1/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2/* vim: set ft=cpp tw=78 sw=2 et ts=8 : */ 3/* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7#include "nsISupports.idl" 8 9interface nsIURI; 10interface nsILoadInfo; 11 12/** 13 * The type of nsIContentPolicy::TYPE_* 14 */ 15typedef unsigned long nsContentPolicyType; 16 17/** 18 * Interface for content policy mechanism. Implementations of this 19 * interface can be used to control loading of various types of out-of-line 20 * content, or processing of certain types of in-line content. 21 * 22 * WARNING: do not block the caller from shouldLoad or shouldProcess (e.g., 23 * by launching a dialog to prompt the user for something). 24 */ 25 26[scriptable, uuid(caad4f1f-d047-46ac-ae9d-dc598e4fb91b)] 27interface nsIContentPolicy : nsISupports 28{ 29 /** 30 * Indicates a unset or bogus policy type. 31 */ 32 const nsContentPolicyType TYPE_INVALID = 0; 33 34 /** 35 * Gecko/Firefox developers: Avoid using TYPE_OTHER. Especially for 36 * requests that are coming from webpages. Or requests in general which 37 * you expect that security checks will be done on. 38 * Always use a more specific type if one is available. And do not hesitate 39 * to add more types as appropriate. 40 * But if you are fairly sure that no one would care about your more specific 41 * type, then it's ok to use TYPE_OTHER. 42 * 43 * Extension developers: Whenever it is reasonable, use one of the existing 44 * content types. If none of the existing content types are right for 45 * something you are doing, file a bug in the Core/DOM component that 46 * includes a patch that adds your new content type to the end of the list of 47 * TYPE_* constants here. But, don't start using your new content type until 48 * your patch has been accepted, because it will be uncertain what exact 49 * value and name your new content type will have; in that interim period, 50 * use TYPE_OTHER. In your patch, document your new content type in the style 51 * of the existing ones. In the bug you file, provide a more detailed 52 * description of the new type of content you want Gecko to support, so that 53 * the existing implementations of nsIContentPolicy can be properly modified 54 * to deal with that new type of content. 55 * 56 * Implementations of nsIContentPolicy should treat this the same way they 57 * treat unknown types, because existing users of TYPE_OTHER may be converted 58 * to use new content types. 59 * 60 * Note that the TYPE_INTERNAL_* constants are never passed to content 61 * policy implementations. They are mapped to other TYPE_* constants, and 62 * are only intended for internal usage inside Gecko. 63 */ 64 const nsContentPolicyType TYPE_OTHER = 1; 65 66 /** 67 * Indicates an executable script (such as JavaScript). 68 */ 69 const nsContentPolicyType TYPE_SCRIPT = 2; 70 71 /** 72 * Indicates an image (e.g., IMG elements). 73 */ 74 const nsContentPolicyType TYPE_IMAGE = 3; 75 76 /** 77 * Indicates a stylesheet (e.g., STYLE elements). 78 */ 79 const nsContentPolicyType TYPE_STYLESHEET = 4; 80 81 /** 82 * Indicates a generic object (plugin-handled content typically falls under 83 * this category). 84 */ 85 const nsContentPolicyType TYPE_OBJECT = 5; 86 87 /** 88 * Indicates a document at the top-level (i.e., in a browser). 89 */ 90 const nsContentPolicyType TYPE_DOCUMENT = 6; 91 92 /** 93 * Indicates a document contained within another document (e.g., IFRAMEs, 94 * FRAMES, and OBJECTs). 95 */ 96 const nsContentPolicyType TYPE_SUBDOCUMENT = 7; 97 98 /** 99 * Indicates a timed refresh. 100 * 101 * shouldLoad will never get this, because it does not represent content 102 * to be loaded (the actual load triggered by the refresh will go through 103 * shouldLoad as expected). 104 * 105 * shouldProcess will get this for, e.g., META Refresh elements and HTTP 106 * Refresh headers. 107 */ 108 const nsContentPolicyType TYPE_REFRESH = 8; 109 110 /* 111 * XXX: nsContentPolicyType = 9 used to inicate an XBL binding request. 112 */ 113 114 /** 115 * Indicates a ping triggered by a click on <A PING="..."> element. 116 */ 117 const nsContentPolicyType TYPE_PING = 10; 118 119 /** 120 * Indicates an XMLHttpRequest. Also used for document.load and for EventSource. 121 */ 122 const nsContentPolicyType TYPE_XMLHTTPREQUEST = 11; 123 const nsContentPolicyType TYPE_DATAREQUEST = 11; // alias 124 125 /** 126 * Indicates a request by a plugin. 