/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* vim: set ft=cpp tw=78 sw=2 et ts=8 : */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "nsISupports.idl" interface nsIURI; interface nsILoadInfo; /** * Interface for content policy mechanism. Implementations of this * interface can be used to control loading of various types of out-of-line * content, or processing of certain types of in-line content. * * WARNING: do not block the caller from shouldLoad or shouldProcess (e.g., * by launching a dialog to prompt the user for something). */ [scriptable, uuid(caad4f1f-d047-46ac-ae9d-dc598e4fb91b)] interface nsIContentPolicy : nsISupports { /** * The type of nsIContentPolicy::TYPE_* */ cenum nsContentPolicyType : 8 { /** * Indicates a unset or bogus policy type. */ TYPE_INVALID = 0, /** * Gecko/Firefox developers: Avoid using TYPE_OTHER. Especially for * requests that are coming from webpages. Or requests in general which * you expect that security checks will be done on. * Always use a more specific type if one is available. And do not hesitate * to add more types as appropriate. * But if you are fairly sure that no one would care about your more specific * type, then it's ok to use TYPE_OTHER. * * Implementations of nsIContentPolicy should treat this the same way they * treat unknown types, because existing users of TYPE_OTHER may be converted * to use new content types. * * Note that the TYPE_INTERNAL_* constants are never passed to content * policy implementations. They are mapped to other TYPE_* constants, and * are only intended for internal usage inside Gecko. */ TYPE_OTHER = 1, /** * Indicates an executable script (such as JavaScript). */ TYPE_SCRIPT = 2, /** * Indicates an image (e.g., IMG elements). */ TYPE_IMAGE = 3, /** * Indicates a stylesheet (e.g., STYLE elements). */ TYPE_STYLESHEET = 4, /** * Indicates a generic object (plugin-handled content typically falls under * this category). */ TYPE_OBJECT = 5, /** * Indicates a document at the top-level (i.e., in a browser). */ TYPE_DOCUMENT = 6, /** * Indicates a document contained within another document (e.g., IFRAMEs, * FRAMES, and OBJECTs). */ TYPE_SUBDOCUMENT = 7, /* * XXX: nsContentPolicyType = 8 used to inicate a timed refresh request. */ /* * XXX: nsContentPolicyType = 9 used to inicate an XBL binding request. */ /** * Indicates a ping triggered by a click on element. */ TYPE_PING = 10, /** * Indicates an XMLHttpRequest. Also used for document.load and for EventSource. */ TYPE_XMLHTTPREQUEST = 11, /** * Indicates a request by a plugin. */ TYPE_OBJECT_SUBREQUEST = 12, /** * Indicates a DTD loaded by an XML document. */ TYPE_DTD = 13, /** * Indicates a font loaded via @font-face rule. */ TYPE_FONT = 14, /** * Indicates a video or audio load. */ TYPE_MEDIA = 15, /** * Indicates a WebSocket load. */ TYPE_WEBSOCKET = 16, /** * Indicates a Content Security Policy report. */ TYPE_CSP_REPORT = 17, /** * Indicates a style sheet transformation. */ TYPE_XSLT = 18, /** * Indicates a beacon post. */ TYPE_BEACON = 19, /** * Indicates a load initiated by the fetch() function from the Fetch * specification. */ TYPE_FETCH = 20, /** * Indicates a or request. */ TYPE_IMAGESET = 21, /** * Indicates a web manifest. */ TYPE_WEB_MANIFEST = 22, /** * Indicates an internal constant for scripts loaded through script * elements. * * This will be mapped to TYPE_SCRIPT before being passed to content policy * implementations. */ TYPE_INTERNAL_SCRIPT = 23, /** * Indicates an internal constant for scripts loaded through a dedicated * worker. * * This will be mapped to TYPE_SCRIPT before being passed to content policy * implementations. */ TYPE_INTERNAL_WORKER = 24, /** * Indicates an internal constant for scripts loaded through a shared * worker. * * This will be mapped to TYPE_SCRIPT before being passed to content policy * implementations. */ TYPE_INTERNAL_SHARED_WORKER = 25, /** * Indicates an internal constant for content loaded from embed elements. * * This will be mapped to