Google Git
Sign in
chromium / chromium / src / 58a2bab7bddae4956cdb6b9c7ded0e6f1dde1195 / . / services / network / public / mojom / network_context.mojom
blob: 8b9350089cd7cd6bfe0898e1706d81d268beb05d [file] [log] [blame]
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module network.mojom;
import "mojo/public/mojom/base/big_buffer.mojom";
import "mojo/public/mojom/base/file.mojom";
import "mojo/public/mojom/base/file_path.mojom";
import "mojo/public/mojom/base/time.mojom";
import "mojo/public/mojom/base/unguessable_token.mojom";
import "mojo/public/mojom/base/values.mojom";
import "services/network/public/mojom/address_list.mojom";
import "services/network/public/mojom/cookie_manager.mojom";
import "services/network/public/mojom/default_credentials.mojom";
import "services/network/public/mojom/cors_origin_pattern.mojom";
import "services/network/public/mojom/host_resolver.mojom";
import "services/network/public/mojom/http_request_headers.mojom";
import "services/network/public/mojom/ip_address.mojom";
import "services/network/public/mojom/ip_endpoint.mojom";
import "services/network/public/mojom/mdns_responder.mojom";
import "services/network/public/mojom/mutable_network_traffic_annotation_tag.mojom";
import "services/network/public/mojom/net_log.mojom";
import "services/network/public/mojom/network_isolation_key.mojom";
import "services/network/public/mojom/network_param.mojom";
import "services/network/public/mojom/origin_policy_manager.mojom";
import "services/network/public/mojom/p2p.mojom";
import "services/network/public/mojom/p2p_trusted.mojom";
import "services/network/public/mojom/proxy_config.mojom";
import "services/network/public/mojom/proxy_config_with_annotation.mojom";
import "services/network/public/mojom/proxy_lookup_client.mojom";
import "services/network/public/mojom/proxy_resolving_socket.mojom";
import "services/network/public/mojom/restricted_cookie_manager.mojom";
import "services/network/public/mojom/ssl_config.mojom";
import "services/network/public/mojom/tcp_socket.mojom";
import "services/network/public/mojom/udp_socket.mojom";
import "services/network/public/mojom/url_loader.mojom";
import "services/network/public/mojom/url_loader_factory.mojom";
import "services/network/public/mojom/url_response_head.mojom";
import "services/network/public/mojom/websocket.mojom";
import "services/proxy_resolver/public/mojom/proxy_resolver.mojom";
import "url/mojom/origin.mojom";
import "url/mojom/url.mojom";
[EnableIf=is_ct_supported]
import "services/network/public/mojom/ct_log_info.mojom";
[EnableIf=is_trial_comparison_cert_verifier_supported]
import "services/network/public/mojom/trial_comparison_cert_verifier.mojom";
const uint32 kWebSocketOptionNone = 0;
// Disallow the request from sending cookies. Disallow the response from writing
// cookies.
const uint32 kWebSocketOptionBlockAllCookies = 1;
// Similar to |kWebSocketOptionBlockAllCookies|, but only for third party
// cookies.
const uint32 kWebSocketOptionBlockThirdPartyCookies = 2;
// Indicates that execution is blocking on the completion of the request.
// The browser can provide a CustomProxyConfig to a CustomProxyConfigClient
// running in the network service. The network service will use the given proxy
// configuration if a request matches the proxy rules and all the other
// criteria contained within it. This configuration allows the browser to
// direct the network service to set headers on requests to the given proxies
// before and/or after the caching layer.
struct CustomProxyConfig {
// The custom proxy rules to use. Note that ftp:// requests are not
// supported.
ProxyRules rules;
// Whether the custom proxy config should override other sources of proxy
// configuration. If false, the custom config is ignored if a proxy is set in
// the operating system, for example.
bool should_override_existing_config = false;
// Whether the custom proxy config should apply to requests using
// non-idempotent methods. Can be true if the proxy is known to handle this
// case properly.
bool allow_non_idempotent_methods = false;
// Whether every HTTPS proxy in the custom proxy config can be assumed to
// also support QUIC. If this is true, the network service will try to
// establish an alternative QUIC stream to the proxy in parallel to the HTTPS
// stream in an attempt to use QUIC if possible.
bool assume_https_proxies_support_quic = false;
// Whether the custom proxy config can be used on HTTP URLs whose fetching
// causes redirect cycles. If set to false, network service will try to
// bypass custom proxies on HTTP requests whose fetching causes redirect
// cycles. In such cases, the request will be fetched directly once the
// redirect cycle is detected.
