From 1b4c4256ee7705724b02919b4d432b2a391bcd04 Mon Sep 17 00:00:00 2001 From: janekptacijarabaci Date: Sun, 22 Apr 2018 18:51:38 +0200 Subject: moebius#223: Consider blocking top level window data: URIs (part 1/3 without tests) https://github.com/MoonchildProductions/moebius/pull/223 --- netwerk/base/nsIOService.cpp | 10 ++++++++++ netwerk/base/nsIOService.h | 4 ++++ 2 files changed, 14 insertions(+) (limited to 'netwerk') diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp index 0da79c18a..8b7f31f99 100644 --- a/netwerk/base/nsIOService.cpp +++ b/netwerk/base/nsIOService.cpp @@ -173,6 +173,8 @@ uint32_t nsIOService::gDefaultSegmentCount = 24; bool nsIOService::sTelemetryEnabled = false; +bool nsIOService::sBlockToplevelDataUriNavigations = false; + //////////////////////////////////////////////////////////////////////////////// nsIOService::nsIOService() @@ -251,6 +253,8 @@ nsIOService::Init() NS_WARNING("failed to get observer service"); Preferences::AddBoolVarCache(&sTelemetryEnabled, "toolkit.telemetry.enabled", false); + Preferences::AddBoolVarCache(&sBlockToplevelDataUriNavigations, + "security.data_uri.block_toplevel_data_uri_navigations", false); Preferences::AddBoolVarCache(&mOfflineMirrorsConnectivity, OFFLINE_MIRRORS_CONNECTIVITY, true); gIOService = this; @@ -1876,5 +1880,11 @@ nsIOService::SpeculativeAnonymousConnect2(nsIURI *aURI, return SpeculativeConnectInternal(aURI, aPrincipal, aCallbacks, true); } +/*static*/ bool +nsIOService::BlockToplevelDataUriNavigations() +{ + return sBlockToplevelDataUriNavigations; +} + } // namespace net } // namespace mozilla diff --git a/netwerk/base/nsIOService.h b/netwerk/base/nsIOService.h index 7ac23b791..e592c4d1c 100644 --- a/netwerk/base/nsIOService.h +++ b/netwerk/base/nsIOService.h @@ -95,6 +95,8 @@ public: bool IsLinkUp(); + static bool BlockToplevelDataUriNavigations(); + // Used to trigger a recheck of the captive portal status nsresult RecheckCaptivePortal(); private: @@ -176,6 +178,8 @@ private: static bool sTelemetryEnabled; + static bool sBlockToplevelDataUriNavigations; + // These timestamps are needed for collecting telemetry on PR_Connect, // PR_ConnectContinue and PR_Close blocking time. If we spend very long // time in any of these functions we want to know if and what network -- cgit v1.2.3 From f1e5578718ea8883438cfea06d3c55d25f5c0278 Mon Sep 17 00:00:00 2001 From: janekptacijarabaci Date: Sun, 22 Apr 2018 19:03:22 +0200 Subject: moebius#226: Consider blocking top level window data: URIs (part 2/2 without tests) https://github.com/MoonchildProductions/moebius/pull/226 --- netwerk/base/LoadInfo.cpp | 23 +++++++++++++++++++++++ netwerk/base/LoadInfo.h | 2 ++ netwerk/base/nsILoadInfo.idl | 7 +++++++ netwerk/ipc/NeckoChannelParams.ipdlh | 1 + 4 files changed, 33 insertions(+) (limited to 'netwerk') diff --git a/netwerk/base/LoadInfo.cpp b/netwerk/base/LoadInfo.cpp index 42fdea4a1..2f10261cb 100644 --- a/netwerk/base/LoadInfo.cpp +++ b/netwerk/base/LoadInfo.cpp @@ -7,6 +7,7 @@ #include "mozilla/LoadInfo.h" #include "mozilla/Assertions.h" +#include "mozilla/dom/TabChild.h" #include "mozilla/dom/ToJSValue.h" #include "mozIThirdPartyUtil.h" #include "nsFrameLoader.h" @@ -63,6 +64,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, , mIsThirdPartyContext(false) , mForcePreflight(false) , mIsPreflight(false) + , mLoadTriggeredFromExternal(false) , mForceHSTSPriming(false) , mMixedContentWouldBlock(false) { @@ -235,6 +237,7 @@ LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow, , mIsThirdPartyContext(false) // NB: TYPE_DOCUMENT implies not third-party. , mForcePreflight(false) , mIsPreflight(false) + , mLoadTriggeredFromExternal(false) , mForceHSTSPriming(false) , mMixedContentWouldBlock(false) { @@ -297,6 +300,7 @@ LoadInfo::LoadInfo(const LoadInfo& rhs) , mCorsUnsafeHeaders(rhs.mCorsUnsafeHeaders) , mForcePreflight(rhs.mForcePreflight) , mIsPreflight(rhs.mIsPreflight) + , mLoadTriggeredFromExternal(rhs.mLoadTriggeredFromExternal) , mForceHSTSPriming(rhs.mForceHSTSPriming) , mMixedContentWouldBlock(rhs.mMixedContentWouldBlock) { @@ -325,6 +329,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, const nsTArray& aCorsUnsafeHeaders, bool aForcePreflight, bool aIsPreflight, + bool aLoadTriggeredFromExternal, bool aForceHSTSPriming, bool aMixedContentWouldBlock) : mLoadingPrincipal(aLoadingPrincipal) @@ -348,6 +353,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, , mCorsUnsafeHeaders(aCorsUnsafeHeaders) , mForcePreflight(aForcePreflight) , mIsPreflight(aIsPreflight) + , mLoadTriggeredFromExternal(aLoadTriggeredFromExternal) , mForceHSTSPriming (aForceHSTSPriming) , mMixedContentWouldBlock(aMixedContentWouldBlock) { @@ -872,6 +878,23 @@ LoadInfo::GetIsPreflight(bool* aIsPreflight) return NS_OK; } +NS_IMETHODIMP +LoadInfo::SetLoadTriggeredFromExternal(bool aLoadTriggeredFromExternal) +{ + MOZ_ASSERT(!aLoadTriggeredFromExternal || + mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT, + "can only set load triggered from external for TYPE_DOCUMENT"); + mLoadTriggeredFromExternal = aLoadTriggeredFromExternal; + return NS_OK; +} + +NS_IMETHODIMP +LoadInfo::GetLoadTriggeredFromExternal(bool* aLoadTriggeredFromExternal) +{ + *aLoadTriggeredFromExternal = mLoadTriggeredFromExternal; + return NS_OK; +} + NS_IMETHODIMP LoadInfo::GetForceHSTSPriming(bool* aForceHSTSPriming) { diff --git a/netwerk/base/LoadInfo.h b/netwerk/base/LoadInfo.h index 3e1b92ff4..99deae2d2 100644 --- a/netwerk/base/LoadInfo.h +++ b/netwerk/base/LoadInfo.h @@ -108,6 +108,7 @@ private: const nsTArray& aUnsafeHeaders, bool aForcePreflight, bool aIsPreflight, + bool aLoadTriggeredFromExternal, bool aForceHSTSPriming, bool aMixedContentWouldBlock); LoadInfo(const LoadInfo& rhs); @@ -152,6 +153,7 @@ private: nsTArray mCorsUnsafeHeaders; bool mForcePreflight; bool mIsPreflight; + bool mLoadTriggeredFromExternal; bool mForceHSTSPriming : 1; bool mMixedContentWouldBlock : 1; diff --git a/netwerk/base/nsILoadInfo.idl b/netwerk/base/nsILoadInfo.idl index 78433c8b8..5b5eb425a 100644 --- a/netwerk/base/nsILoadInfo.idl +++ b/netwerk/base/nsILoadInfo.idl @@ -574,6 +574,13 @@ interface nsILoadInfo : nsISupports */ [infallible] attribute boolean initialSecurityCheckDone; + /** + * Returns true if the load was triggered from an external application + * (e.g. Thunderbird). Please note that this flag will only ever be true + * if the load is of TYPE_DOCUMENT. + */ + [infallible] attribute boolean loadTriggeredFromExternal; + /** * Whenever a channel gets redirected, append the principal of the * channel [before the channels got redirected] to the loadinfo, diff --git a/netwerk/ipc/NeckoChannelParams.ipdlh b/netwerk/ipc/NeckoChannelParams.ipdlh index 9365397d1..e1438cacc 100644 --- a/netwerk/ipc/NeckoChannelParams.ipdlh +++ b/netwerk/ipc/NeckoChannelParams.ipdlh @@ -53,6 +53,7 @@ struct LoadInfoArgs nsCString[] corsUnsafeHeaders; bool forcePreflight; bool isPreflight; + bool loadTriggeredFromExternal; bool forceHSTSPriming; bool mixedContentWouldBlock; }; -- cgit v1.2.3 From 660d01438a6a29ebd43f592ac7d6df2dad6a6962 Mon Sep 17 00:00:00 2001 From: janekptacijarabaci Date: Sun, 22 Apr 2018 20:28:18 +0200 Subject: moebius#230: Consider blocking top level window data: URIs (part 3/3 without tests) https://github.com/MoonchildProductions/moebius/pull/230 --- netwerk/base/LoadInfo.cpp | 22 ++++++++++++++++++++++ netwerk/base/LoadInfo.h | 2 ++ netwerk/base/nsILoadInfo.idl | 5 +++++ netwerk/ipc/NeckoChannelParams.ipdlh | 1 + 4 