netwerk/base/public/nsISiteSecurityService.idl@6474c204b198 (annotated)
netwerk/base/public/nsISiteSecurityService.idl
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | |
| michael@0 | 5 | #include "nsISupports.idl" |
| michael@0 | 6 | |
| michael@0 | 7 | interface nsIURI; |
| michael@0 | 8 | interface nsIObserver; |
| michael@0 | 9 | interface nsIHttpChannel; |
| michael@0 | 10 | |
| michael@0 | 11 | [scriptable, uuid(b20a9242-5732-45bc-9fa0-a178154f2721)] |
| michael@0 | 12 | interface nsISiteSecurityService : nsISupports |
| michael@0 | 13 | { |
| michael@0 | 14 | const uint32_t HEADER_HSTS = 0; |
| michael@0 | 15 | const uint32_t HEADER_HKPK = 1; |
| michael@0 | 16 | const uint32_t HEADER_OMS = 2; |
| michael@0 | 17 | |
| michael@0 | 18 | /** |
| michael@0 | 19 | * Parses a given HTTP header and records the results internally. |
| michael@0 | 20 | * Currently the only header type supported is HSTS (aka STS). |
| michael@0 | 21 | * The format of the HSTS header is defined by the HSTS specification: |
| michael@0 | 22 | * https://tools.ietf.org/html/rfc6797 |
| michael@0 | 23 | * and allows a host to specify that future HTTP requests should be |
| michael@0 | 24 | * upgraded to HTTPS. |
| michael@0 | 25 | * |
| michael@0 | 26 | * @param aType the type of security header in question. |
| michael@0 | 27 | * @param aSourceURI the URI of the resource with the HTTP header. |
| michael@0 | 28 | * @param aHeader the HTTP response header specifying security data. |
| michael@0 | 29 | * @param aFlags options for this request as defined in nsISocketProvider: |
| michael@0 | 30 | * NO_PERMANENT_STORAGE |
| michael@0 | 31 | * @param aMaxAge the parsed max-age directive of the header. |
| michael@0 | 32 | * @param aIncludeSubdomains the parsed includeSubdomains directive. |
| michael@0 | 33 | * @return NS_OK if it succeeds |
| michael@0 | 34 | * NS_ERROR_FAILURE if it can't be parsed |
| michael@0 | 35 | * NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA |
| michael@0 | 36 | * if there are unrecognized tokens in the header. |
| michael@0 | 37 | */ |
| michael@0 | 38 | void processHeader(in uint32_t aType, |
| michael@0 | 39 | in nsIURI aSourceURI, |
| michael@0 | 40 | in string aHeader, |
| michael@0 | 41 | in uint32_t aFlags, |
| michael@0 | 42 | [optional] out unsigned long long aMaxAge, |
| michael@0 | 43 | [optional] out boolean aIncludeSubdomains); |
| michael@0 | 44 | |
| michael@0 | 45 | /** |
| michael@0 | 46 | * Given a header type, removes state relating to that header of a host, |
| michael@0 | 47 | * including the includeSubdomains state that would affect subdomains. |
| michael@0 | 48 | * This essentially removes the state for the domain tree rooted at this |
| michael@0 | 49 | * host. |
| michael@0 | 50 | * @param aType the type of security state in question |
| michael@0 | 51 | * @param aURI the URI of the target host |
| michael@0 | 52 | * @param aFlags options for this request as defined in nsISocketProvider: |
| michael@0 | 53 | * NO_PERMANENT_STORAGE |
| michael@0 | 54 | */ |
| michael@0 | 55 | void removeState(in uint32_t aType, |
| michael@0 | 56 | in nsIURI aURI, |
| michael@0 | 57 | in uint32_t aFlags); |
| michael@0 | 58 | |
| michael@0 | 59 | /** |
| michael@0 | 60 | * See isSecureURI |
| michael@0 | 61 | * |
| michael@0 | 62 | * @param aType the type of security state in question. |
| michael@0 | 63 | * @param aHost the hostname (punycode) to query for state. |
| michael@0 | 64 | * @param aFlags options for this request as defined in nsISocketProvider: |
| michael@0 | 65 | * NO_PERMANENT_STORAGE |
| michael@0 | 66 | */ |
| michael@0 | 67 | boolean isSecureHost(in uint32_t aType, |
| michael@0 | 68 | in string aHost, |
| michael@0 | 69 | in uint32_t aFlags); |
| michael@0 | 70 | |
| michael@0 | 71 | /** |
| michael@0 | 72 | * Checks if the given security info is for a host with a broken |
| michael@0 | 73 | * transport layer (certificate errors like invalid CN). |
| michael@0 | 74 | */ |
| michael@0 | 75 | boolean shouldIgnoreHeaders(in nsISupports aSecurityInfo); |
| michael@0 | 76 | |
| michael@0 | 77 | /** |
| michael@0 | 78 | * Checks whether or not the URI's hostname has a given security state set. |
| michael@0 | 79 | * For example, for HSTS: |
| michael@0 | 80 | * The URI is an HSTS URI if either the host has the HSTS state set, or one |
| michael@0 | 81 | * of its super-domains has the HSTS "includeSubdomains" flag set. |
| michael@0 | 82 | * NOTE: this function makes decisions based only on the |
| michael@0 | 83 | * host contained in the URI, and disregards other portions of the URI |
| michael@0 | 84 | * such as path and port. |
| michael@0 | 85 | * |
| michael@0 | 86 | * @param aType the type of security state in question. |
| michael@0 | 87 | * @param aURI the URI to query for STS state. |
| michael@0 | 88 | * @param aFlags options for this request as defined in nsISocketProvider: |
| michael@0 | 89 | * NO_PERMANENT_STORAGE |
| michael@0 | 90 | */ |
| michael@0 | 91 | boolean isSecureURI(in uint32_t aType, in nsIURI aURI, in uint32_t aFlags); |
| michael@0 | 92 | |
| michael@0 | 93 | }; |
| michael@0 | 94 | |
| michael@0 | 95 | %{C++ |
| michael@0 | 96 | #define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1" |
| michael@0 | 97 | |
| michael@0 | 98 | #define STS_PERMISSION "sts/use" |
| michael@0 | 99 | #define STS_SUBDOMAIN_PERMISSION "sts/subd" |
| michael@0 | 100 | %} |
