summaryrefslogtreecommitdiffstats
path: root/dom/security/nsMixedContentBlocker.h
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/nsMixedContentBlocker.h')
-rw-r--r--dom/security/nsMixedContentBlocker.h96
1 files changed, 96 insertions, 0 deletions
diff --git a/dom/security/nsMixedContentBlocker.h b/dom/security/nsMixedContentBlocker.h
new file mode 100644
index 0000000000..c47423407a
--- /dev/null
+++ b/dom/security/nsMixedContentBlocker.h
@@ -0,0 +1,96 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsMixedContentBlocker_h___
+#define nsMixedContentBlocker_h___
+
+#define NS_MIXEDCONTENTBLOCKER_CONTRACTID "@mozilla.org/mixedcontentblocker;1"
+/* daf1461b-bf29-4f88-8d0e-4bcdf332c862 */
+#define NS_MIXEDCONTENTBLOCKER_CID \
+ { \
+ 0xdaf1461b, 0xbf29, 0x4f88, { \
+ 0x8d, 0x0e, 0x4b, 0xcd, 0xf3, 0x32, 0xc8, 0x62 \
+ } \
+ }
+
+// This enum defines type of content that is detected when an
+// nsMixedContentEvent fires
+enum MixedContentTypes {
+ // "Active" content, such as fonts, plugin content, JavaScript, stylesheets,
+ // iframes, WebSockets, and XHR
+ eMixedScript,
+ // "Display" content, such as images, audio, video, and <a ping>
+ eMixedDisplay
+};
+
+#include "nsIContentPolicy.h"
+#include "nsIChannel.h"
+#include "nsIChannelEventSink.h"
+#include "imgRequest.h"
+
+using mozilla::OriginAttributes;
+
+class nsILoadInfo; // forward declaration
+namespace mozilla::net {
+class nsProtocolProxyService; // forward declaration
+} // namespace mozilla::net
+
+class nsMixedContentBlocker : public nsIContentPolicy,
+ public nsIChannelEventSink {
+ private:
+ virtual ~nsMixedContentBlocker();
+
+ public:
+ NS_DECL_ISUPPORTS
+ NS_DECL_NSICONTENTPOLICY
+ NS_DECL_NSICHANNELEVENTSINK
+
+ nsMixedContentBlocker() = default;
+
+ // See:
+ // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
+ static bool IsPotentiallyTrustworthyLoopbackHost(
+ const nsACString& aAsciiHost);
+ static bool IsPotentiallyTrustworthyLoopbackURL(nsIURI* aURL);
+ static bool IsPotentiallyTrustworthyOnion(nsIURI* aURL);
+ static bool IsPotentiallyTrustworthyOrigin(nsIURI* aURI);
+
+ /**
+ * Returns true if the provided content policy type is subject to the
+ * mixed content level 2 upgrading mechanism (audio, video, image).
+ */
+ static bool IsUpgradableContentType(nsContentPolicyType aType);
+
+ /* Static version of ShouldLoad() that contains all the Mixed Content Blocker
+ * logic. Called from non-static ShouldLoad().
+ * Called directly from imageLib when an insecure redirect exists in a cached
+ * image load.
+ * @param aHadInsecureImageRedirect
+ * boolean flag indicating that an insecure redirect through http
+ * occured when this image was initially loaded and cached.
+ * @param aReportError
+ * boolean flag indicating if a rejection should automaticly be
+ * logged into the Console.
+ * Remaining parameters are from nsIContentPolicy::ShouldLoad().
+ */
+ static nsresult ShouldLoad(bool aHadInsecureImageRedirect,
+ nsIURI* aContentLocation, nsILoadInfo* aLoadInfo,
+ const nsACString& aMimeGuess, bool aReportError,
+ int16_t* aDecision);
+ static void AccumulateMixedContentHSTS(
+ nsIURI* aURI, bool aActive, const OriginAttributes& aOriginAttributes);
+
+ static bool URISafeToBeLoadedInSecureContext(nsIURI* aURI);
+
+ static void OnPrefChange(const char* aPref, void* aClosure);
+ static void GetSecureContextAllowList(nsACString& aList);
+ static void Shutdown();
+
+ static bool sSecurecontextAllowlistCached;
+ static nsCString* sSecurecontextAllowlist;
+};
+
+#endif /* nsMixedContentBlocker_h___ */