/// <summary>
/// Gets the referer to set as a header on the HTTP request.
/// We do not set the referer if we are navigating to a
/// differnet security zone or to a different Uri scheme.
/// </summary>
internal static string GetReferer(Uri destinationUri)
{
string referer = null;
Uri sourceUri = MS.Internal.AppModel.SiteOfOriginContainer.BrowserSource;
if (sourceUri != null)
{
SecurityZone sourceZone = MS.Internal.AppModel.CustomCredentialPolicy.MapUrlToZone(sourceUri);
SecurityZone targetZone = MS.Internal.AppModel.CustomCredentialPolicy.MapUrlToZone(destinationUri);
// We don't send any referer when crossing zone
if (sourceZone == targetZone)
{
// We don't send any referer when going cross-scheme
if (SecurityHelper.AreStringTypesEqual(sourceUri.Scheme, destinationUri.Scheme))
{
// HTTPHeader requires the referer uri to be escaped.
referer = sourceUri.GetComponents(UriComponents.AbsoluteUri, UriFormat.UriEscaped);
}
}
}
return(referer);
}
internal static void GetAssemblyAndPartNameFromPackAppUri(Uri uri, out Assembly assembly, out string partName)
{
// The input Uri is assumed to be a valid absolute pack application Uri.
// The caller should guarantee that.
// Perform a sanity check to make sure the assumption stays.
Debug.Assert(uri != null && uri.IsAbsoluteUri && SecurityHelper.AreStringTypesEqual(uri.Scheme, System.IO.Packaging.PackUriHelper.UriSchemePack) && IsPackApplicationUri(uri));
// Generate a relative Uri which gets rid of the pack://application:,,, authority part.
Uri partUri = new Uri(uri.AbsolutePath, UriKind.Relative);
string assemblyName;
string assemblyVersion;
string assemblyKey;
GetAssemblyNameAndPart(partUri, out partName, out assemblyName, out assemblyVersion, out assemblyKey);
if (String.IsNullOrEmpty(assemblyName))
{
// The uri doesn't contain ";component". it should map to the enty application assembly.
assembly = ResourceAssembly;
// The partName returned from GetAssemblyNameAndPart should be escaped.
Debug.Assert(String.Compare(partName, uri.GetComponents(UriComponents.Path, UriFormat.UriEscaped), StringComparison.OrdinalIgnoreCase) == 0);
}
else
{
assembly = GetLoadedAssembly(assemblyName, assemblyVersion, assemblyKey);
}
}
internal static object XamlConverter(Stream stream, Uri baseUri, bool canUseTopLevelBrowser, bool sandboxExternalContent, bool allowAsync, bool isJournalNavigation, out XamlReader asyncObjectConverter)
{
asyncObjectConverter = null;
if (sandboxExternalContent)
{
if (SecurityHelper.AreStringTypesEqual(baseUri.Scheme, BaseUriHelper.PackAppBaseUri.Scheme))
{
baseUri = BaseUriHelper.ConvertPackUriToAbsoluteExternallyVisibleUri(baseUri);
}
stream.Close();
return(new WebBrowser
{
Source = baseUri
});
}
ParserContext parserContext = new ParserContext();
parserContext.BaseUri = baseUri;
parserContext.SkipJournaledProperties = isJournalNavigation;
if (allowAsync)
{
XamlReader xamlReader = new XamlReader();
asyncObjectConverter = xamlReader;
xamlReader.LoadCompleted += AppModelKnownContentFactory.OnParserComplete;
return(xamlReader.LoadAsync(stream, parserContext));
}
return(XamlReader.Load(stream, parserContext));
}
internal static bool IsPackApplicationUri(Uri uri)
{
if (uri.IsAbsoluteUri && SecurityHelper.AreStringTypesEqual(uri.Scheme, PackUriHelper.UriSchemePack))
{
return(SecurityHelper.AreStringTypesEqual(PackUriHelper.GetPackageUri(uri).GetComponents(UriComponents.AbsoluteUri, UriFormat.UriEscaped), "application:///"));
}
return(false);
}
internal static Uri FixFileUri(Uri uri)
{
if (uri != null && uri.IsAbsoluteUri && SecurityHelper.AreStringTypesEqual(uri.Scheme, Uri.UriSchemeFile) && string.Compare(uri.OriginalString, 0, Uri.UriSchemeFile, 0, Uri.UriSchemeFile.Length, StringComparison.OrdinalIgnoreCase) != 0)
{
return(new Uri(uri.AbsoluteUri));
}
return(uri);
}
internal static bool DoSchemeAndHostMatch(Uri first, Uri second)
{
if (SecurityHelper.AreStringTypesEqual(first.Scheme, second.Scheme))
{
return(first.Host.Equals(second.Host));
}
return(false);
}
internal static Uri ConvertPackUriToAbsoluteExternallyVisibleUri(Uri packUri)
{
Invariant.Assert(packUri.IsAbsoluteUri && SecurityHelper.AreStringTypesEqual(packUri.Scheme, PackAppBaseUri.Scheme));
Uri uri = MakeRelativeToSiteOfOriginIfPossible(packUri);
if (!uri.IsAbsoluteUri)
{
return(new Uri(SiteOfOriginContainer.SiteOfOrigin, uri));
}
throw new InvalidOperationException(SR.Get("CannotNavigateToApplicationResourcesInWebBrowser", packUri));
}
//------------------------------------------------------
// Internal Methods
//------------------------------------------------------
/// <summary>
/// Checks if the scheme of the URI given is of the mailto scheme.
