2015-05-03 19:32:37 +00:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
2014-09-24 05:03:20 +00:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
#include "InternalRequest.h"
|
|
|
|
|
|
|
|
#include "nsIContentPolicy.h"
|
|
|
|
#include "nsIDocument.h"
|
2015-02-20 01:24:24 +00:00
|
|
|
#include "nsStreamUtils.h"
|
2014-09-24 05:03:20 +00:00
|
|
|
|
|
|
|
#include "mozilla/ErrorResult.h"
|
|
|
|
#include "mozilla/dom/ScriptSettings.h"
|
|
|
|
#include "mozilla/dom/workers/Workers.h"
|
|
|
|
|
|
|
|
#include "WorkerPrivate.h"
|
|
|
|
|
|
|
|
namespace mozilla {
|
|
|
|
namespace dom {
|
|
|
|
|
|
|
|
// The global is used to extract the principal.
|
|
|
|
already_AddRefed<InternalRequest>
|
|
|
|
InternalRequest::GetRequestConstructorCopy(nsIGlobalObject* aGlobal, ErrorResult& aRv) const
|
|
|
|
{
|
2015-10-18 05:24:48 +00:00
|
|
|
RefPtr<InternalRequest> copy = new InternalRequest();
|
2014-09-24 05:03:20 +00:00
|
|
|
copy->mURL.Assign(mURL);
|
|
|
|
copy->SetMethod(mMethod);
|
2014-10-02 17:59:20 +00:00
|
|
|
copy->mHeaders = new InternalHeaders(*mHeaders);
|
2015-01-07 23:50:54 +00:00
|
|
|
copy->SetUnsafeRequest();
|
2014-09-24 05:03:20 +00:00
|
|
|
|
|
|
|
copy->mBodyStream = mBodyStream;
|
2015-01-07 23:50:54 +00:00
|
|
|
copy->mForceOriginHeader = true;
|
|
|
|
// The "client" is not stored in our implementation. Fetch API users should
|
|
|
|
// use the appropriate window/document/principal and other Gecko security
|
|
|
|
// mechanisms as appropriate.
|
|
|
|
copy->mSameOriginDataURL = true;
|
2014-09-24 05:03:20 +00:00
|
|
|
copy->mPreserveContentCodings = true;
|
2015-01-07 23:50:54 +00:00
|
|
|
// The default referrer is already about:client.
|
2014-09-24 05:03:20 +00:00
|
|
|
|
2015-01-27 23:43:09 +00:00
|
|
|
copy->mContentPolicyType = nsIContentPolicy::TYPE_FETCH;
|
2014-09-24 05:03:20 +00:00
|
|
|
copy->mMode = mMode;
|
|
|
|
copy->mCredentialsMode = mCredentialsMode;
|
2015-01-08 00:24:40 +00:00
|
|
|
copy->mCacheMode = mCacheMode;
|
2015-08-31 21:26:29 +00:00
|
|
|
copy->mRedirectMode = mRedirectMode;
|
2015-03-27 10:47:00 +00:00
|
|
|
copy->mCreatedByFetchEvent = mCreatedByFetchEvent;
|
2014-09-24 05:03:20 +00:00
|
|
|
return copy.forget();
|
|
|
|
}
|
|
|
|
|
2015-02-20 01:24:24 +00:00
|
|
|
already_AddRefed<InternalRequest>
|
|
|
|
InternalRequest::Clone()
|
|
|
|
{
|
2015-10-18 05:24:48 +00:00
|
|
|
RefPtr<InternalRequest> clone = new InternalRequest(*this);
|
2015-02-20 01:24:24 +00:00
|
|
|
|
|
|
|
if (!mBodyStream) {
|
|
|
|
return clone.forget();
|
|
|
|
}
|
|
|
|
|
|
|
|
nsCOMPtr<nsIInputStream> clonedBody;
|
|
|
|
nsCOMPtr<nsIInputStream> replacementBody;
|
|
|
|
|
|
|
|
nsresult rv = NS_CloneInputStream(mBodyStream, getter_AddRefs(clonedBody),
|
|
|
|
getter_AddRefs(replacementBody));
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) { return nullptr; }
|
|
|
|
|
|
|
|
clone->mBodyStream.swap(clonedBody);
|
|
|
|
if (replacementBody) {
|
|
|
|
mBodyStream.swap(replacementBody);
|
|
|
|
}
|
|
|
|
|
|
|
|
return clone.forget();
|
|
|
|
}
|
|
|
|
|
|
|
|
InternalRequest::InternalRequest(const InternalRequest& aOther)
|
|
|
|
: mMethod(aOther.mMethod)
|
|
|
|
, mURL(aOther.mURL)
|
|
|
|
, mHeaders(new InternalHeaders(*aOther.mHeaders))
|
|
|
|
, mContentPolicyType(aOther.mContentPolicyType)
|
|
|
|
, mReferrer(aOther.mReferrer)
|
|
|
|
, mMode(aOther.mMode)
|
|
|
|
, mCredentialsMode(aOther.mCredentialsMode)
|
|
|
|
, mResponseTainting(aOther.mResponseTainting)
|
|
|
|
, mCacheMode(aOther.mCacheMode)
|
2015-08-31 21:26:29 +00:00
|
|
|
, mRedirectMode(aOther.mRedirectMode)
|
2015-02-20 01:24:24 +00:00
|
|
|
, mAuthenticationFlag(aOther.mAuthenticationFlag)
|
|
|
|
, mForceOriginHeader(aOther.mForceOriginHeader)
|
|
|
|
, mPreserveContentCodings(aOther.mPreserveContentCodings)
|
|
|
|
, mSameOriginDataURL(aOther.mSameOriginDataURL)
|
|
|
|
, mSandboxedStorageAreaURLs(aOther.mSandboxedStorageAreaURLs)
|
|
|
|
, mSkipServiceWorker(aOther.mSkipServiceWorker)
|
|
|
|
, mSynchronous(aOther.mSynchronous)
|
|
|
|
