1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
interface nsICookie2;
interface nsIURI;
interface nsIChannel;
typedef long nsCookieAccess;
/**
* An interface to test for cookie permissions
*/
[scriptable, uuid(11ddd4ed-8f5b-40b3-b2a0-27c20ea1c88d)]
interface nsICookiePermission : nsISupports
{
/**
* nsCookieAccess values
*/
const nsCookieAccess ACCESS_DEFAULT = 0;
const nsCookieAccess ACCESS_ALLOW = 1;
const nsCookieAccess ACCESS_DENY = 2;
/**
* additional values for nsCookieAccess which may not match
* nsIPermissionManager. Keep 3-7 available to allow nsIPermissionManager to
* add values without colliding. ACCESS_SESSION is not directly returned by
* any methods on this interface.
*/
const nsCookieAccess ACCESS_SESSION = 8;
const nsCookieAccess ACCESS_ALLOW_FIRST_PARTY_ONLY = 9;
const nsCookieAccess ACCESS_LIMIT_THIRD_PARTY = 10;
/**
* setAccess
*
* this method is called to block cookie access for the given URI. this
* may result in other URIs being blocked as well (e.g., URIs which share
* the same host name).
*
* @param aURI
* the URI to block
* @param aAccess
* the new cookie access for the URI.
*/
void setAccess(in nsIURI aURI,
in nsCookieAccess aAccess);
/**
* canAccess
*
* this method is called to test whether or not the given URI/channel may
* access the cookie database, either to set or get cookies.
*
* @param aURI
* the URI trying to access cookies
* @param aChannel
* the channel corresponding to aURI
*
* @return one of the following nsCookieAccess values:
* ACCESS_DEFAULT, ACCESS_ALLOW, ACCESS_DENY, or
* ACCESS_ALLOW_FIRST_PARTY_ONLY
*/
nsCookieAccess canAccess(in nsIURI aURI,
in nsIChannel aChannel);
/**
* canSetCookie
*
* this method is called to test whether or not the given URI/channel may
* set a specific cookie. this method is always preceded by a call to
* canAccess. it may modify the isSession and expiry attributes of the
* cookie via the aIsSession and aExpiry parameters, in order to limit
* or extend the lifetime of the cookie. this is useful, for instance, to
* downgrade a cookie to session-only if it fails to meet certain criteria.
*
* @param aURI
* the URI trying to set the cookie
* @param aChannel
* the channel corresponding to aURI
* @param aCookie
* the cookie being added to the cookie database
* @param aIsSession
* when canSetCookie is invoked, this is the current isSession attribute
* of the cookie. canSetCookie may leave this value unchanged to
* preserve this attribute of the cookie.
* @param aExpiry
* when canSetCookie is invoked, this is the current expiry time of
* the cookie. canSetCookie may leave this value unchanged to
* preserve this attribute of the cookie.
*
* @return true if the cookie can be set.
*/
boolean canSetCookie(in nsIURI aURI,
in nsIChannel aChannel,
in nsICookie2 aCookie,
inout boolean aIsSession,
inout int64_t aExpiry);
};
%{ C++
/**
* The nsICookiePermission implementation is an XPCOM service registered
* under the ContractID:
*/
#define NS_COOKIEPERMISSION_CONTRACTID "@mozilla.org/cookie/permission;1"
%}
|