Bug Summary

File:var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include/nsDocShellLoadState.h
Warning:line 43, column 7
Excessive padding in 'class nsDocShellLoadState' (47 padding bytes, where 7 is optimal). Optimal fields order: mRefCnt, _mOwningThread, mReferrerInfo, mURI, mOriginalURI, mResultPrincipalURI, mTriggeringPrincipal, mTriggeringWindowId, mCsp, mPrincipalToInherit, mPartitionedPrincipalToInherit, mHttpsFirstDowngradeData, mSHEntry, mLoadingSessionHistoryInfo, mPostDataStream, mHeadersStream, mBaseURI, mPendingRedirectedChannel, mChannelRegistrarId, mLoadIdentifier, mUnstrippedURI, mTarget, mTargetBrowsingContext, mSrcdocData, mSourceBrowsingContext, mTypeHint, mFileName, mTriggeringRemoteType, mOriginalURIString, mRemoteTypeOverride, mTriggeringSandboxFlags, mLoadType, mLoadFlags, mInternalLoadFlags, mHttpsUpgradeTelemetry, mCancelContentJSEpoch, mResultPrincipalURIIsSome, mTriggeringStorageAccess, mKeepResultPrincipalURIIfSet, mLoadReplace, mInheritPrincipal, mPrincipalIsExplicit, mNotifiedBeforeUnloadListeners, mForceAllowDataURI, mIsExemptFromHTTPSFirstMode, mOriginalFrameSrc, mShouldCheckForRecursion, mIsFormSubmission, mFirstParty, mHasValidUserGestureActivation, mTextDirectiveUserActivation, mAllowFocusMove, mIsFromProcessingFrameAttributes, mChannelInitialized, mIsMetaRefresh, mWasCreatedRemotely, mSchemelessInput, consider reordering the fields or adding explicit padding members

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name Unified_cpp_accessible_base0.cpp -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -relaxed-aliasing -ffp-contract=off -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/accessible/base -fcoverage-compilation-dir=/var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/accessible/base -resource-dir /usr/lib/llvm-20/lib/clang/20 -include /var/lib/jenkins/workspace/firefox-scan-build/config/gcc_hidden.h -include /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/mozilla-config.h -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/stl_wrappers -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/system_wrappers -U _FORTIFY_SOURCE -D _FORTIFY_SOURCE=2 -D _GLIBCXX_ASSERTIONS -D DEBUG=1 -D MOZ_HAS_MOZGLUE -D MOZILLA_INTERNAL_API -D IMPL_LIBXUL -D MOZ_SUPPORT_LEAKCHECKING -D STATIC_EXPORTABLE_JS_API -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/base -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/accessible/base -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/generic -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/html -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/ipc -I /var/lib/jenkins/workspace/firefox-scan-build/dom/base -I /var/lib/jenkins/workspace/firefox-scan-build/dom/xul -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/xpcom -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/xul -I /var/lib/jenkins/workspace/firefox-scan-build/dom/base -I /var/lib/jenkins/workspace/firefox-scan-build/ipc/chromium/src -I /var/lib/jenkins/workspace/firefox-scan-build/layout/generic -I /var/lib/jenkins/workspace/firefox-scan-build/layout/style -I /var/lib/jenkins/workspace/firefox-scan-build/layout/xul -I /var/lib/jenkins/workspace/firefox-scan-build/layout/xul/tree -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/atk -I /var/lib/jenkins/workspace/firefox-scan-build/gfx/cairo/cairo/src -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/ipc/ipdl/_ipdlheaders -I /var/lib/jenkins/workspace/firefox-scan-build/ipc/chromium/src -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include/nspr -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include/nss -D MOZILLA_CLIENT -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../include/c++/14 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../include/x86_64-linux-gnu/c++/14 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../include/c++/14/backward -internal-isystem /usr/lib/llvm-20/lib/clang/20/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-error=tautological-type-limit-compare -Wno-invalid-offsetof -Wno-range-loop-analysis -Wno-deprecated-anon-enum-enum-conversion -Wno-deprecated-enum-enum-conversion -Wno-deprecated-this-capture -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-error=atomic-alignment -Wno-error=deprecated-builtins -Wno-psabi -Wno-error=builtin-macro-redefined -Wno-vla-cxx-extension -Wno-unknown-warning-option -fdeprecated-macro -ferror-limit 19 -fstrict-flex-arrays=1 -stack-protector 2 -fstack-clash-protection -ftrivial-auto-var-init=pattern -fno-rtti -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fno-sized-deallocation -fno-aligned-allocation -vectorize-loops -vectorize-slp -analyzer-checker optin.performance.Padding -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2025-01-20-090804-167946-1 -x c++ Unified_cpp_accessible_base0.cpp
1/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3/* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7#ifndef nsDocShellLoadState_h__
8#define nsDocShellLoadState_h__
9
10#include "mozilla/dom/BrowsingContext.h"
11#include "mozilla/dom/SessionHistoryEntry.h"
12
13#include "nsILoadInfo.h"
14
15// Helper Classes
16#include "mozilla/Maybe.h"
17#include "nsCOMPtr.h"
18#include "nsString.h"
19#include "nsDocShellLoadTypes.h"
20#include "nsTArrayForwardDeclare.h"
21
22class nsIContentSecurityPolicy;
23class nsIInputStream;
24class nsISHEntry;
25class nsIURI;
26class nsIDocShell;
27class nsIChannel;
28class nsIReferrerInfo;
29struct HTTPSFirstDowngradeData;
30namespace mozilla {
31class OriginAttributes;
32template <typename, class>
33class UniquePtr;
34namespace dom {
35class DocShellLoadStateInit;
36} // namespace dom
37} // namespace mozilla
38
39/**
40 * nsDocShellLoadState contains setup information used in a nsIDocShell::loadURI
41 * call.
42 */
43class nsDocShellLoadState final {
Excessive padding in 'class nsDocShellLoadState' (47 padding bytes, where 7 is optimal). Optimal fields order: mRefCnt, _mOwningThread, mReferrerInfo, mURI, mOriginalURI, mResultPrincipalURI, mTriggeringPrincipal, mTriggeringWindowId, mCsp, mPrincipalToInherit, mPartitionedPrincipalToInherit, mHttpsFirstDowngradeData, mSHEntry, mLoadingSessionHistoryInfo, mPostDataStream, mHeadersStream, mBaseURI, mPendingRedirectedChannel, mChannelRegistrarId, mLoadIdentifier, mUnstrippedURI, mTarget, mTargetBrowsingContext, mSrcdocData, mSourceBrowsingContext, mTypeHint, mFileName, mTriggeringRemoteType, mOriginalURIString, mRemoteTypeOverride, mTriggeringSandboxFlags, mLoadType, mLoadFlags, mInternalLoadFlags, mHttpsUpgradeTelemetry, mCancelContentJSEpoch, mResultPrincipalURIIsSome, mTriggeringStorageAccess, mKeepResultPrincipalURIIfSet, mLoadReplace, mInheritPrincipal, mPrincipalIsExplicit, mNotifiedBeforeUnloadListeners, mForceAllowDataURI, mIsExemptFromHTTPSFirstMode, mOriginalFrameSrc, mShouldCheckForRecursion, mIsFormSubmission, mFirstParty, mHasValidUserGestureActivation, mTextDirectiveUserActivation, mAllowFocusMove, mIsFromProcessingFrameAttributes, mChannelInitialized, mIsMetaRefresh, mWasCreatedRemotely, mSchemelessInput, consider reordering the fields or adding explicit padding members
44 using BrowsingContext = mozilla::dom::BrowsingContext;
45 template <typename T>
46 using MaybeDiscarded = mozilla::dom::MaybeDiscarded<T>;
47
48 public:
49 NS_INLINE_DECL_REFCOUNTING(nsDocShellLoadState)public: MozExternalRefCountType AddRef(void) { static_assert(
!std::is_destructible_v<nsDocShellLoadState>, "Reference-counted class "
"nsDocShellLoadState" " should not have a public destructor. "
"Make this class's destructor non-public"); do { static_assert
( mozilla::detail::AssertionConditionType<decltype(int32_t
(mRefCnt) >= 0)>::isValid, "invalid assertion condition"
); if ((__builtin_expect(!!(!(!!(int32_t(mRefCnt) >= 0))),
0))) { do { } while (false); MOZ_ReportAssertionFailure("int32_t(mRefCnt) >= 0"
" (" "illegal refcnt" ")", "/var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include/nsDocShellLoadState.h"
, 49); AnnotateMozCrashReason("MOZ_ASSERT" "(" "int32_t(mRefCnt) >= 0"
") (" "illegal refcnt" ")"); do { *((volatile int*)__null) =
