1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ft=cpp tw=78 sw=2 et ts=8 : */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include
"nsISupports.idl"
10 interface nsILoadInfo
;
13 * Interface for content policy mechanism. Implementations of this
14 * interface can be used to control loading of various types of out-of-line
15 * content, or processing of certain types of in-line content.
17 * WARNING: do not block the caller from shouldLoad or shouldProcess (e.g.,
18 * by launching a dialog to prompt the user for something).
21 [scriptable
, uuid(caad4f1f
-d047
-46ac
-ae9d
-dc598e4fb91b
)]
22 interface nsIContentPolicy
: nsISupports
25 * The type of nsIContentPolicy::TYPE_*
27 cenum nsContentPolicyType
: 8 {
29 * Indicates a unset or bogus policy type.
34 * Gecko/Firefox developers: Avoid using TYPE_OTHER. Especially for
35 * requests that are coming from webpages. Or requests in general which
36 * you expect that security checks will be done on.
37 * Always use a more specific type if one is available. And do not hesitate
38 * to add more types as appropriate.
39 * But if you are fairly sure that no one would care about your more specific
40 * type, then it's ok to use TYPE_OTHER.
42 * Implementations of nsIContentPolicy should treat this the same way they
43 * treat unknown types, because existing users of TYPE_OTHER may be converted
44 * to use new content types.
46 * Note that the TYPE_INTERNAL_* constants are never passed to content
47 * policy implementations. They are mapped to other TYPE_* constants, and
48 * are only intended for internal usage inside Gecko.
53 * Indicates an executable script (such as JavaScript).
58 * Indicates an image (e.g., IMG elements).
63 * Indicates a stylesheet (e.g., STYLE elements).
68 * Indicates a generic object (plugin-handled content typically falls under
74 * Indicates a document at the top-level (i.e., in a browser).
79 * Indicates a document contained within another document (e.g., IFRAMEs,
80 * FRAMES, and OBJECTs).
85 * XXX: nsContentPolicyType = 8 used to inicate a timed refresh request.
89 * XXX: nsContentPolicyType = 9 used to inicate an XBL binding request.
93 * Indicates a ping triggered by a click on <A PING="..."> element.
98 * Indicates an XMLHttpRequest. Also used for document.load and for EventSource.
100 TYPE_XMLHTTPREQUEST
= 11,
103 * Indicates a request by a plugin.
105 TYPE_OBJECT_SUBREQUEST
= 12,
108 * Indicates a DTD loaded by an XML document.
113 * Indicates a font loaded via @font-face rule.
118 * Indicates a video or audio load.
123 * Indicates a WebSocket load.
128 * Indicates a Content Security Policy report.
130 TYPE_CSP_REPORT
= 17,
133 * Indicates a style sheet transformation.
138 * Indicates a beacon post.
143 * Indicates a load initiated by the fetch() function from the Fetch
149 * Indicates a <img srcset> or <picture> request.
154 * Indicates a web manifest.
156 TYPE_WEB_MANIFEST
= 22,
159 * Indicates an internal constant for scripts loaded through script
162 * This will be mapped to TYPE_SCRIPT before being passed to content policy
165 TYPE_INTERNAL_SCRIPT
= 23,
168 * Indicates an internal constant for scripts loaded through a dedicated
171 * This will be mapped to TYPE_SCRIPT before being passed to content policy
174 TYPE_INTERNAL_WORKER
= 24,
177 * Indicates an internal constant for scripts loaded through a shared
180 * This will be mapped to TYPE_SCRIPT before being passed to content policy
183 TYPE_INTERNAL_SHARED_WORKER
= 25,
186 * Indicates an internal constant for content loaded from embed elements.
188 * This will be mapped to TYPE_OBJECT.
190 TYPE_INTERNAL_EMBED
= 26,
193 * Indicates an internal constant for content loaded from object elements.
195 * This will be mapped to TYPE_OBJECT.
197 TYPE_INTERNAL_OBJECT
= 27,
200 * Indicates an internal constant for content loaded from frame elements.
202 * This will be mapped to TYPE_SUBDOCUMENT.
204 TYPE_INTERNAL_FRAME
= 28,
207 * Indicates an internal constant for content loaded from iframe elements.
209 * This will be mapped to TYPE_SUBDOCUMENT.
211 TYPE_INTERNAL_IFRAME
= 29,
214 * Indicates an internal constant for content loaded from audio elements.
216 * This will be mapped to TYPE_MEDIA.