127 */ 128 const nsContentPolicyType TYPE_OBJECT_SUBREQUEST = 12; 129 130 /** 131 * Indicates a DTD loaded by an XML document. 132 */ 133 const nsContentPolicyType TYPE_DTD = 13; 134 135 /** 136 * Indicates a font loaded via @font-face rule. 137 */ 138 const nsContentPolicyType TYPE_FONT = 14; 139 140 /** 141 * Indicates a video or audio load. 142 */ 143 const nsContentPolicyType TYPE_MEDIA = 15; 144 145 /** 146 * Indicates a WebSocket load. 147 */ 148 const nsContentPolicyType TYPE_WEBSOCKET = 16; 149 150 /** 151 * Indicates a Content Security Policy report. 152 */ 153 const nsContentPolicyType TYPE_CSP_REPORT = 17; 154 155 /** 156 * Indicates a style sheet transformation. 157 */ 158 const nsContentPolicyType TYPE_XSLT = 18; 159 160 /** 161 * Indicates a beacon post. 162 */ 163 const nsContentPolicyType TYPE_BEACON = 19; 164 165 /** 166 * Indicates a load initiated by the fetch() function from the Fetch 167 * specification. 168 */ 169 const nsContentPolicyType TYPE_FETCH = 20; 170 171 /** 172 * Indicates a <img srcset> or <picture> request. 173 */ 174 const nsContentPolicyType TYPE_IMAGESET = 21; 175 176 /** 177 * Indicates a web manifest. 178 */ 179 const nsContentPolicyType TYPE_WEB_MANIFEST = 22; 180 181 /** 182 * Indicates an internal constant for scripts loaded through script 183 * elements. 184 * 185 * This will be mapped to TYPE_SCRIPT before being passed to content policy 186 * implementations. 187 */ 188 const nsContentPolicyType TYPE_INTERNAL_SCRIPT = 23; 189 190 /** 191 * Indicates an internal constant for scripts loaded through a dedicated 192 * worker. 193 * 194 * This will be mapped to TYPE_SCRIPT before being passed to content policy 195 * implementations. 196 */ 197 const nsContentPolicyType TYPE_INTERNAL_WORKER = 24; 198 199 /** 200 * Indicates an internal constant for scripts loaded through a shared 201 * worker. 202 * 203 * This will be mapped to TYPE_SCRIPT before being passed to content policy 204 * implementations. 205 */ 206 const nsContentPolicyType TYPE_INTERNAL_SHARED_WORKER = 25; 207 208 /** 209 * Indicates an internal constant for content loaded from embed elements. 210 * 211 * This will be mapped to TYPE_OBJECT. 212 */ 213 const nsContentPolicyType TYPE_INTERNAL_EMBED = 26; 214 215 /** 216 * Indicates an internal constant for content loaded from object elements. 217 * 218 * This will be mapped to TYPE_OBJECT. 219 */ 220 const nsContentPolicyType TYPE_INTERNAL_OBJECT = 27; 221 222 /** 223 * Indicates an internal constant for content loaded from frame elements. 224 * 225 * This will be mapped to TYPE_SUBDOCUMENT. 226 */ 227 const nsContentPolicyType TYPE_INTERNAL_FRAME = 28; 228 229 /** 230 * Indicates an internal constant for content loaded from iframe elements. 231 * 232 * This will be mapped to TYPE_SUBDOCUMENT. 233 */ 234 const nsContentPolicyType TYPE_INTERNAL_IFRAME = 29; 235 236 /** 237 * Indicates an internal constant for content loaded from audio elements. 238 * 239 * This will be mapped to TYPE_MEDIA. 240 */ 241 const nsContentPolicyType TYPE_INTERNAL_AUDIO = 30; 242 243 /** 244 * Indicates an internal constant for content loaded from video elements. 245 * 246 * This will be mapped to TYPE_MEDIA. 247 */ 248 const nsContentPolicyType TYPE_INTERNAL_VIDEO = 31; 249 250 /** 251 * Indicates an internal constant for content loaded from track elements. 252 * 253 * This will be mapped to TYPE_MEDIA. 254 */ 255 const nsContentPolicyType TYPE_INTERNAL_TRACK = 32; 256 257 /** 258 * Indicates an internal constant for an XMLHttpRequest. 259 * 260 * This will be mapped to TYPE_XMLHTTPREQUEST. 261 */ 262 const nsContentPolicyType TYPE_INTERNAL_XMLHTTPREQUEST = 33; 263 264 /** 265 * Indicates an internal constant for EventSource. 266 * 267 * This will be mapped to TYPE_DATAREQUEST. 268 */ 269 const nsContentPolicyType TYPE_INTERNAL_EVENTSOURCE = 34; 270 271 /** 272 * Indicates an internal constant for scripts loaded through a service 273 * worker. 274 * 275 * This will be mapped to TYPE_SCRIPT before being passed to content policy 276 * implementations. 277 */ 278 const nsContentPolicyType TYPE_INTERNAL_SERVICE_WORKER = 35; 279 280 /** 281 * Indicates an internal constant for *preloaded* scripts 282 * loaded through script elements. 283 * 284 * This will be mapped to TYPE_SCRIPT before being passed 285 * to content policy implementations. 