mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-27 06:43:32 +00:00
56d4ea0812
Previously it was possible to bypass specific BCG selection based on cross-origin isolated status if the site was allowed to load file URIs using enterprise policies, which could lead to a crash. This patch changes the behaviour such that BCG selection now happens correctly. The site will still not be cross-origin isolated due to being loaded into a file content process. Differential Revision: https://phabricator.services.mozilla.com/D217007
113 lines
4.0 KiB
C++
113 lines
4.0 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef mozilla_dom_ProcessIsolation_h
|
|
#define mozilla_dom_ProcessIsolation_h
|
|
|
|
#include <stdint.h>
|
|
|
|
#include "mozilla/Logging.h"
|
|
#include "mozilla/dom/RemoteType.h"
|
|
#include "mozilla/dom/SessionHistoryEntry.h"
|
|
#include "mozilla/dom/WorkerPrivate.h"
|
|
#include "nsString.h"
|
|
#include "nsIPrincipal.h"
|
|
#include "nsIURI.h"
|
|
|
|
namespace mozilla::dom {
|
|
|
|
class CanonicalBrowsingContext;
|
|
class WindowGlobalParent;
|
|
|
|
extern mozilla::LazyLogModule gProcessIsolationLog;
|
|
|
|
constexpr nsLiteralCString kHighValueCOOPPermission = "highValueCOOP"_ns;
|
|
constexpr nsLiteralCString kHighValueHasSavedLoginPermission =
|
|
"highValueHasSavedLogin"_ns;
|
|
constexpr nsLiteralCString kHighValueIsLoggedInPermission =
|
|
"highValueIsLoggedIn"_ns;
|
|
|
|
// NavigationIsolationOptions is passed through the methods to store the state
|
|
// of the possible process and/or browsing context change.
|
|
struct NavigationIsolationOptions {
|
|
nsCString mRemoteType;
|
|
bool mReplaceBrowsingContext = false;
|
|
uint64_t mSpecificGroupId = 0;
|
|
bool mShouldCrossOriginIsolate = false;
|
|
bool mTryUseBFCache = false;
|
|
RefPtr<SessionHistoryEntry> mActiveSessionHistoryEntry;
|
|
};
|
|
|
|
/**
|
|
* Given a specific channel, determines which process the navigation should
|
|
* complete in, and whether or not to perform a BrowsingContext-replace load
|
|
* or enter the BFCache.
|
|
*
|
|
* This method will always return a `NavigationIsolationOptions` even if the
|
|
* current remote type is compatible. Compatibility with the current process
|
|
* should be checked at the call-site. An error should only be returned in
|
|
* exceptional circumstances, and should lead to the load being cancelled.
|
|
*
|
|
* This method is only intended for use with document navigations.
|
|
*/
|
|
Result<NavigationIsolationOptions, nsresult> IsolationOptionsForNavigation(
|
|
CanonicalBrowsingContext* aTopBC, WindowGlobalParent* aParentWindow,
|
|
nsIURI* aChannelCreationURI, nsIChannel* aChannel,
|
|
const nsACString& aCurrentRemoteType, bool aHasCOOPMismatch,
|
|
bool aForNewTab, uint32_t aLoadStateLoadType,
|
|
const Maybe<uint64_t>& aChannelId,
|
|
const Maybe<nsCString>& aRemoteTypeOverride);
|
|
|
|
// WorkerIsolationOptions is passed back to the RemoteWorkerManager to store the
|
|
// destination process information for remote worker loads.
|
|
struct WorkerIsolationOptions {
|
|
nsCString mRemoteType;
|
|
};
|
|
|
|
/**
|
|
* Given a specific worker principal and kind, determines which process the
|
|
* remote worker load should complete in.
|
|
*
|
|
* This method is only intended for use with remote workers.
|
|
*/
|
|
Result<WorkerIsolationOptions, nsresult> IsolationOptionsForWorker(
|
|
nsIPrincipal* aPrincipal, WorkerKind aWorkerKind,
|
|
const nsACString& aCurrentRemoteType, bool aUseRemoteSubframes);
|
|
|
|
/**
|
|
* Adds a `highValue` permission to the permissions database, and make loads of
|
|
* that origin isolated.
|
|
*
|
|
* The 'aPermissionType' parameter indicates why the site is treated as a high
|
|
* value site. The possible values are:
|
|
*
|
|
* kHighValueCOOPPermission
|
|
* Called when a document request responds with a
|
|
* `Cross-Origin-Opener-Policy` header.
|
|
*
|
|
* kHighValueHasSavedLoginPermission
|
|
* Called for sites that have an associated login saved in the password
|
|
* manager.
|
|
*
|
|
* kHighValueIsLoggedInPermission
|
|
* Called when we detect a form with a password is submitted.
|
|
*/
|
|
void AddHighValuePermission(nsIPrincipal* aResultPrincipal,
|
|
const nsACString& aPermissionType);
|
|
|
|
void AddHighValuePermission(const nsACString& aOrigin,
|
|
const nsACString& aPermissionType);
|
|
|
|
/**
|
|
* Returns true when fission is enabled and the
|
|
* `fission.webContentIsolationStrategy` pref is set to `IsolateHighValue`.
|
|
*/
|
|
bool IsIsolateHighValueSiteEnabled();
|
|
|
|
} // namespace mozilla::dom
|
|
|
|
#endif
|