gecko-dev/dom/webidl/LoadURIOptions.webidl
Nika Layzell a50cefe2cf Bug 1650089 - Part 1: Add a remoteTypeOverride option for about:blank loads triggered by chrome, r=annyG,kmag
After the changes in this bug, about:blank loads triggered by chrome will
finish in a "web" content process, as they have an untrusted null principal
without a precursor. In a few places throughout the codebase, however, we
perform about:blank loads with the explicit expectation that they do not change
processes. This new remoteTypeOverride option allows the intended final process
to be explicitly specified in this situation.

For security & simplicity reasons, this new attribute is limited to only be
usable on system-principal triggered loads of about:blank in toplevel browsing
contexts.

Differential Revision: https://phabricator.services.mozilla.com/D120671
2021-08-10 14:31:16 +00:00

93 lines
2.8 KiB
Plaintext

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
interface ContentSecurityPolicy;
interface Principal;
interface URI;
interface InputStream;
interface ReferrerInfo;
/**
* This dictionary holds load arguments for docshell loads.
*/
[GenerateInit]
dictionary LoadURIOptions {
/**
* The principal that initiated the load.
*/
Principal? triggeringPrincipal = null;
/**
* The CSP to be used for the load. That is *not* the CSP that will
* be applied to subresource loads within that document but the CSP
* for the document load itself. E.g. if that CSP includes
* upgrade-insecure-requests, then the new top-level load will
* be upgraded to HTTPS.
*/
ContentSecurityPolicy? csp = null;
/**
* Flags modifying load behaviour. This parameter is a bitwise
* combination of the load flags defined in nsIWebNavigation.idl.
*/
long loadFlags = 0;
/**
* The referring info of the load. If this argument is null, then the
* referrer URI and referrer policy will be inferred internally.
*/
ReferrerInfo? referrerInfo = null;
/**
* If the URI to be loaded corresponds to a HTTP request, then this stream is
* appended directly to the HTTP request headers. It may be prefixed
* with additional HTTP headers. This stream must contain a "\r\n"
* sequence separating any HTTP headers from the HTTP request body.
*/
InputStream? postData = null;
/**
* If the URI corresponds to a HTTP request, then any HTTP headers
* contained in this stream are set on the HTTP request. The HTTP
* header stream is formatted as:
* ( HEADER "\r\n" )*
*/
InputStream? headers = null;
/**
* Set to indicate a base URI to be associated with the load. Note
* that at present this argument is only used with view-source aURIs
* and cannot be used to resolve aURI.
*/
URI? baseURI = null;
/**
* Set to indicate that the URI to be loaded was triggered by a user
* action. (Mostly used in the context of Sec-Fetch-User).
*/
boolean hasValidUserGestureActivation = false;
/**
* The SandboxFlags of the entity thats
* responsible for causing the load.
*/
unsigned long triggeringSandboxFlags = 0;
/**
* If non-0, a value to pass to nsIDocShell::setCancelContentJSEpoch
* when initiating the load.
*/
long cancelContentJSEpoch = 0;
/**
* If this is passed, it will control which remote type is used to finish this
* load. Ignored for non-`about:` loads.
*
* NOTE: This is _NOT_ defaulted to `null`, as `null` is the value for
* `NOT_REMOTE_TYPE`, and we need to determine the difference between no
* `remoteTypeOverride` and a `remoteTypeOverride` of `NOT_REMOTE_TYPE`.
*/
UTF8String? remoteTypeOverride;
};