LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal, nsINode* aLoadingContext, nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType) : mLoadingPrincipal(aLoadingContext ? aLoadingContext->NodePrincipal() : aLoadingPrincipal) , mTriggeringPrincipal(aTriggeringPrincipal ? aTriggeringPrincipal : mLoadingPrincipal.get()) , mLoadingContext(do_GetWeakReference(aLoadingContext)) , mSecurityFlags(aSecurityFlags) , mInternalContentPolicyType(aContentPolicyType) , mTainting(LoadTainting::Basic) , mUpgradeInsecureRequests(false) , mInnerWindowID(0) , mOuterWindowID(0) , mParentOuterWindowID(0) , mEnforceSecurity(false) , mInitialSecurityCheckDone(false) , mIsThirdPartyContext(true) , mForcePreflight(false) , mIsPreflight(false) { MOZ_ASSERT(mLoadingPrincipal); MOZ_ASSERT(mTriggeringPrincipal); // if consumers pass both, aLoadingContext and aLoadingPrincipal // then the loadingPrincipal must be the same as the node's principal MOZ_ASSERT(!aLoadingContext || !aLoadingPrincipal || aLoadingContext->NodePrincipal() == aLoadingPrincipal); // if the load is sandboxed, we can not also inherit the principal if (mSecurityFlags & nsILoadInfo::SEC_SANDBOXED) { mSecurityFlags ^= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL; } if (aLoadingContext) { nsCOMPtr<nsPIDOMWindow> outerWindow; // When the element being loaded is a frame, we choose the frame's window // for the window ID and the frame element's window as the parent // window. This is the behavior that Chrome exposes to add-ons. nsCOMPtr<nsIFrameLoaderOwner> frameLoaderOwner = do_QueryInterface(aLoadingContext); if (frameLoaderOwner) { nsCOMPtr<nsIFrameLoader> fl = frameLoaderOwner->GetFrameLoader(); nsCOMPtr<nsIDocShell> docShell; if (fl && NS_SUCCEEDED(fl->GetDocShell(getter_AddRefs(docShell))) && docShell) { outerWindow = do_GetInterface(docShell); } } else { outerWindow = aLoadingContext->OwnerDoc()->GetWindow(); } if (outerWindow) { nsCOMPtr<nsPIDOMWindow> inner = outerWindow->GetCurrentInnerWindow(); mInnerWindowID = inner ? inner->WindowID() : 0; mOuterWindowID = outerWindow->WindowID(); nsCOMPtr<nsPIDOMWindow> parent = outerWindow->GetScriptableParent(); mParentOuterWindowID = parent->WindowID(); ComputeIsThirdPartyContext(outerWindow); } // if the document forces all requests to be upgraded from http to https, then // we should do that for all requests. If it only forces preloads to be upgraded // then we should enforce upgrade insecure requests only for preloads. mUpgradeInsecureRequests = aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(false) || (nsContentUtils::IsPreloadType(mInternalContentPolicyType) && aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(true)); } const PrincipalOriginAttributes attrs = BasePrincipal::Cast(mLoadingPrincipal)->OriginAttributesRef(); mOriginAttributes.InheritFromDocToNecko(attrs); }
LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal, nsINode* aLoadingContext, nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType) : mLoadingPrincipal(aLoadingContext ? aLoadingContext->NodePrincipal() : aLoadingPrincipal) , mTriggeringPrincipal(aTriggeringPrincipal ? aTriggeringPrincipal : mLoadingPrincipal.get()) , mLoadingContext(do_GetWeakReference(aLoadingContext)) , mSecurityFlags(aSecurityFlags) , mInternalContentPolicyType(aContentPolicyType) , mTainting(LoadTainting::Basic) , mUpgradeInsecureRequests(false) , mInnerWindowID(0) , mOuterWindowID(0) , mParentOuterWindowID(0) , mEnforceSecurity(false) , mInitialSecurityCheckDone(false) , mIsThirdPartyContext(false) , mForcePreflight(false) , mIsPreflight(false) { MOZ_ASSERT(mLoadingPrincipal); MOZ_ASSERT(mTriggeringPrincipal); // TODO(bug 1259873): Above, we initialize mIsThirdPartyContext to false meaning // that consumers of LoadInfo that don't pass a context or pass a context from // which we can't find a window will default to assuming that they're 1st // party. It would be nice if we could default "safe" and assume that we are // 3rd party until proven otherwise. // if consumers pass both, aLoadingContext and aLoadingPrincipal // then the loadingPrincipal must be the same as the node's principal MOZ_ASSERT(!aLoadingContext || !aLoadingPrincipal || aLoadingContext->NodePrincipal() == aLoadingPrincipal); // if the load is sandboxed, we can not also inherit the principal if (mSecurityFlags & nsILoadInfo::SEC_SANDBOXED) { mSecurityFlags ^= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL; } if (aLoadingContext) { nsCOMPtr<nsPIDOMWindow> contextOuter = aLoadingContext->OwnerDoc()->GetWindow(); if (contextOuter) { ComputeIsThirdPartyContext(contextOuter); } nsCOMPtr<nsPIDOMWindow> outerWindow; // When the element being loaded is a frame, we choose the frame's window // for the window ID and the frame element's window as the parent // window. This is the behavior that Chrome exposes to add-ons. // NB: If the frameLoaderOwner doesn't have a frame loader, then the load // must be coming from an object (such as a plugin) that's loaded into it // instead of a document being loaded. In that case, treat this object like // any other non-document-loading element. nsCOMPtr<nsIFrameLoaderOwner> frameLoaderOwner = do_QueryInterface(aLoadingContext); nsCOMPtr<nsIFrameLoader> fl = frameLoaderOwner ? frameLoaderOwner->GetFrameLoader() : nullptr; if (fl) { nsCOMPtr<nsIDocShell> docShell; if (NS_SUCCEEDED(fl->GetDocShell(getter_AddRefs(docShell))) && docShell) { outerWindow = do_GetInterface(docShell); } } else { outerWindow = contextOuter.forget(); } if (outerWindow) { nsCOMPtr<nsPIDOMWindow> inner = outerWindow->GetCurrentInnerWindow(); mInnerWindowID = inner ? inner->WindowID() : 0; mOuterWindowID = outerWindow->WindowID(); nsCOMPtr<nsPIDOMWindow> parent = outerWindow->GetScriptableParent(); mParentOuterWindowID = parent->WindowID(); } // if the document forces all requests to be upgraded from http to https, then // we should do that for all requests. If it only forces preloads to be upgraded // then we should enforce upgrade insecure requests only for preloads. mUpgradeInsecureRequests = aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(false) || (nsContentUtils::IsPreloadType(mInternalContentPolicyType) && aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(true)); } const PrincipalOriginAttributes attrs = BasePrincipal::Cast(mLoadingPrincipal)->OriginAttributesRef(); mOriginAttributes.InheritFromDocToNecko(attrs); }