Source code

Revision control

Other Tools

1
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2
* vim: ft=cpp tw=78 sw=2 et ts=2 sts=2 cin
3
* This Source Code Form is subject to the terms of the Mozilla Public
4
* License, v. 2.0. If a copy of the MPL was not distributed with this
5
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7
#include "nsISupports.idl"
8
#include "nsIContentPolicy.idl"
9
#include "nsIScriptSecurityManager.idl"
10
11
interface nsIChannel;
12
interface nsIContentSecurityPolicy;
13
interface nsICookieSettings;
14
interface nsICSPEventListener;
15
interface nsINode;
16
interface nsIPrincipal;
17
interface nsIRedirectHistoryEntry;
18
interface nsIURI;
19
webidl Document;
20
webidl BrowsingContext;
21
native LoadContextRef(already_AddRefed<nsISupports>);
22
%{C++
23
#include "nsTArray.h"
24
#include "mozilla/BasePrincipal.h"
25
#include "mozilla/LoadTainting.h"
26
#include "mozilla/UniquePtr.h"
27
#include "nsStringFwd.h"
28
29
namespace mozilla {
30
namespace dom {
31
class ClientInfo;
32
class ClientSource;
33
class PerformanceStorage;
34
class ServiceWorkerDescriptor;
35
} // namespace dom
36
} // namespace mozilla
37
%}
38
39
[ref] native nsIRedirectHistoryEntryArray(const nsTArray<nsCOMPtr<nsIRedirectHistoryEntry>>);
40
native OriginAttributes(mozilla::OriginAttributes);
41
[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
42
[ref] native CStringArrayRef(const nsTArray<nsCString>);
43
[ref] native StringArrayRef(const nsTArray<nsString>);
44
[ref] native Uint64ArrayRef(const nsTArray<uint64_t>);
45
[ref] native PrincipalArrayRef(const nsTArray<nsCOMPtr<nsIPrincipal>>);
46
[ref] native const_ClientInfoRef(const mozilla::dom::ClientInfo);
47
native UniqueClientSource(mozilla::UniquePtr<mozilla::dom::ClientSource>);
48
native UniqueClientSourceMove(mozilla::UniquePtr<mozilla::dom::ClientSource>&&);
49
[ref] native const_MaybeClientInfoRef(const mozilla::Maybe<mozilla::dom::ClientInfo>);
50
[ref] native const_ServiceWorkerDescriptorRef(const mozilla::dom::ServiceWorkerDescriptor);
51
[ref] native const_MaybeServiceWorkerDescriptorRef(const mozilla::Maybe<mozilla::dom::ServiceWorkerDescriptor>);
52
[ptr] native PerformanceStoragePtr(mozilla::dom::PerformanceStorage);
53
native LoadTainting(mozilla::LoadTainting);
54
native CSPRef(already_AddRefed<nsIContentSecurityPolicy>);
55
56
typedef unsigned long nsSecurityFlags;
57
58
/**
59
* The LoadInfo object contains information about a network load, why it
60
* was started, and how we plan on using the resulting response.
61
* If a network request is redirected, the new channel will receive a new
62
* LoadInfo object. The new object will contain mostly the same
63
* information as the pre-redirect one, but updated as appropriate.
64
* For detailed information about what parts of LoadInfo are updated on
65
* redirect, see documentation on individual properties.
66
*/
67
[scriptable, builtinclass, uuid(ddc65bf9-2f60-41ab-b22a-4f1ae9efcd36)]
68
interface nsILoadInfo : nsISupports
69
{
70
/**
71
* The following five flags determine the security mode and hence what kind of
72
* security checks should be performed throughout the lifetime of the channel.
73
*
74
* * SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS
75
* * SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED
76
* * SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS
77
* * SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL
78
* * SEC_REQUIRE_CORS_DATA_INHERITS
79
*
80
* Exactly one of these flags are required to be set in order to allow
81
* the channel to perform the correct security checks (SOP, CORS, ...) and
82
* return the correct result principal. If none or more than one of these
83
* flags are set AsyncOpen will fail.
84
*/
85
86
/**
87
* Warning: Never use this flag when creating a new channel!
88
* Only use this flag if you have to create a temporary LoadInfo
89
* for performing an explicit nsIContentPolicy check, like e.g.
90
* when loading something from the cache that needs an explicit
91
* nsIContentPolicy check. In all other cases pick one of the
92
* security flags underneath.
93
*/
94
const unsigned long SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK = 0;
95
96
/*
97
* Enforce the same origin policy where data: loads inherit the principal.
98
* See the documentation for principalToInherit, which describes exactly what
99
* principal is inherited.
100
*/
101
const unsigned long SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS = (1<<0);
102
103
/*
104
* Enforce the same origin policy but data: loads are blocked.
105
*/
106
const unsigned long SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED = (1<<1);
107
108
/**
109
* Allow loads from other origins. Loads from data: will inherit the
110
* principal. See the documentation for principalToInherit, which describes
111
* exactly what principal is inherited.
112
*
113
* Commonly used by plain <img>, <video>, <link rel=stylesheet> etc.
114
*/
115
const unsigned long SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS = (1<<2);
116
117
/**
118
* Allow loads from other origins. Loads from data: will be allowed,
119
* but the resulting resource will get a null principal.
120
* Used in blink/webkit for <iframe>s. Likely also the mode
121
* that should be used by most Chrome code.
122
*/
123
const unsigned long SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL = (1<<3);
124
125
/**
126
* Allow loads from any origin, but require CORS for cross-origin loads.
127
* Loads from data: are allowed and the result will inherit the principal.
128
* See the documentation for principalToInherit, which describes exactly what
129
* principal is inherited.
130
*
131
* Commonly used by <img crossorigin>, <video crossorigin>,
132
* XHR, fetch(), etc.
133
*/
134
const unsigned long SEC_REQUIRE_CORS_DATA_INHERITS = (1<<4);
135
136
/**
137
* Choose cookie policy. The default policy is equivalent to "INCLUDE" for
138
* SEC_REQUIRE_SAME_ORIGIN_* and SEC_ALLOW_CROSS_ORIGIN_* modes, and
139
* equivalent to "SAME_ORIGIN" for SEC_REQUIRE_CORS_DATA_INHERITS mode.
140
*
141
* This means that if you want to perform a CORS load with credentials, pass
142
* SEC_COOKIES_INCLUDE.
143
*
144
* Note that these flags are still subject to the user's cookie policies.
145
* For example, if the user is blocking 3rd party cookies, those cookies
146
* will be blocked no matter which of these flags are set.