/// </summary>
/// <param name="mailtoUri">The URI to check</param>
/// <returns>Whether or not it is a mailto URI</returns>
internal static bool IsMailtoUri(Uri mailtoUri)
{
if (mailtoUri != null)
{
return(SecurityHelper.AreStringTypesEqual(
mailtoUri.Scheme,
Uri.UriSchemeMailto));
}
return(false);
}
/// <summary>
/// Checks whether the input uri is in the "pack://application:,,," form
/// </summary>
internal static bool IsPackApplicationUri(Uri uri)
{
return
// Is the "outer" URI absolute?
(uri.IsAbsoluteUri &&
// Does the "outer" URI have the pack: scheme?
SecurityHelper.AreStringTypesEqual(uri.Scheme, System.IO.Packaging.PackUriHelper.UriSchemePack) &&
// Does the "inner" URI have the application: scheme
SecurityHelper.AreStringTypesEqual(
PackUriHelper.GetPackageUri(uri).GetComponents(UriComponents.AbsoluteUri, UriFormat.UriEscaped),
_packageApplicationBaseUriEscaped));
}
internal static string GetReferer(Uri destinationUri)
{
string result = null;
Uri browserSource = SiteOfOriginContainer.BrowserSource;
if (browserSource != null)
{
SecurityZone securityZone = CustomCredentialPolicy.MapUrlToZone(browserSource);
SecurityZone securityZone2 = CustomCredentialPolicy.MapUrlToZone(destinationUri);
if (securityZone == securityZone2 && SecurityHelper.AreStringTypesEqual(browserSource.Scheme, destinationUri.Scheme))
{
result = browserSource.GetComponents(UriComponents.AbsoluteUri, UriFormat.UriEscaped);
}
}
return(result);
}
// Token: 0x06007A66 RID: 31334 RVA: 0x0022AE28 File Offset: 0x00229028
internal static object HtmlXappConverter(Stream stream, Uri baseUri, bool canUseTopLevelBrowser, bool sandboxExternalContent, bool allowAsync, bool isJournalNavigation, out XamlReader asyncObjectConverter)
{
asyncObjectConverter = null;
if (canUseTopLevelBrowser)
{
return(null);
}
if (SecurityHelper.AreStringTypesEqual(baseUri.Scheme, BaseUriHelper.PackAppBaseUri.Scheme))
{
baseUri = BaseUriHelper.ConvertPackUriToAbsoluteExternallyVisibleUri(baseUri);
}
stream.Close();
return(new WebBrowser
{
Source = baseUri
});
}
// <summary>
// Creates an object instance from a Xaml stream and it's Uri
// </summary>
internal static object XamlConverter(Stream stream, Uri baseUri, bool canUseTopLevelBrowser, bool sandboxExternalContent, bool allowAsync, bool isJournalNavigation, out XamlReader asyncObjectConverter)
{
asyncObjectConverter = null;
if (sandboxExternalContent)
{
if (SecurityHelper.AreStringTypesEqual(baseUri.Scheme, BaseUriHelper.PackAppBaseUri.Scheme))
{
baseUri = BaseUriHelper.ConvertPackUriToAbsoluteExternallyVisibleUri(baseUri);
}
stream.Close();
WebBrowser webBrowser = new WebBrowser();
webBrowser.Source = baseUri;
return(webBrowser);
}
else
{
ParserContext pc = new ParserContext();
pc.BaseUri = baseUri;
pc.SkipJournaledProperties = isJournalNavigation;
if (allowAsync)
{
XamlReader xr = new XamlReader();
asyncObjectConverter = xr;
xr.LoadCompleted += new AsyncCompletedEventHandler(OnParserComplete);
// XamlReader.Load will close the stream.
return(xr.LoadAsync(stream, pc));
}
else
{
// XamlReader.Load will close the stream.
return(XamlReader.Load(stream, pc));
}
}
}
//------------------------------------------------------
//
// Private Methods
//
//------------------------------------------------------
#region Private Methods
private Stream GetStreamAndSetContentType(bool onlyNeedContentType)
{
lock (_globalLock)
{
if (onlyNeedContentType && _contentType != MS.Internal.ContentType.Empty)
{
#if DEBUG
if (SiteOfOriginContainer._traceSwitch.Enabled)
{
System.Diagnostics.Trace.TraceInformation(
DateTime.Now.ToLongTimeString() + " " + DateTime.Now.Millisecond + " " +
System.Threading.Thread.CurrentThread.ManagedThreadId +
": SiteOfOriginPart: Getting content type and using previously determined value");
}
#endif
return(null);
}
// If GetContentTypeCore is called before GetStream()
// then we need to retrieve the stream to get the mime type.
