/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "nsISupports.idl" interface nsIURI; interface nsIDOMNode; interface nsIPrincipal; /** * The type of nsIContentPolicy::TYPE_* */ typedef unsigned long nsContentPolicyType; /** * Interface for content policy mechanism. Implementations of this * interface can be used to control loading of various types of out-of-line * content, or processing of certain types of in-line content. * * WARNING: do not block the caller from shouldLoad or shouldProcess (e.g., * by launching a dialog to prompt the user for something). */ [scriptable,uuid(d6ab1d11-8e24-4db4-8582-c40a78281737)] interface nsIContentPolicyBase : nsISupports { /** * Indicates a unset or bogus policy type. */ const nsContentPolicyType TYPE_INVALID = 0; /** * Gecko/Firefox developers: Avoid using TYPE_OTHER. Especially for * requests that are coming from webpages. Or requests in general which * you expect that security checks will be done on. * Always use a more specific type if one is available. And do not hesitate * to add more types as appropriate. * But if you are fairly sure that no one would care about your more specific * type, then it's ok to use TYPE_OTHER. * * Extension developers: Whenever it is reasonable, use one of the existing * content types. If none of the existing content types are right for * something you are doing, file a bug in the Core/DOM component that * includes a patch that adds your new content type to the end of the list of * TYPE_* constants here. But, don't start using your new content type until * your patch has been accepted, because it will be uncertain what exact * value and name your new content type will have; in that interim period, * use TYPE_OTHER. In your patch, document your new content type in the style * of the existing ones. In the bug you file, provide a more detailed * description of the new type of content you want Gecko to support, so that * the existing implementations of nsIContentPolicy can be properly modified * to deal with that new type of content. * * Implementations of nsIContentPolicy should treat this the same way they * treat unknown types, because existing users of TYPE_OTHER may be converted * to use new content types. * * Note that the TYPE_INTERNAL_* constants are never passed to content * policy implementations. They are mapped to other TYPE_* constants, and * are only intended for internal usage inside Gecko. */ const nsContentPolicyType TYPE_OTHER = 1; /** * Indicates an executable script (such as JavaScript). */ const nsContentPolicyType TYPE_SCRIPT = 2; /** * Indicates an image (e.g., IMG elements). */ const nsContentPolicyType TYPE_IMAGE = 3; /** * Indicates a stylesheet (e.g., STYLE elements). */ const nsContentPolicyType TYPE_STYLESHEET = 4; /** * Indicates a generic object (plugin-handled content typically falls under * this category). */ const nsContentPolicyType TYPE_OBJECT = 5; /** * Indicates a document at the top-level (i.e., in a browser). */ const nsContentPolicyType TYPE_DOCUMENT = 6; /** * Indicates a document contained within another document (e.g., IFRAMEs, * FRAMES, and OBJECTs). */ const nsContentPolicyType TYPE_SUBDOCUMENT = 7; /** * Indicates a timed refresh. * * shouldLoad will never get this, because it does not represent content * to be loaded (the actual load triggered by the refresh will go through * shouldLoad as expected). * * shouldProcess will get this for, e.g., META Refresh elements and HTTP * Refresh headers. */ const nsContentPolicyType TYPE_REFRESH = 8; /** * Indicates an XBL binding request, triggered either by -moz-binding CSS * property. */ const nsContentPolicyType TYPE_XBL = 9; /** * Indicates a ping triggered by a click on element. */ const nsContentPolicyType TYPE_PING = 10; /** * Indicates an XMLHttpRequest. Also used for document.load and for EventSource. */ const nsContentPolicyType TYPE_XMLHTTPREQUEST = 11; const nsContentPolicyType TYPE_DATAREQUEST = 11; // alias /** * Indicates a request by a plugin. */ const nsContentPolicyType TYPE_OBJECT_SUBREQUEST = 12; /** * Indicates a DTD loaded by an XML document. */ const nsContentPolicyType TYPE_DTD = 13; /** * Indicates a font loaded via @font-face rule. */ const nsContentPolicyType TYPE_FONT = 14; /** * Indicates a video or audio load. */ const nsContentPolicyType TYPE_MEDIA = 15; /** * Indicates a WebSocket load. */ const nsContentPolicyType TYPE_WEBSOCKET = 16; /** * Indicates a Content Security Policy report. */ const nsContentPolicyType TYPE_CSP_REPORT = 17; /** * Indicates a style sheet transformation. */ const nsContentPolicyType TYPE_XSLT = 18; /** * Indicates a beacon post. */ const nsContentPolicyType TYPE_BEACON = 19; /** * Indicates a load initiated by the fetch() function from the Fetch * specification. */ const nsContentPolicyType TYPE_FETCH = 20; /** * Indicates a or request. */ const nsContentPolicyType TYPE_IMAGESET = 21; /** * Indicates a web manifest. */ const nsContentPolicyType TYPE_WEB_MANIFEST = 22; /** * Indicates an internal constant for scripts loaded through script * elements. * * This will be mapped to TYPE_SCRIPT before being passed to content policy * implementations. */ const nsContentPolicyType TYPE_INTERNAL_SCRIPT = 23; /** * Indicates an internal constant for scripts loaded through a dedicated * worker. * * This will be mapped to TYPE_SCRIPT before being passed to