diff options
author | Moonchild <moonchild@palemoon.org> | 2022-11-07 13:49:11 +0000 |
---|---|---|
committer | Moonchild <moonchild@palemoon.org> | 2022-11-07 13:49:11 +0000 |
commit | d19fb35c6abab93a22d08f8c7fc850ddcc2cbba6 (patch) | |
tree | e63daaac8b9dd59a88f4a7d9a55e6f9c0724cddf /netwerk | |
parent | 10a37f462e7b4357feda9284dac608c0da0a416e (diff) | |
parent | 94554142e9f2aafdae0f2152537e8e2bee89313c (diff) | |
download | uxp-d19fb35c6abab93a22d08f8c7fc850ddcc2cbba6.tar.gz |
Merge branch 'master' into 1769-take2
Diffstat (limited to 'netwerk')
35 files changed, 271 insertions, 95 deletions
diff --git a/netwerk/base/moz.build b/netwerk/base/moz.build index 1659299f7b..78482d87fa 100644 --- a/netwerk/base/moz.build +++ b/netwerk/base/moz.build @@ -181,7 +181,7 @@ EXPORTS.mozilla.net += [ 'ReferrerPolicy.h', ] -SOURCES += [ +UNIFIED_SOURCES += [ 'ArrayBufferInputStream.cpp', 'BackgroundFileSaver.cpp', 'CaptivePortalService.cpp', diff --git a/netwerk/base/nsISocketTransport.idl b/netwerk/base/nsISocketTransport.idl index 9b5bc23fb7..3525aad5d9 100644 --- a/netwerk/base/nsISocketTransport.idl +++ b/netwerk/base/nsISocketTransport.idl @@ -130,6 +130,11 @@ interface nsISocketTransport : nsITransport void setTimeout(in unsigned long aType, in unsigned long aValue); /** + * True to set addr and port reuse socket options. + */ + void setReuseAddrPort(in bool reuseAddrPort); + + /** * Values for the aType parameter passed to get/setTimeout. */ const unsigned long TIMEOUT_CONNECT = 0; diff --git a/netwerk/base/nsPACMan.cpp b/netwerk/base/nsPACMan.cpp index 37d3e8b6bb..f00c3cc434 100644 --- a/netwerk/base/nsPACMan.cpp +++ b/netwerk/base/nsPACMan.cpp @@ -474,6 +474,11 @@ nsPACMan::StartLoading() void nsPACMan::OnLoadFailure() { + // We have to clear the loader to indicate that we are currently not loading PAC. + if (mLoader) { + mLoader = nullptr; + } + int32_t minInterval = 5; // 5 seconds int32_t maxInterval = 300; // 5 minutes diff --git a/netwerk/base/nsSocketTransport2.cpp b/netwerk/base/nsSocketTransport2.cpp index ff5fc3070d..ab20737443 100644 --- a/netwerk/base/nsSocketTransport2.cpp +++ b/netwerk/base/nsSocketTransport2.cpp @@ -737,6 +737,7 @@ nsSocketTransport::nsSocketTransport() , mProxyTransparentResolvesHost(false) , mHttpsProxy(false) , mConnectionFlags(0) + , mReuseAddrPort(false) , mState(STATE_CLOSED) , mAttached(false) , mInputClosed(true) @@ -1354,6 +1355,32 @@ nsSocketTransport::InitiateSocket() status = PR_SetSocketOption(fd, &opt); NS_ASSERTION(status == PR_SUCCESS, "unable to make socket non-blocking"); + if (mReuseAddrPort) { + SOCKET_LOG((" Setting port/addr reuse socket options\n")); + + // Set ReuseAddr for TCP sockets to enable having several + // sockets bound to same local IP and port + PRSocketOptionData opt_reuseaddr; + opt_reuseaddr.option = PR_SockOpt_Reuseaddr; + opt_reuseaddr.value.reuse_addr = PR_TRUE; + status = PR_SetSocketOption(fd, &opt_reuseaddr); + if (status != PR_SUCCESS) { + SOCKET_LOG((" Couldn't set reuse addr socket option: %d\n", + status)); + } + + // And also set ReusePort for platforms supporting this socket option + PRSocketOptionData opt_reuseport; + opt_reuseport.option = PR_SockOpt_Reuseport; + opt_reuseport.value.reuse_port = PR_TRUE; + status = PR_SetSocketOption(fd, &opt_reuseport); + if (status != PR_SUCCESS + && PR_GetError() != PR_OPERATION_NOT_SUPPORTED_ERROR) { + SOCKET_LOG((" Couldn't set reuse port socket option: %d\n", + status)); + } + } + // disable the nagle algorithm - if we rely on it to coalesce writes into // full packets the final packet of a multi segment POST/PUT or pipeline // sequence is delayed a full rtt @@ -2469,6 +2496,13 @@ nsSocketTransport::SetTimeout(uint32_t type, uint32_t value) } NS_IMETHODIMP +nsSocketTransport::SetReuseAddrPort(bool reuseAddrPort) +{ + mReuseAddrPort = reuseAddrPort; + return NS_OK; +} + +NS_IMETHODIMP nsSocketTransport::SetQoSBits(uint8_t aQoSBits) { // Don't do any checking here of bits. Why? Because as of RFC-4594 diff --git a/netwerk/base/nsSocketTransport2.h b/netwerk/base/nsSocketTransport2.h index 89b75efa57..c36d46c04e 100644 --- a/netwerk/base/nsSocketTransport2.h +++ b/netwerk/base/nsSocketTransport2.h @@ -295,6 +295,7 @@ private: bool mProxyTransparentResolvesHost; bool mHttpsProxy; uint32_t mConnectionFlags; + bool mReuseAddrPort; // The origin attributes are used to create sockets. The first party domain // will eventually be used to isolate OCSP cache and is only non-empty when @@ -350,13 +351,13 @@ private: void OnMsgInputPending() { - MOZ_ASSERT(OnSocketThread(), "not on socket thread"); + NS_ASSERTION(PR_GetCurrentThread() == gSocketThread, "not on socket thread"); if (mState == STATE_TRANSFERRING) mPollFlags |= (PR_POLL_READ | PR_POLL_EXCEPT); } void OnMsgOutputPending() { - MOZ_ASSERT(OnSocketThread(), "not on socket thread"); + NS_ASSERTION(PR_GetCurrentThread() == gSocketThread, "not on socket thread"); if (mState == STATE_TRANSFERRING) mPollFlags |= (PR_POLL_WRITE | PR_POLL_EXCEPT); } diff --git a/netwerk/cache/moz.build b/netwerk/cache/moz.build index 32dddc1bab..03810fc288 100644 --- a/netwerk/cache/moz.build +++ b/netwerk/cache/moz.build @@ -20,7 +20,7 @@ EXPORTS += [ 'nsDeleteDir.h' ] -SOURCES += [ +UNIFIED_SOURCES += [ 'nsApplicationCacheService.cpp', 'nsCache.cpp', 'nsCacheEntry.cpp', diff --git a/netwerk/cache/nsApplicationCacheService.cpp b/netwerk/cache/nsApplicationCacheService.cpp index 17012518d4..c512b91695 100644 --- a/netwerk/cache/nsApplicationCacheService.cpp +++ b/netwerk/cache/nsApplicationCacheService.cpp @@ -16,8 +16,6 @@ using namespace mozilla; -static NS_DEFINE_CID(kCacheServiceCID, NS_CACHESERVICE_CID); - //----------------------------------------------------------------------------- // nsApplicationCacheService //----------------------------------------------------------------------------- diff --git a/netwerk/cache/nsDiskCacheDeviceSQL.cpp b/netwerk/cache/nsDiskCacheDeviceSQL.cpp index 297c0f362a..86ace05f7e 100644 --- a/netwerk/cache/nsDiskCacheDeviceSQL.cpp +++ b/netwerk/cache/nsDiskCacheDeviceSQL.cpp @@ -17,8 +17,6 @@ #include "nsCacheService.h" #include "nsApplicationCache.h" -#include "nsNetCID.h" -#include "nsNetUtil.h" #include "nsIURI.h" #include "nsAutoPtr.h" #include "nsEscape.h" @@ -55,7 +53,6 @@ using namespace mozilla::storage; using mozilla::NeckoOriginAttributes; static const char OFFLINE_CACHE_DEVICE_ID[] = { "offline" }; -static NS_DEFINE_CID(kCacheServiceCID, NS_CACHESERVICE_CID); #define LOG(args) CACHE_LOG_DEBUG(args) diff --git a/netwerk/cache/nsDiskCacheDeviceSQL.h b/netwerk/cache/nsDiskCacheDeviceSQL.h index fcde58d3d7..f6f8db2c7b 100644 --- a/netwerk/cache/nsDiskCacheDeviceSQL.h +++ b/netwerk/cache/nsDiskCacheDeviceSQL.h @@ -21,6 +21,10 @@ #include "nsWeakReference.h" #include "mozilla/Attributes.h" #include "mozilla/Mutex.h" +#include "nsNetCID.h" +#include "nsNetUtil.h" + +static NS_DEFINE_CID(kCacheServiceCID, NS_CACHESERVICE_CID); class nsIURI; class nsOfflineCacheDevice; diff --git a/netwerk/cache2/moz.build b/netwerk/cache2/moz.build index bc8dd0e426..90473a1d29 100644 --- a/netwerk/cache2/moz.build +++ b/netwerk/cache2/moz.build @@ -20,8 +20,7 @@ EXPORTS += [ 'CacheStorageService.h', ] -SOURCES += [ - 'AppCacheStorage.cpp', +UNIFIED_SOURCES += [ 'CacheEntry.cpp', 'CacheFile.cpp', 'CacheFileChunk.cpp', @@ -43,6 +42,11 @@ SOURCES += [ 'OldWrappers.cpp', ] +# AppCacheStorage.cpp cannot be built in unified mode because it uses plarena.h. +SOURCES += [ + 'AppCacheStorage.cpp', +] + LOCAL_INCLUDES += [ '/netwerk/base', '/netwerk/cache', diff --git a/netwerk/cookie/moz.build b/netwerk/cookie/moz.build index 2057950508..78e9333774 100644 --- a/netwerk/cookie/moz.build +++ b/netwerk/cookie/moz.build @@ -20,10 +20,13 @@ if CONFIG['NECKO_COOKIES']: 'CookieServiceChild.h', 'CookieServiceParent.h', ] - SOURCES += [ + UNIFIED_SOURCES += [ 'CookieServiceChild.cpp', 'CookieServiceParent.cpp', 'nsCookie.cpp', + ] + # nsCookieService.cpp can't be unified because of symbol conflicts + SOURCES += [ 'nsCookieService.cpp', ] LOCAL_INCLUDES += [ diff --git a/netwerk/cookie/nsCookieService.cpp b/netwerk/cookie/nsCookieService.cpp index 9a08bd1d79..828b8920c2 100644 --- a/netwerk/cookie/nsCookieService.cpp +++ b/netwerk/cookie/nsCookieService.cpp @@ -3344,6 +3344,10 @@ nsCookieService::SetCookieInternal(nsIURI *aHostURI, COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "failed the path tests"); return newCookie; } + if (!CheckHiddenPrefix(cookieAttributes)) { + COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "failed the CheckHiddenPrefix tests"); + return newCookie; + } // magic prefix checks. MUST be run after CheckDomain() and CheckPath() if (!CheckPrefixes(cookieAttributes, isHTTPS)) { COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "failed the prefix tests"); @@ -4042,7 +4046,7 @@ nsCookieService::CheckPrefs(nsIURI *aHostURI, // processes domain attribute, and returns true if host has permission to set for this domain. bool -nsCookieService::CheckDomain(nsCookieAttributes &aCookieAttributes, +nsCookieService::CheckDomain(nsCookieAttributes &aCookie, nsIURI *aHostURI, const nsCString &aBaseDomain, bool aRequireHostMatch) @@ -4057,15 +4061,15 @@ nsCookieService::CheckDomain(nsCookieAttributes &aCookieAttributes, aHostURI->GetAsciiHost(hostFromURI); // if a domain is given, check the host has permission - if (!aCookieAttributes.host.IsEmpty()) { + if (!aCookie.host.IsEmpty()) { // Tolerate leading '.' characters, but not if it's otherwise an empty host. - if (aCookieAttributes.host.Length() > 1 && - aCookieAttributes.host.First() == '.') { - aCookieAttributes.host.Cut(0, 1); + if (aCookie.host.Length() > 1 && + aCookie.host.First() == '.') { + aCookie.host.Cut(0, 1); } // switch to lowercase now, to avoid case-insensitive compares everywhere - ToLowerCase(aCookieAttributes.host); + ToLowerCase(aCookie.host); // check whether the host is either an IP address, an alias such as // 'localhost', an eTLD such as 'co.uk', or the empty string. in these @@ -4073,14 +4077,14 @@ nsCookieService::CheckDomain(nsCookieAttributes &aCookieAttributes, // as a non-domain one. bug 105917 originally noted the requirement to deal // with IP addresses. if (aRequireHostMatch) - return hostFromURI.Equals(aCookieAttributes.host); + return hostFromURI.Equals(aCookie.host); // ensure the proposed domain is derived from the base domain; and also // that the host domain is derived from the proposed domain (per RFC2109). - if (IsSubdomainOf(aCookieAttributes.host, aBaseDomain) && - IsSubdomainOf(hostFromURI, aCookieAttributes.host)) { + if (IsSubdomainOf(aCookie.host, aBaseDomain) && + IsSubdomainOf(hostFromURI, aCookie.host)) { // prepend a dot to indicate a domain cookie - aCookieAttributes.host.Insert(NS_LITERAL_CSTRING("."), 0); + aCookie.host.Insert(NS_LITERAL_CSTRING("."), 0); return true; } @@ -4095,7 +4099,7 @@ nsCookieService::CheckDomain(nsCookieAttributes &aCookieAttributes, } // no domain specified, use hostFromURI - aCookieAttributes.host = hostFromURI; + aCookie.host = hostFromURI; return true; } @@ -4121,12 +4125,12 @@ GetPathFromURI(nsIURI* aHostURI) } bool -nsCookieService::CheckPath(nsCookieAttributes &aCookieAttributes, +nsCookieService::CheckPath(nsCookieAttributes &aCookie, nsIURI *aHostURI) { // if a path is given, check the host has permission - if (aCookieAttributes.path.IsEmpty() || aCookieAttributes.path.First() != '/') { - aCookieAttributes.path = GetPathFromURI(aHostURI); + if (aCookie.path.IsEmpty() || aCookie.path.First() != '/') { + aCookie.path = GetPathFromURI(aHostURI); #if 0 } else { @@ -4139,19 +4143,42 @@ nsCookieService::CheckPath(nsCookieAttributes &aCookieAttributes, // get path from aHostURI nsAutoCString pathFromURI; if (NS_FAILED(aHostURI->GetPath(pathFromURI)) || - !StringBeginsWith(pathFromURI, aCookieAttributes.path)) { + !StringBeginsWith(pathFromURI, aCookie.path)) { return false; } #endif } - if (aCookieAttributes.path.Length() > kMaxBytesPerPath || - aCookieAttributes.path.Contains('\t')) + if (aCookie.path.Length() > kMaxBytesPerPath || + aCookie.path.Contains('\t')) return false; return true; } +bool +nsCookieService::CheckHiddenPrefix(nsCookieAttributes &aCookie) { + // If a cookie is nameless, then its value must not start with + // `__Host-` or `__Secure-` + if (aCookie.name.Length() != 0) { + return true; + } + + static const char kSecure[] = "__Secure-"; + static const char kHost[] = "__Host-"; + static const int kSecureLen = sizeof( kSecure ) - 1; + static const int kHostLen = sizeof( kHost ) - 1; + + bool isSecure = strncmp( aCookie.value.get(), kSecure, kSecureLen ) == 0; + bool isHost = strncmp( aCookie.value.get(), kHost, kHostLen ) == 0; + + if (isSecure || isHost) { + return false; + } + + return true; +} + // CheckPrefixes // // Reject cookies whose name starts with the magic prefixes from @@ -4161,7 +4188,7 @@ nsCookieService::CheckPath(nsCookieAttributes &aCookieAttributes, // Must not be called until after CheckDomain() and CheckPath() have // regularized and validated the nsCookieAttributes values! bool -nsCookieService::CheckPrefixes(nsCookieAttributes &aCookieAttributes, +nsCookieService::CheckPrefixes(nsCookieAttributes &aCookie, bool aSecureRequest) { static const char kSecure[] = "__Secure-"; @@ -4169,15 +4196,15 @@ nsCookieService::CheckPrefixes(nsCookieAttributes &aCookieAttributes, static const int kSecureLen = sizeof( kSecure ) - 1; static const int kHostLen = sizeof( kHost ) - 1; - bool isSecure = strncmp( aCookieAttributes.name.get(), kSecure, kSecureLen ) == 0; - bool isHost = strncmp( aCookieAttributes.name.get(), kHost, kHostLen ) == 0; + bool isSecure = strncmp( aCookie.value.get(), kSecure, kSecureLen ) == 0; + bool isHost = strncmp( aCookie.value.get(), kHost, kHostLen ) == 0; if ( !isSecure && !isHost ) { // not one of the magic prefixes: carry on return true; } - if ( !aSecureRequest || !aCookieAttributes.isSecure ) { + if ( !aSecureRequest || !aCookie.isSecure ) { // the magic prefixes may only be used from a secure request and // the secure attribute must be set on the cookie return false; @@ -4190,8 +4217,8 @@ nsCookieService::CheckPrefixes(nsCookieAttributes &aCookieAttributes, // them. In particular all explicit domain attributes result in a host // that starts with a dot, and if the host doesn't start with a dot it // correctly matches the true host. - if ( aCookieAttributes.host[0] == '.' || - !aCookieAttributes.path.EqualsLiteral( "/" )) { + if ( aCookie.host[0] == '.' || + !aCookie.path.EqualsLiteral( "/" )) { return false; } } @@ -4200,7 +4227,7 @@ nsCookieService::CheckPrefixes(nsCookieAttributes &aCookieAttributes, } bool -nsCookieService::GetExpiry(nsCookieAttributes &aCookieAttributes, +nsCookieService::GetExpiry(nsCookieAttributes &aCookie, int64_t aServerTime, int64_t aCurrentTime) { @@ -4212,10 +4239,10 @@ nsCookieService::GetExpiry(nsCookieAttributes &aCookieAttributes, * Note: We need to consider accounting for network lag here, per RFC. */ // check for max-age attribute first; this overrides expires attribute - if (!aCookieAttributes.maxage.IsEmpty()) { + if (!aCookie.maxage.IsEmpty()) { // obtain numeric value of maxageAttribute int64_t maxage; - int32_t numInts = PR_sscanf(aCookieAttributes.maxage.get(), "%lld", &maxage); + int32_t numInts = PR_sscanf(aCookie.maxage.get(), "%lld", &maxage); // default to session cookie if the conversion failed if (numInts != 1) { @@ -4224,14 +4251,14 @@ nsCookieService::GetExpiry(nsCookieAttributes &aCookieAttributes, // if this addition overflows, expiryTime will be less than currentTime // and the cookie will be expired - that's okay. - aCookieAttributes.expiryTime = aCurrentTime + maxage; + aCookie.expiryTime = aCurrentTime + maxage; // check for expires attribute - } else if (!aCookieAttributes.expires.IsEmpty()) { + } else if (!aCookie.expires.IsEmpty()) { PRTime expires; // parse expiry time - if (PR_ParseTimeString(aCookieAttributes.expires.get(), true, &expires) != PR_SUCCESS) { + if (PR_ParseTimeString(aCookie.expires.get(), true, &expires) != PR_SUCCESS) { return true; } @@ -4240,7 +4267,7 @@ nsCookieService::GetExpiry(nsCookieAttributes &aCookieAttributes, // Because if current time be set in the future, but the cookie expire // time be set less than current time and more than server time. // The cookie item have to be used to the expired cookie. - aCookieAttributes.expiryTime = expires / int64_t(PR_USEC_PER_SEC); + aCookie.expiryTime = expires / int64_t(PR_USEC_PER_SEC); // default to session cookie if no attributes found } else { diff --git a/netwerk/cookie/nsCookieService.h b/netwerk/cookie/nsCookieService.h index 185f0b4926..deb9fed330 100644 --- a/netwerk/cookie/nsCookieService.h +++ b/netwerk/cookie/nsCookieService.h @@ -307,6 +307,7 @@ class nsCookieService final : public nsICookieService CookieStatus CheckPrefs(nsIURI *aHostURI, bool