/// <summary> /// Gets the referer to set as a header on the HTTP request. /// We do not set the referer if we are navigating to a /// differnet security zone or to a different Uri scheme. /// </summary> internal static string GetReferer(Uri destinationUri) { string referer = null; Uri sourceUri = MS.Internal.AppModel.SiteOfOriginContainer.BrowserSource; if (sourceUri != null) { SecurityZone sourceZone = MS.Internal.AppModel.CustomCredentialPolicy.MapUrlToZone(sourceUri); SecurityZone targetZone = MS.Internal.AppModel.CustomCredentialPolicy.MapUrlToZone(destinationUri); // We don't send any referer when crossing zone if (sourceZone == targetZone) { // We don't send any referer when going cross-scheme if (SecurityHelper.AreStringTypesEqual(sourceUri.Scheme, destinationUri.Scheme)) { // HTTPHeader requires the referer uri to be escaped. referer = sourceUri.GetComponents(UriComponents.AbsoluteUri, UriFormat.UriEscaped); } } } return(referer); }
internal static void GetAssemblyAndPartNameFromPackAppUri(Uri uri, out Assembly assembly, out string partName) { // The input Uri is assumed to be a valid absolute pack application Uri. // The caller should guarantee that. // Perform a sanity check to make sure the assumption stays. Debug.Assert(uri != null && uri.IsAbsoluteUri && SecurityHelper.AreStringTypesEqual(uri.Scheme, System.IO.Packaging.PackUriHelper.UriSchemePack) && IsPackApplicationUri(uri)); // Generate a relative Uri which gets rid of the pack://application:,,, authority part. Uri partUri = new Uri(uri.AbsolutePath, UriKind.Relative); string assemblyName; string assemblyVersion; string assemblyKey; GetAssemblyNameAndPart(partUri, out partName, out assemblyName, out assemblyVersion, out assemblyKey); if (String.IsNullOrEmpty(assemblyName)) { // The uri doesn't contain ";component". it should map to the enty application assembly. assembly = ResourceAssembly; // The partName returned from GetAssemblyNameAndPart should be escaped. Debug.Assert(String.Compare(partName, uri.GetComponents(UriComponents.Path, UriFormat.UriEscaped), StringComparison.OrdinalIgnoreCase) == 0); } else { assembly = GetLoadedAssembly(assemblyName, assemblyVersion, assemblyKey); } }
internal static object XamlConverter(Stream stream, Uri baseUri, bool canUseTopLevelBrowser, bool sandboxExternalContent, bool allowAsync, bool isJournalNavigation, out XamlReader asyncObjectConverter) { asyncObjectConverter = null; if (sandboxExternalContent) { if (SecurityHelper.AreStringTypesEqual(baseUri.Scheme, BaseUriHelper.PackAppBaseUri.Scheme)) { baseUri = BaseUriHelper.ConvertPackUriToAbsoluteExternallyVisibleUri(baseUri); } stream.Close(); return(new WebBrowser { Source = baseUri }); } ParserContext parserContext = new ParserContext(); parserContext.BaseUri = baseUri; parserContext.SkipJournaledProperties = isJournalNavigation; if (allowAsync) { XamlReader xamlReader = new XamlReader(); asyncObjectConverter = xamlReader; xamlReader.LoadCompleted += AppModelKnownContentFactory.OnParserComplete; return(xamlReader.LoadAsync(stream, parserContext)); } return(XamlReader.Load(stream, parserContext)); }
internal static bool IsPackApplicationUri(Uri uri) { if (uri.IsAbsoluteUri && SecurityHelper.AreStringTypesEqual(uri.Scheme, PackUriHelper.UriSchemePack)) { return(SecurityHelper.AreStringTypesEqual(PackUriHelper.GetPackageUri(uri).GetComponents(UriComponents.AbsoluteUri, UriFormat.UriEscaped), "application:///")); } return(false); }
internal static Uri FixFileUri(Uri uri) { if (uri != null && uri.IsAbsoluteUri && SecurityHelper.AreStringTypesEqual(uri.Scheme, Uri.UriSchemeFile) && string.Compare(uri.OriginalString, 0, Uri.UriSchemeFile, 0, Uri.UriSchemeFile.Length, StringComparison.OrdinalIgnoreCase) != 0) { return(new Uri(uri.AbsoluteUri)); } return(uri); }
internal static bool DoSchemeAndHostMatch(Uri first, Uri second) { if (SecurityHelper.AreStringTypesEqual(first.Scheme, second.Scheme)) { return(first.Host.Equals(second.Host)); } return(false); }
