1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: ft=cpp tw=78 sw=2 et ts=2 sts=2 cin
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include
"nsISupports.idl"
8 #include
"nsIContentPolicy.idl"
9 #include
"nsIScriptSecurityManager.idl"
10 #include
"nsIInterceptionInfo.idl"
13 interface nsIContentSecurityPolicy
;
14 interface nsICookieJarSettings
;
15 interface nsICSPEventListener
;
17 interface nsIPrincipal
;
18 interface nsIRedirectHistoryEntry
;
21 webidl BrowsingContext
;
22 native LoadContextRef
(already_AddRefed
<nsISupports
>);
25 #include
"mozilla/LoadTainting.h"
26 #include
"mozilla/OriginAttributes.h"
27 #include
"mozilla/UniquePtr.h"
28 #include
"nsRFPService.h"
29 #include
"nsStringFwd.h"
35 struct FeaturePolicyInfo
;
36 class PerformanceStorage
;
37 class ServiceWorkerDescriptor
;
39 } // namespace mozilla
42 [ref] native nsIRedirectHistoryEntryArray
(const nsTArray
<nsCOMPtr
<nsIRedirectHistoryEntry
>>);
43 native OriginAttributes
(mozilla
::OriginAttributes
);
44 [ref] native const_OriginAttributesRef
(const mozilla
::OriginAttributes
);
45 [ref] native CStringArrayRef
(const nsTArray
<nsCString
>);
46 [ref] native StringArrayRef
(const nsTArray
<nsString
>);
47 [ref] native Uint64ArrayRef
(const nsTArray
<uint64_t
>);
48 [ref] native PrincipalArrayRef
(const nsTArray
<nsCOMPtr
<nsIPrincipal
>>);
49 [ref] native const_ClientInfoRef
(const mozilla
::dom
::ClientInfo
);
50 native UniqueClientSource
(mozilla
::UniquePtr
<mozilla
::dom
::ClientSource
>);
51 native UniqueClientSourceMove
(mozilla
::UniquePtr
<mozilla
::dom
::ClientSource
>&&);
52 [ref] native const_MaybeClientInfoRef
(const mozilla
::Maybe<mozilla
::dom
::ClientInfo
>);
53 [ref] native const_ServiceWorkerDescriptorRef
(const mozilla
::dom
::ServiceWorkerDescriptor
);
54 [ref] native const_MaybeServiceWorkerDescriptorRef
(const mozilla
::Maybe<mozilla
::dom
::ServiceWorkerDescriptor
>);
55 [ref] native const_MaybeRFPTarget
(const mozilla
::Maybe<mozilla
::RFPTarget
>);
56 native RFPTarget
(mozilla
::RFPTarget
);
57 [ptr] native PerformanceStoragePtr
(mozilla
::dom
::PerformanceStorage
);
58 native LoadTainting
(mozilla
::LoadTainting
);
59 native CSPRef
(already_AddRefed
<nsIContentSecurityPolicy
>);
60 native MaybeFeaturePolicyInfo
(mozilla
::Maybe<mozilla
::dom
::FeaturePolicyInfo
>);
61 [ref] native const_FeaturePolicyInfoRef
(const mozilla
::dom
::FeaturePolicyInfo
);
63 typedef unsigned long nsSecurityFlags
;
66 * The LoadInfo object contains information about a network load, why it
67 * was started, and how we plan on using the resulting response.
68 * If a network request is redirected, the new channel will receive a new
69 * LoadInfo object. The new object will contain mostly the same
70 * information as the pre-redirect one, but updated as appropriate.
71 * For detailed information about what parts of LoadInfo are updated on
72 * redirect, see documentation on individual properties.
74 [scriptable
, builtinclass
, uuid(ddc65bf9
-2f60
-41ab
-b22a
-4f1ae9efcd36
)]
75 interface nsILoadInfo
: nsISupports
78 * The following five flags determine the security mode and hence what kind of
79 * security checks should be performed throughout the lifetime of the channel.
81 * * SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT
82 * * SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED
83 * * SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT
84 * * SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL
85 * * SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT
87 * Exactly one of these flags are required to be set in order to allow
88 * the channel to perform the correct security checks (SOP, CORS, ...) and
89 * return the correct result principal. If none or more than one of these
90 * flags are set AsyncOpen will fail.
94 * Warning: Never use this flag when creating a new channel!
95 * Only use this flag if you have to create a temporary LoadInfo
96 * for performing an explicit nsIContentPolicy check, like e.g.
97 * when loading something from the cache that needs an explicit
98 * nsIContentPolicy check. In all other cases pick one of the
99 * security flags underneath.
101 const unsigned long SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK
= 0;
104 * Enforce the same origin policy where loads inherit the principal.
105 * See the documentation for principalToInherit, which describes exactly what
106 * principal is inherited.
108 const unsigned long SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT
= (1<<0);
111 * Enforce the same origin policy and data: loads are blocked.
113 const unsigned long SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED
= (1<<1);
116 * Allow loads from other origins. Loads which inherit the principal should
117 * see the documentation for principalToInherit, which describes exactly what
118 * principal is inherited.
120 * Commonly used by plain <img>, <video>, <link rel=stylesheet> etc.
122 const unsigned long SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT
= (1 << 2);
125 * Allow loads from other origins. Loads from data: will be allowed,
126 * but the resulting resource will get a null principal.
127 * Used in blink/webkit for <iframe>s. Likely also the mode
128 * that should be used by most Chrome code.
130 const unsigned long SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL
= (1<<3);
133 * Allow loads from any origin, but require CORS for cross-origin loads.
134 * See the documentation for principalToInherit, which describes exactly what
135 * principal is inherited.
137 * Commonly used by <img crossorigin>, <video crossorigin>,
140 const unsigned long SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT
= (1<<4);
143 * Choose cookie policy. The default policy is equivalent to "INCLUDE" for
144 * SEC_REQUIRE_SAME_ORIGIN_* and SEC_ALLOW_CROSS_ORIGIN_* modes, and
145 * equivalent to "SAME_ORIGIN" for SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT mode.
147 * This means that if you want to perform a CORS load with credentials, pass
148 * SEC_COOKIES_INCLUDE.
150 * Note that these flags are still subject to the user's cookie policies.
151 * For example, if the user is blocking 3rd party cookies, those cookies
152 * will be blocked no matter which of these flags are set.
154 const unsigned long SEC_COOKIES_DEFAULT
= (0 << 5);
155 const unsigned long SEC_COOKIES_INCLUDE
= (1 << 5);
156 const unsigned long SEC_COOKIES_SAME_ORIGIN
= (2 << 5);
157 const unsigned long SEC_COOKIES_OMIT
= (3 << 5);
160 * Force inheriting of the principal. See the documentation for
161 * principalToInherit, which describes exactly what principal is inherited.
163 * Setting this flag will cause GetChannelResultPrincipal to return the
164 * principal to be inherited as the channel principal.
166 * This will happen independently of the scheme of the URI that the
167 * channel is loading.
169 * So if the principal that gets inherited is "http://a.com/", and the channel
170 * is loading the URI "http://b.com/whatever", GetChannelResultPrincipal
171 * will return a principal from "http://a.com/".
173 * This flag can not be used together with SANDBOXED_ORIGIN sandbox flag. If
174 * both are passed to the LoadInfo constructor then this flag will be dropped.
175 * If you need to know whether this flag would have been present but was dropped
176 * due to sandboxing, check for the forceInheritPrincipalDropped flag.
178 const unsigned long SEC_FORCE_INHERIT_PRINCIPAL
= (1<<7);
181 * Inherit the Principal for about:blank.
183 const unsigned long SEC_ABOUT_BLANK_INHERITS
= (1<<9);
186 * Allow access to chrome: packages that are content accessible.
188 const unsigned long SEC_ALLOW_CHROME
= (1<<10);
191 * Disallow access to javascript: uris.
