gecko-dev/dom/security/nsContentSecurityManager.h

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsContentSecurityManager_h___
#define nsContentSecurityManager_h___

#include "nsIContentSecurityManager.h"
#include "nsIChannel.h"
#include "nsIChannelEventSink.h"

class nsILoadInfo;
class nsIStreamListener;

#define NS_CONTENTSECURITYMANAGER_CONTRACTID \
  "@mozilla.org/contentsecuritymanager;1"
// cdcc1ab8-3cea-4e6c-a294-a651fa35227f
#define NS_CONTENTSECURITYMANAGER_CID                \
  {                                                  \
    0xcdcc1ab8, 0x3cea, 0x4e6c, {                    \
      0xa2, 0x94, 0xa6, 0x51, 0xfa, 0x35, 0x22, 0x7f \
    }                                                \
  }

class nsContentSecurityManager : public nsIContentSecurityManager,
                                 public nsIChannelEventSink {
 public:
  NS_DECL_ISUPPORTS
  NS_DECL_NSICONTENTSECURITYMANAGER
  NS_DECL_NSICHANNELEVENTSINK

  nsContentSecurityManager() = default;

  static nsresult doContentSecurityCheck(
      nsIChannel* aChannel, nsCOMPtr<nsIStreamListener>& aInAndOutListener);

  static bool AllowTopLevelNavigationToDataURI(nsIChannel* aChannel);
  static bool AllowInsecureRedirectToDataURI(nsIChannel* aNewChannel);
  static void MeasureUnexpectedPrivilegedLoads(nsILoadInfo* aLoadInfo,
                                               nsIURI* aFinalURI,
                                               const nsACString& aRemoteType);

 private:
  static nsresult CheckChannel(nsIChannel* aChannel);
  static nsresult CheckFTPSubresourceLoad(nsIChannel* aChannel);
  static nsresult CheckAllowLoadInSystemPrivilegedContext(nsIChannel* aChannel);
  static nsresult CheckChannelHasProtocolSecurityFlag(nsIChannel* aChannel);

  virtual ~nsContentSecurityManager() = default;
};

#endif /* nsContentSecurityManager_h___ */
Bug 1143922 - Add AsyncOpen2 to nsIChannel and perform security checks when opening a channel - securitymanager (r=sicking,tanvi) 2015-07-20 05:12:11 +03:00			`/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */`
			`/* vim: set ts=8 sts=2 et sw=2 tw=80: */`
			`/* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`

			`#ifndef nsContentSecurityManager_h___`
			`#define nsContentSecurityManager_h___`

Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking) --HG-- extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef 2015-09-18 19:27:15 +03:00			`#include "nsIContentSecurityManager.h"`
Bug 1143922 - Add AsyncOpen2 to nsIChannel and perform security checks when opening a channel - securitymanager (r=sicking,tanvi) 2015-07-20 05:12:11 +03:00			`#include "nsIChannel.h"`
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb 2015-12-07 02:33:14 +03:00			`#include "nsIChannelEventSink.h"`
Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking) --HG-- extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef 2015-09-18 19:27:15 +03:00
Bug 1708114 - when doing unexpected systemprincipal loads, record redirected schemes - r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D113763 2021-05-11 11:27:47 +03:00			`class nsILoadInfo;`
Bug 1143922 - Add AsyncOpen2 to nsIChannel and perform security checks when opening a channel - securitymanager (r=sicking,tanvi) 2015-07-20 05:12:11 +03:00			`class nsIStreamListener;`

Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking) --HG-- extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef 2015-09-18 19:27:15 +03:00			`#define NS_CONTENTSECURITYMANAGER_CONTRACTID \`
			`"@mozilla.org/contentsecuritymanager;1"`
			`// cdcc1ab8-3cea-4e6c-a294-a651fa35227f`
			`#define NS_CONTENTSECURITYMANAGER_CID \`
Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format # ignore-this-changeset --HG-- extra : amend_source : 4d301d3b0b8711c4692392aa76088ba7fd7d1022 2018-11-30 13:46:48 +03:00			`{ \`
Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking) --HG-- extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef 2015-09-18 19:27:15 +03:00			`0xcdcc1ab8, 0x3cea, 0x4e6c, { \`
			`0xa2, 0x94, 0xa6, 0x51, 0xfa, 0x35, 0x22, 0x7f \`
			`} \`
			`}`
Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format # ignore-this-changeset --HG-- extra : amend_source : 4d301d3b0b8711c4692392aa76088ba7fd7d1022 2018-11-30 13:46:48 +03:00
Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking) --HG-- extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef 2015-09-18 19:27:15 +03:00			`class nsContentSecurityManager : public nsIContentSecurityManager,`
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb 2015-12-07 02:33:14 +03:00			`public nsIChannelEventSink {`
Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking) --HG-- extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef 2015-09-18 19:27:15 +03:00			`public:`
			`NS_DECL_ISUPPORTS`
			`NS_DECL_NSICONTENTSECURITYMANAGER`
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb 2015-12-07 02:33:14 +03:00			`NS_DECL_NSICHANNELEVENTSINK`
Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking) --HG-- extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef 2015-09-18 19:27:15 +03:00
Bug 1613985 - Use default for equivalent-to-default constructors/destructors in dom/security. r=smaug Depends on D65181 Differential Revision: https://phabricator.services.mozilla.com/D65182 --HG-- extra : moz-landing-system : lando 2020-03-04 01:07:43 +03:00			`nsContentSecurityManager() = default;`
Bug 1143922 - Add AsyncOpen2 to nsIChannel and perform security checks when opening a channel - securitymanager (r=sicking,tanvi) 2015-07-20 05:12:11 +03:00
			`static nsresult doContentSecurityCheck(`
			`nsIChannel* aChannel, nsCOMPtr<nsIStreamListener>& aInAndOutListener);`
Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking) --HG-- extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef 2015-09-18 19:27:15 +03:00
Bug 1403814 - Block toplevel data: URI navigations only if openend in the browser. r=smaug 2017-11-03 15:23:11 +03:00			`static bool AllowTopLevelNavigationToDataURI(nsIChannel* aChannel);`
Bug 1434357: Exempt Web Extensions from insecure redirects to data: URIs. r=kmag,mayhemer 2018-02-18 21:52:52 +03:00			`static bool AllowInsecureRedirectToDataURI(nsIChannel* aNewChannel);`
Bug 1708114 - when doing unexpected systemprincipal loads, record redirected schemes - r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D113763 2021-05-11 11:27:47 +03:00			`static void MeasureUnexpectedPrivilegedLoads(nsILoadInfo* aLoadInfo,`
			`nsIURI* aFinalURI,`
			`const nsACString& aRemoteType);`
Bug 1394554: Block toplevel data: URI navigations after redirect. r=smaug 2017-09-06 10:33:10 +03:00
Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking) --HG-- extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef 2015-09-18 19:27:15 +03:00			`private:`
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb 2015-12-07 02:33:14 +03:00			`static nsresult CheckChannel(nsIChannel* aChannel);`
Bug 1404744 - Check for FTP subresource after applying CSP. r=ckerschb --HG-- extra : rebase_source : 642ba0d40d6b1d2e7ef85fdc52dffa72b5a24f5b extra : histedit_source : 117afa5310977211fd18007e5ed7d2991a8b8837 2018-04-06 01:27:02 +03:00			`static nsresult CheckFTPSubresourceLoad(nsIChannel* aChannel);`
Bug 1607483: Disallow loading http(s) scripts into system privileged contexts. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D58962 --HG-- extra : moz-landing-system : lando 2020-01-17 20:29:47 +03:00			`static nsresult CheckAllowLoadInSystemPrivilegedContext(nsIChannel* aChannel);`
Bug 1188538: Ensure every protocol handler sets a valid security flag. r=bholley,mixedpuppy Differential Revision: https://phabricator.services.mozilla.com/D67496 --HG-- extra : moz-landing-system : lando 2020-03-20 11:25:18 +03:00			`static nsresult CheckChannelHasProtocolSecurityFlag(nsIChannel* aChannel);`
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb 2015-12-07 02:33:14 +03:00
Bug 1613985 - Use default for equivalent-to-default constructors/destructors in dom/security. r=smaug Depends on D65181 Differential Revision: https://phabricator.services.mozilla.com/D65182 --HG-- extra : moz-landing-system : lando 2020-03-04 01:07:43 +03:00			`virtual ~nsContentSecurityManager() = default;`
Bug 1143922 - Add AsyncOpen2 to nsIChannel and perform security checks when opening a channel - securitymanager (r=sicking,tanvi) 2015-07-20 05:12:11 +03:00			`};`

			`#endif /* nsContentSecurityManager_h___ */`