1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef nsContentSecurityManager_h___
#define nsContentSecurityManager_h___
#include "mozilla/CORSMode.h"
#include "nsIContentSecurityManager.h"
#include "nsIChannel.h"
#include "nsIChannelEventSink.h"
#include "nsILoadInfo.h"
class nsILoadInfo;
class nsIStreamListener;
#define NS_CONTENTSECURITYMANAGER_CONTRACTID \
"@mozilla.org/contentsecuritymanager;1"
// cdcc1ab8-3cea-4e6c-a294-a651fa35227f
#define NS_CONTENTSECURITYMANAGER_CID \
{ \
0xcdcc1ab8, 0x3cea, 0x4e6c, { \
0xa2, 0x94, 0xa6, 0x51, 0xfa, 0x35, 0x22, 0x7f \
} \
}
class nsContentSecurityManager : public nsIContentSecurityManager,
public nsIChannelEventSink {
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICONTENTSECURITYMANAGER
NS_DECL_NSICHANNELEVENTSINK
nsContentSecurityManager() = default;
static nsresult doContentSecurityCheck(
nsIChannel* aChannel, nsCOMPtr<nsIStreamListener>& aInAndOutListener);
static bool AllowTopLevelNavigationToDataURI(nsIChannel* aChannel);
static bool AllowInsecureRedirectToDataURI(nsIChannel* aNewChannel);
static void MeasureUnexpectedPrivilegedLoads(nsILoadInfo* aLoadInfo,
nsIURI* aFinalURI,
const nsACString& aRemoteType);
enum CORSSecurityMapping {
// Disables all CORS checking overriding the value of aCORSMode. All checks
// are disabled even when CORSMode::CORS_ANONYMOUS or
// CORSMode::CORS_USE_CREDENTIALS is passed. This is mostly used for chrome
// code, where we don't need security checks. See
// SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL for the detailed explanation
// of the security mode.
DISABLE_CORS_CHECKS,
// Disables all CORS checking on CORSMode::CORS_NONE. The other two CORS
// modes CORSMode::CORS_ANONYMOUS and CORSMode::CORS_USE_CREDENTIALS are
// respected.
CORS_NONE_MAPS_TO_DISABLED_CORS_CHECKS,
// Allow load from any origin, but cross-origin requests require CORS. See
// SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT. Like above the other two
// CORS modes are unaffected and get parsed.
CORS_NONE_MAPS_TO_INHERITED_CONTEXT,
// Always require the server to acknowledge the request via CORS.
// CORSMode::CORS_NONE is parsed as if CORSMode::CORS_ANONYMOUS is passed.
REQUIRE_CORS_CHECKS,
};
// computes the security flags for the requested CORS mode
// @param aCORSSecurityMapping: See CORSSecurityMapping for variant
// descriptions
static nsSecurityFlags ComputeSecurityFlags(
mozilla::CORSMode aCORSMode, CORSSecurityMapping aCORSSecurityMapping);
static void GetSerializedOrigin(nsIPrincipal* aOrigin,
nsIPrincipal* aResourceOrigin,
nsACString& aResult, nsILoadInfo* aLoadInfo);
private:
static nsresult CheckChannel(nsIChannel* aChannel);
static nsresult CheckFTPSubresourceLoad(nsIChannel* aChannel);
static nsresult CheckAllowLoadInSystemPrivilegedContext(nsIChannel* aChannel);
static nsresult CheckAllowLoadInPrivilegedAboutContext(nsIChannel* aChannel);
static nsresult CheckChannelHasProtocolSecurityFlag(nsIChannel* aChannel);
static bool CrossOriginEmbedderPolicyAllowsCredentials(nsIChannel* aChannel);
virtual ~nsContentSecurityManager() = default;
};
#endif /* nsContentSecurityManager_h___ */
|