1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "mozilla/LoadInfo.h"
8
9 #include "js/Array.h" // JS::NewArrayObject
10 #include "js/PropertyAndElement.h" // JS_DefineElement
11 #include "mozilla/Assertions.h"
12 #include "mozilla/ExpandedPrincipal.h"
13 #include "mozilla/dom/CanonicalBrowsingContext.h"
14 #include "mozilla/dom/ClientIPCTypes.h"
15 #include "mozilla/dom/ClientSource.h"
16 #include "mozilla/dom/Performance.h"
17 #include "mozilla/dom/PerformanceStorage.h"
18 #include "mozilla/dom/BrowserChild.h"
19 #include "mozilla/dom/ToJSValue.h"
20 #include "mozilla/dom/BrowsingContext.h"
21 #include "mozilla/dom/WindowGlobalParent.h"
22 #include "mozilla/net/CookieJarSettings.h"
23 #include "mozilla/NullPrincipal.h"
24 #include "mozilla/StaticPrefs_network.h"
25 #include "mozilla/StaticPrefs_security.h"
26 #include "mozIThirdPartyUtil.h"
27 #include "ThirdPartyUtil.h"
28 #include "nsFrameLoader.h"
29 #include "nsFrameLoaderOwner.h"
30 #include "nsIContentSecurityPolicy.h"
31 #include "nsIDocShell.h"
32 #include "mozilla/dom/Document.h"
33 #include "nsIHttpChannel.h"
34 #include "nsIHttpChannelInternal.h"
35 #include "nsIInterfaceRequestorUtils.h"
36 #include "nsIScriptElement.h"
37 #include "nsISupportsImpl.h"
38 #include "nsISupportsUtils.h"
39 #include "nsIXPConnect.h"
40 #include "nsDocShell.h"
41 #include "nsGlobalWindow.h"
42 #include "nsMixedContentBlocker.h"
43 #include "nsQueryObject.h"
44 #include "nsRedirectHistoryEntry.h"
45 #include "nsSandboxFlags.h"
46 #include "nsICookieService.h"
47
48 using namespace mozilla::dom;
49
50 namespace mozilla {
51 namespace net {
52
InternalContentPolicyTypeForFrame(CanonicalBrowsingContext * aBrowsingContext)53 static nsContentPolicyType InternalContentPolicyTypeForFrame(
54 CanonicalBrowsingContext* aBrowsingContext) {
55 const auto& maybeEmbedderElementType =
56 aBrowsingContext->GetEmbedderElementType();
57 MOZ_ASSERT(maybeEmbedderElementType.isSome());
58 auto embedderElementType = maybeEmbedderElementType.value();
59
60 // Assign same type as in nsDocShell::DetermineContentType.
61 // N.B. internal content policy type will never be TYPE_DOCUMENT
62 return embedderElementType.EqualsLiteral("iframe")
63 ? nsIContentPolicy::TYPE_INTERNAL_IFRAME
64 : nsIContentPolicy::TYPE_INTERNAL_FRAME;
65 }
66
CreateForDocument(dom::CanonicalBrowsingContext * aBrowsingContext,nsIPrincipal * aTriggeringPrincipal,const OriginAttributes & aOriginAttributes,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags)67 /* static */ already_AddRefed<LoadInfo> LoadInfo::CreateForDocument(
68 dom::CanonicalBrowsingContext* aBrowsingContext,
69 nsIPrincipal* aTriggeringPrincipal,
70 const OriginAttributes& aOriginAttributes, nsSecurityFlags aSecurityFlags,
71 uint32_t aSandboxFlags) {
72 return MakeAndAddRef<LoadInfo>(aBrowsingContext, aTriggeringPrincipal,
73 aOriginAttributes, aSecurityFlags,
74 aSandboxFlags);
75 }
76
CreateForFrame(dom::CanonicalBrowsingContext * aBrowsingContext,nsIPrincipal * aTriggeringPrincipal,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags)77 /* static */ already_AddRefed<LoadInfo> LoadInfo::CreateForFrame(
78 dom::CanonicalBrowsingContext* aBrowsingContext,
79 nsIPrincipal* aTriggeringPrincipal, nsSecurityFlags aSecurityFlags,
80 uint32_t aSandboxFlags) {
81 return MakeAndAddRef<LoadInfo>(aBrowsingContext, aTriggeringPrincipal,
82 aSecurityFlags, aSandboxFlags);
83 }
84
CreateForNonDocument(dom::WindowGlobalParent * aParentWGP,nsIPrincipal * aTriggeringPrincipal,nsContentPolicyType aContentPolicyType,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags)85 /* static */ already_AddRefed<LoadInfo> LoadInfo::CreateForNonDocument(
86 dom::WindowGlobalParent* aParentWGP, nsIPrincipal* aTriggeringPrincipal,
87 nsContentPolicyType aContentPolicyType, nsSecurityFlags aSecurityFlags,
88 uint32_t aSandboxFlags) {
89 return MakeAndAddRef<LoadInfo>(aParentWGP, aTriggeringPrincipal,
90 aContentPolicyType, aSecurityFlags,
91 aSandboxFlags);
92 }
93
LoadInfo(nsIPrincipal * aLoadingPrincipal,nsIPrincipal * aTriggeringPrincipal,nsINode * aLoadingContext,nsSecurityFlags aSecurityFlags,nsContentPolicyType aContentPolicyType,const Maybe<mozilla::dom::ClientInfo> & aLoadingClientInfo,const Maybe<mozilla::dom::ServiceWorkerDescriptor> & aController,uint32_t aSandboxFlags)94 LoadInfo::LoadInfo(
95 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
96 nsINode* aLoadingContext, nsSecurityFlags aSecurityFlags,
97 nsContentPolicyType aContentPolicyType,
98 const Maybe<mozilla::dom::ClientInfo>& aLoadingClientInfo,
99 const Maybe<mozilla::dom::ServiceWorkerDescriptor>& aController,
100 uint32_t aSandboxFlags)
101 : mLoadingPrincipal(aLoadingContext ? aLoadingContext->NodePrincipal()
102 : aLoadingPrincipal),
103 mTriggeringPrincipal(aTriggeringPrincipal ? aTriggeringPrincipal
104 : mLoadingPrincipal.get()),
105 mSandboxedNullPrincipalID(nsID::GenerateUUID()),
106 mClientInfo(aLoadingClientInfo),
107 mController(aController),
108 mLoadingContext(do_GetWeakReference(aLoadingContext)),
109 mSecurityFlags(aSecurityFlags),
110 mSandboxFlags(aSandboxFlags),
111
112 mInternalContentPolicyType(aContentPolicyType) {
113 MOZ_ASSERT(mLoadingPrincipal);
114 MOZ_ASSERT(mTriggeringPrincipal);
115
116 #ifdef DEBUG
117 // TYPE_DOCUMENT loads initiated by javascript tests will go through
118 // nsIOService and use the wrong constructor. Don't enforce the
119 // !TYPE_DOCUMENT check in those cases
120 bool skipContentTypeCheck = false;
121 skipContentTypeCheck =
122 Preferences::GetBool("network.loadinfo.skip_type_assertion");
123 #endif
124
125 // This constructor shouldn't be used for TYPE_DOCUMENT loads that don't
126 // have a loadingPrincipal
127 MOZ_ASSERT(skipContentTypeCheck || mLoadingPrincipal ||
128 mInternalContentPolicyType != nsIContentPolicy::TYPE_DOCUMENT);
129
130 // We should only get an explicit controller for subresource requests.
131 MOZ_DIAGNOSTIC_ASSERT(aController.isNothing() ||
132 !nsContentUtils::IsNonSubresourceInternalPolicyType(
133 mInternalContentPolicyType));
134
135 // TODO(bug 1259873): Above, we initialize mIsThirdPartyContext to false
136 // meaning that consumers of LoadInfo that don't pass a context or pass a
137 // context from which we can't find a window will default to assuming that
138 // they're 1st party. It would be nice if we could default "safe" and assume
139 // that we are 3rd party until proven otherwise.
140
141 // if consumers pass both, aLoadingContext and aLoadingPrincipal
142 // then the loadingPrincipal must be the same as the node's principal
143 MOZ_ASSERT(!aLoadingContext || !aLoadingPrincipal ||
144 aLoadingContext->NodePrincipal() == aLoadingPrincipal);
145
146 // if the load is sandboxed, we can not also inherit the principal
147 if (mSandboxFlags & SANDBOXED_ORIGIN) {
148 mForceInheritPrincipalDropped =
149 (mSecurityFlags & nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL);
150 mSecurityFlags &= ~nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
151 }
152
153 ExtContentPolicyType externalType =
154 nsContentUtils::InternalContentPolicyTypeToExternal(aContentPolicyType);
155
156 if (aLoadingContext) {
157 // Ensure that all network requests for a window client have the ClientInfo
158 // properly set. Workers must currently pass the loading ClientInfo
159 // explicitly. We allow main thread requests to explicitly pass the value as
160 // well.
161 if (mClientInfo.isNothing()) {
162 mClientInfo = aLoadingContext->OwnerDoc()->GetClientInfo();
163 }
164
165 // For subresource loads set the service worker based on the calling
166 // context's controller. Workers must currently pass the controller in
167 // explicitly. We allow main thread requests to explicitly pass the value
168 // as well, but otherwise extract from the loading context here.
169 if (mController.isNothing() &&
170 !nsContentUtils::IsNonSubresourceInternalPolicyType(
171 mInternalContentPolicyType)) {
172 mController = aLoadingContext->OwnerDoc()->GetController();
173 }
174
175 nsCOMPtr<nsPIDOMWindowOuter> contextOuter =
176 aLoadingContext->OwnerDoc()->GetWindow();
177 if (contextOuter) {
178 ComputeIsThirdPartyContext(contextOuter);
179 RefPtr<dom::BrowsingContext> bc = contextOuter->GetBrowsingContext();
180 MOZ_ASSERT(bc);
181 mBrowsingContextID = bc->Id();
182
183 nsGlobalWindowInner* innerWindow =
184 nsGlobalWindowInner::Cast(contextOuter->GetCurrentInnerWindow());
185 if (innerWindow) {
186 mTopLevelPrincipal = innerWindow->GetTopLevelAntiTrackingPrincipal();
187
188 if (!mTopLevelPrincipal &&
189 externalType == ExtContentPolicy::TYPE_SUBDOCUMENT && bc->IsTop()) {
190 // If this is the first level iframe, innerWindow is our top-level
191 // principal.
192 mTopLevelPrincipal = innerWindow->GetPrincipal();
193 }
194 }
195
196 // Let's inherit the cookie behavior and permission from the parent
197 // document.
198 mCookieJarSettings = aLoadingContext->OwnerDoc()->CookieJarSettings();
199 }
200
201 mInnerWindowID = aLoadingContext->OwnerDoc()->InnerWindowID();
202 RefPtr<WindowContext> ctx = WindowContext::GetById(mInnerWindowID);
203 if (ctx) {
204 mLoadingEmbedderPolicy = ctx->GetEmbedderPolicy();
205 }
206 mDocumentHasUserInteracted =
207 aLoadingContext->OwnerDoc()->UserHasInteracted();
208
209 // Inherit HTTPS-Only Mode flags from parent document
210 mHttpsOnlyStatus |= aLoadingContext->OwnerDoc()->HttpsOnlyStatus();
211
212 // When the element being loaded is a frame, we choose the frame's window
213 // for the window ID and the frame element's window as the parent
214 // window. This is the behavior that Chrome exposes to add-ons.
215 // NB: If the frameLoaderOwner doesn't have a frame loader, then the load
216 // must be coming from an object (such as a plugin) that's loaded into it
217 // instead of a document being loaded. In that case, treat this object like
218 // any other non-document-loading element.
219 RefPtr<nsFrameLoaderOwner> frameLoaderOwner =
220 do_QueryObject(aLoadingContext);
221 RefPtr<nsFrameLoader> fl =
222 frameLoaderOwner ? frameLoaderOwner->GetFrameLoader() : nullptr;
223 if (fl) {
224 nsCOMPtr<nsIDocShell> docShell = fl->GetDocShell(IgnoreErrors());
225 if (docShell) {
226 nsCOMPtr<nsPIDOMWindowOuter> outerWindow = do_GetInterface(docShell);
227 if (outerWindow) {
228 RefPtr<dom::BrowsingContext> bc = outerWindow->GetBrowsingContext();
229 mFrameBrowsingContextID = bc ? bc->Id() : 0;
230 }
231 }
232 }
233
234 // if the document forces all mixed content to be blocked, then we
235 // store that bit for all requests on the loadinfo.
236 mBlockAllMixedContent =
237 aLoadingContext->OwnerDoc()->GetBlockAllMixedContent(false) ||
238 (nsContentUtils::IsPreloadType(mInternalContentPolicyType) &&
239 aLoadingContext->OwnerDoc()->GetBlockAllMixedContent(true));
240
241 if (mLoadingPrincipal && BasePrincipal::Cast(mTriggeringPrincipal)
242 ->OverridesCSP(mLoadingPrincipal)) {
243 // if the load is triggered by an addon which potentially overrides the
244 // CSP of the document, then do not force insecure requests to be
245 // upgraded.
246 mUpgradeInsecureRequests = false;
247 } else {
248 // if the document forces all requests to be upgraded from http to https,
249 // then we should do that for all requests. If it only forces preloads to
250 // be upgraded then we should enforce upgrade insecure requests only for
251 // preloads.
