Source code

Revision control

Other Tools

1
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2
* vim: ft=cpp tw=78 sw=2 et ts=2 sts=2 cin
3
* This Source Code Form is subject to the terms of the Mozilla Public
4
* License, v. 2.0. If a copy of the MPL was not distributed with this
5
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7
#include "nsISupports.idl"
8
#include "nsIContentPolicy.idl"
9
10
interface nsIChannel;
11
interface nsIContentSecurityPolicy;
12
interface nsICookieSettings;
13
interface nsICSPEventListener;
14
interface nsINode;
15
interface nsIPrincipal;
16
interface nsIRedirectHistoryEntry;
17
interface nsIURI;
18
webidl Document;
19
webidl BrowsingContext;
20
native LoadContextRef(already_AddRefed<nsISupports>);
21
%{C++
22
#include "nsTArray.h"
23
#include "mozilla/BasePrincipal.h"
24
#include "mozilla/LoadTainting.h"
25
#include "mozilla/UniquePtr.h"
26
#include "nsStringFwd.h"
27
28
namespace mozilla {
29
namespace dom {
30
class ClientInfo;
31
class ClientSource;
32
class PerformanceStorage;
33
class ServiceWorkerDescriptor;
34
} // namespace dom
35
} // namespace mozilla
36
%}
37
38
[ref] native nsIRedirectHistoryEntryArray(const nsTArray<nsCOMPtr<nsIRedirectHistoryEntry>>);
39
native OriginAttributes(mozilla::OriginAttributes);
40
[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
41
[ref] native CStringArrayRef(const nsTArray<nsCString>);
42
[ref] native StringArrayRef(const nsTArray<nsString>);
43
[ref] native Uint64ArrayRef(const nsTArray<uint64_t>);
44
[ref] native PrincipalArrayRef(const nsTArray<nsCOMPtr<nsIPrincipal>>);
45
[ref] native const_ClientInfoRef(const mozilla::dom::ClientInfo);
46
native UniqueClientSource(mozilla::UniquePtr<mozilla::dom::ClientSource>);
47
native UniqueClientSourceMove(mozilla::UniquePtr<mozilla::dom::ClientSource>&&);
48
[ref] native const_MaybeClientInfoRef(const mozilla::Maybe<mozilla::dom::ClientInfo>);
49
[ref] native const_ServiceWorkerDescriptorRef(const mozilla::dom::ServiceWorkerDescriptor);
50
[ref] native const_MaybeServiceWorkerDescriptorRef(const mozilla::Maybe<mozilla::dom::ServiceWorkerDescriptor>);
51
[ptr] native PerformanceStoragePtr(mozilla::dom::PerformanceStorage);
52
native LoadTainting(mozilla::LoadTainting);
53
native CSPRef(already_AddRefed<nsIContentSecurityPolicy>);
54
55
typedef unsigned long nsSecurityFlags;
56
57
/**
58
* The LoadInfo object contains information about a network load, why it
59
* was started, and how we plan on using the resulting response.
60
* If a network request is redirected, the new channel will receive a new
61
* LoadInfo object. The new object will contain mostly the same
62
* information as the pre-redirect one, but updated as appropriate.
63
* For detailed information about what parts of LoadInfo are updated on
64
* redirect, see documentation on individual properties.
65
*/
66
[scriptable, builtinclass, uuid(ddc65bf9-2f60-41ab-b22a-4f1ae9efcd36)]
67
interface nsILoadInfo : nsISupports
68
{
69
/**
70
* The following five flags determine the security mode and hence what kind of
71
* security checks should be performed throughout the lifetime of the channel.
72
*
73
* * SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS
74
* * SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED
75
* * SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS
76
* * SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL
77
* * SEC_REQUIRE_CORS_DATA_INHERITS
78
*
79
* Exactly one of these flags are required to be set in order to allow
80
* the channel to perform the correct security checks (SOP, CORS, ...) and
81
* return the correct result principal. If none or more than one of these
82
* flags are set AsyncOpen will fail.
83
*/
84
85
/**
86
* Warning: Never use this flag when creating a new channel!
87
* Only use this flag if you have to create a temporary LoadInfo
88
* for performing an explicit nsIContentPolicy check, like e.g.
89
* when loading something from the cache that needs an explicit
90
* nsIContentPolicy check. In all other cases pick one of the
91
* security flags underneath.
92
*/
93
const unsigned long SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK = 0;
94
95
/*
96
* Enforce the same origin policy where data: loads inherit the principal.
97
* See the documentation for principalToInherit, which describes exactly what
98
* principal is inherited.
99
*/
100
const unsigned long SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS = (1<<0);
101
102
/*
103
* Enforce the same origin policy but data: loads are blocked.
104
*/
105
const unsigned long SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED = (1<<1);
106
107
/**
108
* Allow loads from other origins. Loads from data: will inherit the
109
* principal. See the documentation for principalToInherit, which describes
110
* exactly what principal is inherited.
111
*
112
* Commonly used by plain <img>, <video>, <link rel=stylesheet> etc.
113
*/
114
const unsigned long SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS = (1<<2);
115
116
/**
117
* Allow loads from other origins. Loads from data: will be allowed,
118
* but the resulting resource will get a null principal.
119
* Used in blink/webkit for <iframe>s. Likely also the mode
120
* that should be used by most Chrome code.
121
*/
122
const unsigned long SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL = (1<<3);
123
124
/**
125
* Allow loads from any origin, but require CORS for cross-origin loads.
126
* Loads from data: are allowed and the result will inherit the principal.
127
* See the documentation for principalToInherit, which describes exactly what
128
* principal is inherited.
129
*
130
* Commonly used by <img crossorigin>, <video crossorigin>,
131
* XHR, fetch(), etc.
132
*/
133
const unsigned long SEC_REQUIRE_CORS_DATA_INHERITS = (1<<4);
134
135
/**
136
* Choose cookie policy. The default policy is equivalent to "INCLUDE" for
137
* SEC_REQUIRE_SAME_ORIGIN_* and SEC_ALLOW_CROSS_ORIGIN_* modes, and
138
* equivalent to "SAME_ORIGIN" for SEC_REQUIRE_CORS_DATA_INHERITS mode.
139
*
140
* This means that if you want to perform a CORS load with credentials, pass
141
* SEC_COOKIES_INCLUDE.
142
*
143
* Note that these flags are still subject to the user's cookie policies.
