIsFormSubmission = aValue;
1114 return NS_OK;
1115 }
1116
1117 NS_IMETHODIMP
GetSendCSPViolationEvents(bool * aResult)1118 LoadInfo::GetSendCSPViolationEvents(bool* aResult) {
1119 *aResult = mSendCSPViolationEvents;
1120 return NS_OK;
1121 }
1122
1123 NS_IMETHODIMP
SetSendCSPViolationEvents(bool aValue)1124 LoadInfo::SetSendCSPViolationEvents(bool aValue) {
1125 mSendCSPViolationEvents = aValue;
1126 return NS_OK;
1127 }
1128
1129 NS_IMETHODIMP
GetExternalContentPolicyType(nsContentPolicyType * aResult)1130 LoadInfo::GetExternalContentPolicyType(nsContentPolicyType* aResult) {
1131 // We have to use nsContentPolicyType because ExtContentPolicyType is not
1132 // visible from xpidl.
1133 *aResult = static_cast<nsContentPolicyType>(
1134 nsContentUtils::InternalContentPolicyTypeToExternal(
1135 mInternalContentPolicyType));
1136 return NS_OK;
1137 }
1138
InternalContentPolicyType()1139 nsContentPolicyType LoadInfo::InternalContentPolicyType() {
1140 return mInternalContentPolicyType;
1141 }
1142
1143 NS_IMETHODIMP
GetBlockAllMixedContent(bool * aResult)1144 LoadInfo::GetBlockAllMixedContent(bool* aResult) {
1145 *aResult = mBlockAllMixedContent;
1146 return NS_OK;
1147 }
1148
1149 NS_IMETHODIMP
GetUpgradeInsecureRequests(bool * aResult)1150 LoadInfo::GetUpgradeInsecureRequests(bool* aResult) {
1151 *aResult = mUpgradeInsecureRequests;
1152 return NS_OK;
1153 }
1154
1155 NS_IMETHODIMP
GetBrowserUpgradeInsecureRequests(bool * aResult)1156 LoadInfo::GetBrowserUpgradeInsecureRequests(bool* aResult) {
1157 *aResult = mBrowserUpgradeInsecureRequests;
1158 return NS_OK;
1159 }
1160
1161 NS_IMETHODIMP
GetBrowserDidUpgradeInsecureRequests(bool * aResult)1162 LoadInfo::GetBrowserDidUpgradeInsecureRequests(bool* aResult) {
1163 *aResult = mBrowserDidUpgradeInsecureRequests;
1164 return NS_OK;
1165 }
1166
1167 NS_IMETHODIMP
GetBrowserWouldUpgradeInsecureRequests(bool * aResult)1168 LoadInfo::GetBrowserWouldUpgradeInsecureRequests(bool* aResult) {
1169 *aResult = mBrowserWouldUpgradeInsecureRequests;
1170 return NS_OK;
1171 }
1172
1173 NS_IMETHODIMP
SetForceAllowDataURI(bool aForceAllowDataURI)1174 LoadInfo::SetForceAllowDataURI(bool aForceAllowDataURI) {
1175 MOZ_ASSERT(!mForceAllowDataURI ||
1176 mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT,
1177 "can only allow data URI navigation for TYPE_DOCUMENT");
1178 mForceAllowDataURI = aForceAllowDataURI;
1179 return NS_OK;
1180 }
1181
1182 NS_IMETHODIMP
GetForceAllowDataURI(bool * aForceAllowDataURI)1183 LoadInfo::GetForceAllowDataURI(bool* aForceAllowDataURI) {
1184 *aForceAllowDataURI = mForceAllowDataURI;
1185 return NS_OK;
1186 }
1187
1188 NS_IMETHODIMP
SetAllowInsecureRedirectToDataURI(bool aAllowInsecureRedirectToDataURI)1189 LoadInfo::SetAllowInsecureRedirectToDataURI(
1190 bool aAllowInsecureRedirectToDataURI) {
1191 mAllowInsecureRedirectToDataURI = aAllowInsecureRedirectToDataURI;
1192 return NS_OK;
1193 }
1194
1195 NS_IMETHODIMP
GetAllowInsecureRedirectToDataURI(bool * aAllowInsecureRedirectToDataURI)1196 LoadInfo::GetAllowInsecureRedirectToDataURI(
1197 bool* aAllowInsecureRedirectToDataURI) {
1198 *aAllowInsecureRedirectToDataURI = mAllowInsecureRedirectToDataURI;
1199 return NS_OK;
1200 }
1201
1202 NS_IMETHODIMP
SetSkipContentPolicyCheckForWebRequest(bool aSkip)1203 LoadInfo::SetSkipContentPolicyCheckForWebRequest(bool aSkip) {
1204 mSkipContentPolicyCheckForWebRequest = aSkip;
1205 return NS_OK;
1206 }
1207
1208 NS_IMETHODIMP
GetSkipContentPolicyCheckForWebRequest(bool * aSkip)1209 LoadInfo::GetSkipContentPolicyCheckForWebRequest(bool* aSkip) {
1210 *aSkip = mSkipContentPolicyCheckForWebRequest;
1211 return NS_OK;
1212 }
1213
1214 NS_IMETHODIMP
SetOriginalFrameSrcLoad(bool aOriginalFrameSrcLoad)1215 LoadInfo::SetOriginalFrameSrcLoad(bool aOriginalFrameSrcLoad) {
1216 mOriginalFrameSrcLoad = aOriginalFrameSrcLoad;
1217 return NS_OK;
1218 }
1219
1220 NS_IMETHODIMP
GetOriginalFrameSrcLoad(bool * aOriginalFrameSrcLoad)1221 LoadInfo::GetOriginalFrameSrcLoad(bool* aOriginalFrameSrcLoad) {
1222 *aOriginalFrameSrcLoad = mOriginalFrameSrcLoad;
1223 return NS_OK;
1224 }
1225
1226 NS_IMETHODIMP
GetForceInheritPrincipalDropped(bool * aResult)1227 LoadInfo::GetForceInheritPrincipalDropped(bool* aResult) {
