nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity

Bug 1439713 - Change nsIContentPolicy shouldLoad to take an <uri, loadInfo> pair instead of the various args. r=bz

Browse source
This commit is contained in:
Christoph Kerschbaumer 2018-03-29 12:16:23 +02:00
parent 019a6a6581
commit a929955d1f
30 changed files with 368 additions and 396 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

17
docshell/base/nsDocShell.cpp
View file

@ -9547,16 +9547,19 @@ nsDocShell::InternalLoad(nsIURI* aURI,
rv = extraStr->SetData(msg);
NS_ENSURE_SUCCESS(rv, rv);
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(contentType,
aURI,
// This is a top-level load, so the loading
// principal is null.
nullptr,
// Ideally we should use the same loadinfo as within DoURILoad which
// should match this one when both are applicable.
nsCOMPtr<nsPIDOMWindowOuter> loadingWindow = mScriptGlobal->AsOuter();
nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
new LoadInfo(loadingWindow,
aTriggeringPrincipal,
requestingContext,
nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK);
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(aURI,
secCheckLoadInfo,
EmptyCString(), // mime guess
extraStr, // extra
&shouldLoad);
if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {

61
dom/base/nsContentPolicy.cpp
View file

@ -47,8 +47,6 @@ NS_NewContentPolicy(nsIContentPolicy **aResult)
nsContentPolicy::nsContentPolicy()
: mPolicies(NS_CONTENTPOLICY_CATEGORY)
, mMixedContentBlocker(do_GetService(NS_MIXEDCONTENTBLOCKER_CONTRACTID))
, mCSPService(do_GetService(CSPSERVICE_CONTRACTID))
{
}
@ -76,15 +74,20 @@ nsContentPolicy::~nsContentPolicy()
inline nsresult
nsContentPolicy::CheckPolicy(CPMethod policyMethod,
nsContentPolicyType contentType,
nsIURI *contentLocation,
nsIURI *requestingLocation,
nsISupports *requestingContext,
nsILoadInfo *loadInfo,
const nsACString &mimeType,
nsISupports *extra,
nsIPrincipal *requestPrincipal,
int16_t *decision)
{
nsContentPolicyType contentType = loadInfo->InternalContentPolicyType();
nsCOMPtr<nsISupports> requestingContext = loadInfo->GetLoadingContext();
nsCOMPtr<nsIPrincipal> requestPrincipal = loadInfo->TriggeringPrincipal();
nsCOMPtr<nsIURI> requestingLocation;
nsCOMPtr<nsIPrincipal> loadingPrincipal = loadInfo->LoadingPrincipal();
if (loadingPrincipal) {
loadingPrincipal->GetURI(getter_AddRefs(requestingLocation));
}
//sanity-check passed-through parameters
NS_PRECONDITION(decision, "Null out pointer");
WARN_IF_URI_UNINITIALIZED(contentLocation, "Request URI");
@ -147,15 +150,8 @@ nsContentPolicy::CheckPolicy(CPMethod policyMethod,
int32_t count = entries.Count();
for (int32_t i = 0; i < count; i++) {
/* check the appropriate policy */
// Send internal content policy type to CSP and mixed content blocker
nsContentPolicyType type = externalType;
if (mMixedContentBlocker == entries[i] || mCSPService == entries[i]) {
type = contentType;
}
rv = (entries[i]->*policyMethod)(type, contentLocation,
requestingLocation, requestingContext,
mimeType, extra, requestPrincipal,
decision);
rv = (entries[i]->*policyMethod)(contentLocation, loadInfo,
mimeType, decision);
if (NS_SUCCEEDED(rv) && NS_CP_REJECTED(*decision)) {
// If we are blocking an image, we have to let the
@ -182,6 +178,11 @@ nsContentPolicy::CheckPolicy(CPMethod policyMethod,
//logType must be a literal string constant
#define LOG_CHECK(logType) \
PR_BEGIN_MACRO \
nsCOMPtr<nsIURI> requestingLocation; \
nsCOMPtr<nsIPrincipal> loadingPrincipal = loadInfo->LoadingPrincipal(); \
if (loadingPrincipal) { \
loadingPrincipal->GetURI(getter_AddRefs(requestingLocation)); \
} \
/* skip all this nonsense if the call failed or logging is disabled */ \
if (NS_SUCCEEDED(rv) && MOZ_LOG_TEST(gConPolLog, LogLevel::Debug)) { \
const char *resultName; \
@ -202,42 +203,30 @@ nsContentPolicy::CheckPolicy(CPMethod policyMethod,
PR_END_MACRO
NS_IMETHODIMP
nsContentPolicy::ShouldLoad(uint32_t contentType,
nsIURI *contentLocation,
nsIURI *requestingLocation,
nsISupports *requestingContext,
nsContentPolicy::ShouldLoad(nsIURI *contentLocation,
nsILoadInfo *loadInfo,
const nsACString &mimeType,
nsISupports *extra,
nsIPrincipal *requestPrincipal,
int16_t *decision)
{
// ShouldProcess does not need a content location, but we do
NS_PRECONDITION(contentLocation, "Must provide request location");
nsresult rv = CheckPolicy(&nsIContentPolicy::ShouldLoad,
contentType,
contentLocation, requestingLocation,
requestingContext, mimeType, extra,
requestPrincipal, decision);
contentLocation, loadInfo,
mimeType, decision);
LOG_CHECK("ShouldLoad");
return rv;
}
NS_IMETHODIMP
nsContentPolicy::ShouldProcess(uint32_t contentType,
nsIURI *contentLocation,
nsIURI *requestingLocation,
nsISupports *requestingContext,
nsContentPolicy::ShouldProcess(nsIURI *contentLocation,
nsILoadInfo *loadInfo,
const nsACString &mimeType,
nsISupports *extra,
nsIPrincipal *requestPrincipal,
int16_t *decision)
{
nsresult rv = CheckPolicy(&nsIContentPolicy::ShouldProcess,
contentType,
contentLocation, requestingLocation,
requestingContext, mimeType, extra,
requestPrincipal, decision);
contentLocation, loadInfo,
mimeType, decision);
LOG_CHECK("ShouldProcess");
return rv;

11
dom/base/nsContentPolicy.h
View file

@ -29,20 +29,15 @@ class nsContentPolicy : public nsIContentPolicy
//Array of policies
nsCategoryCache<nsIContentPolicy> mPolicies;
nsCOMPtr<nsIContentPolicy> mMixedContentBlocker;
nsCOMPtr<nsIContentPolicy> mCSPService;
//Helper type for CheckPolicy
typedef decltype(&nsIContentPolicy::ShouldProcess) CPMethod;
//Helper method that applies policyMethod across all policies in mPolicies
// with the given parameters
nsresult CheckPolicy(CPMethod policyMethod,
nsContentPolicyType contentType,
nsIURI *aURI, nsIURI *origURI,
nsISupports *requestingContext,
const nsACString &mimeGuess, nsISupports *extra,
nsIPrincipal *requestPrincipal,
nsIURI *aURI,
nsILoadInfo *aLoadInfo,
const nsACString &mimeGuess,
int16_t *decision);
};

