diff options
Diffstat (limited to 'netwerk/base/nsILoadInfo.idl')
-rw-r--r-- | netwerk/base/nsILoadInfo.idl | 732 |
1 files changed, 732 insertions, 0 deletions
diff --git a/netwerk/base/nsILoadInfo.idl b/netwerk/base/nsILoadInfo.idl new file mode 100644 index 000000000..78433c8b8 --- /dev/null +++ b/netwerk/base/nsILoadInfo.idl @@ -0,0 +1,732 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: ft=cpp tw=78 sw=2 et ts=2 sts=2 cin + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" +#include "nsIContentPolicy.idl" + +interface nsIDOMDocument; +interface nsINode; +interface nsIPrincipal; + +%{C++ +#include "nsTArray.h" +#include "mozilla/BasePrincipal.h" +#include "mozilla/LoadTainting.h" + +class nsCString; +%} + +[ref] native const_nsIPrincipalArray(const nsTArray<nsCOMPtr<nsIPrincipal>>); +native NeckoOriginAttributes(mozilla::NeckoOriginAttributes); +[ref] native const_OriginAttributesRef(const mozilla::NeckoOriginAttributes); +[ref] native StringArrayRef(const nsTArray<nsCString>); + +typedef unsigned long nsSecurityFlags; + +/** + * The LoadInfo object contains information about a network load, why it + * was started, and how we plan on using the resulting response. + * If a network request is redirected, the new channel will receive a new + * LoadInfo object. The new object will contain mostly the same + * information as the pre-redirect one, but updated as appropriate. + * For detailed information about what parts of LoadInfo are updated on + * redirect, see documentation on individual properties. + */ +[scriptable, builtinclass, uuid(ddc65bf9-2f60-41ab-b22a-4f1ae9efcd36)] +interface nsILoadInfo : nsISupports +{ + /** + * *** DEPRECATED *** + * No LoadInfo created within Gecko should contain this security flag. + * Please use any of the five security flags defined underneath. + * We only keep this security flag to provide backwards compatibilty. + */ + const unsigned long SEC_NORMAL = 0; + + /** + * The following five flags determine the security mode and hence what kind of + * security checks should be performed throughout the lifetime of the channel. + * + * * SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS + * * SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED + * * SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS + * * SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL + * * SEC_REQUIRE_CORS_DATA_INHERITS + * + * Exactly one of these flags are required to be set in order to allow + * the channel to perform the correct security checks (SOP, CORS, ...) and + * return the correct result principal. If none or more than one of these + * flags are set AsyncOpen2 will fail. + */ + + /* + * Enforce the same origin policy where data: loads inherit + * the principal. + */ + const unsigned long SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS = (1<<0); + + /* + * Enforce the same origin policy but data: loads are blocked. + */ + const unsigned long SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED = (1<<1); + + /** + * Allow loads from other origins. Loads from data: will inherit + * the principal of the origin that triggered the load. + * Commonly used by plain <img>, <video>, <link rel=stylesheet> etc. + */ + const unsigned long SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS = (1<<2); + + /** + * Allow loads from other origins. Loads from data: will be allowed, + * but the resulting resource will get a null principal. + * Used in blink/webkit for <iframe>s. Likely also the mode + * that should be used by most Chrome code. + */ + const unsigned long SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL = (1<<3); + + /** + * Allow loads from any origin, but require CORS for cross-origin + * loads. Loads from data: are allowed and the result will inherit + * the principal of the origin that triggered the load. + * Commonly used by <img crossorigin>, <video crossorigin>, + * XHR, fetch(), etc. + */ + const unsigned long SEC_REQUIRE_CORS_DATA_INHERITS = (1<<4); + + /** + * Choose cookie policy. The default policy