144
* For example, if the user is blocking 3rd party cookies, those cookies
145
* will be blocked no matter which of these flags are set.
146
*/
147
const unsigned long SEC_COOKIES_DEFAULT = (0 << 5);
148
const unsigned long SEC_COOKIES_INCLUDE = (1 << 5);
149
const unsigned long SEC_COOKIES_SAME_ORIGIN = (2 << 5);
150
const unsigned long SEC_COOKIES_OMIT = (3 << 5);
151
152
/**
153
* Force inheriting of the principal. See the documentation for
154
* principalToInherit, which describes exactly what principal is inherited.
155
*
156
* Setting this flag will cause GetChannelResultPrincipal to return the
157
* principal to be inherited as the channel principal.
158
*
159
* This will happen independently of the scheme of the URI that the
160
* channel is loading.
161
*
162
* So if the principal that gets inherited is "http://a.com/", and the channel
163
* is loading the URI "http://b.com/whatever", GetChannelResultPrincipal
164
* will return a principal from "http://a.com/".
165
*
166
* This flag can not be used together with SEC_SANDBOXED. If both are passed
167
* to the LoadInfo constructor then this flag will be dropped. If you need
168
* to know whether this flag would have been present but was dropped due to
169
* sandboxing, check for the forceInheritPrincipalDropped flag.
170
*/
171
const unsigned long SEC_FORCE_INHERIT_PRINCIPAL = (1<<7);
172
173
/**
174
* Sandbox the load. The resulting resource will use a freshly created
175
* null principal. So GetChannelResultPrincipal will always return a
176
* null principal whenever this flag is set.
177
*
178
* This will happen independently of the scheme of the URI that the
179
* channel is loading.
180
*
181
* This flag can not be used together with SEC_FORCE_INHERIT_PRINCIPAL.
182
*/
183
const unsigned long SEC_SANDBOXED = (1<<8);
184
185
/**
186
* Inherit the Principal for about:blank.
187
*/
188
const unsigned long SEC_ABOUT_BLANK_INHERITS = (1<<9);
189
190
/**
191
* Allow access to chrome: packages that are content accessible.
192
*/
193
const unsigned long SEC_ALLOW_CHROME = (1<<10);
194
195
/**
196
* Disallow access to javascript: uris.
197
*/
198
const unsigned long SEC_DISALLOW_SCRIPT = (1<<11);
199
200
/**
201
* Don't follow redirects. Instead the redirect response is returned
202
* as a successful response for the channel.
203
*
204
* Redirects not initiated by a server response, i.e. REDIRECT_INTERNAL and
205
* REDIRECT_STS_UPGRADE, are still followed.
206
*
207
* Note: If this flag is set and the channel response is a redirect, then
208
* the response body might not be available.
209
* This can happen if the redirect was cached.
210
*/
211
const unsigned long SEC_DONT_FOLLOW_REDIRECTS = (1<<12);
212
213
/**
214
* Load an error page, it should be one of following : about:neterror,
215
* about:certerror, about:blocked, about:tabcrashed or about:restartrequired.
216
*/
217
const unsigned long SEC_LOAD_ERROR_PAGE = (1<<13);
218
219
/**
220
* Force inheriting of the principal, overruling any owner that might be set
221
* on the channel. (Please note that channel.owner is deprecated and will be
222
* removed within Bug 1286838). See the documentation for principalToInherit,
223
* which describes exactly what principal is inherited.
224
*
225
* Setting this flag will cause GetChannelResultPrincipal to return the
226
* principal to be inherited as the channel principal.
227
*
228
* This will happen independently of the scheme of the URI that the
229
* channel is loading.
230
*/
231
const unsigned long SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER = (1<<14);
232
233
/**
234
* This is the principal of the network request's caller/requester where
235
* the resulting resource will be used. I.e. it is the principal which
236
* will get access to the result of the request. (Where "get access to"
237
* might simply mean "embed" depending on the type of resource that is
238
* loaded).
239
*
240
* For example for an image, it is the principal of the document where
241
* the image is rendered. For a stylesheet it is the principal of the
242
* document where the stylesheet will be applied.
243
*
244
* So if document at http://a.com/page.html loads an image from
245
* http://b.com/pic.jpg, then loadingPrincipal will be
247
*
248
* For <iframe> and <frame> loads, the LoadingPrincipal is the
249
* principal of the parent document. For top-level loads, the
250
* LoadingPrincipal is null. For all loads except top-level loads
251
* the LoadingPrincipal is never null.
252
*
253
* If the loadingPrincipal is the system principal, no security checks
254
* will be done at all. There will be no security checks on the initial
255
* load or any subsequent redirects. This means there will be no
256
* nsIContentPolicy checks or any CheckLoadURI checks. Because of
257
* this, never set the loadingPrincipal to the system principal when
258
* the URI to be loaded is controlled by a webpage.
259
* If the loadingPrincipal and triggeringPrincipal are both
260
* codebase-principals, then we will always call into
261
* nsIContentPolicies and CheckLoadURI. The call to nsIContentPolicies
262
* and CheckLoadURI happen even if the URI to be loaded is same-origin
263
* with the loadingPrincipal or triggeringPrincipal.
264
*/
265
readonly attribute nsIPrincipal loadingPrincipal;
266
267
/**
268
* A C++-friendly version of loadingPrincipal.
269
*/
270
[noscript, notxpcom, nostdcall, binaryname(LoadingPrincipal)]
271
nsIPrincipal binaryLoadingPrincipal();
272
273
/**
274
* This is the principal which caused the network load to start. I.e.
275
* this is the principal which provided the URL to be loaded. This is
276
* often the same as the LoadingPrincipal, but there are a few cases
277
* where that's not true.
278
*
279
* For example for loads into an <iframe>, the LoadingPrincipal is always
280
* the principal of the parent document. However the triggeringPrincipal
281
* is the principal of the document which provided the URL that the
282
* <iframe> is navigating to. This could be the previous document inside
283
* the <iframe> which set document.location. Or a document elsewhere in
284
* the frame tree which contained a <a target="..."> which targetted the
285
* <iframe>.
286
*
287
* If a stylesheet links to a sub-resource, like an @imported stylesheet,
288
* or a background image, then the triggeringPrincipal is the principal
289
* of the stylesheet, while the LoadingPrincipal is the principal of the
290
* document being styled.
291
*
292
* The triggeringPrincipal is never null.
