mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-01-15 22:44:13 +00:00
01ff0bf93f
Also, in many place, we use document uri as referrer. It is not right for the case srdoc iframe. We should use the last non-srdoc parent document's uri Differential Revision: https://phabricator.services.mozilla.com/D30191 --HG-- rename : testing/web-platform/tests/referrer-policy/generic/iframe-inheritance.html => testing/web-platform/tests/referrer-policy/generic/inheritance/iframe-inheritance-data.html rename : testing/web-platform/tests/referrer-policy/generic/iframe-inheritance.html => testing/web-platform/tests/referrer-policy/generic/inheritance/iframe-inheritance-srcdoc.html extra : moz-landing-system : lando
940 lines
28 KiB
C++
940 lines
28 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "nsIClassInfoImpl.h"
|
|
#include "nsICookieService.h"
|
|
#include "nsIHttpChannel.h"
|
|
#include "nsIObjectInputStream.h"
|
|
#include "nsIObjectOutputStream.h"
|
|
#include "nsIURIFixup.h"
|
|
#include "nsIURL.h"
|
|
#include "nsIURIMutator.h"
|
|
|
|
#include "nsWhitespaceTokenizer.h"
|
|
#include "nsAlgorithm.h"
|
|
#include "nsContentUtils.h"
|
|
#include "ReferrerInfo.h"
|
|
|
|
#include "mozilla/AntiTrackingCommon.h"
|
|
#include "mozilla/net/CookieSettings.h"
|
|
#include "mozilla/net/HttpBaseChannel.h"
|
|
#include "mozilla/dom/Element.h"
|
|
|
|
static mozilla::LazyLogModule gReferrerInfoLog("ReferrerInfo");
|
|
#define LOG(msg) MOZ_LOG(gReferrerInfoLog, mozilla::LogLevel::Debug, msg)
|
|
#define LOG_ENABLED() MOZ_LOG_TEST(gReferrerInfoLog, mozilla::LogLevel::Debug)
|
|
|
|
using namespace mozilla::net;
|
|
|
|
namespace mozilla {
|
|
namespace dom {
|
|
|
|
// Implementation of ClassInfo is required to serialize/deserialize
|
|
NS_IMPL_CLASSINFO(ReferrerInfo, nullptr, nsIClassInfo::MAIN_THREAD_ONLY,
|
|
REFERRERINFO_CID)
|
|
|
|
NS_IMPL_ISUPPORTS_CI(ReferrerInfo, nsIReferrerInfo, nsISerializable)
|
|
|
|
#define DEFAULT_RP 3
|
|
#define DEFAULT_TRACKER_RP 3
|
|
#define DEFAULT_PRIVATE_RP 2
|
|
#define DEFAULT_TRACKER_PRIVATE_RP 2
|
|
|
|
#define MAX_REFERRER_SENDING_POLICY 2
|
|
#define MAX_CROSS_ORIGIN_SENDING_POLICY 2
|
|
#define MAX_TRIMMING_POLICY 2
|
|
|
|
#define MIN_REFERRER_SENDING_POLICY 0
|
|
#define MIN_CROSS_ORIGIN_SENDING_POLICY 0
|
|
#define MIN_TRIMMING_POLICY 0
|
|
|
|
static uint32_t sDefaultRp = DEFAULT_RP;
|
|
static uint32_t sDefaultTrackerRp = DEFAULT_TRACKER_RP;
|
|
static uint32_t defaultPrivateRp = DEFAULT_PRIVATE_RP;
|
|
static uint32_t defaultTrackerPrivateRp = DEFAULT_TRACKER_PRIVATE_RP;
|
|
|
|
static bool sUserSpoofReferrerSource = false;
|
|
static bool sUserHideOnionReferrerSource = false;
|
|
static uint32_t sUserReferrerSendingPolicy = 0;
|
|
static uint32_t sUserXOriginSendingPolicy = 0;
|
|
static uint32_t sUserTrimmingPolicy = 0;
|
|
static uint32_t sUserXOriginTrimmingPolicy = 0;
|
|
|
|
