Skip to content

Commit

Permalink
Bug 1839920 - Rename Get{ASCII,UTF}Origin to GetWebExposedOriginSeria…
Browse files Browse the repository at this point in the history
…lization, r=smaug,necko-reviewers,anti-tracking-reviewers,bvandersloot,jesup

This should make uses of the type more clearly indicating where the
origin came from, and should help avoid potential confusion between this
origin and nsIPrincipal::origin in new code.

This new name is long, but explicit. The string returned from this
function corresponds to the "serialization of an origin" from the WHATWG
html spec:
https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin

Differential Revision: https://phabricator.services.mozilla.com/D181794
  • Loading branch information
mystor committed Jun 27, 2023
1 parent 270a273 commit 1fdee23
Show file tree
Hide file tree
Showing 35 changed files with 115 additions and 81 deletions.
4 changes: 2 additions & 2 deletions caps/BasePrincipal.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -86,14 +86,14 @@ BasePrincipal::GetOrigin(nsACString& aOrigin) {
}

NS_IMETHODIMP
BasePrincipal::GetAsciiOrigin(nsACString& aOrigin) {
BasePrincipal::GetWebExposedOriginSerialization(nsACString& aOrigin) {
aOrigin.Truncate();
nsCOMPtr<nsIURI> prinURI;
nsresult rv = GetURI(getter_AddRefs(prinURI));
if (NS_FAILED(rv) || !prinURI) {
return NS_ERROR_NOT_AVAILABLE;
}
return nsContentUtils::GetASCIIOrigin(prinURI, aOrigin);
return nsContentUtils::GetWebExposedOriginSerialization(prinURI, aOrigin);
}

NS_IMETHODIMP
Expand Down
2 changes: 1 addition & 1 deletion caps/BasePrincipal.h
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ class BasePrincipal : public nsJSPrincipals {
DocumentDomainConsideration aConsideration);

NS_IMETHOD GetOrigin(nsACString& aOrigin) final;
NS_IMETHOD GetAsciiOrigin(nsACString& aOrigin) override;
NS_IMETHOD GetWebExposedOriginSerialization(nsACString& aOrigin) override;
NS_IMETHOD GetOriginNoSuffix(nsACString& aOrigin) final;
NS_IMETHOD Equals(nsIPrincipal* other, bool* _retval) final;
NS_IMETHOD EqualsConsideringDomain(nsIPrincipal* other, bool* _retval) final;
Expand Down
13 changes: 10 additions & 3 deletions caps/nsIPrincipal.idl
Original file line number Diff line number Diff line change
Expand Up @@ -271,12 +271,19 @@ interface nsIPrincipal : nsISupports
readonly attribute ACString origin;

/**
* Returns an ASCII compatible representation
* of the principals Origin
* Returns an ASCII compatible serialization of the principal's origin, as
* specified by the whatwg HTML specification. If the principal does not
* have a host, the origin will be "null".
*
* https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
*
* Note that this is different from `origin`, does not contain
* gecko-specific metadata like origin attributes, and should not be used
* for permissions or security checks.
*
* May be called from any thread.
*/
[noscript] readonly attribute ACString asciiOrigin;
[noscript] readonly attribute ACString webExposedOriginSerialization;

/**
* Returns the "host:port" portion of the
Expand Down
2 changes: 1 addition & 1 deletion dom/base/EventSource.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -572,7 +572,7 @@ nsresult EventSourceImpl::ParseURL(const nsAString& aURL) {
NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SYNTAX_ERR);

nsAutoString origin;
rv = nsContentUtils::GetUTFOrigin(srcURI, origin);
rv = nsContentUtils::GetWebExposedOriginSerialization(srcURI, origin);
NS_ENSURE_SUCCESS(rv, rv);

nsAutoCString spec;
Expand Down
2 changes: 1 addition & 1 deletion dom/base/Link.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -313,7 +313,7 @@ void Link::GetOrigin(nsAString& aOrigin) {
}

nsString origin;
nsContentUtils::GetUTFOrigin(uri, origin);
nsContentUtils::GetWebExposedOriginSerialization(uri, origin);
aOrigin.Assign(origin);
}

