1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
|
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
%{C++
#include "nsCOMPtr.h"
/**
* Protocol handlers are registered with XPCOM under the following CONTRACTID prefix:
*/
#define NS_NETWORK_PROTOCOL_CONTRACTID_PREFIX "@mozilla.org/network/protocol;1?name="
/**
* For example, "@mozilla.org/network/protocol;1?name=http"
*/
#if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
#define IS_ORIGIN_IS_FULL_SPEC_DEFINED 1
#endif
%}
interface nsIURI;
interface nsIChannel;
interface nsILoadInfo;
/**
* nsIProtocolHandlerWithDynamicFlags
*
* Protocols that wish to return different flags depending on the URI should
* implement this interface.
*/
[scriptable, builtinclass, uuid(65a8e823-0591-4fc0-a56a-03265e0a4ce8)]
interface nsIProtocolHandlerWithDynamicFlags : nsISupports
{
/*
* Returns protocol flags for the given URI, which may be different from the
* flags for another URI of the same scheme.
*
* Only DYNAMIC_URI_FLAGS may be different from the registered flags for the
* protocol handler.
*/
unsigned long getFlagsForURI(in nsIURI aURI);
};
/**
* nsIProtocolHandler
*/
[scriptable, uuid(a87210e6-7c8c-41f7-864d-df809015193e)]
interface nsIProtocolHandler : nsISupports
{
/**
* The scheme of this protocol (e.g., "file").
*/
readonly attribute ACString scheme;
/**
* Constructs a new channel from the given URI for this protocol handler and
* sets the loadInfo for the constructed channel.
*/
nsIChannel newChannel(in nsIURI aURI, in nsILoadInfo aLoadinfo);
/**
* Allows a protocol to override blacklisted ports.
*
* This method will be called when there is an attempt to connect to a port
* that is blacklisted. For example, for most protocols, port 25 (Simple Mail
* Transfer) is banned. When a URI containing this "known-to-do-bad-things"
* port number is encountered, this function will be called to ask if the
* protocol handler wants to override the ban.
*/
boolean allowPort(in long port, in string scheme);
/**************************************************************************
* Constants for the protocol flags (the first is the default mask, the
* others are deviations):
*
* NOTE: Protocol flags are provided when the protocol handler is
* registered, either through a static component or dynamically with
* `nsIIOService.registerProtocolHandler`.
*
* NOTE: Implementation must ignore any flags they do not understand.
*/
/**
* standard full URI with authority component and concept of relative
* URIs (http, ...)
*/
const unsigned long URI_STD = 0;
/**
* no concept of relative URIs (about, javascript, finger, ...)
*/
const unsigned long URI_NORELATIVE = (1<<0);
/**
* no authority component (file, ...)
*/
const unsigned long URI_NOAUTH = (1<<1);
/**
* This protocol handler can be proxied via a proxy (socks or http)
* (e.g., irc, smtp, http, etc.). If the protocol supports transparent
* proxying, the handler should implement nsIProxiedProtocolHandler.
*
* If it supports only HTTP proxying, then it need not support
* nsIProxiedProtocolHandler, but should instead set the ALLOWS_PROXY_HTTP
* flag (see below).
*
* @see nsIProxiedProtocolHandler
*/
const unsigned long ALLOWS_PROXY = (1<<2);
/**
* This protocol handler can be proxied using a http proxy (e.g., http,
* etc.). nsIIOService::newChannelFromURI will feed URIs from this
* protocol handler to the HTTP protocol handler instead. This flag is
* ignored if ALLOWS_PROXY is not set.
*/
const unsigned long ALLOWS_PROXY_HTTP = (1<<3);
/**
* The URIs for this protocol have no inherent security context, so
* documents loaded via this protocol should inherit the security context
* from the document that loads them.
*/
const unsigned long URI_INHERITS_SECURITY_CONTEXT = (1<<4);
/**
* "Automatic" loads that would replace the document (e.g. <meta> refresh,
* certain types of XLinks, possibly other loads that the application
* decides are not user triggered) are not allowed if the originating (NOT
* the target) URI has this protocol flag. Note that the decision as to
* what constitutes an "automatic" load is made externally, by the caller
* of nsIScriptSecurityManager::CheckLoadURI. See documentation for that
* method for more information.
*
* A typical protocol that might want to set this flag is a protocol that
* shows highly untrusted content in a viewing area that the user expects
* to have a lot of control over, such as an e-mail reader.
*/
const unsigned long URI_FORBIDS_AUTOMATIC_DOCUMENT_REPLACEMENT = (1<<5);
/**
* +-------------------------------------------------------------------+
* | |
* | ALL PROTOCOL HANDLERS MUST SET ONE OF THE FOLLOWING FIVE FLAGS. |
* | |
* +-------------------------------------------------------------------+
*
* * URI_LOADABLE_BY_ANYONE
* * URI_DANGEROUS_TO_LOAD
* * URI_IS_UI_RESOURCE
* * URI_IS_LOCAL_FILE
* * URI_LOADABLE_BY_SUBSUMERS
*
* These flags are used to determine who is allowed to load URIs for this
* protocol. Note that if a URI is nested, only the flags for the
* innermost URI matter. See nsINestedURI.
*
* If none of these five flags are set, the ContentSecurityManager will
* deny the load.
*/
/**
* The URIs for this protocol can be loaded by anyone. For example, any
* website should be allowed to trigger a load of a URI for this protocol.