static void CachePreferrenceValue() {
|
|
static bool sPrefCached = false;
|
|
if (sPrefCached) {
|
|
return;
|
|
}
|
|
|
|
Preferences::AddBoolVarCache(&sUserSpoofReferrerSource,
|
|
"network.http.referer.spoofSource");
|
|
Preferences::AddBoolVarCache(&sUserHideOnionReferrerSource,
|
|
"network.http.referer.hideOnionSource");
|
|
Preferences::AddUintVarCache(&sUserReferrerSendingPolicy,
|
|
"network.http.sendRefererHeader");
|
|
sUserReferrerSendingPolicy =
|
|
clamped<uint32_t>(sUserReferrerSendingPolicy, MIN_REFERRER_SENDING_POLICY,
|
|
MAX_REFERRER_SENDING_POLICY);
|
|
|
|
Preferences::AddUintVarCache(&sUserXOriginSendingPolicy,
|
|
"network.http.referer.XOriginPolicy");
|
|
sUserXOriginSendingPolicy = clamped<uint32_t>(
|
|
sUserXOriginSendingPolicy, MIN_CROSS_ORIGIN_SENDING_POLICY,
|
|
MAX_CROSS_ORIGIN_SENDING_POLICY);
|
|
|
|
Preferences::AddUintVarCache(&sUserTrimmingPolicy,
|
|
"network.http.referer.trimmingPolicy");
|
|
sUserTrimmingPolicy = clamped<uint32_t>(
|
|
sUserTrimmingPolicy, MIN_TRIMMING_POLICY, MAX_TRIMMING_POLICY);
|
|
|
|
Preferences::AddUintVarCache(&sUserXOriginTrimmingPolicy,
|
|
"network.http.referer.XOriginTrimmingPolicy");
|
|
sUserXOriginTrimmingPolicy = clamped<uint32_t>(
|
|
sUserXOriginTrimmingPolicy, MIN_TRIMMING_POLICY, MAX_TRIMMING_POLICY);
|
|
|
|
Preferences::AddUintVarCache(
|
|
&sDefaultRp, "network.http.referer.defaultPolicy", DEFAULT_RP);
|
|
Preferences::AddUintVarCache(&sDefaultTrackerRp,
|
|
"network.http.referer.defaultPolicy.trackers",
|
|
DEFAULT_TRACKER_RP);
|
|
Preferences::AddUintVarCache(&defaultPrivateRp,
|
|
"network.http.referer.defaultPolicy.pbmode",
|
|
DEFAULT_PRIVATE_RP);
|
|
Preferences::AddUintVarCache(
|
|
&defaultTrackerPrivateRp,
|
|
"network.http.referer.defaultPolicy.trackers.pbmode",
|
|
DEFAULT_TRACKER_PRIVATE_RP);
|
|
|
|
sPrefCached = true;
|
|
}
|
|
|
|
/* static */
|
|
bool ReferrerInfo::HideOnionReferrerSource() {
|
|
CachePreferrenceValue();
|
|
return sUserHideOnionReferrerSource;
|
|
}
|
|
|
|
/* static */
|
|
uint32_t ReferrerInfo::GetDefaultReferrerPolicy(nsIHttpChannel* aChannel,
|
|
nsIURI* aURI,
|
|
bool privateBrowsing) {
|
|
CachePreferrenceValue();
|
|
bool thirdPartyTrackerIsolated = false;
|
|
nsCOMPtr<nsILoadInfo> loadInfo;
|
|
if (aChannel) {
|
|
loadInfo = aChannel->LoadInfo();
|
|
}
|
|
nsCOMPtr<nsICookieSettings> cs;
|
|
if (loadInfo) {
|
|
Unused << loadInfo->GetCookieSettings(getter_AddRefs(cs));
|
|
}
|
|
if (!cs) {
|
|
cs = net::CookieSettings::Create();
|
|
}
|
|
if (aChannel && aURI && cs->GetRejectThirdPartyTrackers()) {
|
|
uint32_t rejectedReason = 0;
|
|
thirdPartyTrackerIsolated =
|
|
!AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
|
|
aChannel, aURI, &rejectedReason);
|
|
// Here we intentionally do not notify about the rejection reason, if any
|
|
// in order to avoid this check to have any visible side-effects (e.g. a
|
|
// web console report.)
