Bug 1165162 - Make OriginAttributes a dictionary, and make it accessible as both a jsval and a canonical string. r=gabor,r=bholley,sr=sicking

caps/BasePrincipal.cpp

@@ -10,13 +10,32 @@
 #include "nsIObjectOutputStream.h"
 #include "nsScriptSecurityManager.h"
 
+#include "mozilla/dom/ToJSValue.h"
+
 namespace mozilla {
 
+void
+BasePrincipal::OriginAttributes::CreateSuffix(nsACString& aStr)
+{
+  aStr.Truncate();
+  MOZ_RELEASE_ASSERT(mAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID);
+  int attrCount = 0;
+
+  if (mAppId != nsIScriptSecurityManager::NO_APP_ID) {
+    aStr.Append(attrCount++ ? "&appId=" : "!appId=");
+    aStr.AppendInt(mAppId);
+  }
+
+  if (mInBrowser) {
+    aStr.Append(attrCount++ ? "&inBrowser=1" : "!inBrowser=1");
+  }
+}
+
 void
 BasePrincipal::OriginAttributes::Serialize(nsIObjectOutputStream* aStream) const
 {
   aStream->Write32(mAppId);
-  aStream->WriteBoolean(mIsInBrowserElement);
+  aStream->WriteBoolean(mInBrowser);
 }
 
 nsresult
@@ -25,7 +44,7 @@ BasePrincipal::OriginAttributes::Deserialize(nsIObjectInputStream* aStream)
   nsresult rv = aStream->Read32(&mAppId);
   NS_ENSURE_SUCCESS(rv, rv);
 
-  rv = aStream->ReadBoolean(&mIsInBrowserElement);
+  rv = aStream->ReadBoolean(&mInBrowser);
   NS_ENSURE_SUCCESS(rv, rv);
 
   return NS_OK;
@@ -104,6 +123,22 @@ BasePrincipal::GetJarPrefix(nsACString& aJarPrefix)
   return NS_OK;
 }
 
+NS_IMETHODIMP
+BasePrincipal::GetOriginAttributes(JSContext* aCx, JS::MutableHandle<JS::Value> aVal)
+{
+  if (NS_WARN_IF(!ToJSValue(aCx, mOriginAttributes, aVal))) {
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+BasePrincipal::GetOriginSuffix(nsACString& aOriginAttributes)
+{
+  mOriginAttributes.CreateSuffix(aOriginAttributes);
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 BasePrincipal::GetAppStatus(uint16_t* aAppStatus)
 {

caps/BasePrincipal.h

@@ -11,6 +11,8 @@
 #include "nsIScriptSecurityManager.h"
 #include "nsJSPrincipals.h"
 
+#include "mozilla/dom/SystemDictionariesBinding.h"
+
 class nsIObjectOutputStream;
 class nsIObjectInputStream;
 
@@ -39,6 +41,8 @@ public:
   NS_IMETHOD SetCsp(nsIContentSecurityPolicy* aCsp) override;
   NS_IMETHOD GetIsNullPrincipal(bool* aIsNullPrincipal) override;
   NS_IMETHOD GetJarPrefix(nsACString& aJarPrefix) final;
+  NS_IMETHOD GetOriginAttributes(JSContext* aCx, JS::MutableHandle<JS::Value> aVal) final;
+  NS_IMETHOD GetOriginSuffix(nsACString& aOriginSuffix) final;
   NS_IMETHOD GetAppStatus(uint16_t* aAppStatus) final;
   NS_IMETHOD GetAppId(uint32_t* aAppStatus) final;
   NS_IMETHOD GetIsInBrowserElement(bool* aIsInBrowserElement) final;
@@ -48,33 +52,36 @@ public:
 
   static BasePrincipal* Cast(nsIPrincipal* aPrin) { return static_cast<BasePrincipal*>(aPrin); }
 
-  struct OriginAttributes {
-    // NB: If you add any members here, you need to update Serialize/Deserialize
-    // and bump the CIDs of all the principal implementations that invoke those
-    // methods.
-    uint32_t mAppId;
-    bool mIsInBrowserElement;
+  struct OriginAttributes : public dom::OriginAttributesDictionary {
+    OriginAttributes() {}
+    OriginAttributes(uint32_t aAppId, bool aInBrowser)
+    {
+      mAppId = aAppId;
+      mInBrowser = aInBrowser;
+    }
 
