mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 13:21:05 +00:00
346cecd51c
Differential Revision: https://phabricator.services.mozilla.com/D197794
597 lines
18 KiB
C++
597 lines
18 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ft=cpp tw=78 sw=2 et ts=8 : */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "nsISupports.idl"
|
|
|
|
interface nsIURI;
|
|
interface nsILoadInfo;
|
|
|
|
/**
|
|
* Interface for content policy mechanism. Implementations of this
|
|
* interface can be used to control loading of various types of out-of-line
|
|
* content, or processing of certain types of in-line content.
|
|
*
|
|
* WARNING: do not block the caller from shouldLoad or shouldProcess (e.g.,
|
|
* by launching a dialog to prompt the user for something).
|
|
*/
|
|
|
|
[scriptable, uuid(caad4f1f-d047-46ac-ae9d-dc598e4fb91b)]
|
|
interface nsIContentPolicy : nsISupports
|
|
{
|
|
/**
|
|
* The type of nsIContentPolicy::TYPE_*
|
|
*/
|
|
cenum nsContentPolicyType : 8 {
|
|
/**
|
|
* Indicates a unset or bogus policy type.
|
|
*/
|
|
TYPE_INVALID = 0,
|
|
|
|
/**
|
|
* Gecko/Firefox developers: Avoid using TYPE_OTHER. Especially for
|
|
* requests that are coming from webpages. Or requests in general which
|
|
* you expect that security checks will be done on.
|
|
* Always use a more specific type if one is available. And do not hesitate
|
|
* to add more types as appropriate.
|
|
* But if you are fairly sure that no one would care about your more specific
|
|
* type, then it's ok to use TYPE_OTHER.
|
|
*
|
|
* Implementations of nsIContentPolicy should treat this the same way they
|
|
* treat unknown types, because existing users of TYPE_OTHER may be converted
|
|
* to use new content types.
|
|
*
|
|
* Note that the TYPE_INTERNAL_* constants are never passed to content
|
|
* policy implementations. They are mapped to other TYPE_* constants, and
|
|
* are only intended for internal usage inside Gecko.
|
|
*/
|
|
TYPE_OTHER = 1,
|
|
|
|
/**
|
|
* Indicates an executable script (such as JavaScript).
|
|
*/
|
|
TYPE_SCRIPT = 2,
|
|
|
|
/**
|
|
* Indicates an image (e.g., IMG elements).
|
|
*/
|
|
TYPE_IMAGE = 3,
|
|
|
|
/**
|
|
* Indicates a stylesheet (e.g., STYLE elements).
|
|
*/
|
|
TYPE_STYLESHEET = 4,
|
|
|
|
/**
|
|
* Indicates a generic object (plugin-handled content typically falls under
|
|
* this category).
|
|
*/
|
|
TYPE_OBJECT = 5,
|
|
|
|
/**
|
|
* Indicates a document at the top-level (i.e., in a browser).
|
|
*/
|
|
TYPE_DOCUMENT = 6,
|
|
|
|
/**
|
|
* Indicates a document contained within another document (e.g., IFRAMEs,
|
|
* FRAMES, and OBJECTs).
|
|
*/
|
|
TYPE_SUBDOCUMENT = 7,
|
|
|
|
/*
|
|
* XXX: nsContentPolicyType = 8 used to inicate a timed refresh request.
|
|
*/
|
|
|
|
/*
|
|
* XXX: nsContentPolicyType = 9 used to inicate an XBL binding request.
|
|
*/
|
|
|
|
/**
|
|
* Indicates a ping triggered by a click on <A PING="..."> element.
|
|
*/
|
|
TYPE_PING = 10,
|
|
|
|
/**
|
|
* Indicates an XMLHttpRequest. Also used for document.load and for EventSource.
|
|
*/
|
|
TYPE_XMLHTTPREQUEST = 11,
|
|
|
|
/**
|
|
* Indicates a request by a plugin.
|
|
*/
|
|
TYPE_OBJECT_SUBREQUEST = 12,
|
|
|
|
/**
|
|
* Indicates a DTD loaded by an XML document.
