The Tor Browser: comparison netwerk/base/public/nsISiteSecurityService.idl

--1:000000000000
+:c74c6b6848c1
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "nsISupports.idl"
+interface nsIURI;
+interface nsIObserver;
+interface nsIHttpChannel;
+[scriptable, uuid(b20a9242-5732-45bc-9fa0-a178154f2721)]
+interface nsISiteSecurityService : nsISupports
+{
+const uint32_t HEADER_HSTS = 0;
+const uint32_t HEADER_HKPK = 1;
+const uint32_t HEADER_OMS = 2;
+/**
+* Parses a given HTTP header and records the results internally.
+* Currently the only header type supported is HSTS (aka STS).
+* The format of the HSTS header is defined by the HSTS specification:
+* https://tools.ietf.org/html/rfc6797
+* and allows a host to specify that future HTTP requests should be
+* upgraded to HTTPS.
+*
+* @param aType the type of security header in question.
+* @param aSourceURI the URI of the resource with the HTTP header.
+* @param aHeader the HTTP response header specifying security data.
+* @param aFlags  options for this request as defined in nsISocketProvider:
+*                  NO_PERMANENT_STORAGE
+* @param aMaxAge the parsed max-age directive of the header.
+* @param aIncludeSubdomains the parsed includeSubdomains directive.
+* @return NS_OK            if it succeeds
+*         NS_ERROR_FAILURE if it can't be parsed
+*         NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
+*                          if there are unrecognized tokens in the header.
+*/
+void processHeader(in uint32_t aType,
+in nsIURI aSourceURI,
+in string aHeader,
+in uint32_t aFlags,
+[optional] out unsigned long long aMaxAge,
+[optional] out boolean aIncludeSubdomains);
+/**
+* Given a header type, removes state relating to that header of a host,
+* including the includeSubdomains state that would affect subdomains.
+* This essentially removes the state for the domain tree rooted at this
+* host.
+* @param aType   the type of security state in question
+* @param aURI    the URI of the target host
+* @param aFlags  options for this request as defined in nsISocketProvider:
+*                  NO_PERMANENT_STORAGE
+*/
+void removeState(in uint32_t aType,
+in nsIURI aURI,
+in uint32_t aFlags);
+/**
+* See isSecureURI
+*
+* @param aType the type of security state in question.
+* @param aHost the hostname (punycode) to query for state.
+* @param aFlags  options for this request as defined in nsISocketProvider:
+*                  NO_PERMANENT_STORAGE
+*/
+boolean isSecureHost(in uint32_t aType,
+in string aHost,
+in uint32_t aFlags);
+/**
+* Checks if the given security info is for a host with a broken
+* transport layer (certificate errors like invalid CN).
+*/
+boolean shouldIgnoreHeaders(in nsISupports aSecurityInfo);
+/**
+* Checks whether or not the URI's hostname has a given security state set.
+* For example, for HSTS:
+* The URI is an HSTS URI if either the host has the HSTS state set, or one
+* of its super-domains has the HSTS "includeSubdomains" flag set.
+* NOTE: this function makes decisions based only on the
+* host contained in the URI, and disregards other portions of the URI
+* such as path and port.
+*
+* @param aType the type of security state in question.
+* @param aURI the URI to query for STS state.
+* @param aFlags  options for this request as defined in nsISocketProvider:
+*                  NO_PERMANENT_STORAGE
+*/
+boolean isSecureURI(in uint32_t aType, in nsIURI aURI, in uint32_t aFlags);
+};
+%{C++
+#define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1"
+#define STS_PERMISSION "sts/use"
+#define STS_SUBDOMAIN_PERMISSION "sts/subd"
+%}

The Tor Browser / file comparison

comparison: netwerk/base/public/nsISiteSecurityService.idl

netwerk/base/public/nsISiteSecurityService.idl