-    OriginAttributes() : mAppId(nsIScriptSecurityManager::NO_APP_ID), mIsInBrowserElement(false) {}
-    OriginAttributes(uint32_t aAppId, bool aIsInBrowserElement)
-      : mAppId(aAppId), mIsInBrowserElement(aIsInBrowserElement) {}
     bool operator==(const OriginAttributes& aOther) const
     {
       return mAppId == aOther.mAppId &&
-             mIsInBrowserElement == aOther.mIsInBrowserElement;
+             mInBrowser == aOther.mInBrowser;
     }
     bool operator!=(const OriginAttributes& aOther) const
     {
       return !(*this == aOther);
     }
 
+    // Serializes non-default values into the suffix format, i.e.
+    // |!key1=value1&key2=value2|. If there are no non-default attributes, this
+    // returns an empty string.
+    void CreateSuffix(nsACString& aStr);
+
     void Serialize(nsIObjectOutputStream* aStream) const;
     nsresult Deserialize(nsIObjectInputStream* aStream);
   };
 
   const OriginAttributes& OriginAttributesRef() { return mOriginAttributes; }
   uint32_t AppId() const { return mOriginAttributes.mAppId; }
-  bool IsInBrowserElement() const { return mOriginAttributes.mIsInBrowserElement; }
+  bool IsInBrowserElement() const { return mOriginAttributes.mInBrowser; }
 
 protected:
   virtual ~BasePrincipal() {}

caps/nsIPrincipal.idl

@@ -20,7 +20,7 @@ interface nsIContentSecurityPolicy;
 [ptr] native JSPrincipals(JSPrincipals);
 [ptr] native PrincipalArray(nsTArray<nsCOMPtr<nsIPrincipal> >);
 
-[scriptable, builtinclass, uuid(7e024afa-afd4-48e7-ba11-1c7b9620b1b2)]
+[scriptable, builtinclass, uuid(74fb6760-4ae7-4ec7-8ac7-06817c60a93a)]
 interface nsIPrincipal : nsISerializable
 {
     /**
@@ -157,6 +157,37 @@ interface nsIPrincipal : nsISerializable
      */
     readonly attribute AUTF8String jarPrefix;
 
+    /**
+     * A dictionary of the non-default origin attributes associated with this
+     * nsIPrincipal.
+     *
+     * Attributes are tokens that are taken into account when determining whether
+     * two principals are same-origin - if any attributes differ, the principals
+     * are cross-origin, even if the scheme, host, and port are the same.
+     * Attributes should also be considered for all security and bucketing decisions,
+     * even those which make non-standard comparisons (like cookies, which ignore
+     * scheme, or quotas, which ignore subdomains).
+     *
+     * If you're looking for an easy-to-use canonical stringification of the origin
+     * attributes, see |originSuffix| below.
+     */
+    [implicit_jscontext]
+    readonly attribute jsval originAttributes;
+
+    /**
+     * A string of the form !key1=value1&key2=value2, where each pair represents
+     * an attribute with a non-default value. If all attributes have default
+     * values, this is the empty string.
+     *
+     * The value of .originSuffix is automatically serialized into .origin, so any
+     * consumers using that are automatically origin-attribute-aware. Consumers with
+     * special requirements must inspect and compare .originSuffix manually.
+     *
+     * originsuffix are intended to be a replacement for jarPrefix, which will
+     * eventually be removed.
+     */
+    readonly attribute AUTF8String originSuffix;
+
     /**
      * The base domain of the codebase URI to which this principal pertains
      * (generally the document URI), handling null principals and

dom/webidl/SystemDictionaries.webidl

@@ -0,0 +1,22 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * Copyright © 2012 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C
+ * liability, trademark and document use rules apply.
+ */
+
+/*
+ * Used by principals and the script security manager to represent origin
+ * attributes.
+ *
+ * IMPORTANT: If you add any members here, you need to update the
+ * CreateSuffix, Serialize, and Deserialize implementations in BasePrincipal,
+ * and bump the CIDs of all the principal implementations that invoke those
+ * methods.
+ */
+dictionary OriginAttributesDictionary {
+  unsigned long appId = 0;
+  boolean inBrowser = false;
+};

dom/webidl/moz.build

@@ -509,6 +509,7 @@ WEBIDL_FILES = [
     'SVGViewElement.webidl',
     'SVGZoomAndPan.webidl',
     'SVGZoomEvent.webidl',
+    'SystemDictionaries.webidl',
     'Telephony.webidl',
     'TelephonyCall.webidl',
     'TelephonyCallGroup.webidl',