/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- * vim: ft=cpp tw=78 sw=2 et ts=2 sts=2 cin * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "nsISupports.idl" #include "nsIContentPolicy.idl" #include "nsIScriptSecurityManager.idl" #include "nsIInterceptionInfo.idl" interface nsIChannel; interface nsIContentSecurityPolicy; interface nsICookieJarSettings; interface nsICSPEventListener; interface nsINode; interface nsIPrincipal; interface nsIRedirectHistoryEntry; interface nsIURI; webidl Document; webidl BrowsingContext; native LoadContextRef(already_AddRefed<nsISupports>); %{C++ #include "nsTArray.h" #include "mozilla/LoadTainting.h" #include "mozilla/OriginAttributes.h" #include "mozilla/UniquePtr.h" #include "nsStringFwd.h" namespace mozilla { namespace dom { class ClientInfo; class ClientSource; class PerformanceStorage; class ServiceWorkerDescriptor; } // namespace dom } // namespace mozilla %} [ref] native nsIRedirectHistoryEntryArray(const nsTArray<nsCOMPtr<nsIRedirectHistoryEntry>>); native OriginAttributes(mozilla::OriginAttributes); [ref] native const_OriginAttributesRef(const mozilla::OriginAttributes); [ref] native CStringArrayRef(const nsTArray<nsCString>); [ref] native StringArrayRef(const nsTArray<nsString>); [ref] native Uint64ArrayRef(const nsTArray<uint64_t>); [ref] native PrincipalArrayRef(const nsTArray<nsCOMPtr<nsIPrincipal>>); [ref] native const_ClientInfoRef(const mozilla::dom::ClientInfo); native UniqueClientSource(mozilla::UniquePtr<mozilla::dom::ClientSource>); native UniqueClientSourceMove(mozilla::UniquePtr<mozilla::dom::ClientSource>&&); [ref] native const_MaybeClientInfoRef(const mozilla::Maybe<mozilla::dom::ClientInfo>); [ref] native const_ServiceWorkerDescriptorRef(const mozilla::dom::ServiceWorkerDescriptor); [ref] native const_MaybeServiceWorkerDescriptorRef(const mozilla::Maybe<mozilla::dom::ServiceWorkerDescriptor>); [ptr] native PerformanceStoragePtr(mozilla::dom::PerformanceStorage); native LoadTainting(mozilla::LoadTainting); native CSPRef(already_AddRefed<nsIContentSecurityPolicy>); typedef unsigned long nsSecurityFlags; /** * The LoadInfo object contains information about a network load, why it * was started, and how we plan on using the resulting response. * If a network request is redirected, the new channel will receive a new * LoadInfo object. The new object will contain mostly the same * information as the pre-redirect one, but updated as appropriate. * For detailed information about what parts of LoadInfo are updated on * redirect, see documentation on individual properties. */ [scriptable, builtinclass, uuid(ddc65bf9-2f60-41ab-b22a-4f1ae9efcd36)] interface nsILoadInfo : nsISupports { /** * The following five flags determine the security mode and hence what kind of * security checks should be performed throughout the lifetime of the channel. * * * SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT * * SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED * * SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT * * SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL * * SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT * * Exactly one of these flags are required to be set in order to allow * the channel to perform the correct security checks (SOP, CORS, ...) and * return the correct result principal. If none or more than one of these * flags are set AsyncOpen will fail. */ /** * Warning: Never use this flag when creating a new channel! * Only use this flag if you have to create a temporary LoadInfo * for performing an explicit nsIContentPolicy check, like e.g. * when loading something from the cache that needs an explicit * nsIContentPolicy check. In all other cases pick one of the * security flags underneath. */ const unsigned long SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK = 0; /* * Enforce the same origin policy where loads inherit the principal. * See the documentation for principalToInherit, which describes exactly what * principal is inherited. */ const unsigned long SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT = (1<<0); /* * Enforce the same origin policy and data: loads are blocked. */ const unsigned long SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED = (1<<1); /** * Allow loads from other origins. Loads which inherit the principal should * see the documentation for principalToInherit, which describes exactly what * principal is inherited. * * Commonly used by plain <img>, <video>, <link rel=stylesheet> etc. */ const unsigned long SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT = (1 << 2); /** * Allow loads from other origins. Loads from data: will be allowed, * but the resulting resource will get a null principal. * Used in blink/webkit for <iframe>s. Likely also the mode * that should be used by most Chrome code. */ const unsigned long SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL = (1<<3); /** * Allow loads from any origin, but require CORS for cross-origin loads. * See the documentation for principalToInherit, which describes exactly what * principal is inherited. * * Commonly used by <img crossorigin>, <video crossorigin>, * XHR, fetch(), etc. */ const unsigned long SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT = (1<<4); /** * Choose cookie policy. The default policy is equivalent to "INCLUDE" for * SEC_REQUIRE_SAME_ORIGIN_* and SEC_ALLOW_CROSS_ORIGIN_* modes, and * equivalent to "SAME_ORIGIN" for SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT mode. * * This means that if you want to perform a CORS load with credentials, pass * SEC_COOKIES_INCLUDE. * * Note that these flags are still subject to the user's cookie policies. * For example, if the user is blocking 3rd party cookies, those cookies * will be blocked no matter which of these flags are set. */ const unsigned long SEC_COOKIES_DEFAULT = (0 << 5); const unsigned long SEC_COOKIES_INCLUDE = (1 << 5); const unsigned long SEC_COOKIES_SAME_ORIGIN = (2 << 5); const unsigned long SEC_COOKIES_OMIT = (3 << 5); /** * Force inheriting of the principal. See the documentation for * principalToInherit, which describes exactly what principal is inherited. * * Setting this flag will cause GetChannelResultPrincipal to return the * principal to be inherited as the channel principal. * * This will happen independently of the scheme of the URI that the * channel is loading. * * So if the principal that gets inherited is "http://a.com/", and the channel * is loading the URI "http://b.com/whatever", GetChannelResultPrincipal * will return a principal from "http://a.com/". * * This flag can not be used together with SANDBOXED_ORIGIN sandbox flag. If * both are passed to the LoadInfo constructor then this flag will be dropped. * If you need to know whether this flag would have been present but was dropped * due to sandboxing, check for the forceInheritPrincipalDropped