image/ImageCacheKey.cpp

   1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* This Source Code Form is subject to the terms of the Mozilla Public
   3  * License, v. 2.0. If a copy of the MPL was not distributed with this
   4  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   5
   6 #include "ImageCacheKey.h"
   7
   8 #include <utility>
   9
  10 #include "mozilla/AntiTrackingUtils.h"
  11 #include "mozilla/HashFunctions.h"
  12 #include "mozilla/StorageAccess.h"
  13 #include "mozilla/StoragePrincipalHelper.h"
  14 #include "mozilla/Unused.h"
  15 #include "mozilla/dom/Document.h"
  16 #include "mozilla/dom/File.h"
  17 #include "mozilla/dom/ServiceWorkerManager.h"
  18 #include "mozilla/StaticPrefs_privacy.h"
  19 #include "mozilla/StorageAccess.h"
  20 #include "nsContentUtils.h"
  21 #include "nsHashKeys.h"
  22 #include "nsLayoutUtils.h"
  23 #include "nsPrintfCString.h"
  24 #include "nsString.h"
  25
  26 namespace mozilla {
  27
  28 using namespace dom;
  29
  30 namespace image {
  31
  32 ImageCacheKey::ImageCacheKey(nsIURI* aURI, CORSMode aCORSMode,
  33                              const OriginAttributes& aAttrs,
  34                              Document* aDocument)
  35     : mURI(aURI),
  36       mOriginAttributes(aAttrs),
  37       mControlledDocument(GetSpecialCaseDocumentToken(aDocument)),
  38       mIsolationKey(GetIsolationKey(aDocument, aURI)),
  39       mCORSMode(aCORSMode),
  40       mAppType(GetAppType(aDocument)) {}
  41
  42 ImageCacheKey::ImageCacheKey(const ImageCacheKey& aOther)
  43     : mURI(aOther.mURI),
  44       mOriginAttributes(aOther.mOriginAttributes),
  45       mControlledDocument(aOther.mControlledDocument),
  46       mIsolationKey(aOther.mIsolationKey),
  47       mHash(aOther.mHash),
  48       mCORSMode(aOther.mCORSMode),
  49       mAppType(aOther.mAppType) {}
  50
  51 ImageCacheKey::ImageCacheKey(ImageCacheKey&& aOther)
  52     : mURI(std::move(aOther.mURI)),
  53       mOriginAttributes(aOther.mOriginAttributes),
  54       mControlledDocument(aOther.mControlledDocument),
  55       mIsolationKey(aOther.mIsolationKey),
  56       mHash(aOther.mHash),
  57       mCORSMode(aOther.mCORSMode),
  58       mAppType(aOther.mAppType) {}
  59
  60 bool ImageCacheKey::operator==(const ImageCacheKey& aOther) const {
  61   // Don't share the image cache between a controlled document and anything
  62   // else.
  63   if (mControlledDocument != aOther.mControlledDocument) {
  64     return false;
  65   }
  66   // Don't share the image cache between two top-level documents of different
  67   // base domains.
  68   if (!mIsolationKey.Equals(aOther.mIsolationKey,
  69                             nsCaseInsensitiveCStringComparator)) {
  70     return false;
  71   }
  72   // The origin attributes always have to match.
  73   if (mOriginAttributes != aOther.mOriginAttributes) {
  74     return false;
  75   }
  76
  77   if (mCORSMode != aOther.mCORSMode) {
  78     return false;
  79   }
  80   // Don't share the image cache between two different appTypes
  81   if (mAppType != aOther.mAppType) {
  82     return false;
  83   }
  84
  85   // For non-blob URIs, compare the URIs.
  86   bool equals = false;
  87   nsresult rv = mURI->Equals(aOther.mURI, &equals);
  88   return NS_SUCCEEDED(rv) && equals;
  89 }
  90
  91 void ImageCacheKey::EnsureHash() const {
  92   MOZ_ASSERT(mHash.isNothing());
  93   PLDHashNumber hash = 0;
  94
  95   // Since we frequently call Hash() several times in a row on the same
  96   // ImageCacheKey, as an optimization we compute our hash once and store it.