47
dom/base/nsContentPolicyUtils.h
View file

@ -150,17 +150,13 @@ NS_CP_ContentTypeName(uint32_t contentType)
if (!policy) \
return NS_ERROR_FAILURE; \
\
return policy-> action (contentType, contentLocation, requestOrigin, \
context, mimeType, extra, triggeringPrincipal, \
decision); \
return policy-> action (contentLocation, loadInfo, mimeType, decision); \
PR_END_MACRO
/* Passes on parameters from its "caller"'s context. */
#define CHECK_CONTENT_POLICY_WITH_SERVICE(action, _policy) \
PR_BEGIN_MACRO \
return _policy-> action (contentType, contentLocation, requestOrigin, \
context, mimeType, extra, triggeringPrincipal, \
decision); \
return _policy-> action (contentLocation, loadInfo, mimeType, decision); \
PR_END_MACRO
/**
@ -193,12 +189,8 @@ NS_CP_ContentTypeName(uint32_t contentType)
do_GetService( \
"@mozilla.org/data-document-content-policy;1"); \
if (dataPolicy) { \
nsContentPolicyType externalType = \
nsContentUtils::InternalContentPolicyTypeToExternal(contentType); \
dataPolicy-> action (externalType, contentLocation, \
requestOrigin, context, \
mimeType, extra, \
triggeringPrincipal, decision); \
dataPolicy-> action (contentLocation, loadInfo, \
mimeType, decision); \
} \
} \
} \
@ -220,16 +212,15 @@ NS_CP_ContentTypeName(uint32_t contentType)
* origin URI will be passed).
*/
inline nsresult
NS_CheckContentLoadPolicy(uint32_t contentType,
nsIURI *contentLocation,
nsIPrincipal *loadingPrincipal,
nsIPrincipal *triggeringPrincipal,
nsISupports *context,
NS_CheckContentLoadPolicy(nsIURI *contentLocation,
nsILoadInfo *loadInfo,
const nsACString &mimeType,
nsISupports *extra,
int16_t *decision,
nsIContentPolicy *policyService = nullptr)
{
nsIPrincipal* loadingPrincipal = loadInfo->LoadingPrincipal();
nsCOMPtr<nsISupports> context = loadInfo->GetLoadingContext();
nsContentPolicyType contentType = loadInfo->InternalContentPolicyType();
CHECK_PRINCIPAL_AND_DATA(ShouldLoad);
if (policyService) {
CHECK_CONTENT_POLICY_WITH_SERVICE(ShouldLoad, policyService);
@ -238,26 +229,18 @@ NS_CheckContentLoadPolicy(uint32_t contentType,
}
/**
* Alias for calling ShouldProcess on the content policy service. Parameters
* are the same as nsIContentPolicy::shouldLoad, except for the and
* triggeringPrincipal parameters (which should be non-null if possible, and
* have the same semantics as in nsLoadInfo), and the last parameter, which
* can be used to pass in a pointer to a useful service if the caller already
* has it. The origin URI to pass to shouldLoad will be the URI of
* loadingPrincipal, unless loadingPrincipal is null (in which case a null
* origin URI will be passed).
* Alias for calling ShouldProcess on the content policy service.
*/
inline nsresult
NS_CheckContentProcessPolicy(uint32_t contentType,
nsIURI *contentLocation,
nsIPrincipal *loadingPrincipal,
nsIPrincipal *triggeringPrincipal,
nsISupports *context,
NS_CheckContentProcessPolicy(nsIURI *contentLocation,
nsILoadInfo *loadInfo,
const nsACString &mimeType,
nsISupports *extra,
int16_t *decision,
nsIContentPolicy *policyService = nullptr)
{
nsIPrincipal* loadingPrincipal = loadInfo->LoadingPrincipal();
nsCOMPtr<nsISupports> context = loadInfo->GetLoadingContext();
nsContentPolicyType contentType = loadInfo->InternalContentPolicyType();
CHECK_PRINCIPAL_AND_DATA(ShouldProcess);
if (policyService) {
CHECK_CONTENT_POLICY_WITH_SERVICE(ShouldProcess, policyService);

16
dom/base/nsContentUtils.cpp
View file

@ -3450,7 +3450,7 @@ nsContentUtils::GetContextForContent(const nsIContent* aContent)
// static
bool
nsContentUtils::CanLoadImage(nsIURI* aURI, nsISupports* aContext,
nsContentUtils::CanLoadImage(nsIURI* aURI, nsINode* aNode,
nsIDocument* aLoadingDocument,
nsIPrincipal* aLoadingPrincipal,
int16_t* aImageBlockingStatus,
@ -3495,15 +3495,17 @@ nsContentUtils::CanLoadImage(nsIURI* aURI, nsISupports* aContext,
}
}
nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
new LoadInfo(aLoadingPrincipal,
aLoadingPrincipal, // triggering principal
aNode,
nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
aContentType);
int16_t decision = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(aContentType,
aURI,
aLoadingPrincipal,
aLoadingPrincipal, // triggering principal
aContext,
rv = NS_CheckContentLoadPolicy(aURI, secCheckLoadInfo,
EmptyCString(), //mime guess
nullptr, //extra
&decision,
GetContentPolicy());

4
dom/base/nsContentUtils.h
View file

@ -807,7 +807,7 @@ public:
* Method to do security and content policy checks on the image URI
*
* @param aURI uri of the image to be loaded
* @param aContext the context the image is loaded in (eg an element)
* @param aNode, the context the image is loaded in (eg an element)
* @param aLoadingDocument the document we belong to
* @param aLoadingPrincipal the principal doing the load
* @param [aContentPolicyType=nsIContentPolicy::TYPE_INTERNAL_IMAGE] (Optional)
@ -822,7 +822,7 @@ public:
* false is returned.
*/
static bool CanLoadImage(nsIURI* aURI,
nsISupports* aContext,
nsINode* aNode,
nsIDocument* aLoadingDocument,
nsIPrincipal* aLoadingPrincipal,
int16_t* aImageBlockingStatus = nullptr,

23
dom/base/nsDataDocumentContentPolicy.cpp
View file

@ -37,15 +37,14 @@ HasFlags(nsIURI* aURI, uint32_t aURIFlags)
// CHECK_PRINCIPAL_AND_DATA in nsContentPolicyUtils is still valid.
// nsContentPolicyUtils may not pass all the parameters to ShouldLoad.
NS_IMETHODIMP
nsDataDocumentContentPolicy::ShouldLoad(uint32_t aContentType,
nsIURI *aContentLocation,
nsIURI *aRequestingLocation,
nsISupports *aRequestingContext,
nsDataDocumentContentPolicy::ShouldLoad(nsIURI *aContentLocation,
nsILoadInfo* aLoadInfo,
const nsACString &aMimeGuess,
nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
int16_t *aDecision)
{
uint32_t aContentType = aLoadInfo->GetExternalContentPolicyType();
nsCOMPtr<nsISupports> aRequestingContext = aLoadInfo->GetLoadingContext();
MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
"We should only see external content policy types here.");
@ -145,16 +144,10 @@ nsDataDocumentContentPolicy::ShouldLoad(uint32_t aContentType,
}
NS_IMETHODIMP
nsDataDocumentContentPolicy::ShouldProcess(uint32_t aContentType,
nsIURI *aContentLocation,
nsIURI *aRequestingLocation,
nsISupports *aRequestingContext,
nsDataDocumentContentPolicy::ShouldProcess(nsIURI *aContentLocation,
nsILoadInfo *aLoadInfo,
const nsACString &aMimeGuess,
nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
int16_t *aDecision)
{
return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
aDecision);
return ShouldLoad(aContentLocation, aLoadInfo, aMimeGuess, aDecision);
}