|
|
*/
|
|
TYPE_DTD = 13,
|
|
|
|
/**
|
|
* Indicates a font loaded via @font-face rule.
|
|
*/
|
|
TYPE_FONT = 14,
|
|
|
|
/**
|
|
* Indicates a video or audio load.
|
|
*/
|
|
TYPE_MEDIA = 15,
|
|
|
|
/**
|
|
* Indicates a WebSocket load.
|
|
*/
|
|
TYPE_WEBSOCKET = 16,
|
|
|
|
/**
|
|
* Indicates a Content Security Policy report.
|
|
*/
|
|
TYPE_CSP_REPORT = 17,
|
|
|
|
/**
|
|
* Indicates a style sheet transformation.
|
|
*/
|
|
TYPE_XSLT = 18,
|
|
|
|
/**
|
|
* Indicates a beacon post.
|
|
*/
|
|
TYPE_BEACON = 19,
|
|
|
|
/**
|
|
* Indicates a load initiated by the fetch() function from the Fetch
|
|
* specification.
|
|
*/
|
|
TYPE_FETCH = 20,
|
|
|
|
/**
|
|
* Indicates a <img srcset> or <picture> request.
|
|
*/
|
|
TYPE_IMAGESET = 21,
|
|
|
|
/**
|
|
* Indicates a web manifest.
|
|
*/
|
|
TYPE_WEB_MANIFEST = 22,
|
|
|
|
/**
|
|
* Indicates an internal constant for scripts loaded through script
|
|
* elements.
|
|
*
|
|
* This will be mapped to TYPE_SCRIPT before being passed to content policy
|
|
* implementations.
|
|
*/
|
|
TYPE_INTERNAL_SCRIPT = 23,
|
|
|
|
/**
|
|
* Indicates an internal constant for scripts loaded through a dedicated
|
|
* worker.
|
|
*
|
|
* This will be mapped to TYPE_SCRIPT before being passed to content policy
|
|
* implementations.
|
|
*/
|
|
TYPE_INTERNAL_WORKER = 24,
|
|
|
|
/**
|
|
* Indicates an internal constant for scripts loaded through a shared
|
|
* worker.
|
|
*
|
|
* This will be mapped to TYPE_SCRIPT before being passed to content policy
|
|
* implementations.
|
|
*/
|
|
TYPE_INTERNAL_SHARED_WORKER = 25,
|
|
|
|
/**
|
|
* Indicates an internal constant for content loaded from embed elements.
|
|
*
|
|
* This will be mapped to TYPE_OBJECT.
|
|
*/
|
|
TYPE_INTERNAL_EMBED = 26,
|
|
|
|
/**
|
|
* Indicates an internal constant for content loaded from object elements.
|
|
*
|
|
* This will be mapped to TYPE_OBJECT.
|
|
*/
|
|
TYPE_INTERNAL_OBJECT = 27,
|
|
|
|
/**
|
|
* Indicates an internal constant for content loaded from frame elements.
|
|
*
|
|
* This will be mapped to TYPE_SUBDOCUMENT.
|
|
*/
|
|
TYPE_INTERNAL_FRAME = 28,
|
|
|
|
/**
|
|
* Indicates an internal constant for content loaded from iframe elements.
|
|
*
|
|
* This will be mapped to TYPE_SUBDOCUMENT.
|
|
*/
|
|
TYPE_INTERNAL_IFRAME = 29,
|
|
|
|
/**
|
|
* Indicates an internal constant for content loaded from audio elements.
|
|
*
|
|
* This will be mapped to TYPE_MEDIA.
|
|
*/
|
|
TYPE_INTERNAL_AUDIO = 30,
|
|
|
|
/**
|
|
* Indicates an internal constant for content loaded from video elements.
|
|
*
|
|
* This will be mapped to TYPE_MEDIA.
|
|
*/
|
|
TYPE_INTERNAL_VIDEO = 31,
|
|
|
|
/**
|
|
* Indicates an internal constant for content loaded from track elements.
|
|
*
|
|
* This will be mapped to TYPE_MEDIA.