293
*
294
* If the triggeringPrincipal is the system principal, no security checks
295
* will be done at all. There will be no security checks on the initial
296
* load or any subsequent redirects. This means there will be no
297
* nsIContentPolicy checks or any CheckLoadURI checks. Because of
298
* this, never set the triggeringPrincipal to the system principal when
299
* the URI to be loaded is controlled by a webpage.
300
* If the loadingPrincipal and triggeringPrincipal are both
301
* codebase-principals, then we will always call into
302
* nsIContentPolicies and CheckLoadURI. The call to nsIContentPolicies
303
* and CheckLoadURI happen even if the URI to be loaded is same-origin
304
* with the loadingPrincipal or triggeringPrincipal.
305
*/
306
readonly attribute nsIPrincipal triggeringPrincipal;
307
308
/**
309
* A C++-friendly version of triggeringPrincipal.
310
*/
311
[noscript, notxpcom, nostdcall, binaryname(TriggeringPrincipal)]
312
nsIPrincipal binaryTriggeringPrincipal();
313
314
/**
315
* For non-document loads the principalToInherit is always null. For
316
* loads of type TYPE_DOCUMENT or TYPE_SUBDOCUMENT the principalToInherit
317
* might be null. If it's non null, then this is the principal that is
318
* inherited if a principal needs to be inherited. If the principalToInherit
319
* is null but the inherit flag is set, then the triggeringPrincipal is
320
* the principal that is inherited.
321
*/
322
attribute nsIPrincipal principalToInherit;
323
324
/**
325
* A C++-friendly version of principalToInherit.
326
*/
327
[noscript, notxpcom, nostdcall, binaryname(PrincipalToInherit)]
328
nsIPrincipal binaryPrincipalToInherit();
329
330
/**
331
* Finds the correct principal to inherit for the given channel, based on
332
* the values of PrincipalToInherit and TriggeringPrincipal.
333
*/
334
[noscript, notxpcom, nostdcall]
335
nsIPrincipal FindPrincipalToInherit(in nsIChannel aChannel);
336
337
/**
338
* This is the ownerDocument of the LoadingNode. Unless the LoadingNode
339
* is a Document, in which case the LoadingDocument is the same as the
340
* LoadingNode.
341
*
342
* For top-level loads, and for loads originating from workers, the
343
* LoadingDocument is null. When the LoadingDocument is not null, the
344
* LoadingPrincipal is set to the principal of the LoadingDocument.
345
*/
346
readonly attribute Document loadingDocument;
347
348
/**
349
* A C++-friendly version of loadingDocument (loadingNode).
350
* This is the Node where the resulting resource will be used. I.e. it is
351
* the Node which will get access to the result of the request. (Where
352
* "get access to" might simply mean "embed" depending on the type of
353
* resource that is loaded).
354
*
355
* For example for an <img>/<video> it is the image/video element. For
356
* document loads inside <iframe> and <frame>s, the LoadingNode is the
357
* <iframe>/<frame> element. For an XMLHttpRequest, it is the Document
358
* which contained the JS which initiated the XHR. For a stylesheet, it
359
* is the Document that contains <link rel=stylesheet>.
360
*
361
* For loads triggered by the HTML pre-parser, the LoadingNode is the
362
* Document which is currently being parsed.
363
*
364
* For top-level loads, and for loads originating from workers, the
365
* LoadingNode is null. If the LoadingNode is non-null, then the
366
* LoadingPrincipal is the principal of the LoadingNode.
367
*/
368
[noscript, notxpcom, nostdcall, binaryname(LoadingNode)]
369
nsINode binaryLoadingNode();
370
371
/**
372
* A C++ friendly version of the loadingContext for toplevel loads.
373
* Most likely you want to query the ownerDocument or LoadingNode
374
* and not this context only available for TYPE_DOCUMENT loads.
375
* Please note that except for loads of TYPE_DOCUMENT, this
376
* ContextForTopLevelLoad will always return null.
377
*/
378
[noscript, notxpcom, nostdcall, binaryname(ContextForTopLevelLoad)]
379
LoadContextRef binaryContextForTopLevelLoad();
380
381
/**
382
* For all loads except loads of TYPE_DOCUMENT, the loadingContext
383
* simply returns the loadingNode. For loads of TYPE_DOCUMENT this
384
* will return the context available for top-level loads which
385
* do not have a loadingNode.
386
*/
387
[binaryname(LoadingContextXPCOM)]
388
readonly attribute nsISupports loadingContext;
389
390
/**
391
* A C++ friendly version of the loadingContext.
392
*/
393
[noscript, notxpcom, nostdcall, binaryname(GetLoadingContext)]
394
LoadContextRef binaryGetLoadingContext();
395
396
/**
397
* The securityFlags of that channel.
398
*/
399
readonly attribute nsSecurityFlags securityFlags;
400
401
%{ C++
402
inline nsSecurityFlags GetSecurityFlags()
403
{
404
nsSecurityFlags result;
405
mozilla::DebugOnly<nsresult> rv = GetSecurityFlags(&result);
406
MOZ_ASSERT(NS_SUCCEEDED(rv));
407
return result;
408
}
409
%}
410
411
/**
412
* Allows to query only the security mode bits from above.
413
*/
414
[infallible] readonly attribute unsigned long securityMode;
415
416
/**
417
* True if this request is embedded in a context that can't be third-party
418
* (i.e. an iframe embedded in a cross-origin parent window). If this is
419
* false, then this request may be third-party if it's a third-party to
420
* loadingPrincipal.
421
*/
422
[infallible] readonly attribute boolean isInThirdPartyContext;
423
424
/**
425
* See the SEC_COOKIES_* flags above. This attribute will never return
426
* SEC_COOKIES_DEFAULT, but will instead return what the policy resolves to.
427
* I.e. SEC_COOKIES_SAME_ORIGIN for CORS mode, and SEC_COOKIES_INCLUDE
428
* otherwise.
429
*/
430
[infallible] readonly attribute unsigned long cookiePolicy;
431
432
/**
433
* The cookie settings inherited from the top-level document's loadInfo.
434
* It cannot be null.
435
*/
436
attribute nsICookieSettings cookieSettings;
437
438
/**
439
* If forceInheritPrincipal is true, the data coming from the channel should
440
* inherit its principal, even when the data is loaded over http:// or another
441
* protocol that would normally use a URI-based principal.
442
*
443
* See the documentation for principalToInherit, which describes exactly what
444
* principal is inherited.
445
*
446
* This attribute will never be true when loadingSandboxed is true.