internal static Uri ConvertPackUriToAbsoluteExternallyVisibleUri(Uri packUri) { Invariant.Assert(packUri.IsAbsoluteUri && SecurityHelper.AreStringTypesEqual(packUri.Scheme, PackAppBaseUri.Scheme)); Uri uri = MakeRelativeToSiteOfOriginIfPossible(packUri); if (!uri.IsAbsoluteUri) { return(new Uri(SiteOfOriginContainer.SiteOfOrigin, uri)); } throw new InvalidOperationException(SR.Get("CannotNavigateToApplicationResourcesInWebBrowser", packUri)); }
//------------------------------------------------------ // Internal Methods //------------------------------------------------------ /// <summary> /// Checks if the scheme of the URI given is of the mailto scheme. /// </summary> /// <param name="mailtoUri">The URI to check</param> /// <returns>Whether or not it is a mailto URI</returns> internal static bool IsMailtoUri(Uri mailtoUri) { if (mailtoUri != null) { return(SecurityHelper.AreStringTypesEqual( mailtoUri.Scheme, Uri.UriSchemeMailto)); } return(false); }
/// <summary> /// Checks whether the input uri is in the "pack://application:,,," form /// </summary> internal static bool IsPackApplicationUri(Uri uri) { return // Is the "outer" URI absolute? (uri.IsAbsoluteUri && // Does the "outer" URI have the pack: scheme? SecurityHelper.AreStringTypesEqual(uri.Scheme, System.IO.Packaging.PackUriHelper.UriSchemePack) && // Does the "inner" URI have the application: scheme SecurityHelper.AreStringTypesEqual( PackUriHelper.GetPackageUri(uri).GetComponents(UriComponents.AbsoluteUri, UriFormat.UriEscaped), _packageApplicationBaseUriEscaped)); }
internal static string GetReferer(Uri destinationUri) { string result = null; Uri browserSource = SiteOfOriginContainer.BrowserSource; if (browserSource != null) { SecurityZone securityZone = CustomCredentialPolicy.MapUrlToZone(browserSource); SecurityZone securityZone2 = CustomCredentialPolicy.MapUrlToZone(destinationUri); if (securityZone == securityZone2 && SecurityHelper.AreStringTypesEqual(browserSource.Scheme, destinationUri.Scheme)) { result = browserSource.GetComponents(UriComponents.AbsoluteUri, UriFormat.UriEscaped); } } return(result); }
// Token: 0x06007A66 RID: 31334 RVA: 0x0022AE28 File Offset: 0x00229028 internal static object HtmlXappConverter(Stream stream, Uri baseUri, bool canUseTopLevelBrowser, bool sandboxExternalContent, bool allowAsync, bool isJournalNavigation, out XamlReader asyncObjectConverter) { asyncObjectConverter = null; if (canUseTopLevelBrowser) { return(null); } if (SecurityHelper.AreStringTypesEqual(baseUri.Scheme, BaseUriHelper.PackAppBaseUri.Scheme)) { baseUri = BaseUriHelper.ConvertPackUriToAbsoluteExternallyVisibleUri(baseUri); } stream.Close(); return(new WebBrowser { Source = baseUri }); }
// <summary> // Creates an object instance from a Xaml stream and it's Uri // </summary> internal static object XamlConverter(Stream stream, Uri baseUri, bool canUseTopLevelBrowser, bool sandboxExternalContent, bool allowAsync, bool isJournalNavigation, out XamlReader asyncObjectConverter) { asyncObjectConverter = null; if (sandboxExternalContent) { if (SecurityHelper.AreStringTypesEqual(baseUri.Scheme, BaseUriHelper.PackAppBaseUri.Scheme)) { baseUri = BaseUriHelper.ConvertPackUriToAbsoluteExternallyVisibleUri(baseUri); } stream.Close(); WebBrowser webBrowser = new WebBrowser(); webBrowser.Source = baseUri; return(webBrowser); } else { ParserContext pc = new ParserContext(); pc.BaseUri = baseUri; pc.SkipJournaledProperties = isJournalNavigation; if (allowAsync) { XamlReader xr = new XamlReader(); asyncObjectConverter = xr; xr.LoadCompleted += new AsyncCompletedEventHandler(OnParserComplete); // XamlReader.Load will close the stream. return(xr.LoadAsync(stream, pc)); } else { // XamlReader.Load will close the stream. return(XamlReader.Load(stream, pc)); } } }
//------------------------------------------------------ // // Private Methods // //------------------------------------------------------ #region Private Methods private Stream GetStreamAndSetContentType(bool onlyNeedContentType) { lock (_globalLock) { if (onlyNeedContentType && _contentType != MS.Internal.ContentType.Empty) { #if DEBUG if (SiteOfOriginContainer._traceSwitch.Enabled) { System.Diagnostics.Trace.TraceInformation( DateTime.Now.ToLongTimeString() + " " + DateTime.Now.Millisecond + " " + System.Threading.Thread.CurrentThread.ManagedThreadId + ": SiteOfOriginPart: Getting content type and using previously determined