193 const unsigned long SEC_DISALLOW_SCRIPT
= (1<<11);
196 * Don't follow redirects. Instead the redirect response is returned
197 * as a successful response for the channel.
199 * Redirects not initiated by a server response, i.e. REDIRECT_INTERNAL and
200 * REDIRECT_STS_UPGRADE, are still followed.
202 * Note: If this flag is set and the channel response is a redirect, then
203 * the response body might not be available.
204 * This can happen if the redirect was cached.
206 const unsigned long SEC_DONT_FOLLOW_REDIRECTS
= (1<<12);
209 * Load an error page, it should be one of following : about:neterror,
210 * about:certerror, about:blocked, about:tabcrashed or about:restartrequired.
212 const unsigned long SEC_LOAD_ERROR_PAGE
= (1<<13);
215 * Force inheriting of the principal, overruling any owner that might be set
216 * on the channel. (Please note that channel.owner is deprecated and will be
217 * removed within Bug 1286838). See the documentation for principalToInherit,
218 * which describes exactly what principal is inherited.
220 * Setting this flag will cause GetChannelResultPrincipal to return the
221 * principal to be inherited as the channel principal.
223 * This will happen independently of the scheme of the URI that the
224 * channel is loading.
226 const unsigned long SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER
= (1<<14);
229 * This is the principal of the network request's caller/requester where
230 * the resulting resource will be used. I.e. it is the principal which
231 * will get access to the result of the request. (Where "get access to"
232 * might simply mean "embed" depending on the type of resource that is
235 * For example for an image, it is the principal of the document where
236 * the image is rendered. For a stylesheet it is the principal of the
237 * document where the stylesheet will be applied.
239 * So if document at http://a.com/page.html loads an image from
240 * http://b.com/pic.jpg, then loadingPrincipal will be
241 * http://a.com/page.html.
243 * For <iframe> and <frame> loads, the LoadingPrincipal is the
244 * principal of the parent document. For top-level loads, the
245 * LoadingPrincipal is null. For all loads except top-level loads
246 * the LoadingPrincipal is never null.
248 * If the loadingPrincipal is the system principal, no security checks
249 * will be done at all. There will be no security checks on the initial
250 * load or any subsequent redirects. This means there will be no
251 * nsIContentPolicy checks or any CheckLoadURI checks. Because of
252 * this, never set the loadingPrincipal to the system principal when
253 * the URI to be loaded is controlled by a webpage.
254 * If the loadingPrincipal and triggeringPrincipal are both
255 * content principals, then we will always call into
256 * nsIContentPolicies and CheckLoadURI. The call to nsIContentPolicies
257 * and CheckLoadURI happen even if the URI to be loaded is same-origin
258 * with the loadingPrincipal or triggeringPrincipal.
260 readonly attribute nsIPrincipal loadingPrincipal
;
263 * A C++-friendly version of triggeringPrincipal.
265 * This is a bit awkward because we can't use
266 * binaryname(GetLoadingPrincipal).
268 [noscript
, notxpcom
, nostdcall
]
269 nsIPrincipal virtualGetLoadingPrincipal
();
272 nsIPrincipal
* GetLoadingPrincipal
() {
273 return VirtualGetLoadingPrincipal
();
278 * This is the principal which caused the network load to start. I.e.
279 * this is the principal which provided the URL to be loaded. This is
280 * often the same as the LoadingPrincipal, but there are a few cases
281 * where that's not true.
283 * For example for loads into an <iframe>, the LoadingPrincipal is always
284 * the principal of the parent document. However the triggeringPrincipal
285 * is the principal of the document which provided the URL that the
286 * <iframe> is navigating to. This could be the previous document inside
287 * the <iframe> which set document.location. Or a document elsewhere in
288 * the frame tree which contained a <a target="..."> which targetted the
291 * If a stylesheet links to a sub-resource, like an @imported stylesheet,
292 * or a background image, then the triggeringPrincipal is the principal
293 * of the stylesheet, while the LoadingPrincipal is the principal of the
294 * document being styled.
296 * The triggeringPrincipal is never null.
298 * If the triggeringPrincipal is the system principal, no security checks
299 * will be done at all. There will be no security checks on the initial
300 * load or any subsequent redirects. This means there will be no
301 * nsIContentPolicy checks or any CheckLoadURI checks. Because of
302 * this, never set the triggeringPrincipal to the system principal when
303 * the URI to be loaded is controlled by a webpage.
304 * If the loadingPrincipal and triggeringPrincipal are both
305 * content principals, then we will always call into
306 * nsIContentPolicies and CheckLoadURI. The call to nsIContentPolicies
307 * and CheckLoadURI happen even if the URI to be loaded is same-origin
308 * with the loadingPrincipal or triggeringPrincipal.
310 readonly attribute nsIPrincipal triggeringPrincipal
;
313 * A C++-friendly version of triggeringPrincipal.
315 [noscript
, notxpcom
, nostdcall
, binaryname
(TriggeringPrincipal
)]
316 nsIPrincipal binaryTriggeringPrincipal
();
319 * The remote type of the process which caused the network load to start. I.e.
320 * this is the remote type of the process which provided the URL to be loaded.
322 * For subresource loads, this should be the same as the process which will
323 * handle the response, however for document loads this may both be different
324 * than the final process, as well as different from the process which starts
327 * This field is intentionally not perfectly preserved over IPC, and will be
328 * reset to the remote type of the sending process when sent from a content
329 * process to the parent process.
331 attribute AUTF8String triggeringRemoteType
;
334 * For non-document loads the principalToInherit is always null. For
335 * loads of type TYPE_DOCUMENT or TYPE_SUBDOCUMENT the principalToInherit
336 * might be null. If it's non null, then this is the principal that is
337 * inherited if a principal needs to be inherited. If the principalToInherit
338 * is null but the inherit flag is set, then the triggeringPrincipal is
339 * the principal that is inherited.
341 attribute nsIPrincipal principalToInherit
;
344 * A C++-friendly version of principalToInherit.
346 [noscript
, notxpcom
, nostdcall
, binaryname
(PrincipalToInherit
)]
347 nsIPrincipal binaryPrincipalToInherit
();
350 * Finds the correct principal to inherit for the given channel, based on
351 * the values of PrincipalToInherit and TriggeringPrincipal.
353 [noscript
, notxpcom
, nostdcall
]
354 nsIPrincipal FindPrincipalToInherit
(in nsIChannel aChannel
);
357 * This is the ownerDocument of the LoadingNode. Unless the LoadingNode
358 * is a Document, in which case the LoadingDocument is the same as the
361 * For top-level loads, and for loads originating from workers, the
362 * LoadingDocument is null. When the LoadingDocument is not null, the
363 * LoadingPrincipal is set to the principal of the LoadingDocument.
365 readonly attribute Document loadingDocument
;
368 * A C++-friendly version of loadingDocument (loadingNode).
369 * This is the Node where the resulting resource will be used. I.e. it is
370 * the Node which will get access to the result of the request. (Where
371 * "get access to" might simply mean "embed" depending on the type of
372 * resource that is loaded).
374 * For example for an <img>/<video> it is the image/video element. For
375 * document loads inside <iframe> and <frame>s, the LoadingNode is the
376 * <iframe>/<frame> element. For an XMLHttpRequest, it is the Document
377 * which contained the JS which initiated the XHR. For a stylesheet, it
378 * is the Document that contains <link rel=stylesheet>.
380 * For loads triggered by the HTML pre-parser, the LoadingNode is the
381 * Document which is currently being parsed.
383 * For top-level loads, and for loads originating from workers, the
384 * LoadingNode is null. If the LoadingNode is non-null, then the
385 * LoadingPrincipal is the principal of the LoadingNode.
387 [noscript
, notxpcom
, nostdcall
, binaryname
(LoadingNode
)]
388 nsINode binaryLoadingNode
();
391 * A C++ friendly version of the loadingContext for toplevel loads.
392 * Most likely you want to query the ownerDocument or LoadingNode
393 * and not this context only available for TYPE_DOCUMENT loads.