252 mUpgradeInsecureRequests =
253 aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(false) ||
254 (nsContentUtils::IsPreloadType(mInternalContentPolicyType) &&
255 aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(true));
256 }
257
258 if (nsContentUtils::IsUpgradableDisplayType(externalType)) {
259 if (mLoadingPrincipal->SchemeIs("https")) {
260 if (StaticPrefs::security_mixed_content_upgrade_display_content()) {
261 mBrowserUpgradeInsecureRequests = true;
262 } else {
263 mBrowserWouldUpgradeInsecureRequests = true;
264 }
265 }
266 }
267 }
268 mOriginAttributes = mLoadingPrincipal->OriginAttributesRef();
269
270 // We need to do this after inheriting the document's origin attributes
271 // above, in case the loading principal ends up being the system principal.
272 if (aLoadingContext) {
273 nsCOMPtr<nsILoadContext> loadContext =
274 aLoadingContext->OwnerDoc()->GetLoadContext();
275 nsCOMPtr<nsIDocShell> docShell = aLoadingContext->OwnerDoc()->GetDocShell();
276 if (loadContext && docShell &&
277 docShell->GetBrowsingContext()->IsContent()) {
278 bool usePrivateBrowsing;
279 nsresult rv = loadContext->GetUsePrivateBrowsing(&usePrivateBrowsing);
280 if (NS_SUCCEEDED(rv)) {
281 mOriginAttributes.SyncAttributesWithPrivateBrowsing(usePrivateBrowsing);
282 }
283 }
284 }
285
286 // For chrome docshell, the mPrivateBrowsingId remains 0 even its
287 // UsePrivateBrowsing() is true, so we only update the mPrivateBrowsingId in
288 // origin attributes if the type of the docshell is content.
289 if (aLoadingContext) {
290 nsCOMPtr<nsIDocShell> docShell = aLoadingContext->OwnerDoc()->GetDocShell();
291 if (docShell) {
292 if (docShell->GetBrowsingContext()->IsChrome()) {
293 MOZ_ASSERT(mOriginAttributes.mPrivateBrowsingId == 0,
294 "chrome docshell shouldn't have mPrivateBrowsingId set.");
295 }
296 }
297 }
298
299 // in case this is a loadinfo for a parser generated script, then we store
300 // that bit of information so CSP strict-dynamic can query it.
301 if (!nsContentUtils::IsPreloadType(mInternalContentPolicyType)) {
302 nsCOMPtr<nsIScriptElement> script = do_QueryInterface(aLoadingContext);
303 if (script && script->GetParserCreated() != mozilla::dom::NOT_FROM_PARSER) {
304 mParserCreatedScript = true;
305 }
306 }
307 }
308
309 /* Constructor takes an outer window, but no loadingNode or loadingPrincipal.
310 * This constructor should only be used for TYPE_DOCUMENT loads, since they
311 * have a null loadingNode and loadingPrincipal.
312 */
LoadInfo(nsPIDOMWindowOuter * aOuterWindow,nsIPrincipal * aTriggeringPrincipal,nsISupports * aContextForTopLevelLoad,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags)313 LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow,
314 nsIPrincipal* aTriggeringPrincipal,
315 nsISupports* aContextForTopLevelLoad,
316 nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags)
317 : mTriggeringPrincipal(aTriggeringPrincipal),
318 mSandboxedNullPrincipalID(nsID::GenerateUUID()),
319 mContextForTopLevelLoad(do_GetWeakReference(aContextForTopLevelLoad)),
320 mSecurityFlags(aSecurityFlags),
321 mSandboxFlags(aSandboxFlags),
322
323 mInternalContentPolicyType(nsIContentPolicy::TYPE_DOCUMENT) {
324 // Top-level loads are never third-party
325 // Grab the information we can out of the window.
326 MOZ_ASSERT(aOuterWindow);
327 MOZ_ASSERT(mTriggeringPrincipal);
328
329 // if the load is sandboxed, we can not also inherit the principal
330 if (mSandboxFlags & SANDBOXED_ORIGIN) {
331 mForceInheritPrincipalDropped =
332 (mSecurityFlags & nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL);
333 mSecurityFlags &= ~nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
334 }
335
336 RefPtr<BrowsingContext> bc = aOuterWindow->GetBrowsingContext();
337 mBrowsingContextID = bc ? bc->Id() : 0;
338
339 // This should be removed in bug 1618557
340 nsGlobalWindowInner* innerWindow =
341 nsGlobalWindowInner::Cast(aOuterWindow->GetCurrentInnerWindow());
342 if (innerWindow) {
343 mTopLevelPrincipal = innerWindow->GetTopLevelAntiTrackingPrincipal();
344 }
345
346 // get the docshell from the outerwindow, and then get the originattributes
347 nsCOMPtr<nsIDocShell> docShell = aOuterWindow->GetDocShell();
348 MOZ_ASSERT(docShell);
349 mOriginAttributes = nsDocShell::Cast(docShell)->GetOriginAttributes();
350
351 // We sometimes use this constructor for security checks for outer windows
352 // that aren't top level.
353 if (aSecurityFlags != nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK) {
354 MOZ_ASSERT(aOuterWindow->GetBrowsingContext()->IsTop());
355 }
356
357 #ifdef DEBUG
358 if (docShell->GetBrowsingContext()->IsChrome()) {
359 MOZ_ASSERT(mOriginAttributes.mPrivateBrowsingId == 0,
360 "chrome docshell shouldn't have mPrivateBrowsingId set.");
361 }
362 #endif
363
364 // Let's take the current cookie behavior and current cookie permission
365 // for the documents' loadInfo. Note that for any other loadInfos,
366 // cookieBehavior will be BEHAVIOR_REJECT for security reasons.
367 bool isPrivate = mOriginAttributes.mPrivateBrowsingId > 0;
368 mCookieJarSettings = CookieJarSettings::Create(
369 isPrivate ? CookieJarSettings::ePrivate : CookieJarSettings::eRegular);
370 }
371
LoadInfo(dom::CanonicalBrowsingContext * aBrowsingContext,nsIPrincipal * aTriggeringPrincipal,const OriginAttributes & aOriginAttributes,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags)372 LoadInfo::LoadInfo(dom::CanonicalBrowsingContext* aBrowsingContext,
373 nsIPrincipal* aTriggeringPrincipal,
374 const OriginAttributes& aOriginAttributes,
375 nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags)
376 : mTriggeringPrincipal(aTriggeringPrincipal),
377 mSandboxedNullPrincipalID(nsID::GenerateUUID()),
378 mSecurityFlags(aSecurityFlags),
379 mSandboxFlags(aSandboxFlags),
380
381 mInternalContentPolicyType(nsIContentPolicy::TYPE_DOCUMENT) {
382 // Top-level loads are never third-party
383 // Grab the information we can out of the window.
384 MOZ_ASSERT(aBrowsingContext);
385 MOZ_ASSERT(mTriggeringPrincipal);
386 MOZ_ASSERT(aSecurityFlags !=
387 nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK);
388
389 // if the load is sandboxed, we can not also inherit the principal
390 if (mSandboxFlags & SANDBOXED_ORIGIN) {
391 mForceInheritPrincipalDropped =
392 (mSecurityFlags & nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL);
393 mSecurityFlags &= ~nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
394 }
395
396 mBrowsingContextID = aBrowsingContext->Id();
397 mOriginAttributes = aOriginAttributes;
398
399 #ifdef DEBUG
400 if (aBrowsingContext->IsChrome()) {
401 MOZ_ASSERT(mOriginAttributes.mPrivateBrowsingId == 0,
402 "chrome docshell shouldn't have mPrivateBrowsingId set.");
403 }
404 #endif
405
406 // Let's take the current cookie behavior and current cookie permission
407 // for the documents' loadInfo. Note that for any other loadInfos,
408 // cookieBehavior will be BEHAVIOR_REJECT for security reasons.
409 bool isPrivate = mOriginAttributes.mPrivateBrowsingId > 0;
410 mCookieJarSettings = CookieJarSettings::Create(
411 isPrivate ? CookieJarSettings::ePrivate : CookieJarSettings::eRegular);
412 }
413
LoadInfo(dom::WindowGlobalParent * aParentWGP,nsIPrincipal * aTriggeringPrincipal,nsContentPolicyType aContentPolicyType,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags)414 LoadInfo::LoadInfo(dom::WindowGlobalParent* aParentWGP,
415 nsIPrincipal* aTriggeringPrincipal,
416 nsContentPolicyType aContentPolicyType,
417 nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags)
418 : mTriggeringPrincipal(aTriggeringPrincipal),
419 mSandboxedNullPrincipalID(nsID::GenerateUUID()),
420 mSecurityFlags(aSecurityFlags),
421 mSandboxFlags(aSandboxFlags),
422 mInternalContentPolicyType(aContentPolicyType) {
423 CanonicalBrowsingContext* parentBC = aParentWGP->BrowsingContext();
424 MOZ_ASSERT(parentBC);
425 ComputeAncestors(parentBC, mAncestorPrincipals, mAncestorBrowsingContextIDs);
426
427 RefPtr<WindowGlobalParent> topLevelWGP = aParentWGP->TopWindowContext();
428
429 // if the load is sandboxed, we can not also inherit the principal
430 if (mSandboxFlags & SANDBOXED_ORIGIN) {
431 mForceInheritPrincipalDropped =
432 (mSecurityFlags & nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL);
433 mSecurityFlags &= ~nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
434 }
435
436 // Ensure that all network requests for a window client have the ClientInfo
437 // properly set.
438 mClientInfo = aParentWGP->GetClientInfo();
439 mLoadingPrincipal = aParentWGP->DocumentPrincipal();
440 ComputeIsThirdPartyContext(aParentWGP);
441
442 mBrowsingContextID = parentBC->Id();
443
444 // Let's inherit the cookie behavior and permission from the embedder
445 // document.
446 mCookieJarSettings = aParentWGP->CookieJarSettings();
447 if (topLevelWGP->BrowsingContext()->IsTop()) {
448 if (mCookieJarSettings) {
449 bool stopAtOurLevel = mCookieJarSettings->GetCookieBehavior() ==
450 nsICookieService::BEHAVIOR_REJECT_TRACKER;
451 if (!stopAtOurLevel ||
452 topLevelWGP->OuterWindowId() != aParentWGP->OuterWindowId()) {
453 mTopLevelPrincipal = topLevelWGP->DocumentPrincipal();
454 }
455 }
456 }
457
458 if (!mTopLevelPrincipal && parentBC->IsTop()) {
459 // If this is the first level iframe, embedder WindowGlobalParent's document
460 // principal is our top-level principal.
461 mTopLevelPrincipal = aParentWGP->DocumentPrincipal();
462 }
463
464 mInnerWindowID = aParentWGP->InnerWindowId();
465 mDocumentHasUserInteracted = aParentWGP->DocumentHasUserInteracted();
466
467 // if the document forces all mixed content to be blocked, then we
468 // store that bit for all requests on the loadinfo.
469 mBlockAllMixedContent = aParentWGP->GetDocumentBlockAllMixedContent();
470
471 if (mTopLevelPrincipal && BasePrincipal::Cast(mTriggeringPrincipal)
472 ->OverridesCSP(mTopLevelPrincipal)) {
473 // if the load is triggered by an addon which potentially overrides the
474 // CSP of the document, then do not force insecure requests to be
475 // upgraded.
476 mUpgradeInsecureRequests = false;
477 } else {
478 // if the document forces all requests to be upgraded from http to https,
479 // then we should do that for all requests. If it only forces preloads to
480 // be upgraded then we should enforce upgrade insecure requests only for
481 // preloads.
482 mUpgradeInsecureRequests = aParentWGP->GetDocumentUpgradeInsecureRequests();
483 }
484 mOriginAttributes = mLoadingPrincipal->OriginAttributesRef();
485
486 // We need to do this after inheriting the document's origin attributes
487 // above, in case the loading principal ends up being the system principal.
488 if (parentBC->IsContent()) {
489 mOriginAttributes.SyncAttributesWithPrivateBrowsing(
490 parentBC->UsePrivateBrowsing());
491 }
492
493 mHttpsOnlyStatus |= aParentWGP->HttpsOnlyStatus();
494
495 // For chrome BC, the mPrivateBrowsingId remains 0 even its
496 // UsePrivateBrowsing() is true, so we only update the mPrivateBrowsingId in
497 // origin attributes if the type of the BC is content.
498 if (parentBC->IsChrome()) {
499 MOZ_ASSERT(mOriginAttributes.mPrivateBrowsingId == 0,
500 "chrome docshell shouldn't have mPrivateBrowsingId set.");
501 }
502
503 RefPtr<WindowContext> ctx = WindowContext::GetById(mInnerWindowID);
504 if (ctx) {
505 mLoadingEmbedderPolicy = ctx->GetEmbedderPolicy();
506 }
507 }
508
509 // Used for TYPE_FRAME or TYPE_IFRAME load.