value"); } #endif return(null); } // If GetContentTypeCore is called before GetStream() // then we need to retrieve the stream to get the mime type. // That stream is then stored as _cacheStream and returned // the next time GetStreamCore() is called. if (_cacheStream != null) { #if DEBUG if (SiteOfOriginContainer._traceSwitch.Enabled) { System.Diagnostics.Trace.TraceInformation( DateTime.Now.ToLongTimeString() + " " + DateTime.Now.Millisecond + " " + System.Threading.Thread.CurrentThread.ManagedThreadId + "SiteOfOriginPart: Using Cached stream"); } #endif Stream temp = _cacheStream; _cacheStream = null; return(temp); } if (_absoluteLocation == null) { #if DEBUG if (SiteOfOriginContainer._traceSwitch.Enabled) { System.Diagnostics.Trace.TraceInformation( DateTime.Now.ToLongTimeString() + " " + DateTime.Now.Millisecond + " " + System.Threading.Thread.CurrentThread.ManagedThreadId + ": SiteOfOriginPart: Determining absolute uri for this resource"); } #endif string original = Uri.ToString(); Invariant.Assert(original[0] == '/'); string uriMinusInitialSlash = original.Substring(1); // trim leading '/' _absoluteLocation = new Uri(SiteOfOriginContainer.SiteOfOrigin, uriMinusInitialSlash); } #if DEBUG if (SiteOfOriginContainer._traceSwitch.Enabled) { System.Diagnostics.Trace.TraceInformation( DateTime.Now.ToLongTimeString() + " " + DateTime.Now.Millisecond + " " + System.Threading.Thread.CurrentThread.ManagedThreadId + ": SiteOfOriginPart: Making web request to " + _absoluteLocation); } #endif // For performance reasons it is better to open local files directly // rather than make a FileWebRequest. Stream responseStream; if (SecurityHelper.AreStringTypesEqual(_absoluteLocation.Scheme, Uri.UriSchemeFile)) { responseStream = HandleFileSource(onlyNeedContentType); } else { responseStream = HandleWebSource(onlyNeedContentType); } return(responseStream); } }
private void OpenMedia(Uri source) { string toOpen = null; if (source != null && source.IsAbsoluteUri && source.Scheme == PackUriHelper.UriSchemePack) { try { source = BaseUriHelper.ConvertPackUriToAbsoluteExternallyVisibleUri(source); } catch (InvalidOperationException) { source = null; _mediaEventsHelper.RaiseMediaFailed(new System.NotSupportedException(SR.Get(SRID.Media_PackURIsAreNotSupported, null))); } } // Setting a null source effectively disconects the MediaElement. if (source != null) { // keep whether we asserted permissions or not bool elevated = false; // get the base directory of the application; never expose this Uri appBase = SecurityHelper.GetBaseDirectory(AppDomain.CurrentDomain); // this extracts the URI to open Uri uriToOpen = ResolveUri(source, appBase); // access is allowed in the following cases (only 1 & 2 require elevation): // 1) to any HTTPS media if app is NOT coming from HTTPS // 2) to URI in the current directory of the fusion cache // 3) to site of origin media if (SecurityHelper.AreStringTypesEqual(uriToOpen.Scheme, Uri.UriSchemeHttps)) { // target is HTTPS. Then, elevate ONLY if we are NOT coming from HTTPS (=XDomain HTTPS app to HTTPS media disallowed) Uri appDeploymentUri = SecurityHelper.ExtractUriForClickOnceDeployedApp(); if (!SecurityHelper.AreStringTypesEqual(appDeploymentUri.Scheme, Uri.UriSchemeHttps)) { new WebPermission(NetworkAccess.Connect, BindUriHelper.UriToString(uriToOpen)).Assert(); elevated = true; } } else { // elevate to allow access to media in the app's directory in the fusion cache. new FileIOPermission(FileIOPermissionAccess.Read, appBase.LocalPath).Assert();// BlessedAssert elevated = true; } // demand permissions. if demands succeds, it means we are in one of the cases above. try { toOpen = DemandPermissions(uriToOpen); } finally { if (elevated) { CodeAccessPermission.RevertAssert(); } } } else { toOpen = null; } // We pass in exact same URI for which we demanded permissions so that we can be sure // there is no discrepancy between the two. HRESULT.Check(MILMedia.Open(_nativeMedia, toOpen)); }
static internal bool DoSchemeAndHostMatch(Uri first, Uri second) { // Check that both the scheme and the host match. return(SecurityHelper.AreStringTypesEqual(first.Scheme, second.Scheme) && first.Host.Equals(second.Host) == true); }