is equivalent to "INCLUDE" for + * SEC_REQUIRE_SAME_ORIGIN_* and SEC_ALLOW_CROSS_ORIGIN_* modes, and + * equivalent to "SAME_ORIGIN" for SEC_REQUIRE_CORS_DATA_INHERITS mode. + * + * This means that if you want to perform a CORS load with credentials, pass + * SEC_COOKIES_INCLUDE. + * + * Note that these flags are still subject to the user's cookie policies. + * For example, if the user is blocking 3rd party cookies, those cookies + * will be blocked no matter which of these flags are set. + */ + const unsigned long SEC_COOKIES_DEFAULT = (0 << 5); + const unsigned long SEC_COOKIES_INCLUDE = (1 << 5); + const unsigned long SEC_COOKIES_SAME_ORIGIN = (2 << 5); + const unsigned long SEC_COOKIES_OMIT = (3 << 5); + + /** + * Force inheriting of the Principal. The resulting resource will use the + * principal of the document which is doing the load. Setting this flag + * will cause GetChannelResultPrincipal to return the same principal as + * the loading principal that's passed in when creating the channel. + * + * This will happen independently of the scheme of the URI that the + * channel is loading. + * + * So if the loading document comes from "http://a.com/", and the channel + * is loading the URI "http://b.com/whatever", GetChannelResultPrincipal + * will return a principal from "http://a.com/". + * + * This flag can not be used together with SEC_SANDBOXED. If both are passed + * to the LoadInfo constructor then this flag will be dropped. If you need + * to know whether this flag would have been present but was dropped due to + * sandboxing, check for the forceInheritPrincipalDropped flag. + */ + const unsigned long SEC_FORCE_INHERIT_PRINCIPAL = (1<<7); + + /** + * Sandbox the load. The resulting resource will use a freshly created + * null principal. So GetChannelResultPrincipal will always return a + * null principal whenever this flag is set. + * + * This will happen independently of the scheme of the URI that the + * channel is loading. + * + * This flag can not be used together with SEC_FORCE_INHERIT_PRINCIPAL. + */ + const unsigned long SEC_SANDBOXED = (1<<8); + + /** + * Inherit the Principal for about:blank. + */ + const unsigned long SEC_ABOUT_BLANK_INHERITS = (1<<9); + + /** + * Allow access to chrome: packages that are content accessible. + */ + const unsigned long SEC_ALLOW_CHROME = (1<<10); + + /** + * Disallow access to javascript: uris. + */ + const unsigned long SEC_DISALLOW_SCRIPT = (1<<11); + + /** + * Don't follow redirects. Instead the redirect response is returned + * as a successful response for the channel. + * + * Redirects not initiated by a server response, i.e. REDIRECT_INTERNAL and + * REDIRECT_STS_UPGRADE, are still followed. + * + * Note: If this flag is set and the channel response is a redirect, then + * the response body might not be available. + * This can happen if the redirect was cached. + */ + const unsigned long SEC_DONT_FOLLOW_REDIRECTS = (1<<12); + + /** + * Load an error page, it should be one of following : about:neterror, + * about:certerror, about:blocked, or about:tabcrashed. + */ + const unsigned long SEC_LOAD_ERROR_PAGE = (1<<13); + + /** + * Force inheriting of the principalToInherit, overruling any owner + * that might be set on the channel. (Please note that channel.owner + * is deprecated and will be removed within Bug 1286838). + * Setting this flag will cause GetChannelResultPrincipal to return the + * principalToInherit set in the loadInfo. + * + * This will happen independently of the scheme of the URI that the + * channel is loading. + */ + const unsigned long SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER = (1<<14); + + /** + * This is the principal of the network request's caller/requester where + * the resulting resource will be used. I.e. it is the principal which + * will get access to the result of the request. (Where "get access to" + * might simply mean "embed" depending on the type of resource that is + * loaded). + * + * For example for an image, it is the principal of the document where + * the