WindowGlobalActor.cpp (7405B)
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim:set ts=2 sw=2 sts=2 et cindent: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #include "mozilla/dom/WindowGlobalActor.h" 8 9 #include "AutoplayPolicy.h" 10 #include "mozilla/Components.h" 11 #include "mozilla/ContentBlockingAllowList.h" 12 #include "mozilla/Logging.h" 13 #include "mozilla/dom/Document.h" 14 #include "mozilla/dom/JSActorService.h" 15 #include "mozilla/dom/JSWindowActorChild.h" 16 #include "mozilla/dom/JSWindowActorParent.h" 17 #include "mozilla/dom/JSWindowActorProtocol.h" 18 #include "mozilla/dom/PopupBlocker.h" 19 #include "mozilla/dom/WindowContext.h" 20 #include "mozilla/dom/WindowGlobalChild.h" 21 #include "mozilla/dom/WindowGlobalParent.h" 22 #include "mozilla/dom/nsMixedContentBlocker.h" 23 #include "mozilla/net/CookieJarSettings.h" 24 #include "nsContentUtils.h" 25 #include "nsGlobalWindowInner.h" 26 #include "nsNetUtil.h" 27 28 namespace mozilla::dom { 29 30 // CORPP 3.1.3 https://mikewest.github.io/corpp/#integration-html 31 static nsILoadInfo::CrossOriginEmbedderPolicy InheritedPolicy( 32 dom::BrowsingContext* aBrowsingContext) { 33 WindowContext* inherit = aBrowsingContext->GetParentWindowContext(); 34 if (inherit) { 35 return inherit->GetEmbedderPolicy(); 36 } 37 38 return nsILoadInfo::EMBEDDER_POLICY_NULL; 39 } 40 41 // Common WindowGlobalInit creation code used by both `AboutBlankInitializer` 42 // and `WindowInitializer`. 43 WindowGlobalInit WindowGlobalActor::BaseInitializer( 44 dom::BrowsingContext* aBrowsingContext, uint64_t aInnerWindowId, 45 uint64_t aOuterWindowId) { 46 MOZ_DIAGNOSTIC_ASSERT(aBrowsingContext); 47 48 using Indexes = WindowContext::FieldIndexes; 49 50 WindowGlobalInit init; 51 auto& ctx = init.context(); 52 ctx.mInnerWindowId = aInnerWindowId; 53 ctx.mOuterWindowId = aOuterWindowId; 54 ctx.mBrowsingContextId = aBrowsingContext->Id(); 55 56 // If any synced fields need to be initialized from our BrowsingContext, we 57 // can initialize them here. 58 auto& fields = ctx.mFields; 59 fields.Get<Indexes::IDX_EmbedderPolicy>() = InheritedPolicy(aBrowsingContext); 60 fields.Get<Indexes::IDX_AutoplayPermission>() = 61 nsIPermissionManager::UNKNOWN_ACTION; 62 fields.Get<Indexes::IDX_AllowJavascript>() = true; 63 return init; 64 } 65 66 WindowGlobalInit WindowGlobalActor::AboutBlankInitializer( 67 dom::BrowsingContext* aBrowsingContext, nsIPrincipal* aPrincipal) { 68 MOZ_DIAGNOSTIC_ASSERT( 69 aPrincipal && aPrincipal->GetIsNullPrincipal(), 70 "AboutBlankInitializer is a dummy that should not be web-exposed"); 71 72 WindowGlobalInit init = 73 BaseInitializer(aBrowsingContext, nsContentUtils::GenerateWindowId(), 74 nsContentUtils::GenerateWindowId()); 75 76 init.principal() = aPrincipal; 77 init.storagePrincipal() = aPrincipal; 78 (void)NS_NewURI(getter_AddRefs(init.documentURI()), "about:blank"); 79 init.isInitialDocument() = true; 80 init.isUncommittedInitialDocument() = true; 81 82 return init; 83 } 84 85 WindowGlobalInit WindowGlobalActor::WindowInitializer( 86 nsGlobalWindowInner* aWindow) { 87 WindowGlobalInit init = 88 BaseInitializer(aWindow->GetBrowsingContext(), aWindow->WindowID(), 89 aWindow->GetOuterWindow()->WindowID()); 90 91 init.principal() = aWindow->GetPrincipal(); 92 init.storagePrincipal() = aWindow->GetEffectiveStoragePrincipal(); 93 init.documentURI() = aWindow->GetDocumentURI(); 94 95 Document* doc = aWindow->GetDocument(); 96 97 init.isInitialDocument() = doc->IsInitialDocument(); 98 init.isUncommittedInitialDocument() = doc->IsUncommittedInitialDocument(); 99 init.blockAllMixedContent() = doc->GetBlockAllMixedContent(false); 100 