2014-07-10 10:56:36 +04:00
|
|
|
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
|
|
* vim: ft=cpp tw=78 sw=2 et ts=2 sts=2 cin
|
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
#include "nsISupports.idl"
|
2014-07-17 00:16:12 +04:00
|
|
|
#include "nsIContentPolicy.idl"
|
2014-07-10 10:56:36 +04:00
|
|
|
|
2014-07-17 00:16:12 +04:00
|
|
|
interface nsIDOMDocument;
|
|
|
|
interface nsINode;
|
2014-07-10 10:56:36 +04:00
|
|
|
interface nsIPrincipal;
|
2014-07-17 00:16:12 +04:00
|
|
|
|
2015-07-20 05:11:03 +03:00
|
|
|
%{C++
|
|
|
|
#include "nsTArray.h"
|
2015-10-22 00:47:00 +03:00
|
|
|
#include "mozilla/BasePrincipal.h"
|
2015-10-22 21:07:32 +03:00
|
|
|
#include "mozilla/LoadTainting.h"
|
2015-12-07 02:33:14 +03:00
|
|
|
|
|
|
|
class nsCString;
|
2015-07-20 05:11:03 +03:00
|
|
|
%}
|
|
|
|
|
|
|
|
[ref] native const_nsIPrincipalArray(const nsTArray<nsCOMPtr<nsIPrincipal>>);
|
2015-11-03 04:50:54 +03:00
|
|
|
native NeckoOriginAttributes(mozilla::NeckoOriginAttributes);
|
|
|
|
[ref] native const_OriginAttributesRef(const mozilla::NeckoOriginAttributes);
|
2015-12-07 02:33:14 +03:00
|
|
|
[ref] native StringArrayRef(const nsTArray<nsCString>);
|
2015-07-20 05:11:03 +03:00
|
|
|
|
2014-07-17 00:16:12 +04:00
|
|
|
typedef unsigned long nsSecurityFlags;
|
|
|
|
|
2014-07-10 10:56:36 +04:00
|
|
|
/**
|
2016-09-20 09:34:40 +03:00
|
|
|
* The LoadInfo object contains information about a network load, why it
|
|
|
|
* was started, and how we plan on using the resulting response.
|
|
|
|
* If a network request is redirected, the new channel will receive a new
|
|
|
|
* LoadInfo object. The new object will contain mostly the same
|
|
|
|
* information as the pre-redirect one, but updated as appropriate.
|
|
|
|
* For detailed information about what parts of LoadInfo are updated on
|
|
|
|
* redirect, see documentation on individual properties.
|
2014-07-10 10:56:36 +04:00
|
|
|
*/
|
2016-01-14 23:38:15 +03:00
|
|
|
[scriptable, builtinclass, uuid(ddc65bf9-2f60-41ab-b22a-4f1ae9efcd36)]
|
2014-07-10 10:56:36 +04:00
|
|
|
interface nsILoadInfo : nsISupports
|
|
|
|
{
|
|
|
|
/**
|
2016-07-04 11:20:05 +03:00
|
|
|
* *** DEPRECATED ***
|
|
|
|
* No LoadInfo created within Gecko should contain this security flag.
|
|
|
|
* Please use any of the five security flags defined underneath.
|
|
|
|
* We only keep this security flag to provide backwards compatibilty.
|
2014-07-17 00:16:12 +04:00
|
|
|
*/
|
|
|
|
const unsigned long SEC_NORMAL = 0;
|
|
|
|
|
2015-07-20 05:11:57 +03:00
|
|
|
/**
|
|
|
|
* The following five flags determine the security mode and hence what kind of
|
|
|
|
* security checks should be performed throughout the lifetime of the channel.
|
|
|
|
*
|
|
|
|
* * SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS
|
|
|
|
* * SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED
|
|
|
|
* * SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS
|
|
|
|
* * SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL
|
|
|
|
* * SEC_REQUIRE_CORS_DATA_INHERITS
|
|
|
|
*
|
|
|
|
* Exactly one of these flags are required to be set in order to allow
|
|
|
|
* the channel to perform the correct security checks (SOP, CORS, ...) and
|
|
|
|
* return the correct result principal. If none or more than one of these
|
|
|
|
* flags are set AsyncOpen2 will fail.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Enforce the same origin policy where data: loads inherit
|
|
|
|
* the principal.
|
|
|
|
*/
|
|
|
|
const unsigned long SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS = (1<<0);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Enforce the same origin policy but data: loads are blocked.
|
|
|
|
*/
|
|
|
|
const unsigned long SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED = (1<<1);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Allow loads from other origins. Loads from data: will inherit
|
|
|
|
* the principal of the origin that triggered the load.
|
|
|
|
* Commonly used by plain <img>, <video>, <link rel=stylesheet> etc.
|
|
|
|
*/
|
|
|
|
const unsigned long SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS = (1<<2);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Allow loads from other origins. Loads from data: will be allowed,
|
|
|
|
* but the resulting resource will get a null principal.
|
|
|
|
* Used in blink/webkit for <iframe>s. Likely also the mode
|
|
|
|
* that should be used by most Chrome code.