49; __attribute__((nomerge)) ::abort(); } while (false); } }
while (false); _mOwningThread.AssertOwnership("nsDocShellLoadState"
" not thread-safe"); ++mRefCnt; NS_LogAddRef((this), (mRefCnt
), ("nsDocShellLoadState"), (uint32_t)(sizeof(*this))); return
mRefCnt; } MozExternalRefCountType Release(void) { do { static_assert
( mozilla::detail::AssertionConditionType<decltype(int32_t
(mRefCnt) > 0)>::isValid, "invalid assertion condition"
); if ((__builtin_expect(!!(!(!!(int32_t(mRefCnt) > 0))), 0
))) { do { } while (false); MOZ_ReportAssertionFailure("int32_t(mRefCnt) > 0"
" (" "dup release" ")", "/var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include/nsDocShellLoadState.h"
, 49); AnnotateMozCrashReason("MOZ_ASSERT" "(" "int32_t(mRefCnt) > 0"
") (" "dup release" ")"); do { *((volatile int*)__null) = 49
; __attribute__((nomerge)) ::abort(); } while (false); } } while
(false); _mOwningThread.AssertOwnership("nsDocShellLoadState"
" not thread-safe"); --mRefCnt; NS_LogRelease((this), (mRefCnt
), ("nsDocShellLoadState")); if (mRefCnt == 0) { mRefCnt = 1;
delete (this); return 0; } return mRefCnt; } using HasThreadSafeRefCnt
= std::false_type; protected: nsAutoRefCnt mRefCnt; nsAutoOwningThread
_mOwningThread; public:;
50
51 explicit nsDocShellLoadState(nsIURI* aURI);
52 explicit nsDocShellLoadState(
53 const mozilla::dom::DocShellLoadStateInit& aLoadState,
54 mozilla::ipc::IProtocol* aActor, bool* aReadSuccess);
55 explicit nsDocShellLoadState(const nsDocShellLoadState& aOther);
56 nsDocShellLoadState(nsIURI* aURI, uint64_t aLoadIdentifier);
57
58 static nsresult CreateFromPendingChannel(nsIChannel* aPendingChannel,
59 uint64_t aLoadIdentifier,
60 uint64_t aRegistarId,
61 nsDocShellLoadState** aResult);
62
63 static nsresult CreateFromLoadURIOptions(
64 BrowsingContext* aBrowsingContext, const nsAString& aURI,
65 const mozilla::dom::LoadURIOptions& aLoadURIOptions,
66 nsDocShellLoadState** aResult);
67 static nsresult CreateFromLoadURIOptions(
68 BrowsingContext* aBrowsingContext, nsIURI* aURI,
69 const mozilla::dom::LoadURIOptions& aLoadURIOptions,
70 nsDocShellLoadState** aResult);
71
72 // Getters and Setters
73
74 nsIReferrerInfo* GetReferrerInfo() const;
75
76 void SetReferrerInfo(nsIReferrerInfo* aReferrerInfo);
77
78 nsIURI* URI() const;
79
80 void SetURI(nsIURI* aURI);
81
82 nsIURI* OriginalURI() const;
83
84 void SetOriginalURI(nsIURI* aOriginalURI);
85
86 nsIURI* ResultPrincipalURI() const;
87
88 void SetResultPrincipalURI(nsIURI* aResultPrincipalURI);
89
90 bool ResultPrincipalURIIsSome() const;
91
92 void SetResultPrincipalURIIsSome(bool aIsSome);
93
94 bool KeepResultPrincipalURIIfSet() const;
95
96 void SetKeepResultPrincipalURIIfSet(bool aKeep);
97
98 nsIPrincipal* PrincipalToInherit() const;
99
100 void SetPrincipalToInherit(nsIPrincipal* aPrincipalToInherit);
101
102 nsIPrincipal* PartitionedPrincipalToInherit() const;
103
104 void SetPartitionedPrincipalToInherit(
105 nsIPrincipal* aPartitionedPrincipalToInherit);
106
107 bool LoadReplace() const;
108
109 void SetLoadReplace(bool aLoadReplace);
110
111 nsIPrincipal* TriggeringPrincipal() const;
112
113 void SetTriggeringPrincipal(nsIPrincipal* aTriggeringPrincipal);
114
115 uint32_t TriggeringSandboxFlags() const;
116
117 void SetTriggeringSandboxFlags(uint32_t aTriggeringSandboxFlags);
118
119 uint64_t TriggeringWindowId() const;
120
121 void SetTriggeringWindowId(uint64_t aTriggeringWindowId);
122
123 bool TriggeringStorageAccess() const;
124
125 void SetTriggeringStorageAccess(bool aTriggeringStorageAccess);
126
127 nsIContentSecurityPolicy* Csp() const;
128
129 void SetCsp(nsIContentSecurityPolicy* aCsp);
130
131 bool InheritPrincipal() const;
132
133 void SetInheritPrincipal(bool aInheritPrincipal);
134
135 bool PrincipalIsExplicit() const;
136
137 void SetPrincipalIsExplicit(bool aPrincipalIsExplicit);
138
139 // If true, "beforeunload" event listeners were notified by the creater of the
140 // LoadState and given the chance to abort the navigation, and should not be
141 // notified again.