1228 *aResult = mForceInheritPrincipalDropped;
1229 return NS_OK;
1230 }
1231
1232 NS_IMETHODIMP
GetInnerWindowID(uint64_t * aResult)1233 LoadInfo::GetInnerWindowID(uint64_t* aResult) {
1234 *aResult = mInnerWindowID;
1235 return NS_OK;
1236 }
1237
1238 NS_IMETHODIMP
GetBrowsingContextID(uint64_t * aResult)1239 LoadInfo::GetBrowsingContextID(uint64_t* aResult) {
1240 *aResult = mBrowsingContextID;
1241 return NS_OK;
1242 }
1243
1244 NS_IMETHODIMP
GetFrameBrowsingContextID(uint64_t * aResult)1245 LoadInfo::GetFrameBrowsingContextID(uint64_t* aResult) {
1246 *aResult = mFrameBrowsingContextID;
1247 return NS_OK;
1248 }
1249
1250 NS_IMETHODIMP
GetTargetBrowsingContextID(uint64_t * aResult)1251 LoadInfo::GetTargetBrowsingContextID(uint64_t* aResult) {
1252 return (nsILoadInfo::GetExternalContentPolicyType() ==
1253 ExtContentPolicy::TYPE_SUBDOCUMENT)
1254 ? GetFrameBrowsingContextID(aResult)
1255 : GetBrowsingContextID(aResult);
1256 }
1257
1258 NS_IMETHODIMP
GetBrowsingContext(dom::BrowsingContext ** aResult)1259 LoadInfo::GetBrowsingContext(dom::BrowsingContext** aResult) {
1260 *aResult = BrowsingContext::Get(mBrowsingContextID).take();
1261 return NS_OK;
1262 }
1263
1264 NS_IMETHODIMP
GetFrameBrowsingContext(dom::BrowsingContext ** aResult)1265 LoadInfo::GetFrameBrowsingContext(dom::BrowsingContext** aResult) {
1266 *aResult = BrowsingContext::Get(mFrameBrowsingContextID).take();
1267 return NS_OK;
1268 }
1269
1270 NS_IMETHODIMP
GetTargetBrowsingContext(dom::BrowsingContext ** aResult)1271 LoadInfo::GetTargetBrowsingContext(dom::BrowsingContext** aResult) {
1272 uint64_t targetBrowsingContextID = 0;
1273 MOZ_ALWAYS_SUCCEEDS(GetTargetBrowsingContextID(&targetBrowsingContextID));
1274 *aResult = BrowsingContext::Get(targetBrowsingContextID).take();
1275 return NS_OK;
1276 }
1277
1278 NS_IMETHODIMP
GetScriptableOriginAttributes(JSContext * aCx,JS::MutableHandle<JS::Value> aOriginAttributes)1279 LoadInfo::GetScriptableOriginAttributes(
1280 JSContext* aCx, JS::MutableHandle<JS::Value> aOriginAttributes) {
1281 if (NS_WARN_IF(!ToJSValue(aCx, mOriginAttributes, aOriginAttributes))) {
1282 return NS_ERROR_FAILURE;
1283 }
1284 return NS_OK;
1285 }
1286
1287 NS_IMETHODIMP
ResetPrincipalToInheritToNullPrincipal()1288 LoadInfo::ResetPrincipalToInheritToNullPrincipal() {
1289 // take the originAttributes from the LoadInfo and create
1290 // a new NullPrincipal using those origin attributes.
1291 nsCOMPtr<nsIPrincipal> newNullPrincipal =
1292 NullPrincipal::Create(mOriginAttributes);
1293
1294 mPrincipalToInherit = newNullPrincipal;
1295
1296 // setting SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER will overrule
1297 // any non null owner set on the channel and will return the principal
1298 // form the loadinfo instead.
1299 mSecurityFlags |= SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER;
1300
1301 return NS_OK;
1302 }
1303
1304 NS_IMETHODIMP
SetScriptableOriginAttributes(JSContext * aCx,JS::Handle<JS::Value> aOriginAttributes)1305 LoadInfo::SetScriptableOriginAttributes(
1306 JSContext* aCx, JS::Handle<JS::Value> aOriginAttributes) {
1307 OriginAttributes attrs;
1308 if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
1309 return NS_ERROR_INVALID_ARG;
1310 }
1311
1312 mOriginAttributes = attrs;
1313 return NS_OK;
1314 }
1315
GetOriginAttributes(mozilla::OriginAttributes * aOriginAttributes)1316 nsresult LoadInfo::GetOriginAttributes(
1317 mozilla::OriginAttributes* aOriginAttributes) {
1318 NS_ENSURE_ARG(aOriginAttributes);
1319 *aOriginAttributes = mOriginAttributes;
1320 return NS_OK;
1321 }
1322
SetOriginAttributes(const mozilla::OriginAttributes & aOriginAttributes)1323 nsresult LoadInfo::SetOriginAttributes(
1324 const mozilla::OriginAttributes& aOriginAttributes) {
1325 mOriginAttributes = aOriginAttributes;
1326 return NS_OK;
1327 }
1328
1329 NS_IMETHODIMP
SetInitialSecurityCheckDone(bool aInitialSecurityCheckDone)1330 LoadInfo::SetInitialSecurityCheckDone(bool aInitialSecurityCheckDone) {
1331 // Indicates whether the channel was ever evaluated by the
1332 // ContentSecurityManager. Once set to true, this flag must
1333 // remain true throughout the lifetime of the channel.