TYPE_OBJECT. */ TYPE_INTERNAL_EMBED = 26, /** * Indicates an internal constant for content loaded from object elements. * * This will be mapped to TYPE_OBJECT. */ TYPE_INTERNAL_OBJECT = 27, /** * Indicates an internal constant for content loaded from frame elements. * * This will be mapped to TYPE_SUBDOCUMENT. */ TYPE_INTERNAL_FRAME = 28, /** * Indicates an internal constant for content loaded from iframe elements. * * This will be mapped to TYPE_SUBDOCUMENT. */ TYPE_INTERNAL_IFRAME = 29, /** * Indicates an internal constant for content loaded from audio elements. * * This will be mapped to TYPE_MEDIA. */ TYPE_INTERNAL_AUDIO = 30, /** * Indicates an internal constant for content loaded from video elements. * * This will be mapped to TYPE_MEDIA. */ TYPE_INTERNAL_VIDEO = 31, /** * Indicates an internal constant for content loaded from track elements. * * This will be mapped to TYPE_MEDIA. */ TYPE_INTERNAL_TRACK = 32, /** * Indicates an internal constant for an XMLHttpRequest. * * This will be mapped to TYPE_XMLHTTPREQUEST. */ TYPE_INTERNAL_XMLHTTPREQUEST = 33, /** * Indicates an internal constant for EventSource. * * This will be mapped to TYPE_XMLHTTPREQUEST. */ TYPE_INTERNAL_EVENTSOURCE = 34, /** * Indicates an internal constant for scripts loaded through a service * worker. * * This will be mapped to TYPE_SCRIPT before being passed to content policy * implementations. */ TYPE_INTERNAL_SERVICE_WORKER = 35, /** * Indicates an internal constant for *preloaded* scripts * loaded through script elements. * * This will be mapped to TYPE_SCRIPT before being passed * to content policy implementations. */ TYPE_INTERNAL_SCRIPT_PRELOAD = 36, /** * Indicates an internal constant for normal images. * * This will be mapped to TYPE_IMAGE before being passed * to content policy implementations. */ TYPE_INTERNAL_IMAGE = 37, /** * Indicates an internal constant for *preloaded* images. * * This will be mapped to TYPE_IMAGE before being passed * to content policy implementations. */ TYPE_INTERNAL_IMAGE_PRELOAD = 38, /** * Indicates an internal constant for normal stylesheets. * * This will be mapped to TYPE_STYLESHEET before being passed * to content policy implementations. */ TYPE_INTERNAL_STYLESHEET = 39, /** * Indicates an internal constant for *preloaded* stylesheets. * * This will be mapped to TYPE_STYLESHEET before being passed * to content policy implementations. */ TYPE_INTERNAL_STYLESHEET_PRELOAD = 40, /** * Indicates an internal constant for favicon. * * This will be mapped to TYPE_IMAGE before being passed * to content policy implementations. */ TYPE_INTERNAL_IMAGE_FAVICON = 41, /** * Indicates an importScripts() inside a worker script. * * This will be mapped to TYPE_SCRIPT before being passed to content policy * implementations. */ TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS = 42, /** * Indicates an save-as link download from the front-end code. */ TYPE_SAVEAS_DOWNLOAD = 43, /** * Indicates a speculative connection. */ TYPE_SPECULATIVE = 44, /** * Indicates an internal constant for ES6 module scripts * loaded through script elements or an import statement (static import) or * an import expression (dynamic import). * It also indicates the load for dynamic import in workers. * For static import in module workers, * please check TYPE_INTERNAL_WORKER_STATIC_MODULE. * * This will be mapped to TYPE_SCRIPT before being passed * to content policy implementations. */ TYPE_INTERNAL_MODULE = 45, /** * Indicates an internal constant for *preloaded* ES6 module scripts * loaded through script elements or an import statement. * * This will be mapped to TYPE_SCRIPT before being passed * to content policy implementations. */ TYPE_INTERNAL_MODULE_PRELOAD = 46, /** * Indicates a DTD loaded by an XML document the URI of which could * not be mapped to a known local DTD. */ TYPE_INTERNAL_DTD = 47, /** * Indicates a TYPE_INTERNAL_DTD which will not be blocked no matter * what principal is being loaded from. */ TYPE_INTERNAL_FORCE_ALLOWED_DTD = 48, /** * Indicates an internal constant for scripts loaded through an * audioWorklet. * * This will be mapped to TYPE_SCRIPT before being passed to content policy * implementations. */ TYPE_INTERNAL_AUDIOWORKLET = 49, /** * Indicates an internal constant for scripts loaded through an * paintWorklet. * * This will be mapped to TYPE_SCRIPT before being passed to content policy * implementations. */ TYPE_INTERNAL_PAINTWORKLET = 50, /** * Same as TYPE_FONT but indicates this is a * preload initiated load. */ TYPE_INTERNAL_FONT_PRELOAD = 51, /** * Indicates the load of a (Firefox-internal) script through ChromeUtils * * This will be mapped to TYPE_SCRIPT before being passed to content policy * implementations. */ TYPE_INTERNAL_CHROMEUTILS_COMPILED_SCRIPT = 52, /** * Indicates the load of a script through FrameMessageManager * * This will be mapped to TYPE_SCRIPT before being passed to content policy * implementations. */ TYPE_INTERNAL_FRAME_MESSAGEMANAGER_SCRIPT = 53, /** * Indicates an internal constant for *preloaded* fetch * loaded through link elements. * * This will be mapped to TYPE_FETCH before being passed * to content policy implementations. */ TYPE_INTERNAL_FETCH_PRELOAD = 54, /** * Indicates a font loaded via @font-face rule in an UA style sheet. * (CSP does not apply.) */ TYPE_UA_FONT = 55, /** * Indicates the establishment of a TCP or TLS connection via an * http/https proxy that will be used for webrtc media. When no web proxy * is involved, webrtc uses lower level sockets that are not subject to * any sort of content policy. */ TYPE_PROXIED_WEBRTC_MEDIA = 56, /** * Indicates the load of data via the Federated Credential Management API * with data destined for a browser context. */ TYPE_WEB_IDENTITY = 57, /** * Indicates the load of a static module on workers. */ TYPE_INTERNAL_WORKER_STATIC_MODULE = 58, /** * Indicates Webtransport request */ TYPE_WEB_TRANSPORT = 59, /** * Used to indicate the end of this list, not a content policy. If you want * to add a new content policy type, place it before this sentinel value * TYPE_END, have it use TYPE_END's current value, and increment TYPE_END by * one. (TYPE_END should always have the highest numerical value.) */ TYPE_END = 60, /* When adding new content types, please update * NS_CP_ContentTypeName, nsCSPContext, CSP_ContentTypeToDirective, * DoContentSecurityChecks, all nsIContentPolicy implementations, the * static_assert in dom/cache/DBSchema.cpp, ChannelWrapper.webidl, * ChannelWrapper.cpp, PermissionManager.cpp, * IPCMessageUtilsSpecializations.h, and other things that are not * listed here that are related to nsIContentPolicy. */ }; ////////////////////////////////////////////////////////////////////// /** * Returned from shouldLoad or shouldProcess if the load or process request * is rejected based on details of the request. */ const short REJECT_REQUEST = -1; /** * Returned from shouldLoad or shouldProcess if the load/process is rejected * based solely on its type (of the above flags). * * NOTE that it is not meant to stop future requests for this type--only the * current request. */ const short REJECT_TYPE = -2; /** * Returned from shouldLoad or shouldProcess if the load/process is rejected * based on the server it is hosted on or requested from (aContentLocation or * aRequestOrigin), e.g., if you block an IMAGE because it is served from * goatse.cx (even if you don't necessarily block other types from that * server/domain). * * NOTE that it is not meant to stop future requests for this server--only the * current request. */ const short REJECT_SERVER = -3; /** * Returned from shouldLoad or shouldProcess if the load/process is rejected * based on some other criteria. Mozilla callers will handle this like * REJECT_REQUEST; third-party implementors may, for example, use this to * direct their own callers to consult the extra parameter for additional * details. */ const short REJECT_OTHER = -4; /** * Returned from shouldLoad or shouldProcess if the load/process