diff options
Diffstat (limited to 'dom/serviceworkers/ServiceWorkerUtils.cpp')
-rw-r--r-- | dom/serviceworkers/ServiceWorkerUtils.cpp | 217 |
1 files changed, 217 insertions, 0 deletions
diff --git a/dom/serviceworkers/ServiceWorkerUtils.cpp b/dom/serviceworkers/ServiceWorkerUtils.cpp new file mode 100644 index 0000000000..630d667c6e --- /dev/null +++ b/dom/serviceworkers/ServiceWorkerUtils.cpp @@ -0,0 +1,217 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "ServiceWorkerUtils.h" + +#include "mozilla/BasePrincipal.h" +#include "mozilla/ErrorResult.h" +#include "mozilla/Preferences.h" +#include "mozilla/StaticPrefs_dom.h" +#include "mozilla/StaticPrefs_extensions.h" +#include "mozilla/dom/BrowsingContext.h" +#include "mozilla/dom/ClientInfo.h" +#include "mozilla/dom/Navigator.h" +#include "mozilla/dom/ServiceWorkerGlobalScopeBinding.h" +#include "mozilla/dom/ServiceWorkerRegistrarTypes.h" +#include "nsCOMPtr.h" +#include "nsIPrincipal.h" +#include "nsIURL.h" +#include "nsPrintfCString.h" + +namespace mozilla::dom { + +static bool IsServiceWorkersTestingEnabledInWindow(JSObject* const aGlobal) { + if (const nsCOMPtr<nsPIDOMWindowInner> innerWindow = + Navigator::GetWindowFromGlobal(aGlobal)) { + if (auto* bc = innerWindow->GetBrowsingContext()) { + return bc->Top()->ServiceWorkersTestingEnabled(); + } + } + return false; +} + +static bool IsInPrivateBrowsing(JSContext* const aCx) { + if (const nsCOMPtr<nsIGlobalObject> global = xpc::CurrentNativeGlobal(aCx)) { + if (const nsCOMPtr<nsIPrincipal> principal = global->PrincipalOrNull()) { + return principal->GetPrivateBrowsingId() > 0; + } + } + return false; +} + +bool ServiceWorkersEnabled(JSContext* aCx, JSObject* aGlobal) { + MOZ_ASSERT(NS_IsMainThread()); + + if (!StaticPrefs::dom_serviceWorkers_enabled()) { + return false; + } + + // xpc::CurrentNativeGlobal below requires rooting + JS::Rooted<JSObject*> global(aCx, aGlobal); + + if (IsInPrivateBrowsing(aCx)) { + return false; + } + + // Allow a webextension principal to register a service worker script with + // a moz-extension url only if 'extensions.service_worker_register.allowed' + // is true. + if (!StaticPrefs::extensions_serviceWorkerRegister_allowed()) { + nsIPrincipal* principal = nsContentUtils::SubjectPrincipal(aCx); + if (principal && BasePrincipal::Cast(principal)->AddonPolicy()) { + return false; + } + } + + if (IsSecureContextOrObjectIsFromSecureContext(aCx, global)) { + return true; + } + + return StaticPrefs::dom_serviceWorkers_testing_enabled() || + IsServiceWorkersTestingEnabledInWindow(global); +} + +bool ServiceWorkerVisible(JSContext* aCx, JSObject* aGlobal) { + if (NS_IsMainThread()) { + // We want to expose ServiceWorker interface only when + // navigator.serviceWorker is available. Currently it may not be available + // with some reasons: + // 1. navigator.serviceWorker is not supported in workers. (bug 1131324) + return ServiceWorkersEnabled(aCx, aGlobal); + } + + // We are already in ServiceWorker and interfaces need to be exposed for e.g. + // globalThis.registration.serviceWorker. Note that navigator.serviceWorker + // is still not supported. (bug 1131324) + return IS_INSTANCE_OF(ServiceWorkerGlobalScope, aGlobal); +} + +bool ServiceWorkerRegistrationDataIsValid( + const ServiceWorkerRegistrationData& aData) { + return !aData.scope().IsEmpty() && !aData.currentWorkerURL().IsEmpty() && + !aData.cacheName().IsEmpty(); +} + +namespace { + +void CheckForSlashEscapedCharsInPath(nsIURI* aURI, const char* aURLDescription, + ErrorResult& aRv) { + MOZ_ASSERT(aURI); + + // A URL that can't be downcast to a standard URL is an invalid URL and should + // be treated as such and fail