1334 // Setting it to anything else than true will be discarded.
1335 MOZ_ASSERT(aInitialSecurityCheckDone,
1336 "aInitialSecurityCheckDone must be true");
1337 mInitialSecurityCheckDone =
1338 mInitialSecurityCheckDone || aInitialSecurityCheckDone;
1339 return NS_OK;
1340 }
1341
1342 NS_IMETHODIMP
GetInitialSecurityCheckDone(bool * aResult)1343 LoadInfo::GetInitialSecurityCheckDone(bool* aResult) {
1344 *aResult = mInitialSecurityCheckDone;
1345 return NS_OK;
1346 }
1347
1348 NS_IMETHODIMP
AppendRedirectHistoryEntry(nsIRedirectHistoryEntry * aEntry,bool aIsInternalRedirect)1349 LoadInfo::AppendRedirectHistoryEntry(nsIRedirectHistoryEntry* aEntry,
1350 bool aIsInternalRedirect) {
1351 NS_ENSURE_ARG(aEntry);
1352 MOZ_ASSERT(NS_IsMainThread());
1353
1354 mRedirectChainIncludingInternalRedirects.AppendElement(aEntry);
1355 if (!aIsInternalRedirect) {
1356 mRedirectChain.AppendElement(aEntry);
1357 }
1358 return NS_OK;
1359 }
1360
1361 NS_IMETHODIMP
GetRedirects(JSContext * aCx,JS::MutableHandle<JS::Value> aRedirects,const RedirectHistoryArray & aArray)1362 LoadInfo::GetRedirects(JSContext* aCx, JS::MutableHandle<JS::Value> aRedirects,
1363 const RedirectHistoryArray& aArray) {
1364 JS::Rooted<JSObject*> redirects(aCx,
1365 JS::NewArrayObject(aCx, aArray.Length()));
1366 NS_ENSURE_TRUE(redirects, NS_ERROR_OUT_OF_MEMORY);
1367
1368 JS::Rooted<JSObject*> global(aCx, JS::CurrentGlobalOrNull(aCx));
1369 NS_ENSURE_TRUE(global, NS_ERROR_UNEXPECTED);
1370
1371 nsCOMPtr<nsIXPConnect> xpc = nsIXPConnect::XPConnect();
1372
1373 for (size_t idx = 0; idx < aArray.Length(); idx++) {
1374 JS::RootedObject jsobj(aCx);
1375 nsresult rv =
1376 xpc->WrapNative(aCx, global, aArray[idx],
1377 NS_GET_IID(nsIRedirectHistoryEntry), jsobj.address());
1378 NS_ENSURE_SUCCESS(rv, rv);
1379 NS_ENSURE_STATE(jsobj);
1380
1381 bool rc = JS_DefineElement(aCx, redirects, idx, jsobj, JSPROP_ENUMERATE);
1382 NS_ENSURE_TRUE(rc, NS_ERROR_UNEXPECTED);
1383 }
1384
1385 aRedirects.setObject(*redirects);
1386 return NS_OK;
1387 }
1388
1389 NS_IMETHODIMP
GetRedirectChainIncludingInternalRedirects(JSContext * aCx,JS::MutableHandle<JS::Value> aChain)1390 LoadInfo::GetRedirectChainIncludingInternalRedirects(
1391 JSContext* aCx, JS::MutableHandle<JS::Value> aChain) {
1392 return GetRedirects(aCx, aChain, mRedirectChainIncludingInternalRedirects);
1393 }
1394
1395 const RedirectHistoryArray&
RedirectChainIncludingInternalRedirects()1396 LoadInfo::RedirectChainIncludingInternalRedirects() {
1397 return mRedirectChainIncludingInternalRedirects;
1398 }
1399
1400 NS_IMETHODIMP
GetRedirectChain(JSContext * aCx,JS::MutableHandle<JS::Value> aChain)1401 LoadInfo::GetRedirectChain(JSContext* aCx,
1402 JS::MutableHandle<JS::Value> aChain) {
1403 return GetRedirects(aCx, aChain, mRedirectChain);
1404 }
1405
RedirectChain()1406 const RedirectHistoryArray& LoadInfo::RedirectChain() { return mRedirectChain; }
1407
AncestorPrincipals()1408 const nsTArray<nsCOMPtr<nsIPrincipal>>& LoadInfo::AncestorPrincipals() {
1409 return mAncestorPrincipals;
1410 }
1411
AncestorBrowsingContextIDs()1412 const nsTArray<uint64_t>& LoadInfo::AncestorBrowsingContextIDs() {
1413 return mAncestorBrowsingContextIDs;
1414 }
1415
SetCorsPreflightInfo(const nsTArray<nsCString> & aHeaders,bool aForcePreflight)1416 void LoadInfo::SetCorsPreflightInfo(const nsTArray<nsCString>& aHeaders,
1417 bool aForcePreflight) {
1418 MOZ_ASSERT(GetSecurityMode() ==
1419 nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT);
1420 MOZ_ASSERT(!mInitialSecurityCheckDone);
1421 mCorsUnsafeHeaders = aHeaders.Clone();