files changed, 30 insertions(+) (limited to 'netwerk') diff --git a/netwerk/base/LoadInfo.cpp b/netwerk/base/LoadInfo.cpp index 2f10261cb..9923f6d30 100644 --- a/netwerk/base/LoadInfo.cpp +++ b/netwerk/base/LoadInfo.cpp @@ -54,6 +54,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, , mUpgradeInsecureRequests(false) , mVerifySignedContent(false) , mEnforceSRI(false) + , mForceAllowDataURI(false) , mForceInheritPrincipalDropped(false) , mInnerWindowID(0) , mOuterWindowID(0) @@ -227,6 +228,7 @@ LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow, , mUpgradeInsecureRequests(false) , mVerifySignedContent(false) , mEnforceSRI(false) + , mForceAllowDataURI(false) , mForceInheritPrincipalDropped(false) , mInnerWindowID(0) , mOuterWindowID(0) @@ -285,6 +287,7 @@ LoadInfo::LoadInfo(const LoadInfo& rhs) , mUpgradeInsecureRequests(rhs.mUpgradeInsecureRequests) , mVerifySignedContent(rhs.mVerifySignedContent) , mEnforceSRI(rhs.mEnforceSRI) + , mForceAllowDataURI(rhs.mForceAllowDataURI) , mForceInheritPrincipalDropped(rhs.mForceInheritPrincipalDropped) , mInnerWindowID(rhs.mInnerWindowID) , mOuterWindowID(rhs.mOuterWindowID) @@ -315,6 +318,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, bool aUpgradeInsecureRequests, bool aVerifySignedContent, bool aEnforceSRI, + bool aForceAllowDataURI, bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID, uint64_t aOuterWindowID, @@ -341,6 +345,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, , mUpgradeInsecureRequests(aUpgradeInsecureRequests) , mVerifySignedContent(aVerifySignedContent) , mEnforceSRI(aEnforceSRI) + , mForceAllowDataURI(aForceAllowDataURI) , mForceInheritPrincipalDropped(aForceInheritPrincipalDropped) , mInnerWindowID(aInnerWindowID) , mOuterWindowID(aOuterWindowID) @@ -653,6 +658,23 @@ LoadInfo::GetEnforceSRI(bool* aResult) return NS_OK; } +NS_IMETHODIMP +LoadInfo::SetForceAllowDataURI(bool aForceAllowDataURI) +{ + MOZ_ASSERT(!mForceAllowDataURI || + mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT, + "can only allow data URI navigation for TYPE_DOCUMENT"); + mForceAllowDataURI = aForceAllowDataURI; + return NS_OK; +} + +NS_IMETHODIMP +LoadInfo::GetForceAllowDataURI(bool* aForceAllowDataURI) +{ + *aForceAllowDataURI = mForceAllowDataURI; + return NS_OK; +} + NS_IMETHODIMP LoadInfo::GetForceInheritPrincipalDropped(bool* aResult) { diff --git a/netwerk/base/LoadInfo.h b/netwerk/base/LoadInfo.h index 99deae2d2..86cfddc68 100644 --- a/netwerk/base/LoadInfo.h +++ b/netwerk/base/LoadInfo.h @@ -94,6 +94,7 @@ private: bool aUpgradeInsecureRequests, bool aVerifySignedContent, bool aEnforceSRI, + bool aForceAllowDataURI, bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID, uint64_t aOuterWindowID, @@ -139,6 +140,7 @@ private: bool mUpgradeInsecureRequests; bool mVerifySignedContent; bool mEnforceSRI; + bool mForceAllowDataURI; bool mForceInheritPrincipalDropped; uint64_t mInnerWindowID; uint64_t mOuterWindowID; diff --git a/netwerk/base/nsILoadInfo.idl b/netwerk/base/nsILoadInfo.idl index 5b5eb425a..5b35736e5 100644 --- a/netwerk/base/nsILoadInfo.idl +++ b/netwerk/base/nsILoadInfo.idl @@ -469,6 +469,11 @@ interface nsILoadInfo : nsISupports */ [infallible] attribute boolean enforceSRI; + /** + * If true, toplevel data: URI navigation is allowed + */ + [infallible] attribute boolean forceAllowDataURI; + /** * The SEC_FORCE_INHERIT_PRINCIPAL flag may be dropped when a load info * object is created. Specifically, it will be dropped if the SEC_SANDBOXED diff --git a/netwerk/ipc/NeckoChannelParams.ipdlh b/netwerk/ipc/NeckoChannelParams.ipdlh index e1438cacc..4f4dcf6a9 100644 --- a/netwerk/ipc/NeckoChannelParams.ipdlh +++ b/netwerk/ipc/NeckoChannelParams.ipdlh @@ -39,6 +39,7 @@ struct LoadInfoArgs bool