wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1143922 - Add AsyncOpen2 to nsIChannel and perform security checks when opening a channel - loadinfo changes (r=sicking,tanvi,sworkman)

Browse Source
This commit is contained in:
Christoph Kerschbaumer 2015-07-19 19:11:57 -07:00
parent 78faf086ba
commit 03cd461c06
5 changed files with 224 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ipc/glue/BackgroundUtils.cpp
View File

@ -261,6 +261,8 @@ LoadInfoToLoadInfoArgs(nsILoadInfo *aLoadInfo,
aLoadInfo->GetInnerWindowID(),
aLoadInfo->GetOuterWindowID(),
aLoadInfo->GetParentOuterWindowID(),
aLoadInfo->GetEnforceSecurity(),
aLoadInfo->GetInitialSecurityCheckDone(),
redirectChain);
return NS_OK;
@ -303,6 +305,8 @@ LoadInfoArgsToLoadInfo(const OptionalLoadInfoArgs& aOptionalLoadInfoArgs,
loadInfoArgs.innerWindowID(),
loadInfoArgs.outerWindowID(),
loadInfoArgs.parentOuterWindowID(),
loadInfoArgs.enforceSecurity(),
loadInfoArgs.initialSecurityCheckDone(),
redirectChain);
loadInfo.forget(outLoadInfo);

71
netwerk/base/LoadInfo.cpp
View File

@ -37,6 +37,8 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
, mInnerWindowID(0)
, mOuterWindowID(0)
, mParentOuterWindowID(0)
, mEnforceSecurity(false)
, mInitialSecurityCheckDone(false)
{
MOZ_ASSERT(mLoadingPrincipal);
MOZ_ASSERT(mTriggeringPrincipal);
@ -91,6 +93,8 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
uint64_t aInnerWindowID,
uint64_t aOuterWindowID,
uint64_t aParentOuterWindowID,
bool aEnforceSecurity,
bool aInitialSecurityCheckDone,
nsTArray<nsCOMPtr<nsIPrincipal>>& aRedirectChain)
: mLoadingPrincipal(aLoadingPrincipal)
, mTriggeringPrincipal(aTriggeringPrincipal)
@ -100,6 +104,8 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
, mInnerWindowID(aInnerWindowID)
, mOuterWindowID(aOuterWindowID)
, mParentOuterWindowID(aParentOuterWindowID)
, mEnforceSecurity(aEnforceSecurity)
, mInitialSecurityCheckDone(aInitialSecurityCheckDone)
{
MOZ_ASSERT(mLoadingPrincipal);
MOZ_ASSERT(mTriggeringPrincipal);
@ -164,6 +170,26 @@ LoadInfo::GetSecurityFlags(nsSecurityFlags* aResult)
return NS_OK;
}
NS_IMETHODIMP
LoadInfo::GetSecurityMode(uint32_t *aFlags)
{
*aFlags = (mSecurityFlags &
(nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS |
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED |
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS |
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL |
nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS));
return NS_OK;
}
NS_IMETHODIMP
LoadInfo::GetRequireCorsWithCredentials(bool* aResult)
{
*aResult =
(mSecurityFlags & nsILoadInfo::SEC_REQUIRE_CORS_WITH_CREDENTIALS);
return NS_OK;
}
NS_IMETHODIMP
LoadInfo::GetForceInheritPrincipal(bool* aInheritPrincipal)
{
@ -179,6 +205,14 @@ LoadInfo::GetLoadingSandboxed(bool* aLoadingSandboxed)
return NS_OK;
}
NS_IMETHODIMP
LoadInfo::GetAboutBlankInherits(bool* aResult)
{
*aResult =
(mSecurityFlags & nsILoadInfo::SEC_ABOUT_BLANK_INHERITS);
return NS_OK;
}
NS_IMETHODIMP
LoadInfo::GetContentPolicyType(nsContentPolicyType* aResult)
{
@ -234,6 +268,43 @@ LoadInfo::GetParentOuterWindowID(uint64_t* aResult)
return NS_OK;
}
NS_IMETHODIMP
LoadInfo::SetEnforceSecurity(bool aEnforceSecurity)
{
// Indicates whether the channel was openend using AsyncOpen2. Once set
// to true, it must remain true throughout the lifetime of the channel.
// Setting it to anything else than true will be discarded.
MOZ_ASSERT(aEnforceSecurity, "aEnforceSecurity must be true");
mEnforceSecurity = mEnforceSecurity || aEnforceSecurity;
return NS_OK;
}
NS_IMETHODIMP
LoadInfo::GetEnforceSecurity(bool* aResult)
{
*aResult = mEnforceSecurity;
return NS_OK;
}
NS_IMETHODIMP
LoadInfo::SetInitialSecurityCheckDone(bool aInitialSecurityCheckDone)
{
// Indicates whether the channel was ever evaluated by the
// ContentSecurityManager. Once set to true, this flag must
// remain true throughout the lifetime of the channel.
// Setting it to anything else than true will be discarded.
MOZ_ASSERT(aInitialSecurityCheckDone, "aInitialSecurityCheckDone must be true");
mInitialSecurityCheckDone = mInitialSecurityCheckDone || aInitialSecurityCheckDone;
return NS_OK;
}
NS_IMETHODIMP
LoadInfo::GetInitialSecurityCheckDone(bool* aResult)
{
*aResult = mInitialSecurityCheckDone;
return NS_OK;
}
NS_IMETHODIMP
LoadInfo::AppendRedirectedPrincipal(nsIPrincipal* aPrincipal)
{