|
|
|
|
*/
|
|
|
|
const unsigned long SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL = (1<<3);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Allow loads from any origin, but require CORS for cross-origin
|
|
|
|
* loads. Loads from data: are allowed and the result will inherit
|
|
|
|
* the principal of the origin that triggered the load.
|
|
|
|
* Commonly used by <img crossorigin>, <video crossorigin>,
|
|
|
|
* XHR, fetch(), etc.
|
|
|
|
*/
|
|
|
|
const unsigned long SEC_REQUIRE_CORS_DATA_INHERITS = (1<<4);
|
|
|
|
|
|
|
|
/**
|
2015-12-07 02:33:15 +03:00
|
|
|
* Choose cookie policy. The default policy is equivalent to "INCLUDE" for
|
|
|
|
* SEC_REQUIRE_SAME_ORIGIN_* and SEC_ALLOW_CROSS_ORIGIN_* modes, and
|
|
|
|
* equivalent to "SAME_ORIGIN" for SEC_REQUIRE_CORS_DATA_INHERITS mode.
|
|
|
|
*
|
|
|
|
* This means that if you want to perform a CORS load with credentials, pass
|
|
|
|
* SEC_COOKIES_INCLUDE.
|
|
|
|
*
|
|
|
|
* Note that these flags are still subject to the user's cookie policies.
|
|
|
|
* For example, if the user is blocking 3rd party cookies, those cookies
|
|
|
|
* will be blocked no matter which of these flags are set.
|
2015-07-20 05:11:57 +03:00
|
|
|
*/
|
2015-12-07 02:33:15 +03:00
|
|
|
const unsigned long SEC_COOKIES_DEFAULT = (0 << 5);
|
|
|
|
const unsigned long SEC_COOKIES_INCLUDE = (1 << 5);
|
|
|
|
const unsigned long SEC_COOKIES_SAME_ORIGIN = (2 << 5);
|
|
|
|
const unsigned long SEC_COOKIES_OMIT = (3 << 5);
|
2015-07-20 05:11:57 +03:00
|
|
|
|
2014-07-17 00:16:12 +04:00
|
|
|
/**
|
|
|
|
* Force inheriting of the Principal. The resulting resource will use the
|
|
|
|
* principal of the document which is doing the load. Setting this flag
|
|
|
|
* will cause GetChannelResultPrincipal to return the same principal as
|
|
|
|
* the loading principal that's passed in when creating the channel.
|
|
|
|
*
|
|
|
|
* This will happen independently of the scheme of the URI that the
|
|
|
|
* channel is loading.
|
|
|
|
*
|
|
|
|
* So if the loading document comes from "http://a.com/", and the channel
|
|
|
|
* is loading the URI "http://b.com/whatever", GetChannelResultPrincipal
|
|
|
|
* will return a principal from "http://a.com/".
|
|
|
|
*
|
2016-04-28 13:13:09 +03:00
|
|
|
* This flag can not be used together with SEC_SANDBOXED. If both are passed
|
|
|
|
* to the LoadInfo constructor then this flag will be dropped. If you need
|
|
|
|
* to know whether this flag would have been present but was dropped due to
|
2016-07-18 09:35:13 +03:00
|
|
|
* sandboxing, check for the forceInheritPrincipalDropped flag.
|
2014-07-17 00:16:12 +04:00
|
|
|
*/
|
2015-12-07 02:33:15 +03:00
|
|
|
const unsigned long SEC_FORCE_INHERIT_PRINCIPAL = (1<<7);
|
2014-07-17 00:16:12 +04:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Sandbox the load. The resulting resource will use a freshly created
|
|
|
|
* null principal. So GetChannelResultPrincipal will always return a
|
|
|
|
* null principal whenever this flag is set.
|
|
|
|
*
|
|
|
|
* This will happen independently of the scheme of the URI that the
|
|
|
|
* channel is loading.
|
|
|
|
*
|
|
|
|
* This flag can not be used together with SEC_FORCE_INHERIT_PRINCIPAL.
|
|
|
|
*/
|
2015-12-07 02:33:15 +03:00
|
|
|
const unsigned long SEC_SANDBOXED = (1<<8);
|
2015-07-20 05:11:57 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Inherit the Principal for about:blank.
|
|
|
|
*/
|
2015-12-07 02:33:15 +03:00
|
|
|
const unsigned long SEC_ABOUT_BLANK_INHERITS = (1<<9);
|
2014-07-17 00:16:12 +04:00
|
|
|
|
2015-09-15 04:59:35 +03:00
|
|
|
/**
|
2015-11-20 21:55:54 +03:00
|
|
|
* Allow access to chrome: packages that are content accessible.
|
2015-09-15 04:59:35 +03:00
|
|
|
*/
|
2015-12-07 02:33:15 +03:00
|
|
|
const unsigned long SEC_ALLOW_CHROME = (1<<10);
|
2015-09-15 04:59:35 +03:00
|
|
|
|
2016-05-24 00:57:31 +03:00
|
|
|
/**
|
|
|
|
* Disallow access to javascript: uris.