1422 mForcePreflight = aForcePreflight;
1423 }
1424
CorsUnsafeHeaders()1425 const nsTArray<nsCString>& LoadInfo::CorsUnsafeHeaders() {
1426 return mCorsUnsafeHeaders;
1427 }
1428
1429 NS_IMETHODIMP
GetForcePreflight(bool * aForcePreflight)1430 LoadInfo::GetForcePreflight(bool* aForcePreflight) {
1431 *aForcePreflight = mForcePreflight;
1432 return NS_OK;
1433 }
1434
SetIsPreflight()1435 void LoadInfo::SetIsPreflight() {
1436 MOZ_ASSERT(GetSecurityMode() ==
1437 nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT);
1438 MOZ_ASSERT(!mInitialSecurityCheckDone);
1439 mIsPreflight = true;
1440 }
1441
SetUpgradeInsecureRequests(bool aValue)1442 void LoadInfo::SetUpgradeInsecureRequests(bool aValue) {
1443 mUpgradeInsecureRequests = aValue;
1444 }
1445
SetBrowserUpgradeInsecureRequests()1446 void LoadInfo::SetBrowserUpgradeInsecureRequests() {
1447 mBrowserUpgradeInsecureRequests = true;
1448 }
1449
1450 NS_IMETHODIMP
SetBrowserDidUpgradeInsecureRequests(bool aBrowserDidUpgradeInsecureRequests)1451 LoadInfo::SetBrowserDidUpgradeInsecureRequests(
1452 bool aBrowserDidUpgradeInsecureRequests) {
1453 mBrowserDidUpgradeInsecureRequests = aBrowserDidUpgradeInsecureRequests;
1454 return NS_OK;
1455 }
1456
SetBrowserWouldUpgradeInsecureRequests()1457 void LoadInfo::SetBrowserWouldUpgradeInsecureRequests() {
1458 mBrowserWouldUpgradeInsecureRequests = true;
1459 }
1460
1461 NS_IMETHODIMP
GetIsPreflight(bool * aIsPreflight)1462 LoadInfo::GetIsPreflight(bool* aIsPreflight) {
1463 *aIsPreflight = mIsPreflight;
1464 return NS_OK;
1465 }
1466
1467 NS_IMETHODIMP
SetLoadTriggeredFromExternal(bool aLoadTriggeredFromExternal)1468 LoadInfo::SetLoadTriggeredFromExternal(bool aLoadTriggeredFromExternal) {
1469 MOZ_ASSERT(!aLoadTriggeredFromExternal ||
1470 mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT,
1471 "can only set load triggered from external for TYPE_DOCUMENT");
1472 mLoadTriggeredFromExternal = aLoadTriggeredFromExternal;
1473 return NS_OK;
1474 }
1475
1476 NS_IMETHODIMP
GetLoadTriggeredFromExternal(bool * aLoadTriggeredFromExternal)1477 LoadInfo::GetLoadTriggeredFromExternal(bool* aLoadTriggeredFromExternal) {
1478 *aLoadTriggeredFromExternal = mLoadTriggeredFromExternal;
1479 return NS_OK;
1480 }
1481
1482 NS_IMETHODIMP
GetServiceWorkerTaintingSynthesized(bool * aServiceWorkerTaintingSynthesized)1483 LoadInfo::GetServiceWorkerTaintingSynthesized(
1484 bool* aServiceWorkerTaintingSynthesized) {
1485 MOZ_ASSERT(aServiceWorkerTaintingSynthesized);
1486 *aServiceWorkerTaintingSynthesized = mServiceWorkerTaintingSynthesized;
1487 return NS_OK;
1488 }
1489
1490 NS_IMETHODIMP
GetTainting(uint32_t * aTaintingOut)1491 LoadInfo::GetTainting(uint32_t* aTaintingOut) {
1492 MOZ_ASSERT(aTaintingOut);
1493 *aTaintingOut = static_cast<uint32_t>(mTainting);
1494 return NS_OK;
1495 }
1496
1497 NS_IMETHODIMP
MaybeIncreaseTainting(uint32_t aTainting)1498 LoadInfo::MaybeIncreaseTainting(uint32_t aTainting) {
1499 NS_ENSURE_ARG(aTainting <= TAINTING_OPAQUE);
1500
1501 // Skip if the tainting has been set by the service worker.
1502 if (mServiceWorkerTaintingSynthesized) {
1503 return NS_OK;
1504 }
1505
1506 LoadTainting tainting = static_cast<LoadTainting>(aTainting);
1507 if (tainting > mTainting) {
1508 mTainting = tainting;
1509 }
1510 return NS_OK;
1511 }
1512
SynthesizeServiceWorkerTainting(LoadTainting aTainting)1513 void LoadInfo::SynthesizeServiceWorkerTainting(LoadTainting aTainting) {
1514 MOZ_DIAGNOSTIC_ASSERT(aTainting <= LoadTainting::Opaque);
1515 mTainting = aTainting;
1516
1517 // Flag to prevent the tainting from being increased.