image is rendered. For a stylesheet it is the principal of the + * document where the stylesheet will be applied. + * + * So if document at http://a.com/page.html loads an image from + * http://b.com/pic.jpg, then loadingPrincipal will be + * http://a.com/page.html. + * + * For <iframe> and <frame> loads, the LoadingPrincipal is the + * principal of the parent document. For top-level loads, the + * LoadingPrincipal is null. For all loads except top-level loads + * the LoadingPrincipal is never null. + * + * If the loadingPrincipal is the system principal, no security checks + * will be done at all. There will be no security checks on the initial + * load or any subsequent redirects. This means there will be no + * nsIContentPolicy checks or any CheckLoadURI checks. Because of + * this, never set the loadingPrincipal to the system principal when + * the URI to be loaded is controlled by a webpage. + * If the loadingPrincipal and triggeringPrincipal are both + * codebase-principals, then we will always call into + * nsIContentPolicies and CheckLoadURI. The call to nsIContentPolicies + * and CheckLoadURI happen even if the URI to be loaded is same-origin + * with the loadingPrincipal or triggeringPrincipal. + */ + readonly attribute nsIPrincipal loadingPrincipal; + + /** + * A C++-friendly version of loadingPrincipal. + */ + [noscript, notxpcom, nostdcall, binaryname(LoadingPrincipal)] + nsIPrincipal binaryLoadingPrincipal(); + + /** + * This is the principal which caused the network load to start. I.e. + * this is the principal which provided the URL to be loaded. This is + * often the same as the LoadingPrincipal, but there are a few cases + * where that's not true. + * + * For example for loads into an <iframe>, the LoadingPrincipal is always + * the principal of the parent document. However the triggeringPrincipal + * is the principal of the document which provided the URL that the + * <iframe> is navigating to. This could be the previous document inside + * the <iframe> which set document.location. Or a document elsewhere in + * the frame tree which contained a <a target="..."> which targetted the + * <iframe>. + * + * If a stylesheet links to a sub-resource, like an @imported stylesheet, + * or a background image, then the triggeringPrincipal is the principal + * of the stylesheet, while the LoadingPrincipal is the principal of the + * document being styled. + * + * The triggeringPrincipal is never null. + * + * If the triggeringPrincipal is the system principal, no security checks + * will be done at all. There will be no security checks on the initial + * load or any subsequent redirects. This means there will be no + * nsIContentPolicy checks or any CheckLoadURI checks. Because of + * this, never set the triggeringPrincipal to the system principal when + * the URI to be loaded is controlled by a webpage. + * If the loadingPrincipal and triggeringPrincipal are both + * codebase-principals, then we will always call into + * nsIContentPolicies and CheckLoadURI. The call to nsIContentPolicies + * and CheckLoadURI happen even if the URI to be loaded is same-origin + * with the loadingPrincipal or triggeringPrincipal. + */ + readonly attribute nsIPrincipal triggeringPrincipal; + + /** + * A C++-friendly version of triggeringPrincipal. + */ + [noscript, notxpcom, nostdcall, binaryname(TriggeringPrincipal)] + nsIPrincipal binaryTriggeringPrincipal(); + + /** + * For non-document loads the principalToInherit is always null. For + * loads of type TYPE_DOCUMENT or TYPE_SUBDOCUMENT the principalToInherit + * might be null. If it's non null, then this is the principal that is + * inherited if a principal needs to be inherited. If the principalToInherit + * is null but the inherit flag is set, then the triggeringPrincipal is + * the principal that is inherited. + */ + attribute nsIPrincipal principalToInherit; + + /** + * A C++-friendly version of principalToInherit. + */ + [noscript, notxpcom, nostdcall, binaryname(PrincipalToInherit)] + nsIPrincipal