1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/netwerk/base/public/nsISiteSecurityService.idl Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,100 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#include "nsISupports.idl"
1.9 +
1.10 +interface nsIURI;
1.11 +interface nsIObserver;
1.12 +interface nsIHttpChannel;
1.13 +
1.14 +[scriptable, uuid(b20a9242-5732-45bc-9fa0-a178154f2721)]
1.15 +interface nsISiteSecurityService : nsISupports
1.16 +{
1.17 + const uint32_t HEADER_HSTS = 0;
1.18 + const uint32_t HEADER_HKPK = 1;
1.19 + const uint32_t HEADER_OMS = 2;
1.20 +
1.21 + /**
1.22 + * Parses a given HTTP header and records the results internally.
1.23 + * Currently the only header type supported is HSTS (aka STS).
1.24 + * The format of the HSTS header is defined by the HSTS specification:
1.25 + * https://tools.ietf.org/html/rfc6797
1.26 + * and allows a host to specify that future HTTP requests should be
1.27 + * upgraded to HTTPS.
1.28 + *
1.29 + * @param aType the type of security header in question.
1.30 + * @param aSourceURI the URI of the resource with the HTTP header.
1.31 + * @param aHeader the HTTP response header specifying security data.
1.32 + * @param aFlags options for this request as defined in nsISocketProvider:
1.33 + * NO_PERMANENT_STORAGE
1.34 + * @param aMaxAge the parsed max-age directive of the header.
1.35 + * @param aIncludeSubdomains the parsed includeSubdomains directive.
1.36 + * @return NS_OK if it succeeds
1.37 + * NS_ERROR_FAILURE if it can't be parsed
1.38 + * NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
1.39 + * if there are unrecognized tokens in the header.
1.40 + */
1.41 + void processHeader(in uint32_t aType,
1.42 + in nsIURI aSourceURI,
1.43 + in string aHeader,
1.44 + in uint32_t aFlags,
1.45 + [optional] out unsigned long long aMaxAge,
1.46 + [optional] out boolean aIncludeSubdomains);
1.47 +
1.48 + /**
1.49 + * Given a header type, removes state relating to that header of a host,
1.50 + * including the includeSubdomains state that would affect subdomains.
1.51 + * This essentially removes the state for the domain tree rooted at this
1.52 + * host.
1.53 + * @param aType the type of security state in question
1.54 + * @param aURI the URI of the target host
1.55 + * @param aFlags options for this request as defined in nsISocketProvider:
1.56 + * NO_PERMANENT_STORAGE
1.57 + */
1.58 + void removeState(in uint32_t aType,
1.59 + in nsIURI aURI,
1.60 + in uint32_t aFlags);
1.61 +
1.62 + /**
1.63 + * See isSecureURI
1.64 + *
1.65 + * @param aType the type of security state in question.
1.66 + * @param aHost the hostname (punycode) to query for state.
1.67 + * @param aFlags options for this request as defined in nsISocketProvider:
1.68 + * NO_PERMANENT_STORAGE
1.69 + */
1.70 + boolean isSecureHost(in uint32_t aType,
1.71 + in string aHost,
1.72 + in uint32_t aFlags);
1.73 +
1.74 + /**
1.75 + * Checks if the given security info is for a host with a broken
1.76 + * transport layer (certificate errors like invalid CN).
1.77 + */
1.78 + boolean shouldIgnoreHeaders(in nsISupports aSecurityInfo);
1.79 +
1.80 + /**
1.81 + * Checks whether or not the URI's hostname has a given security state set.
1.82 + * For example, for HSTS:
1.83 + * The URI is an HSTS URI if either the host has the HSTS state set, or one
1.84 + * of its super-domains has the HSTS "includeSubdomains" flag set.
1.85 + * NOTE: this function makes decisions based only on the
1.86 + * host contained in the URI, and disregards other portions of the URI
1.87 + * such as path and port.
1.88 + *
1.89 + * @param aType the type of security state in question.
1.90 + * @param aURI the URI to query for STS state.
1.91 + * @param aFlags options for this request as defined in nsISocketProvider:
1.92 + * NO_PERMANENT_STORAGE
1.93 + */
1.94 + boolean isSecureURI(in uint32_t aType, in nsIURI aURI, in uint32_t aFlags);
1.95 +
1.96 +};
1.97 +
1.98 +%{C++
1.99 +#define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1"
1.100 +
1.101 +#define STS_PERMISSION "sts/use"
1.102 +#define STS_SUBDOMAIN_PERMISSION "sts/subd"
1.103 +%}