LoadInfo(dom::CanonicalBrowsingContext * aBrowsingContext,nsIPrincipal * aTriggeringPrincipal,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags)510 LoadInfo::LoadInfo(dom::CanonicalBrowsingContext* aBrowsingContext,
511 nsIPrincipal* aTriggeringPrincipal,
512 nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags)
513 : LoadInfo(aBrowsingContext->GetParentWindowContext(), aTriggeringPrincipal,
514 InternalContentPolicyTypeForFrame(aBrowsingContext),
515 aSecurityFlags, aSandboxFlags) {
516 mFrameBrowsingContextID = aBrowsingContext->Id();
517 }
518
LoadInfo(const LoadInfo & rhs)519 LoadInfo::LoadInfo(const LoadInfo& rhs)
520 : mLoadingPrincipal(rhs.mLoadingPrincipal),
521 mTriggeringPrincipal(rhs.mTriggeringPrincipal),
522 mPrincipalToInherit(rhs.mPrincipalToInherit),
523 mTopLevelPrincipal(rhs.mTopLevelPrincipal),
524 mResultPrincipalURI(rhs.mResultPrincipalURI),
525 mChannelCreationOriginalURI(rhs.mChannelCreationOriginalURI),
526 mCookieJarSettings(rhs.mCookieJarSettings),
527 mCspToInherit(rhs.mCspToInherit),
528 mSandboxedNullPrincipalID(rhs.mSandboxedNullPrincipalID),
529 mClientInfo(rhs.mClientInfo),
530 // mReservedClientSource must be handled specially during redirect
531 // mReservedClientInfo must be handled specially during redirect
532 // mInitialClientInfo must be handled specially during redirect
533 mController(rhs.mController),
534 mPerformanceStorage(rhs.mPerformanceStorage),
535 mLoadingContext(rhs.mLoadingContext),
536 mContextForTopLevelLoad(rhs.mContextForTopLevelLoad),
537 mSecurityFlags(rhs.mSecurityFlags),
538 mSandboxFlags(rhs.mSandboxFlags),
539 mTriggeringSandboxFlags(rhs.mTriggeringSandboxFlags),
540 mInternalContentPolicyType(rhs.mInternalContentPolicyType),
541 mTainting(rhs.mTainting),
542 mBlockAllMixedContent(rhs.mBlockAllMixedContent),
543 mUpgradeInsecureRequests(rhs.mUpgradeInsecureRequests),
544 mBrowserUpgradeInsecureRequests(rhs.mBrowserUpgradeInsecureRequests),
545 mBrowserDidUpgradeInsecureRequests(
546 rhs.mBrowserDidUpgradeInsecureRequests),
547 mBrowserWouldUpgradeInsecureRequests(
548 rhs.mBrowserWouldUpgradeInsecureRequests),
549 mForceAllowDataURI(rhs.mForceAllowDataURI),
550 mAllowInsecureRedirectToDataURI(rhs.mAllowInsecureRedirectToDataURI),
551 mSkipContentPolicyCheckForWebRequest(
552 rhs.mSkipContentPolicyCheckForWebRequest),
553 mOriginalFrameSrcLoad(rhs.mOriginalFrameSrcLoad),
554 mForceInheritPrincipalDropped(rhs.mForceInheritPrincipalDropped),
555 mInnerWindowID(rhs.mInnerWindowID),
556 mBrowsingContextID(rhs.mBrowsingContextID),
557 mFrameBrowsingContextID(rhs.mFrameBrowsingContextID),
558 mInitialSecurityCheckDone(rhs.mInitialSecurityCheckDone),
559 mIsThirdPartyContext(rhs.mIsThirdPartyContext),
560 mIsThirdPartyContextToTopWindow(rhs.mIsThirdPartyContextToTopWindow),
561 mIsFormSubmission(rhs.mIsFormSubmission),
562 mSendCSPViolationEvents(rhs.mSendCSPViolationEvents),
563 mOriginAttributes(rhs.mOriginAttributes),
564 mRedirectChainIncludingInternalRedirects(
565 rhs.mRedirectChainIncludingInternalRedirects.Clone()),
566 mRedirectChain(rhs.mRedirectChain.Clone()),
567 mAncestorPrincipals(rhs.mAncestorPrincipals.Clone()),
568 mAncestorBrowsingContextIDs(rhs.mAncestorBrowsingContextIDs.Clone()),
569 mCorsUnsafeHeaders(rhs.mCorsUnsafeHeaders.Clone()),
570 mRequestBlockingReason(rhs.mRequestBlockingReason),
571 mForcePreflight(rhs.mForcePreflight),
572 mIsPreflight(rhs.mIsPreflight),
573 mLoadTriggeredFromExternal(rhs.mLoadTriggeredFromExternal),
574
575 mDocumentHasUserInteracted(rhs.mDocumentHasUserInteracted),
576 mAllowListFutureDocumentsCreatedFromThisRedirectChain(
577 rhs.mAllowListFutureDocumentsCreatedFromThisRedirectChain),
578 mNeedForCheckingAntiTrackingHeuristic(
579 rhs.mNeedForCheckingAntiTrackingHeuristic),
580 mCspNonce(rhs.mCspNonce),
581 mSkipContentSniffing(rhs.mSkipContentSniffing),
582 mHttpsOnlyStatus(rhs.mHttpsOnlyStatus),
583 mHasValidUserGestureActivation(rhs.mHasValidUserGestureActivation),
584 mAllowDeprecatedSystemRequests(rhs.mAllowDeprecatedSystemRequests),
585 mIsInDevToolsContext(rhs.mIsInDevToolsContext),
586 mParserCreatedScript(rhs.mParserCreatedScript),
587 mStoragePermission(rhs.mStoragePermission),
588 mIsMetaRefresh(rhs.mIsMetaRefresh),
589 mIsFromProcessingFrameAttributes(rhs.mIsFromProcessingFrameAttributes),
590 mIsMediaRequest(rhs.mIsMediaRequest),
591 mIsMediaInitialRequest(rhs.mIsMediaInitialRequest),
592 mIsFromObjectOrEmbed(rhs.mIsFromObjectOrEmbed),
593 mLoadingEmbedderPolicy(rhs.mLoadingEmbedderPolicy),
594 mUnstrippedURI(rhs.mUnstrippedURI) {}
595
LoadInfo(nsIPrincipal * aLoadingPrincipal,nsIPrincipal * aTriggeringPrincipal,nsIPrincipal * aPrincipalToInherit,nsIPrincipal * aTopLevelPrincipal,nsIURI * aResultPrincipalURI,nsICookieJarSettings * aCookieJarSettings,nsIContentSecurityPolicy * aCspToInherit,const nsID & aSandboxedNullPrincipalID,const Maybe<ClientInfo> & aClientInfo,const Maybe<ClientInfo> & aReservedClientInfo,const Maybe<ClientInfo> & aInitialClientInfo,const Maybe<ServiceWorkerDescriptor> & aController,nsSecurityFlags aSecurityFlags,uint32_t aSandboxFlags,uint32_t aTriggeringSandboxFlags,nsContentPolicyType aContentPolicyType,LoadTainting aTainting,bool aBlockAllMixedContent,bool aUpgradeInsecureRequests,bool aBrowserUpgradeInsecureRequests,bool aBrowserDidUpgradeInsecureRequests,bool aBrowserWouldUpgradeInsecureRequests,bool aForceAllowDataURI,bool aAllowInsecureRedirectToDataURI,bool aSkipContentPolicyCheckForWebRequest,bool aOriginalFrameSrcLoad,bool aForceInheritPrincipalDropped,uint64_t aInnerWindowID,uint64_t aBrowsingContextID,uint64_t aFrameBrowsingContextID,bool aInitialSecurityCheckDone,bool aIsThirdPartyContext,bool aIsThirdPartyContextToTopWindow,bool aIsFormSubmission,bool aSendCSPViolationEvents,const OriginAttributes & aOriginAttributes,RedirectHistoryArray && aRedirectChainIncludingInternalRedirects,RedirectHistoryArray && aRedirectChain,nsTArray<nsCOMPtr<nsIPrincipal>> && aAncestorPrincipals,const nsTArray<uint64_t> & aAncestorBrowsingContextIDs,const nsTArray<nsCString> & aCorsUnsafeHeaders,bool aForcePreflight,bool aIsPreflight,bool aLoadTriggeredFromExternal,bool aServiceWorkerTaintingSynthesized,bool aDocumentHasUserInteracted,bool aAllowListFutureDocumentsCreatedFromThisRedirectChain,bool aNeedForCheckingAntiTrackingHeuristic,const nsAString & aCspNonce,bool aSkipContentSniffing,uint32_t aHttpsOnlyStatus,bool aHasValidUserGestureActivation,bool aAllowDeprecatedSystemRequests,bool aIsInDevToolsContext,bool aParserCreatedScript,nsILoadInfo::StoragePermissionState aStoragePermission,bool aIsMetaRefresh,uint32_t aRequestBlockingReason,nsINode * aLoadingContext,nsILoadInfo::CrossOriginEmbedderPolicy aLoadingEmbedderPolicy,nsIURI * aUnstrippedURI)596 LoadInfo::LoadInfo(
597 nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
598 nsIPrincipal* aPrincipalToInherit, nsIPrincipal* aTopLevelPrincipal,
599 nsIURI* aResultPrincipalURI, nsICookieJarSettings* aCookieJarSettings,
600 nsIContentSecurityPolicy* aCspToInherit,
601 const nsID& aSandboxedNullPrincipalID, const Maybe<ClientInfo>& aClientInfo,
602 const Maybe<ClientInfo>& aReservedClientInfo,
603 const Maybe<ClientInfo>& aInitialClientInfo,
604 const Maybe<ServiceWorkerDescriptor>& aController,
605 nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags,
606 uint32_t aTriggeringSandboxFlags, nsContentPolicyType aContentPolicyType,
607 LoadTainting aTainting, bool aBlockAllMixedContent,
608 bool aUpgradeInsecureRequests, bool aBrowserUpgradeInsecureRequests,
609 bool aBrowserDidUpgradeInsecureRequests,
610 bool aBrowserWouldUpgradeInsecureRequests, bool aForceAllowDataURI,
611 bool aAllowInsecureRedirectToDataURI,
612 bool aSkipContentPolicyCheckForWebRequest, bool aOriginalFrameSrcLoad,
613 bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID,
614 uint64_t aBrowsingContextID, uint64_t aFrameBrowsingContextID,
615 bool aInitialSecurityCheckDone, bool aIsThirdPartyContext,
616 bool aIsThirdPartyContextToTopWindow, bool aIsFormSubmission,
617 bool aSendCSPViolationEvents, const OriginAttributes& aOriginAttributes,
618 RedirectHistoryArray&& aRedirectChainIncludingInternalRedirects,
619 RedirectHistoryArray&& aRedirectChain,
620 nsTArray<nsCOMPtr<nsIPrincipal>>&& aAncestorPrincipals,
621 const nsTArray<uint64_t>& aAncestorBrowsingContextIDs,
622 const nsTArray<nsCString>& aCorsUnsafeHeaders, bool aForcePreflight,
623 bool aIsPreflight, bool aLoadTriggeredFromExternal,
624 bool aServiceWorkerTaintingSynthesized, bool aDocumentHasUserInteracted,
625 bool aAllowListFutureDocumentsCreatedFromThisRedirectChain,
626 bool aNeedForCheckingAntiTrackingHeuristic, const nsAString& aCspNonce,
627 bool aSkipContentSniffing, uint32_t aHttpsOnlyStatus,
628 bool aHasValidUserGestureActivation, bool aAllowDeprecatedSystemRequests,
629 bool aIsInDevToolsContext, bool aParserCreatedScript,
630 nsILoadInfo::StoragePermissionState aStoragePermission, bool aIsMetaRefresh,
631 uint32_t aRequestBlockingReason, nsINode* aLoadingContext,
632 nsILoadInfo::CrossOriginEmbedderPolicy aLoadingEmbedderPolicy,
633 nsIURI* aUnstrippedURI)
634 : mLoadingPrincipal(aLoadingPrincipal),
635 mTriggeringPrincipal(aTriggeringPrincipal),
636 mPrincipalToInherit(aPrincipalToInherit),
637 mTopLevelPrincipal(aTopLevelPrincipal),
638 mResultPrincipalURI(aResultPrincipalURI),
639 mCookieJarSettings(aCookieJarSettings),
640 mCspToInherit(aCspToInherit),
641 mSandboxedNullPrincipalID(aSandboxedNullPrincipalID),
642 mClientInfo(aClientInfo),
643 mReservedClientInfo(aReservedClientInfo),
644 mInitialClientInfo(aInitialClientInfo),
645 mController(aController),
646 mLoadingContext(do_GetWeakReference(aLoadingContext)),
647 mSecurityFlags(aSecurityFlags),
648 mSandboxFlags(aSandboxFlags),
649 mTriggeringSandboxFlags(aTriggeringSandboxFlags),
650 mInternalContentPolicyType(aContentPolicyType),
651 mTainting(aTainting),
652 mBlockAllMixedContent(aBlockAllMixedContent),
653 mUpgradeInsecureRequests(aUpgradeInsecureRequests),
654 mBrowserUpgradeInsecureRequests(aBrowserUpgradeInsecureRequests),
655 mBrowserDidUpgradeInsecureRequests(aBrowserDidUpgradeInsecureRequests),
656 mBrowserWouldUpgradeInsecureRequests(
657 aBrowserWouldUpgradeInsecureRequests),
658 mForceAllowDataURI(aForceAllowDataURI),
659 mAllowInsecureRedirectToDataURI(aAllowInsecureRedirectToDataURI),
660 mSkipContentPolicyCheckForWebRequest(
661 aSkipContentPolicyCheckForWebRequest),
662 mOriginalFrameSrcLoad(aOriginalFrameSrcLoad),
663 mForceInheritPrincipalDropped(aForceInheritPrincipalDropped),
664 mInnerWindowID(aInnerWindowID),
665 mBrowsingContextID(aBrowsingContextID),
666 mFrameBrowsingContextID(aFrameBrowsingContextID),
667 mInitialSecurityCheckDone(aInitialSecurityCheckDone),
668 mIsThirdPartyContext(aIsThirdPartyContext),
669 mIsThirdPartyContextToTopWindow(aIsThirdPartyContextToTopWindow),
670 mIsFormSubmission(aIsFormSubmission),
671 mSendCSPViolationEvents(aSendCSPViolationEvents),
672 mOriginAttributes(aOriginAttributes),
673 mRedirectChainIncludingInternalRedirects(
674 std::move(aRedirectChainIncludingInternalRedirects)),
675 mRedirectChain(std::move(aRedirectChain)),
676 mAncestorPrincipals(std::move(aAncestorPrincipals)),
677 mAncestorBrowsingContextIDs(aAncestorBrowsingContextIDs.Clone()),
678 mCorsUnsafeHeaders(aCorsUnsafeHeaders.Clone()),
679 mRequestBlockingReason(aRequestBlockingReason),
680 mForcePreflight(aForcePreflight),
681 mIsPreflight(aIsPreflight),
682 mLoadTriggeredFromExternal(aLoadTriggeredFromExternal),
683 mServiceWorkerTaintingSynthesized(aServiceWorkerTaintingSynthesized),
684 mDocumentHasUserInteracted(aDocumentHasUserInteracted),
685 mAllowListFutureDocumentsCreatedFromThisRedirectChain(
686 aAllowListFutureDocumentsCreatedFromThisRedirectChain),
687 mNeedForCheckingAntiTrackingHeuristic(
688 aNeedForCheckingAntiTrackingHeuristic),
689 mCspNonce(aCspNonce),
690 mSkipContentSniffing(aSkipContentSniffing),
691 mHttpsOnlyStatus(aHttpsOnlyStatus),
692 mHasValidUserGestureActivation(aHasValidUserGestureActivation),
693 mAllowDeprecatedSystemRequests(aAllowDeprecatedSystemRequests),
694 mIsInDevToolsContext(aIsInDevToolsContext),
695 mParserCreatedScript(aParserCreatedScript),
696 mStoragePermission(aStoragePermission),
697 mIsMetaRefresh(aIsMetaRefresh),
698
699 mLoadingEmbedderPolicy(aLoadingEmbedderPolicy),
700 mUnstrippedURI(aUnstrippedURI) {
701 // Only top level TYPE_DOCUMENT loads can have a null loadingPrincipal
702 MOZ_ASSERT(mLoadingPrincipal ||
703 aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT);
704 MOZ_ASSERT(mTriggeringPrincipal);
705 }
706
707 // static
ComputeAncestors(CanonicalBrowsingContext * aBC,nsTArray<nsCOMPtr<nsIPrincipal>> & aAncestorPrincipals,nsTArray<uint64_t> & aBrowsingContextIDs)708 void LoadInfo::ComputeAncestors(
709 CanonicalBrowsingContext* aBC,
710 nsTArray<nsCOMPtr<nsIPrincipal>>& aAncestorPrincipals,
711 nsTArray<uint64_t>& aBrowsingContextIDs) {
712 MOZ_ASSERT(aAncestorPrincipals.IsEmpty());
713 MOZ_ASSERT(aBrowsingContextIDs.IsEmpty());
714 CanonicalBrowsingContext* ancestorBC = aBC;
715 // Iterate over ancestor WindowGlobalParents, collecting principals and outer
716 // window IDs.