binaryPrincipalToInherit(); + + /** + * This is the ownerDocument of the LoadingNode. Unless the LoadingNode + * is a Document, in which case the LoadingDocument is the same as the + * LoadingNode. + * + * For top-level loads, and for loads originating from workers, the + * LoadingDocument is null. When the LoadingDocument is not null, the + * LoadingPrincipal is set to the principal of the LoadingDocument. + */ + readonly attribute nsIDOMDocument loadingDocument; + + /** + * A C++-friendly version of loadingDocument (loadingNode). + * This is the Node where the resulting resource will be used. I.e. it is + * the Node which will get access to the result of the request. (Where + * "get access to" might simply mean "embed" depending on the type of + * resource that is loaded). + * + * For example for an <img>/<video> it is the image/video element. For + * document loads inside <iframe> and <frame>s, the LoadingNode is the + * <iframe>/<frame> element. For an XMLHttpRequest, it is the Document + * which contained the JS which initiated the XHR. For a stylesheet, it + * is the Document that contains <link rel=stylesheet>. + * + * For loads triggered by the HTML pre-parser, the LoadingNode is the + * Document which is currently being parsed. + * + * For top-level loads, and for loads originating from workers, the + * LoadingNode is null. If the LoadingNode is non-null, then the + * LoadingPrincipal is the principal of the LoadingNode. + */ + [noscript, notxpcom, nostdcall, binaryname(LoadingNode)] + nsINode binaryLoadingNode(); + + /** + * The securityFlags of that channel. + */ + readonly attribute nsSecurityFlags securityFlags; + +%{ C++ + inline nsSecurityFlags GetSecurityFlags() + { + nsSecurityFlags result; + mozilla::DebugOnly<nsresult> rv = GetSecurityFlags(&result); + MOZ_ASSERT(NS_SUCCEEDED(rv)); + return result; + } +%} + + /** + * Allows to query only the security mode bits from above. + */ + [infallible] readonly attribute unsigned long securityMode; + + /** + * True if this request is embedded in a context that can't be third-party + * (i.e. an iframe embedded in a cross-origin parent window). If this is + * false, then this request may be third-party if it's a third-party to + * loadingPrincipal. + */ + [infallible] readonly attribute boolean isInThirdPartyContext; + + /** + * See the SEC_COOKIES_* flags above. This attribute will never return + * SEC_COOKIES_DEFAULT, but will instead return what the policy resolves to. + * I.e. SEC_COOKIES_SAME_ORIGIN for CORS mode, and SEC_COOKIES_INCLUDE + * otherwise. + */ + [infallible] readonly attribute unsigned long cookiePolicy; + + /** + * If forceInheritPrincipal is true, the data coming from the channel should + * use loadingPrincipal for its principal, even when the data is loaded over + * http:// or another protocol that would normally use a URI-based principal. + * This attribute will never be true when loadingSandboxed is true. + */ + [infallible] readonly attribute boolean forceInheritPrincipal; + + /** + * If forceInheritPrincipalOverruleOwner is true, the data coming from the + * channel should use principalToInherit for its principal, even when the + * data is loaded over http:// or another protocol that would normally use + * a URI-based principal. + */ + [infallible] readonly attribute boolean forceInheritPrincipalOverruleOwner; + + /** + * If loadingSandboxed is true, the data coming from the channel is + * being loaded sandboxed, so it should have a nonce origin and + * hence should use a NullPrincipal. + */ + [infallible] readonly attribute boolean loadingSandboxed; + + /** + * If aboutBlankInherits is true, then about:blank should inherit + * the principal. + */ + [infallible] readonly attribute boolean aboutBlankInherits; + + /** + * If allowChrome is true, then use nsIScriptSecurityManager::ALLOW_CHROME + * when calling CheckLoadURIWithPrincipal(). + */ + [infallible] readonly attribute boolean allowChrome; + + /** + * If disallowScript is true, then use nsIScriptSecurityManager::DISALLOW_SCRIPT + * when calling