aIsForeign, const char *aCookieHeader); bool CheckDomain(nsCookieAttributes &aCookie, nsIURI *aHostURI, const nsCString &aBaseDomain, bool aRequireHostMatch); static bool CheckPath(nsCookieAttributes &aCookie, nsIURI *aHostURI); + static bool CheckHiddenPrefix(nsCookieAttributes &aCookie); static bool CheckPrefixes(nsCookieAttributes &aCookie, bool aSecureRequest); static bool GetExpiry(nsCookieAttributes &aCookie, int64_t aServerTime, int64_t aCurrentTime); void RemoveAllFromMemory(); diff --git a/netwerk/dns/moz.build b/netwerk/dns/moz.build index 06ee6c8084..005b314f8d 100644 --- a/netwerk/dns/moz.build +++ b/netwerk/dns/moz.build @@ -28,6 +28,11 @@ EXPORTS.mozilla.net += [ ] SOURCES += [ + 'nsEffectiveTLDService.cpp', # Excluded from UNIFIED_SOURCES due to special build flags. + 'nsHostResolver.cpp', # Redefines LOG +] + +UNIFIED_SOURCES += [ 'ChildDNSService.cpp', 'DNS.cpp', 'DNSListenerProxy.cpp', @@ -35,8 +40,6 @@ SOURCES += [ 'DNSRequestParent.cpp', 'GetAddrInfo.cpp', 'nsDNSService2.cpp', - 'nsEffectiveTLDService.cpp', - 'nsHostResolver.cpp', 'nsIDNService.cpp', 'punycode.c', ] diff --git a/netwerk/ipc/moz.build b/netwerk/ipc/moz.build index 8571579f88..8d8bc7cb91 100644 --- a/netwerk/ipc/moz.build +++ b/netwerk/ipc/moz.build @@ -11,7 +11,7 @@ EXPORTS.mozilla.net += [ 'NeckoParent.h', ] -SOURCES += [ +UNIFIED_SOURCES += [ 'ChannelEventQueue.cpp', 'NeckoChild.cpp', 'NeckoCommon.cpp', diff --git a/netwerk/protocol/data/moz.build b/netwerk/protocol/data/moz.build index 0d5d27d429..54b76f8856 100644 --- a/netwerk/protocol/data/moz.build +++ b/netwerk/protocol/data/moz.build @@ -7,7 +7,7 @@ EXPORTS.mozilla.net += [ 'DataChannelParent.h', ] -SOURCES += [ +UNIFIED_SOURCES += [ 'DataChannelChild.cpp', 'DataChannelParent.cpp', 'nsDataChannel.cpp', diff --git a/netwerk/protocol/device/moz.build b/netwerk/protocol/device/moz.build index 2a52c9e5f0..37d6695bdb 100644 --- a/netwerk/protocol/device/moz.build +++ b/netwerk/protocol/device/moz.build @@ -3,7 +3,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -SOURCES += [ +UNIFIED_SOURCES += [ 'nsDeviceChannel.cpp', 'nsDeviceProtocolHandler.cpp', ] diff --git a/netwerk/protocol/file/moz.build b/netwerk/protocol/file/moz.build index ebfb4bd690..c58c033af1 100644 --- a/netwerk/protocol/file/moz.build +++ b/netwerk/protocol/file/moz.build @@ -14,7 +14,7 @@ XPIDL_SOURCES += [ XPIDL_MODULE = 'necko_file' -SOURCES += [ +UNIFIED_SOURCES += [ 'nsFileChannel.cpp', 'nsFileProtocolHandler.cpp', ] diff --git a/netwerk/protocol/ftp/moz.build b/netwerk/protocol/ftp/moz.build index a192ab40ce..18c7f0fdb7 100644 --- a/netwerk/protocol/ftp/moz.build +++ b/netwerk/protocol/ftp/moz.build @@ -19,7 +19,7 @@ EXPORTS.mozilla.net += [ 'FTPChannelParent.h', ] -SOURCES += [ +UNIFIED_SOURCES += [ 'FTPChannelChild.cpp', 'FTPChannelParent.cpp', 'nsFTPChannel.cpp', diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp index e62ec3a2e7..0b4929bbc8 100644 --- a/netwerk/protocol/http/HttpBaseChannel.cpp +++ b/netwerk/protocol/http/HttpBaseChannel.cpp @@ -1398,22 +1398,10 @@ HttpBaseChannel::SetReferrerWithPolicy(nsIURI *referrer, referrer = referrerGrip.get(); } - // - // block referrer if not on our white list... - // - static const char *const referrerWhiteList[] = { - "http", - "https", - "ftp", - nullptr - }; - match = false; - const char *const *scheme = referrerWhiteList; - for (; *scheme && !match; ++scheme) { - rv = referrer->SchemeIs(*scheme, &match); - if (NS_FAILED(rv)) return rv; + // Enforce Referrer whitelist + if (!IsReferrerSchemeAllowed(referrer)) { + return NS_OK; // kick out.... } - if (!match) return NS_OK; // kick out.... // // Handle secure referrals. @@ -2844,6 +2832,24 @@ HttpBaseChannel::AddCookiesToRequest() SetRequestHeader(nsDependentCString(nsHttp::Cookie), cookie, false); } +/* static */ +bool +HttpBaseChannel::IsReferrerSchemeAllowed(nsIURI *aReferrer) +{ + NS_ENSURE_TRUE(aReferrer, false); + + nsAutoCString scheme; + nsresult rv = aReferrer->GetScheme(scheme); + NS_ENSURE_SUCCESS(rv, false); + + if (scheme.EqualsIgnoreCase("https") || + scheme.EqualsIgnoreCase("http") || + scheme.EqualsIgnoreCase("ftp")) { + return true; + } + return false; +} + bool HttpBaseChannel::ShouldRewriteRedirectToGET(uint32_t