717 while (WindowGlobalParent* ancestorWGP =
718 ancestorBC->GetParentWindowContext()) {
719 ancestorBC = ancestorWGP->BrowsingContext();
720
721 nsCOMPtr<nsIPrincipal> parentPrincipal = ancestorWGP->DocumentPrincipal();
722 MOZ_ASSERT(parentPrincipal, "Ancestor principal is null");
723 aAncestorPrincipals.AppendElement(parentPrincipal.forget());
724 aBrowsingContextIDs.AppendElement(ancestorBC->Id());
725 }
726 }
ComputeIsThirdPartyContext(nsPIDOMWindowOuter * aOuterWindow)727 void LoadInfo::ComputeIsThirdPartyContext(nsPIDOMWindowOuter* aOuterWindow) {
728 ExtContentPolicyType type =
729 nsContentUtils::InternalContentPolicyTypeToExternal(
730 mInternalContentPolicyType);
731 if (type == ExtContentPolicy::TYPE_DOCUMENT) {
732 // Top-level loads are never third-party.
733 mIsThirdPartyContext = false;
734 return;
735 }
736
737 nsCOMPtr<mozIThirdPartyUtil> util(do_GetService(THIRDPARTYUTIL_CONTRACTID));
738 if (NS_WARN_IF(!util)) {
739 return;
740 }
741
742 util->IsThirdPartyWindow(aOuterWindow, nullptr, &mIsThirdPartyContext);
743 }
744
ComputeIsThirdPartyContext(dom::WindowGlobalParent * aGlobal)745 void LoadInfo::ComputeIsThirdPartyContext(dom::WindowGlobalParent* aGlobal) {
746 if (nsILoadInfo::GetExternalContentPolicyType() ==
747 ExtContentPolicy::TYPE_DOCUMENT) {
748 // Top-level loads are never third-party.
749 mIsThirdPartyContext = false;
750 return;
751 }
752
753 ThirdPartyUtil* thirdPartyUtil = ThirdPartyUtil::GetInstance();
754 if (!thirdPartyUtil) {
755 return;
756 }
757 thirdPartyUtil->IsThirdPartyGlobal(aGlobal, &mIsThirdPartyContext);
758 }
759
NS_IMPL_ADDREF(LoadInfo)760 NS_IMPL_ADDREF(LoadInfo)
761
762 bool LoadInfo::DispatchRelease() {
763 if (NS_IsMainThread()) {
764 return false;
765 }
766
767 NS_DispatchToMainThread(NewNonOwningRunnableMethod("net::LoadInfo::Release",
768 this, &LoadInfo::Release),
769 NS_DISPATCH_NORMAL);
770 return true;
771 }
772
NS_IMETHODIMP_(MozExternalRefCountType)773 NS_IMETHODIMP_(MozExternalRefCountType)
774 LoadInfo::Release() {
775 nsrefcnt count = mRefCnt - 1;
776 if (DispatchRelease()) {
777 // Redispatched to main thread.
778 return count;
779 }
780
781 MOZ_ASSERT(0 != mRefCnt, "dup release");
782 count = --mRefCnt;
783 NS_LOG_RELEASE(this, count, "LoadInfo");
784
785 if (0 == count) {
786 mRefCnt = 1;
787 delete (this);
788 return 0;
789 }
790
791 return count;
792 }
793
NS_IMPL_QUERY_INTERFACE(LoadInfo,nsILoadInfo)794 NS_IMPL_QUERY_INTERFACE(LoadInfo, nsILoadInfo)
795
796 void LoadInfo::ReleaseMembers() {
797 mCSPEventListener = nullptr;
798 mCookieJarSettings = nullptr;
799 mPerformanceStorage = nullptr;
800 mLoadingPrincipal = nullptr;
801 mTriggeringPrincipal = nullptr;
802 mPrincipalToInherit = nullptr;
803 mTopLevelPrincipal = nullptr;
804 mResultPrincipalURI = nullptr;
805 mCspToInherit = nullptr;
806 mUnstrippedURI = nullptr;
807 mAncestorPrincipals.Clear();
808 }
809
~LoadInfo()810 LoadInfo::~LoadInfo() { ReleaseMembers(); }
811
Clone() const812 already_AddRefed<nsILoadInfo> LoadInfo::Clone() const {
813 RefPtr<LoadInfo> copy(new LoadInfo(*this));
814 return copy.forget();
815 }
816
CloneWithNewSecFlags(nsSecurityFlags aSecurityFlags) const817 already_AddRefed<nsILoadInfo> LoadInfo::CloneWithNewSecFlags(
818 nsSecurityFlags aSecurityFlags) const {
819 RefPtr<LoadInfo> copy(new LoadInfo(*this));
820 copy->mSecurityFlags = aSecurityFlags;
821 return copy.forget();
822 }
823
CloneForNewRequest() const824 already_AddRefed<nsILoadInfo> LoadInfo::CloneForNewRequest() const {
825 RefPtr<LoadInfo> copy(new LoadInfo(*this));
826 copy->mInitialSecurityCheckDone = false;
827 copy->mRedirectChainIncludingInternalRedirects.Clear();
828 copy->mRedirectChain.Clear();
829 copy->mResultPrincipalURI = nullptr;
830 return copy.forget();
831 }
832
833 NS_IMETHODIMP
GetLoadingPrincipal(nsIPrincipal ** aLoadingPrincipal)834 LoadInfo::GetLoadingPrincipal(nsIPrincipal** aLoadingPrincipal) {
835 *aLoadingPrincipal = do_AddRef(mLoadingPrincipal).take();
836 return NS_OK;
837 }
838
VirtualGetLoadingPrincipal()839 nsIPrincipal* LoadInfo::VirtualGetLoadingPrincipal() {
840 return mLoadingPrincipal;
841 }
842
843 NS_IMETHODIMP
GetTriggeringPrincipal(nsIPrincipal ** aTriggeringPrincipal)844 LoadInfo::GetTriggeringPrincipal(nsIPrincipal** aTriggeringPrincipal) {
845 *aTriggeringPrincipal = do_AddRef(mTriggeringPrincipal).take();
846 return NS_OK;
847 }
848
TriggeringPrincipal()849 nsIPrincipal* LoadInfo::TriggeringPrincipal() { return mTriggeringPrincipal; }
850
851 NS_IMETHODIMP
GetPrincipalToInherit(nsIPrincipal ** aPrincipalToInherit)852 LoadInfo::GetPrincipalToInherit(nsIPrincipal** aPrincipalToInherit) {
853 *aPrincipalToInherit = do_AddRef(mPrincipalToInherit).take();
854 return NS_OK;
855 }
856
857 NS_IMETHODIMP
SetPrincipalToInherit(nsIPrincipal * aPrincipalToInherit)858 LoadInfo::SetPrincipalToInherit(nsIPrincipal* aPrincipalToInherit) {
859 MOZ_ASSERT(aPrincipalToInherit, "must be a valid principal to inherit");
860 mPrincipalToInherit = aPrincipalToInherit;
861 return NS_OK;
862 }
863
PrincipalToInherit()864 nsIPrincipal* LoadInfo::PrincipalToInherit() { return mPrincipalToInherit; }
865
FindPrincipalToInherit(nsIChannel * aChannel)866 nsIPrincipal* LoadInfo::FindPrincipalToInherit(nsIChannel* aChannel) {
867 if (mPrincipalToInherit) {
868 return mPrincipalToInherit;
869 }
870
871 nsCOMPtr<nsIURI> uri = mResultPrincipalURI;
872 if (!uri) {
873 Unused << aChannel->GetOriginalURI(getter_AddRefs(uri));
874 }
875
876 auto* prin = BasePrincipal::Cast(mTriggeringPrincipal);
877 return prin->PrincipalToInherit(uri);
878 }
879
GetSandboxedNullPrincipalID()880 const nsID& LoadInfo::GetSandboxedNullPrincipalID() {
881 MOZ_ASSERT(!mSandboxedNullPrincipalID.Equals(nsID{}),
882 "mSandboxedNullPrincipalID wasn't initialized?");
883 return mSandboxedNullPrincipalID;
884 }
885
ResetSandboxedNullPrincipalID()886 void LoadInfo::ResetSandboxedNullPrincipalID() {
887 mSandboxedNullPrincipalID = nsID::GenerateUUID();
888 }
889
GetTopLevelPrincipal()890 nsIPrincipal* LoadInfo::GetTopLevelPrincipal() { return mTopLevelPrincipal; }
891
892 NS_IMETHODIMP
GetLoadingDocument(Document ** aResult)893 LoadInfo::GetLoadingDocument(Document** aResult) {
894 if (nsCOMPtr<nsINode> node = do_QueryReferent(mLoadingContext)) {
895 RefPtr<Document> context = node->OwnerDoc();
896 context.forget(aResult);
897 }
898 return NS_OK;
899 }
900
LoadingNode()901 nsINode* LoadInfo::LoadingNode() {
902 nsCOMPtr<nsINode> node = do_QueryReferent(mLoadingContext);
903 return node;
904 }
905
ContextForTopLevelLoad()906 already_AddRefed<nsISupports> LoadInfo::ContextForTopLevelLoad() {
907 // Most likely you want to query LoadingNode() instead of
908 // ContextForTopLevelLoad() if this assertion fires.
