gecko-dev/dom/base/nsIContentPolicyBase.idl

374 lines
11 KiB
Plaintext
Raw Normal View History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ft=cpp tw=78 sw=2 et ts=8 : */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
interface nsIURI;
interface nsIDOMNode;
interface nsIPrincipal;
/**
* The type of nsIContentPolicy::TYPE_*
*/
typedef unsigned long nsContentPolicyType;
/**
* Interface for content policy mechanism. Implementations of this
* interface can be used to control loading of various types of out-of-line
* content, or processing of certain types of in-line content.
*
* WARNING: do not block the caller from shouldLoad or shouldProcess (e.g.,
* by launching a dialog to prompt the user for something).
*/
[scriptable,uuid(17418187-d86f-48dd-92d1-238838df0a4e)]
interface nsIContentPolicyBase : nsISupports
{
/**
* Indicates a unset or bogus policy type.
*/
const nsContentPolicyType TYPE_INVALID = 0;
/**
* Gecko/Firefox developers: Avoid using TYPE_OTHER. Especially for
* requests that are coming from webpages. Or requests in general which
* you expect that security checks will be done on.
* Always use a more specific type if one is available. And do not hesitate
* to add more types as appropriate.
* But if you are fairly sure that no one would care about your more specific
* type, then it's ok to use TYPE_OTHER.
*
* Extension developers: Whenever it is reasonable, use one of the existing
* content types. If none of the existing content types are right for
* something you are doing, file a bug in the Core/DOM component that
* includes a patch that adds your new content type to the end of the list of
* TYPE_* constants here. But, don't start using your new content type until
* your patch has been accepted, because it will be uncertain what exact
* value and name your new content type will have; in that interim period,
* use TYPE_OTHER. In your patch, document your new content type in the style
* of the existing ones. In the bug you file, provide a more detailed
* description of the new type of content you want Gecko to support, so that
* the existing implementations of nsIContentPolicy can be properly modified
* to deal with that new type of content.
*
* Implementations of nsIContentPolicy should treat this the same way they
* treat unknown types, because existing users of TYPE_OTHER may be converted
* to use new content types.
*
* Note that the TYPE_INTERNAL_* constants are never passed to content
* policy implementations. They are mapped to other TYPE_* constants, and
* are only intended for internal usage inside Gecko.
*/
const nsContentPolicyType TYPE_OTHER = 1;
/**
* Indicates an executable script (such as JavaScript).
*/
const nsContentPolicyType TYPE_SCRIPT = 2;
/**
* Indicates an image (e.g., IMG elements).
*/
const nsContentPolicyType TYPE_IMAGE = 3;
/**
* Indicates a stylesheet (e.g., STYLE elements).
*/
const nsContentPolicyType TYPE_STYLESHEET = 4;
/**
* Indicates a generic object (plugin-handled content typically falls under
* this category).
*/
const nsContentPolicyType TYPE_OBJECT = 5;
/**
* Indicates a document at the top-level (i.e., in a browser).
*/
const nsContentPolicyType TYPE_DOCUMENT = 6;
/**
* Indicates a document contained within another document (e.g., IFRAMEs,
* FRAMES, and OBJECTs).
*/
const nsContentPolicyType TYPE_SUBDOCUMENT = 7;
/**
* Indicates a timed refresh.
*
* shouldLoad will never get this, because it does not represent content
* to be loaded (the actual load triggered by the refresh will go through
* shouldLoad as expected).
*
* shouldProcess will get this for, e.g., META Refresh elements and HTTP
* Refresh headers.
*/
const nsContentPolicyType TYPE_REFRESH = 8;
/**
* Indicates an XBL binding request, triggered either by -moz-binding CSS
* property.
*/
const nsContentPolicyType TYPE_XBL = 9;
/**
* Indicates a ping triggered by a click on <A PING="..."> element.
*/
const nsContentPolicyType TYPE_PING = 10;
/**
* Indicates an XMLHttpRequest. Also used for document.load and for EventSource.
*/
const nsContentPolicyType TYPE_XMLHTTPREQUEST = 11;
const nsContentPolicyType TYPE_DATAREQUEST = 11; // alias
/**
* Indicates a request by a plugin.
*/
const nsContentPolicyType TYPE_OBJECT_SUBREQUEST = 12;
/**
* Indicates a DTD loaded by an XML document.
*/
const nsContentPolicyType TYPE_DTD = 13;
/**
* Indicates a font loaded via @font-face rule.
