| blob | f8f96f5639a526a9f408828ed90bdfeb46ea8219 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ft=cpp tw=78 sw=2 et ts=8 : */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include "nsISupports.idl"
12 /**
13 * Interface for content policy mechanism. Implementations of this
14 * interface can be used to control loading of various types of out-of-line
15 * content, or processing of certain types of in-line content.
16 *
17 * WARNING: do not block the caller from shouldLoad or shouldProcess (e.g.,
18 * by launching a dialog to prompt the user for something).
19 */
23 {
24 /**
25 * The type of nsIContentPolicy::TYPE_*
26 */
28 /**
29 * Indicates a unset or bogus policy type.
30 */
33 /**
34 * Gecko/Firefox developers: Avoid using TYPE_OTHER. Especially for
35 * requests that are coming from webpages. Or requests in general which
36 * you expect that security checks will be done on.
37 * Always use a more specific type if one is available. And do not hesitate
38 * to add more types as appropriate.
39 * But if you are fairly sure that no one would care about your more specific
40 * type, then it's ok to use TYPE_OTHER.
41 *
42 * Extension developers: Whenever it is reasonable, use one of the existing
43 * content types. If none of the existing content types are right for
44 * something you are doing, file a bug in the Core/DOM component that
45 * includes a patch that adds your new content type to the end of the list of
46 * TYPE_* constants here. But, don't start using your new content type until
47 * your patch has been accepted, because it will be uncertain what exact
48 * value and name your new content type will have; in that interim period,
49 * use TYPE_OTHER. In your patch, document your new content type in the style
50 * of the existing ones. In the bug you file, provide a more detailed
51 * description of the new type of content you want Gecko to support, so that
52 * the existing implementations of nsIContentPolicy can be properly modified
53 * to deal with that new type of content.
54 *
55 * Implementations of nsIContentPolicy should treat this the same way they
56 * treat unknown types, because existing users of TYPE_OTHER may be converted
57 * to use new content types.
58 *
59 * Note that the TYPE_INTERNAL_* constants are never passed to content
60 * policy implementations. They are mapped to other TYPE_* constants, and
61 * are only intended for internal usage inside Gecko.
62 */
65 /**
66 * Indicates an executable script (such as JavaScript).
67 */
70 /**
71 * Indicates an image (e.g., IMG elements).
72 */
75 /**
76 * Indicates a stylesheet (e.g., STYLE elements).
77 */
80 /**
81 * Indicates a generic object (plugin-handled content typically falls under
82 * this category).
83 */
86 /**
87 * Indicates a document at the top-level (i.e., in a browser).
88 */
91 /**
92 * Indicates a document contained within another document (e.g., IFRAMEs,
93 * FRAMES, and OBJECTs).
94 */
97 /*
98 * XXX: nsContentPolicyType = 8 used to inicate a timed refresh request.
99 */
101 /*
102 * XXX: nsContentPolicyType = 9 used to inicate an XBL binding request.
103 */
105 /**
106 * Indicates a ping triggered by a click on <A PING="..."> element.
107 */
110 /**
111 * Indicates an XMLHttpRequest. Also used for document.load and for EventSource.
112 */
115 /**
116 * Indicates a request by a plugin.
117 */
120 /**
121 * Indicates a DTD loaded by an XML document.
122 */
125 /**
126 * Indicates a font loaded via @font-face rule.
127 */
130 /**
131 * Indicates a video or audio load.
132 */
135 /**
136 * Indicates a WebSocket load.
137 */
140 /**
141 * Indicates a Content Security Policy report.
142 */
145 /**
146 * Indicates a style sheet transformation.
147 */
150 /**
151 * Indicates a beacon post.
152 */
155 /**
156 * Indicates a load initiated by the fetch() function from the Fetch
157 * specification.
158 */
161 /**
162 * Indicates a <img srcset> or <picture> request.
163 */
166 /**
167 * Indicates a web manifest.
168 */
171 /**
172 * Indicates an internal constant for scripts loaded through script
173 * elements.
174 *
175 * This will be mapped to TYPE_SCRIPT before being passed to content policy
176 * implementations.
177 */
180 /**
181 * Indicates an internal constant for scripts loaded through a dedicated
182 * worker.
183 *
184 * This will be mapped to TYPE_SCRIPT before being passed to content policy
185 * implementations.
186 */
189 /**
190 * Indicates an internal constant for scripts loaded through a shared
191 * worker.
192 *
193 * This will be mapped to TYPE_SCRIPT before being passed to content policy
194 * implementations.
195 */
198 /**
199 * Indicates an internal constant for content loaded from embed elements.
200 *
201 * This will be mapped to TYPE_OBJECT.
202 */
205 /**
206 * Indicates an internal constant for content loaded from object elements.
207 *
208 * This will be mapped to TYPE_OBJECT.
209 */
212 /**
213 * Indicates an internal constant for content loaded from frame elements.
214 *
215 * This will be mapped to TYPE_SUBDOCUMENT.
216 */
219 /**
220 * Indicates an internal constant for content loaded from iframe elements.