142 bool NotifiedBeforeUnloadListeners() const;
143
144 void SetNotifiedBeforeUnloadListeners(bool aNotifiedBeforeUnloadListeners);
145
146 bool ForceAllowDataURI() const;
147
148 void SetForceAllowDataURI(bool aForceAllowDataURI);
149
150 bool IsExemptFromHTTPSFirstMode() const;
151
152 void SetIsExemptFromHTTPSFirstMode(bool aIsExemptFromHTTPSFirstMode);
153
154 RefPtr<HTTPSFirstDowngradeData> GetHttpsFirstDowngradeData() const;
155
156 void SetHttpsFirstDowngradeData(
157 RefPtr<HTTPSFirstDowngradeData> const& aHttpsFirstTelemetryData);
158
159 bool OriginalFrameSrc() const;
160
161 void SetOriginalFrameSrc(bool aOriginalFrameSrc);
162
163 bool ShouldCheckForRecursion() const;
164
165 void SetShouldCheckForRecursion(bool aShouldCheckForRecursion);
166
167 bool IsFormSubmission() const;
168
169 void SetIsFormSubmission(bool aIsFormSubmission);
170
171 uint32_t LoadType() const;
172
173 void SetLoadType(uint32_t aLoadType);
174
175 nsISHEntry* SHEntry() const;
176
177 void SetSHEntry(nsISHEntry* aSHEntry);
178
179 const mozilla::dom::LoadingSessionHistoryInfo* GetLoadingSessionHistoryInfo()
180 const;
181
182 // Copies aLoadingInfo and stores the copy in this nsDocShellLoadState.
183 void SetLoadingSessionHistoryInfo(
184 const mozilla::dom::LoadingSessionHistoryInfo& aLoadingInfo);
185
186 // Stores aLoadingInfo in this nsDocShellLoadState.
187 void SetLoadingSessionHistoryInfo(
188 mozilla::UniquePtr<mozilla::dom::LoadingSessionHistoryInfo> aLoadingInfo);
189
190 bool LoadIsFromSessionHistory() const;
191
192 const nsString& Target() const;
193
194 void SetTarget(const nsAString& aTarget);
195
196 nsIInputStream* PostDataStream() const;
197
198 void SetPostDataStream(nsIInputStream* aStream);
199
200 nsIInputStream* HeadersStream() const;
201
202 void SetHeadersStream(nsIInputStream* aHeadersStream);
203
204 bool IsSrcdocLoad() const;
205
206 const nsString& SrcdocData() const;
207
208 void SetSrcdocData(const nsAString& aSrcdocData);
209
210 const MaybeDiscarded<BrowsingContext>& SourceBrowsingContext() const {
211 return mSourceBrowsingContext;
212 }
213
214 void SetSourceBrowsingContext(BrowsingContext*);
215
216 void SetAllowFocusMove(bool aAllow) { mAllowFocusMove = aAllow; }
217
218 bool AllowFocusMove() const { return mAllowFocusMove; }
219
220 const MaybeDiscarded<BrowsingContext>& TargetBrowsingContext() const {
221 return mTargetBrowsingContext;
222 }
223
224 void SetTargetBrowsingContext(BrowsingContext* aTargetBrowsingContext);
225
226 nsIURI* BaseURI() const;
227
228 void SetBaseURI(nsIURI* aBaseURI);
229
230 // Helper function allowing convenient work with mozilla::Maybe in C++, hiding
231 // resultPrincipalURI and resultPrincipalURIIsSome attributes from the
232 // consumer.