flag. */ const unsigned long SEC_FORCE_INHERIT_PRINCIPAL = (1<<7); /** * Inherit the Principal for about:blank. */ const unsigned long SEC_ABOUT_BLANK_INHERITS = (1<<9); /** * Allow access to chrome: packages that are content accessible. */ const unsigned long SEC_ALLOW_CHROME = (1<<10); /** * Disallow access to javascript: uris. */ const unsigned long SEC_DISALLOW_SCRIPT = (1<<11); /** * Don't follow redirects. Instead the redirect response is returned * as a successful response for the channel. * * Redirects not initiated by a server response, i.e. REDIRECT_INTERNAL and * REDIRECT_STS_UPGRADE, are still followed. * * Note: If this flag is set and the channel response is a redirect, then * the response body might not be available. * This can happen if the redirect was cached. */ const unsigned long SEC_DONT_FOLLOW_REDIRECTS = (1<<12); /** * Load an error page, it should be one of following : about:neterror, * about:certerror, about:blocked, about:tabcrashed or about:restartrequired. */ const unsigned long SEC_LOAD_ERROR_PAGE = (1<<13); /** * Force inheriting of the principal, overruling any owner that might be set * on the channel. (Please note that channel.owner is deprecated and will be * removed within Bug 1286838). See the documentation for principalToInherit, * which describes exactly what principal is inherited. * * Setting this flag will cause GetChannelResultPrincipal to return the * principal to be inherited as the channel principal. * * This will happen independently of the scheme of the URI that the * channel is loading. */ const unsigned long SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER = (1<<14); /** * This is the principal of the network request's caller/requester where * the resulting resource will be used. I.e. it is the principal which * will get access to the result of the request. (Where "get access to" * might simply mean "embed" depending on the type of resource that is * loaded). * * For example for an image, it is the principal of the document where * the image is rendered. For a stylesheet it is the principal of the * document where the stylesheet will be applied. * * So if document at http://a.com/page.html loads an image from * http://b.com/pic.jpg, then loadingPrincipal will be * http://a.com/page.html. * * For <iframe> and <frame> loads, the LoadingPrincipal is the * principal of the parent document. For top-level loads, the * LoadingPrincipal is null. For all loads except top-level loads * the LoadingPrincipal is never null. * * If the loadingPrincipal is the system principal, no security checks * will be done at all. There will be no security checks on the initial * load or any subsequent redirects. This means there will be no * nsIContentPolicy checks or any CheckLoadURI checks. Because of * this, never set the loadingPrincipal to the system principal when * the URI to be loaded is controlled by a webpage. * If the loadingPrincipal and triggeringPrincipal are both * content principals, then we will always call into * nsIContentPolicies and CheckLoadURI. The call to nsIContentPolicies * and CheckLoadURI happen even if the URI to be loaded is same-origin * with the loadingPrincipal or triggeringPrincipal. */ readonly attribute nsIPrincipal loadingPrincipal; /** * A C++-friendly version of triggeringPrincipal. * * This is a bit awkward because we can't use * binaryname(GetLoadingPrincipal). */ [noscript, notxpcom, nostdcall] nsIPrincipal virtualGetLoadingPrincipal(); %{C++ nsIPrincipal* GetLoadingPrincipal() { return VirtualGetLoadingPrincipal(); } %} /** * This is the principal which caused the network load to start. I.e. * this is the principal which provided the URL to be loaded. This is * often the same as the LoadingPrincipal, but there are a few cases * where that's not true. * * For example for loads into an <iframe>, the LoadingPrincipal is always * the principal of the parent document. However the triggeringPrincipal * is the principal of the document which provided the URL that the * <iframe> is navigating to. This could be the previous document inside * the <iframe> which set document.location. Or a document elsewhere in * the frame tree which contained a <a target="..."> which targetted the * <iframe>. * * If a stylesheet links to a sub-resource, like an @imported stylesheet, * or a background image, then the triggeringPrincipal is the principal * of the stylesheet, while the LoadingPrincipal is the principal of the * document being styled. * * The triggeringPrincipal is never null. * * If the triggeringPrincipal is the system principal, no security checks * will be done at all. There will be no security checks on the initial * load or any subsequent redirects. This means there will be no * nsIContentPolicy checks or any CheckLoadURI checks. Because of * this, never set the triggeringPrincipal to the system principal when * the URI to be loaded is controlled by a webpage. * If the loadingPrincipal and triggeringPrincipal are both * content principals, then we will always call into * nsIContentPolicies and CheckLoadURI. The call to nsIContentPolicies * and CheckLoadURI happen even if the URI to be loaded is same-origin * with the loadingPrincipal or triggeringPrincipal. */ readonly attribute nsIPrincipal triggeringPrincipal; /** * A C++-friendly version of triggeringPrincipal. */ [noscript, notxpcom, nostdcall, binaryname(TriggeringPrincipal)] nsIPrincipal binaryTriggeringPrincipal(); /** * The remote type of the process which caused the network load to start. I.e. * this is the remote type of the process which provided the URL to be loaded. * * For subresource loads, this should be the same as the process which will * handle the response, however for document loads this may both be different * than the final process, as well as different from the process which starts * the navigation. * * This field is intentionally not perfectly preserved over IPC, and will be * reset to the remote type of the sending process when sent from a content * process to the parent process. */ attribute AUTF8String triggeringRemoteType; /** * For non-document loads the principalToInherit is always null. For * loads of type TYPE_DOCUMENT or TYPE_SUBDOCUMENT the principalToInherit * might be null. If it's non null, then this is the principal that is * inherited if a principal needs to be inherited. If the principalToInherit * is null but the inherit flag is set, then the triggeringPrincipal is * the principal that is inherited. */ attribute nsIPrincipal principalToInherit; /** * A C++-friendly version of principalToInherit. */ [noscript, notxpcom, nostdcall, binaryname(PrincipalToInherit)] nsIPrincipal binaryPrincipalToInherit(); /** * Finds the correct principal to inherit for the given channel, based on * the values of PrincipalToInherit and TriggeringPrincipal. */ [noscript, notxpcom, nostdcall] nsIPrincipal FindPrincipalToInherit(in