diff options
Diffstat (limited to 'dom/base/nsIContentPolicyBase.idl')
-rw-r--r-- | dom/base/nsIContentPolicyBase.idl | 381 |
1 files changed, 381 insertions, 0 deletions
diff --git a/dom/base/nsIContentPolicyBase.idl b/dom/base/nsIContentPolicyBase.idl new file mode 100644 index 000000000..884e3d96d --- /dev/null +++ b/dom/base/nsIContentPolicyBase.idl @@ -0,0 +1,381 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ft=cpp tw=78 sw=2 et ts=8 : */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIURI; +interface nsIDOMNode; +interface nsIPrincipal; + +/** + * The type of nsIContentPolicy::TYPE_* + */ +typedef unsigned long nsContentPolicyType; + +/** + * Interface for content policy mechanism. Implementations of this + * interface can be used to control loading of various types of out-of-line + * content, or processing of certain types of in-line content. + * + * WARNING: do not block the caller from shouldLoad or shouldProcess (e.g., + * by launching a dialog to prompt the user for something). + */ + +[scriptable,uuid(17418187-d86f-48dd-92d1-238838df0a4e)] +interface nsIContentPolicyBase : nsISupports +{ + /** + * Indicates a unset or bogus policy type. + */ + const nsContentPolicyType TYPE_INVALID = 0; + + /** + * Gecko/Firefox developers: Avoid using TYPE_OTHER. Especially for + * requests that are coming from webpages. Or requests in general which + * you expect that security checks will be done on. + * Always use a more specific type if one is available. And do not hesitate + * to add more types as appropriate. + * But if you are fairly sure that no one would care about your more specific + * type, then it's ok to use TYPE_OTHER. + * + * Extension developers: Whenever it is reasonable, use one of the existing + * content types. If none of the existing content types are right for + * something you are doing, file a bug in the Core/DOM component that + * includes a patch that adds your new content type to the end of the list of + * TYPE_* constants here. But, don't start using your new content type until + * your patch has been accepted, because it will be uncertain what exact + * value and name your new content type will have; in that interim period, + * use TYPE_OTHER. In your patch, document your new content type in the style + * of the existing ones. In the bug you file, provide a more detailed + * description of the new type of content you want Gecko to support, so that + * the existing implementations of nsIContentPolicy can be properly modified + * to deal with that new type of content. + * + * Implementations of nsIContentPolicy should treat this the same way they + * treat unknown types, because existing users of TYPE_OTHER may be converted + * to use new content types. + * + * Note that the TYPE_INTERNAL_* constants are never passed to content + * policy implementations. They are mapped to other TYPE_* constants, and + * are only intended for internal usage inside Gecko. + */ + const nsContentPolicyType TYPE_OTHER = 1; + + /** + * Indicates an executable script (such as JavaScript). + */ + const nsContentPolicyType TYPE_SCRIPT = 2; + + /** + * Indicates an image (e.g., IMG elements). + */ + const nsContentPolicyType TYPE_IMAGE = 3; + + /** + * Indicates a stylesheet (e.g., STYLE elements). + */ + const nsContentPolicyType TYPE_STYLESHEET = 4; + + /** + * Indicates a generic object (plugin-handled content typically falls under + * this category). + */ + const nsContentPolicyType TYPE_OBJECT = 5; + + /** + * Indicates a document at the top-level (i.e., in a browser). + */ + const nsContentPolicyType TYPE_DOCUMENT = 6; + + /** + * Indicates a document contained within another document (e.g., IFRAMEs, + * FRAMES, and OBJECTs). + */ + const nsContentPolicyType TYPE_SUBDOCUMENT = 7; + + /** + * Indicates a timed refresh. + * + * shouldLoad will never get this, because it does not represent content + * to be loaded (the actual load triggered by the refresh will go through + * shouldLoad as expected). + * + * shouldProcess will get this for, e.g., META Refresh elements and HTTP + * Refresh headers. + */ + const nsContentPolicyType TYPE_REFRESH = 8; + + /** + * Indicates an XBL binding request, triggered either by -moz-binding CSS + * property. + */ + const nsContentPolicyType TYPE_XBL = 9; + + /** + * Indicates a ping triggered by a click on <A PING="..."