|
|
}
|
|
|
|
uint32_t defaultToUse;
|
|
if (thirdPartyTrackerIsolated) {
|
|
if (privateBrowsing) {
|
|
defaultToUse = defaultTrackerPrivateRp;
|
|
} else {
|
|
defaultToUse = sDefaultTrackerRp;
|
|
}
|
|
} else {
|
|
if (privateBrowsing) {
|
|
defaultToUse = defaultPrivateRp;
|
|
} else {
|
|
defaultToUse = sDefaultRp;
|
|
}
|
|
}
|
|
|
|
switch (defaultToUse) {
|
|
case DefaultReferrerPolicy::eDefaultPolicyNoReferrer:
|
|
return nsIHttpChannel::REFERRER_POLICY_NO_REFERRER;
|
|
case DefaultReferrerPolicy::eDefaultPolicySameOrgin:
|
|
return nsIHttpChannel::REFERRER_POLICY_SAME_ORIGIN;
|
|
case DefaultReferrerPolicy::eDefaultPolicyStrictWhenXorigin:
|
|
return nsIHttpChannel::REFERRER_POLICY_STRICT_ORIGIN_WHEN_XORIGIN;
|
|
}
|
|
|
|
return nsIHttpChannel::REFERRER_POLICY_NO_REFERRER_WHEN_DOWNGRADE;
|
|
}
|
|
|
|
/* static */
|
|
bool ReferrerInfo::IsReferrerSchemeAllowed(nsIURI* aReferrer) {
|
|
NS_ENSURE_TRUE(aReferrer, false);
|
|
|
|
nsAutoCString scheme;
|
|
nsresult rv = aReferrer->GetScheme(scheme);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return false;
|
|
}
|
|
|
|
return scheme.EqualsIgnoreCase("https") || scheme.EqualsIgnoreCase("http") ||
|
|
scheme.EqualsIgnoreCase("ftp");
|
|
}
|
|
|
|
/* static */
|
|
bool ReferrerInfo::ShouldResponseInheritReferrerInfo(nsIChannel* aChannel) {
|
|
if (!aChannel) {
|
|
return false;
|
|
}
|
|
|
|
nsCOMPtr<nsIURI> channelURI;
|
|
nsresult rv = aChannel->GetURI(getter_AddRefs(channelURI));
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
bool isAbout =
|
|
(NS_SUCCEEDED(channelURI->SchemeIs("about", &isAbout)) && isAbout);
|
|
if (!isAbout) {
|
|
return false;
|
|
}
|
|
|
|
nsAutoCString aboutSpec;
|
|
rv = channelURI->GetSpec(aboutSpec);
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
return aboutSpec.EqualsLiteral("about:srcdoc");
|
|
}
|
|
|
|
nsresult ReferrerInfo::HandleSecureToInsecureReferral(nsIURI* aURI,
|
|
bool& aAllowed) const {
|
|
NS_ENSURE_ARG(aURI);
|
|
|
|
aAllowed = false;
|
|
bool referrerIsHttpsScheme;
|
|
nsresult rv = mOriginalReferrer->SchemeIs("https", &referrerIsHttpsScheme);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
if (!referrerIsHttpsScheme) {
|
|
aAllowed = true;
|
|
return NS_OK;
|
|
}
|
|
|
|
bool uriIsHttpsScheme;
|
|
rv = aURI->SchemeIs("https", &uriIsHttpsScheme);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
// It's ok to send referrer for https-to-http scenarios if the referrer
|
|
// policy is "unsafe-url", "origin", or "origin-when-cross-origin".
|
|
// in other referrer policies, https->http is not allowed...
|
|
|
|
if (mPolicy != nsIHttpChannel::REFERRER_POLICY_UNSAFE_URL &&
|
|
mPolicy != nsIHttpChannel::REFERRER_POLICY_ORIGIN_WHEN_XORIGIN &&
|
|
mPolicy != nsIHttpChannel::REFERRER_POLICY_ORIGIN && !uriIsHttpsScheme) {
|
|
return NS_OK;
|
|
}
|
|
|
|
aAllowed = true;
|
|
return NS_OK;
|
|
}
|
|
|
|
nsresult ReferrerInfo::HandleUserXOriginSendingPolicy(nsIURI* aURI,
|
|
nsIURI* aReferrer,
|
|
bool& aAllowed) const {
|
|
NS_ENSURE_ARG(aURI);
|
|
aAllowed = false;
|
|
|
|
nsAutoCString uriHost;
|
|
nsAutoCString referrerHost;
|
|
|
|
nsresult rv = aURI->GetAsciiHost(uriHost);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
rv = aReferrer->GetAsciiHost(referrerHost);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
// Send an empty referrer if xorigin and leaving a .onion domain.
|
|
if (sUserHideOnionReferrerSource && !uriHost.Equals(referrerHost) &&
|
|
StringEndsWith(referrerHost, NS_LITERAL_CSTRING(".onion"))) {
|
|
return NS_OK;
|
|
}
|
|
|
|
switch (sUserXOriginSendingPolicy) {
|
|
// Check policy for sending referrer only when hosts match
|
|
case XOriginSendingPolicy::ePolicySendWhenSameHost: {
|
|
if (!uriHost.Equals(referrerHost)) {
|
|
return NS_OK;
|
|
}
|
|
break;
|
|
}
|
|
|
|
case XOriginSendingPolicy::ePolicySendWhenSameDomain: {
|
|
nsCOMPtr<nsIEffectiveTLDService> eTLDService =
|
|
do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
|
|
if (!eTLDService) {
|
|
// check policy for sending only when effective top level domain
|
|
// matches. this falls back on using host if eTLDService does not work
|
|
if (!uriHost.Equals(referrerHost)) {
|
|
return NS_OK;
|
|
}
|
|
break;
|
|
}
|
|
|
|
nsAutoCString uriDomain;
|
|
nsAutoCString referrerDomain;
|
|
uint32_t extraDomains = 0;
|
|
|
|
rv = eTLDService->GetBaseDomain(aURI, extraDomains, uriDomain);
|
|
if (rv == NS_ERROR_HOST_IS_IP_ADDRESS ||
|
|
rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) {
|
|
// uri is either an IP address, an alias such as 'localhost', an eTLD
|
|
// such as 'co.uk', or the empty string. Uses the normalized host in
|
|
// such cases.