content policy * implementations. */ const nsContentPolicyType TYPE_INTERNAL_WORKER = 24; /** * Indicates an internal constant for scripts loaded through a shared * worker. * * This will be mapped to TYPE_SCRIPT before being passed to content policy * implementations. */ const nsContentPolicyType TYPE_INTERNAL_SHARED_WORKER = 25; /** * Indicates an internal constant for content loaded from embed elements. * * This will be mapped to TYPE_OBJECT. */ const nsContentPolicyType TYPE_INTERNAL_EMBED = 26; /** * Indicates an internal constant for content loaded from object elements. * * This will be mapped to TYPE_OBJECT. */ const nsContentPolicyType TYPE_INTERNAL_OBJECT = 27; /** * Indicates an internal constant for content loaded from frame elements. * * This will be mapped to TYPE_SUBDOCUMENT. */ const nsContentPolicyType TYPE_INTERNAL_FRAME = 28; /** * Indicates an internal constant for content loaded from iframe elements. * * This will be mapped to TYPE_SUBDOCUMENT. */ const nsContentPolicyType TYPE_INTERNAL_IFRAME = 29; /** * Indicates an internal constant for content loaded from audio elements. * * This will be mapped to TYPE_MEDIA. */ const nsContentPolicyType TYPE_INTERNAL_AUDIO = 30; /** * Indicates an internal constant for content loaded from video elements. * * This will be mapped to TYPE_MEDIA. */ const nsContentPolicyType TYPE_INTERNAL_VIDEO = 31; /** * Indicates an internal constant for content loaded from track elements. * * This will be mapped to TYPE_MEDIA. */ const nsContentPolicyType TYPE_INTERNAL_TRACK = 32; /** * Indicates an internal constant for an XMLHttpRequest. * * This will be mapped to TYPE_XMLHTTPREQUEST. */ const nsContentPolicyType TYPE_INTERNAL_XMLHTTPREQUEST = 33; /** * Indicates an internal constant for EventSource. * * This will be mapped to TYPE_DATAREQUEST. */ const nsContentPolicyType TYPE_INTERNAL_EVENTSOURCE = 34; /** * Indicates an internal constant for scripts loaded through a service * worker. * * This will be mapped to TYPE_SCRIPT before being passed to content policy * implementations. */ const nsContentPolicyType TYPE_INTERNAL_SERVICE_WORKER = 35; /** * Indicates an internal constant for *preloaded* scripts * loaded through script elements. * * This will be mapped to TYPE_SCRIPT before being passed * to content policy implementations. */ const nsContentPolicyType TYPE_INTERNAL_SCRIPT_PRELOAD = 36; /** * Indicates an internal constant for normal images. * * This will be mapped to TYPE_IMAGE before being passed * to content policy implementations. */ const nsContentPolicyType TYPE_INTERNAL_IMAGE = 37; /** * Indicates an internal constant for *preloaded* images. * * This will be mapped to TYPE_IMAGE before being passed * to content policy implementations. */ const nsContentPolicyType TYPE_INTERNAL_IMAGE_PRELOAD = 38; /** * Indicates an internal constant for normal stylesheets. * * This will be mapped to TYPE_STYLESHEET before being passed * to content policy implementations. */ const nsContentPolicyType TYPE_INTERNAL_STYLESHEET = 39; /** * Indicates an internal constant for *preloaded* stylesheets. * * This will be mapped to TYPE_STYLESHEET before being passed * to content policy implementations. */ const nsContentPolicyType TYPE_INTERNAL_STYLESHEET_PRELOAD = 40; /** * Indicates an internal constant for favicon. * * This will be mapped to TYPE_IMAGE before being passed * to content policy implementations. */ const nsContentPolicyType TYPE_INTERNAL_IMAGE_FAVICON = 41; /** * Indicates an save-as link download from the front-end code. */ const nsContentPolicyType TYPE_SAVEAS_DOWNLOAD = 42; /* When adding new content types, please update nsContentBlocker, * NS_CP_ContentTypeName, nsCSPContext, CSP_ContentTypeToDirective, * DoContentSecurityChecks, all nsIContentPolicy implementations, the * static_assert in dom/cache/DBSchema.cpp, nsPermissionManager.cpp, * and other things that are not listed here that are related * to nsIContentPolicy. */ ////////////////////////////////////////////////////////////////////// /** * Returned from shouldLoad or shouldProcess if the load or process request * is rejected based on details of the request. */ const short REJECT_REQUEST = -1; /** * Returned from shouldLoad or shouldProcess if the load/process is rejected * based solely on its type (of the above flags). * * NOTE that it is not meant to stop future requests for this type--only the * current request. */ const short REJECT_TYPE = -2; /** * Returned from shouldLoad or shouldProcess if the load/process is rejected * based on the server it is hosted on or requested from (aContentLocation or * aRequestOrigin), e.g., if you block an IMAGE because it is served from * goatse.cx (even if you don't necessarily block other types from that * server/domain). * * NOTE that it is not meant to stop future requests for this server--only the * current request. */ const short REJECT_SERVER = -3; /** * Returned from shouldLoad or shouldProcess if the load/process is rejected * based on some other criteria. Mozilla callers will handle this like * REJECT_REQUEST; third-party implementors may, for example, use this to * direct their own callers to consult the extra parameter for additional * details. */ const short REJECT_OTHER = -4; /** * Returned from shouldLoad or shouldProcess if the load or process request * is not rejected. */ const short ACCEPT = 1; };