nsIChannel aChannel); /** * This is the ownerDocument of the LoadingNode. Unless the LoadingNode * is a Document, in which case the LoadingDocument is the same as the * LoadingNode. * * For top-level loads, and for loads originating from workers, the * LoadingDocument is null. When the LoadingDocument is not null, the * LoadingPrincipal is set to the principal of the LoadingDocument. */ readonly attribute Document loadingDocument; /** * A C++-friendly version of loadingDocument (loadingNode). * This is the Node where the resulting resource will be used. I.e. it is * the Node which will get access to the result of the request. (Where * "get access to" might simply mean "embed" depending on the type of * resource that is loaded). * * For example for an <img>/<video> it is the image/video element. For * document loads inside <iframe> and <frame>s, the LoadingNode is the * <iframe>/<frame> element. For an XMLHttpRequest, it is the Document * which contained the JS which initiated the XHR. For a stylesheet, it * is the Document that contains <link rel=stylesheet>. * * For loads triggered by the HTML pre-parser, the LoadingNode is the * Document which is currently being parsed. * * For top-level loads, and for loads originating from workers, the * LoadingNode is null. If the LoadingNode is non-null, then the * LoadingPrincipal is the principal of the LoadingNode. */ [noscript, notxpcom, nostdcall, binaryname(LoadingNode)] nsINode binaryLoadingNode(); /** * A C++ friendly version of the loadingContext for toplevel loads. * Most likely you want to query the ownerDocument or LoadingNode * and not this context only available for TYPE_DOCUMENT loads. * Please note that except for loads of TYPE_DOCUMENT, this * ContextForTopLevelLoad will always return null. */ [noscript, notxpcom, nostdcall, binaryname(ContextForTopLevelLoad)] LoadContextRef binaryContextForTopLevelLoad(); /** * For all loads except loads of TYPE_DOCUMENT, the loadingContext * simply returns the loadingNode. For loads of TYPE_DOCUMENT this * will return the context available for top-level loads which * do not have a loadingNode. */ [binaryname(LoadingContextXPCOM)] readonly attribute nsISupports loadingContext; /** * A C++ friendly version of the loadingContext. */ [noscript, notxpcom, nostdcall, binaryname(GetLoadingContext)] LoadContextRef binaryGetLoadingContext(); /** * The securityFlags of that channel. */ readonly attribute nsSecurityFlags securityFlags; %{C++ inline nsSecurityFlags GetSecurityFlags() { nsSecurityFlags result; mozilla::DebugOnly<nsresult> rv = GetSecurityFlags(&result); MOZ_ASSERT(NS_SUCCEEDED(rv)); return result; } %} /** * The sandboxFlags of that channel. */ [infallible] readonly attribute unsigned long sandboxFlags; /** * The TriggingSandboxFlags are the SandboxFlags of the entity * responsible for causing the load to occur. */ [infallible] attribute unsigned long triggeringSandboxFlags; /** * Allows to query only the security mode bits from above. */ [infallible] readonly attribute unsigned long securityMode; /** * This flag is used for any browsing context where we should not sniff * the content type. E.g if an iframe has the XCTO nosniff header, then * that flag is set to true so we skip content sniffing for that browsing * context. */ [infallible] attribute boolean skipContentSniffing; /** * (default) If this flag is set, it has not yet been determined if the * HTTPS-Only mode will upgrade the request. */ const unsigned long HTTPS_ONLY_UNINITIALIZED = (1 << 0); /** * Indicates that the request will get upgraded, and the HTTPS-Only * StreamListener got registered. */ const unsigned long HTTPS_ONLY_UPGRADED_LISTENER_NOT_REGISTERED = (1 << 1); /** * Indicates that this is the first time the request gets upgraded, and thus * the HTTPS-Only StreamListener hasn't been registered yet. Even though there * might be multiple channels per request that have to be upgraded (e.g., * because of redirects), the StreamListener only has to be attached to one * channel. */ const unsigned long HTTPS_ONLY_UPGRADED_LISTENER_REGISTERED = (1 << 2); /** * This flag can be manually set if the HTTPS-Only mode should exempt the * request and not upgrade it. (e.g in the case of OCSP. */ const unsigned long HTTPS_ONLY_EXEMPT = (1 << 3); /** * This flag can only ever be set on top-level loads. It indicates * that the top-level https connection succeeded. This flag is mostly * used to counter time-outs which allows to cancel the channel * if the https load has not started. */ const unsigned long HTTPS_ONLY_TOP_LEVEL_LOAD_IN_PROGRESS = (1 << 4); /** * This flag can only ever be set on downloads. It indicates * that the download https connection succeeded. This flag is mostly * used to counter time-outs which allows to cancel the channel * if the https load has not started. */ const unsigned long HTTPS_ONLY_DOWNLOAD_IN_PROGRESS = (1 << 5); /** * This flag indicates that the request should not be logged to the * console. */ const unsigned long HTTPS_ONLY_DO_NOT_LOG_TO_CONSOLE = (1 << 6); /** * This flag indicates that the request was upgraded by https-first mode. */ const unsigned long HTTPS_ONLY_UPGRADED_HTTPS_FIRST = (1 << 7); /** * This flag indicates that the request should not be blocked by ORB. */ const unsigned long HTTPS_ONLY_BYPASS_ORB = (1 << 8); /** * Upgrade state of HTTPS-Only Mode. The flag HTTPS_ONLY_EXEMPT can get * set on requests that should be excempt from an upgrade. */ [infallible] attribute unsigned long httpsOnlyStatus; /** * Reflects whetehr this is an HTTP Strict Transport Security host */ [infallible] attribute boolean hstsStatus; /** * Returns true if at the time of the loadinfo construction the document * that triggered this load has the bit hasValidTransientUserGestureActivation * set or the load was triggered from External. (Mostly this bool is used * in the context of Sec-Fetch-User.) */ [infallible] attribute boolean hasValidUserGestureActivation; /** * We disallow the SystemPrincipal to initiate requests to * the public web. This flag is to allow exceptions. */ [infallible] attribute boolean allowDeprecatedSystemRequests; /** * Only ever returns true if the loadinfo is of TYPE_SCRIPT and * the script was created by the HTML parser. */ [infallible] attribute boolean parserCreatedScript; /** * True if this request is known to have been triggered by a user * manually requesting the URI to be saved. */ [infallible] attribute boolean isUserTriggeredSave; /** * True if this request is from DevTools. */ [infallible] attribute boolean isInDevToolsContext; /** * True if this request is embedded in a context that can't be third-party * (i.e. an iframe embedded in a cross-origin parent window). If this is * false, then this request may be third-party if it's a third-party to * loadingPrincipal. */ [infallible] attribute boolean isInThirdPartyContext; /** * True if this request is