// TODO(https://crbug.com/945892): Remove this boolean once Network
// Servicification is fully launched.
bool can_use_proxy_on_http_url_redirect_cycles = true;
// The custom proxy can set these headers in this config which will be added
// to all requests using the proxy. This allows setting headers that may be
// privacy/security sensitive which we don't want to send to the renderer.
// Headers that require per-request logic can be added through the
// |custom_proxy_pre_cache_headers| and |custom_proxy_post_cache_headers|
// fields in ResourceRequest.
//
// Headers that will be set before the cache for http:// requests. If the
// request does not use a custom proxy, these headers will be removed before
// sending to the network. If a request already has one of these headers set,
// it may be overwritten if a custom proxy is used, or removed if a custom
// proxy is not used.
HttpRequestHeaders pre_cache_headers;
// Headers that will be set after the cache for http:// requests that are
// issued through a custom proxy. Headers here will overwrite matching
// headers on the request if a custom proxy is used.
HttpRequestHeaders post_cache_headers;
// For tunneled requests (https://, ws://, wss://), these headers are added
// to the CONNECT request. Headers here will overwrite matching headers on
// the CONNECT request if a custom proxy is used.
HttpRequestHeaders connect_tunnel_headers;
};
// Client to update the custom proxy config.
interface CustomProxyConfigClient {
OnCustomProxyConfigUpdated(CustomProxyConfig proxy_config);
// Marks the custom proxies in |bad_proxies| as temporarily bad, so they are
// not layered onto the proxy resolution results for subsequent requests.
MarkProxiesAsBad(mojo_base.mojom.TimeDelta bypass_duration,
ProxyList bad_proxies) => ();
// Clears the list of bad proxy servers that has been cached in the proxy
// resolution service.
ClearBadProxiesCache();
};
[EnableIf=is_chromeos]
struct AdditionalCertificates {
// List of all additional certificates.
array<X509Certificate> all_certificates;
// List of additional trust anchors.
array<X509Certificate> trust_anchors;
};
// Sent by TrustedURLLoaderHeaderClient to perform modifications for a request.
interface TrustedHeaderClient {
// Allows modifying request headers before the request is sent.
OnBeforeSendHeaders(HttpRequestHeaders headers) =>
(int32 result, HttpRequestHeaders? headers);
// Allows modifying response headers, including sensitive headers such as
// set-cookie. This should only be used from a trusted process.
OnHeadersReceived(string headers) =>
(int32 result,
string? headers,
url.mojom.Url allowed_unsafe_redirect_url);
};
// Interface to allow modifying the full request and response headers. This
// interface exposes sensitive headers such as set-cookie, so should only be
// sent to trusted processes.
interface TrustedURLLoaderHeaderClient {
// When a new URLLoader is created, this will be called to pass a
// corresponding |header_client|.
OnLoaderCreated(int32 request_id,
pending_receiver<TrustedHeaderClient> header_client);
};
// Parameters for constructing a network context.
struct NetworkContextParams {
// Name used by memory tools to identify the context.
string? context_name;
// The user agent string.
string user_agent;
// String to send as the Accept-Language header. This can be changed later
// by calling SetAcceptLanguage on the NetworkContext. If empty, the header
// will not be added.
string accept_language;
// Whether Brotli content-encoding should be enabled for HTTPS responses.
bool enable_brotli = true;
// QUIC user agent.
string quic_user_agent_id;
// If false, the referrer of requests is never populated.
bool enable_referrers = true;
// If true, requests initiated with referrers that don't match their referrer
// policy will fail.
bool validate_referrer_policy_on_initial_request = true;
// Handles PAC script execution. If not populated, will attempt to use
// platform implementation to execute PAC scripts, if available (Only
// available on Windows and Mac).
proxy_resolver.mojom.ProxyResolverFactory? proxy_resolver_factory;
// Points to the cookie file. An in-memory cookie store is used if it's empty.
mojo_base.mojom.FilePath? cookie_path;
// If true, cookies will be stored encrypted.
bool enable_encrypted_cookies = true;
// If the cookie file is given, this controls whether previously written
// session cookies are restored. Otherwise it should be false.
bool restore_old_session_cookies = false;
// If the cookie file is given, this controls whether to persist session
// cookies. Otherwise it should be false.
bool persist_session_cookies = false;
// True if an HTTP cache should be used.
bool http_cache_enabled = true;
// Maximum size of the HTTP cache. 0 means to use the default size.