> element. + */ + const nsContentPolicyType TYPE_PING = 10; + + /** + * Indicates an XMLHttpRequest. Also used for document.load and for EventSource. + */ + const nsContentPolicyType TYPE_XMLHTTPREQUEST = 11; + const nsContentPolicyType TYPE_DATAREQUEST = 11; // alias + + /** + * Indicates a request by a plugin. + */ + const nsContentPolicyType TYPE_OBJECT_SUBREQUEST = 12; + + /** + * Indicates a DTD loaded by an XML document. + */ + const nsContentPolicyType TYPE_DTD = 13; + + /** + * Indicates a font loaded via @font-face rule. + */ + const nsContentPolicyType TYPE_FONT = 14; + + /** + * Indicates a video or audio load. + */ + const nsContentPolicyType TYPE_MEDIA = 15; + + /** + * Indicates a WebSocket load. + */ + const nsContentPolicyType TYPE_WEBSOCKET = 16; + + /** + * Indicates a Content Security Policy report. + */ + const nsContentPolicyType TYPE_CSP_REPORT = 17; + + /** + * Indicates a style sheet transformation. + */ + const nsContentPolicyType TYPE_XSLT = 18; + + /** + * Indicates a beacon post. + */ + const nsContentPolicyType TYPE_BEACON = 19; + + /** + * Indicates a load initiated by the fetch() function from the Fetch + * specification. + */ + const nsContentPolicyType TYPE_FETCH = 20; + + /** + * Indicates a <img srcset> or <picture> request. + */ + const nsContentPolicyType TYPE_IMAGESET = 21; + + /** + * Indicates a web manifest. + */ + const nsContentPolicyType TYPE_WEB_MANIFEST = 22; + + /** + * Indicates an internal constant for scripts loaded through script + * elements. + * + * This will be mapped to TYPE_SCRIPT before being passed to content policy + * implementations. + */ + const nsContentPolicyType TYPE_INTERNAL_SCRIPT = 23; + + /** + * Indicates an internal constant for scripts loaded through a dedicated + * worker. + * + * This will be mapped to TYPE_SCRIPT before being passed to content policy + * implementations. + */ + const nsContentPolicyType TYPE_INTERNAL_WORKER = 24; + + /** + * Indicates an internal constant for scripts loaded through a shared + * worker. + * + * This will be mapped to TYPE_SCRIPT before being passed to content policy + * implementations. + */ + const nsContentPolicyType TYPE_INTERNAL_SHARED_WORKER = 25; + + /** + * Indicates an internal constant for content loaded from embed elements. + * + * This will be mapped to TYPE_OBJECT. + */ + const nsContentPolicyType TYPE_INTERNAL_EMBED = 26; + + /** + * Indicates an internal constant for content loaded from object elements. + * + * This will be mapped to TYPE_OBJECT. + */ + const nsContentPolicyType TYPE_INTERNAL_OBJECT = 27; + + /** + * Indicates an internal constant for content loaded from frame elements. + * + * This will be mapped to TYPE_SUBDOCUMENT. + */ + const nsContentPolicyType TYPE_INTERNAL_FRAME = 28; + + /** + * Indicates an internal constant for content loaded from iframe elements. + * + * This will be mapped to TYPE_SUBDOCUMENT. + */ + const nsContentPolicyType TYPE_INTERNAL_IFRAME = 29; + + /** + * Indicates an internal constant for content loaded from audio elements. + * + * This will be mapped to TYPE_MEDIA. + */ + const nsContentPolicyType TYPE_INTERNAL_AUDIO = 30; + + /** + * Indicates an internal constant for content loaded from video elements. + * + * This will be mapped to TYPE_MEDIA. + */ + const nsContentPolicyType TYPE_INTERNAL_VIDEO = 31; + + /** + * Indicates an internal constant for content loaded from track elements. + * + * This will be mapped to TYPE_MEDIA. + */ + const