diff -r 000000000000 -r 6474c204b198 content/base/public/nsIContentSecurityPolicy.idl
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/content/base/public/nsIContentSecurityPolicy.idl	Wed Dec 31 06:09:35 2014 +0100
@@ -0,0 +1,239 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISerializable.idl"
+
+interface nsIURI;
+interface nsIChannel;
+interface nsIDocShell;
+interface nsIPrincipal;
+
+/**
+ * nsIContentSecurityPolicy
+ * Describes an XPCOM component used to model and enforce CSPs.  Instances of
+ * this class may have multiple policies within them, but there should only be
+ * one of these per document/principal.
+ */
+
+[scriptable, uuid(8b91f829-b1bf-4327-8ece-4000aa823394)]
+interface nsIContentSecurityPolicy : nsISerializable
+{
+
+  /**
+   * Set to true when the CSP has been read in and parsed and is ready to
+   * enforce.  This is a barrier for the nsDocument so it doesn't load any
+   * sub-content until either it knows that a CSP is ready or will not be used.
+   */
+  attribute boolean isInitialized;
+
+  /**
+   * Accessor method for a read-only string version of the policy at a given
+   * index.
+   */
+  AString getPolicy(in unsigned long index);
+
+  /**
+   * Returns the number of policies attached to this CSP instance.  Useful with
+   * getPolicy().
+   */
+  attribute long policyCount;
+
+  /**
+   * Remove a policy associated with this CSP context.
+   * @throws NS_ERROR_FAILURE if the index is out of bounds or invalid.
+   */
+  void removePolicy(in unsigned long index);
+
+  /**
+   * Parse and install a CSP policy.
+   * @param aPolicy
+   *        String representation of the policy (e.g., header value)
+   * @param selfURI
+   *        the URI of the protected document/principal
+   * @param reportOnly
+   *        Should this policy affect content, script and style processing or
+   *        just send reports if it is violated?
+   * @param specCompliant
+   *        Whether or not the policy conforms to the W3C specification.
+   *        If this is false, that indicates this policy is from the older
+   *        implementation with different semantics and directive names.
+   */
+  void appendPolicy(in AString policyString, in nsIURI selfURI,
+                    in boolean reportOnly, in boolean specCompliant);
+
+  /**
+   * Whether this policy allows in-page script.
+   * @param shouldReportViolations
+   *     Whether or not the use of inline script should be reported.
+   *     This function always returns "true" for report-only policies, but when
+   *     any policy (report-only or otherwise) is violated,
+   *     shouldReportViolations is true as well.
+   * @return
+   *     Whether or not the effects of the inline script should be allowed
+   *     (block the compilation if false).
+   */
+  boolean getAllowsInlineScript(out boolean shouldReportViolations);
+
+  /**
+   * whether this policy allows eval and eval-like functions
+   * such as setTimeout("code string", time).
+   * @param shouldReportViolations
+   *     Whether or not the use of eval should be reported.
+   *     This function returns "true" when violating report-only policies, but
+   *     when any policy (report-only or otherwise) is violated,
+   *     shouldReportViolations is true as well.
+   * @return
+   *     Whether or not the effects of the eval call should be allowed
+   *     (block the call if false).
+   */
+  boolean getAllowsEval(out boolean shouldReportViolations);
+
+  /**
+   * Whether this policy allows in-page styles.
+   * This includes <style> tags with text content and style="" attributes in
+   * HTML elements.
+   * @param shouldReportViolations
+   *     Whether or not the use of inline style should be reported.
+   *     If there are report-only policies, this function may return true
+   *     (don't block), but one or more policy may still want to send
+   *     violation reports so shouldReportViolations will be true even if the
+   *     inline style should be permitted.
+   * @return
+   *     Whether or not the effects of the inline style should be allowed
+   *     (block the rules if false).
+   */
+  boolean getAllowsInlineStyle(out boolean shouldReportViolations);
+
+  /**
+   * Whether this policy accepts the given nonce
+   * @param aNonce
+   *     The nonce string to check against the policy
+   * @param aContentType
+   *     The type of element on which we encountered this nonce
+   * @param shouldReportViolation
+   *     Whether or not the use of an incorrect nonce should be reported.
+   *     This function always returns "true" for report-only policies, but when
+   *     the report-only policy is violated, shouldReportViolation is true as
+   *     well.
+   * @return
+   *     Whether or not this nonce is valid
+   */
+   boolean getAllowsNonce(in AString aNonce,
+                          in unsigned long aContentType,
+                          out boolean shouldReportViolation);
+
+   /**
+    * Whether this policy accepts the given inline resource based on the hash
+    * of its content.