// Ignored if the cache is disabled.
int32 http_cache_max_size = 0;
// Points to the HTTP cache directory. Ignored if the cache is disabled.
// If null and the cache is enabled, an in-memory database is used.
mojo_base.mojom.FilePath? http_cache_path;
// The file to store cached server properties (Like HTTP2 and QUIC support).
// This information is used as a performance optimization in connection
// logic. If null, an in-memory cache will be used instead.
mojo_base.mojom.FilePath? http_server_properties_path;
// The directory in which to store cached transport security properties (like
// HSTS). The file itself will be called "TransportSecurity". If null, or the
// file can't be opened, an in-memory store will be used instead.
mojo_base.mojom.FilePath? transport_security_persister_path;
// Enabled protocols. Note that these apply to all fetches, including those
// used to fetch PAC scripts. Note that currently data URLs are always enabled
// and file URLs are always disabled.
// True if ftp URLs should be supported.
// Must be false if built without FTP support.
bool enable_ftp_url_support = false;
// Whether or not to check the Android platform's cleartext policy for
// requests. Under some conditions, Android may advise us to block cleartext
// traffic.
[EnableIf=is_android]
bool check_clear_text_permitted = false;
// Enables HTTP/0.9 on ports other than 80 for HTTP and 443 for HTTPS.
bool http_09_on_non_default_ports_enabled = false;
// If true, idle sockets won't be closed when memory pressure happens.
bool disable_idle_sockets_close_on_memory_pressure = false;
// Whether authentication APIs that support fallback to the default account
// on the system can be used without specifying an account.
DefaultCredentials allow_default_credentials =
DefaultCredentials.ALLOW_DEFAULT_CREDENTIALS;
// SSL configuration. |initial_proxy_config| is the initial SSL configuration
// to use. If nullptr, uses the default configuration. Updated SSL
// configurations can be passed in via |ssl_config_client_request|.
SSLConfig? initial_ssl_config;
SSLConfigClient&? ssl_config_client_request;
// Proxy configuration. If |initial_proxy_config| is set, it's the initial
// proxy configuration. Updated proxy configuration can be passed in via
// |proxy_config_client_request|. If |initial_proxy_config| is not set,
// proxy lookups will be deferred until a configuration is received via
// |proxy_config_client_request|.
//
// If both are null, the NetworkContext will not use a proxy.
ProxyConfigWithAnnotation? initial_proxy_config;
ProxyConfigClient&? proxy_config_client_request;
// If |custom_proxy_config_client_receiver| is set, this context will listen
// for updates to the custom proxy config, and use it if applicable for
// requests which would otherwise be made direct.
// |initial_custom_proxy_config| is the initial config settings.
CustomProxyConfig? initial_custom_proxy_config;
pending_receiver<CustomProxyConfigClient>?
custom_proxy_config_client_receiver;
// If |proxy_config_client_request| is non-null, this is called during
// periods of network activity, and can be used as a signal for polling-based
// logic to determine the proxy config.
//
// TODO(mmenke): Can the consumer piggy back on other network events through
// other channels (navigation, issuing requests, etc)? Or can
// ProxyConfigServices be modified not to need this notification?
ProxyConfigPollerClient? proxy_config_poller_client;
// Optional client that will be notified of errors related to the proxy
// settings.
ProxyErrorClient? proxy_error_client;
// When PAC quick checking is enabled, DNS lookups for PAC script's host are
// timed out aggressively. This prevents hanging all network request on DNS
// lookups that are slow or are blockholed, at the cost of making it more
// likely that the network service erroneously fails to fetch a PAC file.
bool pac_quick_check_enabled = true;
// Enables reporting certain SSL errors, such as HTTP Public Key Pinning, to
// servers, so they can discover misconfigurations.
bool enable_certificate_reporting = false;
// True if the "Certificate Transparency in Chrome" policy (see
// https://github.com/chromium/ct-policy/blob/master/ct_policy.md) should
// be enforced for certificates and connections.
