1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef nsMixedContentBlocker_h___
8 #define nsMixedContentBlocker_h___
10 #define NS_MIXEDCONTENTBLOCKER_CONTRACTID "@mozilla.org/mixedcontentblocker;1"
11 /* daf1461b-bf29-4f88-8d0e-4bcdf332c862 */
12 #define NS_MIXEDCONTENTBLOCKER_CID \
14 0xdaf1461b, 0xbf29, 0x4f88, { \
15 0x8d, 0x0e, 0x4b, 0xcd, 0xf3, 0x32, 0xc8, 0x62 \
19 // This enum defines type of content that is detected when an
20 // nsMixedContentEvent fires
21 enum MixedContentTypes
{
22 // "Active" content, such as fonts, plugin content, JavaScript, stylesheets,
23 // iframes, WebSockets, and XHR
25 // "Display" content, such as images, audio, video, and <a ping>
29 #include "nsIContentPolicy.h"
30 #include "nsIChannel.h"
31 #include "nsIChannelEventSink.h"
32 #include "imgRequest.h"
34 using mozilla::OriginAttributes
;
36 class nsILoadInfo
; // forward declaration
37 namespace mozilla::net
{
38 class nsProtocolProxyService
; // forward declaration
39 } // namespace mozilla::net
41 class nsMixedContentBlocker
: public nsIContentPolicy
,
42 public nsIChannelEventSink
{
44 virtual ~nsMixedContentBlocker();
48 NS_DECL_NSICONTENTPOLICY
49 NS_DECL_NSICHANNELEVENTSINK
51 nsMixedContentBlocker() = default;
54 // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
55 static bool IsPotentiallyTrustworthyLoopbackHost(
56 const nsACString
& aAsciiHost
);
57 static bool IsPotentiallyTrustworthyLoopbackURL(nsIURI
* aURL
);
58 static bool IsPotentiallyTrustworthyOnion(nsIURI
* aURL
);
59 static bool IsPotentiallyTrustworthyOrigin(nsIURI
* aURI
);
62 * Returns true if the provided content policy type is subject to the
63 * mixed content level 2 upgrading mechanism (audio, video, image).
65 * @param aConsiderPrefs A boolean that indicates whether the result of this
66 * functions takes the `security.mixed_content.upgrade_display_content`
67 * preferences into account.
69 static bool IsUpgradableContentType(nsContentPolicyType aType
,
72 /* Static version of ShouldLoad() that contains all the Mixed Content Blocker
73 * logic. Called from non-static ShouldLoad().
74 * Called directly from imageLib when an insecure redirect exists in a cached
76 * @param aHadInsecureImageRedirect
77 * boolean flag indicating that an insecure redirect through http
78 * occured when this image was initially loaded and cached.
80 * boolean flag indicating if a rejection should automaticly be
81 * logged into the Console.
82 * Remaining parameters are from nsIContentPolicy::ShouldLoad().
84 static nsresult
ShouldLoad(bool aHadInsecureImageRedirect
,
85 nsIURI
* aContentLocation
, nsILoadInfo
* aLoadInfo
,
86 bool aReportError
, int16_t* aDecision
);
87 static void AccumulateMixedContentHSTS(
88 nsIURI
* aURI
, bool aActive
, const OriginAttributes
& aOriginAttributes
);
90 static bool URISafeToBeLoadedInSecureContext(nsIURI
* aURI
);
92 static void OnPrefChange(const char* aPref
, void* aClosure
);
93 static void GetSecureContextAllowList(nsACString
& aList
);
94 static void Shutdown();
96 static bool sSecurecontextAllowlistCached
;
97 static nsCString
* sSecurecontextAllowlist
;
100 #endif /* nsMixedContentBlocker_h___ */