diff options
Diffstat (limited to '')
-rw-r--r-- | dom/security/FramingChecker.h | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/dom/security/FramingChecker.h b/dom/security/FramingChecker.h new file mode 100644 index 0000000000..17f0bef82f --- /dev/null +++ b/dom/security/FramingChecker.h @@ -0,0 +1,48 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_dom_FramingChecker_h +#define mozilla_dom_FramingChecker_h + +#include "nsStringFwd.h" + +class nsIDocShell; +class nsIChannel; +class nsIHttpChannel; +class nsIDocShellTreeItem; +class nsIURI; +class nsIContentSecurityPolicy; + +namespace mozilla::dom { +class BrowsingContext; +} // namespace mozilla::dom + +class FramingChecker { + public: + // Determine if X-Frame-Options allows content to be framed + // as a subdocument + static bool CheckFrameOptions(nsIChannel* aChannel, + nsIContentSecurityPolicy* aCSP); + + protected: + enum XFOHeader { eDENY, eSAMEORIGIN }; + + /** + * Logs to the window about a X-Frame-Options error. + * + * @param aMessageTag the error message identifier to log + * @param aChannel the HTTP Channel + * @param aURI the URI of the frame attempting to load + * @param aPolicy the header value string from the frame to the console. + */ + static void ReportError(const char* aMessageTag, nsIHttpChannel* aChannel, + nsIURI* aURI, const nsAString& aPolicy); + + static bool CheckOneFrameOptionsPolicy(nsIHttpChannel* aHttpChannel, + const nsAString& aPolicy); +}; + +#endif /* mozilla_dom_FramingChecker_h */ |