a third party in respect to the top-level window. * * Note that this doesn't consider the parent window. I.e. It will still * return false even in the case that the parent is cross-origin but the * top-level is same-origin. * * This value would be set during opening the channel in parent and propagate * to the channel in the content. */ [infallible] attribute boolean isThirdPartyContextToTopWindow; /** * See the SEC_COOKIES_* flags above. This attribute will never return * SEC_COOKIES_DEFAULT, but will instead return what the policy resolves to. * I.e. SEC_COOKIES_SAME_ORIGIN for CORS mode, and SEC_COOKIES_INCLUDE * otherwise. */ [infallible] readonly attribute unsigned long cookiePolicy; /** * The cookie jar settings inherited from the top-level document's loadInfo. * It cannot be null. */ attribute nsICookieJarSettings cookieJarSettings; cenum StoragePermissionState : 8 { NoStoragePermission = 0, HasStoragePermission = 1, StoragePermissionAllowListed = 2, }; /** * The result of the storage permission check of the loading document. This * value would be set during opening the channel. */ [infallible] attribute nsILoadInfo_StoragePermissionState storagePermission; /** * True if the load was triggered by a meta refresh. */ [infallible] attribute boolean isMetaRefresh; /** * If forceInheritPrincipal is true, the data coming from the channel should * inherit its principal, even when the data is loaded over http:// or another * protocol that would normally use a URI-based principal. * * See the documentation for principalToInherit, which describes exactly what * principal is inherited. * * This attribute will never be true when loadingSandboxed is true. */ [infallible] readonly attribute boolean forceInheritPrincipal; /** * If forceInheritPrincipalOverruleOwner is true, the data coming from the * channel should inherit the principal, even when the data is loaded over * http:// or another protocol that would normally use a URI-based principal * and even if the channel's .owner is not null. This last is the difference * between forceInheritPrincipalOverruleOwner and forceInheritPrincipal: the * latter does _not_ overrule the .owner setting. * * See the documentation for principalToInherit, which describes exactly what * principal is inherited. */ [infallible] readonly attribute boolean forceInheritPrincipalOverruleOwner; /** * If loadingSandboxed is true, the data coming from the channel is * being loaded sandboxed, so it should have a nonce origin and * hence should use a NullPrincipal. */ [infallible] readonly attribute boolean loadingSandboxed; /** * If aboutBlankInherits is true, then about:blank should inherit * the principal. */ [infallible] readonly attribute boolean aboutBlankInherits; /** * If allowChrome is true, then use nsIScriptSecurityManager::ALLOW_CHROME * when calling CheckLoadURIWithPrincipal(). */ [infallible] readonly attribute boolean allowChrome; /** * If disallowScript is true, then use nsIScriptSecurityManager::DISALLOW_SCRIPT * when calling CheckLoadURIWithPrincipal(). */ [infallible] readonly attribute boolean disallowScript; %{C++ uint32_t CheckLoadURIFlags() { uint32_t flags = nsIScriptSecurityManager::STANDARD; if (GetAllowChrome()) { flags |= nsIScriptSecurityManager::ALLOW_CHROME; } if (GetDisallowScript()) { flags |= nsIScriptSecurityManager::DISALLOW_SCRIPT; } return flags; } %} /** * Returns true if SEC_DONT_FOLLOW_REDIRECTS is set. */ [infallible] readonly attribute boolean dontFollowRedirects; /** * Returns true if SEC_LOAD_ERROR_PAGE is set. */ [infallible] readonly attribute boolean loadErrorPage; /** * True if the load was initiated by a form request. * This is important to know to handle the CSP directive navigate-to. */ [infallible] attribute boolean isFormSubmission; /** * The external contentPolicyType of the channel, used for security checks * like Mixed Content Blocking and Content Security Policy. * * Specifically, content policy types with _INTERNAL_ in their name will * never get returned from this attribute. */ readonly attribute nsContentPolicyType externalContentPolicyType; /** * CSP uses this parameter to send or not CSP violation events. * Default value: true. */ [infallible] attribute boolean sendCSPViolationEvents; %{ C++ inline ExtContentPolicyType GetExternalContentPolicyType() { nsContentPolicyType result; mozilla::DebugOnly<nsresult> rv = GetExternalContentPolicyType(&result); MOZ_ASSERT(NS_SUCCEEDED(rv)); return static_cast<ExtContentPolicyType>(result); } %} /** * The internal contentPolicyType of the channel, used for constructing * RequestContext values when creating a fetch event for an intercepted * channel. * * This should not be used for the purposes of security checks, since * the content policy implementations cannot be expected to deal with * _INTERNAL_ values. Please use the contentPolicyType attribute above * for that purpose. */ [noscript, notxpcom, nostdcall, binaryname(InternalContentPolicyType)] nsContentPolicyType binaryInternalContentPolicyType(); readonly attribute nsContentPolicyType internalContentPolicyType; /** * Returns true if document or any of the documents ancestors * up to the toplevel document make use of the CSP directive * 'block-all-mixed-content'. * * Warning: If the loadingDocument is null, then the * blockAllMixedContent is false. */ [infallible] readonly attribute boolean blockAllMixedContent; /** * Returns true if document or any of the documents ancestors * up to the toplevel document make use of the CSP directive * 'upgrade-insecure-requests'. * * Warning: If the loadingDocument is null, then the * upgradeInsecureRequests is false. */ [infallible] readonly attribute boolean upgradeInsecureRequests; /** * Returns true if the the page is https and the content is upgradable from http * requires 'security.mixed_content.upgrade_display_content' pref to be true. * Currently this only upgrades display content but might be expanded to other loads. * This is very similar in implementation to upgradeInsecureRequests but browser set. */ [infallible] readonly attribute boolean browserUpgradeInsecureRequests; /** * Returns true if the display content was or will get upgraded from http to https. * Requires 'security.mixed_content.upgrade_display_content' pref to be true. * Flag is set purely to collect telemetry. */ [infallible] attribute boolean browserDidUpgradeInsecureRequests; /** * Returns true if the the page is https and the content is upgradable from http * requires 'security.mixed_content.upgrade_display_content' pref to be false. * See browserUpgradeInsecureRequests for more details, this only happens * when *not* upgrading purely for telemetry. */ [infallible] readonly attribute boolean browserWouldUpgradeInsecureRequests; /** * If true, toplevel data: URI navigation is allowed */ [infallible] attribute boolean forceAllowDataURI; /** * If true, insecure redirects to a