|
|
*/
|
|
TYPE_INTERNAL_TRACK = 32,
|
|
|
|
/**
|
|
* Indicates an internal constant for an XMLHttpRequest.
|
|
*
|
|
* This will be mapped to TYPE_XMLHTTPREQUEST.
|
|
*/
|
|
TYPE_INTERNAL_XMLHTTPREQUEST = 33,
|
|
|
|
/**
|
|
* Indicates an internal constant for EventSource.
|
|
*
|
|
* This will be mapped to TYPE_XMLHTTPREQUEST.
|
|
*/
|
|
TYPE_INTERNAL_EVENTSOURCE = 34,
|
|
|
|
/**
|
|
* Indicates an internal constant for scripts loaded through a service
|
|
* worker.
|
|
*
|
|
* This will be mapped to TYPE_SCRIPT before being passed to content policy
|
|
* implementations.
|
|
*/
|
|
TYPE_INTERNAL_SERVICE_WORKER = 35,
|
|
|
|
/**
|
|
* Indicates an internal constant for *preloaded* scripts
|
|
* loaded through script elements.
|
|
*
|
|
* This will be mapped to TYPE_SCRIPT before being passed
|
|
* to content policy implementations.
|
|
*/
|
|
TYPE_INTERNAL_SCRIPT_PRELOAD = 36,
|
|
|
|
/**
|
|
* Indicates an internal constant for normal images.
|
|
*
|
|
* This will be mapped to TYPE_IMAGE before being passed
|
|
* to content policy implementations.
|
|
*/
|
|
TYPE_INTERNAL_IMAGE = 37,
|
|
|
|
/**
|
|
* Indicates an internal constant for *preloaded* images.
|
|
*
|
|
* This will be mapped to TYPE_IMAGE before being passed
|
|
* to content policy implementations.
|
|
*/
|
|
TYPE_INTERNAL_IMAGE_PRELOAD = 38,
|
|
|
|
/**
|
|
* Indicates an internal constant for normal stylesheets.
|
|
*
|
|
* This will be mapped to TYPE_STYLESHEET before being passed
|
|
* to content policy implementations.
|
|
*/
|
|
TYPE_INTERNAL_STYLESHEET = 39,
|
|
|
|
/**
|
|
* Indicates an internal constant for *preloaded* stylesheets.
|
|
*
|
|
* This will be mapped to TYPE_STYLESHEET before being passed
|
|
* to content policy implementations.
|
|
*/
|
|
TYPE_INTERNAL_STYLESHEET_PRELOAD = 40,
|
|
|
|
/**
|
|
* Indicates an internal constant for favicon.
|
|
*
|
|
* This will be mapped to TYPE_IMAGE before being passed
|
|
* to content policy implementations.
|
|
*/
|
|
TYPE_INTERNAL_IMAGE_FAVICON = 41,
|
|
|
|
/**
|
|
* Indicates an importScripts() inside a worker script.
|
|
*
|
|
* This will be mapped to TYPE_SCRIPT before being passed to content policy
|
|
* implementations.
|
|
*/
|
|
TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS = 42,
|
|
|
|
/**
|
|
* Indicates an save-as link download from the front-end code.
|
|
*/
|
|
TYPE_SAVEAS_DOWNLOAD = 43,
|
|
|
|
/**
|
|
* Indicates a speculative connection.
|
|
*/
|
|
TYPE_SPECULATIVE = 44,
|
|
|
|
/**
|
|
* Indicates an internal constant for ES6 module scripts
|
|
* loaded through script elements or an import statement (static import) or
|
|
* an import expression (dynamic import).
|
|
* It also indicates the load for dynamic import in workers.
|
|
* For static import in module workers,
|
|
* please check TYPE_INTERNAL_WORKER_STATIC_MODULE.
|
|
*
|
|
* This will be mapped to TYPE_SCRIPT before being passed
|
|
* to content policy implementations.
|
|
*/
|
|
TYPE_INTERNAL_MODULE = 45,
|
|
|
|
/**
|
|
* Indicates an internal constant for *preloaded* ES6 module scripts
|
|
* loaded through script elements or an import statement.