233 void GetMaybeResultPrincipalURI(
234 mozilla::Maybe<nsCOMPtr<nsIURI>>& aRPURI) const;
235
236 void SetMaybeResultPrincipalURI(
237 mozilla::Maybe<nsCOMPtr<nsIURI>> const& aRPURI);
238
239 uint32_t LoadFlags() const;
240
241 void SetLoadFlags(uint32_t aFlags);
242
243 void SetLoadFlag(uint32_t aFlag);
244
245 void UnsetLoadFlag(uint32_t aFlag);
246
247 bool HasLoadFlags(uint32_t aFlag);
248
249 uint32_t InternalLoadFlags() const;
250
251 void SetInternalLoadFlags(uint32_t aFlags);
252
253 void SetInternalLoadFlag(uint32_t aFlag);
254
255 void UnsetInternalLoadFlag(uint32_t aFlag);
256
257 bool HasInternalLoadFlags(uint32_t aFlag);
258
259 bool FirstParty() const;
260
261 void SetFirstParty(bool aFirstParty);
262
263 bool HasValidUserGestureActivation() const;
264
265 void SetHasValidUserGestureActivation(bool HasValidUserGestureActivation);
266
267 void SetTextDirectiveUserActivation(bool aTextDirectiveUserActivation);
268
269 bool GetTextDirectiveUserActivation();
270
271 const nsCString& TypeHint() const;
272
273 void SetTypeHint(const nsCString& aTypeHint);
274
275 const nsString& FileName() const;
276
277 void SetFileName(const nsAString& aFileName);
278
279 nsIURI* GetUnstrippedURI() const;
280
281 void SetUnstrippedURI(nsIURI* aUnstrippedURI);
282
283 // Give the type of DocShell we're loading into (chrome/content/etc) and
284 // origin attributes for the URI we're loading, figure out if we should
285 // inherit our principal from the document the load was requested from, or
286 // else if the principal should be set up later in the process (after loads).
287 // See comments in function for more info on principal selection algorithm
288 nsresult SetupInheritingPrincipal(
289 mozilla::dom::BrowsingContext::Type aType,
290 const mozilla::OriginAttributes& aOriginAttributes);
291
292 // If no triggering principal exists at the moment, create one using referrer
293 // information and origin attributes.
294 nsresult SetupTriggeringPrincipal(
295 const mozilla::OriginAttributes& aOriginAttributes);
296
297 void SetIsFromProcessingFrameAttributes() {
298 mIsFromProcessingFrameAttributes = true;
299 }
300 bool GetIsFromProcessingFrameAttributes() const {
301 return mIsFromProcessingFrameAttributes;
302 }
303
304 nsIChannel* GetPendingRedirectedChannel() {
305 return mPendingRedirectedChannel;
306 }
307
308 uint64_t GetPendingRedirectChannelRegistrarId() const {
309 return mChannelRegistrarId;
310 }
311
312 void SetOriginalURIString(const nsCString& aOriginalURI) {
313 mOriginalURIString.emplace(aOriginalURI);
314 }
315 const mozilla::Maybe<nsCString>& GetOriginalURIString() const {
316 return mOriginalURIString;
317 }
318
319 void SetCancelContentJSEpoch(int32_t aCancelEpoch) {
320 mCancelContentJSEpoch.emplace(aCancelEpoch);
321 }
322 const mozilla::Maybe<int32_t>& GetCancelContentJSEpoch() const {
323 return mCancelContentJSEpoch;
324 }
325
326 uint64_t GetLoadIdentifier() const { return mLoadIdentifier; }
327
328 void SetChannelInitialized(bool aInitilized) {
329 mChannelInitialized = aInitilized;
330 }
331
332 bool GetChannelInitialized() const { return mChannelInitialized; }
333
334 void SetIsMetaRefresh(bool aMetaRefresh) { mIsMetaRefresh = aMetaRefresh; }
335
336 bool IsMetaRefresh() const { return mIsMetaRefresh; }
337
338 const mozilla::Maybe<nsCString>& GetRemoteTypeOverride() const {
339 return mRemoteTypeOverride;
340 }
341
342 void SetRemoteTypeOverride(const nsCString& aRemoteTypeOverride);
343
344 void SetSchemelessInput(nsILoadInfo::SchemelessInputType aSchemelessInput) {
345 mSchemelessInput = aSchemelessInput;
346 }
347
348 nsILoadInfo::SchemelessInputType GetSchemelessInput() {
349 return mSchemelessInput;
350 }
351
352 void SetHttpsUpgradeTelemetry(
353 nsILoadInfo::HTTPSUpgradeTelemetryType aHttpsUpgradeTelemetry) {
354 mHttpsUpgradeTelemetry = aHttpsUpgradeTelemetry;
355 }
356
357 nsILoadInfo::HTTPSUpgradeTelemetryType GetHttpsUpgradeTelemetry() {
358 return mHttpsUpgradeTelemetry;
359 }
360
361 // Determine the remote type of the process which should be considered
362 // responsible for this load for the purposes of security checks.