upgradeInsecureRequests; bool verifySignedContent; bool enforceSRI; + bool forceAllowDataURI; bool forceInheritPrincipalDropped; uint64_t innerWindowID; uint64_t outerWindowID; -- cgit v1.2.3 From dbfad99a51062e663da19266219191c0dc3521be Mon Sep 17 00:00:00 2001 From: janekptacijarabaci Date: Sun, 22 Apr 2018 21:20:53 +0200 Subject: Bug 1323683 - Fold nsIURIWithQuery into nsIURI native in moebius --- netwerk/base/moz.build | 1 - netwerk/base/nsIURI.idl | 60 ++++++++++++++++++++++++++-------------- netwerk/base/nsIURIWithQuery.idl | 30 -------------------- netwerk/base/nsIURL.idl | 6 ++-- netwerk/base/nsSimpleURI.cpp | 6 +--- netwerk/base/nsSimpleURI.h | 4 +-- netwerk/base/nsStandardURL.cpp | 1 - netwerk/base/nsStandardURL.h | 1 - 8 files changed, 45 insertions(+), 64 deletions(-) delete mode 100644 netwerk/base/nsIURIWithQuery.idl (limited to 'netwerk') diff --git a/netwerk/base/moz.build b/netwerk/base/moz.build index 3b731db10..5de1eea81 100644 --- a/netwerk/base/moz.build +++ b/netwerk/base/moz.build @@ -132,7 +132,6 @@ XPIDL_SOURCES += [ 'nsIURIClassifier.idl', 'nsIURIWithBlobImpl.idl', 'nsIURIWithPrincipal.idl', - 'nsIURIWithQuery.idl', 'nsIURL.idl', 'nsIURLParser.idl', 'nsPILoadGroupInternal.idl', diff --git a/netwerk/base/nsIURI.idl b/netwerk/base/nsIURI.idl index 2384c5fd9..ef163813a 100644 --- a/netwerk/base/nsIURI.idl +++ b/netwerk/base/nsIURI.idl @@ -10,18 +10,18 @@ * provides accessors to set and query the most basic components of an URI. * Subclasses, including nsIURL, impose greater structure on the URI. * - * This interface follows Tim Berners-Lee's URI spec (RFC2396) [1], where the + * This interface follows Tim Berners-Lee's URI spec (RFC3986) [1], where the * basic URI components are defined as such: * 
- *      ftp://username:password@hostname:portnumber/pathname#ref
- *      \ /   \               / \      / \        /\         \ /
- *       -     ---------------   ------   --------  |         -
- *       |            |             |        |      |         |
- *       |            |             |        |      |        Ref
- *       |            |             |       Port    \        /
- *       |            |            Host      /       --------
- *       |         UserPass                 /	         |
- *     Scheme                              /	        Path
+ *      ftp://username:password@hostname:portnumber/pathname?query#ref
+ *      \ /   \               / \      / \        /\       / \   / \ /
+ *       -     ---------------   ------   --------  -------   ---   -
+ *       |            |             |        |         |       |    |
+ *       |            |             |        |      FilePath Query Ref
+ *       |            |             |       Port       \            /
+ *       |            |            Host      /          ------------
+ *       |         UserPass                 /	              |
+ *     Scheme                              /	             Path
  *       \                                /
  *        --------------------------------
  *                       |
@@ -30,13 +30,9 @@
  * The definition of the URI components has been extended to allow for
  * internationalized domain names [2] and the more generic IRI structure [3].
  *
- * Note also that the RFC defines #-separated fragment identifiers as being
- * "not part of the URI".  Despite this, we bundle them as part of the URI, for
- * convenience.
- *
- * [1] http://www.ietf.org/rfc/rfc2396.txt
- * [2] http://www.ietf.org/internet-drafts/draft-ietf-idn-idna-06.txt
- * [3] http://www.ietf.org/internet-drafts/draft-masinter-url-i18n-08.txt
+ * [1] https://tools.ietf.org/html/rfc3986
+ * [2] https://tools.ietf.org/html/rfc5890
+ * [3] https://tools.ietf.org/html/rfc3987
  */
 
