1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef mozilla_dom_ProcessIsolation_h
8 #define mozilla_dom_ProcessIsolation_h
12 #include "mozilla/Logging.h"
13 #include "mozilla/dom/RemoteType.h"
14 #include "mozilla/dom/SessionHistoryEntry.h"
15 #include "mozilla/dom/WorkerPrivate.h"
17 #include "nsIPrincipal.h"
20 namespace mozilla::dom
{
22 class CanonicalBrowsingContext
;
23 class WindowGlobalParent
;
25 extern mozilla::LazyLogModule gProcessIsolationLog
;
27 constexpr nsLiteralCString kHighValueCOOPPermission
= "highValueCOOP"_ns
;
28 constexpr nsLiteralCString kHighValueHasSavedLoginPermission
=
29 "highValueHasSavedLogin"_ns
;
30 constexpr nsLiteralCString kHighValueIsLoggedInPermission
=
31 "highValueIsLoggedIn"_ns
;
33 // NavigationIsolationOptions is passed through the methods to store the state
34 // of the possible process and/or browsing context change.
35 struct NavigationIsolationOptions
{
36 nsCString mRemoteType
;
37 bool mReplaceBrowsingContext
= false;
38 uint64_t mSpecificGroupId
= 0;
39 bool mShouldCrossOriginIsolate
= false;
40 bool mTryUseBFCache
= false;
41 RefPtr
<SessionHistoryEntry
> mActiveSessionHistoryEntry
;
45 * Given a specific channel, determines which process the navigation should
46 * complete in, and whether or not to perform a BrowsingContext-replace load
47 * or enter the BFCache.
49 * This method will always return a `NavigationIsolationOptions` even if the
50 * current remote type is compatible. Compatibility with the current process
51 * should be checked at the call-site. An error should only be returned in
52 * exceptional circumstances, and should lead to the load being cancelled.
54 * This method is only intended for use with document navigations.
56 Result
<NavigationIsolationOptions
, nsresult
> IsolationOptionsForNavigation(
57 CanonicalBrowsingContext
* aTopBC
, WindowGlobalParent
* aParentWindow
,
58 nsIURI
* aChannelCreationURI
, nsIChannel
* aChannel
,
59 const nsACString
& aCurrentRemoteType
, bool aHasCOOPMismatch
,
60 bool aForNewTab
, uint32_t aLoadStateLoadType
,
61 const Maybe
<uint64_t>& aChannelId
,
62 const Maybe
<nsCString
>& aRemoteTypeOverride
);
64 // WorkerIsolationOptions is passed back to the RemoteWorkerManager to store the
65 // destination process information for remote worker loads.
66 struct WorkerIsolationOptions
{
67 nsCString mRemoteType
;
71 * Given a specific worker principal and kind, determines which process the
72 * remote worker load should complete in.
74 * This method is only intended for use with remote workers.
76 Result
<WorkerIsolationOptions
, nsresult
> IsolationOptionsForWorker(
77 nsIPrincipal
* aPrincipal
, WorkerKind aWorkerKind
,
78 const nsACString
& aCurrentRemoteType
, bool aUseRemoteSubframes
);
81 * Adds a `highValue` permission to the permissions database, and make loads of
82 * that origin isolated.
84 * The 'aPermissionType' parameter indicates why the site is treated as a high
85 * value site. The possible values are:
87 * kHighValueCOOPPermission
88 * Called when a document request responds with a
89 * `Cross-Origin-Opener-Policy` header.
91 * kHighValueHasSavedLoginPermission
92 * Called for sites that have an associated login saved in the password
95 * kHighValueIsLoggedInPermission
96 * Called when we detect a form with a password is submitted.
98 void AddHighValuePermission(nsIPrincipal
* aResultPrincipal
,
99 const nsACString
& aPermissionType
);
101 void AddHighValuePermission(const nsACString
& aOrigin
,
102 const nsACString
& aPermissionType
);
105 * Returns true when fission is enabled and the
106 * `fission.webContentIsolationStrategy` pref is set to `IsolateHighValue`.
108 bool IsIsolateHighValueSiteEnabled();
110 } // namespace mozilla::dom