909 MOZ_ASSERT(mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT,
910 "should only query this context for top level document loads");
911 nsCOMPtr<nsISupports> context = do_QueryReferent(mContextForTopLevelLoad);
912 return context.forget();
913 }
914
GetLoadingContext()915 already_AddRefed<nsISupports> LoadInfo::GetLoadingContext() {
916 nsCOMPtr<nsISupports> context;
917 if (mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT) {
918 context = ContextForTopLevelLoad();
919 } else {
920 context = LoadingNode();
921 }
922 return context.forget();
923 }
924
925 NS_IMETHODIMP
GetLoadingContextXPCOM(nsISupports ** aResult)926 LoadInfo::GetLoadingContextXPCOM(nsISupports** aResult) {
927 nsCOMPtr<nsISupports> context = GetLoadingContext();
928 context.forget(aResult);
929 return NS_OK;
930 }
931
932 NS_IMETHODIMP
GetSecurityFlags(nsSecurityFlags * aResult)933 LoadInfo::GetSecurityFlags(nsSecurityFlags* aResult) {
934 *aResult = mSecurityFlags;
935 return NS_OK;
936 }
937
938 NS_IMETHODIMP
GetSandboxFlags(uint32_t * aResult)939 LoadInfo::GetSandboxFlags(uint32_t* aResult) {
940 *aResult = mSandboxFlags;
941 return NS_OK;
942 }
943
944 NS_IMETHODIMP
GetTriggeringSandboxFlags(uint32_t * aResult)945 LoadInfo::GetTriggeringSandboxFlags(uint32_t* aResult) {
946 *aResult = mTriggeringSandboxFlags;
947 return NS_OK;
948 }
949
950 NS_IMETHODIMP
SetTriggeringSandboxFlags(uint32_t aFlags)951 LoadInfo::SetTriggeringSandboxFlags(uint32_t aFlags) {
952 mTriggeringSandboxFlags = aFlags;
953 return NS_OK;
954 }
955
956 NS_IMETHODIMP
GetSecurityMode(uint32_t * aFlags)957 LoadInfo::GetSecurityMode(uint32_t* aFlags) {
958 *aFlags = (mSecurityFlags &
959 (nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT |
960 nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED |
961 nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT |
962 nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL |
963 nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT));
964 return NS_OK;
965 }
966
967 NS_IMETHODIMP
GetIsInThirdPartyContext(bool * aIsInThirdPartyContext)968 LoadInfo::GetIsInThirdPartyContext(bool* aIsInThirdPartyContext) {
969 *aIsInThirdPartyContext = mIsThirdPartyContext;
970 return NS_OK;
971 }
972
973 NS_IMETHODIMP
SetIsInThirdPartyContext(bool aIsInThirdPartyContext)974 LoadInfo::SetIsInThirdPartyContext(bool aIsInThirdPartyContext) {
975 mIsThirdPartyContext = aIsInThirdPartyContext;
976 return NS_OK;
977 }
978
979 NS_IMETHODIMP
GetIsThirdPartyContextToTopWindow(bool * aIsThirdPartyContextToTopWindow)980 LoadInfo::GetIsThirdPartyContextToTopWindow(
981 bool* aIsThirdPartyContextToTopWindow) {
982 *aIsThirdPartyContextToTopWindow = mIsThirdPartyContextToTopWindow;
983 return NS_OK;
984 }
985
986 NS_IMETHODIMP
SetIsThirdPartyContextToTopWindow(bool aIsThirdPartyContextToTopWindow)987 LoadInfo::SetIsThirdPartyContextToTopWindow(
988 bool aIsThirdPartyContextToTopWindow) {
989 mIsThirdPartyContextToTopWindow = aIsThirdPartyContextToTopWindow;
990 return NS_OK;
991 }
992
993 static const uint32_t sCookiePolicyMask =
994 nsILoadInfo::SEC_COOKIES_DEFAULT | nsILoadInfo::SEC_COOKIES_INCLUDE |
995 nsILoadInfo::SEC_COOKIES_SAME_ORIGIN | nsILoadInfo::SEC_COOKIES_OMIT;
996
997 NS_IMETHODIMP
GetCookiePolicy(uint32_t * aResult)998 LoadInfo::GetCookiePolicy(uint32_t* aResult) {
999 uint32_t policy = mSecurityFlags & sCookiePolicyMask;
1000 if (policy == nsILoadInfo::SEC_COOKIES_DEFAULT) {
1001 policy = (mSecurityFlags & SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT)
1002 ? nsILoadInfo::SEC_COOKIES_SAME_ORIGIN
1003 : nsILoadInfo::SEC_COOKIES_INCLUDE;
1004 }
1005
1006 *aResult = policy;
1007 return NS_OK;
1008 }
1009
1010 namespace {
1011
CreateCookieJarSettings(nsContentPolicyType aContentPolicyType,bool aIsPrivate)1012 already_AddRefed<nsICookieJarSettings> CreateCookieJarSettings(
1013 nsContentPolicyType aContentPolicyType, bool aIsPrivate) {
1014 if (StaticPrefs::network_cookieJarSettings_unblocked_for_testing()) {
1015 return aIsPrivate ? CookieJarSettings::Create(CookieJarSettings::ePrivate)
1016 : CookieJarSettings::Create(CookieJarSettings::eRegular);
1017 }
1018
1019 // These contentPolictTypes require a real CookieJarSettings because favicon
1020 // and save-as requests must send cookies. Anything else should not
1021 // send/receive cookies.
1022 if (aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON ||
1023 aContentPolicyType == nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD) {
1024 return aIsPrivate ? CookieJarSettings::Create(CookieJarSettings::ePrivate)
1025 : CookieJarSettings::Create(CookieJarSettings::eRegular);
1026 }
1027
1028 return CookieJarSettings::GetBlockingAll();
1029 }
1030
1031 } // namespace
1032
1033 NS_IMETHODIMP
GetCookieJarSettings(nsICookieJarSettings ** aCookieJarSettings)1034 LoadInfo::GetCookieJarSettings(nsICookieJarSettings** aCookieJarSettings) {
1035 if (!mCookieJarSettings) {
1036 bool isPrivate = mOriginAttributes.mPrivateBrowsingId > 0;
1037 mCookieJarSettings =
1038 CreateCookieJarSettings(mInternalContentPolicyType, isPrivate);
1039 }
1040
1041 nsCOMPtr<nsICookieJarSettings> cookieJarSettings = mCookieJarSettings;
1042 cookieJarSettings.forget(aCookieJarSettings);
1043 return NS_OK;
1044 }
1045
1046 NS_IMETHODIMP
SetCookieJarSettings(nsICookieJarSettings * aCookieJarSettings)1047 LoadInfo::SetCookieJarSettings(nsICookieJarSettings* aCookieJarSettings) {
1048 MOZ_ASSERT(aCookieJarSettings);
1049 // We allow the overwrite of CookieJarSettings.
1050 mCookieJarSettings = aCookieJarSettings;
1051 return NS_OK;
1052 }
1053
1054 NS_IMETHODIMP
GetStoragePermission(nsILoadInfo::StoragePermissionState * aStoragePermission)1055 LoadInfo::GetStoragePermission(
1056 nsILoadInfo::StoragePermissionState* aStoragePermission) {
1057 *aStoragePermission = mStoragePermission;
1058 return NS_OK;
1059 }
1060
1061 NS_IMETHODIMP
SetStoragePermission(nsILoadInfo::StoragePermissionState aStoragePermission)1062 LoadInfo::SetStoragePermission(
1063 nsILoadInfo::StoragePermissionState aStoragePermission) {
1064 mStoragePermission = aStoragePermission;
1065 return NS_OK;
1066 }
1067
1068 NS_IMETHODIMP
GetIsMetaRefresh(bool * aIsMetaRefresh)1069 LoadInfo::GetIsMetaRefresh(bool* aIsMetaRefresh) {
1070 *aIsMetaRefresh = mIsMetaRefresh;
1071 return NS_OK;
1072 }
1073
1074 NS_IMETHODIMP
SetIsMetaRefresh(bool aIsMetaRefresh)1075 LoadInfo::SetIsMetaRefresh(bool aIsMetaRefresh) {
1076 mIsMetaRefresh = aIsMetaRefresh;
1077 return NS_OK;
1078 }
1079
SetIncludeCookiesSecFlag()1080 void LoadInfo::SetIncludeCookiesSecFlag() {
1081 MOZ_ASSERT((mSecurityFlags & sCookiePolicyMask) ==
1082 nsILoadInfo::SEC_COOKIES_DEFAULT);
1083 mSecurityFlags =
1084 (mSecurityFlags & ~sCookiePolicyMask) | nsILoadInfo::SEC_COOKIES_INCLUDE;
1085 }
1086
1087 NS_IMETHODIMP
GetForceInheritPrincipal(bool * aInheritPrincipal)1088 LoadInfo::GetForceInheritPrincipal(bool* aInheritPrincipal) {
1089 *aInheritPrincipal =
1090 (mSecurityFlags & nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL);
1091 return NS_OK;
1092 }
1093
1094 NS_IMETHODIMP
GetForceInheritPrincipalOverruleOwner(bool * aInheritPrincipal)1095 LoadInfo::GetForceInheritPrincipalOverruleOwner(bool* aInheritPrincipal) {
1096 *aInheritPrincipal =
1097 (mSecurityFlags &
1098 nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER);
1099 return NS_OK;
1100 }
1101
1102 NS_IMETHODIMP
GetLoadingSandboxed(bool * aLoadingSandboxed)1103 LoadInfo::GetLoadingSandboxed(bool* aLoadingSandboxed) {
1104 *aLoadingSandboxed = (mSandboxFlags & SANDBOXED_ORIGIN);
1105 return NS_OK;
1106 }
1107
1108 NS_IMETHODIMP
GetAboutBlankInherits(bool * aResult)1109 LoadInfo::GetAboutBlankInherits(bool* aResult) {
1110 *aResult = (mSecurityFlags & nsILoadInfo::SEC_ABOUT_BLANK_INHERITS);
1111 return NS_OK;
1112 }
1113
1114 NS_IMETHODIMP
GetAllowChrome(bool * aResult)1115 LoadInfo::GetAllowChrome(bool* aResult) {
1116 *aResult = (mSecurityFlags & nsILoadInfo::SEC_ALLOW_CHROME);
1117 return NS_OK;
1118 }
1119
1120 NS_IMETHODIMP
GetDisallowScript(bool * aResult)1121 LoadInfo::GetDisallowScript(bool* aResult) {
1122 *aResult = (mSecurityFlags & nsILoadInfo::SEC_DISALLOW_SCRIPT);
1123 return NS_OK;
1124 }
1125
1126 NS_IMETHODIMP
GetDontFollowRedirects(bool * aResult)1127 LoadInfo::GetDontFollowRedirects(bool* aResult) {
1128 *aResult = (mSecurityFlags & nsILoadInfo::SEC_DONT_FOLLOW_REDIRECTS);
1129 return NS_OK;
1130 }
1131
1132 NS_IMETHODIMP
GetLoadErrorPage(bool * aResult)1133 LoadInfo::GetLoadErrorPage(bool* aResult) {
1134 *aResult = (mSecurityFlags & nsILoadInfo::SEC_LOAD_ERROR_PAGE);
1135 return NS_OK;
1136 }
1137
1138 NS_IMETHODIMP
GetIsFormSubmission(bool * aResult)1139 LoadInfo::GetIsFormSubmission(bool* aResult) {
1140 *aResult = mIsFormSubmission;
1141 return NS_OK;
1142 }
1143
1144 NS_IMETHODIMP
SetIsFormSubmission(bool aValue)1145 LoadInfo::SetIsFormSubmission(bool aValue) {
1146 mIsFormSubmission = aValue;
1147 return NS_OK;
1148 }
1149
1150 NS_IMETHODIMP
GetSendCSPViolationEvents(bool * aResult)1151 LoadInfo::GetSendCSPViolationEvents(bool* aResult) {
1152 *aResult = mSendCSPViolationEvents;
1153 return NS_OK;
1154 }
1155
1156 NS_IMETHODIMP
SetSendCSPViolationEvents(bool aValue)1157 LoadInfo::SetSendCSPViolationEvents(bool aValue) {
1158 mSendCSPViolationEvents = aValue;
1159 return NS_OK;
1160 }
1161
1162 NS_IMETHODIMP
GetExternalContentPolicyType(nsContentPolicyType * aResult)1163 LoadInfo::GetExternalContentPolicyType(nsContentPolicyType* aResult) {
1164 // We have to use nsContentPolicyType because ExtContentPolicyType is not
1165 // visible from xpidl.