394 * Please note that except for loads of TYPE_DOCUMENT, this
395 * ContextForTopLevelLoad will always return null.
397 [noscript
, notxpcom
, nostdcall
, binaryname
(ContextForTopLevelLoad
)]
398 LoadContextRef binaryContextForTopLevelLoad
();
401 * For all loads except loads of TYPE_DOCUMENT, the loadingContext
402 * simply returns the loadingNode. For loads of TYPE_DOCUMENT this
403 * will return the context available for top-level loads which
404 * do not have a loadingNode.
406 [binaryname
(LoadingContextXPCOM
)]
407 readonly attribute nsISupports loadingContext
;
410 * A C++ friendly version of the loadingContext.
412 [noscript
, notxpcom
, nostdcall
, binaryname
(GetLoadingContext
)]
413 LoadContextRef binaryGetLoadingContext
();
416 * The securityFlags of that channel.
418 readonly attribute nsSecurityFlags securityFlags
;
421 inline nsSecurityFlags GetSecurityFlags
()
423 nsSecurityFlags result
;
424 mozilla
::DebugOnly
<nsresult
> rv
= GetSecurityFlags
(&result
);
425 MOZ_ASSERT
(NS_SUCCEEDED
(rv
));
431 * The sandboxFlags of that channel.
433 [infallible
] readonly attribute
unsigned long sandboxFlags
;
436 * The TriggingSandboxFlags are the SandboxFlags of the entity
437 * responsible for causing the load to occur.
439 [infallible
] attribute
unsigned long triggeringSandboxFlags
;
443 * The window id and storage access status of the window of the
444 * context that triggered the load. This is used to allow self-initiated
445 * same-origin navigations to propogate their "has storage access" bit
446 * to the next Document.
448 [infallible
] attribute
unsigned long long triggeringWindowId
;
449 [infallible
] attribute
boolean triggeringStorageAccess
;
452 * Allows to query only the security mode bits from above.
454 [infallible
] readonly attribute
unsigned long securityMode
;
457 * This flag is used for any browsing context where we should not sniff
458 * the content type. E.g if an iframe has the XCTO nosniff header, then
459 * that flag is set to true so we skip content sniffing for that browsing
462 [infallible
] attribute
boolean skipContentSniffing
;
465 * (default) If this flag is set, it has not yet been determined if the
466 * HTTPS-Only mode will upgrade the request.
468 const unsigned long HTTPS_ONLY_UNINITIALIZED
= (1 << 0);
471 * Indicates that this is the first time the request gets upgraded, and thus
472 * the HTTPS-Only StreamListener hasn't been registered yet. Even though there
473 * might be multiple channels per request that have to be upgraded (e.g.,
474 * because of redirects), the StreamListener only has to be attached to one
477 const unsigned long HTTPS_ONLY_UPGRADED_LISTENER_NOT_REGISTERED
= (1 << 1);
480 * Indicates that the request will get upgraded, and the HTTPS-Only
481 * StreamListener got registered.
483 const unsigned long HTTPS_ONLY_UPGRADED_LISTENER_REGISTERED
= (1 << 2);
486 * This flag can be manually set if the HTTPS-Only mode should exempt the
487 * request and not upgrade it. (e.g in the case of OCSP.
489 const unsigned long HTTPS_ONLY_EXEMPT
= (1 << 3);
492 * This flag can only ever be set on top-level loads. It indicates
493 * that the top-level https connection succeeded. This flag is mostly
494 * used to counter time-outs which allows to cancel the channel
495 * if the https load has not started.
497 const unsigned long HTTPS_ONLY_TOP_LEVEL_LOAD_IN_PROGRESS
= (1 << 4);
500 * This flag can only ever be set on downloads. It indicates
501 * that the download https connection succeeded. This flag is mostly
502 * used to counter time-outs which allows to cancel the channel
503 * if the https load has not started.
505 const unsigned long HTTPS_ONLY_DOWNLOAD_IN_PROGRESS
= (1 << 5);
508 * This flag indicates that the request should not be logged to the
511 const unsigned long HTTPS_ONLY_DO_NOT_LOG_TO_CONSOLE
= (1 << 6);
514 * This flag indicates that the request was upgraded by https-first mode.
516 const unsigned long HTTPS_ONLY_UPGRADED_HTTPS_FIRST
= (1 << 7);
519 * This flag indicates that the request should not be blocked by ORB.
521 const unsigned long HTTPS_ONLY_BYPASS_ORB
= (1 << 8);
524 * This flag indicates that HTTPS_ONLY_EXEMPT should be
525 * set the next time HTTPS-Only exemptions are checked
526 * and HTTPS-First is enabled.
528 const unsigned long HTTPS_FIRST_EXEMPT_NEXT_LOAD
= (1 << 9);
531 * Upgrade state of HTTPS-Only Mode. The flag HTTPS_ONLY_EXEMPT can get
532 * set on requests that should be excempt from an upgrade.
534 [infallible
] attribute
unsigned long httpsOnlyStatus
;
537 * Reflects whetehr this is an HTTP Strict Transport Security host
539 [infallible
] attribute
boolean hstsStatus
;
542 * Returns true if at the time of the loadinfo construction the document
543 * that triggered this load has the bit hasValidTransientUserGestureActivation
544 * set or the load was triggered from External. (Mostly this bool is used
545 * in the context of Sec-Fetch-User.)
547 [infallible
] attribute
boolean hasValidUserGestureActivation
;
550 * Returns true if at the time of the loadinfo construction the document that
551 * triggered this load was user activated. This flag is being used to indicate
552 * whether a document load with a text fragment is allowed to scroll to the
553 * first text directive.
555 [infallible
] attribute
boolean textDirectiveUserActivation
;
558 * Returns true if the current load is a same-document navigation.
560 * Note: There exists no IPC plumbing for this field. If this object crosses
561 * a process boundary, it is not same-document, and the value defaults
563 * Also note: This flag is only meant to be used for a specific case when
564 * scrolling to a text fragment: If a same-doc load is triggered
565 * during the initial document load, and the target text has not
567 * The flag is not being reset. If you want to use this flag for
568 * another reason, don't. Check Bug 1777171 for a stable solution.
570 [infallible
] attribute
boolean isSameDocumentNavigation
;
573 * We disallow the SystemPrincipal to initiate requests to
574 * the public web. This flag is to allow exceptions.
576 [infallible
] attribute
boolean allowDeprecatedSystemRequests
;
579 * Only ever returns true if the loadinfo is of TYPE_SCRIPT and
580 * the script was created by the HTML parser.
582 [infallible
] attribute
boolean parserCreatedScript
;
585 * True if this request is known to have been triggered by a user
586 * manually requesting the URI to be saved.
588 [infallible
] attribute
boolean isUserTriggeredSave
;
591 * True if this request is from DevTools.
593 [infallible
] attribute
boolean isInDevToolsContext
;
596 * True if this request is embedded in a context that can't be third-party
597 * (i.e. an iframe embedded in a cross-origin parent window). If this is
598 * false, then this request may be third-party if it's a third-party to
601 [infallible
] attribute
boolean isInThirdPartyContext
;
604 * True if this request is a third party in respect to the top-level window.
606 * Note that this doesn't consider the parent window. I.e. It will still
607 * return false even in the case that the parent is cross-origin but the
608 * top-level is same-origin.
610 * This value would be set during opening the channel in parent and propagate
611 * to the channel in the content.
613 [infallible
] attribute
boolean isThirdPartyContextToTopWindow
;
616 * See the SEC_COOKIES_* flags above. This attribute will never return
617 * SEC_COOKIES_DEFAULT, but will instead return what the policy resolves to.
618 * I.e. SEC_COOKIES_SAME_ORIGIN for CORS mode, and SEC_COOKIES_INCLUDE
621 [infallible
] readonly attribute
unsigned long cookiePolicy
;
624 * The cookie jar settings inherited from the top-level document's loadInfo.