66
dom/base/nsIContentPolicy.idl
View file

@ -7,8 +7,7 @@
#include "nsISupports.idl"
interface nsIURI;
interface nsIDOMNode;
interface nsIPrincipal;
interface nsILoadInfo;
/**
* The type of nsIContentPolicy::TYPE_*
@ -397,24 +396,10 @@ interface nsIContentPolicy : nsISupports
* ShouldLoad will be called before loading the resource at aContentLocation
* to determine whether to start the load at all.
*
* @param aContentType the type of content being tested. This will be one
* one of the TYPE_* constants.
*
* @param aContentLocation the location of the content being checked; must
* not be null
*
* @param aRequestOrigin OPTIONAL. the location of the resource that
* that is loading the request. This will generally
* be the URI of the loading principal for the
* resulting request (as determined by its
* LoadInfo), but may vary depending on the
* caller. Can be null if inapplicable.
*
* @param aContext OPTIONAL. the nsIDOMNode or nsIDOMWindow that
* initiated the request, or something that can QI
* to one of those; can be null if inapplicable.
* Note that for navigation events (new windows and
* link clicks), this is the NEW window.
* @param aLoadInfo the loadinfo of the channel being evaluated.
*
* @param aMimeTypeGuess OPTIONAL. a guess for the requested content's
* MIME type, based on information available to
@ -422,19 +407,6 @@ interface nsIContentPolicy : nsISupports
* attribute); does not reliably reflect the
* actual MIME type of the requested content
*
* @param aExtra an OPTIONAL argument, pass-through for non-Gecko
* callers to pass extra data to callees.
*
* @param aRequestPrincipal an OPTIONAL argument, defines the principal that
* caused the load. This is optional only for
* non-gecko code: all gecko code should set this
* argument. This should generally be the same as
* the triggering principal for the resulting
* request (as determined by its LoadInfo), but may
* vary depending on the caller. Sometimes it will
* be the loading principal or final channel
* principal instead.
*
* @return ACCEPT or REJECT_*
*
* @note shouldLoad can be called while the DOM and layout of the document
@ -454,13 +426,9 @@ interface nsIContentPolicy : nsISupports
* up, content showing up doubled, etc. If you need to do any of the things
* above, do them off timeout or event.
*/
short shouldLoad(in nsContentPolicyType aContentType,
in nsIURI aContentLocation,
in nsIURI aRequestOrigin,
in nsISupports aContext,
in ACString aMimeTypeGuess,
in nsISupports aExtra,
[optional] in nsIPrincipal aRequestPrincipal);
short shouldLoad(in nsIURI aContentLocation,
in nsILoadInfo aLoadInfo,
in ACString aMimeTypeGuess);
/**
* Should the resource be processed?
@ -468,40 +436,24 @@ interface nsIContentPolicy : nsISupports
* been determined about the resource, typically after part of the resource
* has been loaded.
*
* @param aContentType the type of content being tested. This will be one
* one of the TYPE_* constants.
*
* @param aContentLocation OPTIONAL; the location of the resource being
* requested: MAY be, e.g., a post-redirection URI
* for the resource.
*
* @param aRequestOrigin OPTIONAL. the location of the resource that
* initiated this load request; can be null if
* inapplicable
*
* @param aContext OPTIONAL. the nsIDOMNode or nsIDOMWindow that
* initiated the request, or something that can QI
* to one of those; can be null if inapplicable.
* @param aLoadInfo the loadinfo of the channel being evaluated.
*
* @param aMimeType the MIME type of the requested resource (e.g.,
* image/png), as reported by the networking library,
* if available (may be empty if inappropriate for
* the type, e.g., TYPE_REFRESH).
*
* @param aExtra an OPTIONAL argument, pass-through for non-Gecko
* callers to pass extra data to callees.
*
* @return ACCEPT or REJECT_*
*
* @note shouldProcess can be called while the DOM and layout of the document
* involved is in an inconsistent state. See the note on shouldLoad to see
* what this means for implementors of this method.
*/
short shouldProcess(in nsContentPolicyType aContentType,
in nsIURI aContentLocation,
in nsIURI aRequestOrigin,
in nsISupports aContext,
in ACString aMimeType,
in nsISupports aExtra,
[optional] in nsIPrincipal aRequestPrincipal);
short shouldProcess(in nsIURI aContentLocation,
in nsILoadInfo aLoadInfo,
in ACString aMimeType);
};

22
dom/base/nsNoDataProtocolContentPolicy.cpp
View file

@ -23,15 +23,13 @@
NS_IMPL_ISUPPORTS(nsNoDataProtocolContentPolicy, nsIContentPolicy)
NS_IMETHODIMP
nsNoDataProtocolContentPolicy::ShouldLoad(uint32_t aContentType,
nsIURI *aContentLocation,
nsIURI *aRequestingLocation,
nsISupports *aRequestingContext,
nsNoDataProtocolContentPolicy::ShouldLoad(nsIURI *aContentLocation,
nsILoadInfo *aLoadInfo,
const nsACString &aMimeGuess,
nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
int16_t *aDecision)
{
uint32_t aContentType = aLoadInfo->GetExternalContentPolicyType();
MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
"We should only see external content policy types here.");
@ -71,16 +69,10 @@ nsNoDataProtocolContentPolicy::ShouldLoad(uint32_t aContentType,
}
NS_IMETHODIMP
nsNoDataProtocolContentPolicy::ShouldProcess(uint32_t aContentType,
nsIURI *aContentLocation,
nsIURI *aRequestingLocation,
nsISupports *aRequestingContext,
nsNoDataProtocolContentPolicy::ShouldProcess(nsIURI *aContentLocation,
nsILoadInfo* aLoadInfo,
const nsACString &aMimeGuess,
nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
int16_t *aDecision)
{
return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
aDecision);
return ShouldLoad(aContentLocation, aLoadInfo, aMimeGuess, aDecision);
}

29
dom/base/nsObjectLoadingContent.cpp
View file

@ -92,6 +92,7 @@
#include "mozilla/dom/HTMLObjectElementBinding.h"
#include "mozilla/dom/HTMLEmbedElement.h"
#include "mozilla/dom/HTMLObjectElement.h"
#include "mozilla/LoadInfo.h"
#include "nsChannelClassifier.h"
#include "nsFocusManager.h"
@ -1463,14 +1464,17 @@ nsObjectLoadingContent::CheckLoadPolicy(int16_t *aContentPolicy)
nsContentPolicyType contentPolicyType = GetContentPolicyType();
*aContentPolicy = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentLoadPolicy(contentPolicyType,
mURI,
doc->NodePrincipal(), // loading principal
nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
new LoadInfo(doc->NodePrincipal(), // loading principal
doc->NodePrincipal(), // triggering principal
thisContent,
nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
contentPolicyType);
*aContentPolicy = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentLoadPolicy(mURI,
secCheckLoadInfo,
mContentType,
nullptr, //extra
aContentPolicy,
nsContentUtils::GetContentPolicy());
NS_ENSURE_SUCCESS(rv, false);
@ -1516,15 +1520,18 @@ nsObjectLoadingContent::CheckProcessPolicy(int16_t *aContentPolicy)
return false;
}
nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
new LoadInfo(doc->NodePrincipal(), // loading principal
doc->NodePrincipal(), // triggering principal
thisContent,
nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
objectType);
*aContentPolicy = nsIContentPolicy::ACCEPT;
nsresult rv =
NS_CheckContentProcessPolicy(objectType,
mURI ? mURI : mBaseURI,
doc->NodePrincipal(), // loading principal
doc->NodePrincipal(), // triggering principal
static_cast<nsIImageLoadingContent*>(this),
NS_CheckContentProcessPolicy(mURI ? mURI : mBaseURI,
secCheckLoadInfo,
mContentType,
nullptr, //extra
aContentPolicy,
nsContentUtils::GetContentPolicy());
NS_ENSURE_SUCCESS(rv, false);