218 TYPE_INTERNAL_AUDIO
= 30,
221 * Indicates an internal constant for content loaded from video elements.
223 * This will be mapped to TYPE_MEDIA.
225 TYPE_INTERNAL_VIDEO
= 31,
228 * Indicates an internal constant for content loaded from track elements.
230 * This will be mapped to TYPE_MEDIA.
232 TYPE_INTERNAL_TRACK
= 32,
235 * Indicates an internal constant for an XMLHttpRequest.
237 * This will be mapped to TYPE_XMLHTTPREQUEST.
239 TYPE_INTERNAL_XMLHTTPREQUEST
= 33,
242 * Indicates an internal constant for EventSource.
244 * This will be mapped to TYPE_XMLHTTPREQUEST.
246 TYPE_INTERNAL_EVENTSOURCE
= 34,
249 * Indicates an internal constant for scripts loaded through a service
252 * This will be mapped to TYPE_SCRIPT before being passed to content policy
255 TYPE_INTERNAL_SERVICE_WORKER
= 35,
258 * Indicates an internal constant for *preloaded* scripts
259 * loaded through script elements.
261 * This will be mapped to TYPE_SCRIPT before being passed
262 * to content policy implementations.
264 TYPE_INTERNAL_SCRIPT_PRELOAD
= 36,
267 * Indicates an internal constant for normal images.
269 * This will be mapped to TYPE_IMAGE before being passed
270 * to content policy implementations.
272 TYPE_INTERNAL_IMAGE
= 37,
275 * Indicates an internal constant for *preloaded* images.
277 * This will be mapped to TYPE_IMAGE before being passed
278 * to content policy implementations.
280 TYPE_INTERNAL_IMAGE_PRELOAD
= 38,
283 * Indicates an internal constant for normal stylesheets.
285 * This will be mapped to TYPE_STYLESHEET before being passed
286 * to content policy implementations.
288 TYPE_INTERNAL_STYLESHEET
= 39,
291 * Indicates an internal constant for *preloaded* stylesheets.
293 * This will be mapped to TYPE_STYLESHEET before being passed
294 * to content policy implementations.
296 TYPE_INTERNAL_STYLESHEET_PRELOAD
= 40,
299 * Indicates an internal constant for favicon.
301 * This will be mapped to TYPE_IMAGE before being passed
302 * to content policy implementations.
304 TYPE_INTERNAL_IMAGE_FAVICON
= 41,
307 * Indicates an importScripts() inside a worker script.
309 * This will be mapped to TYPE_SCRIPT before being passed to content policy
312 TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS
= 42,
315 * Indicates an save-as link download from the front-end code.
317 TYPE_SAVEAS_DOWNLOAD
= 43,
320 * Indicates a speculative connection.
322 TYPE_SPECULATIVE
= 44,
325 * Indicates an internal constant for ES6 module scripts
326 * loaded through script elements or an import statement (static import) or
327 * an import expression (dynamic import).
328 * It also indicates the load for dynamic import in workers.
329 * For static import in module workers,
330 * please check TYPE_INTERNAL_WORKER_STATIC_MODULE.
332 * This will be mapped to TYPE_SCRIPT before being passed
333 * to content policy implementations.
335 TYPE_INTERNAL_MODULE
= 45,
338 * Indicates an internal constant for *preloaded* ES6 module scripts
339 * loaded through script elements or an import statement.
341 * This will be mapped to TYPE_SCRIPT before being passed
342 * to content policy implementations.
344 TYPE_INTERNAL_MODULE_PRELOAD
= 46,
347 * Indicates a DTD loaded by an XML document the URI of which could
348 * not be mapped to a known local DTD.
350 TYPE_INTERNAL_DTD
= 47,
353 * Indicates a TYPE_INTERNAL_DTD which will not be blocked no matter
354 * what principal is being loaded from.
356 TYPE_INTERNAL_FORCE_ALLOWED_DTD
= 48,
359 * Indicates an internal constant for scripts loaded through an
362 * This will be mapped to TYPE_SCRIPT before being passed to content policy
365 TYPE_INTERNAL_AUDIOWORKLET
= 49,
368 * Indicates an internal constant for scripts loaded through an
371 * This will be mapped to TYPE_SCRIPT before being passed to content policy
374 TYPE_INTERNAL_PAINTWORKLET
= 50,
377 * Same as TYPE_FONT but indicates this is a <link rel=preload as=font>
378 * preload initiated load.