627 attribute nsICookieJarSettings cookieJarSettings
;
629 cenum StoragePermissionState
: 8 {
630 NoStoragePermission
= 0,
631 HasStoragePermission
= 1,
632 StoragePermissionAllowListed
= 2,
636 * The result of the storage permission check of the loading document. This
637 * value would be set during opening the channel.
639 [infallible
] attribute nsILoadInfo_StoragePermissionState
643 * Get the granular overrides of fingerprinting protections associated to the
644 * channel, the value will override the default fingerprinting protection
645 * settings. This field will only get populated if these is one that comes
646 * from the local granular overrides pref or WebCompat. Otherwise, a value of
647 * Nothing() indicates no granular overrides are present for this channel.
649 * The RFPTarget defined in the RFPTargets.inc.
651 [noscript
, nostdcall
, notxpcom
]
652 const_MaybeRFPTarget GetOverriddenFingerprintingSettings
();
655 * Set the granular overrides of fingerprinting protections for the channel.
657 [noscript
, nostdcall
, notxpcom
]
658 void SetOverriddenFingerprintingSettings
(in RFPTarget aTargets
);
661 * True if the load was triggered by a meta refresh.
663 [infallible
] attribute
boolean isMetaRefresh
;
666 * If forceInheritPrincipal is true, the data coming from the channel should
667 * inherit its principal, even when the data is loaded over http:// or another
668 * protocol that would normally use a URI-based principal.
670 * See the documentation for principalToInherit, which describes exactly what
671 * principal is inherited.
673 * This attribute will never be true when loadingSandboxed is true.
675 [infallible
] readonly attribute
boolean forceInheritPrincipal
;
678 * If forceInheritPrincipalOverruleOwner is true, the data coming from the
679 * channel should inherit the principal, even when the data is loaded over
680 * http:// or another protocol that would normally use a URI-based principal
681 * and even if the channel's .owner is not null. This last is the difference
682 * between forceInheritPrincipalOverruleOwner and forceInheritPrincipal: the
683 * latter does _not_ overrule the .owner setting.
685 * See the documentation for principalToInherit, which describes exactly what
686 * principal is inherited.
688 [infallible
] readonly attribute
boolean forceInheritPrincipalOverruleOwner
;
691 * If loadingSandboxed is true, the data coming from the channel is
692 * being loaded sandboxed, so it should have a nonce origin and
693 * hence should use a NullPrincipal.
695 [infallible
] readonly attribute
boolean loadingSandboxed
;
698 * If aboutBlankInherits is true, then about:blank should inherit
701 [infallible
] readonly attribute
boolean aboutBlankInherits
;
704 * If allowChrome is true, then use nsIScriptSecurityManager::ALLOW_CHROME
705 * when calling CheckLoadURIWithPrincipal().
707 [infallible
] readonly attribute
boolean allowChrome
;
710 * If disallowScript is true, then use nsIScriptSecurityManager::DISALLOW_SCRIPT
711 * when calling CheckLoadURIWithPrincipal().
713 [infallible
] readonly attribute
boolean disallowScript
;
716 uint32_t CheckLoadURIFlags
() {
717 uint32_t flags
= nsIScriptSecurityManager
::STANDARD
;
718 if
(GetAllowChrome
()) {
719 flags |
= nsIScriptSecurityManager
::ALLOW_CHROME
;
721 if
(GetDisallowScript
()) {
722 flags |
= nsIScriptSecurityManager
::DISALLOW_SCRIPT
;
729 * Returns true if SEC_DONT_FOLLOW_REDIRECTS is set.
731 [infallible
] readonly attribute
boolean dontFollowRedirects
;
734 * Returns true if SEC_LOAD_ERROR_PAGE is set.
736 [infallible
] readonly attribute
boolean loadErrorPage
;
739 * True if the load was initiated by a form request.
741 [infallible
] attribute
boolean isFormSubmission
;
744 * The external contentPolicyType of the channel, used for security checks
745 * like Mixed Content Blocking and Content Security Policy.
747 * Specifically, content policy types with _INTERNAL_ in their name will
748 * never get returned from this attribute.
750 readonly attribute nsContentPolicyType externalContentPolicyType
;
753 * CSP uses this parameter to send or not CSP violation events.
754 * Default value: true.
756 [infallible
] attribute
boolean sendCSPViolationEvents
;
759 inline ExtContentPolicyType GetExternalContentPolicyType
()
761 nsContentPolicyType result
;
762 mozilla
::DebugOnly
<nsresult
> rv
= GetExternalContentPolicyType
(&result
);
763 MOZ_ASSERT
(NS_SUCCEEDED
(rv
));
764 return static_cast
<ExtContentPolicyType
>(result
);
771 * The internal contentPolicyType of the channel, used for constructing
772 * RequestContext values when creating a fetch event for an intercepted
775 * This should not be used for the purposes of security checks, since
776 * the content policy implementations cannot be expected to deal with
777 * _INTERNAL_ values. Please use the contentPolicyType attribute above
780 [noscript
, notxpcom
, nostdcall
, binaryname
(InternalContentPolicyType
)]
781 nsContentPolicyType binaryInternalContentPolicyType
();
783 readonly attribute nsContentPolicyType internalContentPolicyType
;
786 * Returns true if document or any of the documents ancestors
787 * up to the toplevel document make use of the CSP directive
788 * 'block-all-mixed-content'.
790 * Warning: If the loadingDocument is null, then the
791 * blockAllMixedContent is false.
793 [infallible
] readonly attribute
boolean blockAllMixedContent
;
796 * Returns true if document or any of the documents ancestors
797 * up to the toplevel document make use of the CSP directive
798 * 'upgrade-insecure-requests'.
800 * Warning: If the loadingDocument is null, then the
801 * upgradeInsecureRequests is false.
803 [infallible
] readonly attribute
boolean upgradeInsecureRequests
;
806 * Returns true if the the page is https and the content is upgradable from http
807 * requires 'security.mixed_content.upgrade_display_content' pref to be true.
808 * Currently this only upgrades display content but might be expanded to other loads.
809 * This is very similar in implementation to upgradeInsecureRequests but browser set.
811 [infallible
] readonly attribute
boolean browserUpgradeInsecureRequests
;
814 * Returns true if the display content was or will get upgraded from http to https.
815 * Requires 'security.mixed_content.upgrade_display_content' pref to be true.
816 * Flag is set purely to collect telemetry.
818 [infallible
] attribute
boolean browserDidUpgradeInsecureRequests
;
821 * Returns true if the the page is https and the content is upgradable from http
822 * requires 'security.mixed_content.upgrade_display_content' pref to be false.
823 * See browserUpgradeInsecureRequests for more details, this only happens
824 * when *not* upgrading purely for telemetry.
826 [infallible
] readonly attribute
boolean browserWouldUpgradeInsecureRequests
;
829 * If true, toplevel data: URI navigation is allowed
831 [infallible
] attribute
boolean forceAllowDataURI
;
834 * If true, insecure redirects to a data: URI are allowed.
836 [infallible
] attribute
boolean allowInsecureRedirectToDataURI
;
839 * If true, the content policy security check is excluded from web requests.
841 [infallible
] attribute
boolean skipContentPolicyCheckForWebRequest
;
844 * If true, this is the load of a frame's original src attribute
846 [infallible
] attribute
boolean originalFrameSrcLoad
;
849 * The SEC_FORCE_INHERIT_PRINCIPAL flag may be dropped when a load info
850 * object is created. Specifically, it will be dropped if the SANDBOXED_ORIGIN
851 * sandbox flag is also present. This flag is set if SEC_FORCE_INHERIT_PRINCIPAL
854 [infallible
] readonly attribute
boolean forceInheritPrincipalDropped
;
857 * This is the inner window ID of the window in which the element being
860 * Note that this window ID can be 0 if the window is not
863 [infallible
] readonly attribute
unsigned long long innerWindowID
;
866 * The BrowsingContext performing the load for this nsILoadInfo object.
