The Tor Browser / file comparison

comparison: content/base/public/nsIContentSecurityPolicy.idl

content/base/public/nsIContentSecurityPolicy.idl

branch
TOR_BUG_9701
changeset 8
97036ab72558
equal deleted inserted replaced
-1:000000000000 0:2ee31c3a8a1b
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 #include "nsISerializable.idl"
6
7 interface nsIURI;
8 interface nsIChannel;
9 interface nsIDocShell;
10 interface nsIPrincipal;
11
12 /**
13 * nsIContentSecurityPolicy
14 * Describes an XPCOM component used to model and enforce CSPs. Instances of
15 * this class may have multiple policies within them, but there should only be
16 * one of these per document/principal.
17 */
18
19 [scriptable, uuid(8b91f829-b1bf-4327-8ece-4000aa823394)]
20 interface nsIContentSecurityPolicy : nsISerializable
21 {
22
23 /**
24 * Set to true when the CSP has been read in and parsed and is ready to
25 * enforce. This is a barrier for the nsDocument so it doesn't load any
26 * sub-content until either it knows that a CSP is ready or will not be used.
27 */
28 attribute boolean isInitialized;
29
30 /**
31 * Accessor method for a read-only string version of the policy at a given
32 * index.
33 */
34 AString getPolicy(in unsigned long index);
35
36 /**
37 * Returns the number of policies attached to this CSP instance. Useful with
38 * getPolicy().
39 */
40 attribute long policyCount;
41
42 /**
43 * Remove a policy associated with this CSP context.
44 * @throws NS_ERROR_FAILURE if the index is out of bounds or invalid.
45 */
46 void removePolicy(in unsigned long index);
47
48 /**
49 * Parse and install a CSP policy.
50 * @param aPolicy
51 * String representation of the policy (e.g., header value)
52 * @param selfURI
53 * the URI of the protected document/principal
54 * @param reportOnly
55 * Should this policy affect content, script and style processing or
56 * just send reports if it is violated?
57 * @param specCompliant
58 * Whether or not the policy conforms to the W3C specification.
59 * If this is false, that indicates this policy is from the older
60 * implementation with different semantics and directive names.
61 */
62 void appendPolicy(in AString policyString, in nsIURI selfURI,
63 in boolean reportOnly, in boolean specCompliant);
64
65 /**
66 * Whether this policy allows in-page script.
67 * @param shouldReportViolations
68 * Whether or not the use of inline script should be reported.
69 * This function always returns "true" for report-only policies, but when
70 * any policy (report-only or otherwise) is violated,
71 * shouldReportViolations is true as well.
72 * @return
73 * Whether or not the effects of the inline script should be allowed
74 * (block the compilation if false).
75 */
76 boolean getAllowsInlineScript(out boolean shouldReportViolations);
77
78 /**
79 * whether this policy allows eval and eval-like functions
80 * such as setTimeout("code string", time).
81 * @param shouldReportViolations
82 * Whether or not the use of eval should be reported.
83 * This function returns "true" when violating report-only policies, but
84 * when any policy (report-only or otherwise) is violated,
85 * shouldReportViolations is true as well.
86 * @return
87 * Whether or not the effects of the eval call should be allowed
88 * (block the call if false).
89 */
90 boolean getAllowsEval(out boolean shouldReportViolations);
91
92 /**
93 * Whether this policy allows in-page styles.
94 * This includes <style> tags with text content and style="" attributes in
95 * HTML elements.
96 * @param shouldReportViolations
97 * Whether or not the use of inline style should be reported.
98 * If there are report-only policies, this function may return true
99 * (don't block), but one or more policy may still want to send
100 * violation reports so shouldReportViolations will be true even if the
101 * inline style should be permitted.
102 * @return
103 * Whether or not the effects of the inline style should be allowed
104 * (block the rules if false).
105 */
106 boolean getAllowsInlineStyle(out boolean shouldReportViolations);
107
108 /**
109 * Whether this policy accepts the given nonce
110 * @param aNonce
111 * The nonce string to check against the policy
112 * @param aContentType
113 * The type of element on which we encountered this nonce
114 * @param shouldReportViolation
115 * Whether or not the use of an incorrect nonce should be reported.
116 * This function always returns "true" for report-only policies, but when
117 * the report-only policy is violated, shouldReportViolation is true as
118 * well.
119 * @return
120 * Whether or not this nonce is valid
121 */
