Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-12-01 00:32:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
a94c9b3808
gecko-dev/dom/security/nsContentSecurityManager.h
Sean Feng 6acee53f6c Bug 1731778 - Implement COEP: credentialless r=smaug,necko-reviewers,kershaw 
Spec: https://html.spec.whatwg.org/multipage/#coep:coep-credentialless

Credentialless is a new cross-origin embedder policy which allows us
to not enforcing CORP when loading cross-origin resources while
providing SharedArrayBuffer.

There are two main things involved here:
  1. Fetching cross-origin no-CORS resources omits credentials
     - This is done by applying `LOAD_ANONYMOUS` flag to the request
  2. Other requests sent with credentials require the server's explicit
  permission through the CORS protocol or the CORS header
     - This is done by expanding `ProcessCrossOriginResourcePolicyHeader`
     function to apply the necessary checks.

Differential Revision: https://phabricator.services.mozilla.com/D147802
2022-06-27 17:07:15 +00:00

90 lines
3.8 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef nsContentSecurityManager_h___
#define nsContentSecurityManager_h___
#include "mozilla/CORSMode.h"
#include "nsIContentSecurityManager.h"
#include "nsIChannel.h"
#include "nsIChannelEventSink.h"
#include "nsILoadInfo.h"
class nsILoadInfo;
class nsIStreamListener;
#define NS_CONTENTSECURITYMANAGER_CONTRACTID \
"@mozilla.org/contentsecuritymanager;1"
// cdcc1ab8-3cea-4e6c-a294-a651fa35227f
#define NS_CONTENTSECURITYMANAGER_CID \
{ \
0xcdcc1ab8, 0x3cea, 0x4e6c, { \
0xa2, 0x94, 0xa6, 0x51, 0xfa, 0x35, 0x22, 0x7f \
} \
}
class nsContentSecurityManager : public nsIContentSecurityManager,
public nsIChannelEventSink {
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICONTENTSECURITYMANAGER
NS_DECL_NSICHANNELEVENTSINK
nsContentSecurityManager() = default;
static nsresult doContentSecurityCheck(
nsIChannel* aChannel, nsCOMPtr<nsIStreamListener>& aInAndOutListener);
static bool AllowTopLevelNavigationToDataURI(nsIChannel* aChannel);
static bool AllowInsecureRedirectToDataURI(nsIChannel* aNewChannel);
static void MeasureUnexpectedPrivilegedLoads(nsILoadInfo* aLoadInfo,
nsIURI* aFinalURI,
const nsACString& aRemoteType);
enum CORSSecurityMapping {
// Disables all CORS checking overriding the value of aCORSMode. All checks
// are disabled even when CORSMode::CORS_ANONYMOUS or
// CORSMode::CORS_USE_CREDENTIALS is passed. This is mostly used for chrome
// code, where we don't need security checks. See
// SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL for the detailed explanation
// of the security mode.
DISABLE_CORS_CHECKS,
// Disables all CORS checking on CORSMode::CORS_NONE. The other two CORS
// modes CORSMode::CORS_ANONYMOUS and CORSMode::CORS_USE_CREDENTIALS are
// respected.
CORS_NONE_MAPS_TO_DISABLED_CORS_CHECKS,
// Allow load from any origin, but cross-origin requests require CORS. See
// SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT. Like above the other two
// CORS modes are unaffected and get parsed.
CORS_NONE_MAPS_TO_INHERITED_CONTEXT,
// Always require the server to acknowledge the request via CORS.
// CORSMode::CORS_NONE is parsed as if CORSMode::CORS_ANONYMOUS is passed.
REQUIRE_CORS_CHECKS,
};
// computes the security flags for the requested CORS mode
// @param aCORSSecurityMapping: See CORSSecurityMapping for variant
// descriptions
static nsSecurityFlags ComputeSecurityFlags(
mozilla::CORSMode aCORSMode, CORSSecurityMapping aCORSSecurityMapping);
static void GetSerializedOrigin(nsIPrincipal* aOrigin,
nsIPrincipal* aResourceOrigin,
nsACString& aResult, nsILoadInfo* aLoadInfo);
private:
static nsresult CheckChannel(nsIChannel* aChannel);
static nsresult CheckFTPSubresourceLoad(nsIChannel* aChannel);
static nsresult CheckAllowLoadInSystemPrivilegedContext(nsIChannel* aChannel);
static nsresult CheckAllowLoadInPrivilegedAboutContext(nsIChannel* aChannel);
static nsresult CheckChannelHasProtocolSecurityFlag(nsIChannel* aChannel);
static bool CrossOriginEmbedderPolicyAllowsCredentials(nsIChannel* aChannel);
virtual ~nsContentSecurityManager() = default;
};
#endif /* nsContentSecurityManager_h___ */
Reference in New Issue View Git Blame Copy Permalink