147
*/
148
const unsigned long SEC_COOKIES_DEFAULT = (0 << 5);
149
const unsigned long SEC_COOKIES_INCLUDE = (1 << 5);
150
const unsigned long SEC_COOKIES_SAME_ORIGIN = (2 << 5);
151
const unsigned long SEC_COOKIES_OMIT = (3 << 5);
152
153
/**
154
* Force inheriting of the principal. See the documentation for
155
* principalToInherit, which describes exactly what principal is inherited.
156
*
157
* Setting this flag will cause GetChannelResultPrincipal to return the
158
* principal to be inherited as the channel principal.
159
*
160
* This will happen independently of the scheme of the URI that the
161
* channel is loading.
162
*
163
* So if the principal that gets inherited is "http://a.com/", and the channel
164
* is loading the URI "http://b.com/whatever", GetChannelResultPrincipal
165
* will return a principal from "http://a.com/".
166
*
167
* This flag can not be used together with SEC_SANDBOXED. If both are passed
168
* to the LoadInfo constructor then this flag will be dropped. If you need
169
* to know whether this flag would have been present but was dropped due to
170
* sandboxing, check for the forceInheritPrincipalDropped flag.
171
*/
172
const unsigned long SEC_FORCE_INHERIT_PRINCIPAL = (1<<7);
173
174
/**
175
* Sandbox the load. The resulting resource will use a freshly created
176
* null principal. So GetChannelResultPrincipal will always return a
177
* null principal whenever this flag is set.
178
*
179
* This will happen independently of the scheme of the URI that the
180
* channel is loading.
181
*
182
* This flag can not be used together with SEC_FORCE_INHERIT_PRINCIPAL.
183
*/
184
const unsigned long SEC_SANDBOXED = (1<<8);
185
186
/**
187
* Inherit the Principal for about:blank.
188
*/
189
const unsigned long SEC_ABOUT_BLANK_INHERITS = (1<<9);
190
191
/**
192
* Allow access to chrome: packages that are content accessible.
193
*/
194
const unsigned long SEC_ALLOW_CHROME = (1<<10);
195
196
/**
197
* Disallow access to javascript: uris.
198
*/
199
const unsigned long SEC_DISALLOW_SCRIPT = (1<<11);
200
201
/**
202
* Don't follow redirects. Instead the redirect response is returned
203
* as a successful response for the channel.
204
*
205
* Redirects not initiated by a server response, i.e. REDIRECT_INTERNAL and
206
* REDIRECT_STS_UPGRADE, are still followed.
207
*
208
* Note: If this flag is set and the channel response is a redirect, then
209
* the response body might not be available.
210
* This can happen if the redirect was cached.
211
*/
212
const unsigned long SEC_DONT_FOLLOW_REDIRECTS = (1<<12);
213
214
/**
215
* Load an error page, it should be one of following : about:neterror,
216
* about:certerror, about:blocked, about:tabcrashed or about:restartrequired.
217
*/
218
const unsigned long SEC_LOAD_ERROR_PAGE = (1<<13);
219
220
/**
221
* Force inheriting of the principal, overruling any owner that might be set
222
* on the channel. (Please note that channel.owner is deprecated and will be
223
* removed within Bug 1286838). See the documentation for principalToInherit,
224
* which describes exactly what principal is inherited.
225
*
226
* Setting this flag will cause GetChannelResultPrincipal to return the
227
* principal to be inherited as the channel principal.
228
*
229
* This will happen independently of the scheme of the URI that the
230
* channel is loading.
231
*/
232
const unsigned long SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER = (1<<14);
233
234
/**
235
* This is the principal of the network request's caller/requester where
236
* the resulting resource will be used. I.e. it is the principal which
237
* will get access to the result of the request. (Where "get access to"
238
* might simply mean "embed" depending on the type of resource that is
239
* loaded).
240
*
241
* For example for an image, it is the principal of the document where
242
* the image is rendered. For a stylesheet it is the principal of the
243
* document where the stylesheet will be applied.
244
*
245
* So if document at http://a.com/page.html loads an image from
246
* http://b.com/pic.jpg, then loadingPrincipal will be
248
*
249
* For <iframe> and <frame> loads, the LoadingPrincipal is the
250
* principal of the parent document. For top-level loads, the
251
* LoadingPrincipal is null. For all loads except top-level loads
252
* the LoadingPrincipal is never null.
253
*
254
* If the loadingPrincipal is the system principal, no security checks
255
* will be done at all. There will be no security checks on the initial
256
* load or any subsequent redirects. This means there will be no
257
* nsIContentPolicy checks or any CheckLoadURI checks. Because of
258
* this, never set the loadingPrincipal to the system principal when
259
* the URI to be loaded is controlled by a webpage.
260
* If the loadingPrincipal and triggeringPrincipal are both
261
* content principals, then we will always call into
262
* nsIContentPolicies and CheckLoadURI. The call to nsIContentPolicies
263
* and CheckLoadURI happen even if the URI to be loaded is same-origin
264
* with the loadingPrincipal or triggeringPrincipal.
265
*/
266
readonly attribute nsIPrincipal loadingPrincipal;
267
268
/**
269
* A C++-friendly version of loadingPrincipal.
270
*/
271
[noscript, notxpcom, nostdcall, binaryname(LoadingPrincipal)]
272
nsIPrincipal binaryLoadingPrincipal();
273
274
/**
275
* This is the principal which caused the network load to start. I.e.
276
* this is the principal which provided the URL to be loaded. This is
277
* often the same as the LoadingPrincipal, but there are a few cases
278
* where that's not true.
279
*
280
* For example for loads into an <iframe>, the LoadingPrincipal is always
281
* the principal of the parent document. However the triggeringPrincipal
282
* is the principal of the document which provided the URL that the
283
* <iframe> is navigating to. This could be the previous document inside
284
* the <iframe> which set document.location. Or a document elsewhere in
285
* the frame tree which contained a <a target="..."> which targetted the
286
* <iframe>.
287
*
288
* If a stylesheet links to a sub-resource, like an @imported stylesheet,
289
* or a background image, then the triggeringPrincipal is the principal
290
* of the stylesheet, while the LoadingPrincipal is the principal of the
291
* document being styled.
292
*
293
* The triggeringPrincipal is never null.
294
*
295
* If the triggeringPrincipal is the system principal, no security checks
296
* will be done at all. There will be no security checks on the initial
297
* load or any subsequent redirects. This means there will be no
298
* nsIContentPolicy checks or any CheckLoadURI checks. Because of
299
* this, never set the triggeringPrincipal to the system principal when
300
* the URI to be loaded is controlled by a webpage.
301
* If the loadingPrincipal and triggeringPrincipal are both
302
* content principals, then we will always call into
303
* nsIContentPolicies and CheckLoadURI. The call to nsIContentPolicies
304
* and CheckLoadURI happen even if the URI to be loaded is same-origin
305
* with the loadingPrincipal or triggeringPrincipal.