868 [infallible
] readonly attribute
unsigned long long browsingContextID
;
869 [infallible
] readonly attribute BrowsingContext browsingContext
;
872 * The BrowsingContext which the worker is associated.
874 * Note that this could be 0 if the load is not triggered in a WorkerScope.
875 * This value is only set and used in the parent process for some sitautions
876 * the channel is created in the parent process for Workers. Such as fetch().
877 * In content process, it is always 0.
878 * This value would not be propagated through IPC.
880 [infallible
] attribute
unsigned long long workerAssociatedBrowsingContextID
;
881 [infallible
] readonly attribute BrowsingContext workerAssociatedBrowsingContext
;
884 * Only when the element being loaded is <frame src="foo.html">
885 * (or, more generally, if the element QIs to nsFrameLoaderOwner),
886 * the frameBrowsingContext is the browsing context containing the
889 * Note: For other cases, frameBrowsingContextID is 0.
891 [infallible
] readonly attribute
unsigned long long frameBrowsingContextID
;
892 [infallible
] readonly attribute BrowsingContext frameBrowsingContext
;
895 * If the element being loaded is a nsFrameLoaderOwner,
896 * `targetBrowsingContext` is the Browsing Context which will contain the
897 * loading document (see `frameBrowsingContext`). Otherwise, it is the
898 * Browsing Context performing the load (see `browsingContext`).
900 [infallible
] readonly attribute
unsigned long long targetBrowsingContextID
;
901 [infallible
] readonly attribute BrowsingContext targetBrowsingContext
;
904 * Resets the PrincipalToInherit to a freshly created NullPrincipal
905 * which inherits the origin attributes from the loadInfo.
907 * WARNING: Please only use that function if you know exactly what
910 void resetPrincipalToInheritToNullPrincipal
();
913 * Customized OriginAttributes within LoadInfo to allow overwriting of the
914 * default originAttributes from the loadingPrincipal.
916 * In chrome side, originAttributes.privateBrowsingId will always be 0 even if
917 * the usePrivateBrowsing is true, because chrome docshell won't set
918 * privateBrowsingId on origin attributes (See bug 1278664). This is to make
919 * sure nsILoadInfo and nsILoadContext have the same origin attributes.
921 [implicit_jscontext
, binaryname
(ScriptableOriginAttributes
)]
922 attribute jsval originAttributes
;
924 [noscript
, nostdcall
, binaryname
(GetOriginAttributes
)]
925 OriginAttributes binaryGetOriginAttributes
();
927 [noscript
, nostdcall
, binaryname
(SetOriginAttributes
)]
928 void binarySetOriginAttributes
(in const_OriginAttributesRef aOriginAttrs
);
931 inline mozilla
::OriginAttributes GetOriginAttributes
()
933 mozilla
::OriginAttributes result
;
934 mozilla
::DebugOnly
<nsresult
> rv
= GetOriginAttributes
(&result
);
935 MOZ_ASSERT
(NS_SUCCEEDED
(rv
));
941 * Whenever a channel is evaluated by the ContentSecurityManager
942 * the first time, we set this flag to true to indicate that
943 * subsequent calls of AsyncOpen() do not have to enforce all
944 * security checks again. E.g., after a redirect there is no
945 * need to set up CORS again. We need this separate flag
946 * because the redirectChain might also contain internal
947 * redirects which might pollute the redirectChain so we can't
948 * rely on the size of the redirectChain-array to query whether
949 * a channel got redirected or not.
951 * Please note, once the flag is set to true it must remain true
952 * throughout the lifetime of the channel. Trying to set it
953 * to anything else than true will be discarded.
956 [infallible
] attribute
boolean initialSecurityCheckDone
;
959 * Returns true if the load was triggered from an external application
960 * (e.g. Thunderbird). Please note that this flag will only ever be true
961 * if the load is of TYPE_DOCUMENT.
963 [infallible
] attribute
boolean loadTriggeredFromExternal
;
966 * True if the tainting has been set by the service worker.
968 [noscript
, infallible
] readonly attribute
boolean serviceWorkerTaintingSynthesized
;
971 * Whenever a channel gets redirected, append the redirect history entry of
972 * the channel which contains principal referrer and remote address [before
973 * the channels got redirected] to the loadinfo, so that at every point this
974 * array provides us information about all the redirects this channel went
976 * @param channelToDeriveFrom the channel being redirected
977 * @param aIsInternalRedirect should be true if the channel is going
978 * through an internal redirect, otherwise false.
980 void appendRedirectHistoryEntry
(in nsIChannel channelToDeriveFrom
,
981 in boolean isInternalRedirect
);
984 * An array of nsIRedirectHistoryEntry which stores redirects associated
985 * with this channel. This array is filled whether or not the channel has
986 * ever been opened. The last element of the array is associated with the
987 * most recent redirect. Please note, that this array *includes* internal
991 readonly attribute jsval redirectChainIncludingInternalRedirects
;
994 * A C++-friendly version of redirectChain.
995 * Please note that this array has the same lifetime as the
996 * loadInfo object - use with caution!
998 [noscript
, notxpcom
, nostdcall
, binaryname
(RedirectChainIncludingInternalRedirects
)]
999 nsIRedirectHistoryEntryArray binaryRedirectChainIncludingInternalRedirects
();
1002 * Same as RedirectChain but does *not* include internal redirects.
1004 [implicit_jscontext
]
1005 readonly attribute jsval redirectChain
;
1008 * A C++-friendly version of redirectChain.
1009 * Please note that this array has the same lifetime as the
1010 * loadInfo object - use with caution!
1012 [noscript
, notxpcom
, nostdcall
, binaryname
(RedirectChain
)]
1013 nsIRedirectHistoryEntryArray binaryRedirectChain
();
1016 * This array is only filled out when we are in the parent process and we are
1017 * creating a loadInfo object or deserializing LoadInfoArgs into LoadInfo,
1018 * as we ever only need in the parent process.
1020 * The array is meant to be a list of principals of the documents that the
1021 * browsing context, corresponding to this loadInfo object, is "nested through" in
1023 * <https://html.spec.whatwg.org/multipage/browsers.html#browsing-context-nested-through>.
1024 * Note that the array does not include the principal corresponding to the frame
1025 * loading this request. The closest ancestor is at index zero and the top level
1026 * ancestor is at the last index.
1028 * If this is a toplevel content browsing context (i.e. toplevel document in spec
1029 * terms), the list is empty.
1031 * Otherwise the array is a list for the document we're nested through (again in
1032 * the spec sense), with the principal of that document prepended. The
1033 * ancestorPrincipals[0] entry for an iframe load will be the principal of the
1034 * iframe element's owner document. The ancestorPrincipals[0] entry for an image
1035 * loaded in an iframe will be the principal of the iframe element's owner
1036 * document. This matches the ordering specified for Location.ancestorOrigins.
1038 * Please note that this array has the same lifetime as the loadInfo object - use
1041 [noscript
, notxpcom
, nostdcall
]
1042 PrincipalArrayRef AncestorPrincipals
();
1045 * An array of BrowsingContext IDs which correspond to nsILoadInfo::AncestorPrincipals
1046 * above. AncestorBrowsingContextIDs[0] is the BrowsingContext ID of the frame
1047 * associated with the principal at ancestorPrincipals[0], and so forth.
1049 * Please note that this array has the same lifetime as the
1050 * loadInfo object - use with caution!
1052 [noscript
, notxpcom
, nostdcall
]
1053 Uint64ArrayRef AncestorBrowsingContextIDs
();
1056 * Sets the list of unsafe headers according to CORS spec, as well as
1057 * potentially forces a preflight.
1058 * Note that you do not need to set the Content-Type header. That will be
1059 * automatically detected as needed.
1061 * Only call this function when using the SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT mode.
