summaryrefslogtreecommitdiffstats
path: root/dom/security/nsCSPContext.h
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/nsCSPContext.h')
-rw-r--r--dom/security/nsCSPContext.h164
1 files changed, 164 insertions, 0 deletions
diff --git a/dom/security/nsCSPContext.h b/dom/security/nsCSPContext.h
new file mode 100644
index 000000000..729f440ce
--- /dev/null
+++ b/dom/security/nsCSPContext.h
@@ -0,0 +1,164 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsCSPContext_h___
+#define nsCSPContext_h___
+
+#include "mozilla/dom/nsCSPUtils.h"
+#include "nsDataHashtable.h"
+#include "nsIChannel.h"
+#include "nsIChannelEventSink.h"
+#include "nsIClassInfo.h"
+#include "nsIContentSecurityPolicy.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsISerializable.h"
+#include "nsIStreamListener.h"
+#include "nsWeakReference.h"
+#include "nsXPCOM.h"
+
+#define NS_CSPCONTEXT_CONTRACTID "@mozilla.org/cspcontext;1"
+ // 09d9ed1a-e5d4-4004-bfe0-27ceb923d9ac
+#define NS_CSPCONTEXT_CID \
+{ 0x09d9ed1a, 0xe5d4, 0x4004, \
+ { 0xbf, 0xe0, 0x27, 0xce, 0xb9, 0x23, 0xd9, 0xac } }
+
+class nsINetworkInterceptController;
+struct ConsoleMsgQueueElem;
+
+class nsCSPContext : public nsIContentSecurityPolicy
+{
+ public:
+ NS_DECL_ISUPPORTS
+ NS_DECL_NSICONTENTSECURITYPOLICY
+ NS_DECL_NSISERIALIZABLE
+
+ protected:
+ virtual ~nsCSPContext();
+
+ public:
+ nsCSPContext();
+
+ /**
+ * SetRequestContext() needs to be called before the innerWindowID
+ * is initialized on the document. Use this function to call back to
+ * flush queued up console messages and initalize the innerWindowID.
+ */
+ void flushConsoleMessages();
+
+ void logToConsole(const char16_t* aName,
+ const char16_t** aParams,
+ uint32_t aParamsLength,
+ const nsAString& aSourceName,
+ const nsAString& aSourceLine,
+ uint32_t aLineNumber,
+ uint32_t aColumnNumber,
+ uint32_t aSeverityFlag);
+
+ nsresult SendReports(nsISupports* aBlockedContentSource,
+ nsIURI* aOriginalURI,
+ nsAString& aViolatedDirective,
+ uint32_t aViolatedPolicyIndex,
+ nsAString& aSourceFile,
+ nsAString& aScriptSample,
+ uint32_t aLineNum);
+
+ nsresult AsyncReportViolation(nsISupports* aBlockedContentSource,
+ nsIURI* aOriginalURI,
+ const nsAString& aViolatedDirective,
+ uint32_t aViolatedPolicyIndex,
+ const nsAString& aObserverSubject,
+ const nsAString& aSourceFile,
+ const nsAString& aScriptSample,
+ uint32_t aLineNum);
+
+ // Hands off! Don't call this method unless you know what you
+ // are doing. It's only supposed to be called from within
+ // the principal destructor to avoid a tangling pointer.
+ void clearLoadingPrincipal() {
+ mLoadingPrincipal = nullptr;
+ }
+
+ nsWeakPtr GetLoadingContext(){
+ return mLoadingContext;
+ }
+
+ private:
+ bool permitsInternal(CSPDirective aDir,
+ nsIURI* aContentLocation,
+ nsIURI* aOriginalURI,
+ const nsAString& aNonce,
+ bool aWasRedirected,
+ bool aIsPreload,
+ bool aSpecific,
+ bool aSendViolationReports,
+ bool aSendContentLocationInViolationReports,
+ bool aParserCreated);
+
+ // helper to report inline script/style violations
+ void reportInlineViolation(nsContentPolicyType aContentType,
+ const nsAString& aNonce,
+ const nsAString& aContent,
+ const nsAString& aViolatedDirective,
+ uint32_t aViolatedPolicyIndex,
+ uint32_t aLineNumber);
+
+ nsString mReferrer;
+ uint64_t mInnerWindowID; // used for web console logging
+ nsTArray<nsCSPPolicy*> mPolicies;
+ nsCOMPtr<nsIURI> mSelfURI;
+ nsDataHashtable<nsCStringHashKey, int16_t> mShouldLoadCache;
+ nsCOMPtr<nsILoadGroup> mCallingChannelLoadGroup;
+ nsWeakPtr mLoadingContext;
+ // The CSP hangs off the principal, so let's store a raw pointer of the principal
+ // to avoid memory leaks. Within the destructor of the principal we explicitly
+ // set mLoadingPrincipal to null.
+ nsIPrincipal* mLoadingPrincipal;
+
+ // helper members used to queue up web console messages till
+ // the windowID becomes available. see flushConsoleMessages()
+ nsTArray<ConsoleMsgQueueElem> mConsoleMsgQueue;
+ bool mQueueUpMessages;
+};
+
+// Class that listens to violation report transmission and logs errors.
+class CSPViolationReportListener : public nsIStreamListener
+{
+ public:
+ NS_DECL_NSISTREAMLISTENER
+ NS_DECL_NSIREQUESTOBSERVER
+ NS_DECL_ISUPPORTS
+
+ public:
+ CSPViolationReportListener();
+
+ protected:
+ virtual ~CSPViolationReportListener();
+};
+
+// The POST of the violation report (if it happens) should not follow
+// redirects, per the spec. hence, we implement an nsIChannelEventSink
+// with an object so we can tell XHR to abort if a redirect happens.
+class CSPReportRedirectSink final : public nsIChannelEventSink,
+ public nsIInterfaceRequestor
+{
+ public:
+ NS_DECL_NSICHANNELEVENTSINK
+ NS_DECL_NSIINTERFACEREQUESTOR
+ NS_DECL_ISUPPORTS
+
+ public:
+ CSPReportRedirectSink();
+
+ void SetInterceptController(nsINetworkInterceptController* aInterceptController);
+
+ protected:
+ virtual ~CSPReportRedirectSink();
+
+ private:
+ nsCOMPtr<nsINetworkInterceptController> mInterceptController;
+};
+
+#endif /* nsCSPContext_h___ */