//
// See //net/docs/certificate-transparency.md before setting this flag to
// true.
[EnableIf=is_ct_supported]
bool enforce_chrome_ct_policy = false;
// Enables Expect CT reporting, which sends reports for opted-in sites that
// don't serve sufficient Certificate Transparency information.
[EnableIf=is_ct_supported]
bool enable_expect_ct_reporting = false;
// The Certificate Transparency logs that are known to the client. SCTs from
// these logs will be extracted and verified; other SCTs will be treated as
// unrecognized.
[EnableIf=is_ct_supported]
array<CTLogInfo> ct_logs;
// When the Certificate Transparency logs in |ct_logs| were last updated. If
// |enforce_chrome_ct_policy| is set, and |ct_log_update_time| is not
// sufficiently recent, enforcement of the "Certificate Transparency in
// Chrome" policy will be disabled.
[EnableIf=is_ct_supported]
mojo_base.mojom.Time ct_log_update_time;
// Specifies the path to the directory where NSS will store its database.
[EnableIf=is_chromeos]
mojo_base.mojom.FilePath? nss_path;
// This is used in combination with nss_path, to ensure that the NSS database
// isn't opened multiple times for NetworkContexts in the same profie.
[EnableIf=is_chromeos]
string username_hash;
// Initial additional certificates that will be used for certificate
// validation.
[EnableIf=is_chromeos]
AdditionalCertificates? initial_additional_certificates;
// If true, the built-in cert verifier will be used. If false, the platform
// cert verifier will be used.
[EnableIf=is_chromeos]
bool use_builtin_cert_verifier = false;
// Parameters for the cert verifier comparison trial. This is a temporary
// interface and embedders should not use it.
// See https://crbug.com/649026
[EnableIf=is_trial_comparison_cert_verifier_supported]
TrialComparisonCertVerifierParams? trial_comparison_cert_verifier_params;
// Parameters for constructing the cookie manager.
CookieManagerParams? cookie_manager_params;
// Whether to enable Domain Reliability.
bool enable_domain_reliability = false;
// The uploader reporter name to use for Domain Reliability uploads.
string domain_reliability_upload_reporter;
// Whether to discard Domain Reliability uploads.
bool discard_domain_reliablity_uploads = false;
// When reporting is enabled, this sets the delay between sending reports.
// When omitted a default value is used.
mojo_base.mojom.TimeDelta? reporting_delivery_interval;
// Whether to bypass the ordinary permission checks for sending reports,
// rather than calling NetworkContextClient.OnCanSendReportingReports() to
// decide. This should only be used by tests.
bool skip_reporting_send_permission_check = false;
// Sets whether the NetworkContext should be used for globally scoped tasks
// that need to make network requests. Currently this includes DNS over HTTPS
// requests and certain cert validation requests (OCSP, AIA, etc) on some
// platforms. May only be set to true the first NetworkContext created using
// the NetworkService. Destroying a NetworkContext created with this set to
// true will destroy all other NetworkContexts.
//
// A failure to mark a NetworkContext as being used by certificate
// verification may result in incorrect certificate validation behaviors,
// such as the inability to verify EV certificates, to build paths when
// intermediates are missing, and to enforce revocation checking when it was
// requested via policy.
//
// TODO(mmenke): Once NSS is not used on any platform for certificate
// verification, we should consider using each URLRequestContext to do its own
// validation.
bool primary_network_context = false;
// Specifies the initial set of allowed and blocked origins for the
// URLLoaderFactory consumers to access beyond the same-origin-policy.
array<CorsOriginAccessPatterns> cors_origin_access_list;
// Specifies header keys that are allowed to be used in
// network::url_request.cors_exempt_headers.
array<string> cors_exempt_header_list;
// List of single-label hostnames that are exempted from the HSTS upgrade
// policy.
array<string> hsts_policy_bypass_list;
};
struct NetworkConditions {
// If set, the offline state is simulated and other fields are ignored.