|
|
*
|
|
* This will be mapped to TYPE_SCRIPT before being passed
|
|
* to content policy implementations.
|
|
*/
|
|
TYPE_INTERNAL_MODULE_PRELOAD = 46,
|
|
|
|
/**
|
|
* Indicates a DTD loaded by an XML document the URI of which could
|
|
* not be mapped to a known local DTD.
|
|
*/
|
|
TYPE_INTERNAL_DTD = 47,
|
|
|
|
/**
|
|
* Indicates a TYPE_INTERNAL_DTD which will not be blocked no matter
|
|
* what principal is being loaded from.
|
|
*/
|
|
TYPE_INTERNAL_FORCE_ALLOWED_DTD = 48,
|
|
|
|
/**
|
|
* Indicates an internal constant for scripts loaded through an
|
|
* audioWorklet.
|
|
*
|
|
* This will be mapped to TYPE_SCRIPT before being passed to content policy
|
|
* implementations.
|
|
*/
|
|
TYPE_INTERNAL_AUDIOWORKLET = 49,
|
|
|
|
/**
|
|
* Indicates an internal constant for scripts loaded through an
|
|
* paintWorklet.
|
|
*
|
|
* This will be mapped to TYPE_SCRIPT before being passed to content policy
|
|
* implementations.
|
|
*/
|
|
TYPE_INTERNAL_PAINTWORKLET = 50,
|
|
|
|
/**
|
|
* Same as TYPE_FONT but indicates this is a <link rel=preload as=font>
|
|
* preload initiated load.
|
|
*/
|
|
TYPE_INTERNAL_FONT_PRELOAD = 51,
|
|
|
|
/**
|
|
* Indicates the load of a (Firefox-internal) script through ChromeUtils
|
|
*
|
|
* This will be mapped to TYPE_SCRIPT before being passed to content policy
|
|
* implementations.
|
|
*/
|
|
TYPE_INTERNAL_CHROMEUTILS_COMPILED_SCRIPT = 52,
|
|
|
|
/**
|
|
* Indicates the load of a script through FrameMessageManager
|
|
*
|
|
* This will be mapped to TYPE_SCRIPT before being passed to content policy
|
|
* implementations.
|
|
*/
|
|
TYPE_INTERNAL_FRAME_MESSAGEMANAGER_SCRIPT = 53,
|
|
|
|
/**
|
|
* Indicates an internal constant for *preloaded* fetch
|
|
* loaded through link elements.
|
|
*
|
|
* This will be mapped to TYPE_FETCH before being passed
|
|
* to content policy implementations.
|
|
*/
|
|
TYPE_INTERNAL_FETCH_PRELOAD = 54,
|
|
|
|
/**
|
|
* Indicates a font loaded via @font-face rule in an UA style sheet.
|
|
* (CSP does not apply.)
|
|
*/
|
|
TYPE_UA_FONT = 55,
|
|
|
|
/**
|
|
* Indicates the establishment of a TCP or TLS connection via an
|
|
* http/https proxy that will be used for webrtc media. When no web proxy
|
|
* is involved, webrtc uses lower level sockets that are not subject to
|
|
* any sort of content policy.
|
|
*/
|
|
TYPE_PROXIED_WEBRTC_MEDIA = 56,
|
|
|
|
/**
|
|
* Indicates the load of data via the Federated Credential Management API
|
|
* with data destined for a browser context.
|
|
*/
|
|
TYPE_WEB_IDENTITY = 57,
|
|
|
|
/**
|
|
* Indicates the load of a static module on workers.
|
|
*/
|
|
TYPE_INTERNAL_WORKER_STATIC_MODULE = 58,
|
|
|
|
/**
|
|
* Indicates Webtransport request
|
|
*/
|
|
TYPE_WEB_TRANSPORT = 59,
|
|
|
|
/**
|
|
* Used to indicate the end of this list, not a content policy. If you want
|
|
* to add a new content policy type, place it before this sentinel value
|
|
* TYPE_END, have it use TYPE_END's current value, and increment TYPE_END by
|
|
* one. (TYPE_END should always have the highest numerical value.)
