diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
tree | f435a8308119effd964b339f76abb83a57c29483 /netwerk/base/nsNetUtil.cpp | |
parent | Initial commit. (diff) | |
download | firefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz firefox-26a029d407be480d791972afb5975cf62c9360a6.zip |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'netwerk/base/nsNetUtil.cpp')
-rw-r--r-- | netwerk/base/nsNetUtil.cpp | 4088 |
1 files changed, 4088 insertions, 0 deletions
diff --git a/netwerk/base/nsNetUtil.cpp b/netwerk/base/nsNetUtil.cpp new file mode 100644 index 0000000000..4c03cf63c3 --- /dev/null +++ b/netwerk/base/nsNetUtil.cpp @@ -0,0 +1,4088 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim:set ts=4 sw=2 sts=2 et cin: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// HttpLog.h should generally be included first +#include "DecoderDoctorDiagnostics.h" +#include "HttpLog.h" + +#include "nsNetUtil.h" + +#include "mozilla/Atomics.h" +#include "mozilla/BasePrincipal.h" +#include "mozilla/Components.h" +#include "mozilla/Encoding.h" +#include "mozilla/LoadContext.h" +#include "mozilla/LoadInfo.h" +#include "mozilla/Monitor.h" +#include "mozilla/StaticPrefs_browser.h" +#include "mozilla/StaticPrefs_network.h" +#include "mozilla/StaticPrefs_privacy.h" +#include "mozilla/StoragePrincipalHelper.h" +#include "mozilla/TaskQueue.h" +#include "mozilla/Telemetry.h" +#include "nsBufferedStreams.h" +#include "nsCategoryCache.h" +#include "nsComponentManagerUtils.h" +#include "nsContentUtils.h" +#include "nsEscape.h" +#include "nsFileStreams.h" +#include "nsHashKeys.h" +#include "nsHttp.h" +#include "nsMimeTypes.h" +#include "nsIAuthPrompt.h" +#include "nsIAuthPrompt2.h" +#include "nsIAuthPromptAdapterFactory.h" +#include "nsIBufferedStreams.h" +#include "nsBufferedStreams.h" +#include "nsIChannelEventSink.h" +#include "nsIContentSniffer.h" +#include "mozilla/dom/Document.h" +#include "nsIDownloader.h" +#include "nsIFileProtocolHandler.h" +#include "nsIFileStreams.h" +#include "nsIFileURL.h" +#include "nsIIDNService.h" +#include "nsIInputStreamChannel.h" +#include "nsIInputStreamPump.h" +#include "nsIInterfaceRequestorUtils.h" +#include "nsILoadContext.h" +#include "nsIMIMEHeaderParam.h" +#include "nsINode.h" +#include "nsIObjectLoadingContent.h" +#include "nsPersistentProperties.h" +#include "nsIPrivateBrowsingChannel.h" +#include "nsIPropertyBag2.h" +#include "nsIProtocolProxyService.h" +#include "mozilla/net/RedirectChannelRegistrar.h" +#include "nsRequestObserverProxy.h" +#include "nsISensitiveInfoHiddenURI.h" +#include "nsISimpleStreamListener.h" +#include "nsISocketProvider.h" +#include "nsIStandardURL.h" +#include "nsIStreamLoader.h" +#include "nsIIncrementalStreamLoader.h" +#include "nsStringStream.h" +#include "nsSyncStreamListener.h" +#include "nsITextToSubURI.h" +#include "nsIURIWithSpecialOrigin.h" +#include "nsIViewSourceChannel.h" +#include "nsInterfaceRequestorAgg.h" +#include "nsINestedURI.h" +#include "mozilla/dom/nsCSPUtils.h" +#include "mozilla/dom/nsHTTPSOnlyUtils.h" +#include "mozilla/dom/nsMixedContentBlocker.h" +#include "mozilla/dom/BlobURLProtocolHandler.h" +#include "mozilla/net/HttpBaseChannel.h" +#include "nsIScriptError.h" +#include "nsISiteSecurityService.h" +#include "nsHttpHandler.h" +#include "nsNSSComponent.h" +#include "nsIRedirectHistoryEntry.h" +#include "nsICertStorage.h" +#include "nsICertOverrideService.h" +#include "nsQueryObject.h" +#include "mozIThirdPartyUtil.h" +#include "../mime/nsMIMEHeaderParamImpl.h" +#include "nsStandardURL.h" +#include "DefaultURI.h" +#include "nsChromeProtocolHandler.h" +#include "nsJSProtocolHandler.h" +#include "nsDataHandler.h" +#include "mozilla/dom/BlobURLProtocolHandler.h" +#include "nsStreamUtils.h" +#include "nsSocketTransportService2.h" +#include "nsViewSourceHandler.h" +#include "nsJARURI.h" +#include "nsIconURI.h" +#include "nsAboutProtocolHandler.h" +#include "nsResProtocolHandler.h" +#include "mozilla/net/ExtensionProtocolHandler.h" +#include "mozilla/net/PageThumbProtocolHandler.h" +#include "mozilla/net/SFVService.h" +#include <limits> +#include "nsIXPConnect.h" +#include "nsParserConstants.h" +#include "nsCRT.h" +#include "nsServiceManagerUtils.h" +#include "mozilla/dom/MediaList.h" +#include "MediaContainerType.h" +#include "DecoderTraits.h" +#include "imgLoader.h" + +#if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE) +# include "nsNewMailnewsURI.h" +#endif + +using namespace mozilla; +using namespace mozilla::net; +using mozilla::dom::BlobURLProtocolHandler; +using mozilla::dom::ClientInfo; +using mozilla::dom::PerformanceStorage; +using mozilla::dom::ServiceWorkerDescriptor; + +#define MAX_RECURSION_COUNT 50 + +already_AddRefed<nsIIOService> do_GetIOService(nsresult* error /* = 0 */) { + nsCOMPtr<nsIIOService> io = mozilla::components::IO::Service(); + if (error) *error = io ? NS_OK : NS_ERROR_FAILURE; + return io.forget(); +} + +nsresult NS_NewLocalFileInputStream(nsIInputStream** result, nsIFile* file, + int32_t ioFlags /* = -1 */, + int32_t perm /* = -1 */, + int32_t behaviorFlags /* = 0 */) { + nsresult rv; + nsCOMPtr<nsIFileInputStream> in = + do_CreateInstance(NS_LOCALFILEINPUTSTREAM_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv)) { + rv = in->Init(file, ioFlags, perm, behaviorFlags); + if (NS_SUCCEEDED(rv)) in.forget(result); + } + return rv; +} + +Result<nsCOMPtr<nsIInputStream>, nsresult> NS_NewLocalFileInputStream( + nsIFile* file, int32_t ioFlags /* = -1 */, int32_t perm /* = -1 */, + int32_t behaviorFlags /* = 0 */) { + nsCOMPtr<nsIInputStream> stream; + const nsresult rv = NS_NewLocalFileInputStream(getter_AddRefs(stream), file, + ioFlags, perm, behaviorFlags); + if (NS_SUCCEEDED(rv)) { + return stream; + } + return Err(rv); +} + +nsresult NS_NewLocalFileOutputStream(nsIOutputStream** result, nsIFile* file, + int32_t ioFlags /* = -1 */, + int32_t perm /* = -1 */, + int32_t behaviorFlags /* = 0 */) { + nsresult rv; + nsCOMPtr<nsIFileOutputStream> out = + do_CreateInstance(NS_LOCALFILEOUTPUTSTREAM_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv)) { + rv = out->Init(file, ioFlags, perm, behaviorFlags); + if (NS_SUCCEEDED(rv)) out.forget(result); + } + return rv; +} + +Result<nsCOMPtr<nsIOutputStream>, nsresult> NS_NewLocalFileOutputStream( + nsIFile* file, int32_t ioFlags /* = -1 */, int32_t perm /* = -1 */, + int32_t behaviorFlags /* = 0 */) { + nsCOMPtr<nsIOutputStream> stream; + const nsresult rv = NS_NewLocalFileOutputStream(getter_AddRefs(stream), file, + ioFlags, perm, behaviorFlags); + if (NS_SUCCEEDED(rv)) { + return stream; + } + return Err(rv); +} + +nsresult NS_NewLocalFileOutputStream(nsIOutputStream** result, + const mozilla::ipc::FileDescriptor& fd) { + nsCOMPtr<nsIFileOutputStream> out; + nsFileOutputStream::Create(NS_GET_IID(nsIFileOutputStream), + getter_AddRefs(out)); + + nsresult rv = + static_cast<nsFileOutputStream*>(out.get())->InitWithFileDescriptor(fd); + if (NS_FAILED(rv)) { + return rv; + } + + out.forget(result); + return NS_OK; +} + +nsresult net_EnsureIOService(nsIIOService** ios, nsCOMPtr<nsIIOService>& grip) { + nsresult rv = NS_OK; + if (!*ios) { + grip = do_GetIOService(&rv); + *ios = grip; + } + return rv; +} + +nsresult NS_NewFileURI( + nsIURI** result, nsIFile* spec, + nsIIOService* + ioService /* = nullptr */) // pass in nsIIOService to optimize callers +{ + nsresult rv; + nsCOMPtr<nsIIOService> grip; + rv = net_EnsureIOService(&ioService, grip); + if (ioService) rv = ioService->NewFileURI(spec, result); + return rv; +} + +nsresult NS_GetURIWithNewRef(nsIURI* aInput, const nsACString& aRef, + nsIURI** aOutput) { + MOZ_DIAGNOSTIC_ASSERT(aRef.IsEmpty() || aRef[0] == '#'); + + if (NS_WARN_IF(!aInput || !aOutput)) { + return NS_ERROR_INVALID_ARG; + } + + bool hasRef; + nsresult rv = aInput->GetHasRef(&hasRef); + + nsAutoCString ref; + if (NS_SUCCEEDED(rv)) { + rv = aInput->GetRef(ref); + } + + // If the ref is already equal to the new ref, we do not need to do anything. + // Also, if the GetRef failed (it could return NS_ERROR_NOT_IMPLEMENTED) + // we can assume SetRef would fail as well, so returning the original + // URI is OK. + // + // Note that aRef contains the hash, but ref doesn't, so need to account for + // that in the equality check. + if (NS_FAILED(rv) || (!hasRef && aRef.IsEmpty()) || + (!aRef.IsEmpty() && hasRef && + Substring(aRef.Data() + 1, aRef.Length() - 1) == ref)) { + nsCOMPtr<nsIURI> uri = aInput; + uri.forget(aOutput); + return NS_OK; + } + + return NS_MutateURI(aInput).SetRef(aRef).Finalize(aOutput); +} + +nsresult NS_GetURIWithoutRef(nsIURI* aInput, nsIURI** aOutput) { + return NS_GetURIWithNewRef(aInput, ""_ns, aOutput); +} + +nsresult NS_NewChannelInternal( + nsIChannel** outChannel, nsIURI* aUri, nsILoadInfo* aLoadInfo, + PerformanceStorage* aPerformanceStorage /* = nullptr */, + nsILoadGroup* aLoadGroup /* = nullptr */, + nsIInterfaceRequestor* aCallbacks /* = nullptr */, + nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */, + nsIIOService* aIoService /* = nullptr */) { + // NS_NewChannelInternal is mostly called for channel redirects. We should + // allow the creation of a channel even if the original channel did not have a + // loadinfo attached. + NS_ENSURE_ARG_POINTER(outChannel); + + nsCOMPtr<nsIIOService> grip; + nsresult rv = net_EnsureIOService(&aIoService, grip); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr<nsIChannel> channel; + rv = aIoService->NewChannelFromURIWithLoadInfo(aUri, aLoadInfo, + getter_AddRefs(channel)); + NS_ENSURE_SUCCESS(rv, rv); + + if (aLoadGroup) { + rv = channel->SetLoadGroup(aLoadGroup); + NS_ENSURE_SUCCESS(rv, rv); + } + + if (aCallbacks) { + rv = channel->SetNotificationCallbacks(aCallbacks); + NS_ENSURE_SUCCESS(rv, rv); + } + +#ifdef DEBUG + nsLoadFlags channelLoadFlags = 0; + channel->GetLoadFlags(&channelLoadFlags); + // Will be removed when we remove LOAD_REPLACE altogether + // This check is trying to catch protocol handlers that still + // try to set the LOAD_REPLACE flag. + MOZ_DIAGNOSTIC_ASSERT(!(channelLoadFlags & nsIChannel::LOAD_REPLACE)); +#endif + + if (aLoadFlags != nsIRequest::LOAD_NORMAL) { + rv = channel->SetLoadFlags(aLoadFlags); + NS_ENSURE_SUCCESS(rv, rv); + } + + if (aPerformanceStorage) { + nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo(); + loadInfo->SetPerformanceStorage(aPerformanceStorage); + } + + channel.forget(outChannel); + return NS_OK; +} + +namespace { + +void AssertLoadingPrincipalAndClientInfoMatch( + nsIPrincipal* aLoadingPrincipal, const ClientInfo& aLoadingClientInfo, + nsContentPolicyType aType) { +#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED + // Verify that the provided loading ClientInfo matches the loading + // principal. Unfortunately we can't just use nsIPrincipal::Equals() here + // because of some corner cases: + // + // 1. Worker debugger scripts want to use a system loading principal for + // worker scripts with a content principal. We exempt these from this + // check. + // 2. Null principals currently require exact object identity for + // nsIPrincipal::Equals() to return true. This doesn't work here because + // ClientInfo::GetPrincipal() uses PrincipalInfoToPrincipal() to allocate + // a new object. To work around this we compare the principal origin + // string itself. If bug 1431771 is fixed then we could switch to + // Equals(). + + // Allow worker debugger to load with a system principal. + if (aLoadingPrincipal->IsSystemPrincipal() && + (aType == nsIContentPolicy::TYPE_INTERNAL_WORKER || + aType == nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER || + aType == nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER || + aType == nsIContentPolicy::TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS || + aType == nsIContentPolicy::TYPE_INTERNAL_WORKER_STATIC_MODULE)) { + return; + } + + // Perform a fast comparison for most principal checks. + auto clientPrincipalOrErr(aLoadingClientInfo.GetPrincipal()); + if (clientPrincipalOrErr.isOk()) { + nsCOMPtr<nsIPrincipal> clientPrincipal = clientPrincipalOrErr.unwrap(); + if (aLoadingPrincipal->Equals(clientPrincipal)) { + return; + } + // Fall back to a slower origin equality test to support null principals. + nsAutoCString loadingOriginNoSuffix; + MOZ_ALWAYS_SUCCEEDS( + aLoadingPrincipal->GetOriginNoSuffix(loadingOriginNoSuffix)); + + nsAutoCString clientOriginNoSuffix; + MOZ_ALWAYS_SUCCEEDS( + clientPrincipal->GetOriginNoSuffix(clientOriginNoSuffix)); + + // The client principal will have the partitionKey set if it's in a third + // party context, but the loading principal won't. So, we ignore he + // partitionKey when doing the verification here. + MOZ_DIAGNOSTIC_ASSERT(loadingOriginNoSuffix == clientOriginNoSuffix); + MOZ_DIAGNOSTIC_ASSERT( + aLoadingPrincipal->OriginAttributesRef().EqualsIgnoringPartitionKey( + clientPrincipal->OriginAttributesRef())); + } +#endif +} + +} // namespace + +nsresult NS_NewChannel(nsIChannel** outChannel, nsIURI* aUri, + nsIPrincipal* aLoadingPrincipal, + nsSecurityFlags aSecurityFlags, + nsContentPolicyType aContentPolicyType, + nsICookieJarSettings* aCookieJarSettings /* = nullptr */, + PerformanceStorage* aPerformanceStorage /* = nullptr */, + nsILoadGroup* aLoadGroup /* = nullptr */, + nsIInterfaceRequestor* aCallbacks /* = nullptr */, + nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */, + nsIIOService* aIoService /* = nullptr */, + uint32_t aSandboxFlags /* = 0 */, + bool aSkipCheckForBrokenURLOrZeroSized /* = false */) { + return NS_NewChannelInternal( + outChannel, aUri, + nullptr, // aLoadingNode, + aLoadingPrincipal, + nullptr, // aTriggeringPrincipal + Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags, + aContentPolicyType, aCookieJarSettings, aPerformanceStorage, aLoadGroup, + aCallbacks, aLoadFlags, aIoService, aSandboxFlags, + aSkipCheckForBrokenURLOrZeroSized); +} + +nsresult NS_NewChannel(nsIChannel** outChannel, nsIURI* aUri, + nsIPrincipal* aLoadingPrincipal, + const ClientInfo& aLoadingClientInfo, + const Maybe<ServiceWorkerDescriptor>& aController, + nsSecurityFlags aSecurityFlags, + nsContentPolicyType aContentPolicyType, + nsICookieJarSettings* aCookieJarSettings /* = nullptr */, + PerformanceStorage* aPerformanceStorage /* = nullptr */, + nsILoadGroup* aLoadGroup /* = nullptr */, + nsIInterfaceRequestor* aCallbacks /* = nullptr */, + nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */, + nsIIOService* aIoService /* = nullptr */, + uint32_t aSandboxFlags /* = 0 */, + bool aSkipCheckForBrokenURLOrZeroSized /* = false */) { + AssertLoadingPrincipalAndClientInfoMatch( + aLoadingPrincipal, aLoadingClientInfo, aContentPolicyType); + + Maybe<ClientInfo> loadingClientInfo; + loadingClientInfo.emplace(aLoadingClientInfo); + + return NS_NewChannelInternal( + outChannel, aUri, + nullptr, // aLoadingNode, + aLoadingPrincipal, + nullptr, // aTriggeringPrincipal + loadingClientInfo, aController, aSecurityFlags, aContentPolicyType, + aCookieJarSettings, aPerformanceStorage, aLoadGroup, aCallbacks, + aLoadFlags, aIoService, aSandboxFlags, aSkipCheckForBrokenURLOrZeroSized); +} + +nsresult NS_NewChannelInternal( + nsIChannel** outChannel, nsIURI* aUri, nsINode* aLoadingNode, + nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal, + const Maybe<ClientInfo>& aLoadingClientInfo, + const Maybe<ServiceWorkerDescriptor>& aController, + nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType, + nsICookieJarSettings* aCookieJarSettings /* = nullptr */, + PerformanceStorage* aPerformanceStorage /* = nullptr */, + nsILoadGroup* aLoadGroup /* = nullptr */, + nsIInterfaceRequestor* aCallbacks /* = nullptr */, + nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */, + nsIIOService* aIoService /* = nullptr */, uint32_t aSandboxFlags /* = 0 */, + bool aSkipCheckForBrokenURLOrZeroSized /* = false */) { + NS_ENSURE_ARG_POINTER(outChannel); + + nsCOMPtr<nsIIOService> grip; + nsresult rv = net_EnsureIOService(&aIoService, grip); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr<nsIChannel> channel; + rv = aIoService->NewChannelFromURIWithClientAndController( + aUri, aLoadingNode, aLoadingPrincipal, aTriggeringPrincipal, + aLoadingClientInfo, aController, aSecurityFlags, aContentPolicyType, + aSandboxFlags, aSkipCheckForBrokenURLOrZeroSized, + getter_AddRefs(channel)); + if (NS_FAILED(rv)) { + return rv; + } + + if (aLoadGroup) { + rv = channel->SetLoadGroup(aLoadGroup); + NS_ENSURE_SUCCESS(rv, rv); + } + + if (aCallbacks) { + rv = channel->SetNotificationCallbacks(aCallbacks); + NS_ENSURE_SUCCESS(rv, rv); + } + +#ifdef DEBUG + nsLoadFlags channelLoadFlags = 0; + channel->GetLoadFlags(&channelLoadFlags); + // Will be removed when we remove LOAD_REPLACE altogether + // This check is trying to catch protocol handlers that still + // try to set the LOAD_REPLACE flag. + MOZ_DIAGNOSTIC_ASSERT(!(channelLoadFlags & nsIChannel::LOAD_REPLACE)); +#endif + + if (aLoadFlags != nsIRequest::LOAD_NORMAL) { + rv = channel->SetLoadFlags(aLoadFlags); + NS_ENSURE_SUCCESS(rv, rv); + } + + if (aPerformanceStorage || aCookieJarSettings) { + nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo(); + + if (aPerformanceStorage) { + loadInfo->SetPerformanceStorage(aPerformanceStorage); + } + + if (aCookieJarSettings) { + loadInfo->SetCookieJarSettings(aCookieJarSettings); + } + } + + channel.forget(outChannel); + return NS_OK; +} + +nsresult /*NS_NewChannelWithNodeAndTriggeringPrincipal */ +NS_NewChannelWithTriggeringPrincipal( + nsIChannel** outChannel, nsIURI* aUri, nsINode* aLoadingNode, + nsIPrincipal* aTriggeringPrincipal, nsSecurityFlags aSecurityFlags, + nsContentPolicyType aContentPolicyType, + PerformanceStorage* aPerformanceStorage /* = nullptr */, + nsILoadGroup* aLoadGroup /* = nullptr */, + nsIInterfaceRequestor* aCallbacks /* = nullptr */, + nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */, + nsIIOService* aIoService /* = nullptr */) { + MOZ_ASSERT(aLoadingNode); + NS_ASSERTION(aTriggeringPrincipal, + "Can not create channel without a triggering Principal!"); + return NS_NewChannelInternal( + outChannel, aUri, aLoadingNode, aLoadingNode->NodePrincipal(), + aTriggeringPrincipal, Maybe<ClientInfo>(), + Maybe<ServiceWorkerDescriptor>(), aSecurityFlags, aContentPolicyType, + aLoadingNode->OwnerDoc()->CookieJarSettings(), aPerformanceStorage, + aLoadGroup, aCallbacks, aLoadFlags, aIoService); +} + +// See NS_NewChannelInternal for usage and argument description +nsresult NS_NewChannelWithTriggeringPrincipal( + nsIChannel** outChannel, nsIURI* aUri, nsIPrincipal* aLoadingPrincipal, + nsIPrincipal* aTriggeringPrincipal, nsSecurityFlags aSecurityFlags, + nsContentPolicyType aContentPolicyType, + nsICookieJarSettings* aCookieJarSettings /* = nullptr */, + PerformanceStorage* aPerformanceStorage /* = nullptr */, + nsILoadGroup* aLoadGroup /* = nullptr */, + nsIInterfaceRequestor* aCallbacks /* = nullptr */, + nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */, + nsIIOService* aIoService /* = nullptr */) { + NS_ASSERTION(aLoadingPrincipal, + "Can not create channel without a loading Principal!"); + return NS_NewChannelInternal( + outChannel, aUri, + nullptr, // aLoadingNode + aLoadingPrincipal, aTriggeringPrincipal, Maybe<ClientInfo>(), + Maybe<ServiceWorkerDescriptor>(), aSecurityFlags, aContentPolicyType, + aCookieJarSettings, aPerformanceStorage, aLoadGroup, aCallbacks, + aLoadFlags, aIoService); +} + +// See NS_NewChannelInternal for usage and argument description +nsresult NS_NewChannelWithTriggeringPrincipal( + nsIChannel** outChannel, nsIURI* aUri, nsIPrincipal* aLoadingPrincipal, + nsIPrincipal* aTriggeringPrincipal, const ClientInfo& aLoadingClientInfo, + const Maybe<ServiceWorkerDescriptor>& aController, + nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType, + nsICookieJarSettings* aCookieJarSettings /* = nullptr */, + PerformanceStorage* aPerformanceStorage /* = nullptr */, + nsILoadGroup* aLoadGroup /* = nullptr */, + nsIInterfaceRequestor* aCallbacks /* = nullptr */, + nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */, + nsIIOService* aIoService /* = nullptr */) { + AssertLoadingPrincipalAndClientInfoMatch( + aLoadingPrincipal, aLoadingClientInfo, aContentPolicyType); + + Maybe<ClientInfo> loadingClientInfo; + loadingClientInfo.emplace(aLoadingClientInfo); + + return NS_NewChannelInternal( + outChannel, aUri, + nullptr, // aLoadingNode + aLoadingPrincipal, aTriggeringPrincipal, loadingClientInfo, aController, + aSecurityFlags, aContentPolicyType, aCookieJarSettings, + aPerformanceStorage, aLoadGroup, aCallbacks, aLoadFlags, aIoService); +} + +nsresult NS_NewChannel(nsIChannel** outChannel, nsIURI* aUri, + nsINode* aLoadingNode, nsSecurityFlags aSecurityFlags, + nsContentPolicyType aContentPolicyType, + PerformanceStorage* aPerformanceStorage /* = nullptr */, + nsILoadGroup* aLoadGroup /* = nullptr */, + nsIInterfaceRequestor* aCallbacks /* = nullptr */, + nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */, + nsIIOService* aIoService /* = nullptr */, + uint32_t aSandboxFlags /* = 0 */, + bool aSkipCheckForBrokenURLOrZeroSized /* = false */) { + NS_ASSERTION(aLoadingNode, "Can not create channel without a loading Node!"); + return NS_NewChannelInternal( + outChannel, aUri, aLoadingNode, aLoadingNode->NodePrincipal(), + nullptr, // aTriggeringPrincipal + Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags, + aContentPolicyType, aLoadingNode->OwnerDoc()->CookieJarSettings(), + aPerformanceStorage, aLoadGroup, aCallbacks, aLoadFlags, aIoService, + aSandboxFlags, aSkipCheckForBrokenURLOrZeroSized); +} + +nsresult NS_GetIsDocumentChannel(nsIChannel* aChannel, bool* aIsDocument) { + // Check if this channel is going to be used to create a document. If it has + // LOAD_DOCUMENT_URI set it is trivially creating a document. If + // LOAD_HTML_OBJECT_DATA is set it may or may not be used to create a + // document, depending on its MIME type. + + if (!aChannel || !aIsDocument) { + return NS_ERROR_NULL_POINTER; + } + *aIsDocument = false; + nsLoadFlags loadFlags; + nsresult rv = aChannel->GetLoadFlags(&loadFlags); + if (NS_FAILED(rv)) { + return rv; + } + if (loadFlags & nsIChannel::LOAD_DOCUMENT_URI) { + *aIsDocument = true; + return NS_OK; + } + if (!(loadFlags & nsIRequest::LOAD_HTML_OBJECT_DATA)) { + *aIsDocument = false; + return NS_OK; + } + nsAutoCString mimeType; + rv = aChannel->GetContentType(mimeType); + if (NS_FAILED(rv)) { + return rv; + } + if (nsContentUtils::HtmlObjectContentTypeForMIMEType(mimeType) == + nsIObjectLoadingContent::TYPE_DOCUMENT) { + *aIsDocument = true; + return NS_OK; + } + *aIsDocument = false; + return NS_OK; +} + +nsresult NS_MakeAbsoluteURI(nsACString& result, const nsACString& spec, + nsIURI* baseURI) { + nsresult rv; + if (!baseURI) { + NS_WARNING("It doesn't make sense to not supply a base URI"); + result = spec; + rv = NS_OK; + } else if (spec.IsEmpty()) { + rv = baseURI->GetSpec(result); + } else { + rv = baseURI->Resolve(spec, result); + } + return rv; +} + +nsresult NS_MakeAbsoluteURI(char** result, const char* spec, nsIURI* baseURI) { + nsresult rv; + nsAutoCString resultBuf; + rv = NS_MakeAbsoluteURI(resultBuf, nsDependentCString(spec), baseURI); + if (NS_SUCCEEDED(rv)) { + *result = ToNewCString(resultBuf, mozilla::fallible); + if (!*result) rv = NS_ERROR_OUT_OF_MEMORY; + } + return rv; +} + +nsresult NS_MakeAbsoluteURI(nsAString& result, const nsAString& spec, + nsIURI* baseURI) { + nsresult rv; + if (!baseURI) { + NS_WARNING("It doesn't make sense to not supply a base URI"); + result = spec; + rv = NS_OK; + } else { + nsAutoCString resultBuf; + if (spec.IsEmpty()) { + rv = baseURI->GetSpec(resultBuf); + } else { + rv = baseURI->Resolve(NS_ConvertUTF16toUTF8(spec), resultBuf); + } + if (NS_SUCCEEDED(rv)) CopyUTF8toUTF16(resultBuf, result); + } + return rv; +} + +int32_t NS_GetDefaultPort(const char* scheme, + nsIIOService* ioService /* = nullptr */) { + nsresult rv; + + // Getting the default port through the protocol handler previously had a lot + // of XPCOM overhead involved. We optimize the protocols that matter for Web + // pages (HTTP and HTTPS) by hardcoding their default ports here. + // + // XXX: This might not be necessary for performance anymore. + if (strncmp(scheme, "http", 4) == 0) { + if (scheme[4] == 's' && scheme[5] == '\0') { + return 443; + } + if (scheme[4] == '\0') { + return 80; + } + } + + nsCOMPtr<nsIIOService> grip; + net_EnsureIOService(&ioService, grip); + if (!ioService) return -1; + + int32_t port; + rv = ioService->GetDefaultPort(scheme, &port); + return NS_SUCCEEDED(rv) ? port : -1; +} + +/** + * This function is a helper function to apply the ToAscii conversion + * to a string + */ +bool NS_StringToACE(const nsACString& idn, nsACString& result) { + nsCOMPtr<nsIIDNService> idnSrv = do_GetService(NS_IDNSERVICE_CONTRACTID); + if (!idnSrv) return false; + nsresult rv = idnSrv->ConvertUTF8toACE(idn, result); + return NS_SUCCEEDED(rv); +} + +int32_t NS_GetRealPort(nsIURI* aURI) { + int32_t port; + nsresult rv = aURI->GetPort(&port); + if (NS_FAILED(rv)) return -1; + + if (port != -1) return port; // explicitly specified + + // Otherwise, we have to get the default port from the protocol handler + + // Need the scheme first + nsAutoCString scheme; + rv = aURI->GetScheme(scheme); + if (NS_FAILED(rv)) return -1; + + return NS_GetDefaultPort(scheme.get()); +} + +nsresult NS_NewInputStreamChannelInternal( + nsIChannel** outChannel, nsIURI* aUri, + already_AddRefed<nsIInputStream> aStream, const nsACString& aContentType, + const nsACString& aContentCharset, nsILoadInfo* aLoadInfo) { + nsresult rv; + nsCOMPtr<nsIInputStreamChannel> isc = + do_CreateInstance(NS_INPUTSTREAMCHANNEL_CONTRACTID, &rv); + NS_ENSURE_SUCCESS(rv, rv); + rv = isc->SetURI(aUri); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr<nsIInputStream> stream = std::move(aStream); + rv = isc->SetContentStream(stream); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr<nsIChannel> channel = do_QueryInterface(isc, &rv); + NS_ENSURE_SUCCESS(rv, rv); + + if (!aContentType.IsEmpty()) { + rv = channel->SetContentType(aContentType); + NS_ENSURE_SUCCESS(rv, rv); + } + + if (!aContentCharset.IsEmpty()) { + rv = channel->SetContentCharset(aContentCharset); + NS_ENSURE_SUCCESS(rv, rv); + } + + MOZ_ASSERT(aLoadInfo, "need a loadinfo to create a inputstreamchannel"); + channel->SetLoadInfo(aLoadInfo); + + // If we're sandboxed, make sure to clear any owner the channel + // might already have. + if (aLoadInfo && aLoadInfo->GetLoadingSandboxed()) { + channel->SetOwner(nullptr); + } + + channel.forget(outChannel); + return NS_OK; +} + +nsresult NS_NewInputStreamChannelInternal( + nsIChannel** outChannel, nsIURI* aUri, + already_AddRefed<nsIInputStream> aStream, const nsACString& aContentType, + const nsACString& aContentCharset, nsINode* aLoadingNode, + nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal, + nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType) { + nsCOMPtr<nsILoadInfo> loadInfo = new mozilla::net::LoadInfo( + aLoadingPrincipal, aTriggeringPrincipal, aLoadingNode, aSecurityFlags, + aContentPolicyType); + if (!loadInfo) { + return NS_ERROR_UNEXPECTED; + } + + nsCOMPtr<nsIInputStream> stream = std::move(aStream); + + return NS_NewInputStreamChannelInternal(outChannel, aUri, stream.forget(), + aContentType, aContentCharset, + loadInfo); +} + +nsresult NS_NewInputStreamChannel( + nsIChannel** outChannel, nsIURI* aUri, + already_AddRefed<nsIInputStream> aStream, nsIPrincipal* aLoadingPrincipal, + nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType, + const nsACString& aContentType /* = ""_ns */, + const nsACString& aContentCharset /* = ""_ns */) { + nsCOMPtr<nsIInputStream> stream = aStream; + return NS_NewInputStreamChannelInternal(outChannel, aUri, stream.forget(), + aContentType, aContentCharset, + nullptr, // aLoadingNode + aLoadingPrincipal, + nullptr, // aTriggeringPrincipal + aSecurityFlags, aContentPolicyType); +} + +nsresult NS_NewInputStreamChannelInternal(nsIChannel** outChannel, nsIURI* aUri, + const nsAString& aData, + const nsACString& aContentType, + nsILoadInfo* aLoadInfo, + bool aIsSrcdocChannel /* = false */) { + nsresult rv; + nsCOMPtr<nsIStringInputStream> stream; + stream = do_CreateInstance(NS_STRINGINPUTSTREAM_CONTRACTID, &rv); + NS_ENSURE_SUCCESS(rv, rv); + + uint32_t len; + char* utf8Bytes = ToNewUTF8String(aData, &len); + rv = stream->AdoptData(utf8Bytes, len); + + nsCOMPtr<nsIChannel> channel; + rv = NS_NewInputStreamChannelInternal(getter_AddRefs(channel), aUri, + stream.forget(), aContentType, + "UTF-8"_ns, aLoadInfo); + + NS_ENSURE_SUCCESS(rv, rv); + + if (aIsSrcdocChannel) { + nsCOMPtr<nsIInputStreamChannel> inStrmChan = do_QueryInterface(channel); + NS_ENSURE_TRUE(inStrmChan, NS_ERROR_FAILURE); + inStrmChan->SetSrcdocData(aData); + } + channel.forget(outChannel); + return NS_OK; +} + +nsresult NS_NewInputStreamChannelInternal( + nsIChannel** outChannel, nsIURI* aUri, const nsAString& aData, + const nsACString& aContentType, nsINode* aLoadingNode, + nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal, + nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType, + bool aIsSrcdocChannel /* = false */) { + nsCOMPtr<nsILoadInfo> loadInfo = new mozilla::net::LoadInfo( + aLoadingPrincipal, aTriggeringPrincipal, aLoadingNode, aSecurityFlags, + aContentPolicyType); + return NS_NewInputStreamChannelInternal(outChannel, aUri, aData, aContentType, + loadInfo, aIsSrcdocChannel); +} + +nsresult NS_NewInputStreamChannel(nsIChannel** outChannel, nsIURI* aUri, + const nsAString& aData, + const nsACString& aContentType, + nsIPrincipal* aLoadingPrincipal, + nsSecurityFlags aSecurityFlags, + nsContentPolicyType aContentPolicyType, + bool aIsSrcdocChannel /* = false */) { + return NS_NewInputStreamChannelInternal(outChannel, aUri, aData, aContentType, + nullptr, // aLoadingNode + aLoadingPrincipal, + nullptr, // aTriggeringPrincipal + aSecurityFlags, aContentPolicyType, + aIsSrcdocChannel); +} + +nsresult NS_NewInputStreamPump( + nsIInputStreamPump** aResult, already_AddRefed<nsIInputStream> aStream, + uint32_t aSegsize /* = 0 */, uint32_t aSegcount /* = 0 */, + bool aCloseWhenDone /* = false */, + nsISerialEventTarget* aMainThreadTarget /* = nullptr */) { + nsCOMPtr<nsIInputStream> stream = std::move(aStream); + + nsresult rv; + nsCOMPtr<nsIInputStreamPump> pump = + do_CreateInstance(NS_INPUTSTREAMPUMP_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv)) { + rv = pump->Init(stream, aSegsize, aSegcount, aCloseWhenDone, + aMainThreadTarget); + if (NS_SUCCEEDED(rv)) { + *aResult = nullptr; + pump.swap(*aResult); + } + } + return rv; +} + +nsresult NS_NewLoadGroup(nsILoadGroup** result, nsIRequestObserver* obs) { + nsresult rv; + nsCOMPtr<nsILoadGroup> group = + do_CreateInstance(NS_LOADGROUP_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv)) { + rv = group->SetGroupObserver(obs); + if (NS_SUCCEEDED(rv)) { + *result = nullptr; + group.swap(*result); + } + } + return rv; +} + +bool NS_IsReasonableHTTPHeaderValue(const nsACString& aValue) { + return mozilla::net::nsHttp::IsReasonableHeaderValue(aValue); +} + +bool NS_IsValidHTTPToken(const nsACString& aToken) { + return mozilla::net::nsHttp::IsValidToken(aToken); +} + +void NS_TrimHTTPWhitespace(const nsACString& aSource, nsACString& aDest) { + mozilla::net::nsHttp::TrimHTTPWhitespace(aSource, aDest); +} + +nsresult NS_NewLoadGroup(nsILoadGroup** aResult, nsIPrincipal* aPrincipal) { + using mozilla::LoadContext; + nsresult rv; + + nsCOMPtr<nsILoadGroup> group = + do_CreateInstance(NS_LOADGROUP_CONTRACTID, &rv); + NS_ENSURE_SUCCESS(rv, rv); + + RefPtr<LoadContext> loadContext = new LoadContext(aPrincipal); + rv = group->SetNotificationCallbacks(loadContext); + NS_ENSURE_SUCCESS(rv, rv); + + group.forget(aResult); + return rv; +} + +bool NS_LoadGroupMatchesPrincipal(nsILoadGroup* aLoadGroup, + nsIPrincipal* aPrincipal) { + if (!aPrincipal) { + return false; + } + + // If this is a null principal then the load group doesn't really matter. + // The principal will not be allowed to perform any actions that actually + // use the load group. Unconditionally treat null principals as a match. + if (aPrincipal->GetIsNullPrincipal()) { + return true; + } + + if (!aLoadGroup) { + return false; + } + + nsCOMPtr<nsILoadContext> loadContext; + NS_QueryNotificationCallbacks(nullptr, aLoadGroup, NS_GET_IID(nsILoadContext), + getter_AddRefs(loadContext)); + NS_ENSURE_TRUE(loadContext, false); + + return true; +} + +nsresult NS_NewDownloader(nsIStreamListener** result, + nsIDownloadObserver* observer, + nsIFile* downloadLocation /* = nullptr */) { + nsresult rv; + nsCOMPtr<nsIDownloader> downloader = + do_CreateInstance(NS_DOWNLOADER_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv)) { + rv = downloader->Init(observer, downloadLocation); + if (NS_SUCCEEDED(rv)) { + downloader.forget(result); + } + } + return rv; +} + +nsresult NS_NewIncrementalStreamLoader( + nsIIncrementalStreamLoader** result, + nsIIncrementalStreamLoaderObserver* observer) { + nsresult rv; + nsCOMPtr<nsIIncrementalStreamLoader> loader = + do_CreateInstance(NS_INCREMENTALSTREAMLOADER_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv)) { + rv = loader->Init(observer); + if (NS_SUCCEEDED(rv)) { + *result = nullptr; + loader.swap(*result); + } + } + return rv; +} + +nsresult NS_NewStreamLoader( + nsIStreamLoader** result, nsIStreamLoaderObserver* observer, + nsIRequestObserver* requestObserver /* = nullptr */) { + nsresult rv; + nsCOMPtr<nsIStreamLoader> loader = + do_CreateInstance(NS_STREAMLOADER_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv)) { + rv = loader->Init(observer, requestObserver); + if (NS_SUCCEEDED(rv)) { + *result = nullptr; + loader.swap(*result); + } + } + return rv; +} + +nsresult NS_NewStreamLoaderInternal( + nsIStreamLoader** outStream, nsIURI* aUri, + nsIStreamLoaderObserver* aObserver, nsINode* aLoadingNode, + nsIPrincipal* aLoadingPrincipal, nsSecurityFlags aSecurityFlags, + nsContentPolicyType aContentPolicyType, + nsILoadGroup* aLoadGroup /* = nullptr */, + nsIInterfaceRequestor* aCallbacks /* = nullptr */, + nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */) { + nsCOMPtr<nsIChannel> channel; + nsresult rv = NS_NewChannelInternal( + getter_AddRefs(channel), aUri, aLoadingNode, aLoadingPrincipal, + nullptr, // aTriggeringPrincipal + Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags, + aContentPolicyType, + nullptr, // nsICookieJarSettings + nullptr, // PerformanceStorage + aLoadGroup, aCallbacks, aLoadFlags); + + NS_ENSURE_SUCCESS(rv, rv); + rv = NS_NewStreamLoader(outStream, aObserver); + NS_ENSURE_SUCCESS(rv, rv); + return channel->AsyncOpen(*outStream); +} + +nsresult NS_NewStreamLoader( + nsIStreamLoader** outStream, nsIURI* aUri, + nsIStreamLoaderObserver* aObserver, nsINode* aLoadingNode, + nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType, + nsILoadGroup* aLoadGroup /* = nullptr */, + nsIInterfaceRequestor* aCallbacks /* = nullptr */, + nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */) { + NS_ASSERTION(aLoadingNode, + "Can not create stream loader without a loading Node!"); + return NS_NewStreamLoaderInternal( + outStream, aUri, aObserver, aLoadingNode, aLoadingNode->NodePrincipal(), + aSecurityFlags, aContentPolicyType, aLoadGroup, aCallbacks, aLoadFlags); +} + +nsresult NS_NewStreamLoader( + nsIStreamLoader** outStream, nsIURI* aUri, + nsIStreamLoaderObserver* aObserver, nsIPrincipal* aLoadingPrincipal, + nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType, + nsILoadGroup* aLoadGroup /* = nullptr */, + nsIInterfaceRequestor* aCallbacks /* = nullptr */, + nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */) { + return NS_NewStreamLoaderInternal(outStream, aUri, aObserver, + nullptr, // aLoadingNode + aLoadingPrincipal, aSecurityFlags, + aContentPolicyType, aLoadGroup, aCallbacks, + aLoadFlags); +} + +nsresult NS_NewSyncStreamListener(nsIStreamListener** result, + nsIInputStream** stream) { + nsCOMPtr<nsISyncStreamListener> listener = new nsSyncStreamListener(); + nsresult rv = listener->GetInputStream(stream); + if (NS_SUCCEEDED(rv)) { + listener.forget(result); + } + return rv; +} + +nsresult NS_ImplementChannelOpen(nsIChannel* channel, nsIInputStream** result) { + nsCOMPtr<nsIStreamListener> listener; + nsCOMPtr<nsIInputStream> stream; + nsresult rv = NS_NewSyncStreamListener(getter_AddRefs(listener), + getter_AddRefs(stream)); + NS_ENSURE_SUCCESS(rv, rv); + + rv = channel->AsyncOpen(listener); + NS_ENSURE_SUCCESS(rv, rv); + + uint64_t n; + // block until the initial response is received or an error occurs. + rv = stream->Available(&n); + NS_ENSURE_SUCCESS(rv, rv); + + *result = nullptr; + stream.swap(*result); + + return NS_OK; +} + +nsresult NS_NewRequestObserverProxy(nsIRequestObserver** result, + nsIRequestObserver* observer, + nsISupports* context) { + nsCOMPtr<nsIRequestObserverProxy> proxy = new nsRequestObserverProxy(); + nsresult rv = proxy->Init(observer, context); + if (NS_SUCCEEDED(rv)) { + proxy.forget(result); + } + return rv; +} + +nsresult NS_NewSimpleStreamListener( + nsIStreamListener** result, nsIOutputStream* sink, + nsIRequestObserver* observer /* = nullptr */) { + nsresult rv; + nsCOMPtr<nsISimpleStreamListener> listener = + do_CreateInstance(NS_SIMPLESTREAMLISTENER_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv)) { + rv = listener->Init(sink, observer); + if (NS_SUCCEEDED(rv)) { + listener.forget(result); + } + } + return rv; +} + +nsresult NS_CheckPortSafety(int32_t port, const char* scheme, + nsIIOService* ioService /* = nullptr */) { + nsresult rv; + nsCOMPtr<nsIIOService> grip; + rv = net_EnsureIOService(&ioService, grip); + if (ioService) { + bool allow; + rv = ioService->AllowPort(port, scheme, &allow); + if (NS_SUCCEEDED(rv) && !allow) { + NS_WARNING("port blocked"); + rv = NS_ERROR_PORT_ACCESS_NOT_ALLOWED; + } + } + return rv; +} + +nsresult NS_CheckPortSafety(nsIURI* uri) { + int32_t port; + nsresult rv = uri->GetPort(&port); + if (NS_FAILED(rv) || port == -1) { // port undefined or default-valued + return NS_OK; + } + nsAutoCString scheme; + uri->GetScheme(scheme); + return NS_CheckPortSafety(port, scheme.get()); +} + +nsresult NS_NewProxyInfo(const nsACString& type, const nsACString& host, + int32_t port, uint32_t flags, nsIProxyInfo** result) { + nsresult rv; + nsCOMPtr<nsIProtocolProxyService> pps = + do_GetService(NS_PROTOCOLPROXYSERVICE_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv)) { + rv = pps->NewProxyInfo(type, host, port, ""_ns, ""_ns, flags, UINT32_MAX, + nullptr, result); + } + return rv; +} + +nsresult NS_GetFileProtocolHandler(nsIFileProtocolHandler** result, + nsIIOService* ioService /* = nullptr */) { + nsresult rv; + nsCOMPtr<nsIIOService> grip; + rv = net_EnsureIOService(&ioService, grip); + if (ioService) { + nsCOMPtr<nsIProtocolHandler> handler; + rv = ioService->GetProtocolHandler("file", getter_AddRefs(handler)); + if (NS_SUCCEEDED(rv)) rv = CallQueryInterface(handler, result); + } + return rv; +} + +nsresult NS_GetFileFromURLSpec(const nsACString& inURL, nsIFile** result, + nsIIOService* ioService /* = nullptr */) { + nsresult rv; + nsCOMPtr<nsIFileProtocolHandler> fileHandler; + rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService); + if (NS_SUCCEEDED(rv)) rv = fileHandler->GetFileFromURLSpec(inURL, result); + return rv; +} + +nsresult NS_GetURLSpecFromFile(nsIFile* file, nsACString& url, + nsIIOService* ioService /* = nullptr */) { + nsresult rv; + nsCOMPtr<nsIFileProtocolHandler> fileHandler; + rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService); + if (NS_SUCCEEDED(rv)) rv = fileHandler->GetURLSpecFromFile(file, url); + return rv; +} + +nsresult NS_GetURLSpecFromActualFile(nsIFile* file, nsACString& url, + nsIIOService* ioService /* = nullptr */) { + nsresult rv; + nsCOMPtr<nsIFileProtocolHandler> fileHandler; + rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService); + if (NS_SUCCEEDED(rv)) rv = fileHandler->GetURLSpecFromActualFile(file, url); + return rv; +} + +nsresult NS_GetURLSpecFromDir(nsIFile* file, nsACString& url, + nsIIOService* ioService /* = nullptr */) { + nsresult rv; + nsCOMPtr<nsIFileProtocolHandler> fileHandler; + rv = NS_GetFileProtocolHandler(getter_AddRefs(fileHandler), ioService); + if (NS_SUCCEEDED(rv)) rv = fileHandler->GetURLSpecFromDir(file, url); + return rv; +} + +void NS_GetReferrerFromChannel(nsIChannel* channel, nsIURI** referrer) { + *referrer = nullptr; + + if (nsCOMPtr<nsIPropertyBag2> props = do_QueryInterface(channel)) { + // We have to check for a property on a property bag because the + // referrer may be empty for security reasons (for example, when loading + // an http page with an https referrer). + nsresult rv; + nsCOMPtr<nsIURI> uri( + do_GetProperty(props, u"docshell.internalReferrer"_ns, &rv)); + if (NS_SUCCEEDED(rv)) { + uri.forget(referrer); + return; + } + } + + // if that didn't work, we can still try to get the referrer from the + // nsIHttpChannel (if we can QI to it) + nsCOMPtr<nsIHttpChannel> chan(do_QueryInterface(channel)); + if (!chan) { + return; + } + + nsCOMPtr<nsIReferrerInfo> referrerInfo = chan->GetReferrerInfo(); + if (!referrerInfo) { + return; + } + + referrerInfo->GetOriginalReferrer(referrer); +} + +already_AddRefed<nsINetUtil> do_GetNetUtil(nsresult* error /* = 0 */) { + nsCOMPtr<nsIIOService> io = mozilla::components::IO::Service(); + nsCOMPtr<nsINetUtil> util; + if (io) util = do_QueryInterface(io); + + if (error) *error = !!util ? NS_OK : NS_ERROR_FAILURE; + return util.forget(); +} + +nsresult NS_ParseRequestContentType(const nsACString& rawContentType, + nsCString& contentType, + nsCString& contentCharset) { + // contentCharset is left untouched if not present in rawContentType + nsresult rv; + nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv); + NS_ENSURE_SUCCESS(rv, rv); + nsCString charset; + bool hadCharset; + rv = util->ParseRequestContentType(rawContentType, charset, &hadCharset, + contentType); + if (NS_SUCCEEDED(rv) && hadCharset) contentCharset = charset; + return rv; +} + +nsresult NS_ParseResponseContentType(const nsACString& rawContentType, + nsCString& contentType, + nsCString& contentCharset) { + // contentCharset is left untouched if not present in rawContentType + nsresult rv; + nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv); + NS_ENSURE_SUCCESS(rv, rv); + nsCString charset; + bool hadCharset; + rv = util->ParseResponseContentType(rawContentType, charset, &hadCharset, + contentType); + if (NS_SUCCEEDED(rv) && hadCharset) contentCharset = charset; + return rv; +} + +nsresult NS_ExtractCharsetFromContentType(const nsACString& rawContentType, + nsCString& contentCharset, + bool* hadCharset, + int32_t* charsetStart, + int32_t* charsetEnd) { + // contentCharset is left untouched if not present in rawContentType + nsresult rv; + nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv); + NS_ENSURE_SUCCESS(rv, rv); + + return util->ExtractCharsetFromContentType( + rawContentType, contentCharset, charsetStart, charsetEnd, hadCharset); +} + +nsresult NS_NewAtomicFileOutputStream(nsIOutputStream** result, nsIFile* file, + int32_t ioFlags /* = -1 */, + int32_t perm /* = -1 */, + int32_t behaviorFlags /* = 0 */) { + nsresult rv; + nsCOMPtr<nsIFileOutputStream> out = + do_CreateInstance(NS_ATOMICLOCALFILEOUTPUTSTREAM_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv)) { + rv = out->Init(file, ioFlags, perm, behaviorFlags); + if (NS_SUCCEEDED(rv)) out.forget(result); + } + return rv; +} + +nsresult NS_NewSafeLocalFileOutputStream(nsIOutputStream** result, + nsIFile* file, + int32_t ioFlags /* = -1 */, + int32_t perm /* = -1 */, + int32_t behaviorFlags /* = 0 */) { + nsresult rv; + nsCOMPtr<nsIFileOutputStream> out = + do_CreateInstance(NS_SAFELOCALFILEOUTPUTSTREAM_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv)) { + rv = out->Init(file, ioFlags, perm, behaviorFlags); + if (NS_SUCCEEDED(rv)) out.forget(result); + } + return rv; +} + +nsresult NS_NewLocalFileRandomAccessStream(nsIRandomAccessStream** result, + nsIFile* file, + int32_t ioFlags /* = -1 */, + int32_t perm /* = -1 */, + int32_t behaviorFlags /* = 0 */) { + nsCOMPtr<nsIFileRandomAccessStream> stream = new nsFileRandomAccessStream(); + nsresult rv = stream->Init(file, ioFlags, perm, behaviorFlags); + if (NS_SUCCEEDED(rv)) { + stream.forget(result); + } + return rv; +} + +mozilla::Result<nsCOMPtr<nsIRandomAccessStream>, nsresult> +NS_NewLocalFileRandomAccessStream(nsIFile* file, int32_t ioFlags /* = -1 */, + int32_t perm /* = -1 */, + int32_t behaviorFlags /* = 0 */) { + nsCOMPtr<nsIRandomAccessStream> stream; + const nsresult rv = NS_NewLocalFileRandomAccessStream( + getter_AddRefs(stream), file, ioFlags, perm, behaviorFlags); + if (NS_SUCCEEDED(rv)) { + return stream; + } + return Err(rv); +} + +nsresult NS_NewBufferedOutputStream( + nsIOutputStream** aResult, already_AddRefed<nsIOutputStream> aOutputStream, + uint32_t aBufferSize) { + nsCOMPtr<nsIOutputStream> outputStream = std::move(aOutputStream); + + nsresult rv; + nsCOMPtr<nsIBufferedOutputStream> out = + do_CreateInstance(NS_BUFFEREDOUTPUTSTREAM_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv)) { + rv = out->Init(outputStream, aBufferSize); + if (NS_SUCCEEDED(rv)) { + out.forget(aResult); + } + } + return rv; +} + +[[nodiscard]] nsresult NS_NewBufferedInputStream( + nsIInputStream** aResult, already_AddRefed<nsIInputStream> aInputStream, + uint32_t aBufferSize) { + nsCOMPtr<nsIInputStream> inputStream = std::move(aInputStream); + + nsCOMPtr<nsIBufferedInputStream> in; + nsresult rv = nsBufferedInputStream::Create( + NS_GET_IID(nsIBufferedInputStream), getter_AddRefs(in)); + if (NS_SUCCEEDED(rv)) { + rv = in->Init(inputStream, aBufferSize); + if (NS_SUCCEEDED(rv)) { + *aResult = static_cast<nsBufferedInputStream*>(in.get()) + ->GetInputStream() + .take(); + } + } + return rv; +} + +Result<nsCOMPtr<nsIInputStream>, nsresult> NS_NewBufferedInputStream( + already_AddRefed<nsIInputStream> aInputStream, uint32_t aBufferSize) { + nsCOMPtr<nsIInputStream> stream; + const nsresult rv = NS_NewBufferedInputStream( + getter_AddRefs(stream), std::move(aInputStream), aBufferSize); + if (NS_SUCCEEDED(rv)) { + return stream; + } + return Err(rv); +} + +namespace { + +#define BUFFER_SIZE 8192 + +class BufferWriter final : public nsIInputStreamCallback { + public: + NS_DECL_THREADSAFE_ISUPPORTS + + BufferWriter(nsIInputStream* aInputStream, void* aBuffer, int64_t aCount) + : mMonitor("BufferWriter.mMonitor"), + mInputStream(aInputStream), + mBuffer(aBuffer), + mCount(aCount), + mWrittenData(0), + mBufferType(aBuffer ? eExternal : eInternal), + mBufferSize(0) { + MOZ_ASSERT(aInputStream); + MOZ_ASSERT(aCount == -1 || aCount > 0); + MOZ_ASSERT_IF(mBuffer, aCount > 0); + } + + nsresult Write() { + NS_ASSERT_OWNINGTHREAD(BufferWriter); + + // Let's make the inputStream buffered if it's not. + if (!NS_InputStreamIsBuffered(mInputStream)) { + nsCOMPtr<nsIInputStream> bufferedStream; + nsresult rv = NS_NewBufferedInputStream( + getter_AddRefs(bufferedStream), mInputStream.forget(), BUFFER_SIZE); + NS_ENSURE_SUCCESS(rv, rv); + + mInputStream = bufferedStream; + } + + mAsyncInputStream = do_QueryInterface(mInputStream); + + if (!mAsyncInputStream) { + return WriteSync(); + } + + // Let's use mAsyncInputStream only. + mInputStream = nullptr; + + return WriteAsync(); + } + + uint64_t WrittenData() const { + NS_ASSERT_OWNINGTHREAD(BufferWriter); + return mWrittenData; + } + + void* StealBuffer() { + NS_ASSERT_OWNINGTHREAD(BufferWriter); + MOZ_ASSERT(mBufferType == eInternal); + + void* buffer = mBuffer; + + mBuffer = nullptr; + mBufferSize = 0; + + return buffer; + } + + private: + ~BufferWriter() { + if (mBuffer && mBufferType == eInternal) { + free(mBuffer); + } + + if (mTaskQueue) { + mTaskQueue->BeginShutdown(); + } + } + + nsresult WriteSync() { + NS_ASSERT_OWNINGTHREAD(BufferWriter); + + uint64_t length = (uint64_t)mCount; + + if (mCount == -1) { + nsresult rv = mInputStream->Available(&length); + NS_ENSURE_SUCCESS(rv, rv); + + if (length == 0) { + // nothing to read. + return NS_OK; + } + } + + if (mBufferType == eInternal) { + mBuffer = malloc(length); + if (NS_WARN_IF(!mBuffer)) { + return NS_ERROR_OUT_OF_MEMORY; + } + } + + uint32_t writtenData; + nsresult rv = mInputStream->ReadSegments(NS_CopySegmentToBuffer, mBuffer, + length, &writtenData); + NS_ENSURE_SUCCESS(rv, rv); + + mWrittenData = writtenData; + return NS_OK; + } + + nsresult WriteAsync() { + NS_ASSERT_OWNINGTHREAD(BufferWriter); + + if (mCount > 0 && mBufferType == eInternal) { + mBuffer = malloc(mCount); + if (NS_WARN_IF(!mBuffer)) { + return NS_ERROR_OUT_OF_MEMORY; + } + } + + while (true) { + if (mCount == -1 && !MaybeExpandBufferSize()) { + return NS_ERROR_OUT_OF_MEMORY; + } + + uint64_t offset = mWrittenData; + uint64_t length = mCount == -1 ? BUFFER_SIZE : mCount; + + // Let's try to read data directly. + uint32_t writtenData; + nsresult rv = mAsyncInputStream->ReadSegments( + NS_CopySegmentToBuffer, static_cast<char*>(mBuffer) + offset, length, + &writtenData); + + // Operation completed. Nothing more to read. + if (NS_SUCCEEDED(rv) && writtenData == 0) { + return NS_OK; + } + + // If we succeeded, let's try to read again. + if (NS_SUCCEEDED(rv)) { + mWrittenData += writtenData; + if (mCount != -1) { + MOZ_ASSERT(mCount >= writtenData); + mCount -= writtenData; + + // Is this the end of the reading? + if (mCount == 0) { + return NS_OK; + } + } + + continue; + } + + // Async wait... + if (rv == NS_BASE_STREAM_WOULD_BLOCK) { + rv = MaybeCreateTaskQueue(); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + MonitorAutoLock lock(mMonitor); + + rv = mAsyncInputStream->AsyncWait(this, 0, length, mTaskQueue); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + lock.Wait(); + continue; + } + + // Otherwise, let's propagate the error. + return rv; + } + + MOZ_ASSERT_UNREACHABLE("We should not be here"); + return NS_ERROR_FAILURE; + } + + nsresult MaybeCreateTaskQueue() { + NS_ASSERT_OWNINGTHREAD(BufferWriter); + + if (!mTaskQueue) { + nsCOMPtr<nsIEventTarget> target = + do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID); + if (!target) { + return NS_ERROR_FAILURE; + } + + mTaskQueue = TaskQueue::Create(target.forget(), "nsNetUtil:BufferWriter"); + } + + return NS_OK; + } + + NS_IMETHOD + OnInputStreamReady(nsIAsyncInputStream* aStream) override { + MOZ_ASSERT(!NS_IsMainThread()); + + // We have something to read. Let's unlock the main-thread. + MonitorAutoLock lock(mMonitor); + lock.Notify(); + return NS_OK; + } + + bool MaybeExpandBufferSize() { + NS_ASSERT_OWNINGTHREAD(BufferWriter); + + MOZ_ASSERT(mCount == -1); + + if (mBufferSize >= mWrittenData + BUFFER_SIZE) { + // The buffer is big enough. + return true; + } + + CheckedUint32 bufferSize = + std::max<uint32_t>(static_cast<uint32_t>(mWrittenData), BUFFER_SIZE); + while (bufferSize.isValid() && + bufferSize.value() < mWrittenData + BUFFER_SIZE) { + bufferSize *= 2; + } + + if (!bufferSize.isValid()) { + return false; + } + + void* buffer = realloc(mBuffer, bufferSize.value()); + if (!buffer) { + return false; + } + + mBuffer = buffer; + mBufferSize = bufferSize.value(); + return true; + } + + // All the members of this class are touched on the owning thread only. The + // monitor is only used to communicate when there is more data to read. + Monitor mMonitor MOZ_UNANNOTATED; + + nsCOMPtr<nsIInputStream> mInputStream; + nsCOMPtr<nsIAsyncInputStream> mAsyncInputStream; + + RefPtr<TaskQueue> mTaskQueue; + + void* mBuffer; + int64_t mCount; + uint64_t mWrittenData; + + enum { + // The buffer is allocated internally and this object must release it + // in the DTOR if not stolen. The buffer can be reallocated. + eInternal, + + // The buffer is not owned by this object and it cannot be reallocated. + eExternal, + } mBufferType; + + // The following set if needed for the async read. + uint64_t mBufferSize; +}; + +NS_IMPL_ISUPPORTS(BufferWriter, nsIInputStreamCallback) + +} // anonymous namespace + +nsresult NS_ReadInputStreamToBuffer(nsIInputStream* aInputStream, void** aDest, + int64_t aCount, uint64_t* aWritten) { + MOZ_ASSERT(aInputStream); + MOZ_ASSERT(aCount >= -1); + + uint64_t dummyWritten; + if (!aWritten) { + aWritten = &dummyWritten; + } + + if (aCount == 0) { + *aWritten = 0; + return NS_OK; + } + + // This will take care of allocating and reallocating aDest. + RefPtr<BufferWriter> writer = new BufferWriter(aInputStream, *aDest, aCount); + + nsresult rv = writer->Write(); + NS_ENSURE_SUCCESS(rv, rv); + + *aWritten = writer->WrittenData(); + + if (!*aDest) { + *aDest = writer->StealBuffer(); + } + + return NS_OK; +} + +nsresult NS_ReadInputStreamToString(nsIInputStream* aInputStream, + nsACString& aDest, int64_t aCount, + uint64_t* aWritten) { + uint64_t dummyWritten; + if (!aWritten) { + aWritten = &dummyWritten; + } + + // Nothing to do if aCount is 0. + if (aCount == 0) { + aDest.Truncate(); + *aWritten = 0; + return NS_OK; + } + + // If we have the size, we can pre-allocate the buffer. + if (aCount > 0) { + if (NS_WARN_IF(aCount >= INT32_MAX) || + NS_WARN_IF(!aDest.SetLength(aCount, mozilla::fallible))) { + return NS_ERROR_OUT_OF_MEMORY; + } + + void* dest = aDest.BeginWriting(); + nsresult rv = + NS_ReadInputStreamToBuffer(aInputStream, &dest, aCount, aWritten); + NS_ENSURE_SUCCESS(rv, rv); + + if ((uint64_t)aCount > *aWritten) { + aDest.Truncate(*aWritten); + } + + return NS_OK; + } + + // If the size is unknown, BufferWriter will allocate the buffer. + void* dest = nullptr; + nsresult rv = + NS_ReadInputStreamToBuffer(aInputStream, &dest, aCount, aWritten); + MOZ_ASSERT_IF(NS_FAILED(rv), dest == nullptr); + NS_ENSURE_SUCCESS(rv, rv); + + if (!dest) { + MOZ_ASSERT(*aWritten == 0); + aDest.Truncate(); + return NS_OK; + } + + aDest.Adopt(reinterpret_cast<char*>(dest), *aWritten); + return NS_OK; +} + +nsresult NS_NewURI(nsIURI** result, const nsACString& spec, + NotNull<const Encoding*> encoding, + nsIURI* baseURI /* = nullptr */) { + nsAutoCString charset; + encoding->Name(charset); + return NS_NewURI(result, spec, charset.get(), baseURI); +} + +nsresult NS_NewURI(nsIURI** result, const nsAString& aSpec, + const char* charset /* = nullptr */, + nsIURI* baseURI /* = nullptr */) { + nsAutoCString spec; + if (!AppendUTF16toUTF8(aSpec, spec, mozilla::fallible)) { + return NS_ERROR_OUT_OF_MEMORY; + } + return NS_NewURI(result, spec, charset, baseURI); +} + +nsresult NS_NewURI(nsIURI** result, const nsAString& aSpec, + NotNull<const Encoding*> encoding, + nsIURI* baseURI /* = nullptr */) { + nsAutoCString spec; + if (!AppendUTF16toUTF8(aSpec, spec, mozilla::fallible)) { + return NS_ERROR_OUT_OF_MEMORY; + } + return NS_NewURI(result, spec, encoding, baseURI); +} + +nsresult NS_NewURI(nsIURI** result, const char* spec, + nsIURI* baseURI /* = nullptr */) { + return NS_NewURI(result, nsDependentCString(spec), nullptr, baseURI); +} + +static nsresult NewStandardURI(const nsACString& aSpec, const char* aCharset, + nsIURI* aBaseURI, int32_t aDefaultPort, + nsIURI** aURI) { + return NS_MutateURI(new nsStandardURL::Mutator()) + .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_AUTHORITY, + aDefaultPort, aSpec, aCharset, aBaseURI, nullptr) + .Finalize(aURI); +} + +nsresult NS_GetSpecWithNSURLEncoding(nsACString& aResult, + const nsACString& aSpec) { + nsCOMPtr<nsIURI> uri; + nsresult rv = NS_NewURIWithNSURLEncoding(getter_AddRefs(uri), aSpec); + NS_ENSURE_SUCCESS(rv, rv); + return uri->GetAsciiSpec(aResult); +} + +nsresult NS_NewURIWithNSURLEncoding(nsIURI** aResult, const nsACString& aSpec) { + nsCOMPtr<nsIURI> uri; + nsresult rv = NS_NewURI(getter_AddRefs(uri), aSpec); + NS_ENSURE_SUCCESS(rv, rv); + + // Escape the ref portion of the URL. NSURL is more strict about which + // characters in the URL must be % encoded. For example, an unescaped '#' + // to indicate the beginning of the ref component is accepted by NSURL, but + // '#' characters in the ref must be escaped. Also adds encoding for other + // characters not accepted by NSURL in the ref such as '{', '|', '}', and '^'. + // The ref returned from GetRef() does not include the leading '#'. + nsAutoCString ref, escapedRef; + if (NS_SUCCEEDED(uri->GetRef(ref)) && !ref.IsEmpty()) { + if (!NS_Escape(ref, escapedRef, url_NSURLRef)) { + return NS_ERROR_INVALID_ARG; + } + rv = NS_MutateURI(uri).SetRef(escapedRef).Finalize(uri); + NS_ENSURE_SUCCESS(rv, rv); + } + + uri.forget(aResult); + return NS_OK; +} + +extern MOZ_THREAD_LOCAL(uint32_t) gTlsURLRecursionCount; + +template <typename T> +class TlsAutoIncrement { + public: + explicit TlsAutoIncrement(T& var) : mVar(var) { + mValue = mVar.get(); + mVar.set(mValue + 1); + } + ~TlsAutoIncrement() { + typename T::Type value = mVar.get(); + MOZ_ASSERT(value == mValue + 1); + mVar.set(value - 1); + } + + typename T::Type value() { return mValue; } + + private: + typename T::Type mValue; + T& mVar; +}; + +nsresult NS_NewURI(nsIURI** aURI, const nsACString& aSpec, + const char* aCharset /* = nullptr */, + nsIURI* aBaseURI /* = nullptr */) { + TlsAutoIncrement<decltype(gTlsURLRecursionCount)> inc(gTlsURLRecursionCount); + if (inc.value() >= MAX_RECURSION_COUNT) { + return NS_ERROR_MALFORMED_URI; + } + + nsCOMPtr<nsIIOService> ioService = do_GetIOService(); + if (!ioService) { + // Individual protocol handlers unfortunately rely on the ioservice, let's + // return an error here instead of causing unpredictable crashes later. + return NS_ERROR_NOT_AVAILABLE; + } + + if (StaticPrefs::network_url_max_length() && + aSpec.Length() > StaticPrefs::network_url_max_length()) { + return NS_ERROR_MALFORMED_URI; + } + + nsAutoCString scheme; + nsresult rv = net_ExtractURLScheme(aSpec, scheme); + if (NS_FAILED(rv)) { + // then aSpec is relative + if (!aBaseURI) { + return NS_ERROR_MALFORMED_URI; + } + + if (!aSpec.IsEmpty() && aSpec[0] == '#') { + // Looks like a reference instead of a fully-specified URI. + // --> initialize |uri| as a clone of |aBaseURI|, with ref appended. + return NS_GetURIWithNewRef(aBaseURI, aSpec, aURI); + } + + rv = aBaseURI->GetScheme(scheme); + if (NS_FAILED(rv)) return rv; + } + + if (scheme.EqualsLiteral("http") || scheme.EqualsLiteral("ws")) { + return NewStandardURI(aSpec, aCharset, aBaseURI, NS_HTTP_DEFAULT_PORT, + aURI); + } + if (scheme.EqualsLiteral("https") || scheme.EqualsLiteral("wss")) { + return NewStandardURI(aSpec, aCharset, aBaseURI, NS_HTTPS_DEFAULT_PORT, + aURI); + } + if (scheme.EqualsLiteral("ftp")) { + return NewStandardURI(aSpec, aCharset, aBaseURI, 21, aURI); + } + + if (scheme.EqualsLiteral("file")) { + return NS_MutateURI(new nsStandardURL::Mutator()) + .Apply(&nsIFileURLMutator::MarkFileURL) + .Apply(&nsIStandardURLMutator::Init, + nsIStandardURL::URLTYPE_NO_AUTHORITY, -1, aSpec, aCharset, + aBaseURI, nullptr) + .Finalize(aURI); + } + + if (scheme.EqualsLiteral("data")) { + return nsDataHandler::CreateNewURI(aSpec, aCharset, aBaseURI, aURI); + } + + if (scheme.EqualsLiteral("moz-safe-about") || + scheme.EqualsLiteral("page-icon") || scheme.EqualsLiteral("moz") || + scheme.EqualsLiteral("cached-favicon")) { + return NS_MutateURI(new nsSimpleURI::Mutator()) + .SetSpec(aSpec) + .Finalize(aURI); + } + + if (scheme.EqualsLiteral("chrome")) { + return nsChromeProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI, + aURI); + } + + if (scheme.EqualsLiteral("javascript")) { + return nsJSProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI, aURI); + } + + if (scheme.EqualsLiteral("blob")) { + return BlobURLProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI, + aURI); + } + + if (scheme.EqualsLiteral("view-source")) { + return nsViewSourceHandler::CreateNewURI(aSpec, aCharset, aBaseURI, aURI); + } + + if (scheme.EqualsLiteral("resource")) { + RefPtr<nsResProtocolHandler> handler = nsResProtocolHandler::GetSingleton(); + if (!handler) { + return NS_ERROR_NOT_AVAILABLE; + } + return handler->NewURI(aSpec, aCharset, aBaseURI, aURI); + } + + if (scheme.EqualsLiteral("indexeddb") || scheme.EqualsLiteral("uuid")) { + return NS_MutateURI(new nsStandardURL::Mutator()) + .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_AUTHORITY, + 0, aSpec, aCharset, aBaseURI, nullptr) + .Finalize(aURI); + } + + if (scheme.EqualsLiteral("moz-extension")) { + RefPtr<mozilla::net::ExtensionProtocolHandler> handler = + mozilla::net::ExtensionProtocolHandler::GetSingleton(); + if (!handler) { + return NS_ERROR_NOT_AVAILABLE; + } + return handler->NewURI(aSpec, aCharset, aBaseURI, aURI); + } + + if (scheme.EqualsLiteral("moz-page-thumb")) { + // The moz-page-thumb service runs JS to resolve a URI to a + // storage location, so this should only ever run on the main + // thread. + if (!NS_IsMainThread()) { + return NS_ERROR_NOT_AVAILABLE; + } + + RefPtr<mozilla::net::PageThumbProtocolHandler> handler = + mozilla::net::PageThumbProtocolHandler::GetSingleton(); + if (!handler) { + return NS_ERROR_NOT_AVAILABLE; + } + return handler->NewURI(aSpec, aCharset, aBaseURI, aURI); + } + + if (scheme.EqualsLiteral("about")) { + return nsAboutProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI, + aURI); + } + + if (scheme.EqualsLiteral("jar")) { + return NS_MutateURI(new nsJARURI::Mutator()) + .Apply(&nsIJARURIMutator::SetSpecBaseCharset, aSpec, aBaseURI, aCharset) + .Finalize(aURI); + } + + if (scheme.EqualsLiteral("moz-icon")) { + return NS_MutateURI(new nsMozIconURI::Mutator()) + .SetSpec(aSpec) + .Finalize(aURI); + } + +#ifdef MOZ_WIDGET_GTK + if (scheme.EqualsLiteral("smb") || scheme.EqualsLiteral("sftp")) { + return NS_MutateURI(new nsStandardURL::Mutator()) + .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_STANDARD, + -1, aSpec, aCharset, aBaseURI, nullptr) + .Finalize(aURI); + } +#endif + + if (scheme.EqualsLiteral("android")) { + return NS_MutateURI(NS_STANDARDURLMUTATOR_CONTRACTID) + .Apply(&nsIStandardURLMutator::Init, nsIStandardURL::URLTYPE_STANDARD, + -1, aSpec, aCharset, aBaseURI, nullptr) + .Finalize(aURI); + } + + // web-extensions can add custom protocol implementations with standard URLs + // that have notion of hostname, authority and relative URLs. Below we + // manually check agains set of known protocols schemes until more general + // solution is in place (See Bug 1569733) + if (!StaticPrefs::network_url_useDefaultURI()) { + if (scheme.EqualsLiteral("ssh")) { + return NewStandardURI(aSpec, aCharset, aBaseURI, 22, aURI); + } + + if (scheme.EqualsLiteral("dweb") || scheme.EqualsLiteral("dat") || + scheme.EqualsLiteral("ipfs") || scheme.EqualsLiteral("ipns") || + scheme.EqualsLiteral("ssb") || scheme.EqualsLiteral("wtp")) { + return NewStandardURI(aSpec, aCharset, aBaseURI, -1, aURI); + } + } + +#if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE) + rv = NS_NewMailnewsURI(aURI, aSpec, aCharset, aBaseURI); + if (rv != NS_ERROR_UNKNOWN_PROTOCOL) { + return rv; + } +#endif + + if (aBaseURI) { + nsAutoCString newSpec; + rv = aBaseURI->Resolve(aSpec, newSpec); + NS_ENSURE_SUCCESS(rv, rv); + + nsAutoCString newScheme; + rv = net_ExtractURLScheme(newSpec, newScheme); + if (NS_SUCCEEDED(rv)) { + // The scheme shouldn't really change at this point. + MOZ_DIAGNOSTIC_ASSERT(newScheme == scheme); + } + + if (StaticPrefs::network_url_useDefaultURI()) { + return NS_MutateURI(new DefaultURI::Mutator()) + .SetSpec(newSpec) + .Finalize(aURI); + } + + return NS_MutateURI(new nsSimpleURI::Mutator()) + .SetSpec(newSpec) + .Finalize(aURI); + } + + if (StaticPrefs::network_url_useDefaultURI()) { + return NS_MutateURI(new DefaultURI::Mutator()) + .SetSpec(aSpec) + .Finalize(aURI); + } + + // Falls back to external protocol handler. + return NS_MutateURI(new nsSimpleURI::Mutator()).SetSpec(aSpec).Finalize(aURI); +} + +nsresult NS_GetSanitizedURIStringFromURI(nsIURI* aUri, + nsAString& aSanitizedSpec) { + aSanitizedSpec.Truncate(); + + nsCOMPtr<nsISensitiveInfoHiddenURI> safeUri = do_QueryInterface(aUri); + nsAutoCString cSpec; + nsresult rv; + if (safeUri) { + rv = safeUri->GetSensitiveInfoHiddenSpec(cSpec); + } else { + rv = aUri->GetSpec(cSpec); + } + + if (NS_SUCCEEDED(rv)) { + aSanitizedSpec.Assign(NS_ConvertUTF8toUTF16(cSpec)); + } + return rv; +} + +nsresult NS_LoadPersistentPropertiesFromURISpec( + nsIPersistentProperties** outResult, const nsACString& aSpec) { + nsCOMPtr<nsIURI> uri; + nsresult rv = NS_NewURI(getter_AddRefs(uri), aSpec); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr<nsIChannel> channel; + rv = NS_NewChannel(getter_AddRefs(channel), uri, + nsContentUtils::GetSystemPrincipal(), + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, + nsIContentPolicy::TYPE_OTHER); + NS_ENSURE_SUCCESS(rv, rv); + nsCOMPtr<nsIInputStream> in; + rv = channel->Open(getter_AddRefs(in)); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr<nsIPersistentProperties> properties = new nsPersistentProperties(); + rv = properties->Load(in); + NS_ENSURE_SUCCESS(rv, rv); + + properties.swap(*outResult); + return NS_OK; +} + +bool NS_UsePrivateBrowsing(nsIChannel* channel) { + OriginAttributes attrs; + bool result = StoragePrincipalHelper::GetOriginAttributes( + channel, attrs, StoragePrincipalHelper::eRegularPrincipal); + NS_ENSURE_TRUE(result, result); + return attrs.mPrivateBrowsingId > 0; +} + +bool NS_HasBeenCrossOrigin(nsIChannel* aChannel, bool aReport) { + nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); + // TYPE_DOCUMENT loads have a null LoadingPrincipal and can not be cross + // origin. + if (!loadInfo->GetLoadingPrincipal()) { + return false; + } + + // Always treat tainted channels as cross-origin. + if (loadInfo->GetTainting() != LoadTainting::Basic) { + return true; + } + + nsCOMPtr<nsIPrincipal> loadingPrincipal = loadInfo->GetLoadingPrincipal(); + uint32_t mode = loadInfo->GetSecurityMode(); + bool dataInherits = + mode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT || + mode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT || + mode == nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT; + + bool aboutBlankInherits = dataInherits && loadInfo->GetAboutBlankInherits(); + + uint64_t innerWindowID = loadInfo->GetInnerWindowID(); + + for (nsIRedirectHistoryEntry* redirectHistoryEntry : + loadInfo->RedirectChain()) { + nsCOMPtr<nsIPrincipal> principal; + redirectHistoryEntry->GetPrincipal(getter_AddRefs(principal)); + if (!principal) { + return true; + } + + nsCOMPtr<nsIURI> uri; + auto* basePrin = BasePrincipal::Cast(principal); + basePrin->GetURI(getter_AddRefs(uri)); + if (!uri) { + return true; + } + + if (aboutBlankInherits && NS_IsAboutBlank(uri)) { + continue; + } + + nsresult res; + if (aReport) { + res = loadingPrincipal->CheckMayLoadWithReporting(uri, dataInherits, + innerWindowID); + } else { + res = loadingPrincipal->CheckMayLoad(uri, dataInherits); + } + if (NS_FAILED(res)) { + return true; + } + } + + nsCOMPtr<nsIURI> uri; + NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri)); + if (!uri) { + return true; + } + + if (aboutBlankInherits && NS_IsAboutBlank(uri)) { + return false; + } + + nsresult res; + if (aReport) { + res = loadingPrincipal->CheckMayLoadWithReporting(uri, dataInherits, + innerWindowID); + } else { + res = loadingPrincipal->CheckMayLoad(uri, dataInherits); + } + + return NS_FAILED(res); +} + +bool NS_IsSafeMethodNav(nsIChannel* aChannel) { + RefPtr<HttpBaseChannel> baseChan = do_QueryObject(aChannel); + if (!baseChan) { + return false; + } + nsHttpRequestHead* requestHead = baseChan->GetRequestHead(); + if (!requestHead) { + return false; + } + return requestHead->IsSafeMethod(); +} + +void NS_WrapAuthPrompt(nsIAuthPrompt* aAuthPrompt, + nsIAuthPrompt2** aAuthPrompt2) { + nsCOMPtr<nsIAuthPromptAdapterFactory> factory = + do_GetService(NS_AUTHPROMPT_ADAPTER_FACTORY_CONTRACTID); + if (!factory) return; + + NS_WARNING("Using deprecated nsIAuthPrompt"); + factory->CreateAdapter(aAuthPrompt, aAuthPrompt2); +} + +void NS_QueryAuthPrompt2(nsIInterfaceRequestor* aCallbacks, + nsIAuthPrompt2** aAuthPrompt) { + CallGetInterface(aCallbacks, aAuthPrompt); + if (*aAuthPrompt) return; + + // Maybe only nsIAuthPrompt is provided and we have to wrap it. + nsCOMPtr<nsIAuthPrompt> prompt(do_GetInterface(aCallbacks)); + if (!prompt) return; + + NS_WrapAuthPrompt(prompt, aAuthPrompt); +} + +void NS_QueryAuthPrompt2(nsIChannel* aChannel, nsIAuthPrompt2** aAuthPrompt) { + *aAuthPrompt = nullptr; + + // We want to use any auth prompt we can find on the channel's callbacks, + // and if that fails use the loadgroup's prompt (if any) + // Therefore, we can't just use NS_QueryNotificationCallbacks, because + // that would prefer a loadgroup's nsIAuthPrompt2 over a channel's + // nsIAuthPrompt. + nsCOMPtr<nsIInterfaceRequestor> callbacks; + aChannel->GetNotificationCallbacks(getter_AddRefs(callbacks)); + if (callbacks) { + NS_QueryAuthPrompt2(callbacks, aAuthPrompt); + if (*aAuthPrompt) return; + } + + nsCOMPtr<nsILoadGroup> group; + aChannel->GetLoadGroup(getter_AddRefs(group)); + if (!group) return; + + group->GetNotificationCallbacks(getter_AddRefs(callbacks)); + if (!callbacks) return; + NS_QueryAuthPrompt2(callbacks, aAuthPrompt); +} + +nsresult NS_NewNotificationCallbacksAggregation( + nsIInterfaceRequestor* callbacks, nsILoadGroup* loadGroup, + nsIEventTarget* target, nsIInterfaceRequestor** result) { + nsCOMPtr<nsIInterfaceRequestor> cbs; + if (loadGroup) loadGroup->GetNotificationCallbacks(getter_AddRefs(cbs)); + return NS_NewInterfaceRequestorAggregation(callbacks, cbs, target, result); +} + +nsresult NS_NewNotificationCallbacksAggregation( + nsIInterfaceRequestor* callbacks, nsILoadGroup* loadGroup, + nsIInterfaceRequestor** result) { + return NS_NewNotificationCallbacksAggregation(callbacks, loadGroup, nullptr, + result); +} + +nsresult NS_DoImplGetInnermostURI(nsINestedURI* nestedURI, nsIURI** result) { + MOZ_ASSERT(nestedURI, "Must have a nested URI!"); + MOZ_ASSERT(!*result, "Must have null *result"); + + nsCOMPtr<nsIURI> inner; + nsresult rv = nestedURI->GetInnerURI(getter_AddRefs(inner)); + NS_ENSURE_SUCCESS(rv, rv); + + // We may need to loop here until we reach the innermost + // URI. + nsCOMPtr<nsINestedURI> nestedInner(do_QueryInterface(inner)); + while (nestedInner) { + rv = nestedInner->GetInnerURI(getter_AddRefs(inner)); + NS_ENSURE_SUCCESS(rv, rv); + nestedInner = do_QueryInterface(inner); + } + + // Found the innermost one if we reach here. + inner.swap(*result); + + return rv; +} + +nsresult NS_ImplGetInnermostURI(nsINestedURI* nestedURI, nsIURI** result) { + // Make it safe to use swap() + *result = nullptr; + + return NS_DoImplGetInnermostURI(nestedURI, result); +} + +already_AddRefed<nsIURI> NS_GetInnermostURI(nsIURI* aURI) { + MOZ_ASSERT(aURI, "Must have URI"); + + nsCOMPtr<nsIURI> uri = aURI; + + nsCOMPtr<nsINestedURI> nestedURI(do_QueryInterface(uri)); + if (!nestedURI) { + return uri.forget(); + } + + nsresult rv = nestedURI->GetInnermostURI(getter_AddRefs(uri)); + if (NS_FAILED(rv)) { + return nullptr; + } + + return uri.forget(); +} + +nsresult NS_GetFinalChannelURI(nsIChannel* channel, nsIURI** uri) { + *uri = nullptr; + + nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo(); + nsCOMPtr<nsIURI> resultPrincipalURI; + loadInfo->GetResultPrincipalURI(getter_AddRefs(resultPrincipalURI)); + if (resultPrincipalURI) { + resultPrincipalURI.forget(uri); + return NS_OK; + } + return channel->GetOriginalURI(uri); +} + +nsresult NS_URIChainHasFlags(nsIURI* uri, uint32_t flags, bool* result) { + nsresult rv; + nsCOMPtr<nsINetUtil> util = do_GetNetUtil(&rv); + NS_ENSURE_SUCCESS(rv, rv); + + return util->URIChainHasFlags(uri, flags, result); +} + +uint32_t NS_SecurityHashURI(nsIURI* aURI) { + nsCOMPtr<nsIURI> baseURI = NS_GetInnermostURI(aURI); + + nsAutoCString scheme; + uint32_t schemeHash = 0; + if (NS_SUCCEEDED(baseURI->GetScheme(scheme))) { + schemeHash = mozilla::HashString(scheme); + } + + // TODO figure out how to hash file:// URIs + if (scheme.EqualsLiteral("file")) return schemeHash; // sad face + +#if IS_ORIGIN_IS_FULL_SPEC_DEFINED + bool hasFlag; + if (NS_FAILED(NS_URIChainHasFlags( + baseURI, nsIProtocolHandler::ORIGIN_IS_FULL_SPEC, &hasFlag)) || + hasFlag) { + nsAutoCString spec; + uint32_t specHash; + nsresult res = baseURI->GetSpec(spec); + if (NS_SUCCEEDED(res)) + specHash = mozilla::HashString(spec); + else + specHash = static_cast<uint32_t>(res); + return specHash; + } +#endif + + nsAutoCString host; + uint32_t hostHash = 0; + if (NS_SUCCEEDED(baseURI->GetAsciiHost(host))) { + hostHash = mozilla::HashString(host); + } + + return mozilla::AddToHash(schemeHash, hostHash, NS_GetRealPort(baseURI)); +} + +bool NS_SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI, + bool aStrictFileOriginPolicy) { + nsresult rv; + + // Note that this is not an Equals() test on purpose -- for URIs that don't + // support host/port, we want equality to basically be object identity, for + // security purposes. Otherwise, for example, two javascript: URIs that + // are otherwise unrelated could end up "same origin", which would be + // unfortunate. + if (aSourceURI && aSourceURI == aTargetURI) { + return true; + } + + if (!aTargetURI || !aSourceURI) { + return false; + } + + // If either URI is a nested URI, get the base URI + nsCOMPtr<nsIURI> sourceBaseURI = NS_GetInnermostURI(aSourceURI); + nsCOMPtr<nsIURI> targetBaseURI = NS_GetInnermostURI(aTargetURI); + +#if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE) + // Check if either URI has a special origin. + nsCOMPtr<nsIURI> origin; + nsCOMPtr<nsIURIWithSpecialOrigin> uriWithSpecialOrigin = + do_QueryInterface(sourceBaseURI); + if (uriWithSpecialOrigin) { + rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin)); + if (NS_WARN_IF(NS_FAILED(rv))) { + return false; + } + MOZ_ASSERT(origin); + sourceBaseURI = origin; + } + uriWithSpecialOrigin = do_QueryInterface(targetBaseURI); + if (uriWithSpecialOrigin) { + rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin)); + if (NS_WARN_IF(NS_FAILED(rv))) { + return false; + } + MOZ_ASSERT(origin); + targetBaseURI = origin; + } +#endif + + nsCOMPtr<nsIPrincipal> sourceBlobPrincipal; + if (BlobURLProtocolHandler::GetBlobURLPrincipal( + sourceBaseURI, getter_AddRefs(sourceBlobPrincipal))) { + nsCOMPtr<nsIURI> sourceBlobOwnerURI; + auto* basePrin = BasePrincipal::Cast(sourceBlobPrincipal); + rv = basePrin->GetURI(getter_AddRefs(sourceBlobOwnerURI)); + if (NS_SUCCEEDED(rv)) { + sourceBaseURI = sourceBlobOwnerURI; + } + } + + nsCOMPtr<nsIPrincipal> targetBlobPrincipal; + if (BlobURLProtocolHandler::GetBlobURLPrincipal( + targetBaseURI, getter_AddRefs(targetBlobPrincipal))) { + nsCOMPtr<nsIURI> targetBlobOwnerURI; + auto* basePrin = BasePrincipal::Cast(targetBlobPrincipal); + rv = basePrin->GetURI(getter_AddRefs(targetBlobOwnerURI)); + if (NS_SUCCEEDED(rv)) { + targetBaseURI = targetBlobOwnerURI; + } + } + + if (!sourceBaseURI || !targetBaseURI) return false; + + // Compare schemes + nsAutoCString targetScheme; + bool sameScheme = false; + if (NS_FAILED(targetBaseURI->GetScheme(targetScheme)) || + NS_FAILED(sourceBaseURI->SchemeIs(targetScheme.get(), &sameScheme)) || + !sameScheme) { + // Not same-origin if schemes differ + return false; + } + + // For file scheme, reject unless the files are identical. See + // NS_RelaxStrictFileOriginPolicy for enforcing file same-origin checking + if (targetScheme.EqualsLiteral("file")) { + // in traditional unsafe behavior all files are the same origin + if (!aStrictFileOriginPolicy) return true; + + nsCOMPtr<nsIFileURL> sourceFileURL(do_QueryInterface(sourceBaseURI)); + nsCOMPtr<nsIFileURL> targetFileURL(do_QueryInterface(targetBaseURI)); + + if (!sourceFileURL || !targetFileURL) return false; + + nsCOMPtr<nsIFile> sourceFile, targetFile; + + sourceFileURL->GetFile(getter_AddRefs(sourceFile)); + targetFileURL->GetFile(getter_AddRefs(targetFile)); + + if (!sourceFile || !targetFile) return false; + + // Otherwise they had better match + bool filesAreEqual = false; + rv = sourceFile->Equals(targetFile, &filesAreEqual); + return NS_SUCCEEDED(rv) && filesAreEqual; + } + +#if IS_ORIGIN_IS_FULL_SPEC_DEFINED + bool hasFlag; + if (NS_FAILED(NS_URIChainHasFlags( + targetBaseURI, nsIProtocolHandler::ORIGIN_IS_FULL_SPEC, &hasFlag)) || + hasFlag) { + // URIs with this flag have the whole spec as a distinct trust + // domain; use the whole spec for comparison + nsAutoCString targetSpec; + nsAutoCString sourceSpec; + return (NS_SUCCEEDED(targetBaseURI->GetSpec(targetSpec)) && + NS_SUCCEEDED(sourceBaseURI->GetSpec(sourceSpec)) && + targetSpec.Equals(sourceSpec)); + } +#endif + + // Compare hosts + nsAutoCString targetHost; + nsAutoCString sourceHost; + if (NS_FAILED(targetBaseURI->GetAsciiHost(targetHost)) || + NS_FAILED(sourceBaseURI->GetAsciiHost(sourceHost))) { + return false; + } + + nsCOMPtr<nsIStandardURL> targetURL(do_QueryInterface(targetBaseURI)); + nsCOMPtr<nsIStandardURL> sourceURL(do_QueryInterface(sourceBaseURI)); + if (!targetURL || !sourceURL) { + return false; + } + + if (!targetHost.Equals(sourceHost, nsCaseInsensitiveCStringComparator)) { + return false; + } + + return NS_GetRealPort(targetBaseURI) == NS_GetRealPort(sourceBaseURI); +} + +bool NS_URIIsLocalFile(nsIURI* aURI) { + nsCOMPtr<nsINetUtil> util = do_GetNetUtil(); + + bool isFile; + return util && + NS_SUCCEEDED(util->ProtocolHasFlags( + aURI, nsIProtocolHandler::URI_IS_LOCAL_FILE, &isFile)) && + isFile; +} + +bool NS_RelaxStrictFileOriginPolicy(nsIURI* aTargetURI, nsIURI* aSourceURI, + bool aAllowDirectoryTarget /* = false */) { + if (!NS_URIIsLocalFile(aTargetURI)) { + // This is probably not what the caller intended + MOZ_ASSERT_UNREACHABLE( + "NS_RelaxStrictFileOriginPolicy called with non-file URI"); + return false; + } + + if (!NS_URIIsLocalFile(aSourceURI)) { + // If the source is not also a file: uri then forget it + // (don't want resource: principals in a file: doc) + // + // note: we're not de-nesting jar: uris here, we want to + // keep archive content bottled up in its own little island + return false; + } + + // + // pull out the internal files + // + nsCOMPtr<nsIFileURL> targetFileURL(do_QueryInterface(aTargetURI)); + nsCOMPtr<nsIFileURL> sourceFileURL(do_QueryInterface(aSourceURI)); + nsCOMPtr<nsIFile> targetFile; + nsCOMPtr<nsIFile> sourceFile; + bool targetIsDir; + + // Make sure targetFile is not a directory (bug 209234) + // and that it exists w/out unescaping (bug 395343) + if (!sourceFileURL || !targetFileURL || + NS_FAILED(targetFileURL->GetFile(getter_AddRefs(targetFile))) || + NS_FAILED(sourceFileURL->GetFile(getter_AddRefs(sourceFile))) || + !targetFile || !sourceFile || NS_FAILED(targetFile->Normalize()) || +#ifndef MOZ_WIDGET_ANDROID + NS_FAILED(sourceFile->Normalize()) || +#endif + (!aAllowDirectoryTarget && + (NS_FAILED(targetFile->IsDirectory(&targetIsDir)) || targetIsDir))) { + return false; + } + + return false; +} + +bool NS_IsInternalSameURIRedirect(nsIChannel* aOldChannel, + nsIChannel* aNewChannel, uint32_t aFlags) { + if (!(aFlags & nsIChannelEventSink::REDIRECT_INTERNAL)) { + return false; + } + + nsCOMPtr<nsIURI> oldURI, newURI; + aOldChannel->GetURI(getter_AddRefs(oldURI)); + aNewChannel->GetURI(getter_AddRefs(newURI)); + + if (!oldURI || !newURI) { + return false; + } + + bool res; + return NS_SUCCEEDED(oldURI->Equals(newURI, &res)) && res; +} + +bool NS_IsHSTSUpgradeRedirect(nsIChannel* aOldChannel, nsIChannel* aNewChannel, + uint32_t aFlags) { + if (!(aFlags & nsIChannelEventSink::REDIRECT_STS_UPGRADE)) { + return false; + } + + nsCOMPtr<nsIURI> oldURI, newURI; + aOldChannel->GetURI(getter_AddRefs(oldURI)); + aNewChannel->GetURI(getter_AddRefs(newURI)); + + if (!oldURI || !newURI) { + return false; + } + + if (!oldURI->SchemeIs("http")) { + return false; + } + + nsCOMPtr<nsIURI> upgradedURI; + nsresult rv = NS_GetSecureUpgradedURI(oldURI, getter_AddRefs(upgradedURI)); + if (NS_FAILED(rv)) { + return false; + } + + bool res; + return NS_SUCCEEDED(upgradedURI->Equals(newURI, &res)) && res; +} + +bool NS_ShouldRemoveAuthHeaderOnRedirect(nsIChannel* aOldChannel, + nsIChannel* aNewChannel, + uint32_t aFlags) { + // we need to strip Authentication headers for external cross-origin redirects + // Howerver, we should NOT strip auth headers for + // - internal redirects/HSTS upgrades + // - same origin redirects + // Ref: https://fetch.spec.whatwg.org/#http-redirect-fetch + if ((aFlags & (nsIChannelEventSink::REDIRECT_STS_UPGRADE | + nsIChannelEventSink::REDIRECT_INTERNAL))) { + // this is an internal redirect do not strip auth header + return false; + } + nsCOMPtr<nsIURI> oldUri; + MOZ_ALWAYS_SUCCEEDS( + NS_GetFinalChannelURI(aOldChannel, getter_AddRefs(oldUri))); + + nsCOMPtr<nsIURI> newUri; + MOZ_ALWAYS_SUCCEEDS( + NS_GetFinalChannelURI(aNewChannel, getter_AddRefs(newUri))); + + nsresult rv = nsContentUtils::GetSecurityManager()->CheckSameOriginURI( + newUri, oldUri, false, false); + + return NS_FAILED(rv); +} + +nsresult NS_LinkRedirectChannels(uint64_t channelId, + nsIParentChannel* parentChannel, + nsIChannel** _result) { + nsCOMPtr<nsIRedirectChannelRegistrar> registrar = + RedirectChannelRegistrar::GetOrCreate(); + MOZ_ASSERT(registrar); + + return registrar->LinkChannels(channelId, parentChannel, _result); +} + +nsILoadInfo::CrossOriginEmbedderPolicy +NS_GetCrossOriginEmbedderPolicyFromHeader( + const nsACString& aHeader, bool aIsOriginTrialCoepCredentiallessEnabled) { + nsCOMPtr<nsISFVService> sfv = GetSFVService(); + + nsCOMPtr<nsISFVItem> item; + nsresult rv = sfv->ParseItem(aHeader, getter_AddRefs(item)); + if (NS_FAILED(rv)) { + return nsILoadInfo::EMBEDDER_POLICY_NULL; + } + + nsCOMPtr<nsISFVBareItem> value; + rv = item->GetValue(getter_AddRefs(value)); + if (NS_FAILED(rv)) { + return nsILoadInfo::EMBEDDER_POLICY_NULL; + } + + nsCOMPtr<nsISFVToken> token = do_QueryInterface(value); + if (!token) { + return nsILoadInfo::EMBEDDER_POLICY_NULL; + } + + nsAutoCString embedderPolicy; + rv = token->GetValue(embedderPolicy); + if (NS_FAILED(rv)) { + return nsILoadInfo::EMBEDDER_POLICY_NULL; + } + + if (embedderPolicy.EqualsLiteral("require-corp")) { + return nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP; + } else if (embedderPolicy.EqualsLiteral("credentialless") && + IsCoepCredentiallessEnabled( + aIsOriginTrialCoepCredentiallessEnabled)) { + return nsILoadInfo::EMBEDDER_POLICY_CREDENTIALLESS; + } + + return nsILoadInfo::EMBEDDER_POLICY_NULL; +} + +/** Given the first (disposition) token from a Content-Disposition header, + * tell whether it indicates the content is inline or attachment + * @param aDispToken the disposition token from the content-disposition header + */ +uint32_t NS_GetContentDispositionFromToken(const nsAString& aDispToken) { + // RFC 2183, section 2.8 says that an unknown disposition + // value should be treated as "attachment" + // If all of these tests eval to false, then we have a content-disposition of + // "attachment" or unknown + if (aDispToken.IsEmpty() || aDispToken.LowerCaseEqualsLiteral("inline") || + // Broken sites just send + // Content-Disposition: filename="file" + // without a disposition token... screen those out. + StringHead(aDispToken, 8).LowerCaseEqualsLiteral("filename")) { + return nsIChannel::DISPOSITION_INLINE; + } + + return nsIChannel::DISPOSITION_ATTACHMENT; +} + +uint32_t NS_GetContentDispositionFromHeader(const nsACString& aHeader, + nsIChannel* aChan /* = nullptr */) { + nsresult rv; + nsCOMPtr<nsIMIMEHeaderParam> mimehdrpar = + do_GetService(NS_MIMEHEADERPARAM_CONTRACTID, &rv); + if (NS_FAILED(rv)) return nsIChannel::DISPOSITION_ATTACHMENT; + + nsAutoString dispToken; + rv = mimehdrpar->GetParameterHTTP(aHeader, "", ""_ns, true, nullptr, + dispToken); + + if (NS_FAILED(rv)) { + // special case (see bug 272541): empty disposition type handled as "inline" + if (rv == NS_ERROR_FIRST_HEADER_FIELD_COMPONENT_EMPTY) { + return nsIChannel::DISPOSITION_INLINE; + } + return nsIChannel::DISPOSITION_ATTACHMENT; + } + + return NS_GetContentDispositionFromToken(dispToken); +} + +nsresult NS_GetFilenameFromDisposition(nsAString& aFilename, + const nsACString& aDisposition) { + aFilename.Truncate(); + + nsresult rv; + nsCOMPtr<nsIMIMEHeaderParam> mimehdrpar = + do_GetService(NS_MIMEHEADERPARAM_CONTRACTID, &rv); + if (NS_FAILED(rv)) return rv; + + // Get the value of 'filename' parameter + rv = mimehdrpar->GetParameterHTTP(aDisposition, "filename", ""_ns, true, + nullptr, aFilename); + + if (NS_FAILED(rv)) { + aFilename.Truncate(); + return rv; + } + + if (aFilename.IsEmpty()) return NS_ERROR_NOT_AVAILABLE; + + // Filename may still be percent-encoded. Fix: + if (aFilename.FindChar('%') != -1) { + nsCOMPtr<nsITextToSubURI> textToSubURI = + do_GetService(NS_ITEXTTOSUBURI_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv)) { + nsAutoString unescaped; + textToSubURI->UnEscapeURIForUI(NS_ConvertUTF16toUTF8(aFilename), + /* dontEscape = */ true, unescaped); + aFilename.Assign(unescaped); + } + } + + return NS_OK; +} + +void net_EnsurePSMInit() { + if (XRE_IsSocketProcess()) { + EnsureNSSInitializedChromeOrContent(); + return; + } + + MOZ_ASSERT(XRE_IsParentProcess()); + MOZ_ASSERT(NS_IsMainThread()); + + DebugOnly<bool> rv = EnsureNSSInitializedChromeOrContent(); + MOZ_ASSERT(rv); +} + +bool NS_IsAboutBlank(nsIURI* uri) { + // GetSpec can be expensive for some URIs, so check the scheme first. + if (!uri->SchemeIs("about")) { + return false; + } + + nsAutoCString spec; + if (NS_FAILED(uri->GetSpec(spec))) { + return false; + } + + return spec.EqualsLiteral("about:blank"); +} + +bool NS_IsAboutSrcdoc(nsIURI* uri) { + // GetSpec can be expensive for some URIs, so check the scheme first. + if (!uri->SchemeIs("about")) { + return false; + } + + nsAutoCString spec; + if (NS_FAILED(uri->GetSpec(spec))) { + return false; + } + + return spec.EqualsLiteral("about:srcdoc"); +} + +nsresult NS_GenerateHostPort(const nsCString& host, int32_t port, + nsACString& hostLine) { + if (strchr(host.get(), ':')) { + // host is an IPv6 address literal and must be encapsulated in []'s + hostLine.Assign('['); + // scope id is not needed for Host header. + int scopeIdPos = host.FindChar('%'); + if (scopeIdPos == -1) { + hostLine.Append(host); + } else if (scopeIdPos > 0) { + hostLine.Append(Substring(host, 0, scopeIdPos)); + } else { + return NS_ERROR_MALFORMED_URI; + } + hostLine.Append(']'); + } else { + hostLine.Assign(host); + } + if (port != -1) { + hostLine.Append(':'); + hostLine.AppendInt(port); + } + return NS_OK; +} + +void NS_SniffContent(const char* aSnifferType, nsIRequest* aRequest, + const uint8_t* aData, uint32_t aLength, + nsACString& aSniffedType) { + using ContentSnifferCache = nsCategoryCache<nsIContentSniffer>; + extern ContentSnifferCache* gNetSniffers; + extern ContentSnifferCache* gDataSniffers; + extern ContentSnifferCache* gORBSniffers; + extern ContentSnifferCache* gNetAndORBSniffers; + ContentSnifferCache* cache = nullptr; + if (!strcmp(aSnifferType, NS_CONTENT_SNIFFER_CATEGORY)) { + if (!gNetSniffers) { + gNetSniffers = new ContentSnifferCache(NS_CONTENT_SNIFFER_CATEGORY); + } + cache = gNetSniffers; + } else if (!strcmp(aSnifferType, NS_DATA_SNIFFER_CATEGORY)) { + if (!gDataSniffers) { + gDataSniffers = new ContentSnifferCache(NS_DATA_SNIFFER_CATEGORY); + } + cache = gDataSniffers; + } else if (!strcmp(aSnifferType, NS_ORB_SNIFFER_CATEGORY)) { + if (!gORBSniffers) { + gORBSniffers = new ContentSnifferCache(NS_ORB_SNIFFER_CATEGORY); + } + cache = gORBSniffers; + } else if (!strcmp(aSnifferType, NS_CONTENT_AND_ORB_SNIFFER_CATEGORY)) { + if (!gNetAndORBSniffers) { + gNetAndORBSniffers = + new ContentSnifferCache(NS_CONTENT_AND_ORB_SNIFFER_CATEGORY); + } + cache = gNetAndORBSniffers; + } else { + // Invalid content sniffer type was requested + MOZ_ASSERT(false); + return; + } + + // In case XCTO nosniff was present, we could just skip sniffing here + nsCOMPtr<nsIChannel> channel = do_QueryInterface(aRequest); + if (channel) { + nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo(); + if (loadInfo->GetSkipContentSniffing()) { + /* Bug 1571742 + * We cannot skip snffing if the current MIME-Type might be a JSON. + * The JSON-Viewer relies on its own sniffer to determine, if it can + * render the page, so we need to make an exception if the Server provides + * a application/ mime, as it might be json. + */ + nsAutoCString currentContentType; + channel->GetContentType(currentContentType); + if (!StringBeginsWith(currentContentType, "application/"_ns)) { + return; + } + } + } + nsCOMArray<nsIContentSniffer> sniffers; + cache->GetEntries(sniffers); + for (int32_t i = 0; i < sniffers.Count(); ++i) { + nsresult rv = sniffers[i]->GetMIMETypeFromContent(aRequest, aData, aLength, + aSniffedType); + if (NS_SUCCEEDED(rv) && !aSniffedType.IsEmpty()) { + return; + } + } + + aSniffedType.Truncate(); +} + +bool NS_IsSrcdocChannel(nsIChannel* aChannel) { + bool isSrcdoc; + nsCOMPtr<nsIInputStreamChannel> isr = do_QueryInterface(aChannel); + if (isr) { + isr->GetIsSrcdocChannel(&isSrcdoc); + return isSrcdoc; + } + nsCOMPtr<nsIViewSourceChannel> vsc = do_QueryInterface(aChannel); + if (vsc) { + nsresult rv = vsc->GetIsSrcdocChannel(&isSrcdoc); + if (NS_SUCCEEDED(rv)) { + return isSrcdoc; + } + } + return false; +} + +// helper function for NS_ShouldSecureUpgrade for checking HSTS +bool handleResultFunc(bool aAllowSTS, bool aIsStsHost) { + if (aIsStsHost) { + LOG(("nsHttpChannel::Connect() STS permissions found\n")); + if (aAllowSTS) { + Telemetry::AccumulateCategorical( + Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::STS); + return true; + } + Telemetry::AccumulateCategorical( + Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::PrefBlockedSTS); + } else { + Telemetry::AccumulateCategorical( + Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::NoReasonToUpgrade); + } + return false; +}; +// That function is a helper function of NS_ShouldSecureUpgrade to check if +// CSP upgrade-insecure-requests, Mixed content auto upgrading or HTTPs-Only/- +// First should upgrade the given request. +static bool ShouldSecureUpgradeNoHSTS(nsIURI* aURI, nsILoadInfo* aLoadInfo) { + // 2. CSP upgrade-insecure-requests + if (aLoadInfo->GetUpgradeInsecureRequests()) { + // let's log a message to the console that we are upgrading a request + nsAutoCString scheme; + aURI->GetScheme(scheme); + // append the additional 's' for security to the scheme :-) + scheme.AppendLiteral("s"); + NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault()); + NS_ConvertUTF8toUTF16 reportScheme(scheme); + AutoTArray<nsString, 2> params = {reportSpec, reportScheme}; + uint64_t innerWindowId = aLoadInfo->GetInnerWindowID(); + CSP_LogLocalizedStr("upgradeInsecureRequest", params, + u""_ns, // aSourceFile + u""_ns, // aScriptSample + 0, // aLineNumber + 1, // aColumnNumber + nsIScriptError::warningFlag, + "upgradeInsecureRequest"_ns, innerWindowId, + !!aLoadInfo->GetOriginAttributes().mPrivateBrowsingId); + Telemetry::AccumulateCategorical( + Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::CSP); + return true; + } + // 3. Mixed content auto upgrading + if (aLoadInfo->GetBrowserUpgradeInsecureRequests()) { + // let's log a message to the console that we are upgrading a request + nsAutoCString scheme; + aURI->GetScheme(scheme); + // append the additional 's' for security to the scheme :-) + scheme.AppendLiteral("s"); + NS_ConvertUTF8toUTF16 reportSpec(aURI->GetSpecOrDefault()); + NS_ConvertUTF8toUTF16 reportScheme(scheme); + AutoTArray<nsString, 2> params = {reportSpec, reportScheme}; + + nsAutoString localizedMsg; + nsContentUtils::FormatLocalizedString(nsContentUtils::eSECURITY_PROPERTIES, + "MixedContentAutoUpgrade", params, + localizedMsg); + + // Prepending ixed Content to the outgoing console message + nsString message; + message.AppendLiteral(u"Mixed Content: "); + message.Append(localizedMsg); + + uint64_t innerWindowId = aLoadInfo->GetInnerWindowID(); + nsContentUtils::ReportToConsoleByWindowID( + message, nsIScriptError::warningFlag, "Mixed Content Message"_ns, + innerWindowId, aURI); + + // Set this flag so we know we'll upgrade because of + // 'security.mixed_content.upgrade_display_content'. + aLoadInfo->SetBrowserDidUpgradeInsecureRequests(true); + Telemetry::AccumulateCategorical( + Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::BrowserDisplay); + + return true; + } + + // 4. Https-Only + if (nsHTTPSOnlyUtils::ShouldUpgradeRequest(aURI, aLoadInfo)) { + Telemetry::AccumulateCategorical( + Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::HTTPSOnly); + return true; + } + // 4.a Https-First + if (nsHTTPSOnlyUtils::ShouldUpgradeHttpsFirstRequest(aURI, aLoadInfo)) { + Telemetry::AccumulateCategorical( + Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::HTTPSFirst); + return true; + } + return false; +} + +// Check if channel should be upgraded. check in the following order: +// 1. HSTS +// 2. CSP upgrade-insecure-requests +// 3. Mixed content auto upgrading +// 4. Https-Only / first +// (5. Https RR - will be checked in nsHttpChannel) +nsresult NS_ShouldSecureUpgrade( + nsIURI* aURI, nsILoadInfo* aLoadInfo, nsIPrincipal* aChannelResultPrincipal, + bool aAllowSTS, const OriginAttributes& aOriginAttributes, + bool& aShouldUpgrade, std::function<void(bool, nsresult)>&& aResultCallback, + bool& aWillCallback) { + MOZ_ASSERT(XRE_IsParentProcess()); + if (!XRE_IsParentProcess()) { + return NS_ERROR_NOT_AVAILABLE; + } + + aWillCallback = false; + aShouldUpgrade = false; + + // Even if we're in private browsing mode, we still enforce existing STS + // data (it is read-only). + // if the connection is not using SSL and either the exact host matches or + // a superdomain wants to force HTTPS, do it. + bool isHttps = aURI->SchemeIs("https"); + + // If request is https, then there is nothing to do here. + if (isHttps) { + Telemetry::AccumulateCategorical( + Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::AlreadyHTTPS); + aShouldUpgrade = false; + return NS_OK; + } + // If it is a mixed content trustworthy loopback, then we shouldn't upgrade + // it. + if (nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(aURI)) { + aShouldUpgrade = false; + return NS_OK; + } + // If no loadInfo exist there is nothing to upgrade here. + if (!aLoadInfo) { + aShouldUpgrade = false; + return NS_OK; + } + MOZ_ASSERT(!aURI->SchemeIs("https")); + + // enforce Strict-Transport-Security + nsISiteSecurityService* sss = gHttpHandler->GetSSService(); + NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY); + + bool isStsHost = false; + // Calling |IsSecureURI| before the storage is ready to read will + // block the main thread. Once the storage is ready, we can call it + // from main thread. + static Atomic<bool, Relaxed> storageReady(false); + if (!storageReady && gSocketTransportService && aResultCallback) { + nsCOMPtr<nsILoadInfo> loadInfo = aLoadInfo; + nsCOMPtr<nsIURI> uri = aURI; + auto callbackWrapper = [resultCallback{std::move(aResultCallback)}, uri, + loadInfo](bool aShouldUpgrade, nsresult aStatus) { + MOZ_ASSERT(NS_IsMainThread()); + + // 1. HSTS upgrade + if (aShouldUpgrade || NS_FAILED(aStatus)) { + resultCallback(aShouldUpgrade, aStatus); + return; + } + // Check if we need to upgrade because of other reasons. + // 2. CSP upgrade-insecure-requests + // 3. Mixed content auto upgrading + // 4. Https-Only / first + bool shouldUpgrade = ShouldSecureUpgradeNoHSTS(uri, loadInfo); + resultCallback(shouldUpgrade, aStatus); + }; + nsCOMPtr<nsISiteSecurityService> service = sss; + nsresult rv = gSocketTransportService->Dispatch( + NS_NewRunnableFunction( + "net::NS_ShouldSecureUpgrade", + [service{std::move(service)}, uri{std::move(uri)}, + originAttributes(aOriginAttributes), + handleResultFunc{std::move(handleResultFunc)}, + callbackWrapper{std::move(callbackWrapper)}, + allowSTS{std::move(aAllowSTS)}]() mutable { + bool isStsHost = false; + nsresult rv = + service->IsSecureURI(uri, originAttributes, &isStsHost); + + // Successfully get the result from |IsSecureURI| implies that + // the storage is ready to read. + storageReady = NS_SUCCEEDED(rv); + bool shouldUpgrade = handleResultFunc(allowSTS, isStsHost); + // Check if request should be upgraded. + NS_DispatchToMainThread(NS_NewRunnableFunction( + "net::NS_ShouldSecureUpgrade::ResultCallback", + [rv, shouldUpgrade, + callbackWrapper{std::move(callbackWrapper)}]() { + callbackWrapper(shouldUpgrade, rv); + })); + }), + NS_DISPATCH_NORMAL); + aWillCallback = NS_SUCCEEDED(rv); + return rv; + } + + nsresult rv = sss->IsSecureURI(aURI, aOriginAttributes, &isStsHost); + + // if the SSS check fails, it's likely because this load is on a + // malformed URI or something else in the setup is wrong, so any error + // should be reported. + NS_ENSURE_SUCCESS(rv, rv); + + aShouldUpgrade = handleResultFunc(aAllowSTS, isStsHost); + if (!aShouldUpgrade) { + // Check for CSP upgrade-insecure-requests, Mixed content auto upgrading + // and Https-Only / -First. + aShouldUpgrade = ShouldSecureUpgradeNoHSTS(aURI, aLoadInfo); + } + return rv; +} + +nsresult NS_GetSecureUpgradedURI(nsIURI* aURI, nsIURI** aUpgradedURI) { + NS_MutateURI mutator(aURI); + mutator.SetScheme("https"_ns); // Change the scheme to HTTPS: + + // Change the default port to 443: + nsCOMPtr<nsIStandardURL> stdURL = do_QueryInterface(aURI); + if (stdURL) { + mutator.Apply(&nsIStandardURLMutator::SetDefaultPort, 443, nullptr); + } else { + // If we don't have a nsStandardURL, fall back to using GetPort/SetPort. + // XXXdholbert Is this function even called with a non-nsStandardURL arg, + // in practice? + NS_WARNING("Calling NS_GetSecureUpgradedURI for non nsStandardURL"); + int32_t oldPort = -1; + nsresult rv = aURI->GetPort(&oldPort); + if (NS_FAILED(rv)) return rv; + + // Keep any nonstandard ports so only the scheme is changed. + // For example: + // http://foo.com:80 -> https://foo.com:443 + // http://foo.com:81 -> https://foo.com:81 + + if (oldPort == 80 || oldPort == -1) { + mutator.SetPort(-1); + } else { + mutator.SetPort(oldPort); + } + } + + return mutator.Finalize(aUpgradedURI); +} + +nsresult NS_CompareLoadInfoAndLoadContext(nsIChannel* aChannel) { + nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); + + nsCOMPtr<nsILoadContext> loadContext; + NS_QueryNotificationCallbacks(aChannel, loadContext); + if (!loadContext) { + return NS_OK; + } + + // We try to skip about:newtab. + // about:newtab will use SystemPrincipal to download thumbnails through + // https:// and blob URLs. + bool isAboutPage = false; + nsINode* node = loadInfo->LoadingNode(); + if (node) { + nsIURI* uri = node->OwnerDoc()->GetDocumentURI(); + isAboutPage = uri->SchemeIs("about"); + } + + if (isAboutPage) { + return NS_OK; + } + + // We skip the favicon loading here. The favicon loading might be + // triggered by the XUL image. For that case, the loadContext will have + // default originAttributes since the XUL image uses SystemPrincipal, but + // the loadInfo will use originAttributes from the content. Thus, the + // originAttributes between loadInfo and loadContext will be different. + // That's why we have to skip the comparison for the favicon loading. + if (loadInfo->GetLoadingPrincipal() && + loadInfo->GetLoadingPrincipal()->IsSystemPrincipal() && + loadInfo->InternalContentPolicyType() == + nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON) { + return NS_OK; + } + + OriginAttributes originAttrsLoadInfo = loadInfo->GetOriginAttributes(); + OriginAttributes originAttrsLoadContext; + loadContext->GetOriginAttributes(originAttrsLoadContext); + + LOG( + ("NS_CompareLoadInfoAndLoadContext - loadInfo: %d, %d; " + "loadContext: %d, %d. [channel=%p]", + originAttrsLoadInfo.mUserContextId, + originAttrsLoadInfo.mPrivateBrowsingId, + originAttrsLoadContext.mUserContextId, + originAttrsLoadContext.mPrivateBrowsingId, aChannel)); + + MOZ_ASSERT(originAttrsLoadInfo.mUserContextId == + originAttrsLoadContext.mUserContextId, + "The value of mUserContextId in the loadContext and in the " + "loadInfo are not the same!"); + + MOZ_ASSERT(originAttrsLoadInfo.mPrivateBrowsingId == + originAttrsLoadContext.mPrivateBrowsingId, + "The value of mPrivateBrowsingId in the loadContext and in the " + "loadInfo are not the same!"); + + return NS_OK; +} + +nsresult NS_SetRequestBlockingReason(nsIChannel* channel, uint32_t reason) { + NS_ENSURE_ARG(channel); + + nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo(); + return NS_SetRequestBlockingReason(loadInfo, reason); +} + +nsresult NS_SetRequestBlockingReason(nsILoadInfo* loadInfo, uint32_t reason) { + NS_ENSURE_ARG(loadInfo); + + return loadInfo->SetRequestBlockingReason(reason); +} + +nsresult NS_SetRequestBlockingReasonIfNull(nsILoadInfo* loadInfo, + uint32_t reason) { + NS_ENSURE_ARG(loadInfo); + + uint32_t existingReason; + if (NS_SUCCEEDED(loadInfo->GetRequestBlockingReason(&existingReason)) && + existingReason != nsILoadInfo::BLOCKING_REASON_NONE) { + return NS_OK; + } + + return loadInfo->SetRequestBlockingReason(reason); +} + +bool NS_IsOffline() { + bool offline = true; + bool connectivity = true; + nsCOMPtr<nsIIOService> ios = do_GetIOService(); + if (ios) { + ios->GetOffline(&offline); + ios->GetConnectivity(&connectivity); + } + return offline || !connectivity; +} + +/** + * This function returns true if this channel should be classified by + * the URL Classifier, false otherwise. + * + * The idea of the algorithm to determine if a channel should be + * classified is based on: + * 1. Channels created by non-privileged code should be classified. + * 2. Top-level document’s channels, if loaded by privileged code + * (system principal), should be classified. + * 3. Any other channel, created by privileged code, is considered safe. + * + * A bad/hacked/corrupted safebrowsing database, plus a mistakenly + * classified critical channel (this may result from a bug in the exemption + * rules or incorrect information being passed into) can cause serious + * problems. For example, if the updater channel is classified and blocked + * by the Safe Browsing, Firefox can't update itself, and there is no way to + * recover from that. + * + * So two safeguards are added to ensure critical channels are never + * automatically classified either because there is a bug in the algorithm + * or the data in loadinfo is wrong. + * 1. beConservative, this is set by ServiceRequest and we treat + * channel created for ServiceRequest as critical channels. + * 2. nsIChannel::LOAD_BYPASS_URL_CLASSIFIER, channel's opener can use this + * flag to enforce bypassing the URL classifier check. + */ +bool NS_ShouldClassifyChannel(nsIChannel* aChannel) { + nsLoadFlags loadFlags; + Unused << aChannel->GetLoadFlags(&loadFlags); + // If our load flags dictate that we must let this channel through without + // URL classification, obey that here without performing more checks. + if (loadFlags & nsIChannel::LOAD_BYPASS_URL_CLASSIFIER) { + return false; + } + + nsCOMPtr<nsIHttpChannelInternal> httpChannel(do_QueryInterface(aChannel)); + if (httpChannel) { + bool beConservative; + nsresult rv = httpChannel->GetBeConservative(&beConservative); + + // beConservative flag, set by ServiceRequest to ensure channels that + // fetch update use conservative TLS setting, are used here to identify + // channels are critical to bypass classification. for channels don't + // support beConservative, continue to apply the exemption rules. + if (NS_SUCCEEDED(rv) && beConservative) { + return false; + } + } + + nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); + ExtContentPolicyType type = loadInfo->GetExternalContentPolicyType(); + // Skip classifying channel triggered by system unless it is a top-level + // load. + return !(loadInfo->TriggeringPrincipal()->IsSystemPrincipal() && + ExtContentPolicy::TYPE_DOCUMENT != type); +} + +namespace mozilla { +namespace net { + +bool InScriptableRange(int64_t val) { + return (val <= kJS_MAX_SAFE_INTEGER) && (val >= kJS_MIN_SAFE_INTEGER); +} + +bool InScriptableRange(uint64_t val) { return val <= kJS_MAX_SAFE_UINTEGER; } + +nsresult GetParameterHTTP(const nsACString& aHeaderVal, const char* aParamName, + nsAString& aResult) { + return nsMIMEHeaderParamImpl::GetParameterHTTP(aHeaderVal, aParamName, + aResult); +} + +bool ChannelIsPost(nsIChannel* aChannel) { + if (nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel)) { + nsAutoCString method; + Unused << httpChannel->GetRequestMethod(method); + return method.EqualsLiteral("POST"); + } + return false; +} + +bool SchemeIsHTTP(nsIURI* aURI) { + MOZ_ASSERT(aURI); + return aURI->SchemeIs("http"); +} + +bool SchemeIsHTTPS(nsIURI* aURI) { + MOZ_ASSERT(aURI); + return aURI->SchemeIs("https"); +} + +bool SchemeIsJavascript(nsIURI* aURI) { + MOZ_ASSERT(aURI); + return aURI->SchemeIs("javascript"); +} + +bool SchemeIsChrome(nsIURI* aURI) { + MOZ_ASSERT(aURI); + return aURI->SchemeIs("chrome"); +} + +bool SchemeIsAbout(nsIURI* aURI) { + MOZ_ASSERT(aURI); + return aURI->SchemeIs("about"); +} + +bool SchemeIsBlob(nsIURI* aURI) { + MOZ_ASSERT(aURI); + return aURI->SchemeIs("blob"); +} + +bool SchemeIsFile(nsIURI* aURI) { + MOZ_ASSERT(aURI); + return aURI->SchemeIs("file"); +} + +bool SchemeIsData(nsIURI* aURI) { + MOZ_ASSERT(aURI); + return aURI->SchemeIs("data"); +} + +bool SchemeIsViewSource(nsIURI* aURI) { + MOZ_ASSERT(aURI); + return aURI->SchemeIs("view-source"); +} + +bool SchemeIsResource(nsIURI* aURI) { + MOZ_ASSERT(aURI); + return aURI->SchemeIs("resource"); +} + +bool SchemeIsFTP(nsIURI* aURI) { + MOZ_ASSERT(aURI); + return aURI->SchemeIs("ftp"); +} + +bool SchemeIsSpecial(const nsACString& aScheme) { + // See https://url.spec.whatwg.org/#special-scheme + return aScheme.EqualsIgnoreCase("ftp") || aScheme.EqualsIgnoreCase("file") || + aScheme.EqualsIgnoreCase("http") || + aScheme.EqualsIgnoreCase("https") || aScheme.EqualsIgnoreCase("ws") || + aScheme.EqualsIgnoreCase("wss"); +} + +bool IsSchemeChangePermitted(nsIURI* aOldURI, const nsACString& newScheme) { + // See step 2.1 in https://url.spec.whatwg.org/#special-scheme + // Note: The spec text uses "buffer" instead of newScheme, and "url" + MOZ_ASSERT(aOldURI); + + nsAutoCString tmp; + nsresult rv = aOldURI->GetScheme(tmp); + // If url's scheme is a special scheme and buffer is not a + // special scheme, then return. + // If url's scheme is not a special scheme and buffer is a + // special scheme, then return. + if (NS_FAILED(rv) || SchemeIsSpecial(tmp) != SchemeIsSpecial(newScheme)) { + return false; + } + + // If url's scheme is "file" and its host is an empty host, then return. + if (aOldURI->SchemeIs("file")) { + rv = aOldURI->GetHost(tmp); + if (NS_FAILED(rv) || tmp.IsEmpty()) { + return false; + } + } + + // URL Spec: If url includes credentials or has a non-null port, and + // buffer is "file", then return. + if (newScheme.EqualsIgnoreCase("file")) { + bool hasUserPass; + if (NS_FAILED(aOldURI->GetHasUserPass(&hasUserPass)) || hasUserPass) { + return false; + } + int32_t port; + rv = aOldURI->GetPort(&port); + if (NS_FAILED(rv) || port != -1) { + return false; + } + } + + return true; +} + +already_AddRefed<nsIURI> TryChangeProtocol(nsIURI* aURI, + const nsAString& aProtocol) { + MOZ_ASSERT(aURI); + + nsAString::const_iterator start; + aProtocol.BeginReading(start); + + nsAString::const_iterator end; + aProtocol.EndReading(end); + + nsAString::const_iterator iter(start); + FindCharInReadable(':', iter, end); + + // Changing the protocol of a URL, changes the "nature" of the URI + // implementation. In order to do this properly, we have to serialize the + // existing URL and reparse it in a new object. + nsCOMPtr<nsIURI> clone; + nsresult rv = NS_MutateURI(aURI) + .SetScheme(NS_ConvertUTF16toUTF8(Substring(start, iter))) + .Finalize(clone); + if (NS_WARN_IF(NS_FAILED(rv))) { + return nullptr; + } + + if (StaticPrefs::network_url_strict_protocol_setter()) { + nsAutoCString newScheme; + rv = clone->GetScheme(newScheme); + if (NS_FAILED(rv) || !net::IsSchemeChangePermitted(aURI, newScheme)) { + nsAutoCString url; + Unused << clone->GetSpec(url); + AutoTArray<nsString, 2> params; + params.AppendElement(NS_ConvertUTF8toUTF16(url)); + params.AppendElement(NS_ConvertUTF8toUTF16(newScheme)); + nsContentUtils::ReportToConsole( + nsIScriptError::warningFlag, "Strict Url Protocol Setter"_ns, nullptr, + nsContentUtils::eNECKO_PROPERTIES, "StrictUrlProtocolSetter", params); + return nullptr; + } + } + + nsAutoCString href; + rv = clone->GetSpec(href); + if (NS_WARN_IF(NS_FAILED(rv))) { + return nullptr; + } + + RefPtr<nsIURI> uri; + rv = NS_NewURI(getter_AddRefs(uri), href); + if (NS_WARN_IF(NS_FAILED(rv))) { + return nullptr; + } + return uri.forget(); +} + +// Decode a parameter value using the encoding defined in RFC 5987 (in place) +// +// charset "'" [ language ] "'" value-chars +// +// returns true when decoding happened successfully (otherwise leaves +// passed value alone) +static bool Decode5987Format(nsAString& aEncoded) { + nsresult rv; + nsCOMPtr<nsIMIMEHeaderParam> mimehdrpar = + do_GetService(NS_MIMEHEADERPARAM_CONTRACTID, &rv); + if (NS_FAILED(rv)) return false; + + nsAutoCString asciiValue; + + const char16_t* encstart = aEncoded.BeginReading(); + const char16_t* encend = aEncoded.EndReading(); + + // create a plain ASCII string, aborting if we can't do that + // converted form is always shorter than input + while (encstart != encend) { + if (*encstart > 0 && *encstart < 128) { + asciiValue.Append((char)*encstart); + } else { + return false; + } + encstart++; + } + + nsAutoString decoded; + nsAutoCString language; + + rv = mimehdrpar->DecodeRFC5987Param(asciiValue, language, decoded); + if (NS_FAILED(rv)) return false; + + aEncoded = decoded; + return true; +} + +LinkHeader::LinkHeader() { mCrossOrigin.SetIsVoid(true); } + +void LinkHeader::Reset() { + mHref.Truncate(); + mRel.Truncate(); + mTitle.Truncate(); + mNonce.Truncate(); + mIntegrity.Truncate(); + mSrcset.Truncate(); + mSizes.Truncate(); + mType.Truncate(); + mMedia.Truncate(); + mAnchor.Truncate(); + mCrossOrigin.Truncate(); + mReferrerPolicy.Truncate(); + mAs.Truncate(); + mCrossOrigin.SetIsVoid(true); + mFetchPriority.Truncate(); +} + +nsresult LinkHeader::NewResolveHref(nsIURI** aOutURI, nsIURI* aBaseURI) const { + if (mAnchor.IsEmpty()) { + // use the base uri + return NS_NewURI(aOutURI, mHref, nullptr, aBaseURI); + } + + // compute the anchored URI + nsCOMPtr<nsIURI> anchoredURI; + nsresult rv = + NS_NewURI(getter_AddRefs(anchoredURI), mAnchor, nullptr, aBaseURI); + NS_ENSURE_SUCCESS(rv, rv); + + return NS_NewURI(aOutURI, mHref, nullptr, anchoredURI); +} + +bool LinkHeader::operator==(const LinkHeader& rhs) const { + return mHref == rhs.mHref && mRel == rhs.mRel && mTitle == rhs.mTitle && + mNonce == rhs.mNonce && mIntegrity == rhs.mIntegrity && + mSrcset == rhs.mSrcset && mSizes == rhs.mSizes && mType == rhs.mType && + mMedia == rhs.mMedia && mAnchor == rhs.mAnchor && + mCrossOrigin == rhs.mCrossOrigin && + mReferrerPolicy == rhs.mReferrerPolicy && mAs == rhs.mAs && + mFetchPriority == rhs.mFetchPriority; +} + +constexpr auto kTitleStar = "title*"_ns; + +nsTArray<LinkHeader> ParseLinkHeader(const nsAString& aLinkData) { + nsTArray<LinkHeader> linkHeaders; + + // keep track where we are within the header field + bool seenParameters = false; + + // parse link content and add to array + LinkHeader header; + nsAutoString titleStar; + + // copy to work buffer + nsAutoString stringList(aLinkData); + + // put an extra null at the end + stringList.Append(kNullCh); + + char16_t* start = stringList.BeginWriting(); + + while (*start != kNullCh) { + // parse link content and call process style link + + // skip leading space + while ((*start != kNullCh) && nsCRT::IsAsciiSpace(*start)) { + ++start; + } + + char16_t* end = start; + char16_t* last = end - 1; + + bool wasQuotedString = false; + + // look for semicolon or comma + while (*end != kNullCh && *end != kSemicolon && *end != kComma) { + char16_t ch = *end; + + if (ch == kQuote || ch == kLessThan) { + // quoted string + + char16_t quote = ch; + if (quote == kLessThan) { + quote = kGreaterThan; + } + + wasQuotedString = (ch == kQuote); + + char16_t* closeQuote = (end + 1); + + // seek closing quote + while (*closeQuote != kNullCh && quote != *closeQuote) { + // in quoted-string, "\" is an escape character + if (wasQuotedString && *closeQuote == kBackSlash && + *(closeQuote + 1) != kNullCh) { + ++closeQuote; + } + + ++closeQuote; + } + + if (quote == *closeQuote) { + // found closer + + // skip to close quote + end = closeQuote; + + last = end - 1; + + ch = *(end + 1); + + if (ch != kNullCh && ch != kSemicolon && ch != kComma) { + // end string here + *(++end) = kNullCh; + + ch = *(end + 1); + + // keep going until semi or comma + while (ch != kNullCh && ch != kSemicolon && ch != kComma) { + ++end; + + ch = *(end + 1); + } + } + } + } + + ++end; + ++last; + } + + char16_t endCh = *end; + + // end string here + *end = kNullCh; + + if (start < end) { + if ((*start == kLessThan) && (*last == kGreaterThan)) { + *last = kNullCh; + + // first instance of <...