bool offline;
// Channel round-trip latency, i.e. minimum time between request sent and
// response received.
mojo_base.mojom.TimeDelta latency;
// Maximal aggregated download throughput (bytes/sec). 0 disables download
// throttling.
double download_throughput;
// Maximal aggregated upload throughput (bytes/sec). 0 disables upload
// throttling.
double upload_throughput;
};
// Used in some clearing methods of URL-keyed data to specify the resources to
// keep/delete.
struct ClearDataFilter {
enum Type {DELETE_MATCHES, KEEP_MATCHES};
Type type;
// A list of registrable domains (e.g. google.com), internal hostnames
// (e.g. localhost), or IP addresses (e.g. 127.0.0.1). Other domains, such as
// third and lower level domains (e.g. www.google.com) are not accepted.
// Formally, it must hold that GetDomainAndRegistry(|domain|, _) is |domain|
// itself or an empty string.
array<string> domains;
// List of URL origins.
array<url.mojom.Origin> origins;
};
// Represents the accumulated network usage for a consumer.
struct NetworkUsage {
// |process_id| is 0 for the browser process, otherwise it's the child process
// ID.
uint32 process_id;
// The ID of the IPC route for the consumer, which identifies the RenderFrame
// or like-thing.
uint32 routing_id;
// Raw bytes received from the network since the start/restart of the service.
int64 total_bytes_received;
// Raw bytes sent to the network since the start/restart of the service.
int64 total_bytes_sent;
};
// Represents a signed exchange report.
// Spec: https://wicg.github.io/webpackage/loading.html#queue-report
struct SignedExchangeReport {
bool success;
string type;
url.mojom.Url outer_url;
url.mojom.Url inner_url;
url.mojom.Url cert_url;
string referrer;
IPAddress server_ip_address;
string protocol;
string method;
int32 status_code;
mojo_base.mojom.TimeDelta elapsed_time;
};
const uint32 kBrowserProcessId = 0;
const uint32 kInvalidProcessId = 0xffffffff;
// https://mikewest.github.io/corpp/#integration-html
enum CrossOriginEmbedderPolicy {
kNone,
kRequireCorp,
};
struct URLLoaderFactoryParams {
// Process requesting the URLLoaderFactory.
// Set to kBrowserProcessId to indicate the browser process.
uint32 process_id = kInvalidProcessId;
// If specified, then |request_initiator_site_lock| locks
// |ResourceRequest::request_initiator| to the specified origin.
// TODO(lukasza): https://crbug.com/891872: Make this non-optional.
// TODO(lukasza, nasko): https://crbug.com/888079: Make this an *origin* lock
// (rather than just a site lock).
url.mojom.Origin? request_initiator_site_lock;
// Cross-origin read blocking (CORB) configuration.
bool is_corb_enabled = true;
// True if web related security (e.g., CORS) should be disabled. This is
// mainly used by people testing their sites, via a command line switch.
bool disable_web_security = false;
// https://mikewest.github.io/corpp/#integration-html
// https://mikewest.github.io/corpp/#initialize-embedder-policy-for-global
CrossOriginEmbedderPolicy cross_origin_embedder_policy =
CrossOriginEmbedderPolicy.kNone;
// If this is set, requests with the kURLLoadOptionUseHeaderClient option will
// callback to the |header_client|, allowing the Cookie/Referrer request
// headers and Cookie response headers to be modified. This has a performance
// impact because of the extra process hops, so use should be minimized.
pending_remote<TrustedURLLoaderHeaderClient>? header_client;
// If non-empty array is given, |factory_bound_allow_patterns| is used for
// CORS checks in addition to the per-context allow patterns that is managed
// via NetworkContext interface. This still respects the per-context block
// lists. To use this feature, caller should set |request_initiator_site_lock|
// in order to bind the allow patterns to the factory specific initiator
// origin.
array<CorsOriginPattern> factory_bound_allow_patterns;
// Key used to isolate shared network resources like the cache.