380 TYPE_INTERNAL_FONT_PRELOAD
= 51,
383 * Indicates the load of a (Firefox-internal) script through ChromeUtils
385 * This will be mapped to TYPE_SCRIPT before being passed to content policy
388 TYPE_INTERNAL_CHROMEUTILS_COMPILED_SCRIPT
= 52,
391 * Indicates the load of a script through FrameMessageManager
393 * This will be mapped to TYPE_SCRIPT before being passed to content policy
396 TYPE_INTERNAL_FRAME_MESSAGEMANAGER_SCRIPT
= 53,
399 * Indicates an internal constant for *preloaded* fetch
400 * loaded through link elements.
402 * This will be mapped to TYPE_FETCH before being passed
403 * to content policy implementations.
405 TYPE_INTERNAL_FETCH_PRELOAD
= 54,
408 * Indicates a font loaded via @font-face rule in an UA style sheet.
409 * (CSP does not apply.)
414 * Indicates the establishment of a TCP or TLS connection via an
415 * http/https proxy that will be used for webrtc media. When no web proxy
416 * is involved, webrtc uses lower level sockets that are not subject to
417 * any sort of content policy.
419 TYPE_PROXIED_WEBRTC_MEDIA
= 56,
422 * Indicates the load of data via the Federated Credential Management API
423 * with data destined for a browser context.
425 TYPE_WEB_IDENTITY
= 57,
428 * Indicates the load of a static module on workers.
430 TYPE_INTERNAL_WORKER_STATIC_MODULE
= 58,
433 * Indicates Webtransport request
435 TYPE_WEB_TRANSPORT
= 59,
438 * Used to indicate the end of this list, not a content policy. If you want
439 * to add a new content policy type, place it before this sentinel value
440 * TYPE_END, have it use TYPE_END's current value, and increment TYPE_END by
441 * one. (TYPE_END should always have the highest numerical value.)
446 /* When adding new content types, please update
447 * NS_CP_ContentTypeName, nsCSPContext, CSP_ContentTypeToDirective,
448 * DoContentSecurityChecks, all nsIContentPolicy implementations, the
449 * static_assert in dom/cache/DBSchema.cpp, ChannelWrapper.webidl,
450 * ChannelWrapper.cpp, PermissionManager.cpp,
451 * IPCMessageUtilsSpecializations.h, and other things that are not
452 * listed here that are related to nsIContentPolicy. */
455 //////////////////////////////////////////////////////////////////////
458 * Returned from shouldLoad or shouldProcess if the load or process request
459 * is rejected based on details of the request.
461 const short REJECT_REQUEST
= -1;
464 * Returned from shouldLoad or shouldProcess if the load/process is rejected
465 * based solely on its type (of the above flags).
467 * NOTE that it is not meant to stop future requests for this type--only the
470 const short REJECT_TYPE
= -2;
473 * Returned from shouldLoad or shouldProcess if the load/process is rejected
474 * based on the server it is hosted on or requested from (aContentLocation or
475 * aRequestOrigin), e.g., if you block an IMAGE because it is served from
476 * goatse.cx (even if you don't necessarily block other types from that
479 * NOTE that it is not meant to stop future requests for this server--only the
482 const short REJECT_SERVER
= -3;
485 * Returned from shouldLoad or shouldProcess if the load/process is rejected
486 * based on some other criteria. Mozilla callers will handle this like
487 * REJECT_REQUEST; third-party implementors may, for example, use this to
488 * direct their own callers to consult the extra parameter for additional
491 const short REJECT_OTHER
= -4;
494 * Returned from shouldLoad or shouldProcess if the load/process is forbiddden
495 * based on enterprise policy.
497 const short REJECT_POLICY
= -5;
500 * Returned from shouldLoad or shouldProcess if the load or process request
503 const short ACCEPT
= 1;
506 * Should the resource at this location be loaded?
507 * ShouldLoad will be called before loading the resource at aContentLocation
508 * to determine whether to start the load at all.
510 * @param aContentLocation the location of the content being checked; must
513 * @param aLoadInfo the loadinfo of the channel being evaluated.
515 * @return ACCEPT or REJECT_*
517 * @note shouldLoad can be called while the DOM and layout of the document
518 * involved is in an inconsistent state. This means that implementors of
519 * this method MUST NOT do any of the following:
520 * 1) Modify the DOM in any way (e.g. setting attributes is a no-no).
521 * 2) Query any DOM properties that depend on layout (e.g. offset*
523 * 3) Query any DOM properties that depend on style (e.g. computed style).