1518 mServiceWorkerTaintingSynthesized = true;
1519 }
1520
1521 NS_IMETHODIMP
GetDocumentHasUserInteracted(bool * aDocumentHasUserInteracted)1522 LoadInfo::GetDocumentHasUserInteracted(bool* aDocumentHasUserInteracted) {
1523 MOZ_ASSERT(aDocumentHasUserInteracted);
1524 *aDocumentHasUserInteracted = mDocumentHasUserInteracted;
1525 return NS_OK;
1526 }
1527
1528 NS_IMETHODIMP
SetDocumentHasUserInteracted(bool aDocumentHasUserInteracted)1529 LoadInfo::SetDocumentHasUserInteracted(bool aDocumentHasUserInteracted) {
1530 mDocumentHasUserInteracted = aDocumentHasUserInteracted;
1531 return NS_OK;
1532 }
1533
1534 NS_IMETHODIMP
GetAllowListFutureDocumentsCreatedFromThisRedirectChain(bool * aValue)1535 LoadInfo::GetAllowListFutureDocumentsCreatedFromThisRedirectChain(
1536 bool* aValue) {
1537 MOZ_ASSERT(aValue);
1538 *aValue = mAllowListFutureDocumentsCreatedFromThisRedirectChain;
1539 return NS_OK;
1540 }
1541
1542 NS_IMETHODIMP
SetAllowListFutureDocumentsCreatedFromThisRedirectChain(bool aValue)1543 LoadInfo::SetAllowListFutureDocumentsCreatedFromThisRedirectChain(bool aValue) {
1544 mAllowListFutureDocumentsCreatedFromThisRedirectChain = aValue;
1545 return NS_OK;
1546 }
1547
1548 NS_IMETHODIMP
GetNeedForCheckingAntiTrackingHeuristic(bool * aValue)1549 LoadInfo::GetNeedForCheckingAntiTrackingHeuristic(bool* aValue) {
1550 MOZ_ASSERT(aValue);
1551 *aValue = mNeedForCheckingAntiTrackingHeuristic;
1552 return NS_OK;
1553 }
1554
1555 NS_IMETHODIMP
SetNeedForCheckingAntiTrackingHeuristic(bool aValue)1556 LoadInfo::SetNeedForCheckingAntiTrackingHeuristic(bool aValue) {
1557 mNeedForCheckingAntiTrackingHeuristic = aValue;
1558 return NS_OK;
1559 }
1560
1561 NS_IMETHODIMP
GetCspNonce(nsAString & aCspNonce)1562 LoadInfo::GetCspNonce(nsAString& aCspNonce) {
1563 aCspNonce = mCspNonce;
1564 return NS_OK;
1565 }
1566
1567 NS_IMETHODIMP
SetCspNonce(const nsAString & aCspNonce)1568 LoadInfo::SetCspNonce(const nsAString& aCspNonce) {
1569 MOZ_ASSERT(!mInitialSecurityCheckDone,
1570 "setting the nonce is only allowed before any sec checks");
1571 mCspNonce = aCspNonce;
1572 return NS_OK;
1573 }
1574
1575 NS_IMETHODIMP
GetSkipContentSniffing(bool * aSkipContentSniffing)1576 LoadInfo::GetSkipContentSniffing(bool* aSkipContentSniffing) {
1577 *aSkipContentSniffing = mSkipContentSniffing;
1578 return NS_OK;
1579 }
1580
1581 NS_IMETHODIMP
SetSkipContentSniffing(bool aSkipContentSniffing)1582 LoadInfo::SetSkipContentSniffing(bool aSkipContentSniffing) {
1583 mSkipContentSniffing = aSkipContentSniffing;
1584 return NS_OK;
1585 }
1586
1587 NS_IMETHODIMP
GetHttpsOnlyStatus(uint32_t * aHttpsOnlyStatus)1588 LoadInfo::GetHttpsOnlyStatus(uint32_t* aHttpsOnlyStatus) {
1589 *aHttpsOnlyStatus = mHttpsOnlyStatus;
1590 return NS_OK;
1591 }
1592
1593 NS_IMETHODIMP
SetHttpsOnlyStatus(uint32_t aHttpsOnlyStatus)1594 LoadInfo::SetHttpsOnlyStatus(uint32_t aHttpsOnlyStatus) {
1595 mHttpsOnlyStatus = aHttpsOnlyStatus;
1596 return NS_OK;
1597 }
1598
1599 NS_IMETHODIMP
GetHasValidUserGestureActivation(bool * aHasValidUserGestureActivation)1600 LoadInfo::GetHasValidUserGestureActivation(
1601 bool* aHasValidUserGestureActivation) {
1602 *aHasValidUserGestureActivation = mHasValidUserGestureActivation;
1603 return NS_OK;
1604 }
1605
1606 NS_IMETHODIMP
SetHasValidUserGestureActivation(bool aHasValidUserGestureActivation)1607 LoadInfo::SetHasValidUserGestureActivation(
1608 bool aHasValidUserGestureActivation) {
1609 mHasValidUserGestureActivation = aHasValidUserGestureActivation;
1610 return NS_OK;
1611 }
1612
1613 NS_IMETHODIMP
GetAllowDeprecatedSystemRequests(bool * aAllowDeprecatedSystemRequests)1614 LoadInfo::GetAllowDeprecatedSystemRequests(
1615 bool* aAllowDeprecatedSystemRequests) {
1616 *aAllowDeprecatedSystemRequests = mAllowDeprecatedSystemRequests;
1617 return NS_OK;
1618 }
1619
1620 NS_IMETHODIMP
SetAllowDeprecatedSystemRequests(bool aAllowDeprecatedSystemRequests)1621 LoadInfo::SetAllowDeprecatedSystemRequests(
1622 bool aAllowDeprecatedSystemRequests) {
1623 mAllowDeprecatedSystemRequests = aAllowDeprecatedSystemRequests;
1624 return NS_OK;
1625 }
1626
1627 NS_IMETHODIMP
GetIsInDevToolsContext(bool * aIsInDevToolsContext)1628 LoadInfo::GetIsInDevToolsContext(bool* aIsInDevToolsContext) {
1629 *aIsInDevToolsContext = mIsInDevToolsContext;
1630 return NS_OK;
1631 }
1632
1633 NS_IMETHODIMP
SetIsInDevToolsContext(bool aIsInDevToolsContext)1634 LoadInfo::SetIsInDevToolsContext(bool aIsInDevToolsContext) {
1635 mIsInDevToolsContext = aIsInDevToolsContext;
1636 return NS_OK;
1637 }
1638