447
*/
448
[infallible] readonly attribute boolean forceInheritPrincipal;
449
450
/**
451
* If forceInheritPrincipalOverruleOwner is true, the data coming from the
452
* channel should inherit the principal, even when the data is loaded over
453
* http:// or another protocol that would normally use a URI-based principal
454
* and even if the channel's .owner is not null. This last is the difference
455
* between forceInheritPrincipalOverruleOwner and forceInheritPrincipal: the
456
* latter does _not_ overrule the .owner setting.
457
*
458
* See the documentation for principalToInherit, which describes exactly what
459
* principal is inherited.
460
*/
461
[infallible] readonly attribute boolean forceInheritPrincipalOverruleOwner;
462
463
/**
464
* If loadingSandboxed is true, the data coming from the channel is
465
* being loaded sandboxed, so it should have a nonce origin and
466
* hence should use a NullPrincipal.
467
*/
468
[infallible] readonly attribute boolean loadingSandboxed;
469
470
/**
471
* If aboutBlankInherits is true, then about:blank should inherit
472
* the principal.
473
*/
474
[infallible] readonly attribute boolean aboutBlankInherits;
475
476
/**
477
* If allowChrome is true, then use nsIScriptSecurityManager::ALLOW_CHROME
478
* when calling CheckLoadURIWithPrincipal().
479
*/
480
[infallible] readonly attribute boolean allowChrome;
481
482
/**
483
* If disallowScript is true, then use nsIScriptSecurityManager::DISALLOW_SCRIPT
484
* when calling CheckLoadURIWithPrincipal().
485
*/
486
[infallible] readonly attribute boolean disallowScript;
487
488
/**
489
* Returns true if SEC_DONT_FOLLOW_REDIRECTS is set.
490
*/
491
[infallible] readonly attribute boolean dontFollowRedirects;
492
493
/**
494
* Returns true if SEC_LOAD_ERROR_PAGE is set.
495
*/
496
[infallible] readonly attribute boolean loadErrorPage;
497
498
/**
499
* Returns true if this is a non-subresource request that was triggered
500
* by docshell with the LOAD_CMD_RELOAD flag set. Note, this is more
501
* specific than looking at the load flags which indicate whether to
502
* bypass the http cache. The load flags can be set for other reasons,
503
* so they can't be used to infer this value.
504
*/
505
[infallible] attribute boolean isDocshellReload;
506
507
/**
508
* The external contentPolicyType of the channel, used for security checks
509
* like Mixed Content Blocking and Content Security Policy.
510
*
511
* Specifically, content policy types with _INTERNAL_ in their name will
512
* never get returned from this attribute.
513
*/
514
readonly attribute nsContentPolicyType externalContentPolicyType;
515
516
/**
517
* CSP uses this parameter to send or not CSP violation events.
518
* Default value: true.
519
*/
520
[infallible] attribute boolean sendCSPViolationEvents;
521
522
%{ C++
523
inline nsContentPolicyType GetExternalContentPolicyType()
524
{
525
nsContentPolicyType result;
526
mozilla::DebugOnly<nsresult> rv = GetExternalContentPolicyType(&result);
527
MOZ_ASSERT(NS_SUCCEEDED(rv));
528
return result;
529
}
530
%}
531
532
/**
533
* The internal contentPolicyType of the channel, used for constructing
534
* RequestContext values when creating a fetch event for an intercepted
535
* channel.
536
*
537
* This should not be used for the purposes of security checks, since
538
* the content policy implementations cannot be expected to deal with
539
* _INTERNAL_ values. Please use the contentPolicyType attribute above
540
* for that purpose.
541
*/
542
[noscript, notxpcom]
543
nsContentPolicyType internalContentPolicyType();
544
545
/**
546
* Returns true if document or any of the documents ancestors
547
* up to the toplevel document make use of the CSP directive
548
* 'upgrade-insecure-requests'. Used to identify upgrade
549
* requests in e10s where the loadingDocument is not available.
550
*
551
* Warning: If the loadingDocument is null, then the
552
* upgradeInsecureRequests is false.
553
*/
554
[infallible] readonly attribute boolean upgradeInsecureRequests;
555
556
/**
557
* Returns true if the the page is https and the content is upgradable from http
558
* requires 'security.mixed_content.upgrade_display_content' pref to be true.
559
* Currently this only upgrades display content but might be expanded to other loads.
560
* This is very similar in implementation to upgradeInsecureRequests but browser set.
561
*/
562
[infallible] readonly attribute boolean browserUpgradeInsecureRequests;
563
564
/**
565
* Returns true if the the page is https and the content is upgradable from http
566
* requires 'security.mixed_content.upgrade_display_content' pref to be false.
567
* See browserUpgradeInsecureRequests for more details, this only happens
568
* when *not* upgrading purely for telemetry.
569
*/
570
[infallible] readonly attribute boolean browserWouldUpgradeInsecureRequests;
571
572
/**
573
* If true, toplevel data: URI navigation is allowed
574
*/
575
[infallible] attribute boolean forceAllowDataURI;
576
577
/**
578
* If true, insecure redirects to a data: URI are allowed.
579
*/
580
[infallible] attribute boolean allowInsecureRedirectToDataURI;
581
582
/**
583
* If true, CORS checks will be skipped.
584
*/
585
[infallible] attribute boolean bypassCORSChecks;
586
587
/**
588
* If true, the content policy security check is excluded from web requests.
589
*/
590
[infallible] attribute boolean skipContentPolicyCheckForWebRequest;
591
592
/**
593
* If true, this is the load of a frame's original src attribute
594
*/
595
[infallible] attribute boolean originalFrameSrcLoad;
596
597
/**
598
* The SEC_FORCE_INHERIT_PRINCIPAL flag may be dropped when a load info
599
* object is created. Specifically, it will be dropped if the SEC_SANDBOXED
600
* flag is also present. This flag is set if SEC_FORCE_INHERIT_PRINCIPAL was
601
* dropped.
602
*/
603
[infallible] readonly attribute boolean forceInheritPrincipalDropped;
604
605
/**
606
* These are the window IDs of the window in which the element being
607
* loaded lives. parentOuterWindowID is the window ID of this window's
608
* parent. topOuterWindowID is the ID of the top-level window of the same
609
* docShell type.
610
*
611
* Note that these window IDs can be 0 if the window is not
612
* available. parentOuterWindowID and topOuterWindowID will be the same as
613
* outerWindowID if the window has no parent.