NetworkIsolationKey? network_isolation_key;
// True if this is for exclusive use by a trusted consumer. Only trusted
// consumers can issue requests with ResourceRequest::trusted_params
// populated.
bool is_trusted;
};
// The |credentials| output parameter is given to URLRequest::SetAuth()
// through this mojo interface. It is not set when URLRequest::CancelAuth()
// needs to be called.
interface AuthChallengeResponder {
OnAuthCredentials(AuthCredentials? credentials);
};
// This interface enables the UI to send client certificate selections back to
// the network service.
//
// Defining an interface for this purpose, rather than using a union in the
// response of OnCertificateRequested, enables the NetworkServiceClient to learn
// of the URLLoader destruction via the connection error handler.
interface ClientCertificateResponder {
// Use the selected certificate and continue the URLRequest.
//
// - |provider_name| corresponds to the return value of
// net::SSLPrivateKey::GetProviderName().
// - |algorithm_preferences| corresponds to the return value of
// net::SSLPrivateKey::GetAlgorithmPreferences().
ContinueWithCertificate(network.mojom.X509Certificate x509_certificate,
string provider_name,
array<uint16> algorithm_preferences,
pending_remote<SSLPrivateKey> ssl_private_key);
// Affirmatively select no certificate (this is cached and can affect future
// URLRequests). Does not cancel the URLRequest.
//
// The connection is continued with no client cert.
// net::URLRequest::ContinueWithCertificate(nullptr, nullptr) needs to be
// called.
ContinueWithoutCertificate();
// Cancel the URLRequest. The request is aborted.
// net::URLRequest::CancelWithError() needs to be called.
CancelRequest();
};
// The content/browser implementation of this SSLPrivateKey interface wraps the
// scoped_refptr<net::SSLPrivateKey> that is received from
// SSLClientAuthDelegate::ContinueWithCertificate(), and this mojo interface is
// sent from content/browser to services/network so that services/network can
// have its own net::SSLPrivateKey implementation that internally uses this mojo
// interface.
// The |algorithm| and |input| parameters correspond to the |algorithm| and
// |input| parameters in net::SSLPrivateKey::Sign().
// The |net_error| and |signature| parameters correspond to the parameters in
// net::SSLPrivateKey::SignCallback.
interface SSLPrivateKey {
Sign(uint16 algorithm,
array<uint8> input) => (int32 net_error, array<uint8> signature);
};
// Callback interface for NetworkContext when routing identifiers aren't
// available. Otherwise generally callbacks from the network service go on
// NetworkServiceClient.
interface NetworkContextClient {
// Called when we receive an authentication failure.
// The |auth_challenge_responder| will respond to auth challenge with
// credentials. |head| can provide response headers for the response
// which has elicited this auth request, if applicable.
//
// |window_id| or else |process_id| and |routing_id| indicates
// the frame making the request, see
// network::ResourceRequest::fetch_window_id.
OnAuthRequired(
mojo_base.mojom.UnguessableToken? window_id,
uint32 process_id,
uint32 routing_id,
uint32 request_id,
url.mojom.Url url,
bool first_auth_attempt,
AuthChallengeInfo auth_info,
URLResponseHead? head,
pending_remote<AuthChallengeResponder> auth_challenge_responder);
// Called when an SSL certificate requested message is received for client
// authentication.
//
// Rather than using one response for multiple purposes, the caller expects
// exactly one response (or disconnect) to be sent back via |cert_responder|.
//
// |window_id| or else |process_id| and |routing_id| indicates the frame
// making the request, see network::ResourceRequest::fetch_window_id.
OnCertificateRequested(
mojo_base.mojom.UnguessableToken? window_id,
uint32 process_id,
uint32 routing_id,
uint32 request_id,
network.mojom.SSLCertRequestInfo cert_info,
pending_remote<ClientCertificateResponder> cert_responder);
// Called when an SSL certificate is encountered.
// The callback argument is a net::ERROR value. If it's net::OK, then the
// request is resumed. Otherwise it's cancelled with the given error.
OnSSLCertificateError(uint32 process_id,
uint32 routing_id,
url.mojom.Url url,
int32 net_error,
SSLInfo ssl_info,
bool fatal) => (int32 net_error);
// Called when file uploading was requested.
// If the process that requested the uploads has permission to read all of
// the files referenced by |file_paths|, the callback arguments will be
// net::OK, along with an array of open file handles. The array will contain
// exactly one handle for each path in |file_paths|, in the same order.
