diff options
Diffstat (limited to 'dom/security/nsContentSecurityManager.h')
-rw-r--r-- | dom/security/nsContentSecurityManager.h | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/dom/security/nsContentSecurityManager.h b/dom/security/nsContentSecurityManager.h new file mode 100644 index 0000000000..208b52d6e5 --- /dev/null +++ b/dom/security/nsContentSecurityManager.h @@ -0,0 +1,89 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsContentSecurityManager_h___ +#define nsContentSecurityManager_h___ + +#include "mozilla/CORSMode.h" +#include "nsIContentSecurityManager.h" +#include "nsIChannel.h" +#include "nsIChannelEventSink.h" +#include "nsILoadInfo.h" + +class nsILoadInfo; +class nsIStreamListener; + +#define NS_CONTENTSECURITYMANAGER_CONTRACTID \ + "@mozilla.org/contentsecuritymanager;1" +// cdcc1ab8-3cea-4e6c-a294-a651fa35227f +#define NS_CONTENTSECURITYMANAGER_CID \ + { \ + 0xcdcc1ab8, 0x3cea, 0x4e6c, { \ + 0xa2, 0x94, 0xa6, 0x51, 0xfa, 0x35, 0x22, 0x7f \ + } \ + } + +class nsContentSecurityManager : public nsIContentSecurityManager, + public nsIChannelEventSink { + public: + NS_DECL_ISUPPORTS + NS_DECL_NSICONTENTSECURITYMANAGER + NS_DECL_NSICHANNELEVENTSINK + + nsContentSecurityManager() = default; + + static nsresult doContentSecurityCheck( + nsIChannel* aChannel, nsCOMPtr<nsIStreamListener>& aInAndOutListener); + + static bool AllowTopLevelNavigationToDataURI(nsIChannel* aChannel); + static bool AllowInsecureRedirectToDataURI(nsIChannel* aNewChannel); + static void MeasureUnexpectedPrivilegedLoads(nsILoadInfo* aLoadInfo, + nsIURI* aFinalURI, + const nsACString& aRemoteType); + + enum CORSSecurityMapping { + // Disables all CORS checking overriding the value of aCORSMode. All checks + // are disabled even when CORSMode::CORS_ANONYMOUS or + // CORSMode::CORS_USE_CREDENTIALS is passed. This is mostly used for chrome + // code, where we don't need security checks. See + // SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL for the detailed explanation + // of the security mode. + DISABLE_CORS_CHECKS, + // Disables all CORS checking on CORSMode::CORS_NONE. The other two CORS + // modes CORSMode::CORS_ANONYMOUS and CORSMode::CORS_USE_CREDENTIALS are + // respected. + CORS_NONE_MAPS_TO_DISABLED_CORS_CHECKS, + // Allow load from any origin, but cross-origin requests require CORS. See + // SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT. Like above the other two + // CORS modes are unaffected and get parsed. + CORS_NONE_MAPS_TO_INHERITED_CONTEXT, + // Always require the server to acknowledge the request via CORS. + // CORSMode::CORS_NONE is parsed as if CORSMode::CORS_ANONYMOUS is passed. + REQUIRE_CORS_CHECKS, + }; + + // computes the security flags for the requested CORS mode + // @param aCORSSecurityMapping: See CORSSecurityMapping for variant + // descriptions + static nsSecurityFlags ComputeSecurityFlags( + mozilla::CORSMode aCORSMode, CORSSecurityMapping aCORSSecurityMapping); + + static void GetSerializedOrigin(nsIPrincipal* aOrigin, + nsIPrincipal* aResourceOrigin, + nsACString& aResult, nsILoadInfo* aLoadInfo); + + private: + static nsresult CheckChannel(nsIChannel* aChannel); + static nsresult CheckFTPSubresourceLoad(nsIChannel* aChannel); + static nsresult CheckAllowLoadInSystemPrivilegedContext(nsIChannel* aChannel); + static nsresult CheckAllowLoadInPrivilegedAboutContext(nsIChannel* aChannel); + static nsresult CheckChannelHasProtocolSecurityFlag(nsIChannel* aChannel); + static bool CrossOriginEmbedderPolicyAllowsCredentials(nsIChannel* aChannel); + + virtual ~nsContentSecurityManager() = default; +}; + +#endif /* nsContentSecurityManager_h___ */ |