286 */ 287 const nsContentPolicyType TYPE_INTERNAL_SCRIPT_PRELOAD = 36; 288 289 /** 290 * Indicates an internal constant for normal images. 291 * 292 * This will be mapped to TYPE_IMAGE before being passed 293 * to content policy implementations. 294 */ 295 const nsContentPolicyType TYPE_INTERNAL_IMAGE = 37; 296 297 /** 298 * Indicates an internal constant for *preloaded* images. 299 * 300 * This will be mapped to TYPE_IMAGE before being passed 301 * to content policy implementations. 302 */ 303 const nsContentPolicyType TYPE_INTERNAL_IMAGE_PRELOAD = 38; 304 305 /** 306 * Indicates an internal constant for normal stylesheets. 307 * 308 * This will be mapped to TYPE_STYLESHEET before being passed 309 * to content policy implementations. 310 */ 311 const nsContentPolicyType TYPE_INTERNAL_STYLESHEET = 39; 312 313 /** 314 * Indicates an internal constant for *preloaded* stylesheets. 315 * 316 * This will be mapped to TYPE_STYLESHEET before being passed 317 * to content policy implementations. 318 */ 319 const nsContentPolicyType TYPE_INTERNAL_STYLESHEET_PRELOAD = 40; 320 321 /** 322 * Indicates an internal constant for favicon. 323 * 324 * This will be mapped to TYPE_IMAGE before being passed 325 * to content policy implementations. 326 */ 327 const nsContentPolicyType TYPE_INTERNAL_IMAGE_FAVICON = 41; 328 329 /** 330 * Indicates an importScripts() inside a worker script. 331 * 332 * This will be mapped to TYPE_SCRIPT before being passed to content policy 333 * implementations. 334 */ 335 const nsContentPolicyType TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS = 42; 336 337 /** 338 * Indicates an save-as link download from the front-end code. 339 */ 340 const nsContentPolicyType TYPE_SAVEAS_DOWNLOAD = 43; 341 342 /** 343 * Indicates a speculative connection. 344 */ 345 const nsContentPolicyType TYPE_SPECULATIVE = 44; 346 347 /** 348 * Indicates an internal constant for ES6 module scripts 349 * loaded through script elements or an import statement. 350 * 351 * This will be mapped to TYPE_SCRIPT before being passed 352 * to content policy implementations. 353 */ 354 const nsContentPolicyType TYPE_INTERNAL_MODULE = 45; 355 356 /** 357 * Indicates an internal constant for *preloaded* ES6 module scripts 358 * loaded through script elements or an import statement. 359 * 360 * This will be mapped to TYPE_SCRIPT before being passed 361 * to content policy implementations. 362 */ 363 const nsContentPolicyType TYPE_INTERNAL_MODULE_PRELOAD = 46; 364 365 /** 366 * Indicates a DTD loaded by an XML document the URI of which could 367 * not be mapped to a known local DTD. 368 */ 369 const nsContentPolicyType TYPE_INTERNAL_DTD = 47; 370 371 /** 372 * Indicates a TYPE_INTERNAL_DTD which will not be blocked no matter 373 * what principal is being loaded from. 374 */ 375 const nsContentPolicyType TYPE_INTERNAL_FORCE_ALLOWED_DTD = 48; 376 377 /** 378 * Indicates an internal constant for scripts loaded through an 379 * audioWorklet. 380 * 381 * This will be mapped to TYPE_SCRIPT before being passed to content policy 382 * implementations. 383 */ 384 const nsContentPolicyType TYPE_INTERNAL_AUDIOWORKLET = 49; 385 386 /** 387 * Indicates an internal constant for scripts loaded through an 388 * paintWorklet. 389 * 390 * This will be mapped to TYPE_SCRIPT before being passed to content policy 391 * implementations. 392 */ 393 const nsContentPolicyType TYPE_INTERNAL_PAINTWORKLET = 50; 394 395 /** 396 * Same as TYPE_FONT but indicates this is a <link rel=preload as=font> 397 * preload initiated load. 398 */ 399 const nsContentPolicyType TYPE_INTERNAL_FONT_PRELOAD = 51; 400 401 /* When adding new content types, please update 402 * NS_CP_ContentTypeName, nsCSPContext, CSP_ContentTypeToDirective, 403 * DoContentSecurityChecks, all nsIContentPolicy implementations, the 404 * static_assert in dom/cache/DBSchema.cpp, ChannelWrapper.webidl, 405 * ChannelWrapper.cpp, PermissionManager.cpp, and other things that are not 406 * listed here that are related to nsIContentPolicy. */ 407 408 ////////////////////////////////////////////////////////////////////// 409 410 /** 411 * Returned from shouldLoad or shouldProcess if the load or process request 412 * is rejected based on details of the request. 413 */ 414 const short REJECT_REQUEST = -1; 415 416 /** 417 * Returned from shouldLoad or shouldProcess if the load/process is rejected 418 * based solely on its type (of the above flags). 