 %{C++
@@ -116,7 +112,7 @@ interface nsIURI : nsISupports
 
     /**
      * The Scheme is the protocol to which this URI refers.  The scheme is
-     * restricted to the US-ASCII charset per RFC2396.  Setting this is
+     * restricted to the US-ASCII charset per RFC3986.  Setting this is
      * highly discouraged outside of a protocol handler implementation, since
      * that will generally lead to incorrect results.
      */
@@ -174,6 +170,9 @@ interface nsIURI : nsISupports
      * empty, depending on the protocol).
      *
      * Some characters may be escaped.
+     *
+     * This attribute contains query and ref parts for historical reasons.
+     * Use the 'filePath' attribute if you do not want those parts included.
      */
     attribute AUTF8String path;
 
@@ -281,10 +280,31 @@ interface nsIURI : nsISupports
     /**
      * returns a string for the current URI with the ref element cleared.
      */
-   readonly attribute AUTF8String specIgnoringRef;
+    readonly attribute AUTF8String specIgnoringRef;
 
     /**
      * Returns if there is a reference portion (the part after the "#") of the URI.
      */
-   readonly attribute boolean hasRef;
+    readonly attribute boolean hasRef;
+
+    /************************************************************************
+     * Additional attributes added for .query support:
+     */
+
+    /**
+     * Returns a path including the directory and file portions of a
+     * URL.  For example, the filePath of "http://host/foo/bar.html#baz"
+     * is "/foo/bar.html".
+     *
+     * Some characters may be escaped.
+     */
+    attribute AUTF8String filePath;
+
+    /**
+     * Returns the query portion (the part after the "?") of the URL.
+     * If there isn't one, an empty string is returned.
+     *
+     * Some characters may be escaped.
+     */
+    attribute AUTF8String query;
 };
diff --git a/netwerk/base/nsIURIWithQuery.idl b/netwerk/base/nsIURIWithQuery.idl
deleted file mode 100644
index 749b2773d..000000000
--- a/netwerk/base/nsIURIWithQuery.idl
+++ /dev/null
@@ -1,30 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsIURI.idl"
-
-/**
- * nsIURIWithQuery is implemented by URIs which have a query parameter.
- * This is useful for the URL API.
- */
-[scriptable, uuid(367510ee-8556-435a-8f99-b5fd357e08cc)]
-interface nsIURIWithQuery : nsIURI
-{
-    /**
-     * Returns a path including the directory and file portions of a
-     * URL.  For example, the filePath of "http://host/foo/bar.html#baz"
-     * is "/foo/bar.html".
-     *
-     * Some characters may be escaped.
-     */
-    attribute AUTF8String filePath;
-
-    /**
-     * Returns the query portion (the part after the "?") of the URL.
-     * If there isn't one, an empty string is returned.
-     *
-     * Some characters may be escaped.
-     */
-    attribute AUTF8String query;
-};
diff --git a/netwerk/base/nsIURL.idl b/netwerk/base/nsIURL.idl
index aeaa3f694..9ff6c3dcd 100644
--- a/netwerk/base/nsIURL.idl
+++ b/netwerk/base/nsIURL.idl
@@ -3,7 +3,7 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include "nsIURIWithQuery.idl"
+#include "nsIURI.idl"
 
 /**
  * The nsIURL interface provides convenience methods that further
@@ -20,7 +20,7 @@
  *                        filePath
  */
 [scriptable, uuid(86adcd89-0b70-47a2-b0fe-5bb2c5f37e31)]
-interface nsIURL : nsIURIWithQuery
+interface nsIURL : nsIURI
 {
     /*************************************************************************
      * The URL path is broken down into the following principal components:
@@ -28,7 +28,7 @@ interface nsIURL : nsIURIWithQuery
      * attribute AUTF8String filePath;
      * attribute AUTF8String query;
      *
-     * These are inherited from nsIURIWithQuery.
+     * These are inherited from nsIURI.
      */
 