, mUnsafeRequest(aOther.mUnsafeRequest)
|
|
|
|
, mUseURLCredentials(aOther.mUseURLCredentials)
|
2015-03-27 10:47:00 +00:00
|
|
|
, mCreatedByFetchEvent(aOther.mCreatedByFetchEvent)
|
2015-02-20 01:24:24 +00:00
|
|
|
{
|
|
|
|
// NOTE: does not copy body stream... use the fallible Clone() for that
|
|
|
|
}
|
|
|
|
|
2014-09-24 05:03:20 +00:00
|
|
|
InternalRequest::~InternalRequest()
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
2015-03-25 20:38:42 +00:00
|
|
|
void
|
|
|
|
InternalRequest::SetContentPolicyType(nsContentPolicyType aContentPolicyType)
|
|
|
|
{
|
|
|
|
mContentPolicyType = aContentPolicyType;
|
2015-06-15 20:12:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* static */
|
|
|
|
RequestContext
|
|
|
|
InternalRequest::MapContentPolicyTypeToRequestContext(nsContentPolicyType aContentPolicyType)
|
|
|
|
{
|
|
|
|
RequestContext context = RequestContext::Internal;
|
2015-03-25 20:38:42 +00:00
|
|
|
switch (aContentPolicyType) {
|
|
|
|
case nsIContentPolicy::TYPE_OTHER:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Internal;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
2015-06-17 01:21:08 +00:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_SCRIPT:
|
2015-09-20 21:55:44 +00:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_SCRIPT_PRELOAD:
|
2015-09-11 22:48:43 +00:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Script;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
2015-06-17 01:21:08 +00:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_WORKER:
|
|
|
|
context = RequestContext::Worker;
|
|
|
|
break;
|
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER:
|
|
|
|
context = RequestContext::Sharedworker;
|
|
|
|
break;
|
2015-09-20 21:55:44 +00:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_IMAGE:
|
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_IMAGE_PRELOAD:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Image;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
2015-09-20 21:55:44 +00:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_STYLESHEET:
|
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_STYLESHEET_PRELOAD:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Style;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
2015-07-18 15:51:00 +00:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_OBJECT:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Object;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
2015-07-18 15:51:00 +00:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_EMBED:
|
|
|
|
context = RequestContext::Embed;
|
|
|
|
break;
|
2015-03-25 20:38:42 +00:00
|
|
|
case nsIContentPolicy::TYPE_DOCUMENT:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Internal;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
2015-07-13 21:06:53 +00:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_IFRAME:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Iframe;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
2015-07-13 21:06:53 +00:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_FRAME:
|
|
|
|
context = RequestContext::Frame;
|
|
|
|
break;
|
2015-03-25 20:38:42 +00:00
|
|
|
case nsIContentPolicy::TYPE_REFRESH:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Internal;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
|
|
|
case nsIContentPolicy::TYPE_XBL:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Internal;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
|
|
|
case nsIContentPolicy::TYPE_PING:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Ping;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
2015-08-06 18:17:24 +00:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_XMLHTTPREQUEST:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Xmlhttprequest;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
2015-08-06 18:17:24 +00:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_EVENTSOURCE:
|
|
|
|
context = RequestContext::Eventsource;
|
|
|
|
break;
|
2015-03-25 20:38:42 +00:00
|
|
|