1166 *aResult = static_cast<nsContentPolicyType>(
1167 nsContentUtils::InternalContentPolicyTypeToExternal(
1168 mInternalContentPolicyType));
1169 return NS_OK;
1170 }
1171
InternalContentPolicyType()1172 nsContentPolicyType LoadInfo::InternalContentPolicyType() {
1173 return mInternalContentPolicyType;
1174 }
1175
1176 NS_IMETHODIMP
GetBlockAllMixedContent(bool * aResult)1177 LoadInfo::GetBlockAllMixedContent(bool* aResult) {
1178 *aResult = mBlockAllMixedContent;
1179 return NS_OK;
1180 }
1181
1182 NS_IMETHODIMP
GetUpgradeInsecureRequests(bool * aResult)1183 LoadInfo::GetUpgradeInsecureRequests(bool* aResult) {
1184 *aResult = mUpgradeInsecureRequests;
1185 return NS_OK;
1186 }
1187
1188 NS_IMETHODIMP
GetBrowserUpgradeInsecureRequests(bool * aResult)1189 LoadInfo::GetBrowserUpgradeInsecureRequests(bool* aResult) {
1190 *aResult = mBrowserUpgradeInsecureRequests;
1191 return NS_OK;
1192 }
1193
1194 NS_IMETHODIMP
GetBrowserDidUpgradeInsecureRequests(bool * aResult)1195 LoadInfo::GetBrowserDidUpgradeInsecureRequests(bool* aResult) {
1196 *aResult = mBrowserDidUpgradeInsecureRequests;
1197 return NS_OK;
1198 }
1199
1200 NS_IMETHODIMP
GetBrowserWouldUpgradeInsecureRequests(bool * aResult)1201 LoadInfo::GetBrowserWouldUpgradeInsecureRequests(bool* aResult) {
1202 *aResult = mBrowserWouldUpgradeInsecureRequests;
1203 return NS_OK;
1204 }
1205
1206 NS_IMETHODIMP
SetForceAllowDataURI(bool aForceAllowDataURI)1207 LoadInfo::SetForceAllowDataURI(bool aForceAllowDataURI) {
1208 MOZ_ASSERT(!mForceAllowDataURI ||
1209 mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT,
1210 "can only allow data URI navigation for TYPE_DOCUMENT");
1211 mForceAllowDataURI = aForceAllowDataURI;
1212 return NS_OK;
1213 }
1214
1215 NS_IMETHODIMP
GetForceAllowDataURI(bool * aForceAllowDataURI)1216 LoadInfo::GetForceAllowDataURI(bool* aForceAllowDataURI) {
1217 *aForceAllowDataURI = mForceAllowDataURI;
1218 return NS_OK;
1219 }
1220
1221 NS_IMETHODIMP
SetAllowInsecureRedirectToDataURI(bool aAllowInsecureRedirectToDataURI)1222 LoadInfo::SetAllowInsecureRedirectToDataURI(
1223 bool aAllowInsecureRedirectToDataURI) {
1224 mAllowInsecureRedirectToDataURI = aAllowInsecureRedirectToDataURI;
1225 return NS_OK;
1226 }
1227
1228 NS_IMETHODIMP
GetAllowInsecureRedirectToDataURI(bool * aAllowInsecureRedirectToDataURI)1229 LoadInfo::GetAllowInsecureRedirectToDataURI(
1230 bool* aAllowInsecureRedirectToDataURI) {
1231 *aAllowInsecureRedirectToDataURI = mAllowInsecureRedirectToDataURI;
1232 return NS_OK;
1233 }
1234
1235 NS_IMETHODIMP
SetSkipContentPolicyCheckForWebRequest(bool aSkip)1236 LoadInfo::SetSkipContentPolicyCheckForWebRequest(bool aSkip) {
1237 mSkipContentPolicyCheckForWebRequest = aSkip;
1238 return NS_OK;
1239 }
1240
1241 NS_IMETHODIMP
GetSkipContentPolicyCheckForWebRequest(bool * aSkip)1242 LoadInfo::GetSkipContentPolicyCheckForWebRequest(bool* aSkip) {
1243 *aSkip = mSkipContentPolicyCheckForWebRequest;
1244 return NS_OK;
1245 }
1246
1247 NS_IMETHODIMP
SetOriginalFrameSrcLoad(bool aOriginalFrameSrcLoad)1248 LoadInfo::SetOriginalFrameSrcLoad(bool aOriginalFrameSrcLoad) {
1249 mOriginalFrameSrcLoad = aOriginalFrameSrcLoad;
1250 return NS_OK;
1251 }
1252
1253 NS_IMETHODIMP
GetOriginalFrameSrcLoad(bool * aOriginalFrameSrcLoad)1254 LoadInfo::GetOriginalFrameSrcLoad(bool* aOriginalFrameSrcLoad) {
1255 *aOriginalFrameSrcLoad = mOriginalFrameSrcLoad;
1256 return NS_OK;
1257 }
1258
1259 NS_IMETHODIMP
GetForceInheritPrincipalDropped(bool * aResult)1260 LoadInfo::GetForceInheritPrincipalDropped(bool* aResult) {
1261 *aResult = mForceInheritPrincipalDropped;
1262 return NS_OK;
1263 }
1264
1265 NS_IMETHODIMP
GetInnerWindowID(uint64_t * aResult)1266 LoadInfo::GetInnerWindowID(uint64_t* aResult) {
1267 *aResult = mInnerWindowID;
1268 return NS_OK;
1269 }
1270
1271 NS_IMETHODIMP
GetBrowsingContextID(uint64_t * aResult)1272 LoadInfo::GetBrowsingContextID(uint64_t* aResult) {
1273 *aResult = mBrowsingContextID;
1274 return NS_OK;
1275 }
1276
1277 NS_IMETHODIMP
GetFrameBrowsingContextID(uint64_t * aResult)1278 LoadInfo::GetFrameBrowsingContextID(uint64_t* aResult) {
1279 *aResult = mFrameBrowsingContextID;
1280 return NS_OK;
1281 }
1282
1283 NS_IMETHODIMP
GetTargetBrowsingContextID(uint64_t * aResult)1284 LoadInfo::GetTargetBrowsingContextID(uint64_t* aResult) {
1285 return (nsILoadInfo::GetExternalContentPolicyType() ==
1286 ExtContentPolicy::TYPE_SUBDOCUMENT)
1287 ? GetFrameBrowsingContextID(aResult)
1288 : GetBrowsingContextID(aResult);
1289 }
1290
1291 NS_IMETHODIMP
GetBrowsingContext(dom::BrowsingContext ** aResult)1292 LoadInfo::GetBrowsingContext(dom::BrowsingContext** aResult) {
1293 *aResult = BrowsingContext::Get(mBrowsingContextID).take();
1294 return NS_OK;
1295 }
1296
1297 NS_IMETHODIMP
GetFrameBrowsingContext(dom::BrowsingContext ** aResult)1298 LoadInfo::GetFrameBrowsingContext(dom::BrowsingContext** aResult) {
1299 *aResult = BrowsingContext::Get(mFrameBrowsingContextID).take();
1300 return NS_OK;
1301 }
1302
1303 NS_IMETHODIMP
GetTargetBrowsingContext(dom::BrowsingContext ** aResult)1304 LoadInfo::GetTargetBrowsingContext(dom::BrowsingContext** aResult) {
1305 uint64_t targetBrowsingContextID = 0;
1306 MOZ_ALWAYS_SUCCEEDS(GetTargetBrowsingContextID(&targetBrowsingContextID));
1307 *aResult = BrowsingContext::Get(targetBrowsingContextID).take();
1308 return NS_OK;
1309 }
1310
1311 NS_IMETHODIMP
GetScriptableOriginAttributes(JSContext * aCx,JS::MutableHandle<JS::Value> aOriginAttributes)1312 LoadInfo::GetScriptableOriginAttributes(
1313 JSContext* aCx, JS::MutableHandle<JS::Value> aOriginAttributes) {
1314 if (NS_WARN_IF(!ToJSValue(aCx, mOriginAttributes, aOriginAttributes))) {
1315 return NS_ERROR_FAILURE;
1316 }
1317 return NS_OK;
1318 }
1319
1320 NS_IMETHODIMP
ResetPrincipalToInheritToNullPrincipal()1321 LoadInfo::ResetPrincipalToInheritToNullPrincipal() {
1322 // take the originAttributes from the LoadInfo and create
1323 // a new NullPrincipal using those origin attributes.
1324 nsCOMPtr<nsIPrincipal> newNullPrincipal =
1325 NullPrincipal::Create(mOriginAttributes);
1326
1327 mPrincipalToInherit = newNullPrincipal;
1328
1329 // setting SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER will overrule
1330 // any non null owner set on the channel and will return the principal
1331 // form the loadinfo instead.
1332 mSecurityFlags |= SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER;
1333
1334 return NS_OK;
1335 }
1336
1337 NS_IMETHODIMP
SetScriptableOriginAttributes(JSContext * aCx,JS::Handle<JS::Value> aOriginAttributes)1338 LoadInfo::SetScriptableOriginAttributes(
1339 JSContext* aCx, JS::Handle<JS::Value> aOriginAttributes) {
1340 OriginAttributes attrs;
1341 if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
1342 return NS_ERROR_INVALID_ARG;
1343 }
1344
1345 mOriginAttributes = attrs;
1346 return NS_OK;
1347 }
1348
GetOriginAttributes(mozilla::OriginAttributes * aOriginAttributes)1349 nsresult LoadInfo::GetOriginAttributes(
1350 mozilla::OriginAttributes* aOriginAttributes) {
1351 NS_ENSURE_ARG(aOriginAttributes);
1352 *aOriginAttributes = mOriginAttributes;
1353 return NS_OK;
1354 }
1355
SetOriginAttributes(const mozilla::OriginAttributes & aOriginAttributes)1356 nsresult LoadInfo::SetOriginAttributes(
1357 const mozilla::OriginAttributes& aOriginAttributes) {
1358 mOriginAttributes = aOriginAttributes;
1359 return NS_OK;
1360 }
1361
1362 NS_IMETHODIMP
SetInitialSecurityCheckDone(bool aInitialSecurityCheckDone)1363 LoadInfo::SetInitialSecurityCheckDone(bool aInitialSecurityCheckDone) {
1364 // Indicates whether the channel was ever evaluated by the
1365 // ContentSecurityManager. Once set to true, this flag must
1366 // remain true throughout the lifetime of the channel.
1367 // Setting it to anything else than true will be discarded.
1368 MOZ_ASSERT(aInitialSecurityCheckDone,
1369 "aInitialSecurityCheckDone must be true");
1370 mInitialSecurityCheckDone =
1371 mInitialSecurityCheckDone || aInitialSecurityCheckDone;
1372 return NS_OK;
1373 }
1374
1375 NS_IMETHODIMP
GetInitialSecurityCheckDone(bool * aResult)1376 LoadInfo::GetInitialSecurityCheckDone(bool* aResult) {
1377 *aResult = mInitialSecurityCheckDone;
1378 return NS_OK;
1379 }
1380
1381 NS_IMETHODIMP
AppendRedirectHistoryEntry(nsIChannel * aChannel,bool aIsInternalRedirect)1382 LoadInfo::AppendRedirectHistoryEntry(nsIChannel* aChannel,
1383 bool aIsInternalRedirect) {
1384 NS_ENSURE_ARG(aChannel);
1385 MOZ_ASSERT(NS_IsMainThread());
1386
1387 nsCOMPtr<nsIPrincipal> uriPrincipal;
1388 nsIScriptSecurityManager* sm = nsContentUtils::GetSecurityManager();
1389 sm->GetChannelURIPrincipal(aChannel, getter_AddRefs(uriPrincipal));
1390
1391 nsCOMPtr<nsIURI> referrer;
1392 nsCString remoteAddress;
1393
1394 nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aChannel));
1395 if (httpChannel) {
1396 nsCOMPtr<nsIReferrerInfo> referrerInfo;
1397 Unused << httpChannel->GetReferrerInfo(getter_AddRefs(referrerInfo));
1398 if (referrerInfo) {
1399 referrer = referrerInfo->GetComputedReferrer();
1400 }
1401 }
1402
1403 // ClassifierDummyChannel implements this, but not nsIHttpChannel,
1404 // whereas NullHttpChannel implements nsIHttpChannel but not this, so
1405 // we can't make assumptions by nesting these QIs.
1406 nsCOMPtr<nsIHttpChannelInternal> intChannel(do_QueryInterface(aChannel));
1407 if (intChannel) {
1408 Unused << intChannel->GetRemoteAddress(remoteAddress);
1409 }
1410
1411 nsCOMPtr<nsIRedirectHistoryEntry> entry =
1412 new nsRedirectHistoryEntry(uriPrincipal, referrer, remoteAddress);
1413
1414 mRedirectChainIncludingInternalRedirects.AppendElement(entry);
1415 if (!aIsInternalRedirect) {
1416 mRedirectChain.AppendElement(entry);
1417 }
1418 return NS_OK;
1419 }
1420
1421 NS_IMETHODIMP
GetRedirects(JSContext * aCx,JS::MutableHandle<JS::Value> aRedirects,const RedirectHistoryArray & aArray)1422 LoadInfo::GetRedirects(JSContext* aCx, JS::MutableHandle<JS::Value> aRedirects,
1423 const RedirectHistoryArray& aArray) {
1424 JS::Rooted<JSObject*> redirects(aCx,
1425 JS::NewArrayObject(aCx, aArray.Length()));
1426 NS_ENSURE_TRUE(redirects, NS_ERROR_OUT_OF_MEMORY);
1427
1428 JS::Rooted<JSObject*> global(aCx, JS::CurrentGlobalOrNull(aCx));
1429 NS_ENSURE_TRUE(global, NS_ERROR_UNEXPECTED);
1430
1431 nsCOMPtr<nsIXPConnect> xpc = nsIXPConnect::XPConnect();
1432
1433 for (size_t idx = 0; idx < aArray.Length(); idx++) {
1434 JS::RootedObject jsobj(aCx);
1435 nsresult rv =
1436 xpc->WrapNative(aCx, global, aArray[idx],
1437 NS_GET_IID(nsIRedirectHistoryEntry), jsobj.address());
1438 NS_ENSURE_SUCCESS(rv, rv);
1439 NS_ENSURE_STATE(jsobj);
1440
1441 bool rc = JS_DefineElement(aCx, redirects, idx, jsobj, JSPROP_ENUMERATE);
1442 NS_ENSURE_TRUE(rc, NS_ERROR_UNEXPECTED);
1443 }
1444
1445 aRedirects.setObject(*redirects);
1446 return NS_OK;
1447 }
1448
1449 NS_IMETHODIMP
GetRedirectChainIncludingInternalRedirects(JSContext * aCx,JS::MutableHandle<JS::Value> aChain)1450 LoadInfo::GetRedirectChainIncludingInternalRedirects(
1451 JSContext* aCx, JS::MutableHandle<JS::Value> aChain) {
1452 return GetRedirects(aCx, aChain, mRedirectChainIncludingInternalRedirects);
1453 }
1454
1455 const RedirectHistoryArray&
RedirectChainIncludingInternalRedirects()1456 LoadInfo::RedirectChainIncludingInternalRedirects() {
1457 return mRedirectChainIncludingInternalRedirects;
1458 }
1459
1460 NS_IMETHODIMP
GetRedirectChain(JSContext * aCx,JS::MutableHandle<JS::Value> aChain)1461 LoadInfo::GetRedirectChain(JSContext* aCx,
1462 JS::MutableHandle<JS::Value> aChain) {
1463 return GetRedirects(aCx, aChain, mRedirectChain);
1464 }
1465
RedirectChain()1466 const RedirectHistoryArray& LoadInfo::RedirectChain() { return mRedirectChain; }
1467
AncestorPrincipals()1468 const nsTArray<nsCOMPtr<nsIPrincipal>>& LoadInfo::AncestorPrincipals() {
1469 return mAncestorPrincipals;
1470 }
1471
AncestorBrowsingContextIDs()1472 const nsTArray<uint64_t>& LoadInfo::AncestorBrowsingContextIDs() {
1473 return mAncestorBrowsingContextIDs;
1474 }
1475
SetCorsPreflightInfo(const nsTArray<nsCString> & aHeaders,bool aForcePreflight)1476 void LoadInfo::SetCorsPreflightInfo(const nsTArray<nsCString>& aHeaders,
1477 bool aForcePreflight) {
1478 MOZ_ASSERT(GetSecurityMode() ==
1479 nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT);
1480 MOZ_ASSERT(!mInitialSecurityCheckDone);
1481 mCorsUnsafeHeaders = aHeaders.Clone();
1482 mForcePreflight = aForcePreflight;
1483 }
1484
CorsUnsafeHeaders()1485 const nsTArray<nsCString>& LoadInfo::CorsUnsafeHeaders() {
1486 return mCorsUnsafeHeaders;
1487 }
1488
1489 NS_IMETHODIMP
GetForcePreflight(bool * aForcePreflight)1490 LoadInfo::GetForcePreflight(bool* aForcePreflight) {
1491 *aForcePreflight = mForcePreflight;
1492 return NS_OK;
1493 }
1494
SetIsPreflight()1495 void LoadInfo::SetIsPreflight() {
1496 MOZ_ASSERT(GetSecurityMode() ==
1497 nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT);
1498 MOZ_ASSERT(!mInitialSecurityCheckDone);
1499 mIsPreflight = true;
1500 }
1501
SetUpgradeInsecureRequests(bool aValue)1502 void LoadInfo::SetUpgradeInsecureRequests(bool aValue) {
1503 mUpgradeInsecureRequests = aValue;
1504 }
1505
SetBrowserUpgradeInsecureRequests()1506 void LoadInfo::SetBrowserUpgradeInsecureRequests() {
1507 mBrowserUpgradeInsecureRequests = true;
1508 }
1509
1510 NS_IMETHODIMP
SetBrowserDidUpgradeInsecureRequests(bool aBrowserDidUpgradeInsecureRequests)1511 LoadInfo::SetBrowserDidUpgradeInsecureRequests(
1512 bool aBrowserDidUpgradeInsecureRequests) {
1513 mBrowserDidUpgradeInsecureRequests = aBrowserDidUpgradeInsecureRequests;
1514 return NS_OK;
1515 }
1516
SetBrowserWouldUpgradeInsecureRequests()1517 void LoadInfo::SetBrowserWouldUpgradeInsecureRequests() {
1518 mBrowserWouldUpgradeInsecureRequests = true;
1519 }
1520
1521 NS_IMETHODIMP
GetIsPreflight(bool * aIsPreflight)1522 LoadInfo::GetIsPreflight(bool* aIsPreflight) {
1523 *aIsPreflight = mIsPreflight;
1524 return NS_OK;
1525 }
1526
1527 NS_IMETHODIMP
SetLoadTriggeredFromExternal(bool aLoadTriggeredFromExternal)1528 LoadInfo::SetLoadTriggeredFromExternal(bool aLoadTriggeredFromExternal) {
1529 MOZ_ASSERT(!aLoadTriggeredFromExternal ||
1530 mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT,
1531 "can only set load triggered from external for TYPE_DOCUMENT");
1532 mLoadTriggeredFromExternal = aLoadTriggeredFromExternal;
1533 return NS_OK;
1534 }
1535
1536 NS_IMETHODIMP
GetLoadTriggeredFromExternal(bool * aLoadTriggeredFromExternal)1537 LoadInfo::GetLoadTriggeredFromExternal(bool* aLoadTriggeredFromExternal) {
1538 *aLoadTriggeredFromExternal = mLoadTriggeredFromExternal;
1539 return NS_OK;
1540 }
1541
1542 NS_IMETHODIMP
GetServiceWorkerTaintingSynthesized(bool * aServiceWorkerTaintingSynthesized)1543 LoadInfo::GetServiceWorkerTaintingSynthesized(
1544 bool* aServiceWorkerTaintingSynthesized) {
1545 MOZ_ASSERT(aServiceWorkerTaintingSynthesized);
1546 *aServiceWorkerTaintingSynthesized = mServiceWorkerTaintingSynthesized;
1547 return NS_OK;
1548 }
1549
1550 NS_IMETHODIMP
GetTainting(uint32_t * aTaintingOut)1551 LoadInfo::GetTainting(uint32_t* aTaintingOut) {
1552 MOZ_ASSERT(aTaintingOut);
1553 *aTaintingOut = static_cast<uint32_t>(mTainting);
1554 return NS_OK;
1555 }
1556
1557 NS_IMETHODIMP
MaybeIncreaseTainting(uint32_t aTainting)1558 LoadInfo::MaybeIncreaseTainting(uint32_t aTainting) {
1559 NS_ENSURE_ARG(aTainting <= TAINTING_OPAQUE);
1560
1561 // Skip if the tainting has been set by the service worker.