363 //
364 // This will generally be the process which created the nsDocShellLoadState
365 // originally, however non-errorpage history loads are always considered to be
366 // triggered by the parent process, as we can validate them against the
367 // history entry.
368 const nsCString& GetEffectiveTriggeringRemoteType() const;
369
370 void SetTriggeringRemoteType(const nsACString& aTriggeringRemoteType);
371
372 // Diagnostic assert if this is a system-principal triggered load, and it is
373 // trivial to determine that the effective triggering remote type would not be
374 // allowed to perform this load.
375 //
376 // This is called early during the load to crash as close to the cause as
377 // possible. See bug 1838686 for details.
378#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED1
379 void AssertProcessCouldTriggerLoadIfSystem();
380#else
381 void AssertProcessCouldTriggerLoadIfSystem() {}
382#endif
383
384 // When loading a document through nsDocShell::LoadURI(), a special set of
385 // flags needs to be set based on other values in nsDocShellLoadState. This
386 // function calculates those flags, before the LoadState is passed to
387 // nsDocShell::InternalLoad.
388 void CalculateLoadURIFlags();
389
390 // Compute the load flags to be used by creating channel. aUriModified and
391 // aIsEmbeddingBlockedError are expected to be Nothing when called from parent
392 // process.
393 nsLoadFlags CalculateChannelLoadFlags(
394 mozilla::dom::BrowsingContext* aBrowsingContext, bool aUriModified,
395 mozilla::Maybe<bool> aIsEmbeddingBlockedError);
396
397 mozilla::dom::DocShellLoadStateInit Serialize(
398 mozilla::ipc::IProtocol* aActor);
399
400 void SetLoadIsFromSessionHistory(int32_t aOffset, bool aLoadingCurrentEntry);
401 void ClearLoadIsFromSessionHistory();
402
403 void MaybeStripTrackerQueryStrings(mozilla::dom::BrowsingContext* aContext);
404
405 protected:
406 // Destructor can't be defaulted or inlined, as header doesn't have all type
407 // includes it needs to do so.
408 ~nsDocShellLoadState();
409
410 // Given the original `nsDocShellLoadState` which was sent to a content
411 // process, validate that they corespond to the same load.
412 // Returns a static (telemetry-safe) string naming what did not match, or
413 // nullptr if it succeeds.
414 const char* ValidateWithOriginalState(nsDocShellLoadState* aOriginalState);
415
416 static nsresult CreateFromLoadURIOptions(
417 BrowsingContext* aBrowsingContext, nsIURI* aURI,
418 const mozilla::dom::LoadURIOptions& aLoadURIOptions,
419 uint32_t aLoadFlagsOverride, nsIInputStream* aPostDataOverride,
420 nsDocShellLoadState** aResult);
421
422 // This is the referrer for the load.
423 nsCOMPtr<nsIReferrerInfo> mReferrerInfo;
424
425 // The URI we are navigating to. Will not be null once set.
426 nsCOMPtr<nsIURI> mURI;
427
428 // The URI to set as the originalURI on the channel that does the load. If
429 // null, aURI will be set as the originalURI.
430 nsCOMPtr<nsIURI> mOriginalURI;
431
432 // The URI to be set to loadInfo.resultPrincipalURI
433 // - When Nothing, there will be no change
434 // - When Some, the principal URI will overwrite even
435 // with a null value.
436 //
437 // Valid only if mResultPrincipalURIIsSome is true (has the same meaning as
438 // isSome() on mozilla::Maybe.)
439 nsCOMPtr<nsIURI> mResultPrincipalURI;
440 bool mResultPrincipalURIIsSome;
441
442 // The principal of the load, that is, the entity responsible for causing the
443 // load to occur. In most cases the referrer and the triggeringPrincipal's URI
444 // will be identical.