30
dom/html/ImageDocument.cpp
View file

@ -94,22 +94,30 @@ ImageListener::OnStartRequest(nsIRequest* request, nsISupports *ctxt)
nsAutoCString mimeType;
channel->GetContentType(mimeType);
nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
nsCOMPtr<nsIPrincipal> channelPrincipal;
if (secMan) {
secMan->GetChannelResultPrincipal(channel, getter_AddRefs(channelPrincipal));
nsCOMPtr<nsILoadInfo> loadInfo = channel->GetLoadInfo();
// query the corresponding arguments for the channel loadinfo and pass
// it on to the temporary loadinfo used for content policy checks.
nsCOMPtr<nsINode> requestingNode = domWindow->GetFrameElementInternal();
nsCOMPtr<nsIPrincipal> loadingPrincipal;
if (requestingNode) {
loadingPrincipal = requestingNode->NodePrincipal();
}
else {
nsContentUtils::GetSecurityManager()->
GetChannelResultPrincipal(channel, getter_AddRefs(loadingPrincipal));
}
nsCOMPtr<nsILoadInfo> loadInfo = channel->GetLoadInfo();
nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
new net::LoadInfo(loadingPrincipal,
loadInfo ? loadInfo->TriggeringPrincipal() : nullptr,
requestingNode,
nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
nsIContentPolicy::TYPE_INTERNAL_IMAGE);
int16_t decision = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentProcessPolicy(nsIContentPolicy::TYPE_INTERNAL_IMAGE,
channelURI,
channelPrincipal,
loadInfo ? loadInfo->TriggeringPrincipal() : nullptr,
domWindow->GetFrameElementInternal(),
nsresult rv = NS_CheckContentProcessPolicy(channelURI,
secCheckLoadInfo,
mimeType,
nullptr,
&decision,
nsContentUtils::GetContentPolicy());

20
dom/plugins/base/nsPluginStreamListenerPeer.cpp
View file

@ -173,26 +173,12 @@ nsPluginStreamListenerPeer::OnStartRequest(nsIRequest *request,
return rv;
// Check ShouldProcess with content policy
RefPtr<nsPluginInstanceOwner> owner;
if (mPluginInstance) {
owner = mPluginInstance->GetOwner();
}
nsCOMPtr<nsIDOMElement> element;
nsCOMPtr<nsIDocument> doc;
if (owner) {
owner->GetDOMElement(getter_AddRefs(element));
owner->GetDocument(getter_AddRefs(doc));
}
nsCOMPtr<nsIPrincipal> principal = doc ? doc->NodePrincipal() : nullptr;
nsCOMPtr<nsILoadInfo> loadInfo = channel->GetLoadInfo();
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentProcessPolicy(nsIContentPolicy::TYPE_OBJECT_SUBREQUEST,
mURL,
principal, // loading principal
principal, // triggering principal
element,
rv = NS_CheckContentProcessPolicy(mURL,
loadInfo,
contentType,
nullptr,
&shouldLoad);
if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
mRequestFailed = true;

16
dom/script/ScriptLoader.cpp
View file

@ -54,6 +54,7 @@
#include "nsContentTypeParser.h"
#include "nsINetworkPredictor.h"
#include "mozilla/ConsoleReportCollector.h"
#include "mozilla/LoadInfo.h"
#include "mozilla/AsyncEventDispatcher.h"
#include "mozilla/Attributes.h"
@ -320,14 +321,17 @@ ScriptLoader::CheckContentPolicy(nsIDocument* aDocument,
? nsIContentPolicy::TYPE_INTERNAL_SCRIPT_PRELOAD
: nsIContentPolicy::TYPE_INTERNAL_SCRIPT;
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentLoadPolicy(contentPolicyType,
aURI,
aDocument->NodePrincipal(), // loading principal
nsCOMPtr<nsINode> requestingNode = do_QueryInterface(aContext);
nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
new net::LoadInfo(aDocument->NodePrincipal(), // loading principal
aDocument->NodePrincipal(), // triggering principal
aContext,
requestingNode,
nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
contentPolicyType);
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentLoadPolicy(aURI, secCheckLoadInfo,
NS_LossyConvertUTF16toASCII(aType),
nullptr, //extra
&shouldLoad,
nsContentUtils::GetContentPolicy());
if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {

34
dom/security/nsCSPService.cpp
View file

@ -120,19 +120,24 @@ subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) {
/* nsIContentPolicy implementation */
NS_IMETHODIMP
CSPService::ShouldLoad(uint32_t aContentType,
nsIURI *aContentLocation,
nsIURI *aRequestOrigin,
nsISupports *aRequestContext,
CSPService::ShouldLoad(nsIURI *aContentLocation,
nsILoadInfo* aLoadInfo,
const nsACString &aMimeTypeGuess,
nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
int16_t *aDecision)
{
if (!aContentLocation) {
return NS_ERROR_FAILURE;
}
uint32_t aContentType = aLoadInfo->InternalContentPolicyType();
nsCOMPtr<nsISupports> aRequestContext = aLoadInfo->GetLoadingContext();
nsCOMPtr<nsIPrincipal> aRequestPrincipal = aLoadInfo->TriggeringPrincipal();
nsCOMPtr<nsIURI> aRequestOrigin;
nsCOMPtr<nsIPrincipal> loadingPrincipal = aLoadInfo->LoadingPrincipal();
if (loadingPrincipal) {
loadingPrincipal->GetURI(getter_AddRefs(aRequestOrigin));
}
if (MOZ_LOG_TEST(gCspPRLog, LogLevel::Debug)) {
MOZ_LOG(gCspPRLog, LogLevel::Debug,
("CSPService::ShouldLoad called for %s",
@ -218,18 +223,15 @@ CSPService::ShouldLoad(uint32_t aContentType,
}
NS_IMETHODIMP
CSPService::ShouldProcess(uint32_t aContentType,
nsIURI *aContentLocation,
nsIURI *aRequestOrigin,
nsISupports *aRequestContext,
CSPService::ShouldProcess(nsIURI *aContentLocation,
nsILoadInfo* aLoadInfo,
const nsACString &aMimeTypeGuess,
nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
int16_t *aDecision)
{
if (!aContentLocation) {
return NS_ERROR_FAILURE;
}
uint32_t aContentType = aLoadInfo->InternalContentPolicyType();
if (MOZ_LOG_TEST(gCspPRLog, LogLevel::Debug)) {
MOZ_LOG(gCspPRLog, LogLevel::Debug,
@ -250,13 +252,9 @@ CSPService::ShouldProcess(uint32_t aContentType,
return NS_OK;
}
return ShouldLoad(aContentType,
aContentLocation,
aRequestOrigin,
aRequestContext,
return ShouldLoad(aContentLocation,
aLoadInfo,
aMimeTypeGuess,
aExtra,
aRequestPrincipal,
aDecision);
}