init.upgradeInsecureRequests() = doc->GetUpgradeInsecureRequests(false); 101 init.sandboxFlags() = doc->GetSandboxFlags(); 102 net::CookieJarSettings::Cast(doc->CookieJarSettings()) 103 ->Serialize(init.cookieJarSettings()); 104 init.httpsOnlyStatus() = doc->HttpsOnlyStatus(); 105 106 using Indexes = WindowContext::FieldIndexes; 107 108 auto& fields = init.context().mFields; 109 fields.Get<Indexes::IDX_CookieBehavior>() = 110 Some(doc->CookieJarSettings()->GetCookieBehavior()); 111 fields.Get<Indexes::IDX_IsOnContentBlockingAllowList>() = 112 doc->CookieJarSettings()->GetIsOnContentBlockingAllowList(); 113 fields.Get<Indexes::IDX_IsThirdPartyWindow>() = doc->HasThirdPartyChannel(); 114 fields.Get<Indexes::IDX_IsThirdPartyTrackingResourceWindow>() = 115 nsContentUtils::IsThirdPartyTrackingResourceWindow(aWindow); 116 fields.Get<Indexes::IDX_ShouldResistFingerprinting>() = 117 doc->ShouldResistFingerprinting(RFPTarget::IsAlwaysEnabledForPrecompute); 118 fields.Get<Indexes::IDX_OverriddenFingerprintingSettings>() = 119 doc->GetOverriddenFingerprintingSettings(); 120 fields.Get<Indexes::IDX_IsSecureContext>() = aWindow->IsSecureContext(); 121 122 // Initialze permission fields 123 fields.Get<Indexes::IDX_AutoplayPermission>() = 124 media::AutoplayPolicy::GetSiteAutoplayPermission(init.principal()); 125 fields.Get<Indexes::IDX_PopupPermission>() = 126 PopupBlocker::GetPopupPermission(init.principal()); 127 128 // Initialize top level permission fields 129 if (aWindow->GetBrowsingContext()->IsTop()) { 130 fields.Get<Indexes::IDX_ShortcutsPermission>() = 131 nsGlobalWindowInner::GetShortcutsPermission(init.principal()); 132 } 133 134 if (auto policy = doc->GetEmbedderPolicy()) { 135 fields.Get<Indexes::IDX_EmbedderPolicy>() = *policy; 136 } 137 138 // Init Mixed Content Fields 139 nsCOMPtr<nsIURI> innerDocURI = NS_GetInnermostURI(doc->GetDocumentURI()); 140 fields.Get<Indexes::IDX_IsSecure>() = 141 innerDocURI && 142 (innerDocURI->SchemeIs("https") || 143 nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(innerDocURI)); 144 145 nsCOMPtr<nsITransportSecurityInfo> securityInfo; 146 if (nsCOMPtr<nsIChannel> channel = doc->GetChannel()) { 147 nsCOMPtr<nsILoadInfo> loadInfo(channel->LoadInfo()); 148 fields.Get<Indexes::IDX_IsOriginalFrameSource>() = 149 loadInfo->GetOriginalFrameSrcLoad(); 150 151 nsILoadInfo::StoragePermissionState storageAccess = 152 loadInfo->GetStoragePermission(); 153 fields.Get<Indexes::IDX_UsingStorageAccess>() = 154 storageAccess == nsILoadInfo::HasStoragePermission || 155 storageAccess == nsILoadInfo::StoragePermissionAllowListed; 156 157 channel->GetSecurityInfo(getter_AddRefs(securityInfo)); 158 } 159 init.securityInfo() = securityInfo; 160 161 fields.Get<Indexes::IDX_IsLocalIP>() = 162 init.principal()->GetIsLocalIpAddress(); 163 164 // Most data here is specific to the Document, which can change without 165 // creating a new WindowGlobal. Anything new added here which fits that 166 // description should also be synchronized in 167 // WindowGlobalChild::OnNewDocument. 168 return init; 169 } 170 171 already_AddRefed<JSActorProtocol> WindowGlobalActor::MatchingJSActorProtocol( 172 JSActorService* aActorSvc, const nsACString& aName, ErrorResult& aRv) { 173 RefPtr<JSWindowActorProtocol> proto = 174 aActorSvc->GetJSWindowActorProtocol(aName); 175 if (!proto) { 176 aRv.ThrowNotFoundError(nsPrintfCString("No such JSWindowActor '%s'", 177 PromiseFlatCString(aName).get())); 178 return nullptr; 179 } 180 181 if (!proto->Matches(BrowsingContext(), GetDocumentURI(), GetRemoteType(), 182 aRv)) { 183 MOZ_ASSERT(aRv.Failed()); 184 return nullptr; 185 } 186 MOZ_ASSERT(!aRv.Failed()); 187 return proto.forget(); 188 } 189 190 } // namespace mozilla::dom