// If any files referenced by |file_paths| cannot be read, a net::ERROR will
// be returned, and |files| will be an empty list. If the |async| parameter
// is true, the files will be opened with FLAG_ASYNC.
OnFileUploadRequested(uint32 process_id,
bool async,
array<mojo_base.mojom.FilePath> file_paths) =>
(int32 net_error, array<mojo_base.mojom.File> files);
// Checks if network error reports could be sent for the given origins.
// Replies with the origins that are allowed.
OnCanSendReportingReports(array<url.mojom.Origin> origins) =>
(array<url.mojom.Origin> origins);
// Checks if a Domain Reliability report can be uploaded for the given origin.
OnCanSendDomainReliabilityUpload(url.mojom.Url origin) => (bool allowed);
// Called when the Clear-Site-Data header has been received. The callback
// should be run after the data is deleted.
// https://www.w3.org/TR/clear-site-data/
// TODO(crbug.com/876931): We might want to move header parsing work to
// Network Service for security concerns (e.g. |header_value| => booleans).
OnClearSiteData(uint32 process_id,
int32 routing_id,
url.mojom.Url url,
string header_value,
int32 load_flags) => ();
// Called when an attempt has been made to set cookies |cookie_list|, with the
// status field indicating whether the cookies as set, or blocked, and for
// what reason. Currently blocked cookies are included if they are blocked by
// user preference, or if they warrant a console deprecation warning.
//
// If the set attempt is due to a network transfer, |url| is the URL being
// loaded; if it's set by a script it's the URL of window or service worker
// script making the change.
//
// |is_service_worker| is true if the cookie is directly set by a service
// worker action via cookie store API; this doesn't include those
// set as a side effect of passed through fetches. In that case, there is
// no frame associated with the action, so it should be attributed by |url|.
//
// If |is_service_worker| is false, |process_id| and |routing_id| identify
// the relevant frame.
OnCookiesChanged(
bool is_service_worker, int32 process_id, int32 routing_id,
url.mojom.Url url, url.mojom.Url site_for_cookies,
array<CookieWithStatus> cookie_list);
// Called when an attempt has been made to read the cookies in |cookie_list|,
// with the status indicating whether the cookies were actually used or
// blocked, and if so, gives the reason. Currently blocked cookies are
// included if they are blocked by user preference, or if they warrant a
// console deprecation warning.
//
// If the cookies are accessed by a network transfer, |url| is the URL being
// loaded; if they're read by a script, it's the URL of window or service
// worker script looking them up.
//
// |is_service_worker| is true if the cookie is directly read by a service
// worker action via cookie store API; this doesn't include those
// read as a side effect of passed through fetches. In that case, there is
// no frame associated with the action, so it should be attributed by |url|.
//
// If |is_service_worker| is false, |process_id| and |routing_id| identify
// the relevant frame.
OnCookiesRead(
bool is_service_worker, int32 process_id, int32 routing_id,
url.mojom.Url url, url.mojom.Url site_for_cookies,
array<CookieWithStatus> cookie_list);
// Called to generate an auth token for SPNEGO authentication on Android.
[EnableIf=is_android]
OnGenerateHttpNegotiateAuthToken(string server_auth_token, bool can_delegate,
string auth_negotiate_android_account_type,
string spn) =>
(int32 result, string auth_token);
// Notification that a trust anchor was used for the given user.
[EnableIf=is_chromeos]
OnTrustAnchorUsed();
};
// Represents a distinct context for making network requests, with its own
// storage (e.g. cookies and cache).
interface NetworkContext {
// Sets a client for this network context.
SetClient(pending_remote<NetworkContextClient> client);
// Creates a new URLLoaderFactory with the given |params|.
CreateURLLoaderFactory(URLLoaderFactory& url_loader_factory,
URLLoaderFactoryParams params);
// Destroys all URLLoaderFactory bindings, which should then be regenerated.
// This should be called if there is a change to the proxies which should be
// used on URLLoaders.
ResetURLLoaderFactories();
// Gets the CookieManager associated with this network context.
//
// The CookieManager must only be passed to trusted processes. Whenever
// possible, a RestrictedCookieManager should be handed out instead.
