netwerk/base/public/nsISiteSecurityService.idl@b8a032363ba2
netwerk/base/public/nsISiteSecurityService.idl
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 #include "nsISupports.idl"
7 interface nsIURI;
8 interface nsIObserver;
9 interface nsIHttpChannel;
11 [scriptable, uuid(b20a9242-5732-45bc-9fa0-a178154f2721)]
12 interface nsISiteSecurityService : nsISupports
13 {
14 const uint32_t HEADER_HSTS = 0;
15 const uint32_t HEADER_HKPK = 1;
16 const uint32_t HEADER_OMS = 2;
18 /**
19 * Parses a given HTTP header and records the results internally.
20 * Currently the only header type supported is HSTS (aka STS).
21 * The format of the HSTS header is defined by the HSTS specification:
22 * https://tools.ietf.org/html/rfc6797
23 * and allows a host to specify that future HTTP requests should be
24 * upgraded to HTTPS.
25 *
26 * @param aType the type of security header in question.
27 * @param aSourceURI the URI of the resource with the HTTP header.
28 * @param aHeader the HTTP response header specifying security data.
29 * @param aFlags options for this request as defined in nsISocketProvider:
30 * NO_PERMANENT_STORAGE
31 * @param aMaxAge the parsed max-age directive of the header.
32 * @param aIncludeSubdomains the parsed includeSubdomains directive.
33 * @return NS_OK if it succeeds
34 * NS_ERROR_FAILURE if it can't be parsed
35 * NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
36 * if there are unrecognized tokens in the header.
37 */
38 void processHeader(in uint32_t aType,
39 in nsIURI aSourceURI,
40 in string aHeader,
41 in uint32_t aFlags,
42 [optional] out unsigned long long aMaxAge,
43 [optional] out boolean aIncludeSubdomains);
45 /**
46 * Given a header type, removes state relating to that header of a host,
47 * including the includeSubdomains state that would affect subdomains.
48 * This essentially removes the state for the domain tree rooted at this
49 * host.
50 * @param aType the type of security state in question
51 * @param aURI the URI of the target host
52 * @param aFlags options for this request as defined in nsISocketProvider:
53 * NO_PERMANENT_STORAGE
54 */
55 void removeState(in uint32_t aType,
56 in nsIURI aURI,
57 in uint32_t aFlags);
59 /**
60 * See isSecureURI
61 *
62 * @param aType the type of security state in question.
63 * @param aHost the hostname (punycode) to query for state.
64 * @param aFlags options for this request as defined in nsISocketProvider:
65 * NO_PERMANENT_STORAGE
66 */
67 boolean isSecureHost(in uint32_t aType,
68 in string aHost,
69 in uint32_t aFlags);
71 /**
72 * Checks if the given security info is for a host with a broken
73 * transport layer (certificate errors like invalid CN).
74 */
75 boolean shouldIgnoreHeaders(in nsISupports aSecurityInfo);
77 /**
78 * Checks whether or not the URI's hostname has a given security state set.
79 * For example, for HSTS:
80 * The URI is an HSTS URI if either the host has the HSTS state set, or one
81 * of its super-domains has the HSTS "includeSubdomains" flag set.
82 * NOTE: this function makes decisions based only on the
83 * host contained in the URI, and disregards other portions of the URI
84 * such as path and port.
85 *
86 * @param aType the type of security state in question.
87 * @param aURI the URI to query for STS state.
88 * @param aFlags options for this request as defined in nsISocketProvider:
89 * NO_PERMANENT_STORAGE
90 */
91 boolean isSecureURI(in uint32_t aType, in nsIURI aURI, in uint32_t aFlags);
93 };
95 %{C++
96 #define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1"
98 #define STS_PERMISSION "sts/use"
99 #define STS_SUBDOMAIN_PERMISSION "sts/subd"
100 %}