1063 [noscript
, notxpcom
, nostdcall
]
1064 void setCorsPreflightInfo
(in CStringArrayRef unsafeHeaders
,
1065 in boolean forcePreflight
);
1068 * A C++-friendly getter for the list of cors-unsafe headers.
1069 * Please note that this array has the same lifetime as the
1070 * loadInfo object - use with caution!
1072 [noscript
, notxpcom
, nostdcall
, binaryname
(CorsUnsafeHeaders
)]
1073 CStringArrayRef corsUnsafeHeaders
();
1076 * Returns value set through setCorsPreflightInfo.
1078 [infallible
] readonly attribute
boolean forcePreflight
;
1081 * A C++ friendly getter for the forcePreflight flag.
1083 [infallible
] readonly attribute
boolean isPreflight
;
1086 * Constants reflecting the channel tainting. These are mainly defined here
1087 * for script. Internal C++ code should use the enum defined in LoadTainting.h.
1088 * See LoadTainting.h for documentation.
1090 const unsigned long TAINTING_BASIC
= 0;
1091 const unsigned long TAINTING_CORS
= 1;
1092 const unsigned long TAINTING_OPAQUE
= 2;
1095 * Determine the associated channel's current tainting. Note, this can
1096 * change due to a service worker intercept, so it should be checked after
1097 * OnStartRequest() fires.
1099 readonly attribute
unsigned long tainting
;
1102 * Note a new tainting level and possibly increase the current tainting
1103 * to match. If the tainting level is already greater than the given
1104 * value, then there is no effect. It is not possible to reduce the tainting
1105 * level on an existing channel/loadinfo.
1107 void maybeIncreaseTainting
(in unsigned long aTainting
);
1110 * Various helper code to provide more convenient C++ access to the tainting
1111 * attribute and maybeIncreaseTainting().
1114 static_assert
(TAINTING_BASIC
== static_cast
<uint32_t
>(mozilla
::LoadTainting
::Basic
),
1115 "basic tainting enums should match");
1116 static_assert
(TAINTING_CORS
== static_cast
<uint32_t
>(mozilla
::LoadTainting
::CORS
),
1117 "cors tainting enums should match");
1118 static_assert
(TAINTING_OPAQUE
== static_cast
<uint32_t
>(mozilla
::LoadTainting
::Opaque
),
1119 "opaque tainting enums should match");
1121 mozilla
::LoadTainting GetTainting
()
1123 uint32_t tainting
= TAINTING_BASIC
;
1124 MOZ_ALWAYS_SUCCEEDS
(GetTainting
(&tainting
));
1125 return static_cast
<mozilla
::LoadTainting
>(tainting
);
1128 void MaybeIncreaseTainting
(mozilla
::LoadTainting aTainting
)
1130 uint32_t tainting
= static_cast
<uint32_t
>(aTainting
);
1131 MOZ_ALWAYS_SUCCEEDS
(MaybeIncreaseTainting
(tainting
));
1136 * Returns true if this load is for top level document.
1137 * Note that the load for a sub-frame's document will return false here.
1139 [infallible
] readonly attribute
boolean isTopLevelLoad
;
1142 * If this is non-null, this property represents two things: (1) the
1143 * URI to be used for the principal if the channel with this loadinfo
1144 * gets a principal based on URI and (2) the URI to use for a document
1145 * created from the channel with this loadinfo.
1147 attribute nsIURI resultPrincipalURI
;
1150 * This is the URI used to create the most recent channel in the load's
1151 * redirect chain, if it's different from channel's `originalURI`.
1152 * This is always null for loads not handled by DocumentLoadListener. If
1153 * non-null, channelCreationOriginalURI will be used instead of channel's
1154 * originalURI to re-create the channel in the final content process selected
1155 * to perform the load.
1157 attribute nsIURI channelCreationOriginalURI
;
1160 * Returns a unique nsID used to construct the null principal for the
1161 * resulting resource if the SANDBOXED_ORIGIN flag is set. This is used by
1162 * GetChannelResultPrincipal() to ensure that the same null principal is
1163 * returned every time.
1165 [noscript
, nostdcall
, notxpcom
]
1166 nsIDRef GetSandboxedNullPrincipalID
();
1169 * Generates a new nsID to be returned by a future call to
1170 * `GetSandboxedNullPrincipalID()`.
1172 [noscript
, nostdcall
, notxpcom
]
1173 void ResetSandboxedNullPrincipalID
();
1176 * Return the top-level principal, which is the principal of the top-level
1179 [notxpcom
, nostdcall
] readonly attribute nsIPrincipal topLevelPrincipal
;
1182 * Note which client (i.e. global) initiated this network request. All
1183 * nsGlobalWindow and WorkerPrivate can be converted to a ClientInfo to
1184 * be set here. While this is being added to support service worker
1185 * FetchEvent, it can also be used to communicate other information about
1186 * the source global context in the future.
1188 [noscript
, nostdcall
, notxpcom
]
1189 void SetClientInfo
(in const_ClientInfoRef aClientInfo
);
1192 * Get the ClientInfo for the global that initiated the network request,
1193 * if it has been set.
1195 [noscript
, nostdcall
, notxpcom
]
1196 const_MaybeClientInfoRef GetClientInfo
();
1199 * Give a pre-allocated ClientSource to the channel LoadInfo. This is
1200 * intended to be used by docshell when loading windows without an
1201 * initial about:blank document. The docshell will allocate the ClientSource
1202 * to represent the client that will be created as a result of the navigation
1203 * network request. If the channel succeeds and remains same-origin, then
1204 * the result nsGlobalWindow will take ownership of the reserved ClientSource.
1206 * This method is also called when a cross-origin redirect occurs. A new
1207 * ClientSource with a different UUID must be created in this case.
1209 * This method automatically calls SetReservedClientInfo() with the
1210 * ClientSource::Info().
1212 [noscript
, nostdcall
, notxpcom
]
1213 void GiveReservedClientSource
(in UniqueClientSourceMove aClientSource
);
1216 * This method takes ownership of the reserved ClientSource previously
1217 * provided in GiveReservedClientSource(). It may return nullptr if the
1218 * nsILoadInfo does not own a ClientSource object.
1220 [noscript
, nostdcall
, notxpcom
]
1221 UniqueClientSource TakeReservedClientSource
();
1224 * Note the reserved client that be created if this non-subresource
1225 * network request succeeds. Depending on the type of client this
1226 * may be called directly or indirectly via GiveReservedClientSource().
1227 * For example, web workers do not call give their ClientSource to
1228 * the nsILoadInfo, but must still call this method to indicate the
1229 * reserved client for their main script load.
1231 [noscript
, nostdcall
, notxpcom
]
1232 void SetReservedClientInfo
(in const_ClientInfoRef aClientInfo
);
1235 * This will clear any existing reserved or initial client and override
1236 * it with the given reserved client. This is similar to calling
1237 * TakeReservedClientSource() and then GiveReservedClientSource() with
1238 * a new client as ClientChannelHelper does. This method is needed,
1239 * though, to perform this operation in the parent process where
1240 * the LoadInfo does not have direct access to a ClientSource.
1242 * If in doubt, do not call this method. Its really only needed for
1243 * a specific redirect case where the child has created a new client on
1244 * redirect and we need to override the parent side's reserved client
1247 [noscript
, nostdcall
, notxpcom
]
1248 void OverrideReservedClientInfoInParent
(in const_ClientInfoRef aClientInfo
);
1251 * Return the reserved ClientInfo for this load, if one has been set.
1253 [noscript
, nostdcall
, notxpcom
]
1254 const_MaybeClientInfoRef GetReservedClientInfo
();
1257 * Note that this non-subresource network request will result in
1258 * re-using an existing "initial" active client. This mainly only
1259 * happens when an initial about:blank document is replaced with
1260 * a real load in a window. In these cases we need to track this
1261 * initial client so that we may report its existence in a FetchEvent.
1263 * Note, an nsILoadInfo may only have a reserved client or an
1264 * initial client. It should never have both.