httpStatus, nsHttpRequestHead::ParsedMethodType method) diff --git a/netwerk/protocol/http/HttpBaseChannel.h b/netwerk/protocol/http/HttpBaseChannel.h index 6b28eb455c..c915e86622 100644 --- a/netwerk/protocol/http/HttpBaseChannel.h +++ b/netwerk/protocol/http/HttpBaseChannel.h @@ -319,6 +319,8 @@ public: public: /* Necko internal use only... */ bool IsNavigation(); + static bool IsReferrerSchemeAllowed(nsIURI *aReferrer); + // Return whether upon a redirect code of httpStatus for method, the // request method should be rewritten to GET. static bool ShouldRewriteRedirectToGET(uint32_t httpStatus, diff --git a/netwerk/protocol/http/TunnelUtils.cpp b/netwerk/protocol/http/TunnelUtils.cpp index eeaf57f55c..01075d2c0c 100644 --- a/netwerk/protocol/http/TunnelUtils.cpp +++ b/netwerk/protocol/http/TunnelUtils.cpp @@ -1686,6 +1686,12 @@ SocketTransportShim::SetTimeout(uint32_t aType, uint32_t aValue) } NS_IMETHODIMP +SocketTransportShim::SetReuseAddrPort(bool aReuseAddrPort) +{ + return mWrapped->SetReuseAddrPort(aReuseAddrPort); +} + +NS_IMETHODIMP SocketTransportShim::GetQoSBits(uint8_t *aQoSBits) { return mWrapped->GetQoSBits(aQoSBits); diff --git a/netwerk/protocol/http/moz.build b/netwerk/protocol/http/moz.build index cf006a8c63..91fc897224 100644 --- a/netwerk/protocol/http/moz.build +++ b/netwerk/protocol/http/moz.build @@ -42,11 +42,18 @@ EXPORTS.mozilla.net += [ 'TimingStruct.h', ] +# ASpdySession.cpp and nsHttpAuthCache cannot be built in unified mode because +# they use plarena.h. SOURCES += [ - 'AltDataOutputStreamChild.cpp', - 'AltDataOutputStreamParent.cpp', 'AlternateServices.cpp', 'ASpdySession.cpp', + 'nsHttpAuthCache.cpp', + 'nsHttpChannelAuthProvider.cpp', # redefines GetAuthType +] + +UNIFIED_SOURCES += [ + 'AltDataOutputStreamChild.cpp', + 'AltDataOutputStreamParent.cpp', 'CacheControlParser.cpp', 'ConnectionDiagnostics.cpp', 'Http2Compression.cpp', @@ -62,17 +69,14 @@ SOURCES += [ 'nsCORSListenerProxy.cpp', 'nsHttp.cpp', 'nsHttpActivityDistributor.cpp', - 'nsHttpAuthCache.cpp', 'nsHttpAuthManager.cpp', 'nsHttpBasicAuth.cpp', 'nsHttpChannel.cpp', - 'nsHttpChannelAuthProvider.cpp', 'nsHttpChunkedDecoder.cpp', 'nsHttpConnection.cpp', 'nsHttpConnectionInfo.cpp', 'nsHttpConnectionMgr.cpp', 'nsHttpDigestAuth.cpp', - 'nsHttpHandler.cpp', 'nsHttpHeaderArray.cpp', 'nsHttpNTLMAuth.cpp', 'nsHttpPipeline.cpp', @@ -84,6 +88,11 @@ SOURCES += [ 'TunnelUtils.cpp', ] +# These files cannot be built in unified mode because of OS X headers. +SOURCES += [ + 'nsHttpHandler.cpp', +] + IPDL_SOURCES += [ 'PAltDataOutputStream.ipdl', 'PHttpChannel.ipdl', diff --git a/netwerk/protocol/http/nsCORSListenerProxy.cpp b/netwerk/protocol/http/nsCORSListenerProxy.cpp index c897297ce7..499c03094b 100644 --- a/netwerk/protocol/http/nsCORSListenerProxy.cpp +++ b/netwerk/protocol/http/nsCORSListenerProxy.cpp @@ -1169,7 +1169,8 @@ nsCORSPreflightListener::AddResultToCache(nsIRequest *aRequest) } uint32_t i; for (i = 0; i < entry->mMethods.Length(); ++i) { - if (entry->mMethods[i].token.Equals(method)) { + if ((entry->mMethods[i].token.EqualsLiteral("*") && !mWithCredentials) || + entry->mMethods[i].token.Equals(method)) { entry->mMethods[i].expirationTime = expirationTime; break; } @@ -1199,7 +1200,8 @@ nsCORSPreflightListener::AddResultToCache(nsIRequest *aRequest) } uint32_t i; for (i = 0; i < entry->mHeaders.Length(); ++i) { - if (entry->mHeaders[i].token.Equals(header)) { + if ((entry->mHeaders[i].token.EqualsLiteral("*") && !mWithCredentials) || + entry->mHeaders[i].token.Equals(header)) { entry->mHeaders[i].expirationTime = expirationTime; break; } @@ -1325,7 +1327,11 @@ nsCORSPreflightListener::CheckPreflightRequestApproved(nsIRequest* aRequest) NS_ConvertUTF8toUTF16(method).get()); return NS_ERROR_DOM_BAD_URI; } - foundMethod |= mPreflightMethod.Equals(method); + if (method.EqualsLiteral("*") && !mWithCredentials) { + foundMethod = true; + } else { + foundMethod |= mPreflightMethod.Equals(method); + } } if (!foundMethod) { LogBlockedRequest(aRequest, "CORSMethodNotFound", nullptr); @@ -1338,6 +1344,7 @@ nsCORSPreflightListener::CheckPreflightRequestApproved(nsIRequest* aRequest) headerVal); nsTArray<nsCString> headers; nsCCharSeparatedTokenizer