Ziele Untersuchung
mit Columbo Integrität von
Datenbanken Interaktion und
Portierbarkeit Ergonomie der
Schnittstellen

Angebot Produkte Projekt Beratung

Mittel Analytik Modellierung Sprachen Algebra Logik Hardware Denken Kreativität

Zusammenhänge Gesellschaft Wirtschaft Branche Firma


products/sources/formale Sprachen/C/Firefox/dom/security/ (Browser von der Mozilla Stiftung Version 136.0.1^©) Datei vom 10.2.2025 mit Größe 3 kB

Quelle nsMixedContentBlocker.h Sprache: C

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsMixedContentBlocker_h___
#define nsMixedContentBlocker_h___

#define NS_MIXEDCONTENTBLOCKER_CONTRACTID "@mozilla.org/mixedcontentblocker;1"
/* daf1461b-bf29-4f88-8d0e-4bcdf332c862 */
#define NS_MIXEDCONTENTBLOCKER_CID                   \
  {                                                  \
    0xdaf1461b, 0xbf29, 0x4f88, {                    \
      0x8d, 0x0e, 0x4b, 0xcd, 0xf3, 0x32, 0xc8, 0x62 \
    }                                                \
  }

// This enum defines type of content that is detected when an
// nsMixedContentEvent fires
enum MixedContentTypes {
  // "Active" content, such as fonts, plugin content, JavaScript, stylesheets,
  // iframes, WebSockets, and XHR
  eMixedScript,
  // "Display" content, such as images, audio, video, and <a ping>
  eMixedDisplay
};

#include "nsIContentPolicy.h"
#include "nsIChannel.h"
#include "nsIChannelEventSink.h"
#include "imgRequest.h"

using mozilla::OriginAttributes;

class nsILoadInfo;  // forward declaration
namespace mozilla::net {
class nsProtocolProxyService;  // forward declaration
}  // namespace mozilla::net

class nsMixedContentBlocker : public nsIContentPolicy,
                              public nsIChannelEventSink {
private:
  virtual ~nsMixedContentBlocker();

public:
  NS_DECL_ISUPPORTS
  NS_DECL_NSICONTENTPOLICY
  NS_DECL_NSICHANNELEVENTSINK

  nsMixedContentBlocker() = default;

  // See:
  // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
  static bool IsPotentiallyTrustworthyLoopbackHost(
      const nsACString& aAsciiHost);
  static bool IsPotentiallyTrustworthyLoopbackURL(nsIURI* aURL);
  static bool IsPotentiallyTrustworthyOnion(nsIURI* aURL);
  static bool IsPotentiallyTrustworthyOrigin(nsIURI* aURI);

  /**
   * Returns true if the provided content policy type is subject to the
   * mixed content level 2 upgrading mechanism (audio, video, image).
   *
   * @param aConsiderPrefs A boolean that indicates whether the result of this
   * functions takes the `security.mixed_content.upgrade_display_content`
   * preferences into account.
   */
  static bool IsUpgradableContentType(nsContentPolicyType aType,
                                      bool aConsiderPrefs);

  /* Static version of ShouldLoad() that contains all the Mixed Content Blocker
   * logic.  Called from non-static ShouldLoad().
   * Called directly from imageLib when an insecure redirect exists in a cached
   * image load.
   * @param aHadInsecureImageRedirect
   *        boolean flag indicating that an insecure redirect through http
   *        occured when this image was initially loaded and cached.
   * @param aReportError
   *        boolean flag indicating if a rejection should automaticly be
   *        logged into the Console.
   * Remaining parameters are from nsIContentPolicy::ShouldLoad().
   */
  static nsresult ShouldLoad(bool aHadInsecureImageRedirect,
                             nsIURI* aContentLocation, nsILoadInfo* aLoadInfo,
                             bool aReportError, int16_t* aDecision);
  static void AccumulateMixedContentHSTS(
      nsIURI* aURI, bool aActive, const OriginAttributes& aOriginAttributes);

  static bool URISafeToBeLoadedInSecureContext(nsIURI* aURI);

  static void OnPrefChange(const char* aPref, void* aClosure);
  static void GetSecureContextAllowList(nsACString& aList);
  static void Shutdown();

  static bool sSecurecontextAllowlistCached;
  static nsCString* sSecurecontextAllowlist;
};

#endif /* nsMixedContentBlocker_h___ */

quality100%

¤ Dauer der Verarbeitung: 0.13 Sekunden (vorverarbeitet) ¤

Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.