1562 if (mServiceWorkerTaintingSynthesized) {
1563 return NS_OK;
1564 }
1565
1566 LoadTainting tainting = static_cast<LoadTainting>(aTainting);
1567 if (tainting > mTainting) {
1568 mTainting = tainting;
1569 }
1570 return NS_OK;
1571 }
1572
SynthesizeServiceWorkerTainting(LoadTainting aTainting)1573 void LoadInfo::SynthesizeServiceWorkerTainting(LoadTainting aTainting) {
1574 MOZ_DIAGNOSTIC_ASSERT(aTainting <= LoadTainting::Opaque);
1575 mTainting = aTainting;
1576
1577 // Flag to prevent the tainting from being increased.
1578 mServiceWorkerTaintingSynthesized = true;
1579 }
1580
1581 NS_IMETHODIMP
GetDocumentHasUserInteracted(bool * aDocumentHasUserInteracted)1582 LoadInfo::GetDocumentHasUserInteracted(bool* aDocumentHasUserInteracted) {
1583 MOZ_ASSERT(aDocumentHasUserInteracted);
1584 *aDocumentHasUserInteracted = mDocumentHasUserInteracted;
1585 return NS_OK;
1586 }
1587
1588 NS_IMETHODIMP
SetDocumentHasUserInteracted(bool aDocumentHasUserInteracted)1589 LoadInfo::SetDocumentHasUserInteracted(bool aDocumentHasUserInteracted) {
1590 mDocumentHasUserInteracted = aDocumentHasUserInteracted;
1591 return NS_OK;
1592 }
1593
1594 NS_IMETHODIMP
GetAllowListFutureDocumentsCreatedFromThisRedirectChain(bool * aValue)1595 LoadInfo::GetAllowListFutureDocumentsCreatedFromThisRedirectChain(
1596 bool* aValue) {
1597 MOZ_ASSERT(aValue);
1598 *aValue = mAllowListFutureDocumentsCreatedFromThisRedirectChain;
1599 return NS_OK;
1600 }
1601
1602 NS_IMETHODIMP
SetAllowListFutureDocumentsCreatedFromThisRedirectChain(bool aValue)1603 LoadInfo::SetAllowListFutureDocumentsCreatedFromThisRedirectChain(bool aValue) {
1604 mAllowListFutureDocumentsCreatedFromThisRedirectChain = aValue;
1605 return NS_OK;
1606 }
1607
1608 NS_IMETHODIMP
GetNeedForCheckingAntiTrackingHeuristic(bool * aValue)1609 LoadInfo::GetNeedForCheckingAntiTrackingHeuristic(bool* aValue) {
1610 MOZ_ASSERT(aValue);
1611 *aValue = mNeedForCheckingAntiTrackingHeuristic;
1612 return NS_OK;
1613 }
1614
1615 NS_IMETHODIMP
SetNeedForCheckingAntiTrackingHeuristic(bool aValue)1616 LoadInfo::SetNeedForCheckingAntiTrackingHeuristic(bool aValue) {
1617 mNeedForCheckingAntiTrackingHeuristic = aValue;
1618 return NS_OK;
1619 }
1620
1621 NS_IMETHODIMP
GetCspNonce(nsAString & aCspNonce)1622 LoadInfo::GetCspNonce(nsAString& aCspNonce) {
1623 aCspNonce = mCspNonce;
1624 return NS_OK;
1625 }
1626
1627 NS_IMETHODIMP
SetCspNonce(const nsAString & aCspNonce)1628 LoadInfo::SetCspNonce(const nsAString& aCspNonce) {
1629 MOZ_ASSERT(!mInitialSecurityCheckDone,
1630 "setting the nonce is only allowed before any sec checks");
1631 mCspNonce = aCspNonce;
1632 return NS_OK;
1633 }
1634
1635 NS_IMETHODIMP
GetSkipContentSniffing(bool * aSkipContentSniffing)1636 LoadInfo::GetSkipContentSniffing(bool* aSkipContentSniffing) {
1637 *aSkipContentSniffing = mSkipContentSniffing;
1638 return NS_OK;
1639 }
1640
1641 NS_IMETHODIMP
SetSkipContentSniffing(bool aSkipContentSniffing)1642 LoadInfo::SetSkipContentSniffing(bool aSkipContentSniffing) {
1643 mSkipContentSniffing = aSkipContentSniffing;
1644 return NS_OK;
1645 }
1646
1647 NS_IMETHODIMP
GetHttpsOnlyStatus(uint32_t * aHttpsOnlyStatus)1648 LoadInfo::GetHttpsOnlyStatus(uint32_t* aHttpsOnlyStatus) {
1649 *aHttpsOnlyStatus = mHttpsOnlyStatus;
1650 return NS_OK;
1651 }
1652
1653 NS_IMETHODIMP
SetHttpsOnlyStatus(uint32_t aHttpsOnlyStatus)1654 LoadInfo::SetHttpsOnlyStatus(uint32_t aHttpsOnlyStatus) {
1655 mHttpsOnlyStatus = aHttpsOnlyStatus;
1656 return NS_OK;
1657 }
1658
1659 NS_IMETHODIMP
GetHasValidUserGestureActivation(bool * aHasValidUserGestureActivation)1660 LoadInfo::GetHasValidUserGestureActivation(
1661 bool* aHasValidUserGestureActivation) {
1662 *aHasValidUserGestureActivation = mHasValidUserGestureActivation;
1663 return NS_OK;
1664 }
1665
1666 NS_IMETHODIMP
SetHasValidUserGestureActivation(bool aHasValidUserGestureActivation)1667 LoadInfo::SetHasValidUserGestureActivation(
1668 bool aHasValidUserGestureActivation) {
1669 mHasValidUserGestureActivation = aHasValidUserGestureActivation;
1670 return NS_OK;
1671 }
1672
1673 NS_IMETHODIMP
GetAllowDeprecatedSystemRequests(bool * aAllowDeprecatedSystemRequests)1674 LoadInfo::GetAllowDeprecatedSystemRequests(
1675 bool* aAllowDeprecatedSystemRequests) {
1676 *aAllowDeprecatedSystemRequests = mAllowDeprecatedSystemRequests;
1677 return NS_OK;
1678 }
1679
1680 NS_IMETHODIMP
SetAllowDeprecatedSystemRequests(bool aAllowDeprecatedSystemRequests)1681 LoadInfo::SetAllowDeprecatedSystemRequests(
1682 bool aAllowDeprecatedSystemRequests) {
1683 mAllowDeprecatedSystemRequests = aAllowDeprecatedSystemRequests;
1684 return NS_OK;
1685 }
1686
1687 NS_IMETHODIMP
GetIsInDevToolsContext(bool * aIsInDevToolsContext)1688 LoadInfo::GetIsInDevToolsContext(bool* aIsInDevToolsContext) {
1689 *aIsInDevToolsContext = mIsInDevToolsContext;
1690 return NS_OK;
1691 }
1692
1693 NS_IMETHODIMP
SetIsInDevToolsContext(bool aIsInDevToolsContext)1694 LoadInfo::SetIsInDevToolsContext(bool aIsInDevToolsContext) {
1695 mIsInDevToolsContext = aIsInDevToolsContext;
1696 return NS_OK;
1697 }
1698
1699 NS_IMETHODIMP
GetParserCreatedScript(bool * aParserCreatedScript)1700 LoadInfo::GetParserCreatedScript(bool* aParserCreatedScript) {
1701 *aParserCreatedScript = mParserCreatedScript;
1702 return NS_OK;
1703 }
1704
1705 NS_IMETHODIMP
SetParserCreatedScript(bool aParserCreatedScript)1706 LoadInfo::SetParserCreatedScript(bool aParserCreatedScript) {
1707 mParserCreatedScript = aParserCreatedScript;
1708 return NS_OK;
1709 }
1710
1711 NS_IMETHODIMP
GetIsTopLevelLoad(bool * aResult)1712 LoadInfo::GetIsTopLevelLoad(bool* aResult) {
1713 RefPtr<dom::BrowsingContext> bc;
1714 GetTargetBrowsingContext(getter_AddRefs(bc));
1715 *aResult = !bc || bc->IsTop();
1716 return NS_OK;
1717 }
1718
SetIsFromProcessingFrameAttributes()1719 void LoadInfo::SetIsFromProcessingFrameAttributes() {
1720 mIsFromProcessingFrameAttributes = true;
1721 }
1722
1723 NS_IMETHODIMP
GetIsFromProcessingFrameAttributes(bool * aIsFromProcessingFrameAttributes)1724 LoadInfo::GetIsFromProcessingFrameAttributes(
1725 bool* aIsFromProcessingFrameAttributes) {
1726 MOZ_ASSERT(aIsFromProcessingFrameAttributes);
1727 *aIsFromProcessingFrameAttributes = mIsFromProcessingFrameAttributes;
1728 return NS_OK;
1729 }
1730
1731 NS_IMETHODIMP
SetIsMediaRequest(bool aIsMediaRequest)1732 LoadInfo::SetIsMediaRequest(bool aIsMediaRequest) {
1733 mIsMediaRequest = aIsMediaRequest;
1734 return NS_OK;
1735 }
1736
1737 NS_IMETHODIMP
GetIsMediaRequest(bool * aIsMediaRequest)1738 LoadInfo::GetIsMediaRequest(bool* aIsMediaRequest) {
1739 MOZ_ASSERT(aIsMediaRequest);
1740 *aIsMediaRequest = mIsMediaRequest;
1741 return NS_OK;
1742 }
1743
1744 NS_IMETHODIMP
SetIsMediaInitialRequest(bool aIsMediaInitialRequest)1745 LoadInfo::SetIsMediaInitialRequest(bool aIsMediaInitialRequest) {
1746 mIsMediaInitialRequest = aIsMediaInitialRequest;
1747 return NS_OK;
1748 }
1749
1750 NS_IMETHODIMP
GetIsMediaInitialRequest(bool * aIsMediaInitialRequest)1751 LoadInfo::GetIsMediaInitialRequest(bool* aIsMediaInitialRequest) {
1752 MOZ_ASSERT(aIsMediaInitialRequest);
1753 *aIsMediaInitialRequest = mIsMediaInitialRequest;
1754 return NS_OK;
1755 }
1756
1757 NS_IMETHODIMP
SetIsFromObjectOrEmbed(bool aIsFromObjectOrEmbed)1758 LoadInfo::SetIsFromObjectOrEmbed(bool aIsFromObjectOrEmbed) {
1759 mIsFromObjectOrEmbed = aIsFromObjectOrEmbed;
1760 return NS_OK;
1761 }
1762
1763 NS_IMETHODIMP
GetIsFromObjectOrEmbed(bool * aIsFromObjectOrEmbed)1764 LoadInfo::GetIsFromObjectOrEmbed(bool* aIsFromObjectOrEmbed) {
1765 MOZ_ASSERT(aIsFromObjectOrEmbed);
1766 *aIsFromObjectOrEmbed = mIsFromObjectOrEmbed;
1767 return NS_OK;
1768 }
1769
1770 NS_IMETHODIMP
GetResultPrincipalURI(nsIURI ** aURI)1771 LoadInfo::GetResultPrincipalURI(nsIURI** aURI) {
1772 *aURI = do_AddRef(mResultPrincipalURI).take();
1773 return NS_OK;
1774 }
1775
1776 NS_IMETHODIMP
SetResultPrincipalURI(nsIURI * aURI)1777 LoadInfo::SetResultPrincipalURI(nsIURI* aURI) {
1778 mResultPrincipalURI = aURI;
1779 return NS_OK;
1780 }
1781
1782 NS_IMETHODIMP
GetChannelCreationOriginalURI(nsIURI ** aURI)1783 LoadInfo::GetChannelCreationOriginalURI(nsIURI** aURI) {
1784 *aURI = do_AddRef(mChannelCreationOriginalURI).take();
1785 return NS_OK;
1786 }
1787
1788 NS_IMETHODIMP
SetChannelCreationOriginalURI(nsIURI * aURI)1789 LoadInfo::SetChannelCreationOriginalURI(nsIURI* aURI) {
1790 mChannelCreationOriginalURI = aURI;
1791 return NS_OK;
1792 }
1793
1794 NS_IMETHODIMP
SetRequestBlockingReason(uint32_t aReason)1795 LoadInfo::SetRequestBlockingReason(uint32_t aReason) {
1796 mRequestBlockingReason = aReason;
1797 return NS_OK;
1798 }
1799 NS_IMETHODIMP