306
*/
307
readonly attribute nsIPrincipal triggeringPrincipal;
308
309
/**
310
* A C++-friendly version of triggeringPrincipal.
311
*/
312
[noscript, notxpcom, nostdcall, binaryname(TriggeringPrincipal)]
313
nsIPrincipal binaryTriggeringPrincipal();
314
315
/**
316
* For non-document loads the principalToInherit is always null. For
317
* loads of type TYPE_DOCUMENT or TYPE_SUBDOCUMENT the principalToInherit
318
* might be null. If it's non null, then this is the principal that is
319
* inherited if a principal needs to be inherited. If the principalToInherit
320
* is null but the inherit flag is set, then the triggeringPrincipal is
321
* the principal that is inherited.
322
*/
323
attribute nsIPrincipal principalToInherit;
324
325
/**
326
* A C++-friendly version of principalToInherit.
327
*/
328
[noscript, notxpcom, nostdcall, binaryname(PrincipalToInherit)]
329
nsIPrincipal binaryPrincipalToInherit();
330
331
/**
332
* Finds the correct principal to inherit for the given channel, based on
333
* the values of PrincipalToInherit and TriggeringPrincipal.
334
*/
335
[noscript, notxpcom, nostdcall]
336
nsIPrincipal FindPrincipalToInherit(in nsIChannel aChannel);
337
338
/**
339
* This is the ownerDocument of the LoadingNode. Unless the LoadingNode
340
* is a Document, in which case the LoadingDocument is the same as the
341
* LoadingNode.
342
*
343
* For top-level loads, and for loads originating from workers, the
344
* LoadingDocument is null. When the LoadingDocument is not null, the
345
* LoadingPrincipal is set to the principal of the LoadingDocument.
346
*/
347
readonly attribute Document loadingDocument;
348
349
/**
350
* A C++-friendly version of loadingDocument (loadingNode).
351
* This is the Node where the resulting resource will be used. I.e. it is
352
* the Node which will get access to the result of the request. (Where
353
* "get access to" might simply mean "embed" depending on the type of
354
* resource that is loaded).
355
*
356
* For example for an <img>/<video> it is the image/video element. For
357
* document loads inside <iframe> and <frame>s, the LoadingNode is the
358
* <iframe>/<frame> element. For an XMLHttpRequest, it is the Document
359
* which contained the JS which initiated the XHR. For a stylesheet, it
360
* is the Document that contains <link rel=stylesheet>.
361
*
362
* For loads triggered by the HTML pre-parser, the LoadingNode is the
363
* Document which is currently being parsed.
364
*
365
* For top-level loads, and for loads originating from workers, the
366
* LoadingNode is null. If the LoadingNode is non-null, then the
367
* LoadingPrincipal is the principal of the LoadingNode.
368
*/
369
[noscript, notxpcom, nostdcall, binaryname(LoadingNode)]
370
nsINode binaryLoadingNode();
371
372
/**
373
* A C++ friendly version of the loadingContext for toplevel loads.
374
* Most likely you want to query the ownerDocument or LoadingNode
375
* and not this context only available for TYPE_DOCUMENT loads.
376
* Please note that except for loads of TYPE_DOCUMENT, this
377
* ContextForTopLevelLoad will always return null.
378
*/
379
[noscript, notxpcom, nostdcall, binaryname(ContextForTopLevelLoad)]
380
LoadContextRef binaryContextForTopLevelLoad();
381
382
/**
383
* For all loads except loads of TYPE_DOCUMENT, the loadingContext
384
* simply returns the loadingNode. For loads of TYPE_DOCUMENT this
385
* will return the context available for top-level loads which
386
* do not have a loadingNode.
387
*/
388
[binaryname(LoadingContextXPCOM)]
389
readonly attribute nsISupports loadingContext;
390
391
/**
392
* A C++ friendly version of the loadingContext.
393
*/
394
[noscript, notxpcom, nostdcall, binaryname(GetLoadingContext)]
395
LoadContextRef binaryGetLoadingContext();
396
397
/**
398
* The securityFlags of that channel.
399
*/
400
readonly attribute nsSecurityFlags securityFlags;
401
402
%{C++
403
inline nsSecurityFlags GetSecurityFlags()
404
{
405
nsSecurityFlags result;
406
mozilla::DebugOnly<nsresult> rv = GetSecurityFlags(&result);
407
MOZ_ASSERT(NS_SUCCEEDED(rv));
408
return result;
409
}
410
%}
411
412
/**
413
* Allows to query only the security mode bits from above.
414
*/
415
[infallible] readonly attribute unsigned long securityMode;
416
417
418
/**
419
* This flag is used for any browsing context where we should not sniff
420
* the content type. E.g if an iframe has the XCTO nosniff header, then
421
* that flag is set to true so we skip content sniffing for that browsing
422
* context.
423
*/
424
[infallible] attribute boolean skipContentSniffing;
425
426
/**
427
* True if this request is embedded in a context that can't be third-party
428
* (i.e. an iframe embedded in a cross-origin parent window). If this is
429
* false, then this request may be third-party if it's a third-party to
430
* loadingPrincipal.
431
*/
432
[infallible] readonly attribute boolean isInThirdPartyContext;
433
434
/**
435
* See the SEC_COOKIES_* flags above. This attribute will never return
436
* SEC_COOKIES_DEFAULT, but will instead return what the policy resolves to.
437
* I.e. SEC_COOKIES_SAME_ORIGIN for CORS mode, and SEC_COOKIES_INCLUDE
438
* otherwise.
439
*/
440
[infallible] readonly attribute unsigned long cookiePolicy;
441
442
/**
443
* The cookie settings inherited from the top-level document's loadInfo.
444
* It cannot be null.
445
*/
446
attribute nsICookieSettings cookieSettings;
447
448
/**
449
* If forceInheritPrincipal is true, the data coming from the channel should
450
* inherit its principal, even when the data is loaded over http:// or another
451
* protocol that would normally use a URI-based principal.
452
*
453
* See the documentation for principalToInherit, which describes exactly what
454
* principal is inherited.
455
*
456
* This attribute will never be true when loadingSandboxed is true.
457
*/
458
[infallible] readonly attribute boolean forceInheritPrincipal;
459
460
/**
461
* If forceInheritPrincipalOverruleOwner is true, the data coming from the
462
* channel should inherit the principal, even when the data is loaded over
463
* http:// or another protocol that would normally use a URI-based principal
464
* and even if the channel's .owner is not null. This last is the difference
465
* between forceInheritPrincipalOverruleOwner and forceInheritPrincipal: the
466
* latter does _not_ overrule the .owner setting.
467
*
468
* See the documentation for principalToInherit, which describes exactly what
469
* principal is inherited.