1639 NS_IMETHODIMP
GetParserCreatedScript(bool * aParserCreatedScript)1640 LoadInfo::GetParserCreatedScript(bool* aParserCreatedScript) {
1641 *aParserCreatedScript = mParserCreatedScript;
1642 return NS_OK;
1643 }
1644
1645 NS_IMETHODIMP
SetParserCreatedScript(bool aParserCreatedScript)1646 LoadInfo::SetParserCreatedScript(bool aParserCreatedScript) {
1647 mParserCreatedScript = aParserCreatedScript;
1648 return NS_OK;
1649 }
1650
1651 NS_IMETHODIMP
GetIsTopLevelLoad(bool * aResult)1652 LoadInfo::GetIsTopLevelLoad(bool* aResult) {
1653 RefPtr<dom::BrowsingContext> bc;
1654 GetTargetBrowsingContext(getter_AddRefs(bc));
1655 *aResult = !bc || bc->IsTop();
1656 return NS_OK;
1657 }
1658
SetIsFromProcessingFrameAttributes()1659 void LoadInfo::SetIsFromProcessingFrameAttributes() {
1660 mIsFromProcessingFrameAttributes = true;
1661 }
1662
1663 NS_IMETHODIMP
GetIsFromProcessingFrameAttributes(bool * aIsFromProcessingFrameAttributes)1664 LoadInfo::GetIsFromProcessingFrameAttributes(
1665 bool* aIsFromProcessingFrameAttributes) {
1666 MOZ_ASSERT(aIsFromProcessingFrameAttributes);
1667 *aIsFromProcessingFrameAttributes = mIsFromProcessingFrameAttributes;
1668 return NS_OK;
1669 }
1670
1671 NS_IMETHODIMP
SetIsMediaRequest(bool aIsMediaRequest)1672 LoadInfo::SetIsMediaRequest(bool aIsMediaRequest) {
1673 mIsMediaRequest = aIsMediaRequest;
1674 return NS_OK;
1675 }
1676
1677 NS_IMETHODIMP
GetIsMediaRequest(bool * aIsMediaRequest)1678 LoadInfo::GetIsMediaRequest(bool* aIsMediaRequest) {
1679 MOZ_ASSERT(aIsMediaRequest);
1680 *aIsMediaRequest = mIsMediaRequest;
1681 return NS_OK;
1682 }
1683
1684 NS_IMETHODIMP
SetIsMediaInitialRequest(bool aIsMediaInitialRequest)1685 LoadInfo::SetIsMediaInitialRequest(bool aIsMediaInitialRequest) {
1686 mIsMediaInitialRequest = aIsMediaInitialRequest;
1687 return NS_OK;
1688 }
1689
1690 NS_IMETHODIMP
GetIsMediaInitialRequest(bool * aIsMediaInitialRequest)1691 LoadInfo::GetIsMediaInitialRequest(bool* aIsMediaInitialRequest) {
1692 MOZ_ASSERT(aIsMediaInitialRequest);
1693 *aIsMediaInitialRequest = mIsMediaInitialRequest;
1694 return NS_OK;
1695 }
1696
1697 NS_IMETHODIMP
SetIsFromObjectOrEmbed(bool aIsFromObjectOrEmbed)1698 LoadInfo::SetIsFromObjectOrEmbed(bool aIsFromObjectOrEmbed) {
1699 mIsFromObjectOrEmbed = aIsFromObjectOrEmbed;
1700 return NS_OK;
1701 }
1702
1703 NS_IMETHODIMP
GetIsFromObjectOrEmbed(bool * aIsFromObjectOrEmbed)1704 LoadInfo::GetIsFromObjectOrEmbed(bool* aIsFromObjectOrEmbed) {
1705 MOZ_ASSERT(aIsFromObjectOrEmbed);
1706 *aIsFromObjectOrEmbed = mIsFromObjectOrEmbed;
1707 return NS_OK;
1708 }
1709
1710 NS_IMETHODIMP
GetResultPrincipalURI(nsIURI ** aURI)1711 LoadInfo::GetResultPrincipalURI(nsIURI** aURI) {
1712 NS_IF_ADDREF(*aURI = mResultPrincipalURI);
1713 return NS_OK;
1714 }
1715
1716 NS_IMETHODIMP
SetResultPrincipalURI(nsIURI * aURI)1717 LoadInfo::SetResultPrincipalURI(nsIURI* aURI) {
1718 mResultPrincipalURI = aURI;
1719 return NS_OK;
1720 }
1721
1722 NS_IMETHODIMP
SetRequestBlockingReason(uint32_t aReason)1723 LoadInfo::SetRequestBlockingReason(uint32_t aReason) {
1724 mRequestBlockingReason = aReason;
1725 return NS_OK;
1726 }
1727 NS_IMETHODIMP
GetRequestBlockingReason(uint32_t * aReason)1728 LoadInfo::GetRequestBlockingReason(uint32_t* aReason) {
1729 *aReason = mRequestBlockingReason;
1730 return NS_OK;
1731 }
1732
1733 NS_IMETHODIMP
GetUnstrippedURI(nsIURI ** aURI)1734 LoadInfo::GetUnstrippedURI(nsIURI** aURI) {
1735 *aURI = do_AddRef(mUnstrippedURI).take();
1736 return NS_OK;
1737 }
1738
1739 NS_IMETHODIMP
SetUnstrippedURI(nsIURI * aURI)1740 LoadInfo::SetUnstrippedURI(nsIURI* aURI) {
1741 mUnstrippedURI = aURI;
1742 return NS_OK;
1743 }
1744
SetClientInfo(const ClientInfo & aClientInfo)1745 void LoadInfo::SetClientInfo(const ClientInfo& aClientInfo) {
1746 mClientInfo.emplace(aClientInfo);
1747 }
1748
GetClientInfo()1749 const Maybe<ClientInfo>& LoadInfo::GetClientInfo() { return mClientInfo; }
1750
GiveReservedClientSource(UniquePtr<ClientSource> && aClientSource)1751 void LoadInfo::GiveReservedClientSource(
1752 UniquePtr<ClientSource>&& aClientSource) {
1753 MOZ_DIAGNOSTIC_ASSERT(aClientSource);
1754 mReservedClientSource = std::move(aClientSource);
1755 SetReservedClientInfo(mReservedClientSource->Info());
1756 }
1757
TakeReservedClientSource()1758 UniquePtr<ClientSource> LoadInfo::TakeReservedClientSource() {
1759 if (mReservedClientSource) {
1760 // If the reserved ClientInfo was set due to a ClientSource being present,
1761 // then clear that info object when the ClientSource is taken.