|
|
rv = aURI->GetAsciiHost(uriDomain);
|
|
}
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
rv = eTLDService->GetBaseDomain(aReferrer, extraDomains, referrerDomain);
|
|
if (rv == NS_ERROR_HOST_IS_IP_ADDRESS ||
|
|
rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) {
|
|
// referrer is either an IP address, an alias such as 'localhost', an
|
|
// eTLD such as 'co.uk', or the empty string. Uses the normalized host
|
|
// in such cases.
|
|
rv = aReferrer->GetAsciiHost(referrerDomain);
|
|
}
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
if (!uriDomain.Equals(referrerDomain)) {
|
|
return NS_OK;
|
|
}
|
|
break;
|
|
}
|
|
|
|
default:
|
|
break;
|
|
}
|
|
|
|
aAllowed = true;
|
|
return NS_OK;
|
|
}
|
|
|
|
nsresult ReferrerInfo::HandleUserReferrerSendingPolicy(nsIHttpChannel* aChannel,
|
|
bool& aAllowed) const {
|
|
aAllowed = false;
|
|
uint32_t referrerSendingPolicy;
|
|
uint32_t loadFlags;
|
|
nsresult rv = aChannel->GetLoadFlags(&loadFlags);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
if (loadFlags & nsIHttpChannel::LOAD_INITIAL_DOCUMENT_URI) {
|
|
referrerSendingPolicy = ReferrerSendingPolicy::ePolicySendWhenUserTrigger;
|
|
} else {
|
|
referrerSendingPolicy = ReferrerSendingPolicy::ePolicySendInlineContent;
|
|
}
|
|
if (sUserReferrerSendingPolicy < referrerSendingPolicy) {
|
|
return NS_OK;
|
|
}
|
|
|
|
aAllowed = true;
|
|
return NS_OK;
|
|
}
|
|
|
|
bool ReferrerInfo::IsCrossOriginRequest(nsIHttpChannel* aChannel) const {
|
|
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
|
|
|
|
nsCOMPtr<nsIURI> triggeringURI;
|
|
loadInfo->TriggeringPrincipal()->GetURI(getter_AddRefs(triggeringURI));
|
|
|
|
if (!triggeringURI) {
|
|
LOG(("no triggering URI via loadInfo, assuming load is cross-origin"));
|
|
return true;
|
|
}
|
|
|
|
if (LOG_ENABLED()) {
|
|
nsAutoCString triggeringURISpec;
|
|
triggeringURI->GetAsciiSpec(triggeringURISpec);
|
|
LOG(("triggeringURI=%s\n", triggeringURISpec.get()));
|
|
}
|
|
|
|
nsCOMPtr<nsIURI> uri;
|
|
nsresult rv = aChannel->GetURI(getter_AddRefs(uri));
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return true;
|
|
}
|
|
|
|
nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
|
|
bool isPrivateWin = loadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
|
|
|
|
rv = ssm->CheckSameOriginURI(triggeringURI, uri, false, isPrivateWin);
|
|
return (NS_FAILED(rv));
|
|
}
|
|
|
|
ReferrerInfo::TrimmingPolicy ReferrerInfo::ComputeTrimmingPolicy(
|
|
nsIHttpChannel* aChannel) const {
|
|
uint32_t trimmingPolicy = sUserTrimmingPolicy;
|
|
|
|
switch (mPolicy) {
|
|
case nsIHttpChannel::REFERRER_POLICY_ORIGIN:
|
|
case nsIHttpChannel::REFERRER_POLICY_STRICT_ORIGIN:
|
|
trimmingPolicy = TrimmingPolicy::ePolicySchemeHostPort;
|
|
break;
|
|
|
|
case nsIHttpChannel::REFERRER_POLICY_ORIGIN_WHEN_XORIGIN:
|
|
case nsIHttpChannel::REFERRER_POLICY_STRICT_ORIGIN_WHEN_XORIGIN:
|
|
if (trimmingPolicy != TrimmingPolicy::ePolicySchemeHostPort &&
|
|
IsCrossOriginRequest(aChannel)) {
|
|
// Ignore set trimmingPolicy if it is already the strictest
|
|
// policy.