470
*/
471
[infallible] readonly attribute boolean forceInheritPrincipalOverruleOwner;
472
473
/**
474
* If loadingSandboxed is true, the data coming from the channel is
475
* being loaded sandboxed, so it should have a nonce origin and
476
* hence should use a NullPrincipal.
477
*/
478
[infallible] readonly attribute boolean loadingSandboxed;
479
480
/**
481
* If aboutBlankInherits is true, then about:blank should inherit
482
* the principal.
483
*/
484
[infallible] readonly attribute boolean aboutBlankInherits;
485
486
/**
487
* If allowChrome is true, then use nsIScriptSecurityManager::ALLOW_CHROME
488
* when calling CheckLoadURIWithPrincipal().
489
*/
490
[infallible] readonly attribute boolean allowChrome;
491
492
/**
493
* If disallowScript is true, then use nsIScriptSecurityManager::DISALLOW_SCRIPT
494
* when calling CheckLoadURIWithPrincipal().
495
*/
496
[infallible] readonly attribute boolean disallowScript;
497
498
%{C++
499
uint32_t CheckLoadURIFlags() {
500
uint32_t flags = nsIScriptSecurityManager::STANDARD;
501
if (GetAllowChrome()) {
502
flags |= nsIScriptSecurityManager::ALLOW_CHROME;
503
}
504
if (GetDisallowScript()) {
505
flags |= nsIScriptSecurityManager::DISALLOW_SCRIPT;
506
}
507
return flags;
508
}
509
%}
510
511
/**
512
* Returns true if SEC_DONT_FOLLOW_REDIRECTS is set.
513
*/
514
[infallible] readonly attribute boolean dontFollowRedirects;
515
516
/**
517
* Returns true if SEC_LOAD_ERROR_PAGE is set.
518
*/
519
[infallible] readonly attribute boolean loadErrorPage;
520
521
/**
522
* Returns true if this is a non-subresource request that was triggered
523
* by docshell with the LOAD_CMD_RELOAD flag set. Note, this is more
524
* specific than looking at the load flags which indicate whether to
525
* bypass the http cache. The load flags can be set for other reasons,
526
* so they can't be used to infer this value.
527
*/
528
[infallible] attribute boolean isDocshellReload;
529
530
/**
531
* True if the load was initiated by a form request.
532
* This is important to know to handle the CSP directive navigate-to.
533
*/
534
[infallible] attribute boolean isFormSubmission;
535
536
/**
537
* The external contentPolicyType of the channel, used for security checks
538
* like Mixed Content Blocking and Content Security Policy.
539
*
540
* Specifically, content policy types with _INTERNAL_ in their name will
541
* never get returned from this attribute.
542
*/
543
readonly attribute nsContentPolicyType externalContentPolicyType;
544
545
/**
546
* CSP uses this parameter to send or not CSP violation events.
547
* Default value: true.
548
*/
549
[infallible] attribute boolean sendCSPViolationEvents;
550
551
%{ C++
552
inline nsContentPolicyType GetExternalContentPolicyType()
553
{
554
nsContentPolicyType result;
555
mozilla::DebugOnly<nsresult> rv = GetExternalContentPolicyType(&result);
556
MOZ_ASSERT(NS_SUCCEEDED(rv));
557
return result;
558
}
559
%}
560
561
/**
562
* The internal contentPolicyType of the channel, used for constructing
563
* RequestContext values when creating a fetch event for an intercepted
564
* channel.
565
*
566
* This should not be used for the purposes of security checks, since
567
* the content policy implementations cannot be expected to deal with
568
* _INTERNAL_ values. Please use the contentPolicyType attribute above
569
* for that purpose.
570
*/
571
[noscript, notxpcom]
572
nsContentPolicyType internalContentPolicyType();
573
574
/**
575
* Returns true if document or any of the documents ancestors
576
* up to the toplevel document make use of the CSP directive
577
* 'block-all-mixed-content'.
578
*
579
* Warning: If the loadingDocument is null, then the
580
* blockAllMixedContent is false.
581
*/
582
[infallible] readonly attribute boolean blockAllMixedContent;
583
584
/**
585
* Returns true if document or any of the documents ancestors
586
* up to the toplevel document make use of the CSP directive
587
* 'upgrade-insecure-requests'.
588
*
589
* Warning: If the loadingDocument is null, then the
590
* upgradeInsecureRequests is false.
591
*/
592
[infallible] readonly attribute boolean upgradeInsecureRequests;
593
594
/**
595
* Returns true if the the page is https and the content is upgradable from http
596
* requires 'security.mixed_content.upgrade_display_content' pref to be true.
597
* Currently this only upgrades display content but might be expanded to other loads.
598
* This is very similar in implementation to upgradeInsecureRequests but browser set.
599
*/
600
[infallible] readonly attribute boolean browserUpgradeInsecureRequests;
601
602
/**
603
* Returns true if the the page is https and the content is upgradable from http
604
* requires 'security.mixed_content.upgrade_display_content' pref to be false.
605
* See browserUpgradeInsecureRequests for more details, this only happens
606
* when *not* upgrading purely for telemetry.
607
*/
608
[infallible] readonly attribute boolean browserWouldUpgradeInsecureRequests;
609
610
/**
611
* If true, toplevel data: URI navigation is allowed
612
*/
613
[infallible] attribute boolean forceAllowDataURI;
614
615
/**
616
* If true, insecure redirects to a data: URI are allowed.
617
*/
618
[infallible] attribute boolean allowInsecureRedirectToDataURI;
619
620
/**
621
* If true, CORS checks will be skipped.
622
*/
623
[infallible] attribute boolean bypassCORSChecks;
624
625
/**
626
* If true, the content policy security check is excluded from web requests.
627
*/
628
[infallible] attribute boolean skipContentPolicyCheckForWebRequest;
629
630
/**
631
* If true, this is the load of a frame's original src attribute
632
*/
633
[infallible] attribute boolean originalFrameSrcLoad;
634
635
/**
636
* The SEC_FORCE_INHERIT_PRINCIPAL flag may be dropped when a load info
637
* object is created. Specifically, it will be dropped if the SEC_SANDBOXED
638
* flag is also present. This flag is set if SEC_FORCE_INHERIT_PRINCIPAL was
639
* dropped.
640
*/
641
[infallible] readonly attribute boolean forceInheritPrincipalDropped;
642
643
/**
644
* These are the window IDs of the window in which the element being
645
* loaded lives. parentOuterWindowID is the window ID of this window's
646
* parent. topOuterWindowID is the ID of the top-level window of the same
647
* docShell type.
648
*
649
* Note that these window IDs can be 0 if the window is not
650
* available. parentOuterWindowID and topOuterWindowID will be the same as
651
* outerWindowID if the window has no parent.