|
|
|
|
*/
|
|
|
|
const unsigned long SEC_DISALLOW_SCRIPT = (1<<11);
|
|
|
|
|
2015-11-24 05:47:10 +03:00
|
|
|
/**
|
|
|
|
* Don't follow redirects. Instead the redirect response is returned
|
|
|
|
* as a successful response for the channel.
|
|
|
|
*
|
|
|
|
* Redirects not initiated by a server response, i.e. REDIRECT_INTERNAL and
|
|
|
|
* REDIRECT_STS_UPGRADE, are still followed.
|
|
|
|
*
|
|
|
|
* Note: If this flag is set and the channel response is a redirect, then
|
|
|
|
* the response body might not be available.
|
|
|
|
* This can happen if the redirect was cached.
|
|
|
|
*/
|
2016-05-24 00:57:31 +03:00
|
|
|
const unsigned long SEC_DONT_FOLLOW_REDIRECTS = (1<<12);
|
2015-11-24 05:47:10 +03:00
|
|
|
|
2016-04-13 11:22:49 +03:00
|
|
|
/**
|
|
|
|
* Force private browsing. Setting this flag the private browsing can be
|
|
|
|
* enforce even when a loading is not happening in the context of a document.
|
|
|
|
*
|
|
|
|
* If the flag is true, even if a document context is present,
|
|
|
|
* GetUsePrivateBrowsing will always return true.
|
|
|
|
*/
|
2016-05-24 00:57:31 +03:00
|
|
|
const unsigned long SEC_FORCE_PRIVATE_BROWSING = (1<<13);
|
2016-04-13 11:22:49 +03:00
|
|
|
|
2016-08-16 04:47:14 +03:00
|
|
|
/**
|
|
|
|
* Load an error page, it should be one of following : about:neterror,
|
|
|
|
* about:certerror, about:blocked, or about:tabcrashed.
|
|
|
|
*/
|
|
|
|
const unsigned long SEC_LOAD_ERROR_PAGE = (1<<14);
|
|
|
|
|
2014-07-17 00:16:12 +04:00
|
|
|
/**
|
2016-09-20 09:34:40 +03:00
|
|
|
* This is the principal of the network request's caller/requester where
|
|
|
|
* the resulting resource will be used. I.e. it is the principal which
|
|
|
|
* will get access to the result of the request. (Where "get access to"
|
|
|
|
* might simply mean "embed" depending on the type of resource that is
|
|
|
|
* loaded).
|
2014-07-17 00:16:12 +04:00
|
|
|
*
|
2016-09-20 09:34:40 +03:00
|
|
|
* For example for an image, it is the principal of the document where
|
|
|
|
* the image is rendered. For a stylesheet it is the principal of the
|
|
|
|
* document where the stylesheet will be applied.
|
|
|
|
*
|
|
|
|
* So if document at http://a.com/page.html loads an image from
|
|
|
|
* http://b.com/pic.jpg, then loadingPrincipal will be
|
|
|
|
* http://a.com/page.html.
|
|
|
|
*
|
|
|
|
* For <iframe> and <frame> loads, the LoadingPrincipal is the
|
|
|
|
* principal of the parent document. For top-level loads, the
|
|
|
|
* LoadingPrincipal is null. For all loads except top-level loads
|
|
|
|
* the LoadingPrincipal is never null.
|
2014-07-10 10:56:36 +04:00
|
|
|
*/
|
|
|
|
readonly attribute nsIPrincipal loadingPrincipal;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* A C++-friendly version of loadingPrincipal.
|
|
|
|
*/
|
|
|
|
[noscript, notxpcom, nostdcall, binaryname(LoadingPrincipal)]
|
|
|
|
nsIPrincipal binaryLoadingPrincipal();
|
|
|
|
|
2014-11-14 19:55:59 +03:00
|
|
|
/**
|
2016-09-20 09:34:40 +03:00
|
|
|
* This is the principal which caused the network load to start. I.e.
|
|
|
|
* this is the principal which provided the URL to be loaded. This is
|
|
|
|
* often the same as the LoadingPrincipal, but there are a few cases
|
|
|
|
* where that's not true.
|
|
|
|
*
|
|
|
|
* For example for loads into an <iframe>, the LoadingPrincipal is always
|
|
|
|
* the principal of the parent document. However the TriggeringPrincipal
|
|
|
|
* is the principal of the document which provided the URL that the
|
|
|
|
* <iframe> is navigating to. This could be the previous document inside
|
|
|
|
* the <iframe> which set document.location. Or a document elsewhere in
|
|
|
|
* the frame tree which contained a <a target="..."> which targetted the
|
|
|
|
* <iframe>.
|
2014-11-14 19:55:59 +03:00
|
|
|
*
|
2016-09-20 09:34:40 +03:00
|
|
|
* If a stylesheet links to a sub-resource, like an @imported stylesheet,
|
|
|
|
* or a background image, then the TriggeringPrincipal is the principal
|
|
|
|
* of the stylesheet, while the LoadingPrincipal is the principal of the
|
|
|
|
* document being styled.
|
|
|
|
*
|
|
|
|
* The TriggeringPrincipal is never null.
