/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* vim: set ts=8 sts=2 et sw=2 tw=80: */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
class ExpandedPrincipal; class mozIDOMWindow; class nsIChannel; class nsIReferrerInfo; class nsISupports; class nsIURI;
namespace mozilla {
class JSONWriter;
namespace dom { enumclass ReferrerPolicy : uint8_t;
}
namespace extensions { class WebExtensionPolicy; class WebExtensionPolicyCore;
} // namespace extensions
class BasePrincipal;
// Content principals (and content principals embedded within expanded // principals) stored in SiteIdentifier are guaranteed to contain only the // eTLD+1 part of the original domain. This is used to determine whether two // origins are same-site: if it's possible for two origins to access each other // (maybe after mutating document.domain), then they must have the same site // identifier. class SiteIdentifier { public: void Init(BasePrincipal* aPrincipal) {
MOZ_ASSERT(aPrincipal);
mPrincipal = aPrincipal;
}
/* * Base class from which all nsIPrincipal implementations inherit. Use this for * default implementations and other commonalities between principal * implementations. * * We should merge nsJSPrincipals into this class at some point.
*/ class BasePrincipal : public nsJSPrincipals { public: // Warning: this enum impacts Principal serialization into JSON format. // Only update if you know exactly what you are doing enum PrincipalKind {
eNullPrincipal = 0,
eContentPrincipal,
eExpandedPrincipal,
eSystemPrincipal,
eKindMax = eSystemPrincipal
};
// Method to write serializable fields which represent all of the fields to // deserialize the principal. virtual nsresult WriteJSONInnerProperties(JSONWriter& aWriter);
// This method may not create a content principal in case it's not possible to // generate a correct origin from the passed URI. If this happens, a // NullPrincipal is returned. // // If `aInitialDomain` is specified, and a ContentPrincipal is set, it will // initially have its domain set to the given value, without re-computing js // wrappers. Unlike `SetDomain()` this is safe to do off-main-thread.
// If this is an add-on content script principal, returns its AddonPolicy. // Otherwise returns null.
extensions::WebExtensionPolicy* ContentScriptAddonPolicy();
RefPtr<extensions::WebExtensionPolicyCore> ContentScriptAddonPolicyCore();
// Helper to check whether this principal is associated with an addon that // allows unprivileged code to load aURI. aExplicit == true will prevent // use of all_urls permission, requiring the domain in its permissions. bool AddonAllowsLoad(nsIURI* aURI, bool aExplicit = false);
// Call these to avoid the cost of virtual dispatch. inlinebool FastEquals(nsIPrincipal* aOther); inlinebool FastEqualsConsideringDomain(nsIPrincipal* aOther); inlinebool FastSubsumes(nsIPrincipal* aOther); inlinebool FastSubsumesConsideringDomain(nsIPrincipal* aOther); inlinebool FastSubsumesIgnoringFPD(nsIPrincipal* aOther); inlinebool FastSubsumesConsideringDomainIgnoringFPD(nsIPrincipal* aOther);
// Fast way to check whether we have a system principal. inlinebool IsSystemPrincipal() const;
// Returns the principal to inherit when a caller with this principal loads // the given URI. // // For most principal types, this returns the principal itself. For expanded // principals, it returns the first sub-principal which subsumes the given URI // (or, if no URI is given, the last allowlist principal).
nsIPrincipal* PrincipalToInherit(nsIURI* aRequestedURI = nullptr);
/* Returns true if this principal's CSP should override a document's CSP for * loads that it triggers. Currently true for expanded principals which * subsume the document principal, and add-on content principals regardless * of whether they subsume the document principal.
*/ bool OverridesCSP(nsIPrincipal* aDocumentPrincipal);
// Note that this does not check OriginAttributes. Callers that depend on // those must call Subsumes instead. virtualbool SubsumesInternal(nsIPrincipal* aOther,
DocumentDomainConsideration aConsider) = 0;
// Internal, side-effect-free check to determine whether the concrete // principal would allow the load ignoring any common behavior implemented in // BasePrincipal::CheckMayLoad. // // Safe to call from any thread, unlike CheckMayLoad. virtualbool MayLoadInternal(nsIURI* aURI) = 0; friendclass ::ExpandedPrincipal;
// Helper for implementing CheckMayLoad and CheckMayLoadWithReporting.
nsresult CheckMayLoadHelper(nsIURI* aURI, bool aAllowIfInheritsPrincipal, bool aReport, uint64_t aInnerWindowID);
// KeyValT holds a principal subtype-specific key value and the associated // parsed value after JSON parsing. template <typename SerializedKey> struct KeyValT {
static_assert(sizeof(SerializedKey) == 1, "SerializedKey should be a uint8_t");
SerializedKey key; bool valueWasSerialized;
nsCString value;
};
// Common base class for all Deserializer implementations in concrete // subclasses. Subclasses will initialize `mPrincipal` in `Read`, and then // calls to `QueryInterface` will QI on the target object. class Deserializer : public nsISerializable { public:
NS_DECL_ISUPPORTS
NS_IMETHOD Write(nsIObjectOutputStream* aStream) override;
auto other = Cast(aOther); if (Kind() != other->Kind()) { // Principals of different kinds can't be equal. returnfalse;
}
// Two principals are considered to be equal if their origins are the same. // If the two principals are content principals, their origin attributes // (aka the origin suffix) must also match. if (Kind() == eSystemPrincipal) { returnthis == other;
}
// If neither of the principals have document.domain set, we use the fast path // in Equals(). Otherwise, we fall back to the slow path below. auto other = Cast(aOther); if (!mHasExplicitDomain && !other->mHasExplicitDomain) { return FastEquals(aOther);
}
// Principals of different kinds can't be equal. if (Kind() != other->Kind()) { returnfalse;
}
// Only ContentPrincipals should have mHasExplicitDomain set to true, so test // that we haven't ended up here instead of FastEquals by mistake.
MOZ_ASSERT(IsContentPrincipal(), "Only content principals can set mHasExplicitDomain");
// If neither of the principals have document.domain set, we hand off to // FastSubsumes() which has fast paths for some special cases. Otherwise, we // fall back to the slow path below. if (!mHasExplicitDomain && !Cast(aOther)->mHasExplicitDomain) { return FastSubsumes(aOther);
}
¤ Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.0.16Bemerkung:
(vorverarbeitet)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