524 * 4) Query any DOM properties that depend on the current state of the DOM
525 * outside the "context" node (e.g. lengths of node lists).
526 * 5) [JavaScript implementations only] Access properties of any sort on any
527 * object without using XPCNativeWrapper (either explicitly or
528 * implicitly). Due to various DOM0 things, this leads to item 4.
529 * If you do any of these things in your shouldLoad implementation, expect
530 * unpredictable behavior, possibly including crashes, content not showing
531 * up, content showing up doubled, etc. If you need to do any of the things
532 * above, do them off timeout or event.
534 short shouldLoad
(in nsIURI aContentLocation
,
535 in nsILoadInfo aLoadInfo
);
538 * Should the resource be processed?
539 * ShouldProcess will be called once all the information passed to it has
540 * been determined about the resource, typically after part of the resource
543 * @param aContentLocation OPTIONAL; the location of the resource being
544 * requested: MAY be, e.g., a post-redirection URI
547 * @param aLoadInfo the loadinfo of the channel being evaluated.
549 * @return ACCEPT or REJECT_*
551 * @note shouldProcess can be called while the DOM and layout of the document
552 * involved is in an inconsistent state. See the note on shouldLoad to see
553 * what this means for implementors of this method.
555 short shouldProcess
(in nsIURI aContentLocation
,
556 in nsILoadInfo aLoadInfo
);
559 typedef nsIContentPolicy_nsContentPolicyType nsContentPolicyType
;
562 enum class ExtContentPolicyType
: uint8_t
{
564 * The type of ExtContentPolicy::TYPE_*
566 TYPE_INVALID
= nsIContentPolicy
::TYPE_INVALID
,
567 TYPE_OTHER
= nsIContentPolicy
::TYPE_OTHER
,
568 TYPE_SCRIPT
= nsIContentPolicy
::TYPE_SCRIPT
,
569 TYPE_IMAGE
= nsIContentPolicy
::TYPE_IMAGE
,
570 TYPE_STYLESHEET
= nsIContentPolicy
::TYPE_STYLESHEET
,
571 TYPE_OBJECT
= nsIContentPolicy
::TYPE_OBJECT
,
572 TYPE_DOCUMENT
= nsIContentPolicy
::TYPE_DOCUMENT
,
573 TYPE_SUBDOCUMENT
= nsIContentPolicy
::TYPE_SUBDOCUMENT
,
574 TYPE_PING
= nsIContentPolicy
::TYPE_PING
,
575 TYPE_XMLHTTPREQUEST
= nsIContentPolicy
::TYPE_XMLHTTPREQUEST
,
576 TYPE_OBJECT_SUBREQUEST
= nsIContentPolicy
::TYPE_OBJECT_SUBREQUEST
,
577 TYPE_DTD
= nsIContentPolicy
::TYPE_DTD
,
578 TYPE_FONT
= nsIContentPolicy
::TYPE_FONT
,
579 TYPE_MEDIA
= nsIContentPolicy
::TYPE_MEDIA
,
580 TYPE_WEBSOCKET
= nsIContentPolicy
::TYPE_WEBSOCKET
,
581 TYPE_CSP_REPORT
= nsIContentPolicy
::TYPE_CSP_REPORT
,
582 TYPE_XSLT
= nsIContentPolicy
::TYPE_XSLT
,
583 TYPE_BEACON
= nsIContentPolicy
::TYPE_BEACON
,
584 TYPE_FETCH
= nsIContentPolicy
::TYPE_FETCH
,
585 TYPE_IMAGESET
= nsIContentPolicy
::TYPE_IMAGESET
,
586 TYPE_WEB_MANIFEST
= nsIContentPolicy
::TYPE_WEB_MANIFEST
,
587 TYPE_SAVEAS_DOWNLOAD
= nsIContentPolicy
::TYPE_SAVEAS_DOWNLOAD
,
588 TYPE_SPECULATIVE
= nsIContentPolicy
::TYPE_SPECULATIVE
,
589 TYPE_UA_FONT
= nsIContentPolicy
::TYPE_UA_FONT
,
590 TYPE_PROXIED_WEBRTC_MEDIA
= nsIContentPolicy
::TYPE_PROXIED_WEBRTC_MEDIA
,
591 TYPE_WEB_IDENTITY
= nsIContentPolicy
::TYPE_WEB_IDENTITY
,
592 TYPE_WEB_TRANSPORT
= nsIContentPolicy
::TYPE_WEB_TRANSPORT
,
595 typedef ExtContentPolicyType ExtContentPolicy
;