47
dom/security/nsContentSecurityManager.cpp
View file

@ -164,6 +164,10 @@ ValidateSecurityFlags(nsILoadInfo* aLoadInfo)
{
nsSecurityFlags securityMode = aLoadInfo->GetSecurityMode();
// We should never perform a security check on a loadInfo that uses the flag
// SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK, because that is only used for temporary
// loadInfos used for explicit nsIContentPolicy checks, but never be set as
// a security flag on an actual channel.
if (securityMode != nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS &&
securityMode != nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED &&
securityMode != nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS &&
@ -306,7 +310,6 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
nsContentPolicyType internalContentPolicyType =
aLoadInfo->InternalContentPolicyType();
nsCString mimeTypeGuess;
nsCOMPtr<nsISupports> requestingContext = nullptr;
nsCOMPtr<nsIURI> uri;
nsresult rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
@ -330,43 +333,36 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
switch(contentPolicyType) {
case nsIContentPolicy::TYPE_OTHER: {
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
break;
}
case nsIContentPolicy::TYPE_SCRIPT: {
mimeTypeGuess = NS_LITERAL_CSTRING("application/javascript");
requestingContext = aLoadInfo->LoadingNode();
break;
}
case nsIContentPolicy::TYPE_IMAGE: {
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
break;
}
case nsIContentPolicy::TYPE_STYLESHEET: {
mimeTypeGuess = NS_LITERAL_CSTRING("text/css");
requestingContext = aLoadInfo->LoadingNode();
break;
}
case nsIContentPolicy::TYPE_OBJECT: {
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
break;
}
case nsIContentPolicy::TYPE_DOCUMENT: {
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->ContextForTopLevelLoad();
break;
}
case nsIContentPolicy::TYPE_SUBDOCUMENT: {
mimeTypeGuess = NS_LITERAL_CSTRING("text/html");
requestingContext = aLoadInfo->LoadingNode();
break;
}
@ -377,22 +373,19 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
case nsIContentPolicy::TYPE_XBL: {
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
break;
}
case nsIContentPolicy::TYPE_PING: {
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
break;
}
case nsIContentPolicy::TYPE_XMLHTTPREQUEST: {
// alias nsIContentPolicy::TYPE_DATAREQUEST:
requestingContext = aLoadInfo->LoadingNode();
#ifdef DEBUG
{
nsCOMPtr<nsINode> node = do_QueryInterface(requestingContext);
nsCOMPtr<nsINode> node = aLoadInfo->LoadingNode();
MOZ_ASSERT(!node || node->NodeType() == nsINode::DOCUMENT_NODE,
"type_xml requires requestingContext of type Document");
}
@ -416,10 +409,9 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
case nsIContentPolicy::TYPE_OBJECT_SUBREQUEST: {
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
#ifdef DEBUG
{
nsCOMPtr<nsINode> node = do_QueryInterface(requestingContext);
nsCOMPtr<nsINode> node = aLoadInfo->LoadingNode();
MOZ_ASSERT(!node || node->NodeType() == nsINode::ELEMENT_NODE,
"type_subrequest requires requestingContext of type Element");
}
@ -429,10 +421,9 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
case nsIContentPolicy::TYPE_DTD: {
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
#ifdef DEBUG
{
nsCOMPtr<nsINode> node = do_QueryInterface(requestingContext);
nsCOMPtr<nsINode> node = aLoadInfo->LoadingNode();
MOZ_ASSERT(!node || node->NodeType() == nsINode::DOCUMENT_NODE,
"type_dtd requires requestingContext of type Document");
}
@ -442,7 +433,6 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
case nsIContentPolicy::TYPE_FONT: {
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
break;
}
@ -453,10 +443,9 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
else {
mimeTypeGuess = EmptyCString();
}
requestingContext = aLoadInfo->LoadingNode();
#ifdef DEBUG
{
nsCOMPtr<nsINode> node = do_QueryInterface(requestingContext);
nsCOMPtr<nsINode> node = aLoadInfo->LoadingNode();
MOZ_ASSERT(!node || node->NodeType() == nsINode::ELEMENT_NODE,
"type_media requires requestingContext of type Element");
}
@ -475,22 +464,19 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
MOZ_ASSERT(NS_SUCCEEDED(rv));
}
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
break;
}
case nsIContentPolicy::TYPE_CSP_REPORT: {
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
break;
}
case nsIContentPolicy::TYPE_XSLT: {
mimeTypeGuess = NS_LITERAL_CSTRING("application/xml");
requestingContext = aLoadInfo->LoadingNode();
#ifdef DEBUG
{
nsCOMPtr<nsINode> node = do_QueryInterface(requestingContext);
nsCOMPtr<nsINode> node = aLoadInfo->LoadingNode();
MOZ_ASSERT(!node || node->NodeType() == nsINode::DOCUMENT_NODE,
"type_xslt requires requestingContext of type Document");
}
@ -500,10 +486,9 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
case nsIContentPolicy::TYPE_BEACON: {
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
#ifdef DEBUG
{
nsCOMPtr<nsINode> node = do_QueryInterface(requestingContext);
nsCOMPtr<nsINode> node = aLoadInfo->LoadingNode();
MOZ_ASSERT(!node || node->NodeType() == nsINode::DOCUMENT_NODE,
"type_beacon requires requestingContext of type Document");
}
@ -513,25 +498,21 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
case nsIContentPolicy::TYPE_FETCH: {
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
break;
}
case nsIContentPolicy::TYPE_IMAGESET: {
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
break;
}
case nsIContentPolicy::TYPE_WEB_MANIFEST: {
mimeTypeGuess = NS_LITERAL_CSTRING("application/manifest+json");
requestingContext = aLoadInfo->LoadingNode();
break;
}
case nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD: {
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();
break;
}
@ -541,13 +522,9 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
}
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(internalContentPolicyType,
uri,
aLoadInfo->LoadingPrincipal(),
aLoadInfo->TriggeringPrincipal(),
requestingContext,
rv = NS_CheckContentLoadPolicy(uri,
aLoadInfo,
mimeTypeGuess,
nullptr, //extra,
&shouldLoad,
nsContentUtils::GetContentPolicy());

