summaryrefslogtreecommitdiffstats
path: root/dom/security/nsContentSecurityManager.h
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/nsContentSecurityManager.h')
-rw-r--r--dom/security/nsContentSecurityManager.h89
1 files changed, 89 insertions, 0 deletions
diff --git a/dom/security/nsContentSecurityManager.h b/dom/security/nsContentSecurityManager.h
new file mode 100644
index 0000000000..208b52d6e5
--- /dev/null
+++ b/dom/security/nsContentSecurityManager.h
@@ -0,0 +1,89 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsContentSecurityManager_h___
+#define nsContentSecurityManager_h___
+
+#include "mozilla/CORSMode.h"
+#include "nsIContentSecurityManager.h"
+#include "nsIChannel.h"
+#include "nsIChannelEventSink.h"
+#include "nsILoadInfo.h"
+
+class nsILoadInfo;
+class nsIStreamListener;
+
+#define NS_CONTENTSECURITYMANAGER_CONTRACTID \
+ "@mozilla.org/contentsecuritymanager;1"
+// cdcc1ab8-3cea-4e6c-a294-a651fa35227f
+#define NS_CONTENTSECURITYMANAGER_CID \
+ { \
+ 0xcdcc1ab8, 0x3cea, 0x4e6c, { \
+ 0xa2, 0x94, 0xa6, 0x51, 0xfa, 0x35, 0x22, 0x7f \
+ } \
+ }
+
+class nsContentSecurityManager : public nsIContentSecurityManager,
+ public nsIChannelEventSink {
+ public:
+ NS_DECL_ISUPPORTS
+ NS_DECL_NSICONTENTSECURITYMANAGER
+ NS_DECL_NSICHANNELEVENTSINK
+
+ nsContentSecurityManager() = default;
+
+ static nsresult doContentSecurityCheck(
+ nsIChannel* aChannel, nsCOMPtr<nsIStreamListener>& aInAndOutListener);
+
+ static bool AllowTopLevelNavigationToDataURI(nsIChannel* aChannel);
+ static bool AllowInsecureRedirectToDataURI(nsIChannel* aNewChannel);
+ static void MeasureUnexpectedPrivilegedLoads(nsILoadInfo* aLoadInfo,
+ nsIURI* aFinalURI,
+ const nsACString& aRemoteType);
+
+ enum CORSSecurityMapping {
+ // Disables all CORS checking overriding the value of aCORSMode. All checks
+ // are disabled even when CORSMode::CORS_ANONYMOUS or
+ // CORSMode::CORS_USE_CREDENTIALS is passed. This is mostly used for chrome
+ // code, where we don't need security checks. See
+ // SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL for the detailed explanation
+ // of the security mode.
+ DISABLE_CORS_CHECKS,
+ // Disables all CORS checking on CORSMode::CORS_NONE. The other two CORS
+ // modes CORSMode::CORS_ANONYMOUS and CORSMode::CORS_USE_CREDENTIALS are
+ // respected.
+ CORS_NONE_MAPS_TO_DISABLED_CORS_CHECKS,
+ // Allow load from any origin, but cross-origin requests require CORS. See
+ // SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT. Like above the other two
+ // CORS modes are unaffected and get parsed.
+ CORS_NONE_MAPS_TO_INHERITED_CONTEXT,
+ // Always require the server to acknowledge the request via CORS.
+ // CORSMode::CORS_NONE is parsed as if CORSMode::CORS_ANONYMOUS is passed.
+ REQUIRE_CORS_CHECKS,
+ };
+
+ // computes the security flags for the requested CORS mode
+ // @param aCORSSecurityMapping: See CORSSecurityMapping for variant
+ // descriptions
+ static nsSecurityFlags ComputeSecurityFlags(
+ mozilla::CORSMode aCORSMode, CORSSecurityMapping aCORSSecurityMapping);
+
+ static void GetSerializedOrigin(nsIPrincipal* aOrigin,
+ nsIPrincipal* aResourceOrigin,
+ nsACString& aResult, nsILoadInfo* aLoadInfo);
+
+ private:
+ static nsresult CheckChannel(nsIChannel* aChannel);
+ static nsresult CheckFTPSubresourceLoad(nsIChannel* aChannel);
+ static nsresult CheckAllowLoadInSystemPrivilegedContext(nsIChannel* aChannel);
+ static nsresult CheckAllowLoadInPrivilegedAboutContext(nsIChannel* aChannel);
+ static nsresult CheckChannelHasProtocolSecurityFlag(nsIChannel* aChannel);
+ static bool CrossOriginEmbedderPolicyAllowsCredentials(nsIChannel* aChannel);
+
+ virtual ~nsContentSecurityManager() = default;
+};
+
+#endif /* nsContentSecurityManager_h___ */