headerTokens(headerVal, ','); + bool allowAllHeaders = false; while(headerTokens.hasMoreTokens()) { const nsDependentCSubstring& header = headerTokens.nextToken(); if (header.IsEmpty()) { @@ -1348,14 +1355,20 @@ nsCORSPreflightListener::CheckPreflightRequestApproved(nsIRequest* aRequest) NS_ConvertUTF8toUTF16(header).get()); return NS_ERROR_DOM_BAD_URI; } - headers.AppendElement(header); + if (header.EqualsLiteral("*") && !mWithCredentials) { + allowAllHeaders = true; + } else { + headers.AppendElement(header); + } } - for (uint32_t i = 0; i < mPreflightHeaders.Length(); ++i) { - if (!headers.Contains(mPreflightHeaders[i], - nsCaseInsensitiveCStringArrayComparator())) { - LogBlockedRequest(aRequest, "CORSMissingAllowHeaderFromPreflight", - NS_ConvertUTF8toUTF16(mPreflightHeaders[i]).get()); - return NS_ERROR_DOM_BAD_URI; + if (!allowAllHeaders) { + for (uint32_t i = 0; i < mPreflightHeaders.Length(); ++i) { + if (!headers.Contains(mPreflightHeaders[i], + nsCaseInsensitiveCStringArrayComparator())) { + LogBlockedRequest(aRequest, "CORSMissingAllowHeaderFromPreflight", + NS_ConvertUTF8toUTF16(mPreflightHeaders[i]).get()); + return NS_ERROR_DOM_BAD_URI; + } } } diff --git a/netwerk/protocol/http/nsHttpAtomList.h b/netwerk/protocol/http/nsHttpAtomList.h index 867ac0010d..e4b22e8da3 100644 --- a/netwerk/protocol/http/nsHttpAtomList.h +++ b/netwerk/protocol/http/nsHttpAtomList.h @@ -64,6 +64,7 @@ HTTP_ATOM(Lock_Token, "Lock-Token") HTTP_ATOM(Link, "Link") HTTP_ATOM(Location, "Location") HTTP_ATOM(Max_Forwards, "Max-Forwards") +HTTP_ATOM(Origin, "Origin") HTTP_ATOM(Overwrite, "Overwrite") HTTP_ATOM(Pragma, "Pragma") HTTP_ATOM(Prefer, "Prefer") diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp index 915a80fb68..ca2644f6ab 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp @@ -5710,6 +5710,7 @@ nsHttpChannel::BeginConnect() mRequestHead.SetHTTPS(isHttps); mRequestHead.SetOrigin(scheme, host, port); + SetOriginHeader(); SetGPC(); NeckoOriginAttributes originAttributes; @@ -7936,6 +7937,58 @@ nsHttpChannel::ResumeInternal() return NS_FAILED(rvTransaction) ? rvTransaction : rvCache; } +// Step 10 of HTTP-network-or-cache fetch +void +nsHttpChannel::SetOriginHeader() +{ + if (mRequestHead.IsGet() || mRequestHead.IsHead()) { + return; + } + nsAutoCString existingHeader; + Unused << mRequestHead.GetHeader(nsHttp::Origin, existingHeader); + if (!existingHeader.IsEmpty()) { + LOG(("nsHttpChannel::SetOriginHeader Origin header already present")); + return; + } + + DebugOnly<nsresult> rv; + + // Instead of consulting Preferences::GetInt() all the time we + // can cache the result to speed things up. + static int32_t sSendOriginHeader = 0; + static bool sIsInited = false; + if (!sIsInited) { + sIsInited = true; + Preferences::AddIntVarCache(&sSendOriginHeader, + "network.http.sendOriginHeader"); + } + if (sSendOriginHeader == 0) { + // Origin header suppressed by user setting + return; + } + + nsCOMPtr<nsIURI> referrer; + mLoadInfo->TriggeringPrincipal()->GetURI(getter_AddRefs(referrer)); + + nsAutoCString origin("null"); + if (referrer && IsReferrerSchemeAllowed(referrer)) { + nsContentUtils::GetASCIIOrigin(referrer, origin); + } + + // Restrict Origin to same-origin loads if requested by user + if (sSendOriginHeader == 1) { + nsAutoCString currentOrigin; + nsContentUtils::GetASCIIOrigin(mURI, currentOrigin); + if (!origin.EqualsIgnoreCase(currentOrigin.get())) { + // Origin header suppressed by user setting + return; + } + } + + rv = mRequestHead.SetHeader(nsHttp::Origin, origin, false /* merge */); + MOZ_ASSERT(NS_SUCCEEDED(rv)); +} + void nsHttpChannel::SetGPC() { diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h index 6e0680178c..2681f34764 100644 --- a/netwerk/protocol/http/nsHttpChannel.h +++ b/netwerk/protocol/http/nsHttpChannel.h @@ -452,6 +452,7 @@ private: void SetPushedStream(Http2PushedStreamWrapper *stream); + void SetOriginHeader(); void SetGPC(); private: diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp index 70d051f747..f23d9e9e9a 100644 --- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp +++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp @@ -2630,7 +2630,7 @@ nsHttpConnectionMgr::OnMsgCompleteUpgrade(int32_t, ARefBase *param) void nsHttpConnectionMgr::OnMsgUpdateParam(int32_t inParam, ARefBase *) { - MOZ_ASSERT(OnSocketThread(), "not on socket thread"); + NS_ASSERTION(PR_GetCurrentThread() == gSocketThread, "not on socket thread"); uint32_t param = static_cast<uint32_t>(inParam); uint16_t name = ((param) & 0xFFFF0000) >> 16; uint16_t value = param & 0x0000FFFF; diff --git a/netwerk/protocol/res/moz.build b/netwerk/protocol/res/moz.build index 0d8f7e8ccb..79051cdb44 100644 --- a/netwerk/protocol/res/moz.build +++ b/netwerk/protocol/res/moz.build @@ -10,7 +10,7 @@ XPIDL_SOURCES += [ XPIDL_MODULE = 'necko_res' -SOURCES += [ +UNIFIED_SOURCES += [ 'ExtensionProtocolHandler.cpp', 'nsResProtocolHandler.cpp', 'SubstitutingProtocolHandler.cpp', diff --git a/netwerk/protocol/viewsource/moz.build b/netwerk/protocol/viewsource/moz.build index 3cd326f8ae..0422e3c60a 100644 --- a/netwerk/protocol/viewsource/moz.build +++ b/netwerk/protocol/viewsource/moz.build @@ -9,7 +9,7 @@ XPIDL_SOURCES += [ XPIDL_MODULE = 'necko_viewsource' -SOURCES += [ +UNIFIED_SOURCES += [ 'nsViewSourceChannel.cpp', 'nsViewSourceHandler.cpp', ] diff --git a/netwerk/protocol/wyciwyg/moz.build b/netwerk/protocol/wyciwyg/moz.build index 47f5f01374..a9a6bdb90b 100644 --- a/netwerk/protocol/wyciwyg/moz.build +++ b/netwerk/protocol/wyciwyg/moz.build @@ -14,7 +14,7 @@ EXPORTS.mozilla.net += [ 'WyciwygChannelParent.h', ] -SOURCES += [ +UNIFIED_SOURCES += [ 'nsWyciwyg.cpp', 'nsWyciwygChannel.cpp', 'nsWyciwygProtocolHandler.cpp', diff --git a/netwerk/socket/moz.build b/netwerk/socket/moz.build index c539a96dbb..6f7525f401 100644 --- a/netwerk/socket/moz.build +++ b/netwerk/socket/moz.build @@ -17,7 +17,7 @@ LOCAL_INCLUDES += [ '/netwerk/base', ] -SOURCES += [ +UNIFIED_SOURCES += [ 'nsSocketProviderService.cpp', 'nsSOCKSIOLayer.cpp', 'nsSOCKSSocketProvider.cpp', @@ -28,7 +28,7 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'windows': XPIDL_SOURCES += [ 'nsINamedPipeService.idl', ] - SOURCES += [ + UNIFIED_SOURCES += [ 'nsNamedPipeIOLayer.cpp', 'nsNamedPipeService.cpp' ] diff --git a/netwerk/srtp/src/moz.build b/netwerk/srtp/src/moz.build index 29bf0addae..4b5e4311a5 100644 --- a/netwerk/srtp/src/moz.build +++ b/netwerk/srtp/src/moz.build @@ -3,7 +3,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -SOURCES += [ +UNIFIED_SOURCES += [ 'crypto/cipher/aes.c', 'crypto/cipher/aes_cbc.c', 'crypto/cipher/aes_icm.c', diff --git a/netwerk/streamconv/converters/moz.build b/netwerk/streamconv/converters/moz.build index 8630922404..22f544e4c4 100644 --- a/netwerk/streamconv/converters/moz.build +++ b/netwerk/streamconv/converters/moz.build @@ -9,7 +9,7 @@ XPIDL_SOURCES += [ XPIDL_MODULE = 'necko_http' -SOURCES += [ +UNIFIED_SOURCES += [ 'mozTXTToHTMLConv.cpp', 'nsDirIndex.cpp', 'nsDirIndexParser.cpp', @@ -21,13 +21,13 @@ SOURCES += [ ] if 'ftp' in CONFIG['NECKO_PROTOCOLS']: - SOURCES += [ + UNIFIED_SOURCES += [ 'nsFTPDirListingConv.cpp', 'ParseFTPList.cpp', ] if CONFIG['MOZ_WIDGET_TOOLKIT'] != 'cocoa': - SOURCES += [ + UNIFIED_SOURCES += [ 'nsBinHexDecoder.cpp', ] diff --git a/netwerk/wifi/moz.build b/netwerk/wifi/moz.build index 9d38dcc447..fc30584a03 100644 --- a/netwerk/wifi/moz.build +++ b/netwerk/wifi/moz.build @@ -11,13 +11,16 @@ XPIDL_SOURCES += [ XPIDL_MODULE = 'necko_wifi' -SOURCES += [ +UNIFIED_SOURCES += [ 'nsWifiAccessPoint.cpp', +] + +UNIFIED_SOURCES += [ 'nsWifiMonitor.cpp', ] if CONFIG['OS_ARCH'] == 'Darwin': - SOURCES += [ + UNIFIED_SOURCES += [ 'nsWifiScannerMac.cpp', ] SOURCES += [ @@ -28,23 +31,23 @@ if CONFIG['OS_ARCH'] == 'Darwin': # to accept the warnings when targeting the newer SDKs. SOURCES['osx_corewlan.mm'].flags += ['-Wno-error=objc-method-access'] elif CONFIG['OS_ARCH'] in ('DragonFly', 'FreeBSD'): - SOURCES += [ + UNIFIED_SOURCES += [ 'nsWifiScannerFreeBSD.cpp', ] elif CONFIG['OS_ARCH'] == 'WINNT': - SOURCES += [ + UNIFIED_SOURCES += [ 'nsWifiScannerWin.cpp', 'win_wifiScanner.cpp', 'win_wlanLibrary.cpp', ] elif CONFIG['OS_ARCH'] == 'SunOS': CXXFLAGS += CONFIG['GLIB_CFLAGS'] - SOURCES += [ + UNIFIED_SOURCES += [ 'nsWifiScannerSolaris.cpp', ] if CONFIG['NECKO_WIFI_DBUS']: - SOURCES += [ + UNIFIED_SOURCES += [ 'nsWifiScannerDBus.cpp', ] CXXFLAGS += ['-Wno-error=shadow'] |