NS_IMETHODIMP
nsContentBlocker::ShouldProcess(uint32_t aContentType,
nsIURI *aContentLocation,
nsIURI *aRequestingLocation,
nsISupports *aRequestingContext,
const nsACString &aMimeGuess,
nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
int16_t *aDecision)
{
// For loads where aRequestingContext is chrome, we should just
// accept. Those are most likely toplevel loads in windows, and
// chrome generally knows what it's doing anyway.
nsCOMPtr<nsIDocShellTreeItem> item =
do_QueryInterface(NS_CP_GetDocShellFromContext(aRequestingContext));
if (item) {
int32_t type;
item->GetItemType(&type);
if (type == nsIDocShellTreeItem::typeChrome) {
*aDecision = nsIContentPolicy::ACCEPT;
return NS_OK;
}
}
// For objects, we only check policy in shouldProcess, as the final type isn't
// determined until the channel is open -- We don't want to block images in
// object tags because plugins are disallowed.
// NOTE that this bypasses the aContentLocation checks in ShouldLoad - this is
// intentional, as aContentLocation may be null for plugins that load by type
// (e.g. java)
if (aContentType == nsIContentPolicy::TYPE_OBJECT) {
*aDecision = nsIContentPolicy::ACCEPT;
bool shouldLoad, fromPrefs;
nsresult rv = TestPermission(aContentLocation, aRequestingLocation,
aContentType, &shouldLoad, &fromPrefs);
NS_ENSURE_SUCCESS(rv, rv);
if (!shouldLoad) {
if (fromPrefs) {
*aDecision = nsIContentPolicy::REJECT_TYPE;
} else {
*aDecision = nsIContentPolicy::REJECT_SERVER;
}
}
return NS_OK;
}
// This isn't a load from chrome or an object tag - Just do a ShouldLoad()
// check -- we want the same answer here
return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
aDecision);
}
// nsIContentPolicy Implementation
NS_IMETHODIMP
nsContentBlocker::ShouldLoad(uint32_t aContentType,
nsIURI *aContentLocation,
nsIURI *aRequestingLocation,
nsISupports *aRequestingContext,
const nsACString &aMimeGuess,
nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
int16_t *aDecision)
{
MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
"We should only see external content policy types here.");
*aDecision = nsIContentPolicy::ACCEPT;
nsresult rv;
// Ony support NUMBER_OF_TYPES content types. that all there is at the
// moment, but you never know...
if (aContentType > NUMBER_OF_TYPES)
return NS_OK;
// we can't do anything without this
if (!aContentLocation)
return NS_OK;
// The final type of an object tag may mutate before it reaches
// shouldProcess, so we cannot make any sane blocking decisions here
if (aContentType == nsIContentPolicy::TYPE_OBJECT)
return NS_OK;
// we only want to check http, https, ftp
// for chrome:// and resources and others, no need to check.
nsAutoCString scheme;
aContentLocation->GetScheme(scheme);
if (!scheme.LowerCaseEqualsLiteral("ftp") &&
!scheme.LowerCaseEqualsLiteral("http") &&
!scheme.LowerCaseEqualsLiteral("https"))
return NS_OK;
bool shouldLoad, fromPrefs;
rv = TestPermission(aContentLocation, aRequestingLocation, aContentType,
&shouldLoad, &fromPrefs);
NS_ENSURE_SUCCESS(rv, rv);
if (!shouldLoad) {
if (fromPrefs) {
*aDecision = nsIContentPolicy::REJECT_TYPE;
} else {
*aDecision = nsIContentPolicy::REJECT_SERVER;
}
}
return NS_OK;
}
NS_IMETHODIMP
nsStrictTransportSecurityService::IsStsURI(nsIURI* aURI, bool* aResult)
{
// Should be called on the main thread (or via proxy) since the permission
// manager is used and it's not threadsafe.
NS_ENSURE_TRUE(NS_IsMainThread(), NS_ERROR_UNEXPECTED);
nsresult rv;
PRUint32 permExact, permGeneral;
// If this domain has the forcehttps permission, this is an STS host.
rv = TestPermission(aURI, STS_PERMISSION, &permExact, true);
NS_ENSURE_SUCCESS(rv, rv);
// If any super-domain has the includeSubdomains permission, this is an
// STS host.
rv = TestPermission(aURI, STS_SUBDOMAIN_PERMISSION, &permGeneral, false);
NS_ENSURE_SUCCESS(rv, rv);
*aResult = ((permExact == nsIPermissionManager::ALLOW_ACTION) ||
(permGeneral == nsIPermissionManager::ALLOW_ACTION));
return NS_OK;
}
