summaryrefslogtreecommitdiffstats
path: root/dom/interfaces/security/nsIContentSecurityManager.idl
diff options
context:
space:
mode:
Diffstat (limited to 'dom/interfaces/security/nsIContentSecurityManager.idl')
-rw-r--r--dom/interfaces/security/nsIContentSecurityManager.idl56
1 files changed, 56 insertions, 0 deletions
diff --git a/dom/interfaces/security/nsIContentSecurityManager.idl b/dom/interfaces/security/nsIContentSecurityManager.idl
new file mode 100644
index 000000000..1a1c91021
--- /dev/null
+++ b/dom/interfaces/security/nsIContentSecurityManager.idl
@@ -0,0 +1,56 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIChannel;
+interface nsIPrincipal;
+interface nsIStreamListener;
+interface nsIURI;
+
+/**
+ * nsIContentSecurityManager
+ * Describes an XPCOM component used to perform security checks.
+ */
+
+[scriptable, uuid(3a9a1818-2ae8-4ec5-a340-8b29d31fca3b)]
+interface nsIContentSecurityManager : nsISupports
+{
+ /**
+ * Checks whether a channel is allowed to access the given URI and
+ * whether the channel should be openend or should be blocked consulting
+ * internal security checks like Same Origin Policy, Content Security
+ * Policy, Mixed Content Blocker, etc.
+ *
+ * If security checks within performSecurityCheck fail, the function
+ * throws an exception.
+ *
+ * @param aChannel
+ * The channel about to be openend
+ * @param aStreamListener
+ * The Streamlistener of the channel potentially wrapped
+ * into CORSListenerProxy.
+ * @return
+ * The StreamListener of the channel wrapped into CORSListenerProxy.
+ *
+ * @throws NS_ERROR_DOM_BAD_URI
+ * If accessing the URI is not allowed (e.g. prohibted by SOP)
+ * @throws NS_ERROR_CONTENT_BLOCKED
+ * If any of the security policies (CSP, Mixed content) is violated
+ */
+ nsIStreamListener performSecurityCheck(in nsIChannel aChannel,
+ in nsIStreamListener aStreamListener);
+
+ /**
+ * Implementation of
+ * https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
+ *
+ * The value returned by this method feeds into the the Secure Context
+ * algorithm that determins the value of Window.isSecureContext and
+ * WorkerGlobalScope.isSecureContext.
+ *
+ * This method returns false instead of throwing upon errors.
+ */
+ boolean isOriginPotentiallyTrustworthy(in nsIPrincipal aPrincipal);
+};