614
*/
615
[infallible] readonly attribute unsigned long long innerWindowID;
616
[infallible] readonly attribute unsigned long long outerWindowID;
617
[infallible] readonly attribute unsigned long long parentOuterWindowID;
618
[infallible] readonly attribute unsigned long long topOuterWindowID;
619
620
/**
621
* Only when the element being loaded is <frame src="foo.html">
622
* (or, more generally, if the element QIs to nsFrameLoaderOwner),
623
* the frameOuterWindowID is the outer window containing the
624
* foo.html document.
625
*
626
* Note: For other cases, frameOuterWindowID is 0.
627
*/
628
[infallible] readonly attribute unsigned long long frameOuterWindowID;
629
630
/**
631
* The BrowsingContext performing the load for this nsILoadInfo object.
632
*/
633
[infallible] readonly attribute unsigned long long browsingContextID;
634
readonly attribute BrowsingContext browsingContext;
635
636
/**
637
* Like `frameOuterWindowID`, however returning the BrowsingContextID
638
* instead.
639
*/
640
[infallible] readonly attribute unsigned long long frameBrowsingContextID;
641
readonly attribute BrowsingContext frameBrowsingContext;
642
643
/**
644
* Resets the PrincipalToInherit to a freshly created NullPrincipal
645
* which inherits the origin attributes from the loadInfo.
646
*
647
* WARNING: Please only use that function if you know exactly what
648
* you are doing!!!
649
*/
650
void resetPrincipalToInheritToNullPrincipal();
651
652
/**
653
* Customized OriginAttributes within LoadInfo to allow overwriting of the
654
* default originAttributes from the loadingPrincipal.
655
*
656
* In chrome side, originAttributes.privateBrowsingId will always be 0 even if
657
* the usePrivateBrowsing is true, because chrome docshell won't set
658
* privateBrowsingId on origin attributes (See bug 1278664). This is to make
659
* sure nsILoadInfo and nsILoadContext have the same origin attributes.
660
*/
661
[implicit_jscontext, binaryname(ScriptableOriginAttributes)]
662
attribute jsval originAttributes;
663
664
[noscript, nostdcall, binaryname(GetOriginAttributes)]
665
OriginAttributes binaryGetOriginAttributes();
666
667
[noscript, nostdcall, binaryname(SetOriginAttributes)]
668
void binarySetOriginAttributes(in const_OriginAttributesRef aOriginAttrs);
669
670
%{ C++
671
inline mozilla::OriginAttributes GetOriginAttributes()
672
{
673
mozilla::OriginAttributes result;
674
mozilla::DebugOnly<nsresult> rv = GetOriginAttributes(&result);
675
MOZ_ASSERT(NS_SUCCEEDED(rv));
676
return result;
677
}
678
%}
679
680
/**
681
* Whenever a channel is evaluated by the ContentSecurityManager
682
* the first time, we set this flag to true to indicate that
683
* subsequent calls of AsyncOpen() do not have to enforce all
684
* security checks again. E.g., after a redirect there is no
685
* need to set up CORS again. We need this separate flag
686
* because the redirectChain might also contain internal
687
* redirects which might pollute the redirectChain so we can't
688
* rely on the size of the redirectChain-array to query whether
689
* a channel got redirected or not.
690
*
691
* Please note, once the flag is set to true it must remain true
692
* throughout the lifetime of the channel. Trying to set it
693
* to anything else than true will be discarded.
694
*
695
*/
696
[infallible] attribute boolean initialSecurityCheckDone;
697
698
/**
699
* Returns true if the load was triggered from an external application
700
* (e.g. Thunderbird). Please note that this flag will only ever be true
701
* if the load is of TYPE_DOCUMENT.
702
*/
703
[infallible] attribute boolean loadTriggeredFromExternal;
704
705
/**
706
* True if the tainting has been set by the service worker.
707
*/
708
[noscript, infallible] readonly attribute boolean serviceWorkerTaintingSynthesized;
709
710
/**
711
* Whenever a channel gets redirected, append the redirect history entry of
712
* the channel which contains principal referrer and remote address [before
713
* the channels got redirected] to the loadinfo, so that at every point this
714
* array provides us information about all the redirects this channel went
715
* through.
716
* @param entry, the nsIRedirectHistoryEntry before the channel
717
* got redirected.
718
* @param aIsInternalRedirect should be true if the channel is going
719
* through an internal redirect, otherwise false.
720
*/
721
void appendRedirectHistoryEntry(in nsIRedirectHistoryEntry entry,
722
in boolean isInternalRedirect);
723
724
/**
725
* An array of nsIRedirectHistoryEntry which stores redirects associated
726
* with this channel. This array is filled whether or not the channel has
727
* ever been opened. The last element of the array is associated with the
728
* most recent redirect. Please note, that this array *includes* internal
729
* redirects.
730
*/
731
[implicit_jscontext]
732
readonly attribute jsval redirectChainIncludingInternalRedirects;
733
734
/**
735
* A C++-friendly version of redirectChain.
736
* Please note that this array has the same lifetime as the
737
* loadInfo object - use with caution!
738
*/
739
[noscript, notxpcom, nostdcall, binaryname(RedirectChainIncludingInternalRedirects)]
740
nsIRedirectHistoryEntryArray binaryRedirectChainIncludingInternalRedirects();
741
742
/**
743
* Same as RedirectChain but does *not* include internal redirects.
744
*/
745
[implicit_jscontext]
746
readonly attribute jsval redirectChain;
747
748
/**
749
* A C++-friendly version of redirectChain.
750
* Please note that this array has the same lifetime as the
751
* loadInfo object - use with caution!
752
*/
753
[noscript, notxpcom, nostdcall, binaryname(RedirectChain)]
754
nsIRedirectHistoryEntryArray binaryRedirectChain();
755
756
/**
757
* An array of nsIPrincipals which stores the principals of the parent frames,
758
* not including the frame loading this request. The closest ancestor is at
759
* index zero and the top level ancestor is at the last index.
760
*
761
* The ancestorPrincipals[0] entry for an iframe load will be the principal of
762
* the iframe element's owner document.
763
* The ancestorPrincipals[0] entry for an image loaded in an iframe will be the
764
* principal of the iframe element's owner document.
765
*
766
* See Document::AncestorPrincipals for more information.
767
*
768
* Please note that this array has the same lifetime as the
769
* loadInfo object - use with caution!