Expand Down
2 changes: 1 addition & 1 deletion dom/base/Location.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,7 @@ void Location::GetOrigin(nsAString& aOrigin, nsIPrincipal& aSubjectPrincipal,
}

nsAutoString origin;
aRv = nsContentUtils::GetUTFOrigin(uri, origin);
aRv = nsContentUtils::GetWebExposedOriginSerialization(uri, origin);
if (NS_WARN_IF(aRv.Failed())) {
return;
}
Expand Down
6 changes: 4 additions & 2 deletions dom/base/PostMessageEvent.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -120,9 +120,11 @@ MOZ_CAN_RUN_SCRIPT_BOUNDARY NS_IMETHODIMP PostMessageEvent::Run() {
"Target and source should have the same userContextId attribute.");

nsAutoString providedOrigin, targetOrigin;
nsresult rv = nsContentUtils::GetUTFOrigin(targetPrin, targetOrigin);
nsresult rv = nsContentUtils::GetWebExposedOriginSerialization(
targetPrin, targetOrigin);
NS_ENSURE_SUCCESS(rv, rv);
rv = nsContentUtils::GetUTFOrigin(mProvidedPrincipal, providedOrigin);
rv = nsContentUtils::GetWebExposedOriginSerialization(mProvidedPrincipal,
providedOrigin);
NS_ENSURE_SUCCESS(rv, rv);

nsAutoString errorText;
Expand Down
31 changes: 17 additions & 14 deletions dom/base/nsContentUtils.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2457,7 +2457,7 @@ bool nsContentUtils::ShouldResistFingerprinting_dangerous(
if (MOZ_LOG_TEST(nsContentUtils::ResistFingerprintingLog(),
mozilla::LogLevel::Debug)) {
nsAutoCString origin;
aPrincipal->GetAsciiOrigin(origin);
aPrincipal->GetWebExposedOriginSerialization(origin);
LogDomainAndPrefList(kExemptedDomainsPrefName, origin, isExemptDomain);
}

Expand Down Expand Up @@ -6509,7 +6509,8 @@ SameOriginCheckerImpl::GetInterface(const nsIID& aIID, void** aResult) {
}

/* static */
nsresult nsContentUtils::GetASCIIOrigin(nsIURI* aURI, nsACString& aOrigin) {
nsresult nsContentUtils::GetWebExposedOriginSerialization(nsIURI* aURI,
nsACString& aOrigin) {
MOZ_ASSERT(aURI, "missing uri");

// For Blob URI, the path is the URL of the owning page.
Expand All @@ -6525,7 +6526,7 @@ nsresult nsContentUtils::GetASCIIOrigin(nsIURI* aURI, nsACString& aOrigin) {
return NS_OK;
}

return GetASCIIOrigin(uri, aOrigin);
return GetWebExposedOriginSerialization(uri, aOrigin);
}

aOrigin.Truncate();
Expand Down Expand Up @@ -6558,24 +6559,26 @@ nsresult nsContentUtils::GetASCIIOrigin(nsIURI* aURI, nsACString& aOrigin) {
}

/* static */
nsresult nsContentUtils::GetUTFOrigin(nsIPrincipal* aPrincipal,
nsAString& aOrigin) {
nsresult nsContentUtils::GetWebExposedOriginSerialization(
nsIPrincipal* aPrincipal, nsAString& aOrigin) {
MOZ_ASSERT(aPrincipal, "missing principal");

aOrigin.Truncate();
nsAutoCString asciiOrigin;
nsAutoCString webExposedOriginSerialization;

nsresult rv = aPrincipal->GetAsciiOrigin(asciiOrigin);
nsresult rv = aPrincipal->GetWebExposedOriginSerialization(
webExposedOriginSerialization);
if (NS_FAILED(rv)) {
asciiOrigin.AssignLiteral("null");
webExposedOriginSerialization.AssignLiteral("null");
}

CopyUTF8toUTF16(asciiOrigin, aOrigin);
CopyUTF8toUTF16(webExposedOriginSerialization, aOrigin);
return NS_OK;
}

/* static */
nsresult nsContentUtils::GetUTFOrigin(nsIURI* aURI, nsAString& aOrigin) {
nsresult nsContentUtils::GetWebExposedOriginSerialization(nsIURI* aURI,
nsAString& aOrigin) {
MOZ_ASSERT(aURI, "missing uri");
nsresult rv;