419 * 420 * NOTE that it is not meant to stop future requests for this type--only the 421 * current request. 422 */ 423 const short REJECT_TYPE = -2; 424 425 /** 426 * Returned from shouldLoad or shouldProcess if the load/process is rejected 427 * based on the server it is hosted on or requested from (aContentLocation or 428 * aRequestOrigin), e.g., if you block an IMAGE because it is served from 429 * goatse.cx (even if you don't necessarily block other types from that 430 * server/domain). 431 * 432 * NOTE that it is not meant to stop future requests for this server--only the 433 * current request. 434 */ 435 const short REJECT_SERVER = -3; 436 437 /** 438 * Returned from shouldLoad or shouldProcess if the load/process is rejected 439 * based on some other criteria. Mozilla callers will handle this like 440 * REJECT_REQUEST; third-party implementors may, for example, use this to 441 * direct their own callers to consult the extra parameter for additional 442 * details. 443 */ 444 const short REJECT_OTHER = -4; 445 446 /** 447 * Returned from shouldLoad or shouldProcess if the load/process is forbiddden 448 * based on enterprise policy. 449 */ 450 const short REJECT_POLICY = -5; 451 452 /** 453 * Returned from shouldLoad or shouldProcess if the load or process request 454 * is not rejected. 455 */ 456 const short ACCEPT = 1; 457 458 /** 459 * Should the resource at this location be loaded? 460 * ShouldLoad will be called before loading the resource at aContentLocation 461 * to determine whether to start the load at all. 462 * 463 * @param aContentLocation the location of the content being checked; must 464 * not be null 465 * 466 * @param aLoadInfo the loadinfo of the channel being evaluated. 467 * 468 * @param aMimeTypeGuess OPTIONAL. a guess for the requested content's 469 * MIME type, based on information available to 470 * the request initiator (e.g., an OBJECT's type 471 * attribute); does not reliably reflect the 472 * actual MIME type of the requested content 473 * 474 * @return ACCEPT or REJECT_* 475 * 476 * @note shouldLoad can be called while the DOM and layout of the document 477 * involved is in an inconsistent state. This means that implementors of 478 * this method MUST NOT do any of the following: 479 * 1) Modify the DOM in any way (e.g. setting attributes is a no-no). 480 * 2) Query any DOM properties that depend on layout (e.g. offset* 481 * properties). 482 * 3) Query any DOM properties that depend on style (e.g. computed style). 483 * 4) Query any DOM properties that depend on the current state of the DOM 484 * outside the "context" node (e.g. lengths of node lists). 485 * 5) [JavaScript implementations only] Access properties of any sort on any 486 * object without using XPCNativeWrapper (either explicitly or 487 * implicitly). Due to various DOM0 things, this leads to item 4. 488 * If you do any of these things in your shouldLoad implementation, expect 489 * unpredictable behavior, possibly including crashes, content not showing 490 * up, content showing up doubled, etc. If you need to do any of the things 491 * above, do them off timeout or event. 492 */ 493 short shouldLoad(in nsIURI aContentLocation, 494 in nsILoadInfo aLoadInfo, 495 in ACString aMimeTypeGuess); 496 497 /** 498 * Should the resource be processed? 499 * ShouldProcess will be called once all the information passed to it has 500 * been determined about the resource, typically after part of the resource 501 * has been loaded. 502 * 503 * @param aContentLocation OPTIONAL; the location of the resource being 504 * requested: MAY be, e.g., a post-redirection URI 505 * for the resource. 506 * 507 * @param aLoadInfo the loadinfo of the channel being evaluated. 508 * 509 * @param aMimeType the MIME type of the requested resource (e.g., 510 * image/png), as reported by the networking library, 511 * if available (may be empty if inappropriate for 512 * the type, e.g., TYPE_REFRESH). 513 * 514 * @return ACCEPT or REJECT_* 515 * 516 * @note shouldProcess can be called while the DOM and layout of the document 517 * involved is in an inconsistent state. See the note on shouldLoad to see 518 * what this means for implementors of this method. 519 */ 520 short shouldProcess(in nsIURI aContentLocation, 521 in nsILoadInfo aLoadInfo, 522 in ACString aMimeType); 523}; 524