221 *
222 * This will be mapped to TYPE_SUBDOCUMENT.
223 */
226 /**
227 * Indicates an internal constant for content loaded from audio elements.
228 *
229 * This will be mapped to TYPE_MEDIA.
230 */
233 /**
234 * Indicates an internal constant for content loaded from video elements.
235 *
236 * This will be mapped to TYPE_MEDIA.
237 */
240 /**
241 * Indicates an internal constant for content loaded from track elements.
242 *
243 * This will be mapped to TYPE_MEDIA.
244 */
247 /**
248 * Indicates an internal constant for an XMLHttpRequest.
249 *
250 * This will be mapped to TYPE_XMLHTTPREQUEST.
251 */
254 /**
255 * Indicates an internal constant for EventSource.
256 *
257 * This will be mapped to TYPE_XMLHTTPREQUEST.
258 */
261 /**
262 * Indicates an internal constant for scripts loaded through a service
263 * worker.
264 *
265 * This will be mapped to TYPE_SCRIPT before being passed to content policy
266 * implementations.
267 */
270 /**
271 * Indicates an internal constant for *preloaded* scripts
272 * loaded through script elements.
273 *
274 * This will be mapped to TYPE_SCRIPT before being passed
275 * to content policy implementations.
276 */
279 /**
280 * Indicates an internal constant for normal images.
281 *
282 * This will be mapped to TYPE_IMAGE before being passed
283 * to content policy implementations.
284 */
287 /**
288 * Indicates an internal constant for *preloaded* images.
289 *
290 * This will be mapped to TYPE_IMAGE before being passed
291 * to content policy implementations.
292 */
295 /**
296 * Indicates an internal constant for normal stylesheets.
297 *
298 * This will be mapped to TYPE_STYLESHEET before being passed
299 * to content policy implementations.
300 */
303 /**
304 * Indicates an internal constant for *preloaded* stylesheets.
305 *
306 * This will be mapped to TYPE_STYLESHEET before being passed
307 * to content policy implementations.
308 */
311 /**
312 * Indicates an internal constant for favicon.
313 *
314 * This will be mapped to TYPE_IMAGE before being passed
315 * to content policy implementations.
316 */
319 /**
320 * Indicates an importScripts() inside a worker script.
321 *
322 * This will be mapped to TYPE_SCRIPT before being passed to content policy
323 * implementations.
324 */
327 /**
328 * Indicates an save-as link download from the front-end code.
329 */
332 /**
333 * Indicates a speculative connection.
334 */
337 /**
338 * Indicates an internal constant for ES6 module scripts
339 * loaded through script elements or an import statement (static import) or
340 * an import expression (dynamic import).
341 * It also indicates the load for dynamic import in workers.
342 * For static import in module workers,
343 * please check TYPE_INTERNAL_WORKER_STATIC_MODULE.
344 *
345 * This will be mapped to TYPE_SCRIPT before being passed
346 * to content policy implementations.
347 */
350 /**
351 * Indicates an internal constant for *preloaded* ES6 module scripts
352 * loaded through script elements or an import statement.
353 *
354 * This will be mapped to TYPE_SCRIPT before being passed
355 * to content policy implementations.
356 */
359 /**
360 * Indicates a DTD loaded by an XML document the URI of which could
361 * not be mapped to a known local DTD.
362 */
365 /**
366 * Indicates a TYPE_INTERNAL_DTD which will not be blocked no matter
367 * what principal is being loaded from.
368 */
371 /**
372 * Indicates an internal constant for scripts loaded through an
373 * audioWorklet.
374 *
375 * This will be mapped to TYPE_SCRIPT before being passed to content policy
376 * implementations.
377 */
380 /**
381 * Indicates an internal constant for scripts loaded through an
382 * paintWorklet.
383 *
384 * This will be mapped to TYPE_SCRIPT before being passed to content policy
385 * implementations.
386 */
389 /**
390 * Same as TYPE_FONT but indicates this is a <link rel=preload as=font>
391 * preload initiated load.
392 */
395 /**
396 * Indicates the load of a (Firefox-internal) script through ChromeUtils
397 *
398 * This will be mapped to TYPE_SCRIPT before being passed to content policy
399 * implementations.
400 */
403 /**
404 * Indicates the load of a script through FrameMessageManager
405 *
406 * This will be mapped to TYPE_SCRIPT before being passed to content policy
407 * implementations.
408 */
411 /**
412 * Indicates an internal constant for *preloaded* fetch
413 * loaded through link elements.
414 *
415 * This will be mapped to TYPE_FETCH before being passed
416 * to content policy implementations.
417 */
420 /**
421 * Indicates a font loaded via @font-face rule in an UA style sheet.
422 * (CSP does not apply.)
423 */
426 /**
427 * Indicates the establishment of a TCP or TLS connection via an
428 * http/https proxy that will be used for webrtc media. When no web proxy
429 * is involved, webrtc uses lower level sockets that are not subject to
430 * any sort of content policy.