data: URI are allowed. */ [infallible] attribute boolean allowInsecureRedirectToDataURI; /** * If true, the content policy security check is excluded from web requests. */ [infallible] attribute boolean skipContentPolicyCheckForWebRequest; /** * If true, this is the load of a frame's original src attribute */ [infallible] attribute boolean originalFrameSrcLoad; /** * The SEC_FORCE_INHERIT_PRINCIPAL flag may be dropped when a load info * object is created. Specifically, it will be dropped if the SANDBOXED_ORIGIN * sandbox flag is also present. This flag is set if SEC_FORCE_INHERIT_PRINCIPAL * was dropped. */ [infallible] readonly attribute boolean forceInheritPrincipalDropped; /** * This is the inner window ID of the window in which the element being * loaded lives. * * Note that this window ID can be 0 if the window is not * available. */ [infallible] readonly attribute unsigned long long innerWindowID; /** * The BrowsingContext performing the load for this nsILoadInfo object. */ [infallible] readonly attribute unsigned long long browsingContextID; [infallible] readonly attribute BrowsingContext browsingContext; /** * The BrowsingContext which the worker is associated. * * Note that this could be 0 if the load is not triggered in a WorkerScope. * This value is only set and used in the parent process for some sitautions * the channel is created in the parent process for Workers. Such as fetch(). * In content process, it is always 0. * This value would not be propagated through IPC. */ [infallible] attribute unsigned long long workerAssociatedBrowsingContextID; [infallible] readonly attribute BrowsingContext workerAssociatedBrowsingContext; /** * Only when the element being loaded is <frame src="foo.html"> * (or, more generally, if the element QIs to nsFrameLoaderOwner), * the frameBrowsingContext is the browsing context containing the * foo.html document. * * Note: For other cases, frameBrowsingContextID is 0. */ [infallible] readonly attribute unsigned long long frameBrowsingContextID; [infallible] readonly attribute BrowsingContext frameBrowsingContext; /** * If the element being loaded is a nsFrameLoaderOwner, * `targetBrowsingContext` is the Browsing Context which will contain the * loading document (see `frameBrowsingContext`). Otherwise, it is the * Browsing Context performing the load (see `browsingContext`). */ [infallible] readonly attribute unsigned long long targetBrowsingContextID; [infallible] readonly attribute BrowsingContext targetBrowsingContext; /** * Resets the PrincipalToInherit to a freshly created NullPrincipal * which inherits the origin attributes from the loadInfo. * * WARNING: Please only use that function if you know exactly what * you are doing!!! */ void resetPrincipalToInheritToNullPrincipal(); /** * Customized OriginAttributes within LoadInfo to allow overwriting of the * default originAttributes from the loadingPrincipal. * * In chrome side, originAttributes.privateBrowsingId will always be 0 even if * the usePrivateBrowsing is true, because chrome docshell won't set * privateBrowsingId on origin attributes (See bug 1278664). This is to make * sure nsILoadInfo and nsILoadContext have the same origin attributes. */ [implicit_jscontext, binaryname(ScriptableOriginAttributes)] attribute jsval originAttributes; [noscript, nostdcall, binaryname(GetOriginAttributes)] OriginAttributes binaryGetOriginAttributes(); [noscript, nostdcall, binaryname(SetOriginAttributes)] void binarySetOriginAttributes(in const_OriginAttributesRef aOriginAttrs); %{ C++ inline mozilla::OriginAttributes GetOriginAttributes() { mozilla::OriginAttributes result; mozilla::DebugOnly<nsresult> rv = GetOriginAttributes(&result); MOZ_ASSERT(NS_SUCCEEDED(rv)); return result; } %} /** * Whenever a channel is evaluated by the ContentSecurityManager * the first time, we set this flag to true to indicate that * subsequent calls of AsyncOpen() do not have to enforce all * security checks again. E.g., after a redirect there is no * need to set up CORS again. We need this separate flag * because the redirectChain might also contain internal * redirects which might pollute the redirectChain so we can't * rely on the size of the redirectChain-array to query whether * a channel got redirected or not. * * Please note, once the flag is set to true it must remain true * throughout the lifetime of the channel. Trying to set it * to anything else than true will be discarded. * */ [infallible] attribute boolean initialSecurityCheckDone; /** * Returns true if the load was triggered from an external application * (e.g. Thunderbird). Please note that this flag will only ever be true * if the load is of TYPE_DOCUMENT. */ [infallible] attribute boolean loadTriggeredFromExternal; /** * True if the tainting has been set by the service worker. */ [noscript, infallible] readonly attribute boolean serviceWorkerTaintingSynthesized; /** * Whenever a channel gets redirected, append the redirect history entry of * the channel which contains principal referrer and remote address [before * the channels got redirected] to the loadinfo, so that at every point this * array provides us information about all the redirects this channel went * through. * @param channelToDeriveFrom the channel being redirected * @param aIsInternalRedirect should be true if the channel is going * through an internal redirect, otherwise false. */ void appendRedirectHistoryEntry(in nsIChannel channelToDeriveFrom, in boolean isInternalRedirect); /** * An array of nsIRedirectHistoryEntry which stores redirects associated * with this channel. This array is filled whether or not the channel has * ever been opened. The last element of the array is associated with the * most recent redirect. Please note, that this array *includes* internal * redirects. */ [implicit_jscontext] readonly attribute jsval redirectChainIncludingInternalRedirects; /** * A C++-friendly version of redirectChain. * Please note that this array has the same lifetime as the * loadInfo object - use with caution! */ [noscript, notxpcom, nostdcall, binaryname(RedirectChainIncludingInternalRedirects)] nsIRedirectHistoryEntryArray binaryRedirectChainIncludingInternalRedirects(); /** * Same as RedirectChain but does *not* include internal redirects. */ [implicit_jscontext] readonly attribute jsval redirectChain; /** * A C++-friendly version of redirectChain. * Please note that this array has the same lifetime as the * loadInfo object - use with caution! */ [noscript, notxpcom, nostdcall, binaryname(RedirectChain)] nsIRedirectHistoryEntryArray binaryRedirectChain(); /** * This array is only filled out when we are in the parent process and we are * creating a loadInfo object or deserializing LoadInfoArgs into LoadInfo, * as we ever only need in the parent process. * * The array is meant to be a list of principals of the documents that the * browsing context, corresponding