|
2014-11-14 19:55:59 +03:00
|
|
|
*/
|
|
|
|
readonly attribute nsIPrincipal triggeringPrincipal;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* A C++-friendly version of triggeringPrincipal.
|
|
|
|
*/
|
|
|
|
[noscript, notxpcom, nostdcall, binaryname(TriggeringPrincipal)]
|
|
|
|
nsIPrincipal binaryTriggeringPrincipal();
|
2014-07-17 00:16:12 +04:00
|
|
|
|
2016-09-20 09:35:45 +03:00
|
|
|
/**
|
|
|
|
* The principalToInherit is the principal that is used when the inherit flag
|
|
|
|
* is set. For loads that are not TYPE_DOCUMENT or TYPE_SUBDOCUMENT that
|
|
|
|
* principal is always identical to the triggeringPrincipal.
|
|
|
|
*/
|
|
|
|
attribute nsIPrincipal principalToInherit;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* A C++-friendly version of principalToInherit.
|
|
|
|
*/
|
|
|
|
[noscript, notxpcom, nostdcall, binaryname(PrincipalToInherit)]
|
|
|
|
nsIPrincipal binaryPrincipalToInherit();
|
|
|
|
|
2014-07-17 00:16:12 +04:00
|
|
|
/**
|
2016-09-20 09:34:40 +03:00
|
|
|
* This is the ownerDocument of the LoadingNode. Unless the LoadingNode
|
|
|
|
* is a Document, in which case the LoadingDocument is the same as the
|
|
|
|
* LoadingNode.
|
2014-07-17 00:16:12 +04:00
|
|
|
*
|
2016-09-20 09:34:40 +03:00
|
|
|
* For top-level loads, and for loads originating from workers, the
|
|
|
|
* LoadingDocument is null. When the LoadingDocument is not null, the
|
|
|
|
* LoadingPrincipal is set to the principal of the LoadingDocument.
|
2014-07-17 00:16:12 +04:00
|
|
|
*/
|
|
|
|
readonly attribute nsIDOMDocument loadingDocument;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* A C++-friendly version of loadingDocument (loadingNode).
|
2016-09-20 09:34:40 +03:00
|
|
|
* This is the Node where the resulting resource will be used. I.e. it is
|
|
|
|
* the Node which will get access to the result of the request. (Where
|
|
|
|
* "get access to" might simply mean "embed" depending on the type of
|
|
|
|
* resource that is loaded).
|
|
|
|
*
|
|
|
|
* For example for an <img>/<video> it is the image/video element. For
|
|
|
|
* document loads inside <iframe> and <frame>s, the LoadingNode is the
|
|
|
|
* <iframe>/<frame> element. For an XMLHttpRequest, it is the Document
|
|
|
|
* which contained the JS which initiated the XHR. For a stylesheet, it
|
|
|
|
* is the Document that contains <link rel=stylesheet>.
|
|
|
|
*
|
|
|
|
* For loads triggered by the HTML pre-parser, the LoadingNode is the
|
|
|
|
* Document which is currently being parsed.
|
|
|
|
*
|
|
|
|
* For top-level loads, and for loads originating from workers, the
|
|
|
|
* LoadingNode is null. If the LoadingNode is non-null, then the
|
|
|
|
* LoadingPrincipal is the principal of the LoadingNode.
|
2014-07-17 00:16:12 +04:00
|
|
|
*/
|
|
|
|
[noscript, notxpcom, nostdcall, binaryname(LoadingNode)]
|
|
|
|
nsINode binaryLoadingNode();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The securityFlags of that channel.
|
|
|
|
*/
|
|
|
|
readonly attribute nsSecurityFlags securityFlags;
|
|
|
|
|
|
|
|
%{ C++
|
|
|
|
inline nsSecurityFlags GetSecurityFlags()
|
|
|
|
{
|
|
|
|
nsSecurityFlags result;
|
|
|
|
mozilla::DebugOnly<nsresult> rv = GetSecurityFlags(&result);
|
|
|
|
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
%}
|
|
|
|
|
2015-07-20 05:11:57 +03:00
|
|
|
/**
|
|
|
|
* Allows to query only the security mode bits from above.
|
|
|
|
*/
|
|
|
|
[infallible] readonly attribute unsigned long securityMode;
|
|
|
|
|
2015-12-01 00:25:29 +03:00
|
|
|
/**
|
|
|
|
* True if this request is embedded in a context that can't be third-party
|
|
|
|
* (i.e. an iframe embedded in a cross-origin parent window). If this is
|
|
|
|
* false, then this request may be third-party if it's a third-party to
|
|
|
|
* loadingPrincipal.
|
|
|
|
*/
|
|
|
|
[infallible] readonly attribute boolean isInThirdPartyContext;
|
|
|
|
|
2015-07-20 05:11:57 +03:00
|
|
|
/**
|
2015-12-07 02:33:15 +03:00
|
|
|
* See the SEC_COOKIES_* flags above. This attribute will never return
|
|
|
|
* SEC_COOKIES_DEFAULT, but will instead return what the policy resolves to.