|
|
trimmingPolicy = TrimmingPolicy::ePolicySchemeHostPort;
|
|
}
|
|
break;
|
|
|
|
// This function is called when a nonempty referrer value is allowed to
|
|
// send. For the next 3 policies: same-origin, no-referrer-when-downgrade,
|
|
// unsafe-url, without trimming we should have a full uri. And the trimming
|
|
// policy only depends on user prefs.
|
|
case nsIHttpChannel::REFERRER_POLICY_SAME_ORIGIN:
|
|
case nsIHttpChannel::REFERRER_POLICY_NO_REFERRER_WHEN_DOWNGRADE:
|
|
case nsIHttpChannel::REFERRER_POLICY_UNSAFE_URL:
|
|
if (trimmingPolicy != TrimmingPolicy::ePolicySchemeHostPort) {
|
|
// Ignore set trimmingPolicy if it is already the strictest
|
|
// policy. Apply the user cross-origin trimming policy if it's more
|
|
// restrictive than the general one.
|
|
if (sUserXOriginTrimmingPolicy != TrimmingPolicy::ePolicyFullURI &&
|
|
IsCrossOriginRequest(aChannel)) {
|
|
trimmingPolicy = std::max(trimmingPolicy, sUserXOriginTrimmingPolicy);
|
|
}
|
|
}
|
|
break;
|
|
|
|
case nsIHttpChannel::REFERRER_POLICY_NO_REFERRER:
|
|
case nsIHttpChannel::REFERRER_POLICY_UNSET:
|
|
default:
|
|
MOZ_ASSERT_UNREACHABLE("Unexpected value");
|
|
break;
|
|
}
|
|
|
|
return static_cast<TrimmingPolicy>(trimmingPolicy);
|
|
}
|
|
|
|
nsresult ReferrerInfo::TrimReferrerWithPolicy(nsCOMPtr<nsIURI>& aReferrer,
|
|
TrimmingPolicy aTrimmingPolicy,
|
|
nsACString& aResult) const {
|
|
if (aTrimmingPolicy == TrimmingPolicy::ePolicyFullURI) {
|
|
// use the full URI
|
|
return aReferrer->GetAsciiSpec(aResult);
|
|
}
|
|
|
|
// All output strings start with: scheme+host+port
|
|
// We want the IDN-normalized PrePath. That's not something currently
|
|
// available and there doesn't yet seem to be justification for adding it to
|
|
// the interfaces, so just build it up ourselves from scheme+AsciiHostPort
|
|
nsAutoCString scheme, asciiHostPort;
|
|
nsresult rv = aReferrer->GetScheme(scheme);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
aResult = scheme;
|
|
aResult.AppendLiteral("://");
|
|
// Note we explicitly cleared UserPass above, so do not need to build it.
|
|
rv = aReferrer->GetAsciiHostPort(asciiHostPort);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
aResult.Append(asciiHostPort);
|
|
|
|
switch (aTrimmingPolicy) {
|
|
case TrimmingPolicy::ePolicySchemeHostPortPath: {
|
|
nsCOMPtr<nsIURL> url(do_QueryInterface(aReferrer));
|
|
if (url) {
|
|
nsAutoCString path;
|
|
rv = url->GetFilePath(path);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
aResult.Append(path);
|
|
rv = NS_MutateURI(url)
|
|
.SetQuery(EmptyCString())
|
|
.SetRef(EmptyCString())
|
|
.Finalize(aReferrer);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
break;
|
|
}
|
|
// No URL, so fall through to truncating the path and any query/ref off
|
|
// as well.