770
*/
771
[noscript, notxpcom, nostdcall]
772
PrincipalArrayRef AncestorPrincipals();
773
774
775
/**
776
* An array of outerWindowIDs which correspond to nsILoadInfo::AncestorPrincipals
777
* above. AncestorOuterWindowIDs[0] is the outerWindowID of the frame
778
* associated with the principal at ancestorPrincipals[0], and so forth.
779
*
780
* Please note that this array has the same lifetime as the
781
* loadInfo object - use with caution!
782
*/
783
[noscript, notxpcom, nostdcall]
784
Uint64ArrayRef AncestorOuterWindowIDs();
785
786
/**
787
* Sets the list of unsafe headers according to CORS spec, as well as
788
* potentially forces a preflight.
789
* Note that you do not need to set the Content-Type header. That will be
790
* automatically detected as needed.
791
*
792
* Only call this function when using the SEC_REQUIRE_CORS_DATA_INHERITS mode.
793
*/
794
[noscript, notxpcom, nostdcall]
795
void setCorsPreflightInfo(in CStringArrayRef unsafeHeaders,
796
in boolean forcePreflight);
797
798
/**
799
* A C++-friendly getter for the list of cors-unsafe headers.
800
* Please note that this array has the same lifetime as the
801
* loadInfo object - use with caution!
802
*/
803
[noscript, notxpcom, nostdcall, binaryname(CorsUnsafeHeaders)]
804
CStringArrayRef corsUnsafeHeaders();
805
806
/**
807
* Returns value set through setCorsPreflightInfo.
808
*/
809
[infallible] readonly attribute boolean forcePreflight;
810
811
/**
812
* A C++ friendly getter for the forcePreflight flag.
813
*/
814
[infallible] readonly attribute boolean isPreflight;
815
816
/**
817
* Constants reflecting the channel tainting. These are mainly defined here
818
* for script. Internal C++ code should use the enum defined in LoadTainting.h.
819
* See LoadTainting.h for documentation.
820
*/
821
const unsigned long TAINTING_BASIC = 0;
822
const unsigned long TAINTING_CORS = 1;
823
const unsigned long TAINTING_OPAQUE = 2;
824
825
/**
826
* Determine the associated channel's current tainting. Note, this can
827
* change due to a service worker intercept, so it should be checked after
828
* OnStartRequest() fires.
829
*/
830
readonly attribute unsigned long tainting;
831
832
/**
833
* Note a new tainting level and possibly increase the current tainting
834
* to match. If the tainting level is already greater than the given
835
* value, then there is no effect. It is not possible to reduce the tainting
836
* level on an existing channel/loadinfo.
837
*/
838
void maybeIncreaseTainting(in unsigned long aTainting);
839
840
/**
841
* Various helper code to provide more convenient C++ access to the tainting
842
* attribute and maybeIncreaseTainting().
843
*/
844
%{C++
845
static_assert(TAINTING_BASIC == static_cast<uint32_t>(mozilla::LoadTainting::Basic),
846
"basic tainting enums should match");
847
static_assert(TAINTING_CORS == static_cast<uint32_t>(mozilla::LoadTainting::CORS),
848
"cors tainting enums should match");
849
static_assert(TAINTING_OPAQUE == static_cast<uint32_t>(mozilla::LoadTainting::Opaque),
850
"opaque tainting enums should match");
851
852
mozilla::LoadTainting GetTainting()
853
{
854
uint32_t tainting = TAINTING_BASIC;
855
MOZ_ALWAYS_SUCCEEDS(GetTainting(&tainting));
856
return static_cast<mozilla::LoadTainting>(tainting);
857
}
858
859
void MaybeIncreaseTainting(mozilla::LoadTainting aTainting)
860
{
861
uint32_t tainting = static_cast<uint32_t>(aTainting);
862
MOZ_ALWAYS_SUCCEEDS(MaybeIncreaseTainting(tainting));
863
}
864
%}
865
866
/**
867
* Returns true if this load is for top level document.
868
* Note that the load for a sub-frame's document will return false here.
869
*/
870
[infallible] readonly attribute boolean isTopLevelLoad;
871
872
/**
873
* If this is non-null, this property represents two things: (1) the
874
* URI to be used for the principal if the channel with this loadinfo
875
* gets a principal based on URI and (2) the URI to use for a document
876
* created from the channel with this loadinfo.
877
*/
878
attribute nsIURI resultPrincipalURI;
879
880
/**
881
* Returns the null principal of the resulting resource if the SEC_SANDBOXED
882
* flag is set. Otherwise returns null. This is used by
883
* GetChannelResultPrincipal() to ensure that the same null principal object
884
* is returned every time.
885
*/
886
[notxpcom, nostdcall] readonly attribute nsIPrincipal sandboxedLoadingPrincipal;
887
888
/**
889
* Return the top-level principal, which is the principal of the top-level
890
* window.
891
*/
892
[notxpcom, nostdcall] readonly attribute nsIPrincipal topLevelPrincipal;
893
894
/**
895
* Return the top-level storage area principal, which is the principal of
896
* the top-level window if it's not a 3rd party context, non tracking
897
* resource.
898
*/
899
[notxpcom, nostdcall] readonly attribute nsIPrincipal topLevelStorageAreaPrincipal;
900
901
/**
902
* Note which client (i.e. global) initiated this network request. All
903
* nsGlobalWindow and WorkerPrivate can be converted to a ClientInfo to
904
* be set here. While this is being added to support service worker
905
* FetchEvent, it can also be used to communicate other information about
906
* the source global context in the future.
907
*/
908
[noscript, nostdcall, notxpcom]
909
void SetClientInfo(in const_ClientInfoRef aClientInfo);
910
911
/**
912
* Get the ClientInfo for the global that initiated the network request,
913
* if it has been set.
914
*/
915
[noscript, nostdcall, notxpcom]
916
const_MaybeClientInfoRef GetClientInfo();
917
918
/**
919
* Give a pre-allocated ClientSource to the channel LoadInfo. This is
920
* intended to be used by docshell when loading windows without an
921
* initial about:blank document. The docshell will allocate the ClientSource
922
* to represent the client that will be created as a result of the navigation
923
* network request. If the channel succeeds and remains same-origin, then
924
* the result nsGlobalWindow will take ownership of the reserved ClientSource.
925
*
926
* This method is also called when a cross-origin redirect occurs. A new
927
* ClientSource with a different UUID must be created in this case.
928
*
929
* This method automatically calls SetReservedClientInfo() with the
930
* ClientSource::Info().
