summaryrefslogtreecommitdiffstats
path: root/dom/security/nsContentSecurityManager.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--dom/security/nsContentSecurityManager.h53
1 files changed, 53 insertions, 0 deletions
diff --git a/dom/security/nsContentSecurityManager.h b/dom/security/nsContentSecurityManager.h
new file mode 100644
index 0000000000..7653ab8a65
--- /dev/null
+++ b/dom/security/nsContentSecurityManager.h
@@ -0,0 +1,53 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsContentSecurityManager_h___
+#define nsContentSecurityManager_h___
+
+#include "nsIContentSecurityManager.h"
+#include "nsIChannel.h"
+#include "nsIChannelEventSink.h"
+
+class nsIStreamListener;
+
+#define NS_CONTENTSECURITYMANAGER_CONTRACTID \
+ "@mozilla.org/contentsecuritymanager;1"
+// cdcc1ab8-3cea-4e6c-a294-a651fa35227f
+#define NS_CONTENTSECURITYMANAGER_CID \
+ { \
+ 0xcdcc1ab8, 0x3cea, 0x4e6c, { \
+ 0xa2, 0x94, 0xa6, 0x51, 0xfa, 0x35, 0x22, 0x7f \
+ } \
+ }
+
+class nsContentSecurityManager : public nsIContentSecurityManager,
+ public nsIChannelEventSink {
+ public:
+ NS_DECL_ISUPPORTS
+ NS_DECL_NSICONTENTSECURITYMANAGER
+ NS_DECL_NSICHANNELEVENTSINK
+
+ nsContentSecurityManager() = default;
+
+ static nsresult doContentSecurityCheck(
+ nsIChannel* aChannel, nsCOMPtr<nsIStreamListener>& aInAndOutListener);
+
+ static bool AllowTopLevelNavigationToDataURI(nsIChannel* aChannel);
+ static bool AllowInsecureRedirectToDataURI(nsIChannel* aNewChannel);
+ static void MeasureUnexpectedPrivilegedLoads(
+ nsIURI* aFinalURI, ExtContentPolicyType aContentPolicyType,
+ const nsACString& aRemoteType);
+
+ private:
+ static nsresult CheckChannel(nsIChannel* aChannel);
+ static nsresult CheckFTPSubresourceLoad(nsIChannel* aChannel);
+ static nsresult CheckAllowLoadInSystemPrivilegedContext(nsIChannel* aChannel);
+ static nsresult CheckChannelHasProtocolSecurityFlag(nsIChannel* aChannel);
+
+ virtual ~nsContentSecurityManager() = default;
+};
+
+#endif /* nsContentSecurityManager_h___ */