to this loadInfo object, is "nested through" in * the sense of * <https://html.spec.whatwg.org/multipage/browsers.html#browsing-context-nested-through>. * Note that the array does not include the principal corresponding to the frame * loading this request. The closest ancestor is at index zero and the top level * ancestor is at the last index. * * If this is a toplevel content browsing context (i.e. toplevel document in spec * terms), the list is empty. * * Otherwise the array is a list for the document we're nested through (again in * the spec sense), with the principal of that document prepended. The * ancestorPrincipals[0] entry for an iframe load will be the principal of the * iframe element's owner document. The ancestorPrincipals[0] entry for an image * loaded in an iframe will be the principal of the iframe element's owner * document. This matches the ordering specified for Location.ancestorOrigins. * * Please note that this array has the same lifetime as the loadInfo object - use * with caution! */ [noscript, notxpcom, nostdcall] PrincipalArrayRef AncestorPrincipals(); /** * An array of BrowsingContext IDs which correspond to nsILoadInfo::AncestorPrincipals * above. AncestorBrowsingContextIDs[0] is the BrowsingContext ID of the frame * associated with the principal at ancestorPrincipals[0], and so forth. * * Please note that this array has the same lifetime as the * loadInfo object - use with caution! */ [noscript, notxpcom, nostdcall] Uint64ArrayRef AncestorBrowsingContextIDs(); /** * Sets the list of unsafe headers according to CORS spec, as well as * potentially forces a preflight. * Note that you do not need to set the Content-Type header. That will be * automatically detected as needed. * * Only call this function when using the SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT mode. */ [noscript, notxpcom, nostdcall] void setCorsPreflightInfo(in CStringArrayRef unsafeHeaders, in boolean forcePreflight); /** * A C++-friendly getter for the list of cors-unsafe headers. * Please note that this array has the same lifetime as the * loadInfo object - use with caution! */ [noscript, notxpcom, nostdcall, binaryname(CorsUnsafeHeaders)] CStringArrayRef corsUnsafeHeaders(); /** * Returns value set through setCorsPreflightInfo. */ [infallible] readonly attribute boolean forcePreflight; /** * A C++ friendly getter for the forcePreflight flag. */ [infallible] readonly attribute boolean isPreflight; /** * Constants reflecting the channel tainting. These are mainly defined here * for script. Internal C++ code should use the enum defined in LoadTainting.h. * See LoadTainting.h for documentation. */ const unsigned long TAINTING_BASIC = 0; const unsigned long TAINTING_CORS = 1; const unsigned long TAINTING_OPAQUE = 2; /** * Determine the associated channel's current tainting. Note, this can * change due to a service worker intercept, so it should be checked after * OnStartRequest() fires. */ readonly attribute unsigned long tainting; /** * Note a new tainting level and possibly increase the current tainting * to match. If the tainting level is already greater than the given * value, then there is no effect. It is not possible to reduce the tainting * level on an existing channel/loadinfo. */ void maybeIncreaseTainting(in unsigned long aTainting); /** * Various helper code to provide more convenient C++ access to the tainting * attribute and maybeIncreaseTainting(). */ %{C++ static_assert(TAINTING_BASIC == static_cast<uint32_t>(mozilla::LoadTainting::Basic), "basic tainting enums should match"); static_assert(TAINTING_CORS == static_cast<uint32_t>(mozilla::LoadTainting::CORS), "cors tainting enums should match"); static_assert(TAINTING_OPAQUE == static_cast<uint32_t>(mozilla::LoadTainting::Opaque), "opaque tainting enums should match"); mozilla::LoadTainting GetTainting() { uint32_t tainting = TAINTING_BASIC; MOZ_ALWAYS_SUCCEEDS(GetTainting(&tainting)); return static_cast<mozilla::LoadTainting>(tainting); } void MaybeIncreaseTainting(mozilla::LoadTainting aTainting) { uint32_t tainting = static_cast<uint32_t>(aTainting); MOZ_ALWAYS_SUCCEEDS(MaybeIncreaseTainting(tainting)); } %} /** * Returns true if this load is for top level document. * Note that the load for a sub-frame's document will return false here. */ [infallible] readonly attribute boolean isTopLevelLoad; /** * If this is non-null, this property represents two things: (1) the * URI to be used for the principal if the channel with this loadinfo * gets a principal based on URI and (2) the URI to use for a document * created from the channel with this loadinfo. */ attribute nsIURI resultPrincipalURI; /** * This is the URI used to create the most recent channel in the load's * redirect chain, if it's different from channel's `originalURI`. * This is always null for loads not handled by DocumentLoadListener. If * non-null, channelCreationOriginalURI will be used instead of channel's * originalURI to re-create the channel in the final content process selected * to perform the load. */ attribute nsIURI channelCreationOriginalURI; /** * Returns a unique nsID used to construct the null principal for the * resulting resource if the SANDBOXED_ORIGIN flag is set. This is used by * GetChannelResultPrincipal() to ensure that the same null principal is * returned every time. */ [noscript, nostdcall, notxpcom] nsIDRef GetSandboxedNullPrincipalID(); /** * Generates a new nsID to be returned by a future call to * `GetSandboxedNullPrincipalID()`. */ [noscript, nostdcall, notxpcom] void ResetSandboxedNullPrincipalID(); /** * Return the top-level principal, which is the principal of the top-level * window. */ [notxpcom, nostdcall] readonly attribute nsIPrincipal topLevelPrincipal; /** * Note which client (i.e. global) initiated this network request. All * nsGlobalWindow and WorkerPrivate can be converted to a ClientInfo to * be set here. While this is being added to support service worker * FetchEvent, it can also be used to communicate other information about * the source global context in the future. */ [noscript, nostdcall, notxpcom] void SetClientInfo(in const_ClientInfoRef aClientInfo); /** * Get the ClientInfo for the global that initiated the network request, * if it has been set. */ [noscript, nostdcall, notxpcom] const_MaybeClientInfoRef GetClientInfo(); /** * Give a pre-allocated ClientSource to the channel LoadInfo. This is * intended to be used by docshell when loading windows without an * initial about:blank document. The docshell will allocate the ClientSource * to represent the client that will be created as a result of the navigation * network request. If the channel succeeds and remains same-origin, then * the result nsGlobalWindow will take ownership of the reserved ClientSource. * * This method is also called when a cross-origin redirect occurs. A new * ClientSource with a different UUID must be