*/
const nsContentPolicyType TYPE_FONT = 14;
/**
* Indicates a video or audio load.
*/
const nsContentPolicyType TYPE_MEDIA = 15;
/**
* Indicates a WebSocket load.
*/
const nsContentPolicyType TYPE_WEBSOCKET = 16;
/**
* Indicates a Content Security Policy report.
*/
const nsContentPolicyType TYPE_CSP_REPORT = 17;
/**
* Indicates a style sheet transformation.
*/
const nsContentPolicyType TYPE_XSLT = 18;
/**
* Indicates a beacon post.
*/
const nsContentPolicyType TYPE_BEACON = 19;
/**
* Indicates a load initiated by the fetch() function from the Fetch
* specification.
*/
const nsContentPolicyType TYPE_FETCH = 20;
/**
* Indicates a <img srcset> or <picture> request.
*/
const nsContentPolicyType TYPE_IMAGESET = 21;
Bug 1089255 - Implement and test manifest-src CSP directive. r=bholley, r=dveditz, r=ckerschb --- dom/base/nsContentPolicyUtils.h | 1 + dom/base/nsDataDocumentContentPolicy.cpp | 3 +- dom/base/nsIContentPolicy.idl | 2 +- dom/base/nsIContentPolicyBase.idl | 7 +- dom/base/nsISimpleContentPolicy.idl | 2 +- dom/base/test/csp/browser.ini | 4 + dom/base/test/csp/browser_test_web_manifest.js | 265 +++++++++++++++++++++ .../csp/browser_test_web_manifest_mixed_content.js | 55 +++++ dom/base/test/csp/file_CSP_web_manifest.html | 6 + dom/base/test/csp/file_CSP_web_manifest.json | 1 + .../test/csp/file_CSP_web_manifest.json^headers^ | 1 + dom/base/test/csp/file_CSP_web_manifest_https.html | 4 + dom/base/test/csp/file_CSP_web_manifest_https.json | 1 + .../csp/file_CSP_web_manifest_mixed_content.html | 9 + .../test/csp/file_CSP_web_manifest_remote.html | 8 + dom/base/test/csp/file_csp_testserver.sjs | 14 +- dom/base/test/csp/mochitest.ini | 7 + dom/base/test/moz.build | 5 +- dom/fetch/InternalRequest.cpp | 3 + dom/fetch/InternalRequest.h | 2 +- .../security/nsIContentSecurityPolicy.idl | 3 +- dom/ipc/manifestMessages.js | 25 +- dom/security/nsCSPUtils.cpp | 7 + dom/security/nsCSPUtils.h | 10 +- dom/security/nsMixedContentBlocker.cpp | 1 + dom/webidl/CSPDictionaries.webidl | 1 + extensions/permissions/nsContentBlocker.cpp | 6 +- netwerk/mime/nsMimeTypes.h | 1 + 28 files changed, 439 insertions(+), 15 deletions(-) create mode 100644 dom/base/test/csp/browser.ini create mode 100644 dom/base/test/csp/browser_test_web_manifest.js create mode 100644 dom/base/test/csp/browser_test_web_manifest_mixed_content.js create mode 100644 dom/base/test/csp/file_CSP_web_manifest.html create mode 100644 dom/base/test/csp/file_CSP_web_manifest.json create mode 100644 dom/base/test/csp/file_CSP_web_manifest.json^headers^ create mode 100644 dom/base/test/csp/file_CSP_web_manifest_https.html create mode 100644 dom/base/test/csp/file_CSP_web_manifest_https.json create mode 100644 dom/base/test/csp/file_CSP_web_manifest_mixed_content.html create mode 100644 dom/base/test/csp/file_CSP_web_manifest_remote.html
2015-06-02 19:42:19 +00:00
/**
* Indicates a web manifest.
*/
const nsContentPolicyType TYPE_WEB_MANIFEST = 22;
/**
* Indicates an internal constant for scripts loaded through script
* elements.
*
* This will be mapped to TYPE_SCRIPT before being passed to content policy
* implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_SCRIPT = 23;
/**
* Indicates an internal constant for scripts loaded through a dedicated
* worker.
*
* This will be mapped to TYPE_SCRIPT before being passed to content policy
* implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_WORKER = 24;
/**
* Indicates an internal constant for scripts loaded through a shared
* worker.
*
* This will be mapped to TYPE_SCRIPT before being passed to content policy
* implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_SHARED_WORKER = 25;
/**
* Indicates an internal constant for content loaded from embed elements.