|
|
*/
|
|
TYPE_END = 60,
|
|
|
|
|
|
/* When adding new content types, please update
|
|
* NS_CP_ContentTypeName, nsCSPContext, CSP_ContentTypeToDirective,
|
|
* DoContentSecurityChecks, all nsIContentPolicy implementations, the
|
|
* static_assert in dom/cache/DBSchema.cpp, ChannelWrapper.webidl,
|
|
* ChannelWrapper.cpp, PermissionManager.cpp,
|
|
* IPCMessageUtilsSpecializations.h, and other things that are not
|
|
* listed here that are related to nsIContentPolicy. */
|
|
};
|
|
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
/**
|
|
* Returned from shouldLoad or shouldProcess if the load or process request
|
|
* is rejected based on details of the request.
|
|
*/
|
|
const short REJECT_REQUEST = -1;
|
|
|
|
/**
|
|
* Returned from shouldLoad or shouldProcess if the load/process is rejected
|
|
* based solely on its type (of the above flags).
|
|
*
|
|
* NOTE that it is not meant to stop future requests for this type--only the
|
|
* current request.
|
|
*/
|
|
const short REJECT_TYPE = -2;
|
|
|
|
/**
|
|
* Returned from shouldLoad or shouldProcess if the load/process is rejected
|
|
* based on the server it is hosted on or requested from (aContentLocation or
|
|
* aRequestOrigin), e.g., if you block an IMAGE because it is served from
|
|
* goatse.cx (even if you don't necessarily block other types from that
|
|
* server/domain).
|
|
*
|
|
* NOTE that it is not meant to stop future requests for this server--only the
|
|
* current request.
|
|
*/
|
|
const short REJECT_SERVER = -3;
|
|
|
|
/**
|
|
* Returned from shouldLoad or shouldProcess if the load/process is rejected
|
|
* based on some other criteria. Mozilla callers will handle this like
|
|
* REJECT_REQUEST; third-party implementors may, for example, use this to
|
|
* direct their own callers to consult the extra parameter for additional
|
|
* details.
|
|
*/
|
|
const short REJECT_OTHER = -4;
|
|
|
|
/**
|
|
* Returned from shouldLoad or shouldProcess if the load/process is forbiddden
|
|
* based on enterprise policy.
|
|
*/
|
|
const short REJECT_POLICY = -5;
|
|
|
|
/**
|
|
* Returned from shouldLoad or shouldProcess if the load or process request
|
|
* is not rejected.
|
|
*/
|
|
const short ACCEPT = 1;
|
|
|
|
/**
|
|
* Should the resource at this location be loaded?
|
|
* ShouldLoad will be called before loading the resource at aContentLocation
|
|
* to determine whether to start the load at all.
|
|
*
|
|
* @param aContentLocation the location of the content being checked; must
|
|
* not be null
|
|
*
|
|
* @param aLoadInfo the loadinfo of the channel being evaluated.
|
|
*
|
|
* @return ACCEPT or REJECT_*
|
|
*
|
|
* @note shouldLoad can be called while the DOM and layout of the document
|
|
* involved is in an inconsistent state. This means that implementors of
|
|
* this method MUST NOT do any of the following:
|
|
* 1) Modify the DOM in any way (e.g. setting attributes is a no-no).
|
|
* 2) Query any DOM properties that depend on layout (e.g. offset*
|
|
* properties).
|
|
* 3) Query any DOM properties that depend on style (e.g. computed style).
|
|
* 4) Query any DOM properties that depend on the current state of the DOM
|
|
* outside the "context" node (e.g. lengths of node lists).
|
|
* 5) [JavaScript implementations only] Access properties of any sort on any
|
|
* object without using XPCNativeWrapper (either explicitly or
|
|
* implicitly). Due to various DOM0 things, this leads to item 4.
|
|
* If you do any of these things in your shouldLoad implementation, expect
|
|
* unpredictable behavior, possibly including crashes, content not showing
|
|
* up, content showing up doubled, etc. If you need to do any of the things
|
|
* above, do them off timeout or event.
|
|
*/
|
|
short shouldLoad(in nsIURI aContentLocation,
|
|
in nsILoadInfo aLoadInfo);
|
|
|
|
/**
|
|
* Should the resource be processed?