|
|
|
|
* I.e. SEC_COOKIES_SAME_ORIGIN for CORS mode, and SEC_COOKIES_INCLUDE
|
|
|
|
* otherwise.
|
2015-07-20 05:11:57 +03:00
|
|
|
*/
|
2015-12-07 02:33:15 +03:00
|
|
|
[infallible] readonly attribute unsigned long cookiePolicy;
|
2015-07-20 05:11:57 +03:00
|
|
|
|
2014-07-10 10:56:36 +04:00
|
|
|
/**
|
|
|
|
* If forceInheritPrincipal is true, the data coming from the channel should
|
|
|
|
* use loadingPrincipal for its principal, even when the data is loaded over
|
|
|
|
* http:// or another protocol that would normally use a URI-based principal.
|
|
|
|
* This attribute will never be true when loadingSandboxed is true.
|
|
|
|
*/
|
|
|
|
[infallible] readonly attribute boolean forceInheritPrincipal;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* If loadingSandboxed is true, the data coming from the channel is
|
|
|
|
* being loaded sandboxed, so it should have a nonce origin and
|
|
|
|
* hence should use a NullPrincipal.
|
|
|
|
*/
|
|
|
|
[infallible] readonly attribute boolean loadingSandboxed;
|
2014-07-17 00:16:12 +04:00
|
|
|
|
2015-07-20 05:11:57 +03:00
|
|
|
/**
|
|
|
|
* If aboutBlankInherits is true, then about:blank should inherit
|
|
|
|
* the principal.
|
|
|
|
*/
|
|
|
|
[infallible] readonly attribute boolean aboutBlankInherits;
|
|
|
|
|
2016-04-13 11:22:49 +03:00
|
|
|
/**
|
|
|
|
* If usePrivateBrowsing is true, private browsing will be used.
|
2016-08-04 09:05:38 +03:00
|
|
|
* This value equals to originAttributes.privateBrowsingId in *content*
|
|
|
|
* side.
|
2016-04-13 11:22:49 +03:00
|
|
|
*/
|
|
|
|
[infallible] readonly attribute boolean usePrivateBrowsing;
|
|
|
|
|
2015-09-15 04:59:35 +03:00
|
|
|
/**
|
|
|
|
* If allowChrome is true, then use nsIScriptSecurityManager::ALLOW_CHROME
|
|
|
|
* when calling CheckLoadURIWithPrincipal().
|
|
|
|
*/
|
|
|
|
[infallible] readonly attribute boolean allowChrome;
|
|
|
|
|
2016-05-24 00:57:31 +03:00
|
|
|
/**
|
|
|
|
* If disallowScript is true, then use nsIScriptSecurityManager::DISALLOW_SCRIPT
|
|
|
|
* when calling CheckLoadURIWithPrincipal().
|
|
|
|
*/
|
|
|
|
[infallible] readonly attribute boolean disallowScript;
|
|
|
|
|
2015-11-24 05:47:10 +03:00
|
|
|
/**
|
|
|
|
* Returns true if SEC_DONT_FOLLOW_REDIRECTS is set.
|
|
|
|
*/
|
|
|
|
[infallible] readonly attribute boolean dontFollowRedirects;
|
|
|
|
|
2016-08-16 04:47:14 +03:00
|
|
|
/**
|
|
|
|
* Returns true if SEC_LOAD_ERROR_PAGE is set.
|
|
|
|
*/
|
|
|
|
[infallible] readonly attribute boolean loadErrorPage;
|
|
|
|
|
2014-07-17 00:16:12 +04:00
|
|
|
/**
|
2015-06-17 07:18:16 +03:00
|
|
|
* The external contentPolicyType of the channel, used for security checks
|
2014-07-17 00:16:12 +04:00
|
|
|
* like Mixed Content Blocking and Content Security Policy.
|
2015-06-17 07:18:16 +03:00
|
|
|
*
|
|
|
|
* Specifically, content policy types with _INTERNAL_ in their name will
|
|
|
|
* never get returned from this attribute.
|
2014-07-17 00:16:12 +04:00
|
|
|
*/
|
2015-10-19 21:14:54 +03:00
|
|
|
readonly attribute nsContentPolicyType externalContentPolicyType;
|
2014-07-17 00:16:12 +04:00
|
|
|
|
|
|
|
%{ C++
|
2015-10-19 21:14:54 +03:00
|
|
|
inline nsContentPolicyType GetExternalContentPolicyType()
|
2014-07-17 00:16:12 +04:00
|
|
|
{
|
|
|
|
nsContentPolicyType result;
|
2015-10-19 21:14:54 +03:00
|
|
|
mozilla::DebugOnly<nsresult> rv = GetExternalContentPolicyType(&result);
|
2014-07-17 00:16:12 +04:00
|
|
|
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
%}
|
|
|
|
|
2015-06-17 07:18:16 +03:00
|
|
|
/**
|
|
|
|
* The internal contentPolicyType of the channel, used for constructing
|
|
|
|
* RequestContext values when creating a fetch event for an intercepted
|
|
|
|
* channel.
|
|
|
|
*
|
|
|
|
* This should not be used for the purposes of security checks, since
|
|
|
|
* the content policy implementations cannot be expected to deal with
|
|
|
|
* _INTERNAL_ values. Please use the contentPolicyType attribute above
|
|
|
|
* for that purpose.