431 */
434 /**
435 * Indicates the load of data via the Federated Credential Management API
436 * with data destined for a browser context.
437 */
440 /**
441 * Indicates the load of a static module on workers.
442 */
445 /**
446 * Indicates Webtransport request
447 */
450 /**
451 * Used to indicate the end of this list, not a content policy. If you want
452 * to add a new content policy type, place it before this sentinel value
453 * TYPE_END, have it use TYPE_END's current value, and increment TYPE_END by
454 * one. (TYPE_END should always have the highest numerical value.)
455 */
459 /* When adding new content types, please update
460 * NS_CP_ContentTypeName, nsCSPContext, CSP_ContentTypeToDirective,
461 * DoContentSecurityChecks, all nsIContentPolicy implementations, the
462 * static_assert in dom/cache/DBSchema.cpp, ChannelWrapper.webidl,
463 * ChannelWrapper.cpp, PermissionManager.cpp,
464 * IPCMessageUtilsSpecializations.h, and other things that are not
465 * listed here that are related to nsIContentPolicy. */
466 };
468 //////////////////////////////////////////////////////////////////////
470 /**
471 * Returned from shouldLoad or shouldProcess if the load or process request
472 * is rejected based on details of the request.
473 */
476 /**
477 * Returned from shouldLoad or shouldProcess if the load/process is rejected
478 * based solely on its type (of the above flags).
479 *
480 * NOTE that it is not meant to stop future requests for this type--only the
481 * current request.
482 */
485 /**
486 * Returned from shouldLoad or shouldProcess if the load/process is rejected
487 * based on the server it is hosted on or requested from (aContentLocation or
488 * aRequestOrigin), e.g., if you block an IMAGE because it is served from
489 * goatse.cx (even if you don't necessarily block other types from that
490 * server/domain).
491 *
492 * NOTE that it is not meant to stop future requests for this server--only the
493 * current request.
494 */
497 /**
498 * Returned from shouldLoad or shouldProcess if the load/process is rejected
499 * based on some other criteria. Mozilla callers will handle this like
500 * REJECT_REQUEST; third-party implementors may, for example, use this to
501 * direct their own callers to consult the extra parameter for additional
502 * details.
503 */
506 /**
507 * Returned from shouldLoad or shouldProcess if the load/process is forbiddden
508 * based on enterprise policy.
509 */
512 /**
513 * Returned from shouldLoad or shouldProcess if the load or process request
514 * is not rejected.
515 */
518 /**
519 * Should the resource at this location be loaded?
520 * ShouldLoad will be called before loading the resource at aContentLocation
521 * to determine whether to start the load at all.
522 *
523 * @param aContentLocation the location of the content being checked; must
524 * not be null
525 *
526 * @param aLoadInfo the loadinfo of the channel being evaluated.
527 *
528 * @param aMimeTypeGuess OPTIONAL. a guess for the requested content's
529 * MIME type, based on information available to
530 * the request initiator (e.g., an OBJECT's type
531 * attribute); does not reliably reflect the
532 * actual MIME type of the requested content
533 *
534 * @return ACCEPT or REJECT_*
535 *
536 * @note shouldLoad can be called while the DOM and layout of the document
537 * involved is in an inconsistent state. This means that implementors of
538 * this method MUST NOT do any of the following:
539 * 1) Modify the DOM in any way (e.g. setting attributes is a no-no).
540 * 2) Query any DOM properties that depend on layout (e.g. offset*
541 * properties).
542 * 3) Query any DOM properties that depend on style (e.g. computed style).
543 * 4) Query any DOM properties that depend on the current state of the DOM
544 * outside the "context" node (e.g. lengths of node lists).
545 * 5) [JavaScript implementations only] Access properties of any sort on any
546 * object without using XPCNativeWrapper (either explicitly or
547 * implicitly). Due to various DOM0 things, this leads to item 4.
548 * If you do any of these things in your shouldLoad implementation, expect
549 * unpredictable behavior, possibly including crashes, content not showing
550 * up, content showing up doubled, etc. If you need to do any of the things
551 * above, do them off timeout or event.
552 */
557 /**
558 * Should the resource be processed?
559 * ShouldProcess will be called once all the information passed to it has
560 * been determined about the resource, typically after part of the resource
561 * has been loaded.
562 *
563 * @param aContentLocation OPTIONAL; the location of the resource being
564 * requested: MAY be, e.g., a post-redirection URI
565 * for the resource.
566 *
567 * @param aLoadInfo the loadinfo of the channel being evaluated.
568 *
569 * @param aMimeType the MIME type of the requested resource (e.g.,
570 * image/png), as reported by the networking library,
571 * if available (may be empty if inappropriate for
572 * the type).
573 *
574 * @return ACCEPT or REJECT_*
575 *
576 * @note shouldProcess can be called while the DOM and layout of the document
577 * involved is in an inconsistent state. See the note on shouldLoad to see
578 * what this means for implementors of this method.
579 */
583 };
589 /**
590 * The type of ExtContentPolicy::TYPE_*
591 */
618 };
621 %}