GetRequestBlockingReason(uint32_t * aReason)1800 LoadInfo::GetRequestBlockingReason(uint32_t* aReason) {
1801 *aReason = mRequestBlockingReason;
1802 return NS_OK;
1803 }
1804
1805 NS_IMETHODIMP
GetUnstrippedURI(nsIURI ** aURI)1806 LoadInfo::GetUnstrippedURI(nsIURI** aURI) {
1807 *aURI = do_AddRef(mUnstrippedURI).take();
1808 return NS_OK;
1809 }
1810
1811 NS_IMETHODIMP
SetUnstrippedURI(nsIURI * aURI)1812 LoadInfo::SetUnstrippedURI(nsIURI* aURI) {
1813 mUnstrippedURI = aURI;
1814 return NS_OK;
1815 }
1816
SetClientInfo(const ClientInfo & aClientInfo)1817 void LoadInfo::SetClientInfo(const ClientInfo& aClientInfo) {
1818 mClientInfo.emplace(aClientInfo);
1819 }
1820
GetClientInfo()1821 const Maybe<ClientInfo>& LoadInfo::GetClientInfo() { return mClientInfo; }
1822
GiveReservedClientSource(UniquePtr<ClientSource> && aClientSource)1823 void LoadInfo::GiveReservedClientSource(
1824 UniquePtr<ClientSource>&& aClientSource) {
1825 MOZ_DIAGNOSTIC_ASSERT(aClientSource);
1826 mReservedClientSource = std::move(aClientSource);
1827 SetReservedClientInfo(mReservedClientSource->Info());
1828 }
1829
TakeReservedClientSource()1830 UniquePtr<ClientSource> LoadInfo::TakeReservedClientSource() {
1831 if (mReservedClientSource) {
1832 // If the reserved ClientInfo was set due to a ClientSource being present,
1833 // then clear that info object when the ClientSource is taken.
1834 mReservedClientInfo.reset();
1835 }
1836 return std::move(mReservedClientSource);
1837 }
1838
SetReservedClientInfo(const ClientInfo & aClientInfo)1839 void LoadInfo::SetReservedClientInfo(const ClientInfo& aClientInfo) {
1840 MOZ_DIAGNOSTIC_ASSERT(mInitialClientInfo.isNothing());
1841 // Treat assignments of the same value as a no-op. The emplace below
1842 // will normally assert when overwriting an existing value.
1843 if (mReservedClientInfo.isSome()) {
1844 if (mReservedClientInfo.ref() == aClientInfo) {
1845 return;
1846 }
1847 MOZ_DIAGNOSTIC_ASSERT(false, "mReservedClientInfo already set");
1848 mReservedClientInfo.reset();
1849 }
1850 mReservedClientInfo.emplace(aClientInfo);
1851 }
1852
OverrideReservedClientInfoInParent(const ClientInfo & aClientInfo)1853 void LoadInfo::OverrideReservedClientInfoInParent(
1854 const ClientInfo& aClientInfo) {
1855 // This should only be called to handle redirects in the parent process.
1856 MOZ_ASSERT(XRE_GetProcessType() == GeckoProcessType_Default);
1857
1858 mInitialClientInfo.reset();
1859 mReservedClientInfo.reset();
1860 mReservedClientInfo.emplace(aClientInfo);
1861 }
1862
GetReservedClientInfo()1863 const Maybe<ClientInfo>& LoadInfo::GetReservedClientInfo() {
1864 return mReservedClientInfo;
1865 }
1866
SetInitialClientInfo(const ClientInfo & aClientInfo)1867 void LoadInfo::SetInitialClientInfo(const ClientInfo& aClientInfo) {
1868 MOZ_DIAGNOSTIC_ASSERT(!mReservedClientSource);
1869 MOZ_DIAGNOSTIC_ASSERT(mReservedClientInfo.isNothing());
1870 // Treat assignments of the same value as a no-op. The emplace below
1871 // will normally assert when overwriting an existing value.
1872 if (mInitialClientInfo.isSome() && mInitialClientInfo.ref() == aClientInfo) {
1873 return;
1874 }
1875 mInitialClientInfo.emplace(aClientInfo);
1876 }
1877
GetInitialClientInfo()1878 const Maybe<ClientInfo>& LoadInfo::GetInitialClientInfo() {
1879 return mInitialClientInfo;
1880 }
1881
SetController(const ServiceWorkerDescriptor & aServiceWorker)1882 void LoadInfo::SetController(const ServiceWorkerDescriptor& aServiceWorker) {
1883 mController.emplace(aServiceWorker);
1884 }
1885
ClearController()1886 void LoadInfo::ClearController() { mController.reset(); }
1887
GetController()1888 const Maybe<ServiceWorkerDescriptor>& LoadInfo::GetController() {
1889 return mController;
1890 }
1891
SetPerformanceStorage(PerformanceStorage * aPerformanceStorage)1892 void LoadInfo::SetPerformanceStorage(PerformanceStorage* aPerformanceStorage) {
1893 mPerformanceStorage = aPerformanceStorage;
1894 }
1895
GetPerformanceStorage()1896 PerformanceStorage* LoadInfo::GetPerformanceStorage() {
1897 if (mPerformanceStorage) {
1898 return mPerformanceStorage;
1899 }
1900
1901 auto* innerWindow = nsGlobalWindowInner::GetInnerWindowWithId(mInnerWindowID);
1902 if (!innerWindow) {
1903 return nullptr;
1904 }
1905
1906 if (!TriggeringPrincipal()->Equals(innerWindow->GetPrincipal())) {
1907 return nullptr;
1908 }
1909
1910 if (nsILoadInfo::GetExternalContentPolicyType() ==
1911 ExtContentPolicy::TYPE_SUBDOCUMENT &&
1912 !GetIsFromProcessingFrameAttributes()) {
1913 // We only report loads caused by processing the attributes of the
1914 // browsing context container.
1915 return nullptr;
1916 }
1917
1918 mozilla::dom::Performance* performance = innerWindow->GetPerformance();
1919 if (!performance) {
1920 return nullptr;
1921 }
1922
1923 return performance->AsPerformanceStorage();
1924 }
1925
1926 NS_IMETHODIMP
GetCspEventListener(nsICSPEventListener ** aCSPEventListener)1927 LoadInfo::GetCspEventListener(nsICSPEventListener** aCSPEventListener) {
1928 *aCSPEventListener = do_AddRef(mCSPEventListener).take();
1929 return NS_OK;
1930 }
1931
1932 NS_IMETHODIMP
SetCspEventListener(nsICSPEventListener * aCSPEventListener)1933 LoadInfo::SetCspEventListener(nsICSPEventListener* aCSPEventListener) {
1934 mCSPEventListener = aCSPEventListener;
1935 return NS_OK;
1936 }
1937
1938 NS_IMETHODIMP
GetInternalContentPolicyType(nsContentPolicyType * aResult)1939 LoadInfo::GetInternalContentPolicyType(nsContentPolicyType* aResult) {
1940 *aResult = mInternalContentPolicyType;
1941 return NS_OK;
1942 }
1943
1944 NS_IMETHODIMP
GetLoadingEmbedderPolicy(nsILoadInfo::CrossOriginEmbedderPolicy * aOutPolicy)1945 LoadInfo::GetLoadingEmbedderPolicy(
1946 nsILoadInfo::CrossOriginEmbedderPolicy* aOutPolicy) {
1947 *aOutPolicy = mLoadingEmbedderPolicy;
1948 return NS_OK;
1949 }
1950
1951 NS_IMETHODIMP
SetLoadingEmbedderPolicy(nsILoadInfo::CrossOriginEmbedderPolicy aPolicy)1952 LoadInfo::SetLoadingEmbedderPolicy(
1953 nsILoadInfo::CrossOriginEmbedderPolicy aPolicy) {
1954 mLoadingEmbedderPolicy = aPolicy;
1955 return NS_OK;
1956 }
1957
GetCsp()1958 already_AddRefed<nsIContentSecurityPolicy> LoadInfo::GetCsp() {
1959 // Before querying the CSP from the client we have to check if the
1960 // triggeringPrincipal originates from an addon and potentially
1961 // overrides the CSP stored within the client.
1962 if (mLoadingPrincipal && BasePrincipal::Cast(mTriggeringPrincipal)
1963 ->OverridesCSP(mLoadingPrincipal)) {
1964 nsCOMPtr<nsIExpandedPrincipal> ep = do_QueryInterface(mTriggeringPrincipal);
1965 nsCOMPtr<nsIContentSecurityPolicy> addonCSP;
1966 if (ep) {
1967 addonCSP = ep->GetCsp();
1968 }
1969 return addonCSP.forget();
1970 }
1971
1972 if (mClientInfo.isNothing()) {
1973 return nullptr;
1974 }
1975
1976 nsCOMPtr<nsINode> node = do_QueryReferent(mLoadingContext);
1977 RefPtr<Document> doc = node ? node->OwnerDoc() : nullptr;
1978
1979 // If the client is of type window, then we return the cached CSP
1980 // stored on the document instead of having to deserialize the CSP
1981 // from the ClientInfo.
1982 if (doc && mClientInfo->Type() == ClientType::Window) {
1983 nsCOMPtr<nsIContentSecurityPolicy> docCSP = doc->GetCsp();
1984 return docCSP.forget();
1985 }
1986
1987 Maybe<mozilla::ipc::CSPInfo> cspInfo = mClientInfo->GetCspInfo();
1988 if (cspInfo.isNothing()) {
1989 return nullptr;
1990 }
1991 nsCOMPtr<nsIContentSecurityPolicy> clientCSP =
1992 CSPInfoToCSP(cspInfo.ref(), doc);
1993 return clientCSP.forget();
1994 }
1995
GetPreloadCsp()1996 already_AddRefed<nsIContentSecurityPolicy> LoadInfo::GetPreloadCsp() {
1997 if (mClientInfo.isNothing()) {
1998 return nullptr;
1999 }
2000
2001 nsCOMPtr<nsINode> node = do_QueryReferent(mLoadingContext);
2002 RefPtr<Document> doc = node ? node->OwnerDoc() : nullptr;
2003
2004 // If the client is of type window, then we return the cached CSP
2005 // stored on the document instead of having to deserialize the CSP
2006 // from the ClientInfo.
2007 if (doc && mClientInfo->Type() == ClientType::Window) {
2008 nsCOMPtr<nsIContentSecurityPolicy> preloadCsp = doc->GetPreloadCsp();
2009 return preloadCsp.forget();
2010 }
2011
2012 Maybe<mozilla::ipc::CSPInfo> cspInfo = mClientInfo->GetPreloadCspInfo();
2013 if (cspInfo.isNothing()) {
2014 return nullptr;
2015 }
2016 nsCOMPtr<nsIContentSecurityPolicy> preloadCSP =
2017 CSPInfoToCSP(cspInfo.ref(), doc);
2018 return preloadCSP.forget();
2019 }
2020
GetCspToInherit()2021 already_AddRefed<nsIContentSecurityPolicy> LoadInfo::GetCspToInherit() {
2022 nsCOMPtr<nsIContentSecurityPolicy> cspToInherit = mCspToInherit;
2023 return cspToInherit.forget();
2024 }
2025
2026 } // namespace net
2027 } // namespace mozilla
2028