diff options
Diffstat (limited to '')
-rw-r--r-- | dom/security/nsContentSecurityManager.h | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/dom/security/nsContentSecurityManager.h b/dom/security/nsContentSecurityManager.h new file mode 100644 index 0000000000..7653ab8a65 --- /dev/null +++ b/dom/security/nsContentSecurityManager.h @@ -0,0 +1,53 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsContentSecurityManager_h___ +#define nsContentSecurityManager_h___ + +#include "nsIContentSecurityManager.h" +#include "nsIChannel.h" +#include "nsIChannelEventSink.h" + +class nsIStreamListener; + +#define NS_CONTENTSECURITYMANAGER_CONTRACTID \ + "@mozilla.org/contentsecuritymanager;1" +// cdcc1ab8-3cea-4e6c-a294-a651fa35227f +#define NS_CONTENTSECURITYMANAGER_CID \ + { \ + 0xcdcc1ab8, 0x3cea, 0x4e6c, { \ + 0xa2, 0x94, 0xa6, 0x51, 0xfa, 0x35, 0x22, 0x7f \ + } \ + } + +class nsContentSecurityManager : public nsIContentSecurityManager, + public nsIChannelEventSink { + public: + NS_DECL_ISUPPORTS + NS_DECL_NSICONTENTSECURITYMANAGER + NS_DECL_NSICHANNELEVENTSINK + + nsContentSecurityManager() = default; + + static nsresult doContentSecurityCheck( + nsIChannel* aChannel, nsCOMPtr<nsIStreamListener>& aInAndOutListener); + + static bool AllowTopLevelNavigationToDataURI(nsIChannel* aChannel); + static bool AllowInsecureRedirectToDataURI(nsIChannel* aNewChannel); + static void MeasureUnexpectedPrivilegedLoads( + nsIURI* aFinalURI, ExtContentPolicyType aContentPolicyType, + const nsACString& aRemoteType); + + private: + static nsresult CheckChannel(nsIChannel* aChannel); + static nsresult CheckFTPSubresourceLoad(nsIChannel* aChannel); + static nsresult CheckAllowLoadInSystemPrivilegedContext(nsIChannel* aChannel); + static nsresult CheckChannelHasProtocolSecurityFlag(nsIChannel* aChannel); + + virtual ~nsContentSecurityManager() = default; +}; + +#endif /* nsContentSecurityManager_h___ */ |