tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

nsContentSecurityManager.h (4217B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef nsContentSecurityManager_h___
      8 #define nsContentSecurityManager_h___
      9 
     10 #include "mozilla/CORSMode.h"
     11 #include "nsIChannel.h"
     12 #include "nsIChannelEventSink.h"
     13 #include "nsIContentSecurityManager.h"
     14 #include "nsILoadInfo.h"
     15 
     16 class nsILoadInfo;
     17 class nsIStreamListener;
     18 
     19 #define NS_CONTENTSECURITYMANAGER_CONTRACTID \
     20  "@mozilla.org/contentsecuritymanager;1"
     21 // cdcc1ab8-3cea-4e6c-a294-a651fa35227f
     22 #define NS_CONTENTSECURITYMANAGER_CID \
     23  {0xcdcc1ab8, 0x3cea, 0x4e6c, {0xa2, 0x94, 0xa6, 0x51, 0xfa, 0x35, 0x22, 0x7f}}
     24 
     25 class nsContentSecurityManager : public nsIContentSecurityManager,
     26                                 public nsIChannelEventSink {
     27 public:
     28  NS_DECL_ISUPPORTS
     29  NS_DECL_NSICONTENTSECURITYMANAGER
     30  NS_DECL_NSICHANNELEVENTSINK
     31 
     32  nsContentSecurityManager() = default;
     33 
     34  static nsresult doContentSecurityCheck(
     35      nsIChannel* aChannel, nsCOMPtr<nsIStreamListener>& aInAndOutListener);
     36 
     37  static bool AllowTopLevelNavigationToDataURI(nsIChannel* aChannel);
     38  static void ReportBlockedDataURI(nsIURI* aURI, nsILoadInfo* aLoadInfo,
     39                                   bool aIsRedirect = false);
     40  static bool AllowInsecureRedirectToDataURI(nsIChannel* aNewChannel);
     41  static void MeasureUnexpectedPrivilegedLoads(nsILoadInfo* aLoadInfo,
     42                                               nsIURI* aFinalURI,
     43                                               const nsACString& aRemoteType);
     44 
     45  enum CORSSecurityMapping {
     46    // Disables all CORS checking overriding the value of aCORSMode. All checks
     47    // are disabled even when CORSMode::CORS_ANONYMOUS or
     48    // CORSMode::CORS_USE_CREDENTIALS is passed. This is mostly used for chrome
     49    // code, where we don't need security checks. See
     50    // SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL for the detailed explanation
     51    // of the security mode.
     52    DISABLE_CORS_CHECKS,
     53    // Disables all CORS checking on CORSMode::CORS_NONE. The other two CORS
     54    // modes CORSMode::CORS_ANONYMOUS and CORSMode::CORS_USE_CREDENTIALS are
     55    // respected.
     56    CORS_NONE_MAPS_TO_DISABLED_CORS_CHECKS,
     57    // Allow load from any origin, but cross-origin requests require CORS. See
     58    // SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT. Like above the other two
     59    // CORS modes are unaffected and get parsed.
     60    CORS_NONE_MAPS_TO_INHERITED_CONTEXT,
     61    // Always require the server to acknowledge the request via CORS.
     62    // CORSMode::CORS_NONE is parsed as if CORSMode::CORS_ANONYMOUS is passed.
     63    REQUIRE_CORS_CHECKS,
     64  };
     65 
     66  // computes the security flags for the requested CORS mode
     67  // @param aCORSSecurityMapping: See CORSSecurityMapping for variant
     68  // descriptions
     69  static nsSecurityFlags ComputeSecurityFlags(
     70      mozilla::CORSMode aCORSMode, CORSSecurityMapping aCORSSecurityMapping);
     71 
     72  static nsSecurityFlags ComputeSecurityMode(nsSecurityFlags aSecurityFlags);
     73 
     74  static mozilla::dom::RequestMode SecurityModeToRequestMode(
     75      uint32_t aSecurityMode);
     76 
     77  static void GetSerializedOrigin(nsIPrincipal* aOrigin,
     78                                  nsIPrincipal* aResourceOrigin,
     79                                  nsACString& aResult, nsILoadInfo* aLoadInfo);
     80 
     81  // https://html.spec.whatwg.org/multipage/browsers.html#compatible-with-cross-origin-isolation
     82  static bool IsCompatibleWithCrossOriginIsolation(
     83      nsILoadInfo::CrossOriginEmbedderPolicy aPolicy);
     84 
     85 private:
     86  static nsresult CheckChannel(nsIChannel* aChannel);
     87  static nsresult CheckAllowLoadInSystemPrivilegedContext(nsIChannel* aChannel);
     88  static nsresult CheckAllowLoadInPrivilegedAboutContext(nsIChannel* aChannel);
     89  static nsresult CheckChannelHasProtocolSecurityFlag(nsIChannel* aChannel);
     90  static bool CrossOriginEmbedderPolicyAllowsCredentials(nsIChannel* aChannel);
     91  static nsresult CheckForIncoherentResultPrincipal(nsIChannel* aChannel);
     92 
     93  virtual ~nsContentSecurityManager() = default;
     94 };
     95 
     96 #endif /* nsContentSecurityManager_h___ */