+    * @param aContent
+    *     The content of the inline resource to hash (and compare to the
+    *     hashes listed in the policy)
+    * @param aContentType
+    *     The type of inline element (script or style)
+    * @param shouldReportViolation
+    *     Whether this inline resource should be reported as a hash-source
+    *     violation. If there are no hash-sources in the policy, this is
+    *     always false.
+    * @return
+    *     Whether or not this inline resource is whitelisted by a hash-source
+    */
+   boolean getAllowsHash(in AString aContent,
+                         in unsigned short aContentType,
+                         out boolean shouldReportViolation);
+
+  /**
+   * For each violated policy (of type violationType), log policy violation on
+   * the Error Console and send a report to report-uris present in the violated
+   * policies.
+   *
+   * @param violationType
+   *     one of the VIOLATION_TYPE_* constants, e.g. inline-script or eval
+   * @param sourceFile
+   *     name of the source file containing the violation (if available)
+   * @param contentSample
+   *     sample of the violating content (to aid debugging)
+   * @param lineNum
+   *     source line number of the violation (if available)
+   * @param aNonce
+   *     (optional) If this is a nonce violation, include the nonce so we can
+   *     recheck to determine which policies were violated and send the
+   *     appropriate reports.
+   * @param aContent
+   *     (optional) If this is a hash violation, include contents of the inline
+   *     resource in the question so we can recheck the hash in order to
+   *     determine which policies were violated and send the appropriate
+   *     reports.
+   */
+  void logViolationDetails(in unsigned short violationType,
+                           in AString sourceFile,
+                           in AString scriptSample,
+                           in int32_t lineNum,
+                           [optional] in AString nonce,
+                           [optional] in AString content);
+
+  const unsigned short VIOLATION_TYPE_INLINE_SCRIPT = 1;
+  const unsigned short VIOLATION_TYPE_EVAL          = 2;
+  const unsigned short VIOLATION_TYPE_INLINE_STYLE  = 3;
+  const unsigned short VIOLATION_TYPE_NONCE_SCRIPT  = 4;
+  const unsigned short VIOLATION_TYPE_NONCE_STYLE   = 5;
+  const unsigned short VIOLATION_TYPE_HASH_SCRIPT   = 6;
+  const unsigned short VIOLATION_TYPE_HASH_STYLE    = 7;
+
+  /**
+   * Called after the CSP object is created to fill in appropriate request
+   * context and give it a reference to its owning principal for violation
+   * report generation.
+   * This will use whatever data is available, choosing earlier arguments first
+   * if multiple are available.  Either way, it will attempt to obtain the URI,
+   * referrer and the principal from whatever is available.  If the channel is
+   * available, it'll also store that for processing policy-uri directives.
+   */
+  void setRequestContext(in nsIURI selfURI,
+                         in nsIURI referrer,
+                         in nsIPrincipal documentPrincipal,
+                         in nsIChannel aChannel);
+
+  /**
+   * Verifies ancestry as permitted by the policy.
+   *
+   * NOTE: Calls to this may trigger violation reports when queried, so this
+   * value should not be cached.
+   *
+   * @param docShell
+   *    containing the protected resource
+   * @return
+   *    true if the frame's ancestors are all allowed by policy (except for
+   *    report-only policies, which will send reports and then return true
+   *    here when violated).
+   */
+  boolean permitsAncestry(in nsIDocShell docShell);
+
+  /**
+   * Delegate method called by the service when sub-elements of the protected
+   * document are being loaded.  Given a bit of information about the request,
+   * decides whether or not the policy is satisfied.
+   *
+   * Calls to this may trigger violation reports when queried, so
+   * this value should not be cached.
+   */
+  short shouldLoad(in unsigned long   aContentType,
+                   in nsIURI          aContentLocation,
+                   in nsIURI          aRequestOrigin,
+                   in nsISupports     aContext,
+                   in ACString        aMimeTypeGuess,
+                   in nsISupports     aExtra);
+
+  /**
+   * Delegate method called by the service when sub-elements of the protected
+   * document are being processed.  Given a bit of information about the request,
+   * decides whether or not the policy is satisfied.
+   */
+  short shouldProcess(in unsigned long   aContentType,
+                      in nsIURI          aContentLocation,
+                      in nsIURI          aRequestOrigin,
+                      in nsISupports     aContext,
+                      in ACString        aMimeType,
+                      in nsISupports     aExtra);
+
+};