|
|
}
|
|
MOZ_FALLTHROUGH;
|
|
default: // (User Pref limited to [0,2])
|
|
case TrimmingPolicy::ePolicySchemeHostPort:
|
|
aResult.AppendLiteral("/");
|
|
// This nukes any query/ref present as well in the case of nsStandardURL
|
|
rv = NS_MutateURI(aReferrer)
|
|
.SetPathQueryRef(EmptyCString())
|
|
.Finalize(aReferrer);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
break;
|
|
}
|
|
|
|
return NS_OK;
|
|
}
|
|
ReferrerInfo::ReferrerInfo()
|
|
: mOriginalReferrer(nullptr),
|
|
mPolicy(mozilla::net::RP_Unset),
|
|
mSendReferrer(true),
|
|
mInitialized(false),
|
|
mOverridePolicyByDefault(false),
|
|
mComputedReferrer(Maybe<nsCString>()) {}
|
|
|
|
ReferrerInfo::ReferrerInfo(nsIURI* aOriginalReferrer, uint32_t aPolicy,
|
|
bool aSendReferrer,
|
|
const Maybe<nsCString>& aComputedReferrer)
|
|
: mOriginalReferrer(aOriginalReferrer),
|
|
mPolicy(aPolicy),
|
|
mSendReferrer(aSendReferrer),
|
|
mInitialized(true),
|
|
mOverridePolicyByDefault(false),
|
|
mComputedReferrer(aComputedReferrer) {}
|
|
|
|
ReferrerInfo::ReferrerInfo(const ReferrerInfo& rhs)
|
|
: mOriginalReferrer(rhs.mOriginalReferrer),
|
|
mPolicy(rhs.mPolicy),
|
|
mSendReferrer(rhs.mSendReferrer),
|
|
mInitialized(rhs.mInitialized),
|
|
mOverridePolicyByDefault(rhs.mOverridePolicyByDefault),
|
|
mComputedReferrer(rhs.mComputedReferrer) {}
|
|
|
|
already_AddRefed<nsIReferrerInfo> ReferrerInfo::Clone() const {
|
|
RefPtr<ReferrerInfo> copy(new ReferrerInfo(*this));
|
|
return copy.forget();
|
|
}
|
|
|
|
already_AddRefed<nsIReferrerInfo> ReferrerInfo::CloneWithNewPolicy(
|
|
uint32_t aPolicy) const {
|
|
RefPtr<ReferrerInfo> copy(new ReferrerInfo(*this));
|
|
copy->mPolicy = aPolicy;
|
|
return copy.forget();
|
|
}
|
|
|
|
already_AddRefed<nsIReferrerInfo> ReferrerInfo::CloneWithNewOriginalReferrer(
|
|
nsIURI* aOriginalReferrer) const {
|
|
RefPtr<ReferrerInfo> copy(new ReferrerInfo(*this));
|
|
copy->mOriginalReferrer = aOriginalReferrer;
|
|
return copy.forget();
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
ReferrerInfo::GetOriginalReferrer(nsIURI** aOriginalReferrer) {
|
|
*aOriginalReferrer = mOriginalReferrer;
|
|
NS_IF_ADDREF(*aOriginalReferrer);
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
ReferrerInfo::GetReferrerPolicy(uint32_t* aReferrerPolicy) {
|
|
*aReferrerPolicy = mPolicy;
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
ReferrerInfo::GetSendReferrer(bool* aSendReferrer) {
|
|
*aSendReferrer = mSendReferrer;
|
|
return NS_OK;
|
|
}
|
|
|
|
already_AddRefed<nsIURI> ReferrerInfo::GetComputedReferrer() {
|
|
if (!mComputedReferrer.isSome() || mComputedReferrer.value().IsEmpty()) {
|
|
return nullptr;
|
|
}
|
|
|
|
nsCOMPtr<nsIURI> result;
|
|
nsresult rv = NS_NewURI(getter_AddRefs(result), mComputedReferrer.value());
|
|
if (NS_FAILED(rv)) {
|
|
return nullptr;
|
|
}
|
|
|
|
return result.forget();
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
ReferrerInfo::Init(uint32_t aReferrerPolicy, bool aSendReferrer,
|
|
nsIURI* aOriginalReferrer) {
|
|
MOZ_ASSERT(!mInitialized);
|
|
if (mInitialized) {
|
|
return NS_ERROR_ALREADY_INITIALIZED;
|
|
};
|
|
|
|
mPolicy = aReferrerPolicy;
|
|
mSendReferrer = aSendReferrer;
|
|
mOriginalReferrer = aOriginalReferrer;
|
|
mInitialized = true;
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
ReferrerInfo::InitWithDocument(Document* aDocument) {
|
|
MOZ_ASSERT(!mInitialized);
|
|
if (mInitialized) {
|
|
return NS_ERROR_ALREADY_INITIALIZED;
|
|
};
|
|
|
|
mPolicy = aDocument->GetReferrerPolicy();
|
|
mSendReferrer = true;
|
|
mOriginalReferrer = aDocument->GetDocumentURIAsReferrer();
|
|
mInitialized = true;
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
ReferrerInfo::InitWithNode(nsINode* aNode) {
|
|
MOZ_ASSERT(!mInitialized);
|
|
if (mInitialized) {
|
|
return NS_ERROR_ALREADY_INITIALIZED;
|
|
};
|
|
|
|
// Referrer policy from referrerpolicy attribute will have a higher priority
|
|
// than referrer policy from <meta> tag and Referrer-Policy header.
|
|
GetReferrerPolicyFromAtribute(aNode, mPolicy);
|
|
if (mPolicy == mozilla::net::RP_Unset) {
|
|
// Fallback to use document's referrer poicy if we don't have referrer
|
|
// policy from attribute.