122 boolean getAllowsNonce(in AString aNonce,
123 in unsigned long aContentType,
124 out boolean shouldReportViolation);
125
126 /**
127 * Whether this policy accepts the given inline resource based on the hash
128 * of its content.
129 * @param aContent
130 * The content of the inline resource to hash (and compare to the
131 * hashes listed in the policy)
132 * @param aContentType
133 * The type of inline element (script or style)
134 * @param shouldReportViolation
135 * Whether this inline resource should be reported as a hash-source
136 * violation. If there are no hash-sources in the policy, this is
137 * always false.
138 * @return
139 * Whether or not this inline resource is whitelisted by a hash-source
140 */
141 boolean getAllowsHash(in AString aContent,
142 in unsigned short aContentType,
143 out boolean shouldReportViolation);
144
145 /**
146 * For each violated policy (of type violationType), log policy violation on
147 * the Error Console and send a report to report-uris present in the violated
148 * policies.
149 *
150 * @param violationType
151 * one of the VIOLATION_TYPE_* constants, e.g. inline-script or eval
152 * @param sourceFile
153 * name of the source file containing the violation (if available)
154 * @param contentSample
155 * sample of the violating content (to aid debugging)
156 * @param lineNum
157 * source line number of the violation (if available)
158 * @param aNonce
159 * (optional) If this is a nonce violation, include the nonce so we can
160 * recheck to determine which policies were violated and send the
161 * appropriate reports.
162 * @param aContent
163 * (optional) If this is a hash violation, include contents of the inline
164 * resource in the question so we can recheck the hash in order to
165 * determine which policies were violated and send the appropriate
166 * reports.
167 */
168 void logViolationDetails(in unsigned short violationType,
169 in AString sourceFile,
170 in AString scriptSample,
171 in int32_t lineNum,
172 [optional] in AString nonce,
173 [optional] in AString content);
174
175 const unsigned short VIOLATION_TYPE_INLINE_SCRIPT = 1;
176 const unsigned short VIOLATION_TYPE_EVAL = 2;
177 const unsigned short VIOLATION_TYPE_INLINE_STYLE = 3;
178 const unsigned short VIOLATION_TYPE_NONCE_SCRIPT = 4;
179 const unsigned short VIOLATION_TYPE_NONCE_STYLE = 5;
180 const unsigned short VIOLATION_TYPE_HASH_SCRIPT = 6;
181 const unsigned short VIOLATION_TYPE_HASH_STYLE = 7;
182
183 /**
184 * Called after the CSP object is created to fill in appropriate request
185 * context and give it a reference to its owning principal for violation
186 * report generation.
187 * This will use whatever data is available, choosing earlier arguments first
188 * if multiple are available. Either way, it will attempt to obtain the URI,
189 * referrer and the principal from whatever is available. If the channel is
190 * available, it'll also store that for processing policy-uri directives.
191 */
192 void setRequestContext(in nsIURI selfURI,
193 in nsIURI referrer,
194 in nsIPrincipal documentPrincipal,
195 in nsIChannel aChannel);
196
197 /**
198 * Verifies ancestry as permitted by the policy.
199 *
200 * NOTE: Calls to this may trigger violation reports when queried, so this
201 * value should not be cached.
202 *
203 * @param docShell
204 * containing the protected resource
205 * @return
206 * true if the frame's ancestors are all allowed by policy (except for
207 * report-only policies, which will send reports and then return true
208 * here when violated).
209 */
210 boolean permitsAncestry(in nsIDocShell docShell);
211
212 /**
213 * Delegate method called by the service when sub-elements of the protected
214 * document are being loaded. Given a bit of information about the request,
215 * decides whether or not the policy is satisfied.
216 *
217 * Calls to this may trigger violation reports when queried, so
218 * this value should not be cached.
219 */
220 short shouldLoad(in unsigned long aContentType,
221 in nsIURI aContentLocation,
222 in nsIURI aRequestOrigin,
223 in nsISupports aContext,
224 in ACString aMimeTypeGuess,
225 in nsISupports aExtra);
226
227 /**
228 * Delegate method called by the service when sub-elements of the protected
229 * document are being processed. Given a bit of information about the request,
230 * decides whether or not the policy is satisfied.
231 */
232 short shouldProcess(in unsigned long aContentType,
233 in nsIURI aContentLocation,
234 in nsIURI aRequestOrigin,
235 in nsISupports aContext,
236 in ACString aMimeType,
237 in nsISupports aExtra);
238
239 };

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial