summaryrefslogtreecommitdiffstats
path: root/dom/security/nsContentSecurityManager.h
blob: 17d42e9676f0b42ef818a9d7afbb5ebb1a0e5a04 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsContentSecurityManager_h___
#define nsContentSecurityManager_h___

#include "mozilla/CORSMode.h"
#include "nsIContentSecurityManager.h"
#include "nsIChannel.h"
#include "nsIChannelEventSink.h"
#include "nsILoadInfo.h"

class nsILoadInfo;
class nsIStreamListener;

#define NS_CONTENTSECURITYMANAGER_CONTRACTID \
  "@mozilla.org/contentsecuritymanager;1"
// cdcc1ab8-3cea-4e6c-a294-a651fa35227f
#define NS_CONTENTSECURITYMANAGER_CID                \
  {                                                  \
    0xcdcc1ab8, 0x3cea, 0x4e6c, {                    \
      0xa2, 0x94, 0xa6, 0x51, 0xfa, 0x35, 0x22, 0x7f \
    }                                                \
  }

class nsContentSecurityManager : public nsIContentSecurityManager,
                                 public nsIChannelEventSink {
 public:
  NS_DECL_ISUPPORTS
  NS_DECL_NSICONTENTSECURITYMANAGER
  NS_DECL_NSICHANNELEVENTSINK

  nsContentSecurityManager() = default;

  static nsresult doContentSecurityCheck(
      nsIChannel* aChannel, nsCOMPtr<nsIStreamListener>& aInAndOutListener);

  static bool AllowTopLevelNavigationToDataURI(nsIChannel* aChannel);
  static void ReportBlockedDataURI(nsIURI* aURI, nsILoadInfo* aLoadInfo,
                                   bool aIsRedirect = false);
  static bool AllowInsecureRedirectToDataURI(nsIChannel* aNewChannel);
  static void MeasureUnexpectedPrivilegedLoads(nsILoadInfo* aLoadInfo,
                                               nsIURI* aFinalURI,
                                               const nsACString& aRemoteType);

  enum CORSSecurityMapping {
    // Disables all CORS checking overriding the value of aCORSMode. All checks
    // are disabled even when CORSMode::CORS_ANONYMOUS or
    // CORSMode::CORS_USE_CREDENTIALS is passed. This is mostly used for chrome
    // code, where we don't need security checks. See
    // SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL for the detailed explanation
    // of the security mode.
    DISABLE_CORS_CHECKS,
    // Disables all CORS checking on CORSMode::CORS_NONE. The other two CORS
    // modes CORSMode::CORS_ANONYMOUS and CORSMode::CORS_USE_CREDENTIALS are
    // respected.
    CORS_NONE_MAPS_TO_DISABLED_CORS_CHECKS,
    // Allow load from any origin, but cross-origin requests require CORS. See
    // SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT. Like above the other two
    // CORS modes are unaffected and get parsed.
    CORS_NONE_MAPS_TO_INHERITED_CONTEXT,
    // Always require the server to acknowledge the request via CORS.
    // CORSMode::CORS_NONE is parsed as if CORSMode::CORS_ANONYMOUS is passed.
    REQUIRE_CORS_CHECKS,
  };

  // computes the security flags for the requested CORS mode
  // @param aCORSSecurityMapping: See CORSSecurityMapping for variant
  // descriptions
  static nsSecurityFlags ComputeSecurityFlags(
      mozilla::CORSMode aCORSMode, CORSSecurityMapping aCORSSecurityMapping);

  static void GetSerializedOrigin(nsIPrincipal* aOrigin,
                                  nsIPrincipal* aResourceOrigin,
                                  nsACString& aResult, nsILoadInfo* aLoadInfo);

  // https://html.spec.whatwg.org/multipage/browsers.html#compatible-with-cross-origin-isolation
  static bool IsCompatibleWithCrossOriginIsolation(
      nsILoadInfo::CrossOriginEmbedderPolicy aPolicy);

 private:
  static nsresult CheckChannel(nsIChannel* aChannel);
  static nsresult CheckAllowLoadInSystemPrivilegedContext(nsIChannel* aChannel);
  static nsresult CheckAllowLoadInPrivilegedAboutContext(nsIChannel* aChannel);
  static nsresult CheckChannelHasProtocolSecurityFlag(nsIChannel* aChannel);
  static bool CrossOriginEmbedderPolicyAllowsCredentials(nsIChannel* aChannel);

  virtual ~nsContentSecurityManager() = default;
};

#endif /* nsContentSecurityManager_h___ */