|
|
mPolicy = aNode->OwnerDoc()->GetReferrerPolicy();
|
|
}
|
|
|
|
mSendReferrer = !HasRelNoReferrer(aNode);
|
|
mOriginalReferrer = aNode->OwnerDoc()->GetDocumentURIAsReferrer();
|
|
|
|
mInitialized = true;
|
|
return NS_OK;
|
|
}
|
|
|
|
void ReferrerInfo::GetReferrerPolicyFromAtribute(nsINode* aNode,
|
|
uint32_t& aPolicy) const {
|
|
aPolicy = mozilla::net::RP_Unset;
|
|
mozilla::dom::Element* element = aNode->AsElement();
|
|
|
|
if (!element->IsAnyOfHTMLElements(nsGkAtoms::a, nsGkAtoms::area,
|
|
nsGkAtoms::script, nsGkAtoms::iframe,
|
|
nsGkAtoms::img)) {
|
|
return;
|
|
}
|
|
|
|
aPolicy = element->GetReferrerPolicyAsEnum();
|
|
}
|
|
|
|
bool ReferrerInfo::HasRelNoReferrer(nsINode* aNode) const {
|
|
mozilla::dom::Element* element = aNode->AsElement();
|
|
|
|
// rel=noreferrer is only support in <a> and <area>
|
|
if (!element->IsAnyOfHTMLElements(nsGkAtoms::a, nsGkAtoms::area)) {
|
|
return false;
|
|
}
|
|
|
|
nsAutoString rel;
|
|
element->GetAttr(kNameSpaceID_None, nsGkAtoms::rel, rel);
|
|
nsWhitespaceTokenizerTemplate<nsContentUtils::IsHTMLWhitespace> tok(rel);
|
|
|
|
while (tok.hasMoreTokens()) {
|
|
const nsAString& token = tok.nextToken();
|
|
if (token.LowerCaseEqualsLiteral("noreferrer")) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
nsresult ReferrerInfo::ComputeReferrer(nsIHttpChannel* aChannel) {
|
|
CachePreferrenceValue();
|
|
NS_ENSURE_ARG(aChannel);
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
// If the referrerInfo is passed around when redirect, just use the last
|
|
// computedReferrer to recompute
|
|
nsCOMPtr<nsIURI> referrer;
|
|
nsresult rv = NS_OK;
|
|
mOverridePolicyByDefault = false;
|
|
|
|
if (mComputedReferrer.isSome()) {
|
|
if (mComputedReferrer.value().IsEmpty()) {
|
|
return NS_OK;
|
|
}
|
|
|
|
rv = NS_NewURI(getter_AddRefs(referrer), mComputedReferrer.value());
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
}
|
|
|
|
mComputedReferrer.reset();
|
|
// Emplace mComputedReferrer with an empty string, which means we have
|
|
// computed the referrer and the result referrer value is empty (not send
|
|
// referrer). So any early return later than this line will use that empty
|
|
// referrer.
|
|
mComputedReferrer.emplace(EmptyCString());
|
|
|
|
if (!mSendReferrer || !mOriginalReferrer ||
|
|
mPolicy == nsIHttpChannel::REFERRER_POLICY_NO_REFERRER) {
|
|
return NS_OK;
|
|
}
|
|
|
|
if (mPolicy == nsIHttpChannel::REFERRER_POLICY_UNSET) {
|
|
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
|
|
OriginAttributes attrs = loadInfo->GetOriginAttributes();
|
|
bool isPrivate = attrs.mPrivateBrowsingId > 0;
|
|
|
|
nsCOMPtr<nsIURI> uri;
|
|
rv = aChannel->GetURI(getter_AddRefs(uri));
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
mPolicy = GetDefaultReferrerPolicy(aChannel, uri, isPrivate);
|
|
mOverridePolicyByDefault = true;
|
|
}
|
|
|
|
if (mPolicy == nsIHttpChannel::REFERRER_POLICY_NO_REFERRER) {
|
|
return NS_OK;
|
|
}
|
|
|
|
bool isUserReferrerSendingAllowed = false;
|
|
rv = HandleUserReferrerSendingPolicy(aChannel, isUserReferrerSendingAllowed);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
if (!isUserReferrerSendingAllowed) {
|
|
return NS_OK;
|
|
}
|
|
|
|
// Enforce Referrer whitelist, only http, https, ftp scheme are allowed
|
|
if (!IsReferrerSchemeAllowed(mOriginalReferrer)) {
|
|
return NS_OK;
|
|
}
|
|
|
|
nsCOMPtr<nsIURI> uri;
|
|
rv = aChannel->GetURI(getter_AddRefs(uri));
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
bool isSecureToInsecureAllowed = false;
|
|
rv = HandleSecureToInsecureReferral(uri, isSecureToInsecureAllowed);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
if (!isSecureToInsecureAllowed) {
|
|
return NS_OK;
|
|
}
|
|
|
|
// Don't send referrer when the request is cross-origin and policy is
|
|
// "same-origin".