1762 mReservedClientInfo.reset();
1763 }
1764 return std::move(mReservedClientSource);
1765 }
1766
SetReservedClientInfo(const ClientInfo & aClientInfo)1767 void LoadInfo::SetReservedClientInfo(const ClientInfo& aClientInfo) {
1768 MOZ_DIAGNOSTIC_ASSERT(mInitialClientInfo.isNothing());
1769 // Treat assignments of the same value as a no-op. The emplace below
1770 // will normally assert when overwriting an existing value.
1771 if (mReservedClientInfo.isSome()) {
1772 if (mReservedClientInfo.ref() == aClientInfo) {
1773 return;
1774 }
1775 MOZ_DIAGNOSTIC_ASSERT(false, "mReservedClientInfo already set");
1776 mReservedClientInfo.reset();
1777 }
1778 mReservedClientInfo.emplace(aClientInfo);
1779 }
1780
OverrideReservedClientInfoInParent(const ClientInfo & aClientInfo)1781 void LoadInfo::OverrideReservedClientInfoInParent(
1782 const ClientInfo& aClientInfo) {
1783 // This should only be called to handle redirects in the parent process.
1784 MOZ_ASSERT(XRE_GetProcessType() == GeckoProcessType_Default);
1785
1786 mInitialClientInfo.reset();
1787 mReservedClientInfo.reset();
1788 mReservedClientInfo.emplace(aClientInfo);
1789 }
1790
GetReservedClientInfo()1791 const Maybe<ClientInfo>& LoadInfo::GetReservedClientInfo() {
1792 return mReservedClientInfo;
1793 }
1794
SetInitialClientInfo(const ClientInfo & aClientInfo)1795 void LoadInfo::SetInitialClientInfo(const ClientInfo& aClientInfo) {
1796 MOZ_DIAGNOSTIC_ASSERT(!mReservedClientSource);
1797 MOZ_DIAGNOSTIC_ASSERT(mReservedClientInfo.isNothing());
1798 // Treat assignments of the same value as a no-op. The emplace below
1799 // will normally assert when overwriting an existing value.
1800 if (mInitialClientInfo.isSome() && mInitialClientInfo.ref() == aClientInfo) {
1801 return;
1802 }
1803 mInitialClientInfo.emplace(aClientInfo);
1804 }
1805
GetInitialClientInfo()1806 const Maybe<ClientInfo>& LoadInfo::GetInitialClientInfo() {
1807 return mInitialClientInfo;
1808 }
1809
SetController(const ServiceWorkerDescriptor & aServiceWorker)1810 void LoadInfo::SetController(const ServiceWorkerDescriptor& aServiceWorker) {
1811 mController.emplace(aServiceWorker);
1812 }
1813
ClearController()1814 void LoadInfo::ClearController() { mController.reset(); }
1815
GetController()1816 const Maybe<ServiceWorkerDescriptor>& LoadInfo::GetController() {
1817 return mController;
1818 }
1819
SetPerformanceStorage(PerformanceStorage * aPerformanceStorage)1820 void LoadInfo::SetPerformanceStorage(PerformanceStorage* aPerformanceStorage) {
1821 mPerformanceStorage = aPerformanceStorage;
1822 }
1823
GetPerformanceStorage()1824 PerformanceStorage* LoadInfo::GetPerformanceStorage() {
1825 if (mPerformanceStorage) {
1826 return mPerformanceStorage;
1827 }
1828
1829 auto* innerWindow = nsGlobalWindowInner::GetInnerWindowWithId(mInnerWindowID);
1830 if (!innerWindow) {
1831 return nullptr;
1832 }
1833
1834 if (!TriggeringPrincipal()->Equals(innerWindow->GetPrincipal())) {
1835 return nullptr;
1836 }
1837
1838 if (nsILoadInfo::GetExternalContentPolicyType() ==
1839 ExtContentPolicy::TYPE_SUBDOCUMENT &&
1840 !GetIsFromProcessingFrameAttributes()) {
1841 // We only report loads caused by processing the attributes of the
1842 // browsing context container.