> wins + // also, do not allow hrefs after the first param was seen + if (header.mHref.IsEmpty() && !seenParameters) { + header.mHref = (start + 1); + header.mHref.StripWhitespace(); + } + } else { + char16_t* equals = start; + seenParameters = true; + + while ((*equals != kNullCh) && (*equals != kEqual)) { + equals++; + } + + const bool hadEquals = *equals != kNullCh; + *equals = kNullCh; + nsAutoString attr(start); + attr.StripWhitespace(); + + char16_t* value = hadEquals ? ++equals : equals; + while (nsCRT::IsAsciiSpace(*value)) { + value++; + } + + if ((*value == kQuote) && (*value == *last)) { + *last = kNullCh; + value++; + } + + if (wasQuotedString) { + // unescape in-place + char16_t* unescaped = value; + char16_t* src = value; + + while (*src != kNullCh) { + if (*src == kBackSlash && *(src + 1) != kNullCh) { + src++; + } + *unescaped++ = *src++; + } + + *unescaped = kNullCh; + } + + if (attr.LowerCaseEqualsASCII(kTitleStar.get())) { + if (titleStar.IsEmpty() && !wasQuotedString) { + // RFC 5987 encoding; uses token format only, so skip if we get + // here with a quoted-string + nsAutoString tmp; + tmp = value; + if (Decode5987Format(tmp)) { + titleStar = tmp; + titleStar.CompressWhitespace(); + } else { + // header value did not parse, throw it away + titleStar.Truncate(); + } + } + } else { + header.MaybeUpdateAttribute(attr, value); + } + } + } + + if (endCh == kComma) { + // hit a comma, process what we've got so far + + header.mHref.Trim(" \t\n\r\f"); // trim HTML5 whitespace + if (!header.mHref.IsEmpty() && !header.mRel.IsEmpty()) { + if (!titleStar.IsEmpty()) { + // prefer RFC 5987 variant over non-I18zed version + header.mTitle = titleStar; + } + linkHeaders.AppendElement(header); + } + + titleStar.Truncate(); + header.Reset(); + + seenParameters = false; + } + + start = ++end; + } + + header.mHref.Trim(" \t\n\r\f"); // trim HTML5 whitespace + if (!header.mHref.IsEmpty() && !header.mRel.IsEmpty()) { + if (!titleStar.IsEmpty()) { + // prefer RFC 5987 variant over non-I18zed version + header.mTitle = titleStar; + } + linkHeaders.AppendElement(header); + } + + return linkHeaders; +} + +void LinkHeader::MaybeUpdateAttribute(const nsAString& aAttribute, + const char16_t* aValue) { + MOZ_ASSERT(!aAttribute.LowerCaseEqualsASCII(kTitleStar.get())); + + if (aAttribute.LowerCaseEqualsLiteral("rel")) { + if (mRel.IsEmpty()) { + mRel = aValue; + mRel.CompressWhitespace(); + } + } else if (aAttribute.LowerCaseEqualsLiteral("title")) { + if (mTitle.IsEmpty()) { + mTitle = aValue; + mTitle.CompressWhitespace(); + } + } else if (aAttribute.LowerCaseEqualsLiteral("type")) { + if (mType.IsEmpty()) { + mType = aValue; + mType.StripWhitespace(); + } + } else if (aAttribute.LowerCaseEqualsLiteral("media")) { + if (mMedia.IsEmpty()) { + mMedia = aValue; + + // The HTML5 spec is formulated in terms of the CSS3 spec, + // which specifies that media queries are case insensitive. + nsContentUtils::ASCIIToLower(mMedia); + } + } else if (aAttribute.LowerCaseEqualsLiteral("anchor")) { + if (mAnchor.IsEmpty()) { + mAnchor = aValue; + mAnchor.StripWhitespace(); + } + } else if (aAttribute.LowerCaseEqualsLiteral("crossorigin")) { + if (mCrossOrigin.IsVoid()) { + mCrossOrigin.SetIsVoid(false); + mCrossOrigin = aValue; + mCrossOrigin.StripWhitespace(); + } + } else if (aAttribute.LowerCaseEqualsLiteral("as")) { + if (mAs.IsEmpty()) { + mAs = aValue; + mAs.CompressWhitespace(); + } + } else if (aAttribute.LowerCaseEqualsLiteral("referrerpolicy")) { + // https://html.spec.whatwg.org/multipage/urls-and-fetching.html#referrer-policy-attribute + // Specs says referrer policy attribute is an enumerated attribute, + // case insensitive and includes the empty string + // We will parse the aValue with AttributeReferrerPolicyFromString + // later, which will handle parsing it as an enumerated attribute. + if (mReferrerPolicy.IsEmpty()) { + mReferrerPolicy = aValue; + } + + } else if (aAttribute.LowerCaseEqualsLiteral("nonce")) { + if (mNonce.IsEmpty()) { + mNonce = aValue; + } + } else if (aAttribute.LowerCaseEqualsLiteral("integrity")) { + if (mIntegrity.IsEmpty()) { + mIntegrity = aValue; + } + } else if (aAttribute.LowerCaseEqualsLiteral("imagesrcset")) { + if (mSrcset.IsEmpty()) { + mSrcset = aValue; + } + } else if (aAttribute.LowerCaseEqualsLiteral("imagesizes")) { + if (mSizes.IsEmpty()) { + mSizes = aValue; + } + } else if (aAttribute.LowerCaseEqualsLiteral("fetchpriority")) { + if (mFetchPriority.IsEmpty()) { + LOG(("Update fetchPriority to \"%s\"", + NS_ConvertUTF16toUTF8(aValue).get())); + mFetchPriority = aValue; + } + } +} + +// We will use official mime-types from: +// https://www.iana.org/assignments/media-types/media-types.xhtml#font +// We do not support old deprecated mime-types for preload feature. +// (We currectly do not support font/collection) +static uint32_t StyleLinkElementFontMimeTypesNum = 5; +static const char* StyleLinkElementFontMimeTypes[] = { + "font/otf", "font/sfnt", "font/ttf", "font/woff", "font/woff2"}; + +bool IsFontMimeType(const nsAString& aType) { + if (aType.IsEmpty()) { + return true; + } + for (uint32_t i = 0; i < StyleLinkElementFontMimeTypesNum; i++) { + if (aType.EqualsASCII(StyleLinkElementFontMimeTypes[i])) { + return true; + } + } + return false; +} + +static const nsAttrValue::EnumTable kAsAttributeTable[] = { + {"", DESTINATION_INVALID}, {"audio", DESTINATION_AUDIO}, + {"font", DESTINATION_FONT}, {"image", DESTINATION_IMAGE}, + {"script", DESTINATION_SCRIPT}, {"style", DESTINATION_STYLE}, + {"track", DESTINATION_TRACK}, {"video", DESTINATION_VIDEO}, + {"fetch", DESTINATION_FETCH}, {nullptr, 0}}; + +void ParseAsValue(const nsAString& aValue, nsAttrValue& aResult) { + DebugOnly<bool> success = + aResult.ParseEnumValue(aValue, kAsAttributeTable, false, + // default value is a empty string + // if aValue is not a value we + // understand + &kAsAttributeTable[0]); + MOZ_ASSERT(success); +} + +nsContentPolicyType AsValueToContentPolicy(const nsAttrValue& aValue) { + switch (aValue.GetEnumValue()) { + case DESTINATION_INVALID: + return nsIContentPolicy::TYPE_INVALID; + case DESTINATION_AUDIO: + return nsIContentPolicy::TYPE_INTERNAL_AUDIO; + case DESTINATION_TRACK: + return nsIContentPolicy::TYPE_INTERNAL_TRACK; + case DESTINATION_VIDEO: + return nsIContentPolicy::TYPE_INTERNAL_VIDEO; + case DESTINATION_FONT: + return nsIContentPolicy::TYPE_FONT; + case DESTINATION_IMAGE: + return nsIContentPolicy::TYPE_IMAGE; + case DESTINATION_SCRIPT: + return nsIContentPolicy::TYPE_SCRIPT; + case DESTINATION_STYLE: + return nsIContentPolicy::TYPE_STYLESHEET; + case DESTINATION_FETCH: + return nsIContentPolicy::TYPE_INTERNAL_FETCH_PRELOAD; + } + return nsIContentPolicy::TYPE_INVALID; +} + +// TODO: implement this using nsAttrValue's destination enums when support for +// the new destinations is added; see this diff for a possible start: +// https://phabricator.services.mozilla.com/D172368?vs=705114&id=708720 +bool IsScriptLikeOrInvalid(const nsAString& aAs) { + return !( + aAs.LowerCaseEqualsASCII("fetch") || aAs.LowerCaseEqualsASCII("audio") || + aAs.LowerCaseEqualsASCII("document") || + aAs.LowerCaseEqualsASCII("embed") || aAs.LowerCaseEqualsASCII("font") || + aAs.LowerCaseEqualsASCII("frame") || aAs.LowerCaseEqualsASCII("iframe") || + aAs.LowerCaseEqualsASCII("image") || + aAs.LowerCaseEqualsASCII("manifest") || + aAs.LowerCaseEqualsASCII("object") || + aAs.LowerCaseEqualsASCII("report") || aAs.LowerCaseEqualsASCII("style") || + aAs.LowerCaseEqualsASCII("track") || aAs.LowerCaseEqualsASCII("video") || + aAs.LowerCaseEqualsASCII("webidentity") || + aAs.LowerCaseEqualsASCII("xslt")); +} + +bool CheckPreloadAttrs(const nsAttrValue& aAs, const nsAString& aType, + const nsAString& aMedia, + mozilla::dom::Document* aDocument) { + nsContentPolicyType policyType = AsValueToContentPolicy(aAs); + if (policyType == nsIContentPolicy::TYPE_INVALID) { + return false; + } + + // Check if media attribute is valid. + if (!aMedia.IsEmpty()) { + RefPtr<mozilla::dom::MediaList> mediaList = + mozilla::dom::MediaList::Create(NS_ConvertUTF16toUTF8(aMedia)); + if (!mediaList->Matches(*aDocument)) { + return false; + } + } + + if (aType.IsEmpty()) { + return true; + } + + if (policyType == nsIContentPolicy::TYPE_INTERNAL_FETCH_PRELOAD) { + return true; + } + + nsAutoString type(aType); + ToLowerCase(type); + if (policyType == nsIContentPolicy::TYPE_MEDIA) { + if (aAs.GetEnumValue() == DESTINATION_TRACK) { + return type.EqualsASCII("text/vtt"); + } + Maybe<MediaContainerType> mimeType = MakeMediaContainerType(aType); + if (!mimeType) { + return false; + } + DecoderDoctorDiagnostics diagnostics; + CanPlayStatus status = + DecoderTraits::CanHandleContainerType(*mimeType, &diagnostics); + // Preload if this return CANPLAY_YES and CANPLAY_MAYBE. + return status != CANPLAY_NO; + } + if (policyType == nsIContentPolicy::TYPE_FONT) { + return IsFontMimeType(type); + } + if (policyType == nsIContentPolicy::TYPE_IMAGE) { + return imgLoader::SupportImageWithMimeType( + NS_ConvertUTF16toUTF8(type), AcceptedMimeTypes::IMAGES_AND_DOCUMENTS); + } + if (policyType == nsIContentPolicy::TYPE_SCRIPT) { + return nsContentUtils::IsJavascriptMIMEType(type); + } + if (policyType == nsIContentPolicy::TYPE_STYLESHEET) { + return type.EqualsASCII("text/css"); + } + return false; +} + +void WarnIgnoredPreload(const mozilla::dom::Document& aDoc, nsIURI& aURI) { + AutoTArray<nsString, 1> params; + { + nsCString uri = nsContentUtils::TruncatedURLForDisplay(&aURI); + AppendUTF8toUTF16(uri, *params.AppendElement()); + } + nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, "DOM"_ns, &aDoc, + nsContentUtils::eDOM_PROPERTIES, + "PreloadIgnoredInvalidAttr", params); +} + +nsresult HasRootDomain(const nsACString& aInput, const nsACString& aHost, + bool* aResult) { + if (NS_WARN_IF(!aResult)) { + return NS_ERROR_FAILURE; + } + + *aResult = false; + + // If the strings are the same, we obviously have a match. + if (aInput == aHost) { + *aResult = true; + return NS_OK; + } + + // If aHost is not found, we know we do not have it as a root domain. + int32_t index = nsAutoCString(aInput).Find(aHost); + if (index == kNotFound) { + return NS_OK; + } + + // Otherwise, we have aHost as our root domain iff the index of aHost is + // aHost.length subtracted from our length and (since we do not have an + // exact match) the character before the index is a dot or slash. + *aResult = index > 0 && (uint32_t)index == aInput.Length() - aHost.Length() && + (aInput[index - 1] == '.' || aInput[index - 1] == '/'); + return NS_OK; +} + +void CheckForBrokenChromeURL(nsILoadInfo* aLoadInfo, nsIURI* aURI) { + if (!aURI) { + return; + } + nsAutoCString scheme; + aURI->GetScheme(scheme); + if (!scheme.EqualsLiteral("chrome") && !scheme.EqualsLiteral("resource")) { + return; + } + nsAutoCString host; + aURI->GetHost(host); + // Ignore test hits. + if (host.EqualsLiteral("mochitests") || host.EqualsLiteral("reftest")) { + return; + } + + nsAutoCString filePath; + aURI->GetFilePath(filePath); + // Fluent likes checking for files everywhere and expects failure. + if (StringEndsWith(filePath, ".ftl"_ns)) { + return; + } + + // Ignore fetches/xhrs, as they are frequently used in a way where + // non-existence is OK (ie with fallbacks). This risks false negatives (ie + // files that *should* be there but aren't) - which we accept for now. + ExtContentPolicy policy = aLoadInfo + ? aLoadInfo->GetExternalContentPolicyType() + : ExtContentPolicy::TYPE_OTHER; + if (policy == ExtContentPolicy::TYPE_FETCH || + policy == ExtContentPolicy::TYPE_XMLHTTPREQUEST) { + return; + } + + if (aLoadInfo) { + bool shouldSkipCheckForBrokenURLOrZeroSized; + MOZ_ALWAYS_SUCCEEDS(aLoadInfo->GetShouldSkipCheckForBrokenURLOrZeroSized( + &shouldSkipCheckForBrokenURLOrZeroSized)); + if (shouldSkipCheckForBrokenURLOrZeroSized) { + return; + } + } + + nsCString spec; + aURI->GetSpec(spec); + +#ifdef ANDROID + // Various toolkit files use this and are shipped on android, but + // info-pages.css and aboutLicense.css are not - bug 1808987 + if (StringEndsWith(spec, "info-pages.css"_ns) || + StringEndsWith(spec, "aboutLicense.css"_ns) || + // Error page CSS is also missing: bug 1810039 + StringEndsWith(spec, "aboutNetError.css"_ns) || + StringEndsWith(spec, "aboutHttpsOnlyError.css"_ns) || + StringEndsWith(spec, "error-pages.css"_ns) || + // popup.css is used in a single mochitest: bug 1810577 + StringEndsWith(spec, "/popup.css"_ns) || + // Used by an extension installation test - bug 1809650 + StringBeginsWith(spec, "resource://android/assets/web_extensions/"_ns)) { + return; + } +#endif + + // DTD files from gre may not exist when requested by tests. + if (StringBeginsWith(spec, "resource://gre/res/dtd/"_ns)) { + return; + } + + // The background task machinery allows the caller to specify a JSM on the + // command line, which is then looked up in both app-specific and toolkit-wide + // locations. + if (spec.Find("backgroundtasks") != kNotFound) { + return; + } + + if (xpc::IsInAutomation()) { +#ifdef DEBUG + if (NS_IsMainThread()) { + nsCOMPtr<nsIXPConnect> xpc = nsIXPConnect::XPConnect(); + Unused << xpc->DebugDumpJSStack(false, false, false); + } +#endif + MOZ_CRASH_UNSAFE_PRINTF("Missing chrome or resource URLs: %s", spec.get()); + } else { + printf_stderr("Missing chrome or resource URL: %s\n", spec.get()); + } +} + +bool IsCoepCredentiallessEnabled(bool aIsOriginTrialCoepCredentiallessEnabled) { + return StaticPrefs:: + browser_tabs_remote_coep_credentialless_DoNotUseDirectly() || + aIsOriginTrialCoepCredentiallessEnabled; +} + +} // namespace net +} // namespace mozilla |