nsContentPolicyType TYPE_INTERNAL_TRACK = 32; + + /** + * Indicates an internal constant for an XMLHttpRequest. + * + * This will be mapped to TYPE_XMLHTTPREQUEST. + */ + const nsContentPolicyType TYPE_INTERNAL_XMLHTTPREQUEST = 33; + + /** + * Indicates an internal constant for EventSource. + * + * This will be mapped to TYPE_DATAREQUEST. + */ + const nsContentPolicyType TYPE_INTERNAL_EVENTSOURCE = 34; + + /** + * Indicates an internal constant for scripts loaded through a service + * worker. + * + * This will be mapped to TYPE_SCRIPT before being passed to content policy + * implementations. + */ + const nsContentPolicyType TYPE_INTERNAL_SERVICE_WORKER = 35; + + /** + * Indicates an internal constant for *preloaded* scripts + * loaded through script elements. + * + * This will be mapped to TYPE_SCRIPT before being passed + * to content policy implementations. + */ + const nsContentPolicyType TYPE_INTERNAL_SCRIPT_PRELOAD = 36; + + /** + * Indicates an internal constant for normal images. + * + * This will be mapped to TYPE_IMAGE before being passed + * to content policy implementations. + */ + const nsContentPolicyType TYPE_INTERNAL_IMAGE = 37; + + /** + * Indicates an internal constant for *preloaded* images. + * + * This will be mapped to TYPE_IMAGE before being passed + * to content policy implementations. + */ + const nsContentPolicyType TYPE_INTERNAL_IMAGE_PRELOAD = 38; + + /** + * Indicates an internal constant for normal stylesheets. + * + * This will be mapped to TYPE_STYLESHEET before being passed + * to content policy implementations. + */ + const nsContentPolicyType TYPE_INTERNAL_STYLESHEET = 39; + + /** + * Indicates an internal constant for *preloaded* stylesheets. + * + * This will be mapped to TYPE_STYLESHEET before being passed + * to content policy implementations. + */ + const nsContentPolicyType TYPE_INTERNAL_STYLESHEET_PRELOAD = 40; + + /** + * Indicates an internal constant for favicon. + * + * This will be mapped to TYPE_IMAGE before being passed + * to content policy implementations. + */ + const nsContentPolicyType TYPE_INTERNAL_IMAGE_FAVICON = 41; + + /* When adding new content types, please update nsContentBlocker, + * NS_CP_ContentTypeName, nsCSPContext, all nsIContentPolicy + * implementations, the static_assert in dom/cache/DBSchema.cpp, + * and other things that are not listed here that are related to + * nsIContentPolicy. */ + + ////////////////////////////////////////////////////////////////////// + + /** + * Returned from shouldLoad or shouldProcess if the load or process request + * is rejected based on details of the request. + */ + const short REJECT_REQUEST = -1; + + /** + * Returned from shouldLoad or shouldProcess if the load/process is rejected + * based solely on its type (of the above flags). + * + * NOTE that it is not meant to stop future requests for this type--only the + * current request. + */ + const short REJECT_TYPE = -2; + + /** + * Returned from shouldLoad or shouldProcess if the load/process is rejected + * based on the server it is hosted on or requested from (aContentLocation or + * aRequestOrigin), e.g., if you block an IMAGE because it is served from + * goatse.cx (even if you don't necessarily block other types from that + * server/domain). + * + * NOTE that it is not meant to stop future requests for this server--only the + * current request. + */ + const short REJECT_SERVER = -3; + + /** + * Returned from shouldLoad or shouldProcess if the load/process is rejected + * based on some other criteria. Mozilla callers will handle this like + * REJECT_REQUEST; third-party implementors may, for example, use this to + * direct their own callers to consult the extra parameter for additional + * details. + */ + const short REJECT_OTHER = -4; + + /** + * Returned from shouldLoad or shouldProcess if the load or process request + * is not rejected. + */ + const short ACCEPT = 1; +}; |