| blob | 646745ab0ac9163cef8e642dcd724ad212b1d0c4 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ft=cpp tw=78 sw=2 et ts=8 : */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include "nsISupports.idl"
13 /**
14 * The type of nsIContentPolicy::TYPE_*
15 */
18 /**
19 * Interface for content policy mechanism. Implementations of this
20 * interface can be used to control loading of various types of out-of-line
21 * content, or processing of certain types of in-line content.
22 *
23 * WARNING: do not block the caller from shouldLoad or shouldProcess (e.g.,
24 * by launching a dialog to prompt the user for something).
25 */
29 {
30 /**
31 * Indicates a unset or bogus policy type.
32 */
35 /**
36 * Gecko/Firefox developers: Avoid using TYPE_OTHER. Especially for
37 * requests that are coming from webpages. Or requests in general which
38 * you expect that security checks will be done on.
39 * Always use a more specific type if one is available. And do not hesitate
40 * to add more types as appropriate.
41 * But if you are fairly sure that no one would care about your more specific
42 * type, then it's ok to use TYPE_OTHER.
43 *
44 * Extension developers: Whenever it is reasonable, use one of the existing
45 * content types. If none of the existing content types are right for
46 * something you are doing, file a bug in the Core/DOM component that
47 * includes a patch that adds your new content type to the end of the list of
48 * TYPE_* constants here. But, don't start using your new content type until
49 * your patch has been accepted, because it will be uncertain what exact
50 * value and name your new content type will have; in that interim period,
51 * use TYPE_OTHER. In your patch, document your new content type in the style
52 * of the existing ones. In the bug you file, provide a more detailed
53 * description of the new type of content you want Gecko to support, so that
54 * the existing implementations of nsIContentPolicy can be properly modified
55 * to deal with that new type of content.
56 *
57 * Implementations of nsIContentPolicy should treat this the same way they
58 * treat unknown types, because existing users of TYPE_OTHER may be converted
59 * to use new content types.
60 */
63 /**
64 * Indicates an executable script (such as JavaScript).
65 */
68 /**
69 * Indicates an image (e.g., IMG elements).
70 */
73 /**
74 * Indicates a stylesheet (e.g., STYLE elements).
75 */
78 /**
79 * Indicates a generic object (plugin-handled content typically falls under
80 * this category).
81 */
84 /**
85 * Indicates a document at the top-level (i.e., in a browser).
86 */
89 /**
90 * Indicates a document contained within another document (e.g., IFRAMEs,
91 * FRAMES, and OBJECTs).
92 */
95 /**
96 * Indicates a timed refresh.
97 *
98 * shouldLoad will never get this, because it does not represent content
99 * to be loaded (the actual load triggered by the refresh will go through
100 * shouldLoad as expected).
101 *
102 * shouldProcess will get this for, e.g., META Refresh elements and HTTP
103 * Refresh headers.
104 */
107 /**
108 * Indicates an XBL binding request, triggered either by -moz-binding CSS
109 * property.
110 */
113 /**
114 * Indicates a ping triggered by a click on <A PING="..."> element.
115 */
118 /**
119 * Indicates an XMLHttpRequest. Also used for document.load and for EventSource.
120 */
124 /**
125 * Indicates a request by a plugin.
126 */
129 /**
130 * Indicates a DTD loaded by an XML document.
131 */
134 /**
135 * Indicates a font loaded via @font-face rule.
136 */
139 /**
140 * Indicates a video or audio load.
141 */
144 /**
145 * Indicates a WebSocket load.
146 */
149 /**
150 * Indicates a Content Security Policy report.
151 */
154 /**
155 * Indicates a style sheet transformation.
156 */
159 /**
160 * Indicates a beacon post.
161 */
164 /**
165 * Indicates a load initiated by the fetch() function from the Fetch
166 * specification.
167 */
170 /**
171 * Indicates a <img srcset> or <picture> request.
172 */
175 /* When adding new content types, please update nsContentBlocker,
176 * NS_CP_ContentTypeName, nsCSPContext, all nsIContentPolicy
177 * implementations, and other things that are not listed here that are
178 * related to nsIContentPolicy. */
180 //////////////////////////////////////////////////////////////////////
182 /**
183 * Returned from shouldLoad or shouldProcess if the load or process request
184 * is rejected based on details of the request.
185 */
188 /**
189 * Returned from shouldLoad or shouldProcess if the load/process is rejected
190 * based solely on its type (of the above flags).
191 *
192 * NOTE that it is not meant to stop future requests for this type--only the
193 * current request.