created in this case. * * This method automatically calls SetReservedClientInfo() with the * ClientSource::Info(). */ [noscript, nostdcall, notxpcom] void GiveReservedClientSource(in UniqueClientSourceMove aClientSource); /** * This method takes ownership of the reserved ClientSource previously * provided in GiveReservedClientSource(). It may return nullptr if the * nsILoadInfo does not own a ClientSource object. */ [noscript, nostdcall, notxpcom] UniqueClientSource TakeReservedClientSource(); /** * Note the reserved client that be created if this non-subresource * network request succeeds. Depending on the type of client this * may be called directly or indirectly via GiveReservedClientSource(). * For example, web workers do not call give their ClientSource to * the nsILoadInfo, but must still call this method to indicate the * reserved client for their main script load. */ [noscript, nostdcall, notxpcom] void SetReservedClientInfo(in const_ClientInfoRef aClientInfo); /** * This will clear any existing reserved or initial client and override * it with the given reserved client. This is similar to calling * TakeReservedClientSource() and then GiveReservedClientSource() with * a new client as ClientChannelHelper does. This method is needed, * though, to perform this operation in the parent process where * the LoadInfo does not have direct access to a ClientSource. * * If in doubt, do not call this method. Its really only needed for * a specific redirect case where the child has created a new client on * redirect and we need to override the parent side's reserved client * to match. */ [noscript, nostdcall, notxpcom] void OverrideReservedClientInfoInParent(in const_ClientInfoRef aClientInfo); /** * Return the reserved ClientInfo for this load, if one has been set. */ [noscript, nostdcall, notxpcom] const_MaybeClientInfoRef GetReservedClientInfo(); /** * Note that this non-subresource network request will result in * re-using an existing "initial" active client. This mainly only * happens when an initial about:blank document is replaced with * a real load in a window. In these cases we need to track this * initial client so that we may report its existence in a FetchEvent. * * Note, an nsILoadInfo may only have a reserved client or an * initial client. It should never have both. */ [noscript, nostdcall, notxpcom] void SetInitialClientInfo(in const_ClientInfoRef aClientInfo); /** * Return the initial ClientInfo for this load, if one has been set. */ [noscript, nostdcall, notxpcom] const_MaybeClientInfoRef GetInitialClientInfo(); /** * Note that this network request should be controlled by a service worker. * For non-subresource requests this may be set during the load when * the first service worker interception occurs. For subresource requests * it may be set by the source client if its already controlled by a * service worker. */ [noscript, nostdcall, notxpcom] void SetController(in const_ServiceWorkerDescriptorRef aServiceWorker); /** * Clear the service worker controller for this channel. This should only * be used for window navigation redirects. By default we want to keep * the controller in all other cases. */ [noscript, nostdcall, notxpcom] void ClearController(); /** * Get the service worker controlling this network request, if one has * been set. */ [noscript, nostdcall, notxpcom] const_MaybeServiceWorkerDescriptorRef GetController(); /** * Set a custom performance storage. This is meant to be executed only for * workers. If a PerformanceStorage is not set, the loadingDocument->Window * Performance object will be returned instead. */ [noscript, nostdcall, notxpcom] void SetPerformanceStorage(in PerformanceStoragePtr aPerformanceStorage); /** * Get the custom PerformanceStorage if set by SetPerformanceStorage. * Otherwise the loadingDocument->Window Performance object will be returned * instead if all the following conditions are met: * - the triggeringPrincipal is the same as the loadingDocument's principal. * - if the external content policy type is TYPE_SUBDOCUMENT then loading * wasn't caused by processing the attributes of the browsing context * container. */ [noscript, nostdcall, notxpcom] PerformanceStoragePtr GetPerformanceStorage(); /** * Returns the CSP (or Preload CSP for preloads) which should be enforced * when fetching the resource this loadinfo belongs to. * * a) Non-navigations: * For non-navigation loads, GetCsp() returns what the spec refers to as the * "request's client's global object's CSP list". In practice, if this is the * loadinfo of a subresource load (e.g an image load), then GetCsp() or * GetPreloadCSP() returns the CSP of the document which embeds the image. * The returned CSP includes any policy delivered through the HTTP header or * also through the meta tag (modulo the difference for preloads, e.g. image * preloads have to query GetPreloadCsp() because at the time of preloading * we are not entirely sure if the Meta CSP will be applied to the document * in the end or not). Please note that GetCSPToInherit() called on a * loadinfo for any non-navigation always returns null. * * b) Navigations: * * Top-level loads: * For top-level loads (navigations) GetCsp() will return null, unless * the navigation is started by a WebExtension, in which case it will * return the CSP of the webextension, if any. * If you need to query the CSP that potentially should apply to the * new top-level load, you have to query GetCspToInherit(), which is * the CSP of the request's client's global object, just like GetCsp() * is for non-navigation requests. * * * Iframe-loads: * For iframe-loads (navigations) GetCsp() will return the CSP of the * parent document, unless the navigation is started by a WebExtension, * in which case it will return the CSP of the webextension, if any. * * If you need to query the CSP that should potentially be inherited * into the new document, you have to query GetCSPToInherit(). * * TODO Bug 1557114: * After evaluating what CSP to use for frame navigations we should * update the above documentation to match the outcome of Bug 1557114. */ [notxpcom,nostdcall] CSPRef GetCsp(); [notxpcom,nostdcall] CSPRef GetPreloadCsp(); [notxpcom,nostdcall] CSPRef GetCspToInherit(); /** * The service worker and fetch specifications require returning the * exact tainting level of the Response passed to FetchEvent.respondWith(). * This method allows us to override the tainting level in that case. * * NOTE: This should not be used outside of service worker code! Use * nsILoadInfo::MaybeIncreaseTainting() instead. */ [noscript, nostdcall, notxpcom] void SynthesizeServiceWorkerTainting(in LoadTainting aTainting); /** * The top-level document has been user-interacted. */ [infallible] attribute boolean documentHasUserInteracted; /** * During a top-level document channel redirect from tracking to * non-tracking resources, our anti-tracking