652
*/
653
[infallible] readonly attribute unsigned long long innerWindowID;
654
[infallible] readonly attribute unsigned long long outerWindowID;
655
[infallible] readonly attribute unsigned long long parentOuterWindowID;
656
[infallible] readonly attribute unsigned long long topOuterWindowID;
657
658
/**
659
* Only when the element being loaded is <frame src="foo.html">
660
* (or, more generally, if the element QIs to nsFrameLoaderOwner),
661
* the frameOuterWindowID is the outer window containing the
662
* foo.html document.
663
*
664
* Note: For other cases, frameOuterWindowID is 0.
665
*/
666
[infallible] readonly attribute unsigned long long frameOuterWindowID;
667
668
/**
669
* The BrowsingContext performing the load for this nsILoadInfo object.
670
*/
671
[infallible] readonly attribute unsigned long long browsingContextID;
672
readonly attribute BrowsingContext browsingContext;
673
674
/**
675
* Like `frameOuterWindowID`, however returning the BrowsingContextID
676
* instead.
677
*/
678
[infallible] readonly attribute unsigned long long frameBrowsingContextID;
679
readonly attribute BrowsingContext frameBrowsingContext;
680
681
/**
682
* Resets the PrincipalToInherit to a freshly created NullPrincipal
683
* which inherits the origin attributes from the loadInfo.
684
*
685
* WARNING: Please only use that function if you know exactly what
686
* you are doing!!!
687
*/
688
void resetPrincipalToInheritToNullPrincipal();
689
690
/**
691
* Customized OriginAttributes within LoadInfo to allow overwriting of the
692
* default originAttributes from the loadingPrincipal.
693
*
694
* In chrome side, originAttributes.privateBrowsingId will always be 0 even if
695
* the usePrivateBrowsing is true, because chrome docshell won't set
696
* privateBrowsingId on origin attributes (See bug 1278664). This is to make
697
* sure nsILoadInfo and nsILoadContext have the same origin attributes.
698
*/
699
[implicit_jscontext, binaryname(ScriptableOriginAttributes)]
700
attribute jsval originAttributes;
701
702
[noscript, nostdcall, binaryname(GetOriginAttributes)]
703
OriginAttributes binaryGetOriginAttributes();
704
705
[noscript, nostdcall, binaryname(SetOriginAttributes)]
706
void binarySetOriginAttributes(in const_OriginAttributesRef aOriginAttrs);
707
708
%{ C++
709
inline mozilla::OriginAttributes GetOriginAttributes()
710
{
711
mozilla::OriginAttributes result;
712
mozilla::DebugOnly<nsresult> rv = GetOriginAttributes(&result);
713
MOZ_ASSERT(NS_SUCCEEDED(rv));
714
return result;
715
}
716
%}
717
718
/**
719
* Whenever a channel is evaluated by the ContentSecurityManager
720
* the first time, we set this flag to true to indicate that
721
* subsequent calls of AsyncOpen() do not have to enforce all
722
* security checks again. E.g., after a redirect there is no
723
* need to set up CORS again. We need this separate flag
724
* because the redirectChain might also contain internal
725
* redirects which might pollute the redirectChain so we can't
726
* rely on the size of the redirectChain-array to query whether
727
* a channel got redirected or not.
728
*
729
* Please note, once the flag is set to true it must remain true
730
* throughout the lifetime of the channel. Trying to set it
731
* to anything else than true will be discarded.
732
*
733
*/
734
[infallible] attribute boolean initialSecurityCheckDone;
735
736
/**
737
* Returns true if the load was triggered from an external application
738
* (e.g. Thunderbird). Please note that this flag will only ever be true
739
* if the load is of TYPE_DOCUMENT.
740
*/
741
[infallible] attribute boolean loadTriggeredFromExternal;
742
743
/**
744
* True if the tainting has been set by the service worker.
745
*/
746
[noscript, infallible] readonly attribute boolean serviceWorkerTaintingSynthesized;
747
748
/**
749
* Whenever a channel gets redirected, append the redirect history entry of
750
* the channel which contains principal referrer and remote address [before
751
* the channels got redirected] to the loadinfo, so that at every point this
752
* array provides us information about all the redirects this channel went
753
* through.
754
* @param entry, the nsIRedirectHistoryEntry before the channel
755
* got redirected.
756
* @param aIsInternalRedirect should be true if the channel is going
757
* through an internal redirect, otherwise false.
758
*/
759
void appendRedirectHistoryEntry(in nsIRedirectHistoryEntry entry,
760
in boolean isInternalRedirect);
761
762
/**
763
* An array of nsIRedirectHistoryEntry which stores redirects associated
764
* with this channel. This array is filled whether or not the channel has
765
* ever been opened. The last element of the array is associated with the
766
* most recent redirect. Please note, that this array *includes* internal
767
* redirects.
768
*/
769
[implicit_jscontext]
770
readonly attribute jsval redirectChainIncludingInternalRedirects;
771
772
/**
773
* A C++-friendly version of redirectChain.
774
* Please note that this array has the same lifetime as the
775
* loadInfo object - use with caution!
776
*/
777
[noscript, notxpcom, nostdcall, binaryname(RedirectChainIncludingInternalRedirects)]
778
nsIRedirectHistoryEntryArray binaryRedirectChainIncludingInternalRedirects();
779
780
/**
781
* Same as RedirectChain but does *not* include internal redirects.
782
*/
783
[implicit_jscontext]
784
readonly attribute jsval redirectChain;
785
786
/**
787
* A C++-friendly version of redirectChain.
788
* Please note that this array has the same lifetime as the
789
* loadInfo object - use with caution!
790
*/
791
[noscript, notxpcom, nostdcall, binaryname(RedirectChain)]
792
nsIRedirectHistoryEntryArray binaryRedirectChain();
793
794
/**
795
* An array of nsIPrincipals which stores the principals of the parent frames,
796
* not including the frame loading this request. The closest ancestor is at
797
* index zero and the top level ancestor is at the last index.
798
*
799
* The ancestorPrincipals[0] entry for an iframe load will be the principal of
800
* the iframe element's owner document.
801
* The ancestorPrincipals[0] entry for an image loaded in an iframe will be the
802
* principal of the iframe element's owner document.
803
*
804
* See Document::AncestorPrincipals for more information.
805
*
806
* Please note that this array has the same lifetime as the
807
* loadInfo object - use with caution!
808
*/
809
[noscript, notxpcom, nostdcall]
810
PrincipalArrayRef AncestorPrincipals();
811
812
813
/**
814
* An array of outerWindowIDs which correspond to nsILoadInfo::AncestorPrincipals
815
* above. AncestorOuterWindowIDs[0] is the outerWindowID of the frame
816
* associated with the principal at ancestorPrincipals[0], and so forth.