1266 [noscript
, nostdcall
, notxpcom
]
1267 void SetInitialClientInfo
(in const_ClientInfoRef aClientInfo
);
1270 * Return the initial ClientInfo for this load, if one has been set.
1272 [noscript
, nostdcall
, notxpcom
]
1273 const_MaybeClientInfoRef GetInitialClientInfo
();
1276 * Note that this network request should be controlled by a service worker.
1277 * For non-subresource requests this may be set during the load when
1278 * the first service worker interception occurs. For subresource requests
1279 * it may be set by the source client if its already controlled by a
1282 [noscript
, nostdcall
, notxpcom
]
1283 void SetController
(in const_ServiceWorkerDescriptorRef aServiceWorker
);
1286 * Clear the service worker controller for this channel. This should only
1287 * be used for window navigation redirects. By default we want to keep
1288 * the controller in all other cases.
1290 [noscript
, nostdcall
, notxpcom
]
1291 void ClearController
();
1294 * Get the service worker controlling this network request, if one has
1297 [noscript
, nostdcall
, notxpcom
]
1298 const_MaybeServiceWorkerDescriptorRef GetController
();
1301 * Set a custom performance storage. This is meant to be executed only for
1302 * workers. If a PerformanceStorage is not set, the loadingDocument->Window
1303 * Performance object will be returned instead.
1305 [noscript
, nostdcall
, notxpcom
]
1306 void SetPerformanceStorage
(in PerformanceStoragePtr aPerformanceStorage
);
1309 * Get the custom PerformanceStorage if set by SetPerformanceStorage.
1310 * Otherwise the loadingDocument->Window Performance object will be returned
1311 * instead if all the following conditions are met:
1312 * - the triggeringPrincipal is the same as the loadingDocument's principal.
1313 * - if the external content policy type is TYPE_SUBDOCUMENT then loading
1314 * wasn't caused by processing the attributes of the browsing context
1317 [noscript
, nostdcall
, notxpcom
]
1318 PerformanceStoragePtr GetPerformanceStorage
();
1321 * Returns the CSP (or Preload CSP for preloads) which should be enforced
1322 * when fetching the resource this loadinfo belongs to.
1324 * a) Non-navigations:
1325 * For non-navigation loads, GetCsp() returns what the spec refers to as the
1326 * "request's client's global object's CSP list". In practice, if this is the
1327 * loadinfo of a subresource load (e.g an image load), then GetCsp() or
1328 * GetPreloadCSP() returns the CSP of the document which embeds the image.
1329 * The returned CSP includes any policy delivered through the HTTP header or
1330 * also through the meta tag (modulo the difference for preloads, e.g. image
1331 * preloads have to query GetPreloadCsp() because at the time of preloading
1332 * we are not entirely sure if the Meta CSP will be applied to the document
1333 * in the end or not). Please note that GetCSPToInherit() called on a
1334 * loadinfo for any non-navigation always returns null.
1337 * * Top-level loads:
1338 * For top-level loads (navigations) GetCsp() will return null, unless
1339 * the navigation is started by a WebExtension, in which case it will
1340 * return the CSP of the webextension, if any.
1341 * If you need to query the CSP that potentially should apply to the
1342 * new top-level load, you have to query GetCspToInherit(), which is
1343 * the CSP of the request's client's global object, just like GetCsp()
1344 * is for non-navigation requests.
1347 * For iframe-loads (navigations) GetCsp() will return the CSP of the
1348 * parent document, unless the navigation is started by a WebExtension,
1349 * in which case it will return the CSP of the webextension, if any.
1351 * If you need to query the CSP that should potentially be inherited
1352 * into the new document, you have to query GetCSPToInherit().
1355 * After evaluating what CSP to use for frame navigations we should
1356 * update the above documentation to match the outcome of Bug 1557114.
1358 [notxpcom
,nostdcall
] CSPRef GetCsp
();
1359 [notxpcom
,nostdcall
] CSPRef GetPreloadCsp
();
1360 [notxpcom
,nostdcall
] CSPRef GetCspToInherit
();
1363 * The possibly cross-origin container feature policy required to
1364 * initialize the feature policy of a document load.
1366 [noscript
, nostdcall
, notxpcom
]
1367 MaybeFeaturePolicyInfo GetContainerFeaturePolicyInfo
();
1368 [noscript
, nostdcall
, notxpcom
]
1369 void SetContainerFeaturePolicyInfo
(in const_FeaturePolicyInfoRef aContainerFeaturePolicy
);
1372 * The service worker and fetch specifications require returning the
1373 * exact tainting level of the Response passed to FetchEvent.respondWith().
1374 * This method allows us to override the tainting level in that case.
1376 * NOTE: This should not be used outside of service worker code! Use
1377 * nsILoadInfo::MaybeIncreaseTainting() instead.
1379 [noscript
, nostdcall
, notxpcom
]
1380 void SynthesizeServiceWorkerTainting
(in LoadTainting aTainting
);
1383 * The top-level document has been user-interacted.
1385 [infallible
] attribute
boolean documentHasUserInteracted
;
1388 * During a top-level document channel redirect from tracking to
1389 * non-tracking resources, our anti-tracking heuristic, grants the storage
1390 * access permission for a short amount of seconds (See
1391 * privacy.restrict3rdpartystorage.expiration_redirect pref).
1392 * We use this flag to remember this decision even if this channel is part
1393 * of a chain of redirects.
1395 [infallible
] attribute
boolean allowListFutureDocumentsCreatedFromThisRedirectChain
;
1398 * Indicates that we need to check if we should apply the anti-tracking
1399 * heuristic after the channel has been classified.
1401 [infallible
] attribute
boolean needForCheckingAntiTrackingHeuristic
;
1404 * A snapshot of the nonce at load start time which is used for CSP
1405 * checks and only set for:
1409 attribute AString cspNonce
;
1411 // Subresource Integrity (SRI) metadata.
1412 attribute AString integrityMetadata
;
1415 * List of possible reasons the request associated with this load info
1416 * may have been blocked, set by various content blocking checkers.
1418 const uint32_t BLOCKING_REASON_NONE
= 0;
1419 const uint32_t BLOCKING_REASON_CORSDISABLED
= 1001;
1420 const uint32_t BLOCKING_REASON_CORSDIDNOTSUCCEED
= 1002;
1421 const uint32_t BLOCKING_REASON_CORSREQUESTNOTHTTP
= 1003;
1422 const uint32_t BLOCKING_REASON_CORSMULTIPLEALLOWORIGINNOTALLOWED
= 1004;
1423 const uint32_t BLOCKING_REASON_CORSMISSINGALLOWORIGIN
= 1005;
1424 const uint32_t BLOCKING_REASON_CORSNOTSUPPORTINGCREDENTIALS
= 1006;
1425 const uint32_t BLOCKING_REASON_CORSALLOWORIGINNOTMATCHINGORIGIN
= 1007;
1426 const uint32_t BLOCKING_REASON_CORSMISSINGALLOWCREDENTIALS
= 1008;
1427 const uint32_t BLOCKING_REASON_CORSORIGINHEADERNOTADDED
= 1009;
1428 const uint32_t BLOCKING_REASON_CORSEXTERNALREDIRECTNOTALLOWED
= 1010;
1429 const uint32_t BLOCKING_REASON_CORSPREFLIGHTDIDNOTSUCCEED
= 1011;
1430 const uint32_t BLOCKING_REASON_CORSINVALIDALLOWMETHOD
= 1012;
1431 const uint32_t BLOCKING_REASON_CORSMETHODNOTFOUND
= 1013;
1432 const uint32_t BLOCKING_REASON_CORSINVALIDALLOWHEADER
= 1014;
1433 const uint32_t BLOCKING_REASON_CORSMISSINGALLOWHEADERFROMPREFLIGHT
= 1015;
1434 const uint32_t BLOCKING_REASON_CLASSIFY_MALWARE_URI
= 2001;
1435 const uint32_t BLOCKING_REASON_CLASSIFY_PHISHING_URI
= 2002;
1436 const uint32_t BLOCKING_REASON_CLASSIFY_UNWANTED_URI
= 2003;
1437 const uint32_t BLOCKING_REASON_CLASSIFY_TRACKING_URI
= 2004;
1438 const uint32_t BLOCKING_REASON_CLASSIFY_BLOCKED_URI
= 2005;
1439 const uint32_t BLOCKING_REASON_CLASSIFY_HARMFUL_URI
= 2006;
1440 const uint32_t BLOCKING_REASON_CLASSIFY_CRYPTOMINING_URI
= 2007;
1441 const uint32_t BLOCKING_REASON_CLASSIFY_FINGERPRINTING_URI
= 2008;
1442 const uint32_t BLOCKING_REASON_CLASSIFY_SOCIALTRACKING_URI
= 2009;
1443 const uint32_t BLOCKING_REASON_CLASSIFY_EMAILTRACKING_URI
= 2010;
1444 const uint32_t BLOCKING_REASON_MIXED_BLOCKED
= 3001;
1445 // The general reason comes from nsCSPContext::permitsInternal(),
1446 // which is way too generic to distinguish an exact reason.