|
|
|
|
*/
|
|
|
|
[noscript, notxpcom]
|
|
|
|
nsContentPolicyType internalContentPolicyType();
|
|
|
|
|
2015-07-10 23:57:55 +03:00
|
|
|
/**
|
|
|
|
* Returns true if document or any of the documents ancestors
|
|
|
|
* up to the toplevel document make use of the CSP directive
|
|
|
|
* 'upgrade-insecure-requests'. Used to identify upgrade
|
|
|
|
* requests in e10s where the loadingDocument is not available.
|
|
|
|
*
|
|
|
|
* Warning: If the loadingDocument is null, then the
|
|
|
|
* upgradeInsecureRequests is false.
|
|
|
|
*/
|
2015-11-03 18:51:24 +03:00
|
|
|
[infallible] readonly attribute boolean upgradeInsecureRequests;
|
2015-07-10 23:57:55 +03:00
|
|
|
|
2016-03-14 13:56:52 +03:00
|
|
|
/**
|
|
|
|
* If true, the content of the channel is queued up and checked
|
|
|
|
* if it matches a content signature. Note, setting this flag
|
|
|
|
* to true will negatively impact performance since the preloader
|
|
|
|
* can not start until all of the content is fetched from the
|
|
|
|
* netwerk.
|
|
|
|
*
|
|
|
|
* Only use that in combination with TYPE_DOCUMENT.
|
|
|
|
*/
|
|
|
|
[infallible] attribute boolean verifySignedContent;
|
|
|
|
|
2016-03-16 06:13:26 +03:00
|
|
|
/**
|
|
|
|
* If true, this load will fail if it has no SRI integrity
|
|
|
|
*/
|
|
|
|
[infallible] attribute boolean enforceSRI;
|
|
|
|
|
2016-07-18 09:35:13 +03:00
|
|
|
/**
|
|
|
|
* The SEC_FORCE_INHERIT_PRINCIPAL flag may be dropped when a load info
|
|
|
|
* object is created. Specifically, it will be dropped if the SEC_SANDBOXED
|
|
|
|
* flag is also present. This flag is set if SEC_FORCE_INHERIT_PRINCIPAL was
|
|
|
|
* dropped.
|
|
|
|
*/
|
|
|
|
[infallible] readonly attribute boolean forceInheritPrincipalDropped;
|
|
|
|
|
2015-01-08 02:51:20 +03:00
|
|
|
/**
|
2016-06-27 03:42:00 +03:00
|
|
|
* These are the window IDs of the window in which the element being
|
|
|
|
* loaded lives. parentOuterWindowID is the window ID of this window's
|
|
|
|
* parent.
|
2015-01-08 02:51:20 +03:00
|
|
|
*
|
2015-05-08 22:52:49 +03:00
|
|
|
* Note that these window IDs can be 0 if the window is not
|
|
|
|
* available. parentOuterWindowID will be the same as outerWindowID if the
|
|
|
|
* window has no parent.
|
2015-01-08 02:51:20 +03:00
|
|
|
*/
|
2015-11-03 18:51:24 +03:00
|
|
|
[infallible] readonly attribute unsigned long long innerWindowID;
|
|
|
|
[infallible] readonly attribute unsigned long long outerWindowID;
|
|
|
|
[infallible] readonly attribute unsigned long long parentOuterWindowID;
|
2015-07-20 05:11:03 +03:00
|
|
|
|
2016-06-27 03:42:00 +03:00
|
|
|
/**
|
|
|
|
* Only when the element being loaded is <frame src="foo.html">
|
|
|
|
* (or, more generally, if the element QIs to nsIFrameLoaderOwner),
|
|
|
|
* the frameOuterWindowID is the outer window containing the
|
|
|
|
* foo.html document.
|
|
|
|
*
|
|
|
|
* Note: For other cases, frameOuterWindowID is 0.
|
|
|
|
*/
|
|
|
|
[infallible] readonly attribute unsigned long long frameOuterWindowID;
|
|
|
|
|
2015-10-22 00:47:00 +03:00
|
|
|
/**
|
2015-11-03 04:50:54 +03:00
|
|
|
* Customized NeckoOriginAttributes within LoadInfo to allow overwriting of the
|
2015-10-22 00:47:00 +03:00
|
|
|
* default originAttributes from the loadingPrincipal.
|
2016-08-04 09:05:38 +03:00
|
|
|
*
|
|
|
|
* In chrome side, originAttributes.privateBrowsingId will always be 0 even if
|
|
|
|
* the usePrivateBrowsing is true, because chrome docshell won't set
|
|
|
|
* privateBrowsingId on origin attributes (See bug 1278664). This is to make
|
|
|
|
* sure nsILoadInfo and nsILoadContext have the same origin attributes.
