From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- dom/security/FramingChecker.h | 51 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 dom/security/FramingChecker.h (limited to 'dom/security/FramingChecker.h') diff --git a/dom/security/FramingChecker.h b/dom/security/FramingChecker.h new file mode 100644 index 0000000000..a91c353072 --- /dev/null +++ b/dom/security/FramingChecker.h @@ -0,0 +1,51 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_dom_FramingChecker_h +#define mozilla_dom_FramingChecker_h + +#include "nsStringFwd.h" + +class nsIDocShell; +class nsIChannel; +class nsIHttpChannel; +class nsIDocShellTreeItem; +class nsIURI; +class nsIContentSecurityPolicy; + +namespace mozilla::dom { +class BrowsingContext; +} // namespace mozilla::dom + +class FramingChecker { + public: + // Determine if X-Frame-Options allows content to be framed + // as a subdocument + static bool CheckFrameOptions(nsIChannel* aChannel, + nsIContentSecurityPolicy* aCSP, + bool& outIsFrameCheckingSkipped); + + protected: + struct XFOHeader { + bool ALLOWALL = false; + bool SAMEORIGIN = false; + bool DENY = false; + bool INVALID = false; + }; + + /** + * Logs to the window about a X-Frame-Options error. + * + * @param aMessageTag the error message identifier to log + * @param aChannel the HTTP Channel + * @param aURI the URI of the frame attempting to load + * @param aPolicy the header value string from the frame to the console. + */ + static void ReportError(const char* aMessageTag, nsIHttpChannel* aChannel, + nsIURI* aURI, const nsAString& aPolicy); +}; + +#endif /* mozilla_dom_FramingChecker_h */ -- cgit v1.2.3