817
*
818
* Please note that this array has the same lifetime as the
819
* loadInfo object - use with caution!
820
*/
821
[noscript, notxpcom, nostdcall]
822
Uint64ArrayRef AncestorOuterWindowIDs();
823
824
/**
825
* Sets the list of unsafe headers according to CORS spec, as well as
826
* potentially forces a preflight.
827
* Note that you do not need to set the Content-Type header. That will be
828
* automatically detected as needed.
829
*
830
* Only call this function when using the SEC_REQUIRE_CORS_DATA_INHERITS mode.
831
*/
832
[noscript, notxpcom, nostdcall]
833
void setCorsPreflightInfo(in CStringArrayRef unsafeHeaders,
834
in boolean forcePreflight);
835
836
/**
837
* A C++-friendly getter for the list of cors-unsafe headers.
838
* Please note that this array has the same lifetime as the
839
* loadInfo object - use with caution!
840
*/
841
[noscript, notxpcom, nostdcall, binaryname(CorsUnsafeHeaders)]
842
CStringArrayRef corsUnsafeHeaders();
843
844
/**
845
* Returns value set through setCorsPreflightInfo.
846
*/
847
[infallible] readonly attribute boolean forcePreflight;
848
849
/**
850
* A C++ friendly getter for the forcePreflight flag.
851
*/
852
[infallible] readonly attribute boolean isPreflight;
853
854
/**
855
* Constants reflecting the channel tainting. These are mainly defined here
856
* for script. Internal C++ code should use the enum defined in LoadTainting.h.
857
* See LoadTainting.h for documentation.
858
*/
859
const unsigned long TAINTING_BASIC = 0;
860
const unsigned long TAINTING_CORS = 1;
861
const unsigned long TAINTING_OPAQUE = 2;
862
863
/**
864
* Determine the associated channel's current tainting. Note, this can
865
* change due to a service worker intercept, so it should be checked after
866
* OnStartRequest() fires.
867
*/
868
readonly attribute unsigned long tainting;
869
870
/**
871
* Note a new tainting level and possibly increase the current tainting
872
* to match. If the tainting level is already greater than the given
873
* value, then there is no effect. It is not possible to reduce the tainting
874
* level on an existing channel/loadinfo.
875
*/
876
void maybeIncreaseTainting(in unsigned long aTainting);
877
878
/**
879
* Various helper code to provide more convenient C++ access to the tainting
880
* attribute and maybeIncreaseTainting().
881
*/
882
%{C++
883
static_assert(TAINTING_BASIC == static_cast<uint32_t>(mozilla::LoadTainting::Basic),
884
"basic tainting enums should match");
885
static_assert(TAINTING_CORS == static_cast<uint32_t>(mozilla::LoadTainting::CORS),
886
"cors tainting enums should match");
887
static_assert(TAINTING_OPAQUE == static_cast<uint32_t>(mozilla::LoadTainting::Opaque),
888
"opaque tainting enums should match");
889
890
mozilla::LoadTainting GetTainting()
891
{
892
uint32_t tainting = TAINTING_BASIC;
893
MOZ_ALWAYS_SUCCEEDS(GetTainting(&tainting));
894
return static_cast<mozilla::LoadTainting>(tainting);
895
}
896
897
void MaybeIncreaseTainting(mozilla::LoadTainting aTainting)
898
{
899
uint32_t tainting = static_cast<uint32_t>(aTainting);
900
MOZ_ALWAYS_SUCCEEDS(MaybeIncreaseTainting(tainting));
901
}
902
%}
903
904
/**
905
* Returns true if this load is for top level document.
906
* Note that the load for a sub-frame's document will return false here.
907
*/
908
[infallible] readonly attribute boolean isTopLevelLoad;
909
910
/**
911
* If this is non-null, this property represents two things: (1) the
912
* URI to be used for the principal if the channel with this loadinfo
913
* gets a principal based on URI and (2) the URI to use for a document
914
* created from the channel with this loadinfo.
915
*/
916
attribute nsIURI resultPrincipalURI;
917
918
/**
919
* Returns the null principal of the resulting resource if the SEC_SANDBOXED
920
* flag is set. Otherwise returns null. This is used by
921
* GetChannelResultPrincipal() to ensure that the same null principal object
922
* is returned every time.
923
*/
924
[notxpcom, nostdcall] readonly attribute nsIPrincipal sandboxedLoadingPrincipal;
925
926
/**
927
* Return the top-level principal, which is the principal of the top-level
928
* window.
929
*/
930
[notxpcom, nostdcall] readonly attribute nsIPrincipal topLevelPrincipal;
931
932
/**
933
* Return the top-level storage area principal, which is the principal of
934
* the top-level window if it's not a 3rd party context, non tracking
935
* resource.
936
*/
937
[notxpcom, nostdcall] readonly attribute nsIPrincipal topLevelStorageAreaPrincipal;
938
939
/**
940
* Note which client (i.e. global) initiated this network request. All
941
* nsGlobalWindow and WorkerPrivate can be converted to a ClientInfo to
942
* be set here. While this is being added to support service worker
943
* FetchEvent, it can also be used to communicate other information about
944
* the source global context in the future.
945
*/
946
[noscript, nostdcall, notxpcom]
947
void SetClientInfo(in const_ClientInfoRef aClientInfo);
948
949
/**
950
* Get the ClientInfo for the global that initiated the network request,
951
* if it has been set.
952
*/
953
[noscript, nostdcall, notxpcom]
954
const_MaybeClientInfoRef GetClientInfo();
955
956
/**
957
* Give a pre-allocated ClientSource to the channel LoadInfo. This is
958
* intended to be used by docshell when loading windows without an
959
* initial about:blank document. The docshell will allocate the ClientSource
960
* to represent the client that will be created as a result of the navigation
961
* network request. If the channel succeeds and remains same-origin, then
962
* the result nsGlobalWindow will take ownership of the reserved ClientSource.
963
*
964
* This method is also called when a cross-origin redirect occurs. A new
965
* ClientSource with a different UUID must be created in this case.
966
*
967
* This method automatically calls SetReservedClientInfo() with the
968
* ClientSource::Info().
969
*/
970
[noscript, nostdcall, notxpcom]
971
void GiveReservedClientSource(in UniqueClientSourceMove aClientSource);
972
973
/**
974
* This method takes ownership of the reserved ClientSource previously
975
* provided in GiveReservedClientSource(). It may return nullptr if the
976
* nsILoadInfo does not own a ClientSource object.
977
*/
978
[noscript, nostdcall, notxpcom]
979
UniqueClientSource TakeReservedClientSource();
980
981
/**
982
* Note the reserved client that be created if this non-subresource
983
* network request succeeds. Depending on the type of client this
984
* may be called directly or indirectly via GiveReservedClientSource().