case nsIContentPolicy::TYPE_OBJECT_SUBREQUEST:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Plugin;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
|
|
|
case nsIContentPolicy::TYPE_DTD:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Internal;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
|
|
|
case nsIContentPolicy::TYPE_FONT:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Font;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
2015-06-15 20:45:27 +00:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_AUDIO:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Audio;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
2015-06-15 20:45:27 +00:00
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_VIDEO:
|
|
|
|
context = RequestContext::Video;
|
|
|
|
break;
|
|
|
|
case nsIContentPolicy::TYPE_INTERNAL_TRACK:
|
|
|
|
context = RequestContext::Track;
|
|
|
|
break;
|
2015-03-25 20:38:42 +00:00
|
|
|
case nsIContentPolicy::TYPE_WEBSOCKET:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Internal;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
|
|
|
case nsIContentPolicy::TYPE_CSP_REPORT:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Cspreport;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
|
|
|
case nsIContentPolicy::TYPE_XSLT:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Xslt;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
|
|
|
case nsIContentPolicy::TYPE_BEACON:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Beacon;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
|
|
|
case nsIContentPolicy::TYPE_FETCH:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Fetch;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
|
|
|
case nsIContentPolicy::TYPE_IMAGESET:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Imageset;
|
2015-03-25 20:38:42 +00:00
|
|
|
break;
|
2015-06-02 19:42:19 +00:00
|
|
|
case nsIContentPolicy::TYPE_WEB_MANIFEST:
|
2015-06-15 20:12:45 +00:00
|
|
|
context = RequestContext::Manifest;
|
2015-06-02 19:42:19 +00:00
|
|
|
break;
|
2015-03-25 20:38:42 +00:00
|
|
|
default:
|
|
|
|
MOZ_ASSERT(false, "Unhandled nsContentPolicyType value");
|
|
|
|
break;
|
|
|
|
}
|
2015-06-15 20:12:45 +00:00
|
|
|
return context;
|
2015-03-25 20:38:42 +00:00
|
|
|
}
|
|
|
|
|
2015-09-01 14:58:34 +00:00
|
|
|
// static
|
2015-07-14 20:11:26 +00:00
|
|
|
bool
|
2015-09-01 14:58:34 +00:00
|
|
|
InternalRequest::IsNavigationContentPolicy(nsContentPolicyType aContentPolicyType)
|
2015-07-14 20:11:26 +00:00
|
|
|
{
|
|
|
|
// https://fetch.spec.whatwg.org/#navigation-request-context
|
|
|
|
//
|
|
|
|
// A navigation request context is one of "form", "frame", "hyperlink",
|
|
|
|
// "iframe", "internal" (as long as context frame type is not "none"),
|
|
|
|
// "location", "metarefresh", and "prerender".
|
|
|
|
//
|
2015-09-01 14:58:34 +00:00
|
|
|
// Note, all of these request types are effectively initiated by nsDocShell.
|
|
|
|
//
|
|
|
|
// The TYPE_REFRESH is used in some code paths for metarefresh, but will not
|
|
|
|
// be seen during the actual load. Instead the new load gets a normal
|
|
|
|
// nsDocShell policy type. We include it here in case this utility method
|
|
|
|
// is called before the load starts.
|
|
|
|
return aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT ||
|
|
|
|
aContentPolicyType == nsIContentPolicy::TYPE_SUBDOCUMENT ||
|
|
|
|
aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_FRAME ||
|
|
|
|
aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_IFRAME ||
|
|
|
|
aContentPolicyType == nsIContentPolicy::TYPE_REFRESH;
|
2015-07-14 20:11:26 +00:00
|
|
|
}
|
|
|
|
|
2015-09-01 14:58:34 +00:00
|
|
|
// static
|
2015-07-14 20:11:26 +00:00
|
|
|
bool
|
2015-09-01 14:58:34 +00:00
|
|
|
InternalRequest::IsWorkerContentPolicy(nsContentPolicyType aContentPolicyType)
|
2015-07-14 20:11:26 +00:00
|
|
|
{
|
|
|
|
// https://fetch.spec.whatwg.org/#worker-request-context
|
|
|
|
//
|
|
|
|
// A worker request context is one of "serviceworker", "sharedworker", and
|
|
|
|
// "worker".