heuristic, grants the storage * access permission for a short amount of seconds (See * privacy.restrict3rdpartystorage.expiration_redirect pref). * We use this flag to remember this decision even if this channel is part * of a chain of redirects. */ [infallible] attribute boolean allowListFutureDocumentsCreatedFromThisRedirectChain; /** * Indicates that we need to check if we should apply the anti-tracking * heuristic after the channel has been classified. */ [infallible] attribute boolean needForCheckingAntiTrackingHeuristic; /** * A snapshot of the nonce at load start time which is used for CSP * checks and only set for: * * TYPE_SCRIPT and * * TYPE_STYLESHEET */ attribute AString cspNonce; /** * List of possible reasons the request associated with this load info * may have been blocked, set by various content blocking checkers. */ const uint32_t BLOCKING_REASON_NONE = 0; const uint32_t BLOCKING_REASON_CORSDISABLED = 1001; const uint32_t BLOCKING_REASON_CORSDIDNOTSUCCEED = 1002; const uint32_t BLOCKING_REASON_CORSREQUESTNOTHTTP = 1003; const uint32_t BLOCKING_REASON_CORSMULTIPLEALLOWORIGINNOTALLOWED = 1004; const uint32_t BLOCKING_REASON_CORSMISSINGALLOWORIGIN = 1005; const uint32_t BLOCKING_REASON_CORSNOTSUPPORTINGCREDENTIALS = 1006; const uint32_t BLOCKING_REASON_CORSALLOWORIGINNOTMATCHINGORIGIN = 1007; const uint32_t BLOCKING_REASON_CORSMISSINGALLOWCREDENTIALS = 1008; const uint32_t BLOCKING_REASON_CORSORIGINHEADERNOTADDED = 1009; const uint32_t BLOCKING_REASON_CORSEXTERNALREDIRECTNOTALLOWED = 1010; const uint32_t BLOCKING_REASON_CORSPREFLIGHTDIDNOTSUCCEED = 1011; const uint32_t BLOCKING_REASON_CORSINVALIDALLOWMETHOD = 1012; const uint32_t BLOCKING_REASON_CORSMETHODNOTFOUND = 1013; const uint32_t BLOCKING_REASON_CORSINVALIDALLOWHEADER = 1014; const uint32_t BLOCKING_REASON_CORSMISSINGALLOWHEADERFROMPREFLIGHT = 1015; const uint32_t BLOCKING_REASON_CLASSIFY_MALWARE_URI = 2001; const uint32_t BLOCKING_REASON_CLASSIFY_PHISHING_URI = 2002; const uint32_t BLOCKING_REASON_CLASSIFY_UNWANTED_URI = 2003; const uint32_t BLOCKING_REASON_CLASSIFY_TRACKING_URI = 2004; const uint32_t BLOCKING_REASON_CLASSIFY_BLOCKED_URI = 2005; const uint32_t BLOCKING_REASON_CLASSIFY_HARMFUL_URI = 2006; const uint32_t BLOCKING_REASON_CLASSIFY_CRYPTOMINING_URI = 2007; const uint32_t BLOCKING_REASON_CLASSIFY_FINGERPRINTING_URI = 2008; const uint32_t BLOCKING_REASON_CLASSIFY_SOCIALTRACKING_URI = 2009; const uint32_t BLOCKING_REASON_CLASSIFY_EMAILTRACKING_URI = 2010; const uint32_t BLOCKING_REASON_MIXED_BLOCKED = 3001; // The general reason comes from nsCSPContext::permitsInternal(), // which is way too generic to distinguish an exact reason. const uint32_t BLOCKING_REASON_CONTENT_POLICY_GENERAL = 4000; const uint32_t BLOCKING_REASON_CONTENT_POLICY_NO_DATA_PROTOCOL = 4001; const uint32_t BLOCKING_REASON_CONTENT_POLICY_WEBEXT = 4002; const uint32_t BLOCKING_REASON_CONTENT_POLICY_CONTENT_BLOCKED = 4003; const uint32_t BLOCKING_REASON_CONTENT_POLICY_DATA_DOCUMENT = 4004; const uint32_t BLOCKING_REASON_CONTENT_POLICY_WEB_BROWSER = 4005; const uint32_t BLOCKING_REASON_CONTENT_POLICY_PRELOAD = 4006; // The reason used when SEC_REQUIRE_SAME_ORIGIN_* is set and not satisifed. const uint32_t BLOCKING_REASON_NOT_SAME_ORIGIN = 5000; // The reason used when an extension cancels the request via the WebRequest api. const uint32_t BLOCKING_REASON_EXTENSION_WEBREQUEST = 6000; /** * If the request associated with this load info was blocked by some of * our content or load blockers, the reason can be found here. * Note that setting this attribute has NO EFFECT on blocking the request. * This attribute is only informative! * * By default the value is '0' - NONE. * Each write rewrites the last value. * Can be accessed only on a single thread. */ [infallible] attribute unsigned long requestBlockingReason; /** * The object in charged to receive CSP violation events. It can be null. * This attribute will be merged into the CSP object eventually. * See bug 1500908. */ attribute nsICSPEventListener cspEventListener; /** * This attribute will be true if this is a load triggered by * https://html.spec.whatwg.org/multipage/iframe-embed-object.html#process-the-iframe-attributes * or https://html.spec.whatwg.org/multipage/obsolete.html#process-the-frame-attributes */ [infallible] readonly attribute boolean isFromProcessingFrameAttributes; cenum CrossOriginOpenerPolicy : 8 { OPENER_POLICY_UNSAFE_NONE = 0, OPENER_POLICY_SAME_ORIGIN = 1, OPENER_POLICY_SAME_ORIGIN_ALLOW_POPUPS = 2, OPENER_POLICY_EMBEDDER_POLICY_REQUIRE_CORP_FLAG = 0x10, OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP = OPENER_POLICY_SAME_ORIGIN | OPENER_POLICY_EMBEDDER_POLICY_REQUIRE_CORP_FLAG }; cenum CrossOriginEmbedderPolicy : 8 { EMBEDDER_POLICY_NULL = 0, EMBEDDER_POLICY_REQUIRE_CORP = 1, EMBEDDER_POLICY_CREDENTIALLESS = 2, }; /** * This attribute is the loading context's cross origin embedder policy. * The value is initialized with corresponding WindowContext which get by * innerWindowIID in the nsILoadInfo. * It also could be set by workers when fetch is called under * the workers' scope. */ [infallible] attribute nsILoadInfo_CrossOriginEmbedderPolicy loadingEmbedderPolicy; /** * This attribute will be true if the top level document has COEP: * credentialless enabled in Origin Trial. */ [infallible] attribute boolean isOriginTrialCoepCredentiallessEnabledForTopLevel; /** * This attribute will be true if this is a load triggered by a media * element. */ [infallible] attribute boolean isMediaRequest; /** * This attribute will be true if this is a load triggered by a media * element and it's an initial request. */ [infallible] attribute boolean isMediaInitialRequest; /** * This attribute will be true if the fetch request is from object or embed * elements */ [infallible] attribute boolean isFromObjectOrEmbed; /** * This attribute will be true if the URL is known to be possibly broken and * CheckForBrokenChromeURL and RecordZeroLengthEvent should be skipped. */ [infallible] readonly attribute boolean shouldSkipCheckForBrokenURLOrZeroSized; /** * If this is non-null, this property holds the URI as it was before query * stripping was performed. */ attribute nsIURI unstrippedURI; /** * Propagated information from InterceptedHttpChannel * It should be null when the channel is not created from FetchEvent.request * or ServiceWorker NavigationPreload. * nsIFetchEventInfo is C++ only, so it is not an attribute. */ [noscript, notxpcom, nostdcall, binaryname(InterceptionInfo)] nsIInterceptionInfo binaryInterceptionInfo(); [noscript, notxpcom, nostdcall, binaryname(SetInterceptionInfo)] void binarySetInterceptionInfo(in nsIInterceptionInfo info); /** * Whether nsICookieInjector has injected a cookie for this request to * handle a cookie banner. This is only done for top-level requests. */ [infallible] attribute boolean hasInjectedCookieForCookieBannerHandling; };