summaryrefslogtreecommitdiffstats
path: root/netwerk/base/LoadInfo.h
diff options
context:
space:
mode:
authorMoonchild <mcwerewolf@gmail.com>2018-04-23 11:46:21 +0200
committerGitHub <noreply@github.com>2018-04-23 11:46:21 +0200
commit8ed46f424e1a8a09bad7147882b83c9b2aad17c6 (patch)
tree5c6953fd44fddb74891ddd96613f1ef949c85fd7 /netwerk/base/LoadInfo.h
parent8ffac11aa6eb32be75ff049787191e12476586d3 (diff)
parentccbd5ecf57fcd53ac8b28ddf7466b6c930f764df (diff)
downloadUXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar
UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.gz
UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.lz
UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.xz
UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.zip
Merge pull request #231 from janekptacijarabaci/security_blocking_data_1
moebius#223, #224, #226, #230: DOM - consider blocking top level window data: URIs
Diffstat (limited to 'netwerk/base/LoadInfo.h')
-rw-r--r--netwerk/base/LoadInfo.h11
1 files changed, 9 insertions, 2 deletions
diff --git a/netwerk/base/LoadInfo.h b/netwerk/base/LoadInfo.h
index 3e1b92ff4..0ae6061b3 100644
--- a/netwerk/base/LoadInfo.h
+++ b/netwerk/base/LoadInfo.h
@@ -59,10 +59,12 @@ public:
nsSecurityFlags aSecurityFlags,
nsContentPolicyType aContentPolicyType);
- // Constructor used for TYPE_DOCUMENT loads which have no reasonable
- // loadingNode or loadingPrincipal
+ // Constructor used for TYPE_DOCUMENT loads which have a different
+ // loadingContext than other loads. This ContextForTopLevelLoad is
+ // only used for content policy checks.
LoadInfo(nsPIDOMWindowOuter* aOuterWindow,
nsIPrincipal* aTriggeringPrincipal,
+ nsISupports* aContextForTopLevelLoad,
nsSecurityFlags aSecurityFlags);
// create an exact copy of the loadinfo
@@ -94,6 +96,7 @@ private:
bool aUpgradeInsecureRequests,
bool aVerifySignedContent,
bool aEnforceSRI,
+ bool aForceAllowDataURI,
bool aForceInheritPrincipalDropped,
uint64_t aInnerWindowID,
uint64_t aOuterWindowID,
@@ -108,6 +111,7 @@ private:
const nsTArray<nsCString>& aUnsafeHeaders,
bool aForcePreflight,
bool aIsPreflight,
+ bool aLoadTriggeredFromExternal,
bool aForceHSTSPriming,
bool aMixedContentWouldBlock);
LoadInfo(const LoadInfo& rhs);
@@ -132,12 +136,14 @@ private:
nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
nsCOMPtr<nsIPrincipal> mPrincipalToInherit;
nsWeakPtr mLoadingContext;
+ nsWeakPtr mContextForTopLevelLoad;
nsSecurityFlags mSecurityFlags;
nsContentPolicyType mInternalContentPolicyType;
LoadTainting mTainting;
bool mUpgradeInsecureRequests;
bool mVerifySignedContent;
bool mEnforceSRI;
+ bool mForceAllowDataURI;
bool mForceInheritPrincipalDropped;
uint64_t mInnerWindowID;
uint64_t mOuterWindowID;
@@ -152,6 +158,7 @@ private:
nsTArray<nsCString> mCorsUnsafeHeaders;
bool mForcePreflight;
bool mIsPreflight;
+ bool mLoadTriggeredFromExternal;
bool mForceHSTSPriming : 1;
bool mMixedContentWouldBlock : 1;
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-13 13:10:38 +0000