48
dom/security/nsMixedContentBlocker.cpp
View file

@ -315,34 +315,23 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel,
return NS_OK;
}
nsContentPolicyType contentPolicyType = loadInfo->InternalContentPolicyType();
nsCOMPtr<nsIPrincipal> requestingPrincipal = loadInfo->LoadingPrincipal();
// Since we are calling shouldLoad() directly on redirects, we don't go through the code
// in nsContentPolicyUtils::NS_CheckContentLoadPolicy(). Hence, we have to
// duplicate parts of it here.
nsCOMPtr<nsIURI> requestingLocation;
if (requestingPrincipal) {
// We check to see if the loadingPrincipal is systemPrincipal and return
// early if it is
if (nsContentUtils::IsSystemPrincipal(requestingPrincipal)) {
return NS_OK;
}
// We set the requestingLocation from the RequestingPrincipal.
rv = requestingPrincipal->GetURI(getter_AddRefs(requestingLocation));
NS_ENSURE_SUCCESS(rv, rv);
}
nsCOMPtr<nsISupports> requestingContext = loadInfo->LoadingNode();
int16_t decision = REJECT_REQUEST;
rv = ShouldLoad(contentPolicyType,
newUri,
requestingLocation,
requestingContext,
rv = ShouldLoad(newUri,
loadInfo,
EmptyCString(), // aMimeGuess
nullptr, // aExtra
requestingPrincipal,
&decision);
if (NS_FAILED(rv)) {
autoCallback.DontCallback();
@ -365,15 +354,20 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel,
* for detailed description of the parameters.
*/
NS_IMETHODIMP
nsMixedContentBlocker::ShouldLoad(uint32_t aContentType,
nsIURI* aContentLocation,
nsIURI* aRequestingLocation,
nsISupports* aRequestingContext,
nsMixedContentBlocker::ShouldLoad(nsIURI* aContentLocation,
nsILoadInfo* aLoadInfo,
const nsACString& aMimeGuess,
nsISupports* aExtra,
nsIPrincipal* aRequestPrincipal,
int16_t* aDecision)
{
uint32_t aContentType = aLoadInfo->InternalContentPolicyType();
nsCOMPtr<nsISupports> aRequestingContext = aLoadInfo->GetLoadingContext();
nsCOMPtr<nsIPrincipal> aRequestPrincipal = aLoadInfo->TriggeringPrincipal();
nsCOMPtr<nsIURI> aRequestingLocation;
nsCOMPtr<nsIPrincipal> loadingPrincipal = aLoadInfo->LoadingPrincipal();
if (loadingPrincipal) {
loadingPrincipal->GetURI(getter_AddRefs(aRequestingLocation));
}
// We pass in false as the first parameter to ShouldLoad(), because the
// callers of this method don't know whether the load went through cached
// image redirects. This is handled by direct callers of the static
@ -384,7 +378,7 @@ nsMixedContentBlocker::ShouldLoad(uint32_t aContentType,
aRequestingLocation,
aRequestingContext,
aMimeGuess,
aExtra,
nullptr, // aExtra,
aRequestPrincipal,
aDecision);
return rv;
@ -1060,16 +1054,12 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
}
NS_IMETHODIMP
nsMixedContentBlocker::ShouldProcess(uint32_t aContentType,
nsIURI* aContentLocation,
nsIURI* aRequestingLocation,
nsISupports* aRequestingContext,
nsMixedContentBlocker::ShouldProcess(nsIURI* aContentLocation,
nsILoadInfo* aLoadInfo,
const nsACString& aMimeGuess,
nsISupports* aExtra,
nsIPrincipal* aRequestPrincipal,
int16_t* aDecision)
{
aContentType = nsContentUtils::InternalContentPolicyTypeToExternal(aContentType);
uint32_t aContentType = aLoadInfo->GetExternalContentPolicyType();
if (!aContentLocation) {
// aContentLocation may be null when a plugin is loading without an associated URI resource
@ -1082,9 +1072,7 @@ nsMixedContentBlocker::ShouldProcess(uint32_t aContentType,
}
}
return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
aDecision);
return ShouldLoad(aContentLocation, aLoadInfo, aMimeGuess, aDecision);
}
// Record information on when HSTS would have made mixed content not mixed

6
dom/serviceworkers/ServiceWorkerEvents.cpp
View file

@ -397,11 +397,7 @@ public:
rv = NS_NewURI(getter_AddRefs(uri), url, nullptr, nullptr);
NS_ENSURE_SUCCESS(rv, false);
int16_t decision = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(aLoadInfo->InternalContentPolicyType(), uri,
aLoadInfo->LoadingPrincipal(),
aLoadInfo->TriggeringPrincipal(),
aLoadInfo->LoadingNode(), EmptyCString(),
nullptr, &decision);
rv = NS_CheckContentLoadPolicy(uri, aLoadInfo, EmptyCString(), &decision);
NS_ENSURE_SUCCESS(rv, false);
return decision == nsIContentPolicy::ACCEPT;
}

15
dom/serviceworkers/ServiceWorkerManager.cpp
View file

@ -855,15 +855,18 @@ ServiceWorkerManager::Register(mozIDOMWindow* aWindow,
return NS_ERROR_DOM_SECURITY_ERR;
}
// Check content policy.
int16_t decision = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER,
aScriptURI,
documentPrincipal, // loading principal
nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
new LoadInfo(documentPrincipal, // loading principal
documentPrincipal, // triggering principal
doc,
nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER);
// Check content policy.
int16_t decision = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(aScriptURI,
secCheckLoadInfo,
EmptyCString(),
nullptr,
&decision);
NS_ENSURE_SUCCESS(rv, rv);
if (NS_WARN_IF(decision != nsIContentPolicy::ACCEPT)) {

14
dom/websocket/WebSocket.cpp
View file

@ -23,6 +23,7 @@
#include "mozilla/dom/WorkerRunnable.h"
#include "mozilla/dom/WorkerScope.h"
#include "nsAutoPtr.h"
#include "mozilla/LoadInfo.h"
#include "nsGlobalWindow.h"
#include "nsIScriptGlobalObject.h"
#include "nsIDOMWindow.h"
@ -1652,14 +1653,17 @@ WebSocketImpl::Init(JSContext* aCx,
// AsyncOpen2().
// Please note that websockets can't follow redirects, hence there is no
// need to perform a CSP check after redirects.
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_WEBSOCKET,
uri,
aPrincipal, // loading principal
nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
new net::LoadInfo(aPrincipal, // loading principal
aPrincipal, // triggering principal
originDoc,
nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
nsIContentPolicy::TYPE_WEBSOCKET);
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(uri,
secCheckLoadInfo,
EmptyCString(),
nullptr,
&shouldLoad,
nsContentUtils::GetContentPolicy());
NS_ENSURE_SUCCESS(rv, rv);

16
dom/xml/nsXMLContentSink.cpp
View file

@ -57,6 +57,7 @@
#include "mozilla/dom/ProcessingInstruction.h"
#include "mozilla/dom/ScriptLoader.h"
#include "mozilla/dom/txMozillaXSLTProcessor.h"
#include "mozilla/LoadInfo.h"
using namespace mozilla;
using namespace mozilla::dom;
@ -738,15 +739,18 @@ nsXMLContentSink::MaybeProcessXSLTLink(
nsIScriptSecurityManager::ALLOW_CHROME);
NS_ENSURE_SUCCESS(rv, NS_OK);
nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
new net::LoadInfo(mDocument->NodePrincipal(), // loading principal
mDocument->NodePrincipal(), // triggering principal
aProcessingInstruction,
nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
nsIContentPolicy::TYPE_XSLT);
// Do content policy check
int16_t decision = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_XSLT,
url,
mDocument->NodePrincipal(), // loading principal
mDocument->NodePrincipal(), // triggering principal
ToSupports(aProcessingInstruction),
rv = NS_CheckContentLoadPolicy(url,
secCheckLoadInfo,
NS_ConvertUTF16toUTF8(aType),
nullptr,
&decision,
nsContentUtils::GetContentPolicy());