445 //
446 // Please note that this is the principal that is used for security checks. If
447 // the argument aURI is provided by the web, then please do not pass a
448 // SystemPrincipal as the triggeringPrincipal.
449 nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
450
451 // The SandboxFlags of the load, that are, the SandboxFlags of the entity
452 // responsible for causing the load to occur. Most likely this are the
453 // SandboxFlags of the document that started the load.
454 uint32_t mTriggeringSandboxFlags;
455
456 // The window ID and current "has storage access" value of the entity
457 // triggering the load. This allows the identification of self-initiated
458 // same-origin navigations that should propogate unpartitioned storage access.
459 uint64_t mTriggeringWindowId;
460 bool mTriggeringStorageAccess;
461
462 // The CSP of the load, that is, the CSP of the entity responsible for causing
463 // the load to occur. Most likely this is the CSP of the document that started
464 // the load. In case the entity starting the load did not use a CSP, then mCsp
465 // can be null. Please note that this is also the CSP that will be applied to
466 // the load in case the load encounters a server side redirect.
467 nsCOMPtr<nsIContentSecurityPolicy> mCsp;
468
469 // If a refresh is caused by http-equiv="refresh" we want to set
470 // aResultPrincipalURI, but we do not want to overwrite the channel's
471 // ResultPrincipalURI, if it has already been set on the channel by a protocol
472 // handler.
473 bool mKeepResultPrincipalURIIfSet;
474
475 // If set LOAD_REPLACE flag will be set on the channel. If aOriginalURI is
476 // null, this argument is ignored.
477 bool mLoadReplace;
478
479 // If this attribute is true and no triggeringPrincipal is specified,
480 // copy the principal from the referring document.
481 bool mInheritPrincipal;
482
483 // If this attribute is true only ever use the principal specified
484 // by the triggeringPrincipal and inheritPrincipal attributes.
485 // If there are security reasons for why this is unsafe, such
486 // as trying to use a systemprincipal as the triggeringPrincipal
487 // for a content docshell the load fails.
488 bool mPrincipalIsExplicit;
489
490 bool mNotifiedBeforeUnloadListeners;
491
492 // Principal we're inheriting. If null, this means the principal should be
493 // inherited from the current document. If set to NullPrincipal, the channel
494 // will fill in principal information later in the load. See internal comments
495 // of SetupInheritingPrincipal for more info.
496 //
497 // When passed to InternalLoad, If this argument is null then
498 // principalToInherit is computed differently. See nsDocShell::InternalLoad
499 // for more comments.
500
501 nsCOMPtr<nsIPrincipal> mPrincipalToInherit;
502
503 nsCOMPtr<nsIPrincipal> mPartitionedPrincipalToInherit;
504
505 // If this attribute is true, then a top-level navigation
506 // to a data URI will be allowed.
507 bool mForceAllowDataURI;
508
509 // If this attribute is true, then the top-level navigaion
510 // will be exempt from HTTPS-Only-Mode upgrades.
511 bool mIsExemptFromHTTPSFirstMode;
512
513 // If set, this load is a HTTPS-First downgrade, and the downgrade data will
514 // be submitted to telemetry later if the load succeeds.
515 RefPtr<HTTPSFirstDowngradeData> mHttpsFirstDowngradeData;
516
517 // If this attribute is true, this load corresponds to a frame
518 // element loading its original src (or srcdoc) attribute.
519 bool mOriginalFrameSrc;
520
521 // If this attribute is true, this load corresponds to a frame, object, or
522 // embed element that needs a recursion check when loading it's src (or data).
523 // Unlike mOriginalFrameSrc, this attribute will always be set regardless
524 // whether we've loaded the src already.
525 bool mShouldCheckForRecursion;
526
527 // If this attribute is true, then the load was initiated by a
528 // form submission.
529 bool mIsFormSubmission;
530
531 // Contains a load type as specified by the nsDocShellLoadTypes::load*
532 // constants
533 uint32_t mLoadType;
534
535 // Active Session History entry (if loading from SH)
536 nsCOMPtr<nsISHEntry> mSHEntry;
537
538 // Loading session history info for the load
539 mozilla::UniquePtr<mozilla::dom::LoadingSessionHistoryInfo>
540 mLoadingSessionHistoryInfo;
541
542 // Target for load, like _content, _blank etc.
543 nsString mTarget;
544
545 // When set, this is the Target Browsing Context for the navigation
546 // after retargeting.