|
|
|
|
//
|
|
|
|
// Note, service workers are not included here because currently there is
|
|
|
|
// no way to generate a Request with a "serviceworker" RequestContext.
|
|
|
|
// ServiceWorker scripts cannot be intercepted.
|
2015-09-01 14:58:34 +00:00
|
|
|
return aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_WORKER ||
|
|
|
|
aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
InternalRequest::IsNavigationRequest() const
|
|
|
|
{
|
|
|
|
return IsNavigationContentPolicy(mContentPolicyType);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
InternalRequest::IsWorkerRequest() const
|
|
|
|
{
|
|
|
|
return IsWorkerContentPolicy(mContentPolicyType);
|
2015-07-14 20:11:26 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
InternalRequest::IsClientRequest() const
|
|
|
|
{
|
|
|
|
return IsNavigationRequest() || IsWorkerRequest();
|
|
|
|
}
|
|
|
|
|
2015-09-01 14:58:34 +00:00
|
|
|
// static
|
|
|
|
RequestMode
|
|
|
|
InternalRequest::MapChannelToRequestMode(nsIChannel* aChannel)
|
|
|
|
{
|
|
|
|
MOZ_ASSERT(aChannel);
|
|
|
|
|
|
|
|
nsCOMPtr<nsILoadInfo> loadInfo;
|
|
|
|
MOZ_ALWAYS_TRUE(NS_SUCCEEDED(aChannel->GetLoadInfo(getter_AddRefs(loadInfo))));
|
|
|
|
|
|
|
|
// RequestMode deviates from our internal security mode for navigations.
|
|
|
|
// While navigations normally allow cross origin we must set a same-origin
|
|
|
|
// RequestMode to get the correct service worker interception restrictions
|
|
|
|
// in place.
|
|
|
|
// TODO: remove the worker override once securityMode is fully implemented (bug 1189945)
|
|
|
|
nsContentPolicyType contentPolicy = loadInfo->InternalContentPolicyType();
|
|
|
|
if (IsNavigationContentPolicy(contentPolicy) ||
|
|
|
|
IsWorkerContentPolicy(contentPolicy)) {
|
|
|
|
return RequestMode::Same_origin;
|
|
|
|
}
|
|
|
|
|
|
|
|
uint32_t securityMode;
|
|
|
|
MOZ_ALWAYS_TRUE(NS_SUCCEEDED(loadInfo->GetSecurityMode(&securityMode)));
|
|
|
|
|
|
|
|
switch(securityMode) {
|
|
|
|
case nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS:
|
|
|
|
case nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED:
|
|
|
|
return RequestMode::Same_origin;
|
|
|
|
case nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS:
|
|
|
|
case nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL:
|
|
|
|
return RequestMode::No_cors;
|
|
|
|
case nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS:
|
|
|
|
// TODO: Check additional flag force-preflight after bug 1199693 (bug 1189945)
|
|
|
|
return RequestMode::Cors;
|
|
|
|
default:
|
|
|
|
// TODO: assert never reached after CorsMode flag removed (bug 1189945)
|
|
|
|
MOZ_ASSERT(securityMode == nsILoadInfo::SEC_NORMAL);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO: remove following code once securityMode is fully implemented (bug 1189945)
|
|
|
|
|
|
|
|
// We only support app:// protocol interception in non-release builds.
|
|
|
|
#ifndef RELEASE_BUILD
|
|
|
|
nsCOMPtr<nsIJARChannel> jarChannel = do_QueryInterface(aChannel);
|
|
|
|
if (jarChannel) {
|
|
|
|
return RequestMode::No_cors;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
nsCOMPtr<nsIHttpChannelInternal> httpChannel = do_QueryInterface(aChannel);
|
|
|
|
|
|
|
|
uint32_t corsMode;
|
|
|
|
MOZ_ALWAYS_TRUE(NS_SUCCEEDED(httpChannel->GetCorsMode(&corsMode)));
|
|
|
|
|
|
|
|
// This cast is valid due to static asserts in ServiceWorkerManager.cpp.
|
|
|
|
return static_cast<RequestMode>(corsMode);
|
|
|
|
}
|
|
|
|
|
2014-09-24 05:03:20 +00:00
|
|
|
} // namespace dom
|
|
|
|
} // namespace mozilla
|