1447 const uint32_t BLOCKING_REASON_CONTENT_POLICY_GENERAL
= 4000;
1448 const uint32_t BLOCKING_REASON_CONTENT_POLICY_NO_DATA_PROTOCOL
= 4001;
1450 const uint32_t BLOCKING_REASON_CONTENT_POLICY_CONTENT_BLOCKED
= 4003;
1451 const uint32_t BLOCKING_REASON_CONTENT_POLICY_DATA_DOCUMENT
= 4004;
1452 const uint32_t BLOCKING_REASON_CONTENT_POLICY_WEB_BROWSER
= 4005;
1453 const uint32_t BLOCKING_REASON_CONTENT_POLICY_PRELOAD
= 4006;
1454 // The reason used when SEC_REQUIRE_SAME_ORIGIN_* is set and not satisifed.
1455 const uint32_t BLOCKING_REASON_NOT_SAME_ORIGIN
= 5000;
1456 // The reason used when an extension cancels the request via the WebRequest api.
1457 const uint32_t BLOCKING_REASON_EXTENSION_WEBREQUEST
= 6000;
1458 // The reason used when a request is cancelled via WebDriver BiDi network interception.
1459 const uint32_t BLOCKING_REASON_WEBDRIVER_BIDI
= 7000;
1462 * If the request associated with this load info was blocked by some of
1463 * our content or load blockers, the reason can be found here.
1464 * Note that setting this attribute has NO EFFECT on blocking the request.
1465 * This attribute is only informative!
1467 * By default the value is '0' - NONE.
1468 * Each write rewrites the last value.
1469 * Can be accessed only on a single thread.
1471 [infallible
] attribute
unsigned long requestBlockingReason
;
1474 * The object in charged to receive CSP violation events. It can be null.
1475 * This attribute will be merged into the CSP object eventually.
1478 attribute nsICSPEventListener cspEventListener
;
1481 * This attribute will be true if this is a load triggered by
1482 * https://html.spec.whatwg.org/multipage/iframe-embed-object.html#process-the-iframe-attributes
1483 * or https://html.spec.whatwg.org/multipage/obsolete.html#process-the-frame-attributes
1485 [infallible
] readonly attribute
boolean isFromProcessingFrameAttributes
;
1487 cenum CrossOriginOpenerPolicy
: 8 {
1488 OPENER_POLICY_UNSAFE_NONE
= 0,
1489 OPENER_POLICY_SAME_ORIGIN
= 1,
1490 OPENER_POLICY_SAME_ORIGIN_ALLOW_POPUPS
= 2,
1491 OPENER_POLICY_EMBEDDER_POLICY_REQUIRE_CORP_FLAG
= 0x10,
1492 OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP
=
1493 OPENER_POLICY_SAME_ORIGIN |
1494 OPENER_POLICY_EMBEDDER_POLICY_REQUIRE_CORP_FLAG
1497 cenum CrossOriginEmbedderPolicy
: 8 {
1498 EMBEDDER_POLICY_NULL
= 0,
1499 EMBEDDER_POLICY_REQUIRE_CORP
= 1,
1500 EMBEDDER_POLICY_CREDENTIALLESS
= 2,
1504 * This attribute is the loading context's cross origin embedder policy.
1505 * The value is initialized with corresponding WindowContext which get by
1506 * innerWindowIID in the nsILoadInfo.
1507 * It also could be set by workers when fetch is called under
1508 * the workers' scope.
1510 [infallible
] attribute nsILoadInfo_CrossOriginEmbedderPolicy
1511 loadingEmbedderPolicy
;
1514 * This attribute will be true if the top level document has COEP:
1515 * credentialless enabled in Origin Trial.
1517 [infallible
] attribute
boolean isOriginTrialCoepCredentiallessEnabledForTopLevel
;
1519 * This attribute will be true if this is a load triggered by a media
1522 [infallible
] attribute
boolean isMediaRequest
;
1525 * This attribute will be true if this is a load triggered by a media
1526 * element and it's an initial request.
1528 [infallible
] attribute
boolean isMediaInitialRequest
;
1531 * This attribute will be true if the fetch request is from object or embed
1534 [infallible
] attribute
boolean isFromObjectOrEmbed
;
1537 * This attribute will be true if the URL is known to be possibly broken and
1538 * CheckForBrokenChromeURL and RecordZeroLengthEvent should be skipped.
1540 [infallible
] readonly attribute
boolean shouldSkipCheckForBrokenURLOrZeroSized
;
1543 * If this is non-null, this property holds the URI as it was before query
1544 * stripping was performed.
1546 attribute nsIURI unstrippedURI
;
1549 * Propagated information from InterceptedHttpChannel
1550 * It should be null when the channel is not created from FetchEvent.request
1551 * or ServiceWorker NavigationPreload.
1552 * nsIFetchEventInfo is C++ only, so it is not an attribute.
1554 [noscript
, notxpcom
, nostdcall
, binaryname
(InterceptionInfo
)]
1555 nsIInterceptionInfo binaryInterceptionInfo
();
1557 [noscript
, notxpcom
, nostdcall
, binaryname
(SetInterceptionInfo
)]
1558 void binarySetInterceptionInfo
(in nsIInterceptionInfo info
);
1561 * Whether nsICookieInjector has injected a cookie for this request to
1562 * handle a cookie banner. This is only done for top-level requests.
1564 [infallible
] attribute
boolean hasInjectedCookieForCookieBannerHandling
;
1567 * Whether the load has gone through the URL bar, where the fixup had to add * the protocol scheme.
1569 [infallible
] attribute
boolean wasSchemelessInput
;
1571 cenum HTTPSUpgradeTelemetryType
: 32 {
1572 NOT_INITIALIZED
= 0,
1573 NO_UPGRADE
= (1 << 0),
1574 ALREADY_HTTPS
= (1 << 1),
1576 HTTPS_ONLY_UPGRADE
= (1 << 3),
1577 HTTPS_ONLY_UPGRADE_DOWNGRADE
= (1 << 4),
1578 HTTPS_FIRST_UPGRADE
= (1 << 5),
1579 HTTPS_FIRST_UPGRADE_DOWNGRADE
= (1 << 6),
1580 HTTPS_FIRST_SCHEMELESS_UPGRADE
= (1 << 7),
1581 HTTPS_FIRST_SCHEMELESS_UPGRADE_DOWNGRADE
= (1 << 8),
1582 HTTPS_RR
= (1 << 9),
1583 WEB_EXTENSION_UPGRADE
= (1 << 10),
1584 UPGRADE_EXCEPTION
= (1 << 11),
1588 * Solely for the use of collecting Telemetry for HTTPS upgrades.
1590 [infallible
] attribute nsILoadInfo_HTTPSUpgradeTelemetryType httpsUpgradeTelemetry
;