// That stream is then stored as _cacheStream and returned
// the next time GetStreamCore() is called.
if (_cacheStream != null)
{
#if DEBUG
if (SiteOfOriginContainer._traceSwitch.Enabled)
{
System.Diagnostics.Trace.TraceInformation(
DateTime.Now.ToLongTimeString() + " " + DateTime.Now.Millisecond + " " +
System.Threading.Thread.CurrentThread.ManagedThreadId +
"SiteOfOriginPart: Using Cached stream");
}
#endif
Stream temp = _cacheStream;
_cacheStream = null;
return(temp);
}
if (_absoluteLocation == null)
{
#if DEBUG
if (SiteOfOriginContainer._traceSwitch.Enabled)
{
System.Diagnostics.Trace.TraceInformation(
DateTime.Now.ToLongTimeString() + " " + DateTime.Now.Millisecond + " " +
System.Threading.Thread.CurrentThread.ManagedThreadId +
": SiteOfOriginPart: Determining absolute uri for this resource");
}
#endif
string original = Uri.ToString();
Invariant.Assert(original[0] == '/');
string uriMinusInitialSlash = original.Substring(1); // trim leading '/'
_absoluteLocation = new Uri(SiteOfOriginContainer.SiteOfOrigin, uriMinusInitialSlash);
}
#if DEBUG
if (SiteOfOriginContainer._traceSwitch.Enabled)
{
System.Diagnostics.Trace.TraceInformation(
DateTime.Now.ToLongTimeString() + " " + DateTime.Now.Millisecond + " " +
System.Threading.Thread.CurrentThread.ManagedThreadId +
": SiteOfOriginPart: Making web request to " + _absoluteLocation);
}
#endif
// For performance reasons it is better to open local files directly
// rather than make a FileWebRequest.
Stream responseStream;
if (SecurityHelper.AreStringTypesEqual(_absoluteLocation.Scheme, Uri.UriSchemeFile))
{
responseStream = HandleFileSource(onlyNeedContentType);
}
else
{
responseStream = HandleWebSource(onlyNeedContentType);
}
return(responseStream);
}
}
private void OpenMedia(Uri source)
{
string toOpen = null;
if (source != null && source.IsAbsoluteUri && source.Scheme == PackUriHelper.UriSchemePack)
{
try
{
source = BaseUriHelper.ConvertPackUriToAbsoluteExternallyVisibleUri(source);
}
catch (InvalidOperationException)
{
source = null;
_mediaEventsHelper.RaiseMediaFailed(new System.NotSupportedException(SR.Get(SRID.Media_PackURIsAreNotSupported, null)));
}
}
// Setting a null source effectively disconects the MediaElement.
if (source != null)
{
// keep whether we asserted permissions or not
bool elevated = false;
// get the base directory of the application; never expose this
Uri appBase = SecurityHelper.GetBaseDirectory(AppDomain.CurrentDomain);
// this extracts the URI to open
Uri uriToOpen = ResolveUri(source, appBase);
// access is allowed in the following cases (only 1 & 2 require elevation):
// 1) to any HTTPS media if app is NOT coming from HTTPS
// 2) to URI in the current directory of the fusion cache
// 3) to site of origin media
if (SecurityHelper.AreStringTypesEqual(uriToOpen.Scheme, Uri.UriSchemeHttps))
{
// target is HTTPS. Then, elevate ONLY if we are NOT coming from HTTPS (=XDomain HTTPS app to HTTPS media disallowed)
Uri appDeploymentUri = SecurityHelper.ExtractUriForClickOnceDeployedApp();
if (!SecurityHelper.AreStringTypesEqual(appDeploymentUri.Scheme, Uri.UriSchemeHttps))
{
new WebPermission(NetworkAccess.Connect, BindUriHelper.UriToString(uriToOpen)).Assert();
elevated = true;
}
}
else
{
// elevate to allow access to media in the app's directory in the fusion cache.
new FileIOPermission(FileIOPermissionAccess.Read, appBase.LocalPath).Assert();// BlessedAssert
elevated = true;
}
// demand permissions. if demands succeds, it means we are in one of the cases above.
try
{
toOpen = DemandPermissions(uriToOpen);
}
finally
{
if (elevated)
{
CodeAccessPermission.RevertAssert();
}
}
}
else
{
toOpen = null;
}
// We pass in exact same URI for which we demanded permissions so that we can be sure
// there is no discrepancy between the two.
HRESULT.Check(MILMedia.Open(_nativeMedia, toOpen));
}
static internal bool DoSchemeAndHostMatch(Uri first, Uri second)
{
// Check that both the scheme and the host match.
return(SecurityHelper.AreStringTypesEqual(first.Scheme, second.Scheme) && first.Host.Equals(second.Host) == true);
}