|
2015-10-22 00:47:00 +03:00
|
|
|
*/
|
|
|
|
[implicit_jscontext, binaryname(ScriptableOriginAttributes)]
|
|
|
|
attribute jsval originAttributes;
|
|
|
|
|
|
|
|
[noscript, nostdcall, binaryname(GetOriginAttributes)]
|
2015-11-03 04:50:54 +03:00
|
|
|
NeckoOriginAttributes binaryGetOriginAttributes();
|
2015-10-22 00:47:00 +03:00
|
|
|
|
|
|
|
[noscript, nostdcall, binaryname(SetOriginAttributes)]
|
|
|
|
void binarySetOriginAttributes(in const_OriginAttributesRef aOriginAttrs);
|
|
|
|
|
|
|
|
%{ C++
|
2015-11-03 04:50:54 +03:00
|
|
|
inline mozilla::NeckoOriginAttributes GetOriginAttributes()
|
2015-10-22 00:47:00 +03:00
|
|
|
{
|
2015-11-03 04:50:54 +03:00
|
|
|
mozilla::NeckoOriginAttributes result;
|
2015-10-22 00:47:00 +03:00
|
|
|
mozilla::DebugOnly<nsresult> rv = GetOriginAttributes(&result);
|
|
|
|
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
%}
|
|
|
|
|
2015-07-20 05:11:57 +03:00
|
|
|
/**
|
|
|
|
* Whenever a channel is openend by asyncOpen2() [or also open2()],
|
|
|
|
* lets set this flag so that redirects of such channels are also
|
|
|
|
* openend using asyncOpen2() [open2()].
|
|
|
|
*
|
|
|
|
* Please note, once the flag is set to true it must remain true
|
|
|
|
* throughout the lifetime of the channel. Trying to set it
|
|
|
|
* to anything else than true will be discareded.
|
|
|
|
*
|
|
|
|
*/
|
2015-11-03 18:51:24 +03:00
|
|
|
[infallible] attribute boolean enforceSecurity;
|
2015-07-20 05:11:57 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Whenever a channel is evaluated by the ContentSecurityManager
|
|
|
|
* the first time, we set this flag to true to indicate that
|
|
|
|
* subsequent calls of AsyncOpen2() do not have to enforce all
|
|
|
|
* security checks again. E.g., after a redirect there is no
|
|
|
|
* need to set up CORS again. We need this separate flag
|
|
|
|
* because the redirectChain might also contain internal
|
|
|
|
* redirects which might pollute the redirectChain so we can't
|
|
|
|
* rely on the size of the redirectChain-array to query whether
|
|
|
|
* a channel got redirected or not.
|
|
|
|
*
|
|
|
|
* Please note, once the flag is set to true it must remain true
|
|
|
|
* throughout the lifetime of the channel. Trying to set it
|
2015-11-03 18:51:24 +03:00
|
|
|
* to anything else than true will be discarded.
|
2015-07-20 05:11:57 +03:00
|
|
|
*
|
|
|
|
*/
|
2015-11-03 18:51:24 +03:00
|
|
|
[infallible] attribute boolean initialSecurityCheckDone;
|
2015-07-20 05:11:57 +03:00
|
|
|
|
2015-07-20 05:11:03 +03:00
|
|
|
/**
|
|
|
|
* Whenever a channel gets redirected, append the principal of the
|
|
|
|
* channel [before the channels got redirected] to the loadinfo,
|
|
|
|
* so that at every point this array lets us reason about all the
|
|
|
|
* redirects this channel went through.
|
2015-11-01 01:18:59 +03:00
|
|
|
* @param aPrincipal, the channelURIPrincipal before the channel
|
|
|
|
* got redirected.
|
|
|
|
* @param aIsInternalRedirect should be true if the channel is going
|
|
|
|
* through an internal redirect, otherwise false.
|
2015-07-20 05:11:03 +03:00
|
|
|
*/
|
2015-11-01 01:18:59 +03:00
|
|
|
void appendRedirectedPrincipal(in nsIPrincipal principal,
|
|
|
|
in boolean isInternalRedirect);
|
2015-07-20 05:11:03 +03:00
|
|
|
|
|
|
|
/**
|
2015-11-01 01:18:59 +03:00
|
|
|
* An array of nsIPrincipals which stores redirects associated with this
|
2015-07-20 05:11:03 +03:00
|
|
|
* channel. This array is filled whether or not the channel has ever been
|
|
|
|
* opened. The last element of the array is associated with the most recent
|
2015-11-01 01:18:59 +03:00
|
|
|
* redirect. Please note, that this array *includes* internal redirects.
|
|
|
|
*/
|
|
|
|
[implicit_jscontext]
|
|
|
|
readonly attribute jsval redirectChainIncludingInternalRedirects;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* A C++-friendly version of redirectChain.
|
|
|
|
* Please note that this array has the same lifetime as the
|
|
|
|
* loadInfo object - use with caution!
|
|
|
|
*/
|
|
|
|
[noscript, notxpcom, nostdcall, binaryname(RedirectChainIncludingInternalRedirects)]
|
|
|
|
const_nsIPrincipalArray binaryRedirectChainIncludingInternalRedirects();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Same as RedirectChain but does *not* include internal redirects.
|
2015-07-20 05:11:03 +03:00
|
|
|
*/
|
|
|
|
[implicit_jscontext]
|
|
|
|
readonly attribute jsval redirectChain;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* A C++-friendly version of redirectChain.