194 */
197 /**
198 * Returned from shouldLoad or shouldProcess if the load/process is rejected
199 * based on the server it is hosted on or requested from (aContentLocation or
200 * aRequestOrigin), e.g., if you block an IMAGE because it is served from
201 * goatse.cx (even if you don't necessarily block other types from that
202 * server/domain).
203 *
204 * NOTE that it is not meant to stop future requests for this server--only the
205 * current request.
206 */
209 /**
210 * Returned from shouldLoad or shouldProcess if the load/process is rejected
211 * based on some other criteria. Mozilla callers will handle this like
212 * REJECT_REQUEST; third-party implementors may, for example, use this to
213 * direct their own callers to consult the extra parameter for additional
214 * details.
215 */
218 /**
219 * Returned from shouldLoad or shouldProcess if the load or process request
220 * is not rejected.
221 */
224 //////////////////////////////////////////////////////////////////////
226 /**
227 * Should the resource at this location be loaded?
228 * ShouldLoad will be called before loading the resource at aContentLocation
229 * to determine whether to start the load at all.
230 *
231 * @param aContentType the type of content being tested. This will be one
232 * one of the TYPE_* constants.
233 *
234 * @param aContentLocation the location of the content being checked; must
235 * not be null
236 *
237 * @param aRequestOrigin OPTIONAL. the location of the resource that
238 * initiated this load request; can be null if
239 * inapplicable
240 *
241 * @param aContext OPTIONAL. the nsIDOMNode or nsIDOMWindow that
242 * initiated the request, or something that can QI
243 * to one of those; can be null if inapplicable.
244 * Note that for navigation events (new windows and
245 * link clicks), this is the NEW window.
246 *
247 * @param aMimeTypeGuess OPTIONAL. a guess for the requested content's
248 * MIME type, based on information available to
249 * the request initiator (e.g., an OBJECT's type
250 * attribute); does not reliably reflect the
251 * actual MIME type of the requested content
252 *
253 * @param aExtra an OPTIONAL argument, pass-through for non-Gecko
254 * callers to pass extra data to callees.
255 *
256 * @param aRequestPrincipal an OPTIONAL argument, defines the principal that
257 * caused the load. This is optional only for
258 * non-gecko code: all gecko code should set this
259 * argument. For navigation events, this is
260 * the principal of the page that caused this load.
261 *
262 * @return ACCEPT or REJECT_*
263 *
264 * @note shouldLoad can be called while the DOM and layout of the document
265 * involved is in an inconsistent state. This means that implementors of
266 * this method MUST NOT do any of the following:
267 * 1) Modify the DOM in any way (e.g. setting attributes is a no-no).
268 * 2) Query any DOM properties that depend on layout (e.g. offset*
269 * properties).
270 * 3) Query any DOM properties that depend on style (e.g. computed style).
271 * 4) Query any DOM properties that depend on the current state of the DOM
272 * outside the "context" node (e.g. lengths of node lists).
273 * 5) [JavaScript implementations only] Access properties of any sort on any
274 * object without using XPCNativeWrapper (either explicitly or
275 * implicitly). Due to various DOM0 things, this leads to item 4.
276 * If you do any of these things in your shouldLoad implementation, expect
277 * unpredictable behavior, possibly including crashes, content not showing
278 * up, content showing up doubled, etc. If you need to do any of the things
279 * above, do them off timeout or event.
280 */
289 /**
290 * Should the resource be processed?
291 * ShouldProcess will be called once all the information passed to it has
292 * been determined about the resource, typically after part of the resource
293 * has been loaded.
294 *
295 * @param aContentType the type of content being tested. This will be one
296 * one of the TYPE_* constants.
297 *
298 * @param aContentLocation OPTIONAL; the location of the resource being
299 * requested: MAY be, e.g., a post-redirection URI
300 * for the resource.
301 *
302 * @param aRequestOrigin OPTIONAL. the location of the resource that
303 * initiated this load request; can be null if
304 * inapplicable
305 *
306 * @param aContext OPTIONAL. the nsIDOMNode or nsIDOMWindow that
307 * initiated the request, or something that can QI
308 * to one of those; can be null if inapplicable.
309 *
310 * @param aMimeType the MIME type of the requested resource (e.g.,
311 * image/png), as reported by the networking library,
312 * if available (may be empty if inappropriate for
313 * the type, e.g., TYPE_REFRESH).
314 *
315 * @param aExtra an OPTIONAL argument, pass-through for non-Gecko
316 * callers to pass extra data to callees.
317 *
318 * @return ACCEPT or REJECT_*
319 *
320 * @note shouldProcess can be called while the DOM and layout of the document
321 * involved is in an inconsistent state. See the note on shouldLoad to see
322 * what this means for implementors of this method.
323 */
332 };