Expand All @@ -6588,15 +6591,15 @@ nsresult nsContentUtils::GetUTFOrigin(nsIURI* aURI, nsAString& aOrigin) {
rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
NS_ENSURE_SUCCESS(rv, rv);

return GetUTFOrigin(origin, aOrigin);
return GetWebExposedOriginSerialization(origin, aOrigin);
}
#endif

nsAutoCString asciiOrigin;
rv = GetASCIIOrigin(aURI, asciiOrigin);
nsAutoCString webExposedOriginSerialization;
rv = GetWebExposedOriginSerialization(aURI, webExposedOriginSerialization);
NS_ENSURE_SUCCESS(rv, rv);

CopyUTF8toUTF16(asciiOrigin, aOrigin);
CopyUTF8toUTF16(webExposedOriginSerialization, aOrigin);
return NS_OK;
}

Expand Down
30 changes: 18 additions & 12 deletions dom/base/nsContentUtils.h
Original file line number Diff line number Diff line change
Expand Up @@ -2254,24 +2254,30 @@ class nsContentUtils {
static nsIInterfaceRequestor* SameOriginChecker();

/**
* Get the Origin of the passed in nsIPrincipal or nsIURI. If the passed in
* nsIURI or the URI of the passed in nsIPrincipal does not have a host, the
* origin is set to 'null'.
* Returns an ASCII compatible serialization of the nsIPrincipal or nsIURI's
* origin, as specified by the whatwg HTML specification. If the principal
* does not have a host, the origin will be "null".
*
* The ASCII versions return a ASCII strings that are puny-code encoded,
* suitable for, for example, header values. The UTF versions return strings
* containing international characters.
* https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
*
* The thread-safe versions return NS_ERROR_UNKNOWN_PROTOCOL if the
* operation cannot be completed on the current thread.
* Note that this is different from nsIPrincipal::GetOrigin, does not contain
* gecko-specific metadata like origin attributes, and should not be used for
* permissions or security checks.
*
* @pre aPrincipal/aOrigin must not be null.
* See also `nsIPrincipal::GetWebExposedOriginSerialization`.
*
* These methods are thread-safe.
*
* @pre aPrincipal/aURI must not be null.
*
* @note this should be used for HTML5 origin determination.
*/
static nsresult GetASCIIOrigin(nsIURI* aURI, nsACString& aOrigin);
static nsresult GetUTFOrigin(nsIPrincipal* aPrincipal, nsAString& aOrigin);
static nsresult GetUTFOrigin(nsIURI* aURI, nsAString& aOrigin);
static nsresult GetWebExposedOriginSerialization(nsIURI* aURI,
nsACString& aOrigin);
static nsresult GetWebExposedOriginSerialization(nsIPrincipal* aPrincipal,
nsAString& aOrigin);
static nsresult GetWebExposedOriginSerialization(nsIURI* aURI,
nsAString& aOrigin);

/**
* This method creates and dispatches "command" event, which implements
Expand Down
2 changes: 1 addition & 1 deletion dom/base/nsDOMDataChannel.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ nsresult nsDOMDataChannel::Init(nsPIDOMWindowInner* aDOMWindow) {
rv = CheckCurrentGlobalCorrectness();
NS_ENSURE_SUCCESS(rv, rv);

rv = nsContentUtils::GetUTFOrigin(principal, mOrigin);
rv = nsContentUtils::GetWebExposedOriginSerialization(principal, mOrigin);
DC_DEBUG(("%s: origin = %s\n", __FUNCTION__,
NS_LossyConvertUTF16toASCII(mOrigin).get()));
return rv;
Expand Down
2 changes: 1 addition & 1 deletion dom/base/nsGlobalWindowInner.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -4147,7 +4147,7 @@ bool nsGlobalWindowInner::Find(const nsAString& aString, bool aCaseSensitive,
}

void nsGlobalWindowInner::GetOrigin(nsAString& aOrigin) {
nsContentUtils::GetUTFOrigin(GetPrincipal(), aOrigin);
nsContentUtils::GetWebExposedOriginSerialization(GetPrincipal(), aOrigin);
}