931
*/
932
[noscript, nostdcall, notxpcom]
933
void GiveReservedClientSource(in UniqueClientSourceMove aClientSource);
934
935
/**
936
* This method takes ownership of the reserved ClientSource previously
937
* provided in GiveReservedClientSource(). It may return nullptr if the
938
* nsILoadInfo does not own a ClientSource object.
939
*/
940
[noscript, nostdcall, notxpcom]
941
UniqueClientSource TakeReservedClientSource();
942
943
/**
944
* Note the reserved client that be created if this non-subresource
945
* network request succeeds. Depending on the type of client this
946
* may be called directly or indirectly via GiveReservedClientSource().
947
* For example, web workers do not call give their ClientSource to
948
* the nsILoadInfo, but must still call this method to indicate the
949
* reserved client for their main script load.
950
*/
951
[noscript, nostdcall, notxpcom]
952
void SetReservedClientInfo(in const_ClientInfoRef aClientInfo);
953
954
/**
955
* This will clear any existing reserved or initial client and override
956
* it with the given reserved client. This is similar to calling
957
* TakeReservedClientSource() and then GiveReservedClientSource() with
958
* a new client as ClientChannelHelper does. This method is needed,
959
* though, to perform this operation in the parent process where
960
* the LoadInfo does not have direct access to a ClientSource.
961
*
962
* If in doubt, do not call this method. Its really only needed for
963
* a specific redirect case where the child has created a new client on
964
* redirect and we need to override the parent side's reserved client
965
* to match.
966
*/
967
[noscript, nostdcall, notxpcom]
968
void OverrideReservedClientInfoInParent(in const_ClientInfoRef aClientInfo);
969
970
/**
971
* Return the reserved ClientInfo for this load, if one has been set.
972
*/
973
[noscript, nostdcall, notxpcom]
974
const_MaybeClientInfoRef GetReservedClientInfo();
975
976
/**
977
* Note that this non-subresource network request will result in
978
* re-using an existing "initial" active client. This mainly only
979
* happens when an initial about:blank document is replaced with
980
* a real load in a window. In these cases we need to track this
981
* initial client so that we may report its existence in a FetchEvent.
982
*
983
* Note, an nsILoadInfo may only have a reserved client or an
984
* initial client. It should never have both.
985
*/
986
[noscript, nostdcall, notxpcom]
987
void SetInitialClientInfo(in const_ClientInfoRef aClientInfo);
988
989
/**
990
* Return the initial ClientInfo for this load, if one has been set.
991
*/
992
[noscript, nostdcall, notxpcom]
993
const_MaybeClientInfoRef GetInitialClientInfo();
994
995
/**
996
* Note that this network request should be controlled by a service worker.
997
* For non-subresource requests this may be set during the load when
998
* the first service worker interception occurs. For subresource requests
999
* it may be set by the source client if its already controlled by a
1000
* service worker.
1001
*/
1002
[noscript, nostdcall, notxpcom]
1003
void SetController(in const_ServiceWorkerDescriptorRef aServiceWorker);
1004
1005
/**
1006
* Clear the service worker controller for this channel. This should only
1007
* be used for window navigation redirects. By default we want to keep
1008
* the controller in all other cases.
1009
*/
1010
[noscript, nostdcall, notxpcom]
1011
void ClearController();
1012
1013
/**
1014
* Get the service worker controlling this network request, if one has
1015
* been set.
1016
*/
1017
[noscript, nostdcall, notxpcom]
1018
const_MaybeServiceWorkerDescriptorRef GetController();
1019
1020
/**
1021
* Set a custom performance storage. This is meant to be executed only for
1022
* workers. If a PerformanceStorage is not set, the loadingDocument->Window
1023
* Performance object will be used instead.
1024
*/
1025
[noscript, nostdcall, notxpcom]
1026
void SetPerformanceStorage(in PerformanceStoragePtr aPerformanceStorage);
1027
1028
/**
1029
* Get the PerformanceStorage.
1030
*/
1031
[noscript, nostdcall, notxpcom]
1032
PerformanceStoragePtr GetPerformanceStorage();
1033
1034
/**
1035
* Returns the CSP (or Preload CSP for preloads) which should be enforced
1036
* when fetching the resource this loadinfo belongs to.
1037
*
1038
* a) Non-navigations:
1039
* For non-navigation loads, GetCSP() returns what the spec refers to as the
1040
* "request's client's global object's CSP list". In practice, if this is the
1041
* loadinfo of a subresource load (e.g an image load), then GetCSP() or
1042
* GetPreloadCSP() returns the CSP of the document which embeds the image.
1043
* The returned CSP includes any policy delivered through the HTTP header or
1044
* also through the meta tag (modulo the difference for preloads, e.g. image
1045
* preloads have to query GetPreloadCsp() because at the time of preloading
1046
* we are not entirely sure if the Meta CSP will be applied to the document
1047
* in the end or not). Please note that GetCSPToInherit() called on a
1048
* loadinfo for any non-navigation always returns null.
1049
*
1050
* b) Navigations:
1051
* * Top-level loads:
1052
* For top-level loads (navigations) GetCSP() will return null, unless
1053
* the navigation is started by a WebExtension, in which case it will
1054
* return the CSP of the webextension, if any.
1055
* If you need to query the CSP that potentially should apply to the
1056
* new top-level load, you have to query GetCspToInherit(), which is
1057
* the CSP of the request's client's global object, just like GetCsp()
1058
* is for non-navigation requests.
1059
*
1060
* * Iframe-loads:
1061
* For iframe-loads (navigations) GetCSP() will return the CSP of the
1062
* parent document, unless the navigation is started by a WebExtension,
1063
* in which case it will return the CSP of the webextension, if any.
1064
*
1065
* If you need to query the CSP that should potentially be inherited
1066
* into the new document, you have to query GetCSPToInherit().
1067
*
1068
* TODO Bug 1557114:
1069
* After evaluating what CSP to use for frame navigations we should
1070
* update the above documentation to match the outcome of Bug 1557114.
1071
*/
1072
[notxpcom,nostdcall] CSPRef GetCsp();
1073
[notxpcom,nostdcall] CSPRef GetPreloadCsp();
1074
[notxpcom,nostdcall] CSPRef GetCspToInherit();
1075
1076
/**
1077
* The service worker and fetch specifications require returning the
1078
* exact tainting level of the Response passed to FetchEvent.respondWith().
1079
* This method allows us to override the tainting level in that case.