|
|
if (mPolicy == nsIHttpChannel::REFERRER_POLICY_SAME_ORIGIN &&
|
|
IsCrossOriginRequest(aChannel)) {
|
|
return NS_OK;
|
|
}
|
|
|
|
// Strip away any fragment per RFC 2616 section 14.36
|
|
// and Referrer Policy section 6.3.5.
|
|
if (!referrer) {
|
|
rv = NS_GetURIWithoutRef(mOriginalReferrer, getter_AddRefs(referrer));
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
}
|
|
|
|
bool isUserXOriginAllowed = false;
|
|
rv = HandleUserXOriginSendingPolicy(uri, referrer, isUserXOriginAllowed);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
if (!isUserXOriginAllowed) {
|
|
return NS_OK;
|
|
}
|
|
|
|
// Handle user pref network.http.referer.spoofSource, send spoofed referrer if
|
|
// desired
|
|
if (sUserSpoofReferrerSource) {
|
|
nsCOMPtr<nsIURI> userSpoofReferrer;
|
|
rv = NS_GetURIWithoutRef(uri, getter_AddRefs(userSpoofReferrer));
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
referrer = userSpoofReferrer;
|
|
}
|
|
|
|
// strip away any userpass; we don't want to be giving out passwords ;-)
|
|
// This is required by Referrer Policy stripping algorithm.
|
|
nsCOMPtr<nsIURIFixup> urifixup = services::GetURIFixup();
|
|
if (NS_WARN_IF(!urifixup)) {
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
|
|
nsCOMPtr<nsIURI> exposableURI;
|
|
rv = urifixup->CreateExposableURI(referrer, getter_AddRefs(exposableURI));
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
referrer = exposableURI;
|
|
|
|
TrimmingPolicy trimmingPolicy = ComputeTrimmingPolicy(aChannel);
|
|
|
|
nsAutoCString referrerSpec;
|
|
rv = TrimReferrerWithPolicy(referrer, trimmingPolicy, referrerSpec);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
// finally, remember the referrer URI.
|
|
mComputedReferrer.reset();
|
|
mComputedReferrer.emplace(referrerSpec);
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
/* ===== nsISerializable implementation ====== */
|
|
|
|
NS_IMETHODIMP
|
|
ReferrerInfo::Read(nsIObjectInputStream* aStream) {
|
|
bool nonNull;
|
|
nsresult rv = aStream->ReadBoolean(&nonNull);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
if (nonNull) {
|
|
nsAutoCString spec;
|
|
nsresult rv = aStream->ReadCString(spec);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
rv = NS_NewURI(getter_AddRefs(mOriginalReferrer), spec);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
} else {
|
|
mOriginalReferrer = nullptr;
|
|
}
|
|
|
|
rv = aStream->Read32(&mPolicy);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
rv = aStream->ReadBoolean(&mSendReferrer);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
bool isComputed;
|
|
rv = aStream->ReadBoolean(&isComputed);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
if (isComputed) {
|
|
nsAutoCString computedReferrer;
|
|
rv = aStream->ReadCString(computedReferrer);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
mComputedReferrer.emplace(computedReferrer);
|
|
}
|
|
|
|
rv = aStream->ReadBoolean(&mInitialized);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
rv = aStream->ReadBoolean(&mOverridePolicyByDefault);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
ReferrerInfo::Write(nsIObjectOutputStream* aStream) {
|
|
bool nonNull = (mOriginalReferrer != nullptr);
|
|
nsresult rv = aStream->WriteBoolean(nonNull);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
if (nonNull) {
|
|
nsAutoCString spec;
|
|
nsresult rv = mOriginalReferrer->GetSpec(spec);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
rv = aStream->WriteStringZ(spec.get());
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
}
|
|
|
|
rv = aStream->Write32(mPolicy);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
rv = aStream->WriteBoolean(mSendReferrer);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
bool isComputed = mComputedReferrer.isSome();
|
|
rv = aStream->WriteBoolean(isComputed);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
if (isComputed) {
|
|
rv = aStream->WriteStringZ(mComputedReferrer.value().get());
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
}
|
|
|
|
rv = aStream->WriteBoolean(mInitialized);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
|
|
rv = aStream->WriteBoolean(mOverridePolicyByDefault);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
return rv;
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
} // namespace dom
|
|
} // namespace mozilla
|