|
|
|
|
* Please note that this array has the same lifetime as the
|
|
|
|
* loadInfo object - use with caution!
|
|
|
|
*/
|
|
|
|
[noscript, notxpcom, nostdcall, binaryname(RedirectChain)]
|
|
|
|
const_nsIPrincipalArray binaryRedirectChain();
|
2015-10-22 21:07:32 +03:00
|
|
|
|
2015-12-07 02:33:14 +03:00
|
|
|
/**
|
|
|
|
* Sets the list of unsafe headers according to CORS spec, as well as
|
|
|
|
* potentially forces a preflight.
|
|
|
|
* Note that you do not need to set the Content-Type header. That will be
|
|
|
|
* automatically detected as needed.
|
|
|
|
*
|
|
|
|
* Only call this function when using the SEC_REQUIRE_CORS_DATA_INHERITS mode.
|
|
|
|
*/
|
|
|
|
[noscript, notxpcom, nostdcall]
|
|
|
|
void setCorsPreflightInfo(in StringArrayRef unsafeHeaders,
|
|
|
|
in boolean forcePreflight);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* A C++-friendly getter for the list of cors-unsafe headers.
|
|
|
|
* Please note that this array has the same lifetime as the
|
|
|
|
* loadInfo object - use with caution!
|
|
|
|
*/
|
|
|
|
[noscript, notxpcom, nostdcall, binaryname(CorsUnsafeHeaders)]
|
|
|
|
StringArrayRef corsUnsafeHeaders();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns value set through setCorsPreflightInfo.
|
|
|
|
*/
|
|
|
|
[infallible] readonly attribute boolean forcePreflight;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* A C++ friendly getter for the forcePreflight flag.
|
|
|
|
*/
|
|
|
|
[infallible] readonly attribute boolean isPreflight;
|
|
|
|
|
2015-10-22 21:07:32 +03:00
|
|
|
/**
|
|
|
|
* Constants reflecting the channel tainting. These are mainly defined here
|
|
|
|
* for script. Internal C++ code should use the enum defined in LoadTainting.h.
|
|
|
|
* See LoadTainting.h for documentation.
|
|
|
|
*/
|
|
|
|
const unsigned long TAINTING_BASIC = 0;
|
|
|
|
const unsigned long TAINTING_CORS = 1;
|
|
|
|
const unsigned long TAINTING_OPAQUE = 2;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Determine the associated channel's current tainting. Note, this can
|
|
|
|
* change due to a service worker intercept, so it should be checked after
|
|
|
|
* OnStartRequest() fires.
|
|
|
|
*/
|
|
|
|
readonly attribute unsigned long tainting;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Note a new tainting level and possibly increase the current tainting
|
|
|
|
* to match. If the tainting level is already greater than the given
|
|
|
|
* value, then there is no effect. It is not possible to reduce the tainting
|
|
|
|
* level on an existing channel/loadinfo.
|
|
|
|
*/
|
|
|
|
void maybeIncreaseTainting(in unsigned long aTainting);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Various helper code to provide more convenient C++ access to the tainting
|
|
|
|
* attribute and maybeIncreaseTainting().
|
|
|
|
*/
|
|
|
|
%{C++
|
|
|
|
static_assert(TAINTING_BASIC == static_cast<uint32_t>(mozilla::LoadTainting::Basic),
|
|
|
|
"basic tainting enums should match");
|
|
|
|
static_assert(TAINTING_CORS == static_cast<uint32_t>(mozilla::LoadTainting::CORS),
|
|
|
|
"cors tainting enums should match");
|
|
|
|
static_assert(TAINTING_OPAQUE == static_cast<uint32_t>(mozilla::LoadTainting::Opaque),
|
|
|
|
"opaque tainting enums should match");
|
|
|
|
|
|
|
|
mozilla::LoadTainting GetTainting()
|
|
|
|
{
|
|
|
|
uint32_t tainting = TAINTING_BASIC;
|
2016-03-28 20:28:15 +03:00
|
|
|
MOZ_ALWAYS_SUCCEEDS(GetTainting(&tainting));
|
2015-10-22 21:07:32 +03:00
|
|
|
return static_cast<mozilla::LoadTainting>(tainting);
|
|
|
|
}
|
|
|
|
|
|
|
|
void MaybeIncreaseTainting(mozilla::LoadTainting aTainting)
|
|
|
|
{
|
|
|
|
uint32_t tainting = static_cast<uint32_t>(aTainting);
|
2016-03-28 20:28:15 +03:00
|
|
|
MOZ_ALWAYS_SUCCEEDS(MaybeIncreaseTainting(tainting));
|
2015-10-22 21:07:32 +03:00
|
|
|
}
|
|
|
|
%}
|
2016-08-22 04:46:09 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns true if this load is for top level document.
|
|
|
|
* Note that the load for a sub-frame's document will return false here.
|
|
|
|
*/
|
|
|
|
[infallible] readonly attribute boolean isTopLevelLoad;
|
2014-07-10 10:56:36 +04:00
|
|
|
};
|