24
netwerk/base/LoadInfo.h
View File

@ -64,6 +64,8 @@ private:
uint64_t aInnerWindowID,
uint64_t aOuterWindowID,
uint64_t aParentOuterWindowID,
bool aEnforceSecurity,
bool aInitialSecurityCheckDone,
nsTArray<nsCOMPtr<nsIPrincipal>>& aRedirectChain);
friend nsresult
@ -73,16 +75,18 @@ private:
~LoadInfo();
nsCOMPtr<nsIPrincipal> mLoadingPrincipal;
nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
nsWeakPtr mLoadingContext;
nsSecurityFlags mSecurityFlags;
nsContentPolicyType mContentPolicyType;
nsCOMPtr<nsIURI> mBaseURI;
bool mUpgradeInsecureRequests;
uint64_t mInnerWindowID;
uint64_t mOuterWindowID;
uint64_t mParentOuterWindowID;
nsCOMPtr<nsIPrincipal> mLoadingPrincipal;
nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
nsWeakPtr mLoadingContext;
nsSecurityFlags mSecurityFlags;
nsContentPolicyType mContentPolicyType;
nsCOMPtr<nsIURI> mBaseURI;
bool mUpgradeInsecureRequests;
uint64_t mInnerWindowID;
uint64_t mOuterWindowID;
uint64_t mParentOuterWindowID;
bool mEnforceSecurity;
bool mInitialSecurityCheckDone;
nsTArray<nsCOMPtr<nsIPrincipal>> mRedirectChain;
};