CheckLoadURIWithPrincipal(). + */ + [infallible] readonly attribute boolean disallowScript; + + /** + * Returns true if SEC_DONT_FOLLOW_REDIRECTS is set. + */ + [infallible] readonly attribute boolean dontFollowRedirects; + + /** + * Returns true if SEC_LOAD_ERROR_PAGE is set. + */ + [infallible] readonly attribute boolean loadErrorPage; + + /** + * The external contentPolicyType of the channel, used for security checks + * like Mixed Content Blocking and Content Security Policy. + * + * Specifically, content policy types with _INTERNAL_ in their name will + * never get returned from this attribute. + */ + readonly attribute nsContentPolicyType externalContentPolicyType; + +%{ C++ + inline nsContentPolicyType GetExternalContentPolicyType() + { + nsContentPolicyType result; + mozilla::DebugOnly<nsresult> rv = GetExternalContentPolicyType(&result); + MOZ_ASSERT(NS_SUCCEEDED(rv)); + return result; + } +%} + + /** + * The internal contentPolicyType of the channel, used for constructing + * RequestContext values when creating a fetch event for an intercepted + * channel. + * + * This should not be used for the purposes of security checks, since + * the content policy implementations cannot be expected to deal with + * _INTERNAL_ values. Please use the contentPolicyType attribute above + * for that purpose. + */ + [noscript, notxpcom] + nsContentPolicyType internalContentPolicyType(); + + /** + * Returns true if document or any of the documents ancestors + * up to the toplevel document make use of the CSP directive + * 'upgrade-insecure-requests'. Used to identify upgrade + * requests in e10s where the loadingDocument is not available. + * + * Warning: If the loadingDocument is null, then the + * upgradeInsecureRequests is false. + */ + [infallible] readonly attribute boolean upgradeInsecureRequests; + + /** + * If true, the content of the channel is queued up and checked + * if it matches a content signature. Note, setting this flag + * to true will negatively impact performance since the preloader + * can not start until all of the content is fetched from the + * netwerk. + * + * Only use that in combination with TYPE_DOCUMENT. + */ + [infallible] attribute boolean verifySignedContent; + + /** + * If true, this load will fail if it has no SRI integrity + */ + [infallible] attribute boolean enforceSRI; + + /** + * The SEC_FORCE_INHERIT_PRINCIPAL flag may be dropped when a load info + * object is created. Specifically, it will be dropped if the SEC_SANDBOXED + * flag is also present. This flag is set if SEC_FORCE_INHERIT_PRINCIPAL was + * dropped. + */ + [infallible] readonly attribute boolean forceInheritPrincipalDropped; + + /** + * These are the window IDs of the window in which the element being + * loaded lives. parentOuterWindowID is the window ID of this window's + * parent. + * + * Note that these window IDs can be 0 if the window is not + * available. parentOuterWindowID will be the same as outerWindowID if the + * window has no parent. + */ + [infallible] readonly attribute unsigned long long innerWindowID; + [infallible] readonly attribute unsigned long long outerWindowID; + [infallible] readonly attribute unsigned long long parentOuterWindowID; + + /** + * Only when the element being loaded is <frame src="foo.html"> + * (or, more generally, if the element QIs to nsIFrameLoaderOwner), + * the frameOuterWindowID is the outer window containing the + * foo.html document. + * + * Note: For other cases, frameOuterWindowID is 0. + */ + [infallible] readonly attribute unsigned long long frameOuterWindowID; + + /** + * For all loads of none TYPE_DOUCMENT this function resets the + * LoadingPrincipal, the TriggeringPrincipal and the + * PrincipalToInherit to a freshly created NullPrincipal which inherits + * the current origin attributes from the loadinfo. + * For loads of TYPE_DOCUMENT this function resets only the + * TriggeringPrincipal as well as the PrincipalToInherit to a freshly + * created NullPrincipal which inherits the origin attributes from + * the loadInfo. (Please