*
* This will be mapped to TYPE_OBJECT.
*/
const nsContentPolicyType TYPE_INTERNAL_EMBED = 26;
/**
* Indicates an internal constant for content loaded from object elements.
*
* This will be mapped to TYPE_OBJECT.
*/
const nsContentPolicyType TYPE_INTERNAL_OBJECT = 27;
/**
* Indicates an internal constant for content loaded from frame elements.
*
* This will be mapped to TYPE_SUBDOCUMENT.
*/
const nsContentPolicyType TYPE_INTERNAL_FRAME = 28;
/**
* Indicates an internal constant for content loaded from iframe elements.
*
* This will be mapped to TYPE_SUBDOCUMENT.
*/
const nsContentPolicyType TYPE_INTERNAL_IFRAME = 29;
/**
* Indicates an internal constant for content loaded from audio elements.
*
* This will be mapped to TYPE_MEDIA.
*/
const nsContentPolicyType TYPE_INTERNAL_AUDIO = 30;
/**
* Indicates an internal constant for content loaded from video elements.
*
* This will be mapped to TYPE_MEDIA.
*/
const nsContentPolicyType TYPE_INTERNAL_VIDEO = 31;
/**
* Indicates an internal constant for content loaded from track elements.
*
* This will be mapped to TYPE_MEDIA.
*/
const nsContentPolicyType TYPE_INTERNAL_TRACK = 32;
/**
* Indicates an internal constant for an XMLHttpRequest.
*
* This will be mapped to TYPE_XMLHTTPREQUEST.
*/
const nsContentPolicyType TYPE_INTERNAL_XMLHTTPREQUEST = 33;
/**
* Indicates an internal constant for EventSource.
*
* This will be mapped to TYPE_DATAREQUEST.
*/
const nsContentPolicyType TYPE_INTERNAL_EVENTSOURCE = 34;
/**
* Indicates an internal constant for scripts loaded through a service
* worker.
*
* This will be mapped to TYPE_SCRIPT before being passed to content policy
* implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_SERVICE_WORKER = 35;
/**
* Indicates an internal constant for *preloaded* scripts
* loaded through script elements.
*
* This will be mapped to TYPE_SCRIPT before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_SCRIPT_PRELOAD = 36;
/**
* Indicates an internal constant for normal images.
*
* This will be mapped to TYPE_IMAGE before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_IMAGE = 37;
/**
* Indicates an internal constant for *preloaded* images.
*
* This will be mapped to TYPE_IMAGE before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_IMAGE_PRELOAD = 38;
/**
* Indicates an internal constant for normal stylesheets.
*
* This will be mapped to TYPE_STYLESHEET before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_STYLESHEET = 39;
/**
* Indicates an internal constant for *preloaded* stylesheets.
*
* This will be mapped to TYPE_STYLESHEET before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_STYLESHEET_PRELOAD = 40;
/* When adding new content types, please update nsContentBlocker,
* NS_CP_ContentTypeName, nsCSPContext, all nsIContentPolicy
* implementations, the static_assert in dom/cache/DBSchema.cpp,
* and other things that are not listed here that are related to
* nsIContentPolicy. */
//////////////////////////////////////////////////////////////////////
/**
* Returned from shouldLoad or shouldProcess if the load or process request
* is rejected based on details of the request.
*/
const short REJECT_REQUEST = -1;
/**
* Returned from shouldLoad or shouldProcess if the load/process is rejected
* based solely on its type (of the above flags).
*
* NOTE that it is not meant to stop future requests for this type--only the
* current request.
*/
const short REJECT_TYPE = -2;
/**
* Returned from shouldLoad or shouldProcess if the load/process is rejected
* based on the server it is hosted on or requested from (aContentLocation or
* aRequestOrigin), e.g., if you block an IMAGE because it is served from
* goatse.cx (even if you don't necessarily block other types from that
* server/domain).
*
* NOTE that it is not meant to stop future requests for this server--only the
* current request.
*/
const short REJECT_SERVER = -3;
/**
* Returned from shouldLoad or shouldProcess if the load/process is rejected
* based on some other criteria. Mozilla callers will handle this like
* REJECT_REQUEST; third-party implementors may, for example, use this to
* direct their own callers to consult the extra parameter for additional
* details.
*/
const short REJECT_OTHER = -4;
/**
* Returned from shouldLoad or shouldProcess if the load or process request
* is not rejected.
*/
const short ACCEPT = 1;
};