with SecurityError. + nsCOMPtr<nsIURL> url(do_QueryInterface(aURI)); + if (NS_WARN_IF(!url)) { + // This really should not happen, since the caller checks that we + // have an http: or https: URL! + aRv.ThrowInvalidStateError("http: or https: URL without a concept of path"); + return; + } + + nsAutoCString path; + nsresult rv = url->GetFilePath(path); + if (NS_WARN_IF(NS_FAILED(rv))) { + // Again, should not happen. + aRv.ThrowInvalidStateError("http: or https: URL without a concept of path"); + return; + } + + ToLowerCase(path); + if (path.Find("%2f") != kNotFound || path.Find("%5c") != kNotFound) { + nsPrintfCString err("%s contains %%2f or %%5c", aURLDescription); + aRv.ThrowTypeError(err); + } +} + +} // anonymous namespace + +void ServiceWorkerScopeAndScriptAreValid(const ClientInfo& aClientInfo, + nsIURI* aScopeURI, nsIURI* aScriptURI, + ErrorResult& aRv) { + MOZ_DIAGNOSTIC_ASSERT(aScopeURI); + MOZ_DIAGNOSTIC_ASSERT(aScriptURI); + + auto principalOrErr = aClientInfo.GetPrincipal(); + if (NS_WARN_IF(principalOrErr.isErr())) { + aRv.ThrowInvalidStateError("Can't make security decisions about Client"); + return; + } + + auto hasHTTPScheme = [](nsIURI* aURI) -> bool { + return aURI->SchemeIs("http") || aURI->SchemeIs("https"); + }; + auto hasMozExtScheme = [](nsIURI* aURI) -> bool { + return aURI->SchemeIs("moz-extension"); + }; + + nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap(); + + auto isExtension = !!BasePrincipal::Cast(principal)->AddonPolicy(); + auto hasValidURISchemes = !isExtension ? hasHTTPScheme : hasMozExtScheme; + + // https://w3c.github.io/ServiceWorker/#start-register-algorithm step 3. + if (!hasValidURISchemes(aScriptURI)) { + auto message = !isExtension + ? "Script URL's scheme is not 'http' or 'https'"_ns + : "Script URL's scheme is not 'moz-extension'"_ns; + aRv.ThrowTypeError(message); + return; + } + + // https://w3c.github.io/ServiceWorker/#start-register-algorithm step 4. + CheckForSlashEscapedCharsInPath(aScriptURI, "script URL", aRv); + if (NS_WARN_IF(aRv.Failed())) { + return; + } + + // https://w3c.github.io/ServiceWorker/#start-register-algorithm step 8. + if (!hasValidURISchemes(aScopeURI)) { + auto message = !isExtension + ? "Scope URL's scheme is not 'http' or 'https'"_ns + : "Scope URL's scheme is not 'moz-extension'"_ns; + aRv.ThrowTypeError(message); + return; + } + + // https://w3c.github.io/ServiceWorker/#start-register-algorithm step 9. + CheckForSlashEscapedCharsInPath(aScopeURI, "scope URL", aRv); + if (NS_WARN_IF(aRv.Failed())) { + return; + } + + // The refs should really be empty coming in here, but if someone + // injects bad data into IPC, who knows. So let's revalidate that. + nsAutoCString ref; + Unused << aScopeURI->GetRef(ref); + if (NS_WARN_IF(!ref.IsEmpty())) { + aRv.ThrowSecurityError("Non-empty fragment on scope URL"); + return; + } + + Unused << aScriptURI->GetRef(ref); + if (NS_WARN_IF(!ref.IsEmpty())) { + aRv.ThrowSecurityError("Non-empty fragment on script URL"); + return; + } + + // Unfortunately we don't seem to have an obvious window id here; in + // particular ClientInfo does not have one. + nsresult rv = principal->CheckMayLoadWithReporting( + aScopeURI, false /* allowIfInheritsPrincipal */, 0 /* innerWindowID */); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.ThrowSecurityError("Scope URL is not same-origin with Client"); + return; + } + + rv = principal->CheckMayLoadWithReporting( + aScriptURI, false /* allowIfInheritsPrincipal */, 0 /* innerWindowID */); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.ThrowSecurityError("Script URL is not same-origin with Client"); + return; + } +} + +} // namespace mozilla::dom |