547 MaybeDiscarded<BrowsingContext> mTargetBrowsingContext;
548
549 // Post data stream (if POSTing)
550 nsCOMPtr<nsIInputStream> mPostDataStream;
551
552 // Additional Headers
553 nsCOMPtr<nsIInputStream> mHeadersStream;
554
555 // When set, the load will be interpreted as a srcdoc load, where contents of
556 // this string will be loaded instead of the URI. Setting srcdocData sets
557 // isSrcdocLoad to true
558 nsString mSrcdocData;
559
560 // When set, this is the Source Browsing Context for the navigation.
561 MaybeDiscarded<BrowsingContext> mSourceBrowsingContext;
562
563 // Used for srcdoc loads to give view-source knowledge of the load's base URI
564 // as this information isn't embedded in the load's URI.
565 nsCOMPtr<nsIURI> mBaseURI;
566
567 // Set of Load Flags, taken from nsDocShellLoadTypes.h and nsIWebNavigation
568 uint32_t mLoadFlags;
569
570 // Set of internal load flags
571 uint32_t mInternalLoadFlags;
572
573 // Is this a First Party Load?
574 bool mFirstParty;
575
576 // Is this load triggered by a user gesture?
577 bool mHasValidUserGestureActivation;
578
579 // True if a text directive can be scrolled to. This is true either if the
580 // load is triggered by a user, or the document has an unconsumed activation
581 // (eg. client redirect).
582 bool mTextDirectiveUserActivation = false;
583
584 // Whether this load can steal the focus from the source browsing context.
585 bool mAllowFocusMove;
586
587 // A hint as to the content-type of the resulting data. If no hint, IsVoid()
588 // should return true.
589 nsCString mTypeHint;
590
591 // Non-void when the link should be downloaded as the given filename.
592 // mFileName being non-void but empty means that no filename hint was
593 // specified, but link should still trigger a download. If not a download,
594 // mFileName.IsVoid() should return true.
595 nsString mFileName;
596
597 // This will be true if this load is triggered by attribute changes.
598 // See nsILoadInfo.isFromProcessingFrameAttributes
599 bool mIsFromProcessingFrameAttributes;
600
601 // If set, a pending cross-process redirected channel should be used to
602 // perform the load. The channel will be stored in this value.
603 nsCOMPtr<nsIChannel> mPendingRedirectedChannel;
604
605 // An optional string representation of mURI, before any
606 // fixups were applied, so that we can send it to a search
607 // engine service if needed.
608 mozilla::Maybe<nsCString> mOriginalURIString;
609
610 // An optional value to pass to nsIDocShell::setCancelJSEpoch
611 // when initiating the load.
612 mozilla::Maybe<int32_t> mCancelContentJSEpoch;
613
614 // If mPendingRedirectChannel is set, then this is the identifier
615 // that the parent-process equivalent channel has been registered
616 // with using RedirectChannelRegistrar.
617 uint64_t mChannelRegistrarId;
618
619 // An identifier to make it possible to examine if two loads are
620 // equal, and which browsing context they belong to (see
621 // BrowsingContext::{Get, Set}CurrentLoadIdentifier)
622 const uint64_t mLoadIdentifier;
623
624 // Optional value to indicate that a channel has been
625 // pre-initialized in the parent process.
626 bool mChannelInitialized;
627
628 // True if the load was triggered by a meta refresh.
629 bool mIsMetaRefresh;
630
631 // True if the nsDocShellLoadState was received over IPC.
632 bool mWasCreatedRemotely = false;
633
634 // The original URI before query stripping happened. If it's present, it shows
635 // the query stripping happened. Otherwise, it will be a nullptr.
636 nsCOMPtr<nsIURI> mUnstrippedURI;
637
638 // If set, the remote type which the load should be completed within.
639 mozilla::Maybe<nsCString> mRemoteTypeOverride;
640
641 // Remote type of the process which originally requested the load.
642 nsCString mTriggeringRemoteType;
643
644 // if the address had an intentional protocol
645 nsILoadInfo::SchemelessInputType mSchemelessInput =
646 nsILoadInfo::SchemelessInputTypeUnset;
647
648 // Solely for the use of collecting Telemetry for HTTPS upgrades.
649 nsILoadInfo::HTTPSUpgradeTelemetryType mHttpsUpgradeTelemetry =
650 nsILoadInfo::NOT_INITIALIZED;
651};
652
653#endif /* nsDocShellLoadState_h__ */