is forbiddden * based on enterprise policy. */ const short REJECT_POLICY = -5; /** * Returned from shouldLoad or shouldProcess if the load or process request * is not rejected. */ const short ACCEPT = 1; /** * Should the resource at this location be loaded? * ShouldLoad will be called before loading the resource at aContentLocation * to determine whether to start the load at all. * * @param aContentLocation the location of the content being checked; must * not be null * * @param aLoadInfo the loadinfo of the channel being evaluated. * * @return ACCEPT or REJECT_* * * @note shouldLoad can be called while the DOM and layout of the document * involved is in an inconsistent state. This means that implementors of * this method MUST NOT do any of the following: * 1) Modify the DOM in any way (e.g. setting attributes is a no-no). * 2) Query any DOM properties that depend on layout (e.g. offset* * properties). * 3) Query any DOM properties that depend on style (e.g. computed style). * 4) Query any DOM properties that depend on the current state of the DOM * outside the "context" node (e.g. lengths of node lists). * 5) [JavaScript implementations only] Access properties of any sort on any * object without using XPCNativeWrapper (either explicitly or * implicitly). Due to various DOM0 things, this leads to item 4. * If you do any of these things in your shouldLoad implementation, expect * unpredictable behavior, possibly including crashes, content not showing * up, content showing up doubled, etc. If you need to do any of the things * above, do them off timeout or event. */ short shouldLoad(in nsIURI aContentLocation, in nsILoadInfo aLoadInfo); /** * Should the resource be processed? * ShouldProcess will be called once all the information passed to it has * been determined about the resource, typically after part of the resource * has been loaded. * * @param aContentLocation OPTIONAL; the location of the resource being * requested: MAY be, e.g., a post-redirection URI * for the resource. * * @param aLoadInfo the loadinfo of the channel being evaluated. * * @return ACCEPT or REJECT_* * * @note shouldProcess can be called while the DOM and layout of the document * involved is in an inconsistent state. See the note on shouldLoad to see * what this means for implementors of this method. */ short shouldProcess(in nsIURI aContentLocation, in nsILoadInfo aLoadInfo); }; typedef nsIContentPolicy_nsContentPolicyType nsContentPolicyType; %{C++ enum class ExtContentPolicyType : uint8_t { /** * The type of ExtContentPolicy::TYPE_* */ TYPE_INVALID = nsIContentPolicy::TYPE_INVALID, TYPE_OTHER = nsIContentPolicy::TYPE_OTHER, TYPE_SCRIPT = nsIContentPolicy::TYPE_SCRIPT, TYPE_IMAGE = nsIContentPolicy::TYPE_IMAGE, TYPE_STYLESHEET = nsIContentPolicy::TYPE_STYLESHEET, TYPE_OBJECT = nsIContentPolicy::TYPE_OBJECT, TYPE_DOCUMENT = nsIContentPolicy::TYPE_DOCUMENT, TYPE_SUBDOCUMENT = nsIContentPolicy::TYPE_SUBDOCUMENT, TYPE_PING = nsIContentPolicy::TYPE_PING, TYPE_XMLHTTPREQUEST = nsIContentPolicy::TYPE_XMLHTTPREQUEST, TYPE_OBJECT_SUBREQUEST = nsIContentPolicy::TYPE_OBJECT_SUBREQUEST, TYPE_DTD = nsIContentPolicy::TYPE_DTD, TYPE_FONT = nsIContentPolicy::TYPE_FONT, TYPE_MEDIA = nsIContentPolicy::TYPE_MEDIA, TYPE_WEBSOCKET = nsIContentPolicy::TYPE_WEBSOCKET, TYPE_CSP_REPORT = nsIContentPolicy::TYPE_CSP_REPORT, TYPE_XSLT = nsIContentPolicy::TYPE_XSLT, TYPE_BEACON = nsIContentPolicy::TYPE_BEACON, TYPE_FETCH = nsIContentPolicy::TYPE_FETCH, TYPE_IMAGESET = nsIContentPolicy::TYPE_IMAGESET, TYPE_WEB_MANIFEST = nsIContentPolicy::TYPE_WEB_MANIFEST, TYPE_SAVEAS_DOWNLOAD = nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD, TYPE_SPECULATIVE = nsIContentPolicy::TYPE_SPECULATIVE, TYPE_UA_FONT = nsIContentPolicy::TYPE_UA_FONT, TYPE_PROXIED_WEBRTC_MEDIA = nsIContentPolicy::TYPE_PROXIED_WEBRTC_MEDIA, TYPE_WEB_IDENTITY = nsIContentPolicy::TYPE_WEB_IDENTITY, TYPE_WEB_TRANSPORT = nsIContentPolicy::TYPE_WEB_TRANSPORT, }; typedef ExtContentPolicyType ExtContentPolicy; %}