* Web-safe protocols like "http" should set this flag.
*/
const unsigned long URI_LOADABLE_BY_ANYONE = (1<<6);
/**
* The URIs for this protocol are UNSAFE if loaded by untrusted (web)
* content and may only be loaded by privileged code (for example, code
* which has the system principal). Various internal protocols should set
* this flag.
*/
const unsigned long URI_DANGEROUS_TO_LOAD = (1<<7);
/**
* The URIs for this protocol point to resources that are part of the
* application's user interface. There are cases when such resources may
* be made accessible to untrusted content such as web pages, so this is
* less restrictive than URI_DANGEROUS_TO_LOAD but more restrictive than
* URI_LOADABLE_BY_ANYONE. See the documentation for
* nsIScriptSecurityManager::CheckLoadURI.
*/
const unsigned long URI_IS_UI_RESOURCE = (1<<8);
/**
* Loading of URIs for this protocol from other origins should only be
* allowed if those origins should have access to the local filesystem.
* It's up to the application to decide what origins should have such
* access. Protocols like "file" that point to local data should set this
* flag.
*/
const unsigned long URI_IS_LOCAL_FILE = (1<<9);
/**
* The URIs for this protocol can be loaded only by callers with a
* principal that subsumes this uri. For example, privileged code and
* websites that are same origin as this uri.
*/
const unsigned long URI_LOADABLE_BY_SUBSUMERS = (1<<10);
/**
* Channels using this protocol never call OnDataAvailable
* on the listener passed to AsyncOpen and they therefore
* do not return any data that we can use.
*/
const unsigned long URI_DOES_NOT_RETURN_DATA = (1<<11);
/**
* URIs for this protocol are considered to be local resources. This could
* be a local file (URI_IS_LOCAL_FILE), a UI resource (URI_IS_UI_RESOURCE),
* or something else that would not hit the network.
*/
const unsigned long URI_IS_LOCAL_RESOURCE = (1<<12);
/**
* URIs for this protocol execute script when they are opened.
*/
const unsigned long URI_OPENING_EXECUTES_SCRIPT = (1<<13);
/**
* Loading channels from this protocol has side-effects that make
* it unsuitable for saving to a local file.
*/
const unsigned long URI_NON_PERSISTABLE = (1<<14);
/**
* URIs for this protocol require the webapps permission on the principal
* when opening URIs for a different domain. See bug#773886
*/
const unsigned long URI_CROSS_ORIGIN_NEEDS_WEBAPPS_PERM = (1<<15);
/**
* Channels for this protocol don't need to spin the event loop to handle
* Open() and reads on the resulting stream.
*/
const unsigned long URI_SYNC_LOAD_IS_OK = (1<<16);
/**
* All the origins whose URI has this scheme are considered potentially
* trustworthy.
* Per the SecureContext spec, https: and wss: should be considered
* a priori secure, and implementations may consider other,
* implementation-specific URI schemes as secure.
*/
const unsigned long URI_IS_POTENTIALLY_TRUSTWORTHY = (1<<17);
/**
* This URI may be fetched and the contents are visible to anyone. This is
* semantically equivalent to the resource being served with all-access CORS
* headers. This is only used in MV2 Extensions and should not otherwise
* be used.
*/
const unsigned long URI_FETCHABLE_BY_ANYONE = (1 << 18);
/**
* If this flag is set, then the origin for this protocol is the full URI
* spec, not just the scheme + host + port.
*
* Note: this is not supported in Firefox. It is currently only available
* in Thunderbird and SeaMonkey.
*/
const unsigned long ORIGIN_IS_FULL_SPEC = (1 << 19);
/**
* If this flag is set, the URI does not always allow content using the same
* protocol to link to it.
*/
const unsigned long URI_SCHEME_NOT_SELF_LINKABLE = (1 << 20);
/**
* The URIs for this protocol can be loaded by extensions.
*/
const unsigned long URI_LOADABLE_BY_EXTENSIONS = (1 << 21);
/**
* The URIs for this protocol can not be loaded into private contexts.
*/
const unsigned long URI_DISALLOW_IN_PRIVATE_CONTEXT = (1 << 22);
/**
* This protocol handler forbids accessing cookies e.g. for mail related
* protocols. Only used in Mailnews (comm-central).
*/
const unsigned long URI_FORBIDS_COOKIE_ACCESS = (1 << 23);
/**
* This is an extension web accessible uri that is loadable if checked
* against an allowlist using ExtensionPolicyService::SourceMayLoadExtensionURI.
*/
const unsigned long WEBEXT_URI_WEB_ACCESSIBLE = (1 << 24);
/**
* Flags which are allowed to be different from the static flags when
* returned from `nsIProtocolHandlerWithDynamicFlags::getFlagsForURI`.
*
* All other flags must match the flags provided when the protocol handler
* was registered.
*/
const unsigned long DYNAMIC_URI_FLAGS =
URI_LOADABLE_BY_ANYONE | URI_DANGEROUS_TO_LOAD |
URI_IS_POTENTIALLY_TRUSTWORTHY | URI_FETCHABLE_BY_ANYONE |
URI_LOADABLE_BY_EXTENSIONS | URI_DISALLOW_IN_PRIVATE_CONTEXT |
WEBEXT_URI_WEB_ACCESSIBLE;
};
|