35
extensions/permissions/nsContentBlocker.cpp
View file

@ -152,15 +152,18 @@ nsContentBlocker::PrefChanged(nsIPrefBranch *aPrefBranch,
// nsIContentPolicy Implementation
NS_IMETHODIMP
nsContentBlocker::ShouldLoad(uint32_t aContentType,
nsIURI *aContentLocation,
nsIURI *aRequestingLocation,
nsISupports *aRequestingContext,
nsContentBlocker::ShouldLoad(nsIURI *aContentLocation,
nsILoadInfo *aLoadInfo,
const nsACString &aMimeGuess,
nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
int16_t *aDecision)
{
uint32_t aContentType = aLoadInfo->GetExternalContentPolicyType();
nsCOMPtr<nsIPrincipal> loadingPrincipal = aLoadInfo->LoadingPrincipal();
nsCOMPtr<nsIURI> aRequestingLocation;
if (loadingPrincipal) {
loadingPrincipal->GetURI(getter_AddRefs(aRequestingLocation));
}
MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
"We should only see external content policy types here.");
@ -206,15 +209,19 @@ nsContentBlocker::ShouldLoad(uint32_t aContentType,
}
NS_IMETHODIMP
nsContentBlocker::ShouldProcess(uint32_t aContentType,
nsIURI *aContentLocation,
nsIURI *aRequestingLocation,
nsISupports *aRequestingContext,
nsContentBlocker::ShouldProcess(nsIURI *aContentLocation,
nsILoadInfo *aLoadInfo,
const nsACString &aMimeGuess,
nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
int16_t *aDecision)
{
uint32_t aContentType = aLoadInfo->GetExternalContentPolicyType();
nsCOMPtr<nsISupports> aRequestingContext = aLoadInfo->GetLoadingContext();
nsCOMPtr<nsIPrincipal> loadingPrincipal = aLoadInfo->LoadingPrincipal();
nsCOMPtr<nsIURI> aRequestingLocation;
if (loadingPrincipal) {
loadingPrincipal->GetURI(getter_AddRefs(aRequestingLocation));
}
MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
"We should only see external content policy types here.");
@ -254,9 +261,7 @@ nsContentBlocker::ShouldProcess(uint32_t aContentType,
// This isn't a load from chrome or an object tag - Just do a ShouldLoad()
// check -- we want the same answer here
return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
aDecision);
return ShouldLoad(aContentLocation, aLoadInfo, aMimeGuess, aDecision);
}
nsresult

28
image/imgLoader.cpp
View file

@ -9,12 +9,14 @@
#include "ImageLogging.h"
#include "imgLoader.h"
#include "NullPrincipal.h"
#include "mozilla/Attributes.h"
#include "mozilla/ClearOnShutdown.h"
#include "mozilla/Move.h"
#include "mozilla/Preferences.h"
#include "mozilla/ChaosMode.h"
#include "mozilla/LoadInfo.h"
#include "nsImageModule.h"
#include "imgRequestProxy.h"
@ -630,14 +632,28 @@ ShouldLoadCachedImage(imgRequest* aImgRequest,
aImgRequest->GetFinalURI(getter_AddRefs(contentLocation));
nsresult rv;
int16_t decision = nsIContentPolicy::REJECT_REQUEST;
rv = NS_CheckContentLoadPolicy(aPolicyType,
contentLocation,
aTriggeringPrincipal, // loading principal
nsCOMPtr<nsINode> requestingNode = do_QueryInterface(aLoadingContext);
nsCOMPtr<nsIPrincipal> loadingPrincipal = requestingNode
? requestingNode->NodePrincipal()
: aTriggeringPrincipal;
// If there is no context and also no triggeringPrincipal, then we use a fresh
// nullPrincipal as the loadingPrincipal because we can not create a loadinfo
// without a valid loadingPrincipal.
if (!loadingPrincipal) {
loadingPrincipal = NullPrincipal::CreateWithoutOriginAttributes();
}
nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
new LoadInfo(loadingPrincipal,
aTriggeringPrincipal,
aLoadingContext,
requestingNode,
nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
aPolicyType);
int16_t decision = nsIContentPolicy::REJECT_REQUEST;
rv = NS_CheckContentLoadPolicy(contentLocation,
secCheckLoadInfo,
EmptyCString(), //mime guess
nullptr, //aExtra
&decision,
nsContentUtils::GetContentPolicy());
if (NS_FAILED(rv) || !NS_CP_ACCEPTED(decision)) {

14
layout/style/FontFaceSet.cpp
View file

@ -24,6 +24,7 @@
#include "mozilla/ServoUtils.h"
#include "mozilla/Sprintf.h"
#include "mozilla/Telemetry.h"
#include "mozilla/LoadInfo.h"
#include "nsAutoPtr.h"
#include "nsContentPolicyUtils.h"
#include "nsCSSParser.h"
@ -1376,14 +1377,17 @@ FontFaceSet::IsFontLoadAllowed(nsIURI* aFontLocation,
mDocument->StartBufferingCSPViolations();
}
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_FONT,
aFontLocation,
aPrincipal, // loading principal
nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
new net::LoadInfo(mDocument->NodePrincipal(), // loading principal
aPrincipal, // triggering principal
mDocument,
nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
nsIContentPolicy::TYPE_FONT);
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentLoadPolicy(aFontLocation,
secCheckLoadInfo,
EmptyCString(), // mime type
nullptr, // aExtra
&shouldLoad,
nsContentUtils::GetContentPolicy());

16
layout/style/Loader.cpp
View file

@ -857,14 +857,18 @@ Loader::CheckContentPolicy(nsIPrincipal* aLoadingPrincipal,
aIsPreload ? nsIContentPolicy::TYPE_INTERNAL_STYLESHEET_PRELOAD
: nsIContentPolicy::TYPE_INTERNAL_STYLESHEET;
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentLoadPolicy(contentPolicyType,
aTargetURI,
aLoadingPrincipal,
nsCOMPtr<nsINode> requestingNode = do_QueryInterface(aContext);
nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
new net::LoadInfo(aLoadingPrincipal,
aTriggeringPrincipal,
aContext,
requestingNode,
nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
contentPolicyType);
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentLoadPolicy(aTargetURI,
secCheckLoadInfo,
NS_LITERAL_CSTRING("text/css"),
nullptr, //extra param
&shouldLoad,
nsContentUtils::GetContentPolicy());
if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {

7
mobile/android/components/ImageBlockingPolicy.js
View file

@ -45,7 +45,10 @@ ImageBlockingPolicy.prototype = {
xpcom_categories: [{category: "content-policy", service: true}],
// nsIContentPolicy interface implementation
shouldLoad: function(contentType, contentLocation, requestOrigin, node, mimeTypeGuess, extra) {
shouldLoad: function(contentLocation, loadInfo, mimeTypeGuess) {
let contentType = loadInfo.externalContentPolicyType;
let node = loadInfo.loadingContext;
// When enabled or when on cellular, and option for cellular-only is selected
if (this._enabled() == OPTION_NEVER || (this._enabled() == OPTION_WIFI_ONLY && this._usingCellular())) {
if (contentType === Ci.nsIContentPolicy.TYPE_IMAGE || contentType === Ci.nsIContentPolicy.TYPE_IMAGESET) {
@ -81,7 +84,7 @@ ImageBlockingPolicy.prototype = {
return Ci.nsIContentPolicy.ACCEPT;
},
shouldProcess: function(contentType, contentLocation, requestOrigin, node, mimeTypeGuess, extra) {
shouldProcess: function(contentLocation, loadInfo, mimeTypeGuess) {
return Ci.nsIContentPolicy.ACCEPT;
},

23
netwerk/base/LoadInfo.cpp
View file

@ -101,7 +101,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
// This constructor shouldn't be used for TYPE_DOCUMENT loads that don't
// have a loadingPrincipal
MOZ_ASSERT(skipContentTypeCheck ||
MOZ_ASSERT(skipContentTypeCheck || mLoadingPrincipal ||
mInternalContentPolicyType != nsIContentPolicy::TYPE_DOCUMENT);
// We should only get an explicit controller for subresource requests.
@ -658,6 +658,27 @@ LoadInfo::ContextForTopLevelLoad()
return context;
}
already_AddRefed<nsISupports>
LoadInfo::GetLoadingContext()
{
nsCOMPtr<nsISupports> context;
if (mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT) {
context = ContextForTopLevelLoad();
}
else {
context = LoadingNode();
}
return context.forget();
}
NS_IMETHODIMP
LoadInfo::GetLoadingContextXPCOM(nsISupports** aResult)
{
nsCOMPtr<nsISupports> context = GetLoadingContext();
context.forget(aResult);
return NS_OK;
}
NS_IMETHODIMP
LoadInfo::GetSecurityFlags(nsSecurityFlags* aResult)
{