985
* For example, web workers do not call give their ClientSource to
986
* the nsILoadInfo, but must still call this method to indicate the
987
* reserved client for their main script load.
988
*/
989
[noscript, nostdcall, notxpcom]
990
void SetReservedClientInfo(in const_ClientInfoRef aClientInfo);
991
992
/**
993
* This will clear any existing reserved or initial client and override
994
* it with the given reserved client. This is similar to calling
995
* TakeReservedClientSource() and then GiveReservedClientSource() with
996
* a new client as ClientChannelHelper does. This method is needed,
997
* though, to perform this operation in the parent process where
998
* the LoadInfo does not have direct access to a ClientSource.
999
*
1000
* If in doubt, do not call this method. Its really only needed for
1001
* a specific redirect case where the child has created a new client on
1002
* redirect and we need to override the parent side's reserved client
1003
* to match.
1004
*/
1005
[noscript, nostdcall, notxpcom]
1006
void OverrideReservedClientInfoInParent(in const_ClientInfoRef aClientInfo);
1007
1008
/**
1009
* Return the reserved ClientInfo for this load, if one has been set.
1010
*/
1011
[noscript, nostdcall, notxpcom]
1012
const_MaybeClientInfoRef GetReservedClientInfo();
1013
1014
/**
1015
* Note that this non-subresource network request will result in
1016
* re-using an existing "initial" active client. This mainly only
1017
* happens when an initial about:blank document is replaced with
1018
* a real load in a window. In these cases we need to track this
1019
* initial client so that we may report its existence in a FetchEvent.
1020
*
1021
* Note, an nsILoadInfo may only have a reserved client or an
1022
* initial client. It should never have both.
1023
*/
1024
[noscript, nostdcall, notxpcom]
1025
void SetInitialClientInfo(in const_ClientInfoRef aClientInfo);
1026
1027
/**
1028
* Return the initial ClientInfo for this load, if one has been set.
1029
*/
1030
[noscript, nostdcall, notxpcom]
1031
const_MaybeClientInfoRef GetInitialClientInfo();
1032
1033
/**
1034
* Note that this network request should be controlled by a service worker.
1035
* For non-subresource requests this may be set during the load when
1036
* the first service worker interception occurs. For subresource requests
1037
* it may be set by the source client if its already controlled by a
1038
* service worker.
1039
*/
1040
[noscript, nostdcall, notxpcom]
1041
void SetController(in const_ServiceWorkerDescriptorRef aServiceWorker);
1042
1043
/**
1044
* Clear the service worker controller for this channel. This should only
1045
* be used for window navigation redirects. By default we want to keep
1046
* the controller in all other cases.
1047
*/
1048
[noscript, nostdcall, notxpcom]
1049
void ClearController();
1050
1051
/**
1052
* Get the service worker controlling this network request, if one has
1053
* been set.
1054
*/
1055
[noscript, nostdcall, notxpcom]
1056
const_MaybeServiceWorkerDescriptorRef GetController();
1057
1058
/**
1059
* Set a custom performance storage. This is meant to be executed only for
1060
* workers. If a PerformanceStorage is not set, the loadingDocument->Window
1061
* Performance object will be returned instead.
1062
*/
1063
[noscript, nostdcall, notxpcom]
1064
void SetPerformanceStorage(in PerformanceStoragePtr aPerformanceStorage);
1065
1066
/**
1067
* Get the custom PerformanceStorage if set by SetPerformanceStorage.
1068
* Otherwise the loadingDocument->Window Performance object will be returned
1069
* instead if all the following conditions are met:
1070
* - the triggeringPrincipal is the same as the loadingDocument's principal.
1071
* - if the external content policy type is TYPE_SUBDOCUMENT then loading
1072
* wasn't caused by processing the attributes of the browsing context
1073
* container.
1074
*/
1075
[noscript, nostdcall, notxpcom]
1076
PerformanceStoragePtr GetPerformanceStorage();
1077
1078
/**
1079
* Returns the CSP (or Preload CSP for preloads) which should be enforced
1080
* when fetching the resource this loadinfo belongs to.
1081
*
1082
* a) Non-navigations:
1083
* For non-navigation loads, GetCSP() returns what the spec refers to as the
1084
* "request's client's global object's CSP list". In practice, if this is the
1085
* loadinfo of a subresource load (e.g an image load), then GetCSP() or
1086
* GetPreloadCSP() returns the CSP of the document which embeds the image.
1087
* The returned CSP includes any policy delivered through the HTTP header or
1088
* also through the meta tag (modulo the difference for preloads, e.g. image
1089
* preloads have to query GetPreloadCsp() because at the time of preloading
1090
* we are not entirely sure if the Meta CSP will be applied to the document
1091
* in the end or not). Please note that GetCSPToInherit() called on a
1092
* loadinfo for any non-navigation always returns null.
1093
*
1094
* b) Navigations:
1095
* * Top-level loads:
1096
* For top-level loads (navigations) GetCSP() will return null, unless
1097
* the navigation is started by a WebExtension, in which case it will
1098
* return the CSP of the webextension, if any.
1099
* If you need to query the CSP that potentially should apply to the
1100
* new top-level load, you have to query GetCspToInherit(), which is
1101
* the CSP of the request's client's global object, just like GetCsp()
1102
* is for non-navigation requests.
1103
*
1104
* * Iframe-loads:
1105
* For iframe-loads (navigations) GetCSP() will return the CSP of the
1106
* parent document, unless the navigation is started by a WebExtension,
1107
* in which case it will return the CSP of the webextension, if any.
1108
*
1109
* If you need to query the CSP that should potentially be inherited
1110
* into the new document, you have to query GetCSPToInherit().
1111
*
1112
* TODO Bug 1557114:
1113
* After evaluating what CSP to use for frame navigations we should
1114
* update the above documentation to match the outcome of Bug 1557114.
1115
*/
1116
[notxpcom,nostdcall] CSPRef GetCsp();
1117
[notxpcom,nostdcall] CSPRef GetPreloadCsp();
1118
[notxpcom,nostdcall] CSPRef GetCspToInherit();
1119
1120
/**
1121
* The service worker and fetch specifications require returning the
1122
* exact tainting level of the Response passed to FetchEvent.respondWith().
1123
* This method allows us to override the tainting level in that case.
1124
*
1125
* NOTE: This should not be used outside of service worker code! Use
1126
* nsILoadInfo::MaybeIncreaseTainting() instead.
1127
*/
1128
[noscript, nostdcall, notxpcom]
1129
void SynthesizeServiceWorkerTainting(in LoadTainting aTainting);
1130
1131
/**
1132
* The top-level document has been user-interacted.