1843 return nullptr;
1844 }
1845
1846 mozilla::dom::Performance* performance = innerWindow->GetPerformance();
1847 if (!performance) {
1848 return nullptr;
1849 }
1850
1851 return performance->AsPerformanceStorage();
1852 }
1853
1854 NS_IMETHODIMP
GetCspEventListener(nsICSPEventListener ** aCSPEventListener)1855 LoadInfo::GetCspEventListener(nsICSPEventListener** aCSPEventListener) {
1856 NS_IF_ADDREF(*aCSPEventListener = mCSPEventListener);
1857 return NS_OK;
1858 }
1859
1860 NS_IMETHODIMP
SetCspEventListener(nsICSPEventListener * aCSPEventListener)1861 LoadInfo::SetCspEventListener(nsICSPEventListener* aCSPEventListener) {
1862 mCSPEventListener = aCSPEventListener;
1863 return NS_OK;
1864 }
1865
1866 NS_IMETHODIMP
GetInternalContentPolicyType(nsContentPolicyType * aResult)1867 LoadInfo::GetInternalContentPolicyType(nsContentPolicyType* aResult) {
1868 *aResult = mInternalContentPolicyType;
1869 return NS_OK;
1870 }
1871
1872 NS_IMETHODIMP
GetLoadingEmbedderPolicy(nsILoadInfo::CrossOriginEmbedderPolicy * aOutPolicy)1873 LoadInfo::GetLoadingEmbedderPolicy(
1874 nsILoadInfo::CrossOriginEmbedderPolicy* aOutPolicy) {
1875 *aOutPolicy = mLoadingEmbedderPolicy;
1876 return NS_OK;
1877 }
1878
1879 NS_IMETHODIMP
SetLoadingEmbedderPolicy(nsILoadInfo::CrossOriginEmbedderPolicy aPolicy)1880 LoadInfo::SetLoadingEmbedderPolicy(
1881 nsILoadInfo::CrossOriginEmbedderPolicy aPolicy) {
1882 mLoadingEmbedderPolicy = aPolicy;
1883 return NS_OK;
1884 }
1885
GetCsp()1886 already_AddRefed<nsIContentSecurityPolicy> LoadInfo::GetCsp() {
1887 // Before querying the CSP from the client we have to check if the
1888 // triggeringPrincipal originates from an addon and potentially
1889 // overrides the CSP stored within the client.
1890 if (mLoadingPrincipal && BasePrincipal::Cast(mTriggeringPrincipal)
1891 ->OverridesCSP(mLoadingPrincipal)) {
1892 nsCOMPtr<nsIExpandedPrincipal> ep = do_QueryInterface(mTriggeringPrincipal);
1893 nsCOMPtr<nsIContentSecurityPolicy> addonCSP;
1894 if (ep) {
1895 addonCSP = ep->GetCsp();
1896 }
1897 return addonCSP.forget();
1898 }
1899
1900 if (mClientInfo.isNothing()) {
1901 return nullptr;
1902 }
1903
1904 nsCOMPtr<nsINode> node = do_QueryReferent(mLoadingContext);
1905 RefPtr<Document> doc = node ? node->OwnerDoc() : nullptr;
1906
1907 // If the client is of type window, then we return the cached CSP
1908 // stored on the document instead of having to deserialize the CSP
1909 // from the ClientInfo.
1910 if (doc && mClientInfo->Type() == ClientType::Window) {
1911 nsCOMPtr<nsIContentSecurityPolicy> docCSP = doc->GetCsp();
1912 return docCSP.forget();
1913 }
1914
1915 Maybe<mozilla::ipc::CSPInfo> cspInfo = mClientInfo->GetCspInfo();
1916 if (cspInfo.isNothing()) {
1917 return nullptr;
1918 }
1919 nsCOMPtr<nsIContentSecurityPolicy> clientCSP =
1920 CSPInfoToCSP(cspInfo.ref(), doc);
1921 return clientCSP.forget();
1922 }
1923
GetPreloadCsp()1924 already_AddRefed<nsIContentSecurityPolicy> LoadInfo::GetPreloadCsp() {
1925 if (mClientInfo.isNothing()) {
1926 return nullptr;
1927 }
1928
1929 nsCOMPtr<nsINode> node = do_QueryReferent(mLoadingContext);
1930 RefPtr<Document> doc = node ? node->OwnerDoc() : nullptr;
1931
1932 // If the client is of type window, then we return the cached CSP
1933 // stored on the document instead of having to deserialize the CSP
1934 // from the ClientInfo.
1935 if (doc && mClientInfo->Type() == ClientType::Window) {
1936 nsCOMPtr<nsIContentSecurityPolicy> preloadCsp = doc->GetPreloadCsp();
1937 return preloadCsp.forget();
1938 }
1939
1940 Maybe<mozilla::ipc::CSPInfo> cspInfo = mClientInfo->GetPreloadCspInfo();
1941 if (cspInfo.isNothing()) {
1942 return nullptr;
1943 }
1944 nsCOMPtr<nsIContentSecurityPolicy> preloadCSP =
1945 CSPInfoToCSP(cspInfo.ref(), doc);
1946 return preloadCSP.forget();
1947 }
1948
GetCspToInherit()1949 already_AddRefed<nsIContentSecurityPolicy> LoadInfo::GetCspToInherit() {
1950 nsCOMPtr<nsIContentSecurityPolicy> cspToInherit = mCspToInherit;
1951 return cspToInherit.forget();
1952 }
1953
1954 } // namespace net
1955 } // namespace mozilla
1956