// See also AutoJSAPI::ReportException
Expand Down
10 changes: 5 additions & 5 deletions dom/base/nsGlobalWindowOuter.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2616,7 +2616,7 @@ void nsGlobalWindowOuter::DispatchDOMWindowCreated() {
if (observerService && mDoc) {
nsAutoString origin;
nsIPrincipal* principal = mDoc->NodePrincipal();
nsContentUtils::GetUTFOrigin(principal, origin);
nsContentUtils::GetWebExposedOriginSerialization(principal, origin);
observerService->NotifyObservers(static_cast<nsIDOMWindow*>(this),
principal->IsSystemPrincipal()
? "chrome-document-global-created"
Expand Down Expand Up @@ -5652,15 +5652,15 @@ bool nsGlobalWindowOuter::GatherPostMessageData(

// if the principal has a URI, use that to generate the origin
if (!callerPrin->IsSystemPrincipal()) {
nsAutoCString asciiOrigin;
callerPrin->GetAsciiOrigin(asciiOrigin);
CopyUTF8toUTF16(asciiOrigin, aOrigin);
nsAutoCString webExposedOriginSerialization;
callerPrin->GetWebExposedOriginSerialization(webExposedOriginSerialization);
CopyUTF8toUTF16(webExposedOriginSerialization, aOrigin);
} else if (callerInnerWin) {
if (!*aCallerURI) {
return false;
}
// otherwise use the URI of the document to generate origin
nsContentUtils::GetUTFOrigin(*aCallerURI, aOrigin);
nsContentUtils::GetWebExposedOriginSerialization(*aCallerURI, aOrigin);
} else {
// in case of a sandbox with a system principal origin can be empty
if (!callerPrin->IsSystemPrincipal()) {
Expand Down
3 changes: 2 additions & 1 deletion dom/broadcastchannel/BroadcastChannel.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,8 @@ already_AddRefed<BroadcastChannel> BroadcastChannel::Constructor(
}

nsString originForEvents;
aRv = nsContentUtils::GetUTFOrigin(storagePrincipal, originForEvents);
aRv = nsContentUtils::GetWebExposedOriginSerialization(storagePrincipal,
originForEvents);
if (NS_WARN_IF(aRv.Failed())) {
return nullptr;
}
Expand Down
2 changes: 1 addition & 1 deletion dom/file/uri/BlobURLProtocolHandler.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -717,7 +717,7 @@ nsresult BlobURLProtocolHandler::GenerateURIString(nsIPrincipal* aPrincipal,

if (aPrincipal) {
nsAutoCString origin;
rv = aPrincipal->GetAsciiOrigin(origin);
rv = aPrincipal->GetWebExposedOriginSerialization(origin);
if (NS_FAILED(rv)) {
origin.AssignLiteral("null");
}
Expand Down
2 changes: 1 addition & 1 deletion dom/midi/MIDIPort.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ MIDIPort::~MIDIPort() {
bool MIDIPort::Initialize(const MIDIPortInfo& aPortInfo, bool aSysexEnabled) {
nsIURI* uri = GetDocumentIfCurrent()->GetDocumentURI();
nsAutoCString origin;
nsresult rv = nsContentUtils::GetASCIIOrigin(uri, origin);
nsresult rv = nsContentUtils::GetWebExposedOriginSerialization(uri, origin);
if (NS_FAILED(rv)) {
return false;
}
Expand Down
3 changes: 2 additions & 1 deletion dom/notification/Notification.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1880,7 +1880,8 @@ nsresult Notification::GetOrigin(nsIPrincipal* aPrincipal, nsString& aOrigin) {
return NS_ERROR_FAILURE;
}

nsresult rv = nsContentUtils::GetUTFOrigin(aPrincipal, aOrigin);
nsresult rv =
nsContentUtils::GetWebExposedOriginSerialization(aPrincipal, aOrigin);
NS_ENSURE_SUCCESS(rv, rv);

return NS_OK;
Expand Down
4 changes: 2 additions & 2 deletions dom/security/nsContentSecurityManager.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1763,7 +1763,7 @@ void nsContentSecurityManager::GetSerializedOrigin(
// have a redirect-tainted origin, so we return the origin of the request
// here.
if (!lastOrigin) {
aOrigin->GetAsciiOrigin(aSerializedOrigin);
aOrigin->GetWebExposedOriginSerialization(aSerializedOrigin);
return;
}