136
netwerk/base/nsILoadInfo.idl
View File

@ -23,7 +23,7 @@ typedef unsigned long nsSecurityFlags;
/**
* An nsILoadOwner represents per-load information about who started the load.
*/
[scriptable, builtinclass, uuid(5c724690-7ba9-49c4-af9c-c9c4f6776871)]
[scriptable, builtinclass, uuid(cc51498e-f8f8-469d-85ba-6dcba17027e4)]
interface nsILoadInfo : nsISupports
{
/**
@ -31,6 +31,64 @@ interface nsILoadInfo : nsISupports
*/
const unsigned long SEC_NORMAL = 0;
/**
* The following five flags determine the security mode and hence what kind of
* security checks should be performed throughout the lifetime of the channel.
*
* * SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS
* * SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED
* * SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS
* * SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL
* * SEC_REQUIRE_CORS_DATA_INHERITS
*
* Exactly one of these flags are required to be set in order to allow
* the channel to perform the correct security checks (SOP, CORS, ...) and
* return the correct result principal. If none or more than one of these
* flags are set AsyncOpen2 will fail.
*/
/*
* Enforce the same origin policy where data: loads inherit
* the principal.
*/
const unsigned long SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS = (1<<0);
/*
* Enforce the same origin policy but data: loads are blocked.
*/
const unsigned long SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED = (1<<1);
/**
* Allow loads from other origins. Loads from data: will inherit
* the principal of the origin that triggered the load.
* Commonly used by plain <img>, <video>, <link rel=stylesheet> etc.
*/
const unsigned long SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS = (1<<2);
/**
* Allow loads from other origins. Loads from data: will be allowed,
* but the resulting resource will get a null principal.
* Used in blink/webkit for <iframe>s. Likely also the mode
* that should be used by most Chrome code.
*/
const unsigned long SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL = (1<<3);
/**
* Allow loads from any origin, but require CORS for cross-origin
* loads. Loads from data: are allowed and the result will inherit
* the principal of the origin that triggered the load.
* Commonly used by <img crossorigin>, <video crossorigin>,
* XHR, fetch(), etc.
*/
const unsigned long SEC_REQUIRE_CORS_DATA_INHERITS = (1<<4);
/**
* Use this flag in addition to SEC_REQUIRE_CORS_DATA_INHERITS
* to make cross-origin CORS loads happen with credentials
* (such as cookies and client side certs).
*/
const unsigned long SEC_REQUIRE_CORS_WITH_CREDENTIALS = (1<<5);
/**
* Force inheriting of the Principal. The resulting resource will use the
* principal of the document which is doing the load. Setting this flag
@ -46,7 +104,7 @@ interface nsILoadInfo : nsISupports
*
* This flag can not be used together with SEC_SANDBOXED.
*/
const unsigned long SEC_FORCE_INHERIT_PRINCIPAL = 0x01;
const unsigned long SEC_FORCE_INHERIT_PRINCIPAL = (1<<6);
/**
* Sandbox the load. The resulting resource will use a freshly created
@ -58,7 +116,12 @@ interface nsILoadInfo : nsISupports
*
* This flag can not be used together with SEC_FORCE_INHERIT_PRINCIPAL.
*/
const unsigned long SEC_SANDBOXED = 0x02;
const unsigned long SEC_SANDBOXED = (1<<7);
/**
* Inherit the Principal for about:blank.
*/
const unsigned long SEC_ABOUT_BLANK_INHERITS = (1<<8);
/**
* The loadingPrincipal is the principal that is responsible for the load.
@ -143,6 +206,17 @@ interface nsILoadInfo : nsISupports
}
%}
/**
* Allows to query only the security mode bits from above.
*/
[infallible] readonly attribute unsigned long securityMode;
/**
* Determines whether credentials are sent with CORS requests.
* Using this flag requires SEC_REQUIRE_CORS_DATA_INHERITS also to be set.
*/
[infallible] readonly attribute boolean requireCorsWithCredentials;
/**
* If forceInheritPrincipal is true, the data coming from the channel should
* use loadingPrincipal for its principal, even when the data is loaded over
@ -158,6 +232,12 @@ interface nsILoadInfo : nsISupports
*/
[infallible] readonly attribute boolean loadingSandboxed;
/**
* If aboutBlankInherits is true, then about:blank should inherit
* the principal.
*/
[infallible] readonly attribute boolean aboutBlankInherits;
/**
* The external contentPolicyType of the channel, used for security checks
* like Mixed Content Blocking and Content Security Policy.
@ -266,6 +346,56 @@ interface nsILoadInfo : nsISupports
}
%}
/**
* Whenever a channel is openend by asyncOpen2() [or also open2()],
* lets set this flag so that redirects of such channels are also
* openend using asyncOpen2() [open2()].
*
* Please note, once the flag is set to true it must remain true
* throughout the lifetime of the channel. Trying to set it
* to anything else than true will be discareded.
*
*/
attribute bool enforceSecurity;
%{ C++
inline bool GetEnforceSecurity()
{
bool result;
mozilla::DebugOnly<nsresult> rv = GetEnforceSecurity(&result);
MOZ_ASSERT(NS_SUCCEEDED(rv));
return result;
}
%}
/**
* Whenever a channel is evaluated by the ContentSecurityManager
* the first time, we set this flag to true to indicate that
* subsequent calls of AsyncOpen2() do not have to enforce all
* security checks again. E.g., after a redirect there is no
* need to set up CORS again. We need this separate flag
* because the redirectChain might also contain internal
* redirects which might pollute the redirectChain so we can't
* rely on the size of the redirectChain-array to query whether
* a channel got redirected or not.
*
* Please note, once the flag is set to true it must remain true
* throughout the lifetime of the channel. Trying to set it
* to anything else than true will be discareded.
*
*/
attribute bool initialSecurityCheckDone;
%{ C++
inline bool GetInitialSecurityCheckDone()
{
bool result;
mozilla::DebugOnly<nsresult> rv = GetInitialSecurityCheckDone(&result);
MOZ_ASSERT(NS_SUCCEEDED(rv));
return result;
}
%}
/**
* Whenever a channel gets redirected, append the principal of the
* channel [before the channels got redirected] to the loadinfo,

2
netwerk/ipc/NeckoChannelParams.ipdlh
View File

@ -34,6 +34,8 @@ struct LoadInfoArgs
uint64_t innerWindowID;
uint64_t outerWindowID;
uint64_t parentOuterWindowID;
bool enforceSecurity;
bool initialSecurityCheckDone;
PrincipalInfo[] redirectChain;
};