note that the LoadingPrincipal for TYPE_DOCUMENT + * loads is always null.) + * + * WARNING: Please only use that function if you know exactly what + * you are doing!!! + */ + void resetPrincipalsToNullPrincipal(); + + /** + * Customized NeckoOriginAttributes within LoadInfo to allow overwriting of the + * default originAttributes from the loadingPrincipal. + * + * In chrome side, originAttributes.privateBrowsingId will always be 0 even if + * the usePrivateBrowsing is true, because chrome docshell won't set + * privateBrowsingId on origin attributes (See bug 1278664). This is to make + * sure nsILoadInfo and nsILoadContext have the same origin attributes. + */ + [implicit_jscontext, binaryname(ScriptableOriginAttributes)] + attribute jsval originAttributes; + + [noscript, nostdcall, binaryname(GetOriginAttributes)] + NeckoOriginAttributes binaryGetOriginAttributes(); + + [noscript, nostdcall, binaryname(SetOriginAttributes)] + void binarySetOriginAttributes(in const_OriginAttributesRef aOriginAttrs); + +%{ C++ + inline mozilla::NeckoOriginAttributes GetOriginAttributes() + { + mozilla::NeckoOriginAttributes result; + mozilla::DebugOnly<nsresult> rv = GetOriginAttributes(&result); + MOZ_ASSERT(NS_SUCCEEDED(rv)); + return result; + } +%} + + /** + * Whenever a channel is openend by asyncOpen2() [or also open2()], + * lets set this flag so that redirects of such channels are also + * openend using asyncOpen2() [open2()]. + * + * Please note, once the flag is set to true it must remain true + * throughout the lifetime of the channel. Trying to set it + * to anything else than true will be discareded. + * + */ + [infallible] attribute boolean enforceSecurity; + + /** + * Whenever a channel is evaluated by the ContentSecurityManager + * the first time, we set this flag to true to indicate that + * subsequent calls of AsyncOpen2() do not have to enforce all + * security checks again. E.g., after a redirect there is no + * need to set up CORS again. We need this separate flag + * because the redirectChain might also contain internal + * redirects which might pollute the redirectChain so we can't + * rely on the size of the redirectChain-array to query whether + * a channel got redirected or not. + * + * Please note, once the flag is set to true it must remain true + * throughout the lifetime of the channel. Trying to set it + * to anything else than true will be discarded. + * + */ + [infallible] attribute boolean initialSecurityCheckDone; + + /** + * Whenever a channel gets redirected, append the principal of the + * channel [before the channels got redirected] to the loadinfo, + * so that at every point this array lets us reason about all the + * redirects this channel went through. + * @param aPrincipal, the channelURIPrincipal before the channel + * got redirected. + * @param aIsInternalRedirect should be true if the channel is going + * through an internal redirect, otherwise false. + */ + void appendRedirectedPrincipal(in nsIPrincipal principal, + in boolean isInternalRedirect); + + /** + * An array of nsIPrincipals which stores redirects associated with this + * channel. This array is filled whether or not the channel has ever been + * opened. The last element of the array is associated with the most recent + * redirect. Please note, that this array *includes* internal redirects. + */ + [implicit_jscontext] + readonly attribute jsval redirectChainIncludingInternalRedirects; + + /** + * A C++-friendly version of redirectChain. + * Please note that this array has the same lifetime as the + * loadInfo object - use with caution! + */ + [noscript, notxpcom, nostdcall, binaryname(RedirectChainIncludingInternalRedirects)] + const_nsIPrincipalArray binaryRedirectChainIncludingInternalRedirects(); + + /** + * Same as RedirectChain but does *not* include internal redirects. + */ + [implicit_jscontext] + readonly attribute jsval redirectChain; + + /** + * A C++-friendly version of redirectChain. + * Please note that this array has the same lifetime as the + * loadInfo object - use with caution! + */ + [noscript, notxpcom, nostdcall, binaryname(RedirectChain)] + const_nsIPrincipalArray binaryRedirectChain(); + + /** + * Sets the list of unsafe headers according to CORS spec, as well as + * potentially forces a preflight. + * Note that you do not need to set the Content-Type header. That will be + * automatically detected as needed. + * + * Only call this function when using the SEC_REQUIRE_CORS_DATA_INHERITS mode. + */ + [noscript, notxpcom, nostdcall] + void setCorsPreflightInfo(in StringArrayRef unsafeHeaders, + in boolean forcePreflight); + + /** + * A C++-friendly getter for the list of cors-unsafe headers. + * Please note that this array has the same lifetime as the + * loadInfo object - use with caution! + */ + [noscript, notxpcom, nostdcall, binaryname(CorsUnsafeHeaders)] + StringArrayRef corsUnsafeHeaders(); + + /** + * Returns value set through setCorsPreflightInfo. + */ + [infallible] readonly attribute boolean forcePreflight; + + /** + * A C++ friendly getter for the forcePreflight flag. + */ + [infallible] readonly attribute boolean isPreflight; + + /** + * When this request would be mixed-content and we do not have an + * entry in the HSTS cache, we send an HSTS priming request to + * determine if it is ok to upgrade the request to HTTPS. + */ + /** + * True if this is a mixed-content load and HSTS priming request will be sent. + */ + [noscript, infallible] readonly attribute boolean forceHSTSPriming; + /** + * Carry the decision whether this load would be blocked by mixed content so + * that if HSTS priming fails, the correct decision can be made. + */ + [noscript, infallible] readonly attribute boolean mixedContentWouldBlock; + + /** + * Mark this LoadInfo as needing HSTS Priming + * + * @param wouldBlock Carry the decision of Mixed Content Blocking to be + * applied when HSTS priming is complete. + */ + [noscript, notxpcom, nostdcall] + void setHSTSPriming(in boolean mixeContentWouldBlock); + [noscript, notxpcom, nostdcall] + void clearHSTSPriming(); + + /** + * Constants reflecting the channel tainting. These are mainly defined here + * for script. Internal C++ code should use the enum defined in LoadTainting.h. + * See LoadTainting.h for documentation. + */ + const unsigned long TAINTING_BASIC = 0; + const unsigned long TAINTING_CORS = 1; + const unsigned long TAINTING_OPAQUE = 2; + + /** + * Determine the associated channel's current tainting. Note, this can + * change due to a service worker intercept, so it should be checked after + * OnStartRequest() fires. + */ + readonly attribute unsigned long tainting; + + /** + * Note a new tainting level and possibly increase the current tainting + * to match. If the tainting level is already greater than the given + * value, then there is no effect. It is not possible to reduce the tainting + * level on an existing channel/loadinfo. + */ + void maybeIncreaseTainting(in unsigned long aTainting); + + /** + * Various helper code to provide more convenient C++ access to the tainting + * attribute and maybeIncreaseTainting(). + */ +%{C++ + static_assert(TAINTING_BASIC == static_cast<uint32_t>(mozilla::LoadTainting::Basic), + "basic tainting enums should match"); + static_assert(TAINTING_CORS == static_cast<uint32_t>(mozilla::LoadTainting::CORS), + "cors tainting enums should match"); + static_assert(TAINTING_OPAQUE == static_cast<uint32_t>(mozilla::LoadTainting::Opaque), + "opaque tainting enums should match"); + + mozilla::LoadTainting GetTainting() + { + uint32_t tainting = TAINTING_BASIC; + MOZ_ALWAYS_SUCCEEDS(GetTainting(&tainting)); + return static_cast<mozilla::LoadTainting>(tainting); + } + + void MaybeIncreaseTainting(mozilla::LoadTainting aTainting) + { + uint32_t tainting = static_cast<uint32_t>(aTainting); + MOZ_ALWAYS_SUCCEEDS(MaybeIncreaseTainting(tainting)); + } +%} + + /** + * Returns true if this load is for top level document. + * Note that the load for a sub-frame's document will return false here. + */ + [infallible] readonly attribute boolean isTopLevelLoad; +}; |