Expand All @@ -1773,7 +1773,7 @@ void nsContentSecurityManager::GetSerializedOrigin(
return;
}

aOrigin->GetAsciiOrigin(aSerializedOrigin);
aOrigin->GetWebExposedOriginSerialization(aSerializedOrigin);
}

// https://html.spec.whatwg.org/multipage/browsers.html#compatible-with-cross-origin-isolation
Expand Down
3 changes: 2 additions & 1 deletion dom/url/URL.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,8 @@ void URL::SetHref(const nsAString& aHref, ErrorResult& aRv) {
}

void URL::GetOrigin(nsAString& aOrigin) const {
nsresult rv = nsContentUtils::GetUTFOrigin(URI(), aOrigin);
nsresult rv =
nsContentUtils::GetWebExposedOriginSerialization(URI(), aOrigin);
if (NS_WARN_IF(NS_FAILED(rv))) {
aOrigin.Truncate();
}
Expand Down
3 changes: 2 additions & 1 deletion dom/webauthn/WebAuthnManager.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,8 @@ nsresult GetOrigin(nsPIDOMWindowInner* aParent,
MOZ_ASSERT(doc);

nsCOMPtr<nsIPrincipal> principal = doc->NodePrincipal();
nsresult rv = nsContentUtils::GetUTFOrigin(principal, aOrigin);
nsresult rv =
nsContentUtils::GetWebExposedOriginSerialization(principal, aOrigin);
if (NS_WARN_IF(NS_FAILED(rv)) || NS_WARN_IF(aOrigin.IsEmpty())) {
return NS_ERROR_FAILURE;
}
Expand Down
14 changes: 8 additions & 6 deletions dom/websocket/WebSocket.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1771,10 +1771,11 @@ nsresult WebSocketImpl::AsyncOpen(
MOZ_ASSERT(NS_IsMainThread(), "Not running on main thread");
MOZ_ASSERT_IF(!aTransportProvider, aNegotiatedExtensions.IsEmpty());

nsCString asciiOrigin;
nsresult rv = aPrincipal->GetAsciiOrigin(asciiOrigin);
nsCString webExposedOriginSerialization;
nsresult rv = aPrincipal->GetWebExposedOriginSerialization(
webExposedOriginSerialization);
if (NS_FAILED(rv)) {
asciiOrigin.AssignLiteral("null");
webExposedOriginSerialization.AssignLiteral("null");
}

if (aTransportProvider) {
Expand All @@ -1783,15 +1784,15 @@ nsresult WebSocketImpl::AsyncOpen(
NS_ENSURE_SUCCESS(rv, rv);
}

ToLowerCase(asciiOrigin);
ToLowerCase(webExposedOriginSerialization);

nsCOMPtr<nsIURI> uri;
if (!aTransportProvider) {
rv = NS_NewURI(getter_AddRefs(uri), mURI);
MOZ_ASSERT(NS_SUCCEEDED(rv));
}

rv = mChannel->AsyncOpenNative(uri, asciiOrigin,
rv = mChannel->AsyncOpenNative(uri, webExposedOriginSerialization,
aPrincipal->OriginAttributesRef(),
aInnerWindowID, this, nullptr);
if (NS_WARN_IF(NS_FAILED(rv))) {
Expand Down Expand Up @@ -2120,7 +2121,8 @@ nsresult WebSocketImpl::ParseURL(const nsAString& aURL) {
return NS_ERROR_DOM_SYNTAX_ERR;
}

rv = nsContentUtils::GetUTFOrigin(parsedURL, mUTF16Origin);
rv =
nsContentUtils::GetWebExposedOriginSerialization(parsedURL, mUTF16Origin);
NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SYNTAX_ERR);

mAsciiHost = host;
Expand Down
3 changes: 2 additions & 1 deletion dom/workers/WorkerPrivate.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2220,7 +2220,8 @@ void WorkerPrivate::SetBaseURI(nsIURI* aBaseURI) {
mLocationInfo.mHost.Assign(mLocationInfo.mHostname);
}

nsContentUtils::GetUTFOrigin(aBaseURI, mLocationInfo.mOrigin);
nsContentUtils::GetWebExposedOriginSerialization(aBaseURI,
mLocationInfo.mOrigin);
}

nsresult WorkerPrivate::SetPrincipalsAndCSPOnMainThread(
Expand Down
Loading

0 comments on commit 1fdee23

Please sign in to comment.