     /*************************************************************************
diff --git a/netwerk/base/nsSimpleURI.cpp b/netwerk/base/nsSimpleURI.cpp
index ae5c51a1e..dbc0dc817 100644
--- a/netwerk/base/nsSimpleURI.cpp
+++ b/netwerk/base/nsSimpleURI.cpp
@@ -48,7 +48,7 @@ nsSimpleURI::~nsSimpleURI()
 NS_IMPL_ADDREF(nsSimpleURI)
 NS_IMPL_RELEASE(nsSimpleURI)
 NS_INTERFACE_TABLE_HEAD(nsSimpleURI)
-NS_INTERFACE_TABLE(nsSimpleURI, nsIURI, nsIURIWithQuery, nsISerializable,
+NS_INTERFACE_TABLE(nsSimpleURI, nsIURI, nsISerializable,
                    nsIClassInfo, nsIMutable, nsIIPCSerializableURI)
 NS_INTERFACE_TABLE_TO_MAP_SEGUE
   if (aIID.Equals(kThisSimpleURIImplementationCID))
@@ -784,10 +784,6 @@ nsSimpleURI::SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const {
   return aMallocSizeOf(this) + SizeOfExcludingThis(aMallocSizeOf);
 }
 
-//----------------------------------------------------------------------------
-// nsSimpleURI::nsIURIWithQuery
-//----------------------------------------------------------------------------
-
 NS_IMETHODIMP
 nsSimpleURI::GetFilePath(nsACString& aFilePath)
 {
diff --git a/netwerk/base/nsSimpleURI.h b/netwerk/base/nsSimpleURI.h
index 29bc9b313..842136ed6 100644
--- a/netwerk/base/nsSimpleURI.h
+++ b/netwerk/base/nsSimpleURI.h
@@ -8,7 +8,6 @@
 
 #include "mozilla/MemoryReporting.h"
 #include "nsIURI.h"
-#include "nsIURIWithQuery.h"
 #include "nsISerializable.h"
 #include "nsString.h"
 #include "nsIClassInfo.h"
@@ -28,7 +27,7 @@ namespace net {
 }
 
 class nsSimpleURI
-    : public nsIURIWithQuery
+    : public nsIURI
     , public nsISerializable
     , public nsIClassInfo
     , public nsIMutable
@@ -41,7 +40,6 @@ protected:
 public:
     NS_DECL_ISUPPORTS
     NS_DECL_NSIURI
-    NS_DECL_NSIURIWITHQUERY
     NS_DECL_NSISERIALIZABLE
     NS_DECL_NSICLASSINFO
     NS_DECL_NSIMUTABLE
diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp
index 0cdd2a7b5..e2a290e4d 100644
--- a/netwerk/base/nsStandardURL.cpp
+++ b/netwerk/base/nsStandardURL.cpp
@@ -1182,7 +1182,6 @@ NS_IMPL_RELEASE(nsStandardURL)
 NS_INTERFACE_MAP_BEGIN(nsStandardURL)
     NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIStandardURL)
     NS_INTERFACE_MAP_ENTRY(nsIURI)
-    NS_INTERFACE_MAP_ENTRY(nsIURIWithQuery)
     NS_INTERFACE_MAP_ENTRY(nsIURL)
     NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIFileURL, mSupportsFileURL)
     NS_INTERFACE_MAP_ENTRY(nsIStandardURL)
diff --git a/netwerk/base/nsStandardURL.h b/netwerk/base/nsStandardURL.h
index 90f7f7db2..0ca345572 100644
--- a/netwerk/base/nsStandardURL.h
+++ b/netwerk/base/nsStandardURL.h
@@ -54,7 +54,6 @@ protected:
 public:
     NS_DECL_ISUPPORTS
     NS_DECL_NSIURI
-    NS_DECL_NSIURIWITHQUERY
     NS_DECL_NSIURL
     NS_DECL_NSIFILEURL
     NS_DECL_NSISTANDARDURL
-- 
cgit v1.2.3


From 2e33335820b2816bee111e78588ac82e401c86ae Mon Sep 17 00:00:00 2001
From: janekptacijarabaci 
Date: Sun, 22 Apr 2018 21:51:49 +0200
Subject: Bug 1182569: Update ContentSecurityManager to handle docshell loads

native in moebius
---
 netwerk/base/nsNetUtil.cpp | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