1133
*/
1134
[infallible] attribute boolean documentHasUserInteracted;
1135
1136
/**
1137
* This attribute represents whether the document to which this
1138
* load belongs had finished loading when the load was initiated.
1139
*/
1140
[infallible] attribute boolean documentHasLoaded;
1141
1142
/**
1143
* A snapshot of the nonce at load start time which is used for CSP
1144
* checks and only set for:
1145
* * TYPE_SCRIPT and
1146
* * TYPE_STYLESHEET
1147
*/
1148
attribute AString cspNonce;
1149
1150
/**
1151
* List of possible reasons the request associated with this load info
1152
* may have been blocked, set by various content blocking checkers.
1153
*/
1154
const uint32_t BLOCKING_REASON_NONE = 0;
1155
const uint32_t BLOCKING_REASON_CORSDISABLED = 1001;
1156
const uint32_t BLOCKING_REASON_CORSDIDNOTSUCCEED = 1002;
1157
const uint32_t BLOCKING_REASON_CORSREQUESTNOTHTTP = 1003;
1158
const uint32_t BLOCKING_REASON_CORSMULTIPLEALLOWORIGINNOTALLOWED = 1004;
1159
const uint32_t BLOCKING_REASON_CORSMISSINGALLOWORIGIN = 1005;
1160
const uint32_t BLOCKING_REASON_CORSNOTSUPPORTINGCREDENTIALS = 1006;
1161
const uint32_t BLOCKING_REASON_CORSALLOWORIGINNOTMATCHINGORIGIN = 1007;
1162
const uint32_t BLOCKING_REASON_CORSMISSINGALLOWCREDENTIALS = 1008;
1163
const uint32_t BLOCKING_REASON_CORSORIGINHEADERNOTADDED = 1009;
1164
const uint32_t BLOCKING_REASON_CORSEXTERNALREDIRECTNOTALLOWED = 1010;
1165
const uint32_t BLOCKING_REASON_CORSPREFLIGHTDIDNOTSUCCEED = 1011;
1166
const uint32_t BLOCKING_REASON_CORSINVALIDALLOWMETHOD = 1012;
1167
const uint32_t BLOCKING_REASON_CORSMETHODNOTFOUND = 1013;
1168
const uint32_t BLOCKING_REASON_CORSINVALIDALLOWHEADER = 1014;
1169
const uint32_t BLOCKING_REASON_CORSMISSINGALLOWHEADERFROMPREFLIGHT = 1015;
1170
const uint32_t BLOCKING_REASON_CLASSIFY_MALWARE_URI = 2001;
1171
const uint32_t BLOCKING_REASON_CLASSIFY_PHISHING_URI = 2002;
1172
const uint32_t BLOCKING_REASON_CLASSIFY_UNWANTED_URI = 2003;
1173
const uint32_t BLOCKING_REASON_CLASSIFY_TRACKING_URI = 2004;
1174
const uint32_t BLOCKING_REASON_CLASSIFY_BLOCKED_URI = 2005;
1175
const uint32_t BLOCKING_REASON_CLASSIFY_HARMFUL_URI = 2006;
1176
const uint32_t BLOCKING_REASON_CLASSIFY_CRYPTOMINING_URI = 2007;
1177
const uint32_t BLOCKING_REASON_CLASSIFY_FINGERPRINTING_URI = 2008;
1178
const uint32_t BLOCKING_REASON_CLASSIFY_SOCIALTRACKING_URI = 2009;
1179
const uint32_t BLOCKING_REASON_MIXED_BLOCKED = 3001;
1180
// The general reason comes from nsCSPContext::permitsInternal(),
1181
// which is way too generic to distinguish an exact reason.
1182
const uint32_t BLOCKING_REASON_CONTENT_POLICY_GENERAL = 4000;
1183
const uint32_t BLOCKING_REASON_CONTENT_POLICY_NO_DATA_PROTOCOL = 4001;
1184
const uint32_t BLOCKING_REASON_CONTENT_POLICY_WEBEXT = 4002;
1185
const uint32_t BLOCKING_REASON_CONTENT_POLICY_CONTENT_BLOCKED = 4003;
1186
const uint32_t BLOCKING_REASON_CONTENT_POLICY_DATA_DOCUMENT = 4004;
1187
const uint32_t BLOCKING_REASON_CONTENT_POLICY_WEB_BROWSER = 4005;
1188
const uint32_t BLOCKING_REASON_CONTENT_POLICY_PRELOAD = 4006;
1189
1190
/**
1191
* If the request associated with this load info was blocked by some of
1192
* our content or load blockers, the reason can be found here.
1193
* Note that setting this attribute has NO EFFECT on blocking the request.
1194
* This attribute is only informative!
1195
*
1196
* By default the value is '0' - NONE.
1197
* Each write rewrites the last value.
1198
* Can be accessed only on a single thread.
1199
*/
1200
[infallible] attribute unsigned long requestBlockingReason;
1201
1202
/**
1203
* The object in charged to receive CSP violation events. It can be null.
1204
* This attribute will be merged into the CSP object eventually.
1205
* See bug 1500908.
1206
*/
1207
attribute nsICSPEventListener cspEventListener;
1208
1209
/**
1210
* This attribute will be true if this is a load triggered by
1213
*/
1214
[infallible] readonly attribute boolean isFromProcessingFrameAttributes;
1215
1216
cenum CrossOriginOpenerPolicy : 8 {
1217
OPENER_POLICY_NULL = 0,
1218
OPENER_POLICY_SAME_ORIGIN = 1,
1219
OPENER_POLICY_SAME_SITE = 2,
1220
OPENER_POLICY_SAMENESS_MASK = 0x0f,
1221
OPENER_POLICY_EMBEDDER_POLICY_REQUIRE_CORP_FLAG = 0x10,
1222
OPENER_POLICY_UNSAFE_ALLOW_OUTGOING_FLAG = 0x80,
1223
OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP =
1224
OPENER_POLICY_SAME_ORIGIN |
1225
OPENER_POLICY_EMBEDDER_POLICY_REQUIRE_CORP_FLAG,
1226
OPENER_POLICY_SAME_ORIGIN_ALLOW_OUTGOING =
1227
OPENER_POLICY_SAME_ORIGIN | OPENER_POLICY_UNSAFE_ALLOW_OUTGOING_FLAG,
1228
OPENER_POLICY_SAME_SITE_ALLOW_OUTGOING =
1229
OPENER_POLICY_SAME_SITE | OPENER_POLICY_UNSAFE_ALLOW_OUTGOING_FLAG
1230
};
1231
1232
cenum CrossOriginEmbedderPolicy : 8 {
1233
EMBEDDER_POLICY_NULL = 0,
1234
EMBEDDER_POLICY_REQUIRE_CORP = 1,
1235
};
1236
};