summaryrefslogtreecommitdiffstats
path: root/netwerk/protocol/http/nsIHstsPrimingCallback.idl
diff options
context:
space:
mode:
Diffstat (limited to 'netwerk/protocol/http/nsIHstsPrimingCallback.idl')
-rw-r--r--netwerk/protocol/http/nsIHstsPrimingCallback.idl50
1 files changed, 50 insertions, 0 deletions
diff --git a/netwerk/protocol/http/nsIHstsPrimingCallback.idl b/netwerk/protocol/http/nsIHstsPrimingCallback.idl
new file mode 100644
index 000000000..01f53a5b2
--- /dev/null
+++ b/netwerk/protocol/http/nsIHstsPrimingCallback.idl
@@ -0,0 +1,50 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+/**
+ * HSTS priming attempts to prevent mixed-content by looking for the
+ * Strict-Transport-Security header as a signal from the server that it is
+ * safe to upgrade HTTP to HTTPS.
+ *
+ * Since mixed-content blocking happens very early in the process in AsyncOpen2,
+ * the status of mixed-content blocking is stored in the LoadInfo and then used
+ * to determine whether to send a priming request or not.
+ *
+ * This interface is implemented by nsHttpChannel so that it can receive the
+ * result of HSTS priming.
+ */
+[builtinclass, uuid(eca6daca-3f2a-4a2a-b3bf-9f24f79bc999)]
+interface nsIHstsPrimingCallback : nsISupports
+{
+ /**
+ * HSTS priming has succeeded with an STS header, and the site asserts it is
+ * safe to upgrade the request from HTTP to HTTPS. The request may still be
+ * blocked based on the user's preferences.
+ *
+ * May be invoked synchronously if HSTS priming has already been performed
+ * for the host.
+ *
+ * @param aCached whether the result was already in the HSTS cache
+ */
+ [noscript, nostdcall]
+ void onHSTSPrimingSucceeded(in bool aCached);
+ /**
+ * HSTS priming has seen no STS header, the request itself has failed,
+ * or some other failure which does not constitute a positive signal that the
+ * site can be upgraded safely to HTTPS. The request may still be allowed
+ * based on the user's preferences.
+ *
+ * May be invoked synchronously if HSTS priming has already been performed
+ * for the host.
+ *
+ * @param aError The error which caused this failure, or NS_ERROR_CONTENT_BLOCKED
+ * @param aCached whether the result was already in the HSTS cache
+ */
+ [noscript, nostdcall]
+ void onHSTSPrimingFailed(in nsresult aError, in bool aCached);
+};