(limited to 'netwerk')

diff --git a/netwerk/base/nsNetUtil.cpp b/netwerk/base/nsNetUtil.cpp
index 8ff3e788f..bc9bcf88a 100644
--- a/netwerk/base/nsNetUtil.cpp
+++ b/netwerk/base/nsNetUtil.cpp
@@ -1285,16 +1285,10 @@ NS_HasBeenCrossOrigin(nsIChannel* aChannel, bool aReport)
   nsCOMPtr loadInfo = aChannel->GetLoadInfo();
   MOZ_RELEASE_ASSERT(loadInfo, "Origin tracking only works for channels created with a loadinfo");
 
-#ifdef DEBUG
-  // Don't enforce TYPE_DOCUMENT assertions for loads
-  // initiated by javascript tests.
-  bool skipContentTypeCheck = false;
-  skipContentTypeCheck = Preferences::GetBool("network.loadinfo.skip_type_assertion");
-#endif
-
-  MOZ_ASSERT(skipContentTypeCheck ||
-             loadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_DOCUMENT,
-             "calling NS_HasBeenCrossOrigin on a top level load");
+  // TYPE_DOCUMENT loads have a null LoadingPrincipal and can not be cross origin.
+  if (!loadInfo->LoadingPrincipal()) {
+    return false;
+  }
 
   // Always treat tainted channels as cross-origin.
   if (loadInfo->GetTainting() != LoadTainting::Basic) {
-- 
cgit v1.2.3


From 115cf1e322bdabaee001781e1d5a8ee4928992af Mon Sep 17 00:00:00 2001
From: janekptacijarabaci 
Date: Sun, 22 Apr 2018 22:17:09 +0200
Subject: Revert "Bug 1182569: Update ContentSecurityManager to handle docshell
 loads"

This reverts commit 2e33335820b2816bee111e78588ac82e401c86ae.
---
 netwerk/base/nsNetUtil.cpp | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'netwerk')

diff --git a/netwerk/base/nsNetUtil.cpp b/netwerk/base/nsNetUtil.cpp
index bc9bcf88a..8ff3e788f 100644
--- a/netwerk/base/nsNetUtil.cpp
+++ b/netwerk/base/nsNetUtil.cpp
@@ -1285,10 +1285,16 @@ NS_HasBeenCrossOrigin(nsIChannel* aChannel, bool aReport)
   nsCOMPtr loadInfo = aChannel->GetLoadInfo();
   MOZ_RELEASE_ASSERT(loadInfo, "Origin tracking only works for channels created with a loadinfo");
 
-  // TYPE_DOCUMENT loads have a null LoadingPrincipal and can not be cross origin.
-  if (!loadInfo->LoadingPrincipal()) {
-    return false;
-  }
+#ifdef DEBUG
+  // Don't enforce TYPE_DOCUMENT assertions for loads
+  // initiated by javascript tests.
+  bool skipContentTypeCheck = false;
+  skipContentTypeCheck = Preferences::GetBool("network.loadinfo.skip_type_assertion");
+#endif
+
+  MOZ_ASSERT(skipContentTypeCheck ||
+             loadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_DOCUMENT,
+             "calling NS_HasBeenCrossOrigin on a top level load");
 
   // Always treat tainted channels as cross-origin.
   if (loadInfo->GetTainting() != LoadTainting::Basic) {
-- 
cgit v1.2.3


From ccbd5ecf57fcd53ac8b28ddf7466b6c930f764df Mon Sep 17 00:00:00 2001
From: janekptacijarabaci 
Date: Mon, 23 Apr 2018 00:13:56 +0200
Subject: moebius#187: DOM - nsIContentPolicy - context (document)

https://github.com/MoonchildProductions/moebius/pull/187
---
 netwerk/base/LoadInfo.cpp    | 15 +++++++++++++++
 netwerk/base/LoadInfo.h      |  7 +++++--
 netwerk/base/nsILoadInfo.idl | 10 ++++++++++
 3 files changed, 30 insertions(+), 2 deletions(-)

