nsMixedContentBlocker.h (3430B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef nsMixedContentBlocker_h___ 8 #define nsMixedContentBlocker_h___ 9 10 #define NS_MIXEDCONTENTBLOCKER_CONTRACTID "@mozilla.org/mixedcontentblocker;1" 11 /* daf1461b-bf29-4f88-8d0e-4bcdf332c862 */ 12 #define NS_MIXEDCONTENTBLOCKER_CID \ 13 {0xdaf1461b, 0xbf29, 0x4f88, {0x8d, 0x0e, 0x4b, 0xcd, 0xf3, 0x32, 0xc8, 0x62}} 14 15 // This enum defines type of content that is detected when an 16 // nsMixedContentEvent fires 17 enum MixedContentTypes { 18 // "Active" content, such as fonts, plugin content, JavaScript, stylesheets, 19 // iframes, WebSockets, and XHR 20 eMixedScript, 21 // "Display" content, such as images, audio, video, and <a ping> 22 eMixedDisplay 23 }; 24 25 #include "imgRequest.h" 26 #include "nsIChannel.h" 27 #include "nsIChannelEventSink.h" 28 #include "nsIContentPolicy.h" 29 30 using mozilla::OriginAttributes; 31 32 class nsILoadInfo; // forward declaration 33 namespace mozilla::net { 34 class nsProtocolProxyService; // forward declaration 35 } // namespace mozilla::net 36 37 class nsMixedContentBlocker : public nsIContentPolicy, 38 public nsIChannelEventSink { 39 private: 40 virtual ~nsMixedContentBlocker(); 41 42 public: 43 NS_DECL_ISUPPORTS 44 NS_DECL_NSICONTENTPOLICY 45 NS_DECL_NSICHANNELEVENTSINK 46 47 nsMixedContentBlocker() = default; 48 49 // See: 50 // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy 51 static bool IsPotentiallyTrustworthyLoopbackHost( 52 const nsACString& aAsciiHost); 53 static bool IsPotentiallyTrustworthyLoopbackURL(nsIURI* aURL); 54 static bool IsPotentiallyTrustworthyOnion(nsIURI* aURL); 55 static bool IsPotentiallyTrustworthyOrigin(nsIURI* aURI); 56 57 /** 58 * Returns true if the provided content policy type is subject to the 59 * mixed content level 2 upgrading mechanism (audio, video, image). 60 */ 61 static bool IsUpgradableContentType(nsContentPolicyType aType); 62 63 /* Static version of ShouldLoad() that contains all the Mixed Content Blocker 64 * logic. Called from non-static ShouldLoad(). 65 * Called directly from imageLib when an insecure redirect exists in a cached 66 * image load. 67 * @param aHadInsecureImageRedirect 68 * boolean flag indicating that an insecure redirect through http 69 * occured when this image was initially loaded and cached. 70 * @param aReportError 71 * boolean flag indicating if a rejection should automaticly be 72 * logged into the Console. 73 * Remaining parameters are from nsIContentPolicy::ShouldLoad(). 74 */ 75 static nsresult ShouldLoad(bool aHadInsecureImageRedirect, 76 nsIURI* aContentLocation, nsILoadInfo* aLoadInfo, 77 bool aReportError, int16_t* aDecision); 78 static void AccumulateMixedContentHSTS( 79 nsIURI* aURI, bool aActive, const OriginAttributes& aOriginAttributes); 80 81 static bool URISafeToBeLoadedInSecureContext(nsIURI* aURI); 82 83 static void OnPrefChange(const char* aPref, void* aClosure); 84 static void GetSecureContextAllowList(nsACString& aList); 85 static void Shutdown(); 86 87 static bool sSecurecontextAllowlistCached; 88 static nsCString* sSecurecontextAllowlist; 89 }; 90 91 #endif /* nsMixedContentBlocker_h___ */