26
netwerk/base/nsILoadInfo.idl
View file

@ -13,6 +13,7 @@ interface nsINode;
interface nsIPrincipal;
interface nsIRedirectHistoryEntry;
interface nsIURI;
native LoadContextRef(already_AddRefed<nsISupports>);
%{C++
#include "nsTArray.h"
#include "mozilla/BasePrincipal.h"
@ -74,6 +75,16 @@ interface nsILoadInfo : nsISupports
* flags are set AsyncOpen2 will fail.
*/
/**
* Warning: Never use this flag when creating a new channel!
* Only use this flag if you have to create a temporary LoadInfo
* for performing an explicit nsIContentPolicy check, like e.g.
* when loading something from the cache that needs an explicit
* nsIContentPolicy check. In all other cases pick one of the
* security flags underneath.
*/
const unsigned long SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK = 0;
/*
* Enforce the same origin policy where data: loads inherit the principal.
* See the documentation for principalToInherit, which describes exactly what
@ -360,6 +371,21 @@ interface nsILoadInfo : nsISupports
[noscript, notxpcom, nostdcall, binaryname(ContextForTopLevelLoad)]
nsISupports binaryContextForTopLevelLoad();
/**
* For all loads except loads of TYPE_DOCUMENT, the loadingContext
* simply returns the loadingNode. For loads of TYPE_DOCUMENT this
* will return the context available for top-level loads which
* do not have a loadingNode.
*/
[binaryname(LoadingContextXPCOM)]
readonly attribute nsISupports loadingContext;
/**
* A C++ friendly version of the loadingContext.
*/
[noscript, notxpcom, nostdcall, binaryname(GetLoadingContext)]
LoadContextRef binaryGetLoadingContext();
/**
* The securityFlags of that channel.
*/

22
toolkit/components/browser/nsWebBrowserContentPolicy.cpp
View file

@ -21,17 +21,16 @@ nsWebBrowserContentPolicy::~nsWebBrowserContentPolicy()
NS_IMPL_ISUPPORTS(nsWebBrowserContentPolicy, nsIContentPolicy)
NS_IMETHODIMP
nsWebBrowserContentPolicy::ShouldLoad(uint32_t aContentType,
nsIURI* aContentLocation,
nsIURI* aRequestingLocation,
nsISupports* aRequestingContext,
nsWebBrowserContentPolicy::ShouldLoad(nsIURI* aContentLocation,
nsILoadInfo* aLoadInfo,
const nsACString& aMimeGuess,
nsISupports* aExtra,
nsIPrincipal* aRequestPrincipal,
int16_t* aShouldLoad)
{
NS_PRECONDITION(aShouldLoad, "Null out param");
uint32_t aContentType = aLoadInfo->GetExternalContentPolicyType();
nsCOMPtr<nsISupports> aRequestingContext = aLoadInfo->GetLoadingContext();
MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
"We should only see external content policy types here.");
@ -74,17 +73,16 @@ nsWebBrowserContentPolicy::ShouldLoad(uint32_t aContentType,
}
NS_IMETHODIMP
nsWebBrowserContentPolicy::ShouldProcess(uint32_t aContentType,
nsIURI* aContentLocation,
nsIURI* aRequestingLocation,
nsISupports* aRequestingContext,
nsWebBrowserContentPolicy::ShouldProcess(nsIURI* aContentLocation,
nsILoadInfo* aLoadInfo,
const nsACString& aMimeGuess,
nsISupports* aExtra,
nsIPrincipal* aRequestPrincipal,
int16_t* aShouldProcess)
{
NS_PRECONDITION(aShouldProcess, "Null out param");
uint32_t aContentType = aLoadInfo->GetExternalContentPolicyType();
nsCOMPtr<nsISupports> aRequestingContext = aLoadInfo->GetLoadingContext();
MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
"We should only see external content policy types here.");

14
toolkit/modules/addons/WebRequestContent.js
View file

@ -76,8 +76,16 @@ var ContentPolicy = {
catMan.deleteCategoryEntry("content-policy", this._contractID, false);
},
shouldLoad(policyType, contentLocation, requestOrigin,
node, mimeTypeGuess, extra, requestPrincipal) {
shouldLoad(contentLocation, loadInfo, mimeTypeGuess) {
let policyType = loadInfo.externalContentPolicyType;
let node = loadInfo.loadingContext;
let loadingPrincipal = loadInfo.loadingPrincipal;
let requestPrincipal = loadInfo.triggeringPrincipal;
let requestOrigin = null;
if (loadingPrincipal) {
requestOrigin = loadingPrincipal.URI;
}
// Loads of TYPE_DOCUMENT and TYPE_SUBDOCUMENT perform a ConPol check
// within docshell as well as within the ContentSecurityManager. To avoid
// duplicate evaluations we ignore ConPol checks performed within docShell.
@ -192,7 +200,7 @@ var ContentPolicy = {
return Ci.nsIContentPolicy.ACCEPT;
},
shouldProcess: function(contentType, contentLocation, requestOrigin, insecNode, mimeType, extra) {
shouldProcess: function(contentLocation, loadInfo, mimeType) {
return Ci.nsIContentPolicy.ACCEPT;
},

27
toolkit/mozapps/extensions/AddonContentPolicy.cpp
View file

@ -92,15 +92,19 @@ LogMessage(const nsAString &aMessage, nsIURI* aSourceURI, const nsAString &aSour
// Content policy enforcement:
NS_IMETHODIMP
AddonContentPolicy::ShouldLoad(uint32_t aContentType,
nsIURI* aContentLocation,
nsIURI* aRequestOrigin,
nsISupports* aContext,
AddonContentPolicy::ShouldLoad(nsIURI* aContentLocation,
nsILoadInfo* aLoadInfo,
const nsACString& aMimeTypeGuess,
nsISupports* aExtra,
nsIPrincipal* aRequestPrincipal,
int16_t* aShouldLoad)
{
uint32_t aContentType = aLoadInfo->GetExternalContentPolicyType();
nsCOMPtr<nsISupports> aContext = aLoadInfo->GetLoadingContext();
nsCOMPtr<nsIURI> aRequestOrigin;
nsCOMPtr<nsIPrincipal> loadingPrincipal = aLoadInfo->LoadingPrincipal();
if (loadingPrincipal) {
loadingPrincipal->GetURI(getter_AddRefs(aRequestOrigin));
}
MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
"We should only see external content policy types here.");
@ -139,17 +143,16 @@ AddonContentPolicy::ShouldLoad(uint32_t aContentType,
}
NS_IMETHODIMP
AddonContentPolicy::ShouldProcess(uint32_t aContentType,
nsIURI* aContentLocation,
nsIURI* aRequestOrigin,
nsISupports* aRequestingContext,
AddonContentPolicy::ShouldProcess(nsIURI* aContentLocation,
nsILoadInfo* aLoadInfo,
const nsACString& aMimeTypeGuess,
nsISupports* aExtra,
nsIPrincipal* aRequestPrincipal,
int16_t* aShouldProcess)
{
#ifdef DEBUG
uint32_t aContentType = aLoadInfo->GetExternalContentPolicyType();
MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
"We should only see external content policy types here.");
#endif
*aShouldProcess = nsIContentPolicy::ACCEPT;
return NS_OK;