(limited to 'netwerk')

diff --git a/netwerk/base/LoadInfo.cpp b/netwerk/base/LoadInfo.cpp
index 9923f6d30..ede825b8f 100644
--- a/netwerk/base/LoadInfo.cpp
+++ b/netwerk/base/LoadInfo.cpp
@@ -48,6 +48,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
                            aTriggeringPrincipal : mLoadingPrincipal.get())
   , mPrincipalToInherit(nullptr)
   , mLoadingContext(do_GetWeakReference(aLoadingContext))
+  , mContextForTopLevelLoad(nullptr)
   , mSecurityFlags(aSecurityFlags)
   , mInternalContentPolicyType(aContentPolicyType)
   , mTainting(LoadTainting::Basic)
@@ -218,10 +219,12 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
 */
 LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow,
                    nsIPrincipal* aTriggeringPrincipal,
+                   nsISupports* aContextForTopLevelLoad,
                    nsSecurityFlags aSecurityFlags)
   : mLoadingPrincipal(nullptr)
   , mTriggeringPrincipal(aTriggeringPrincipal)
   , mPrincipalToInherit(nullptr)
+  , mContextForTopLevelLoad(do_GetWeakReference(aContextForTopLevelLoad))
   , mSecurityFlags(aSecurityFlags)
   , mInternalContentPolicyType(nsIContentPolicy::TYPE_DOCUMENT)
   , mTainting(LoadTainting::Basic)
@@ -281,6 +284,7 @@ LoadInfo::LoadInfo(const LoadInfo& rhs)
   , mTriggeringPrincipal(rhs.mTriggeringPrincipal)
   , mPrincipalToInherit(rhs.mPrincipalToInherit)
   , mLoadingContext(rhs.mLoadingContext)
+  , mContextForTopLevelLoad(rhs.mContextForTopLevelLoad)
   , mSecurityFlags(rhs.mSecurityFlags)
   , mInternalContentPolicyType(rhs.mInternalContentPolicyType)
   , mTainting(rhs.mTainting)
@@ -488,6 +492,17 @@ LoadInfo::LoadingNode()
   return node;
 }
 
+nsISupports*
+LoadInfo::ContextForTopLevelLoad()
+{
+  // Most likely you want to query LoadingNode() instead of
+  // ContextForTopLevelLoad() if this assertion fires.
+  MOZ_ASSERT(mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT,
+            "should only query this context for top level document loads");
+  nsCOMPtr context = do_QueryReferent(mContextForTopLevelLoad);
+  return context;
+}
+
 NS_IMETHODIMP
 LoadInfo::GetSecurityFlags(nsSecurityFlags* aResult)
 {
diff --git a/netwerk/base/LoadInfo.h b/netwerk/base/LoadInfo.h
index 86cfddc68..0ae6061b3 100644
--- a/netwerk/base/LoadInfo.h
+++ b/netwerk/base/LoadInfo.h
@@ -59,10 +59,12 @@ public:
            nsSecurityFlags aSecurityFlags,
            nsContentPolicyType aContentPolicyType);
 
-  // Constructor used for TYPE_DOCUMENT loads which have no reasonable
-  // loadingNode or loadingPrincipal
+  // Constructor used for TYPE_DOCUMENT loads which have a different
+  // loadingContext than other loads. This ContextForTopLevelLoad is
+  // only used for content policy checks.
   LoadInfo(nsPIDOMWindowOuter* aOuterWindow,
            nsIPrincipal* aTriggeringPrincipal,
+           nsISupports* aContextForTopLevelLoad,
            nsSecurityFlags aSecurityFlags);
 
   // create an exact copy of the loadinfo
@@ -134,6 +136,7 @@ private:
   nsCOMPtr           mTriggeringPrincipal;
   nsCOMPtr           mPrincipalToInherit;
   nsWeakPtr                        mLoadingContext;
+  nsWeakPtr                        mContextForTopLevelLoad;
   nsSecurityFlags                  mSecurityFlags;
   nsContentPolicyType              mInternalContentPolicyType;
   LoadTainting                     mTainting;
diff --git a/netwerk/base/nsILoadInfo.idl b/netwerk/base/nsILoadInfo.idl
index 5b35736e5..4ec29b972 100644
--- a/netwerk/base/nsILoadInfo.idl
+++ b/netwerk/base/nsILoadInfo.idl
@@ -323,6 +323,16 @@ interface nsILoadInfo : nsISupports
   [noscript, notxpcom, nostdcall, binaryname(LoadingNode)]
   nsINode binaryLoadingNode();
 
+  /**
+   * A C++ friendly version of the loadingContext for toplevel loads.
+   * Most likely you want to query the ownerDocument or LoadingNode
+   * and not this context only available for TYPE_DOCUMENT loads.
+   * Please note that except for loads of TYPE_DOCUMENT, this
+   * ContextForTopLevelLoad will always return null.
+   */
+  [noscript, notxpcom, nostdcall, binaryname(ContextForTopLevelLoad)]
+  nsISupports binaryContextForTopLevelLoad();
+
   /**
    * The securityFlags of that channel.
    */
-- 
cgit v1.2.3