diff options
Diffstat (limited to 'netwerk/protocol/http/nsIHstsPrimingCallback.idl')
-rw-r--r-- | netwerk/protocol/http/nsIHstsPrimingCallback.idl | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/netwerk/protocol/http/nsIHstsPrimingCallback.idl b/netwerk/protocol/http/nsIHstsPrimingCallback.idl new file mode 100644 index 000000000..01f53a5b2 --- /dev/null +++ b/netwerk/protocol/http/nsIHstsPrimingCallback.idl @@ -0,0 +1,50 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +/** + * HSTS priming attempts to prevent mixed-content by looking for the + * Strict-Transport-Security header as a signal from the server that it is + * safe to upgrade HTTP to HTTPS. + * + * Since mixed-content blocking happens very early in the process in AsyncOpen2, + * the status of mixed-content blocking is stored in the LoadInfo and then used + * to determine whether to send a priming request or not. + * + * This interface is implemented by nsHttpChannel so that it can receive the + * result of HSTS priming. + */ +[builtinclass, uuid(eca6daca-3f2a-4a2a-b3bf-9f24f79bc999)] +interface nsIHstsPrimingCallback : nsISupports +{ + /** + * HSTS priming has succeeded with an STS header, and the site asserts it is + * safe to upgrade the request from HTTP to HTTPS. The request may still be + * blocked based on the user's preferences. + * + * May be invoked synchronously if HSTS priming has already been performed + * for the host. + * + * @param aCached whether the result was already in the HSTS cache + */ + [noscript, nostdcall] + void onHSTSPrimingSucceeded(in bool aCached); + /** + * HSTS priming has seen no STS header, the request itself has failed, + * or some other failure which does not constitute a positive signal that the + * site can be upgraded safely to HTTPS. The request may still be allowed + * based on the user's preferences. + * + * May be invoked synchronously if HSTS priming has already been performed + * for the host. + * + * @param aError The error which caused this failure, or NS_ERROR_CONTENT_BLOCKED + * @param aCached whether the result was already in the HSTS cache + */ + [noscript, nostdcall] + void onHSTSPrimingFailed(in nsresult aError, in bool aCached); +}; |