|
|
* ShouldProcess will be called once all the information passed to it has
|
|
* been determined about the resource, typically after part of the resource
|
|
* has been loaded.
|
|
*
|
|
* @param aContentLocation OPTIONAL; the location of the resource being
|
|
* requested: MAY be, e.g., a post-redirection URI
|
|
* for the resource.
|
|
*
|
|
* @param aLoadInfo the loadinfo of the channel being evaluated.
|
|
*
|
|
* @return ACCEPT or REJECT_*
|
|
*
|
|
* @note shouldProcess can be called while the DOM and layout of the document
|
|
* involved is in an inconsistent state. See the note on shouldLoad to see
|
|
* what this means for implementors of this method.
|
|
*/
|
|
short shouldProcess(in nsIURI aContentLocation,
|
|
in nsILoadInfo aLoadInfo);
|
|
};
|
|
|
|
typedef nsIContentPolicy_nsContentPolicyType nsContentPolicyType;
|
|
|
|
%{C++
|
|
enum class ExtContentPolicyType : uint8_t {
|
|
/**
|
|
* The type of ExtContentPolicy::TYPE_*
|
|
*/
|
|
TYPE_INVALID = nsIContentPolicy::TYPE_INVALID,
|
|
TYPE_OTHER = nsIContentPolicy::TYPE_OTHER,
|
|
TYPE_SCRIPT = nsIContentPolicy::TYPE_SCRIPT,
|
|
TYPE_IMAGE = nsIContentPolicy::TYPE_IMAGE,
|
|
TYPE_STYLESHEET = nsIContentPolicy::TYPE_STYLESHEET,
|
|
TYPE_OBJECT = nsIContentPolicy::TYPE_OBJECT,
|
|
TYPE_DOCUMENT = nsIContentPolicy::TYPE_DOCUMENT,
|
|
TYPE_SUBDOCUMENT = nsIContentPolicy::TYPE_SUBDOCUMENT,
|
|
TYPE_PING = nsIContentPolicy::TYPE_PING,
|
|
TYPE_XMLHTTPREQUEST = nsIContentPolicy::TYPE_XMLHTTPREQUEST,
|
|
TYPE_OBJECT_SUBREQUEST = nsIContentPolicy::TYPE_OBJECT_SUBREQUEST,
|
|
TYPE_DTD = nsIContentPolicy::TYPE_DTD,
|
|
TYPE_FONT = nsIContentPolicy::TYPE_FONT,
|
|
TYPE_MEDIA = nsIContentPolicy::TYPE_MEDIA,
|
|
TYPE_WEBSOCKET = nsIContentPolicy::TYPE_WEBSOCKET,
|
|
TYPE_CSP_REPORT = nsIContentPolicy::TYPE_CSP_REPORT,
|
|
TYPE_XSLT = nsIContentPolicy::TYPE_XSLT,
|
|
TYPE_BEACON = nsIContentPolicy::TYPE_BEACON,
|
|
TYPE_FETCH = nsIContentPolicy::TYPE_FETCH,
|
|
TYPE_IMAGESET = nsIContentPolicy::TYPE_IMAGESET,
|
|
TYPE_WEB_MANIFEST = nsIContentPolicy::TYPE_WEB_MANIFEST,
|
|
TYPE_SAVEAS_DOWNLOAD = nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD,
|
|
TYPE_SPECULATIVE = nsIContentPolicy::TYPE_SPECULATIVE,
|
|
TYPE_UA_FONT = nsIContentPolicy::TYPE_UA_FONT,
|
|
TYPE_PROXIED_WEBRTC_MEDIA = nsIContentPolicy::TYPE_PROXIED_WEBRTC_MEDIA,
|
|
TYPE_WEB_IDENTITY = nsIContentPolicy::TYPE_WEB_IDENTITY,
|
|
TYPE_WEB_TRANSPORT = nsIContentPolicy::TYPE_WEB_TRANSPORT,
|
|
};
|
|
|
|
typedef ExtContentPolicyType ExtContentPolicy;
|
|
%}
|