1080
*
1081
* NOTE: This should not be used outside of service worker code! Use
1082
* nsILoadInfo::MaybeIncreaseTainting() instead.
1083
*/
1084
[noscript, nostdcall, notxpcom]
1085
void SynthesizeServiceWorkerTainting(in LoadTainting aTainting);
1086
1087
/**
1088
* The top-level document has been user-interacted.
1089
*/
1090
[infallible] attribute boolean documentHasUserInteracted;
1091
1092
/**
1093
* This attribute represents whether the document to which this
1094
* load belongs had finished loading when the load was initiated.
1095
*/
1096
[infallible] attribute boolean documentHasLoaded;
1097
1098
/**
1099
* A snapshot of the nonce at load start time which is used for CSP
1100
* checks and only set for:
1101
* * TYPE_SCRIPT and
1102
* * TYPE_STYLESHEET
1103
*/
1104
attribute AString cspNonce;
1105
1106
/**
1107
* List of possible reasons the request associated with this load info
1108
* may have been blocked, set by various content blocking checkers.
1109
*/
1110
const uint32_t BLOCKING_REASON_NONE = 0;
1111
const uint32_t BLOCKING_REASON_CORSDISABLED = 1001;
1112
const uint32_t BLOCKING_REASON_CORSDIDNOTSUCCEED = 1002;
1113
const uint32_t BLOCKING_REASON_CORSREQUESTNOTHTTP = 1003;
1114
const uint32_t BLOCKING_REASON_CORSMULTIPLEALLOWORIGINNOTALLOWED = 1004;
1115
const uint32_t BLOCKING_REASON_CORSMISSINGALLOWORIGIN = 1005;
1116
const uint32_t BLOCKING_REASON_CORSNOTSUPPORTINGCREDENTIALS = 1006;
1117
const uint32_t BLOCKING_REASON_CORSALLOWORIGINNOTMATCHINGORIGIN = 1007;
1118
const uint32_t BLOCKING_REASON_CORSMISSINGALLOWCREDENTIALS = 1008;
1119
const uint32_t BLOCKING_REASON_CORSORIGINHEADERNOTADDED = 1009;
1120
const uint32_t BLOCKING_REASON_CORSEXTERNALREDIRECTNOTALLOWED = 1010;
1121
const uint32_t BLOCKING_REASON_CORSPREFLIGHTDIDNOTSUCCEED = 1011;
1122
const uint32_t BLOCKING_REASON_CORSINVALIDALLOWMETHOD = 1012;
1123
const uint32_t BLOCKING_REASON_CORSMETHODNOTFOUND = 1013;
1124
const uint32_t BLOCKING_REASON_CORSINVALIDALLOWHEADER = 1014;
1125
const uint32_t BLOCKING_REASON_CORSMISSINGALLOWHEADERFROMPREFLIGHT = 1015;
1126
const uint32_t BLOCKING_REASON_CLASSIFY_MALWARE_URI = 2001;
1127
const uint32_t BLOCKING_REASON_CLASSIFY_PHISHING_URI = 2002;
1128
const uint32_t BLOCKING_REASON_CLASSIFY_UNWANTED_URI = 2003;
1129
const uint32_t BLOCKING_REASON_CLASSIFY_TRACKING_URI = 2004;
1130
const uint32_t BLOCKING_REASON_CLASSIFY_BLOCKED_URI = 2005;
1131
const uint32_t BLOCKING_REASON_CLASSIFY_HARMFUL_URI = 2006;
1132
const uint32_t BLOCKING_REASON_MIXED_BLOCKED = 3001;
1133
// The general reason comes from nsCSPContext::permitsInternal(),
1134
// which is way too generic to distinguish an exact reason.
1135
const uint32_t BLOCKING_REASON_CONTENT_POLICY_GENERAL = 4000;
1136
const uint32_t BLOCKING_REASON_CONTENT_POLICY_NO_DATA_PROTOCOL = 4001;
1137
const uint32_t BLOCKING_REASON_CONTENT_POLICY_WEBEXT = 4002;
1138
const uint32_t BLOCKING_REASON_CONTENT_POLICY_CONTENT_BLOCKED = 4003;
1139
const uint32_t BLOCKING_REASON_CONTENT_POLICY_DATA_DOCUMENT = 4004;
1140
const uint32_t BLOCKING_REASON_CONTENT_POLICY_WEB_BROWSER = 4005;
1141
const uint32_t BLOCKING_REASON_CONTENT_POLICY_PRELOAD = 4006;
1142
1143
/**
1144
* If the request associated with this load info was blocked by some of
1145
* our content or load blockers, the reason can be found here.
1146
* Note that setting this attribute has NO EFFECT on blocking the request.
1147
* This attribute is only informative!
1148
*
1149
* By default the value is '0' - NONE.
1150
* Each write rewrites the last value.
1151
* Can be accessed only on a single thread.
1152
*/
1153
[infallible] attribute unsigned long requestBlockingReason;
1154
1155
/**
1156
* The object in charged to receive CSP violation events. It can be null.
1157
* This attribute will be merged into the CSP object eventually.
1158
* See bug 1500908.
1159
*/
1160
attribute nsICSPEventListener cspEventListener;
1161
1162
/**
1163
* This attribute will be true if this is a load triggered by
1166
*/
1167
[infallible] readonly attribute boolean isFromProcessingFrameAttributes;
1168
1169
cenum CrossOriginOpenerPolicy : 8 {
1170
OPENER_POLICY_NULL = 0,
1171
OPENER_POLICY_SAME_ORIGIN = 1,
1172
OPENER_POLICY_SAME_SITE = 2,
1173
OPENER_POLICY_UNSAFE_ALLOW_OUTGOING_FLAG = 0x80,
1174
OPENER_POLICY_SAME_ORIGIN_ALLOW_OUTGOING = OPENER_POLICY_SAME_ORIGIN | OPENER_POLICY_UNSAFE_ALLOW_OUTGOING_FLAG,
1175
OPENER_POLICY_SAME_SITE_ALLOW_OUTGOING = OPENER_POLICY_SAME_SITE | OPENER_POLICY_UNSAFE_ALLOW_OUTGOING_FLAG
1176
};
1177
1178
cenum CrossOriginPolicy : 8 {
1179
CROSS_ORIGIN_POLICY_NULL = 0,
1180
CROSS_ORIGIN_POLICY_ANONYMOUS = 1,
1181
CROSS_ORIGIN_POLICY_USE_CREDENTIALS = 2
1182
};
1183
};