  97
  98   nsPrintfCString ptr("%p", mControlledDocument);
  99   nsAutoCString suffix;
 100   mOriginAttributes.CreateSuffix(suffix);
 101
 102   nsAutoCString spec;
 103   Unused << mURI->GetSpec(spec);
 104   hash = HashString(spec);
 105
 106   hash = AddToHash(hash, HashString(suffix), HashString(mIsolationKey),
 107                    HashString(ptr), mAppType);
 108   mHash.emplace(hash);
 109 }
 110
 111 /* static */
 112 void* ImageCacheKey::GetSpecialCaseDocumentToken(Document* aDocument) {
 113   // Cookie-averse documents can never have storage granted to them.  Since they
 114   // may not have inner windows, they would require special handling below, so
 115   // just bail out early here.
 116   if (!aDocument || aDocument->IsCookieAverse()) {
 117     return nullptr;
 118   }
 119
 120   // For controlled documents, we cast the pointer into a void* to avoid
 121   // dereferencing it (since we only use it for comparisons).
 122   RefPtr<ServiceWorkerManager> swm = ServiceWorkerManager::GetInstance();
 123   if (swm && aDocument->GetController().isSome()) {
 124     return aDocument;
 125   }
 126
 127   return nullptr;
 128 }
 129
 130 /* static */
 131 nsCString ImageCacheKey::GetIsolationKey(Document* aDocument, nsIURI* aURI) {
 132   if (!aDocument || !aDocument->GetInnerWindow()) {
 133     return ""_ns;
 134   }
 135
 136   // Network-state isolation
 137   if (StaticPrefs::privacy_partition_network_state()) {
 138     OriginAttributes oa;
 139     StoragePrincipalHelper::GetOriginAttributesForNetworkState(aDocument, oa);
 140
 141     nsAutoCString suffix;
 142     oa.CreateSuffix(suffix);
 143
 144     return std::move(suffix);
 145   }
 146
 147   // If the window is 3rd party resource, let's see if first-party storage
 148   // access is granted for this image.
 149   if (AntiTrackingUtils::IsThirdPartyWindow(aDocument->GetInnerWindow(),
 150                                             nullptr)) {
 151     uint32_t rejectedReason = 0;
 152     Unused << rejectedReason;
 153     return ShouldAllowAccessFor(aDocument->GetInnerWindow(), aURI, true,
 154                                 &rejectedReason)
 155                ? ""_ns
 156                : aDocument->GetBaseDomain();
 157   }
 158
 159   // Another scenario is if this image is a 3rd party resource loaded by a
 160   // first party context. In this case, we should check if the nsIChannel has
 161   // been marked as tracking resource, but we don't have the channel yet at
 162   // this point.  The best approach here is to be conservative: if we are sure
 163   // that the permission is granted, let's return 0. Otherwise, let's make a
 164   // unique image cache per the top-level document eTLD+1.
 165   if (!ApproximateAllowAccessForWithoutChannel(aDocument->GetInnerWindow(),
 166                                                aURI)) {
 167     // If we are here, the image is a 3rd-party resource loaded by a first-party
 168     // context. We can just use the document's base domain as the key because it
 169     // should be the same as the top-level document's base domain.
 170     return aDocument
 171         ->GetBaseDomain();  // because we don't have anything better!
 172   }
 173
 174   return ""_ns;
 175 }
 176
 177 /* static */
 178 nsIDocShell::AppType ImageCacheKey::GetAppType(Document* aDocument) {
 179   if (!aDocument) {
 180     return nsIDocShell::APP_TYPE_UNKNOWN;
 181   }
 182
 183   nsCOMPtr<nsIDocShellTreeItem> dsti = aDocument->GetDocShell();
 184   if (!dsti) {
 185     return nsIDocShell::APP_TYPE_UNKNOWN;
 186   }
 187
 188   nsCOMPtr<nsIDocShellTreeItem> root;
 189   dsti->GetInProcessRootTreeItem(getter_AddRefs(root));
 190   if (nsCOMPtr<nsIDocShell> docShell = do_QueryInterface(root)) {
 191     return docShell->GetAppType();
 192   }
 193   return nsIDocShell::APP_TYPE_UNKNOWN;
 194 }
 195
 196 }  // namespace image
 197 }  // namespace mozilla