GetCookieManager(pending_receiver<CookieManager> cookie_manager);
// Gets a RestrictedCookieManager scoped to a given origin, and applying
// settings configured on the CookieManager associated with this domain.
//
// If role == SCRIPT, this interface can be safely handed out to a process
// that is known to represent the given origin, such as a renderer process.
//
// |is_service_worker|, |process_id| and |routing_id| will be passed to
// NetworkContextClient::OnCookieChange and OnCookiesRead.
GetRestrictedCookieManager(
pending_receiver<RestrictedCookieManager> restricted_cookie_manager,
RestrictedCookieManagerRole role,
url.mojom.Origin origin,
bool is_service_worker,
int32 process_id, int32 routing_id);
// Clears network objects with implicit URL history information. Data related
// to events that happened prior to |start_time| may be retained. Only applies
// to network objects without more specific methods (Cookies,
// and the cache have, or will have, their own clearing APIs). This currently
// only covers server properties and transport security state.
//
// The callback will be invoked once the data has been deleted.
ClearNetworkingHistorySince(mojo_base.mojom.Time start_time) => ();
// Clears content from the HTTP cache. A specific range of time can be
// specified with |start_time| and |end_time|. This supports unbounded deletes
// in either direction by using null Time values for either argument.
// If a non-null |filter| is specified, will clear only entries matching the
// filter.
ClearHttpCache(mojo_base.mojom.Time start_time,
mojo_base.mojom.Time end_time,
ClearDataFilter? filter) => ();
// Computes the size of cache objects last accessed between |start_time| and
// |end_time|.
//
// If you don't want a lower bound, pass base::Time() for |start_time|.
// If you don't want an upper bound, pass base::Time::Max()
//
// |upper_bound| will be returned as true if the implementation had to
// overestimate; this may be as bad as giving the size of the entire cache.
//
// |size_or_error|, if non-negative, is the result in bytes; and a net error
// code if negative.
ComputeHttpCacheSize(mojo_base.mojom.Time start_time,
mojo_base.mojom.Time end_time)
=> (bool is_upper_bound, int64 size_or_error);
// Notifies the HttpCache of a renderer-level cache hit with |url|
// and |http_method|, with the top-level frame of the containing page
// being on origin |top_frame_origin|.
//
// This is being proxied by the browser because the renderer is unable to
// directly interact with NetworkContext.
NotifyExternalCacheHit(url.mojom.Url url, string http_method,
NetworkIsolationKey key);
// Clears the host cache. This will affect all NetworkContexts that share the
// same HostResolved as the NetworkContext this is called on.
//
// If a non-null |filter| is specified, will clear only entries for domains
// matching the filter. Filtering by origins is not supported. If |filter| is
// non-null, |filter.origins| must be empty.
ClearHostCache(ClearDataFilter? filter) => ();
// Clears all entries from the HTTP Auth cache that were added since
// |start_time|. Supports unbounded delete using null Time value.
ClearHttpAuthCache(mojo_base.mojom.Time start_time) => ();
// Clears all report entries from the reporting cache. Should not be called if
// the ENABLE_REPORTING build flag is false.
//
// If a non-null |filter| is specified, will clear only entries matching the
// filter.
ClearReportingCacheReports(ClearDataFilter? filter) => ();
// Clears all client entries from the reporting cache. Should not be called if
// the ENABLE_REPORTING build flag is false.
//
// If a non-null |filter| is specified, will clear only entries matching the
// filter.
ClearReportingCacheClients(ClearDataFilter? filter) => ();
// Clears policy entries from the NetworkErrorLoggingService. Should not be
// called if the ENABLE_REPORTING build flag is false.
//
// If a non-null |filter| is specified, will clear only entries matching the
// filter.
ClearNetworkErrorLogging(ClearDataFilter? filter) => ();
// Mirror of domain_reliability::DomainReliabilityClearMode.
enum DomainReliabilityClearMode {CLEAR_CONTEXTS, CLEAR_BEACONS};
// Clears Domain Reliability entries, specified by |mode|.
ClearDomainReliability(ClearDataFilter? filter,
DomainReliabilityClearMode mode) => ();
// Returns a JSON value containing data for displaying on a debugging page.
GetDomainReliabilityJSON() => (mojo_base.mojom.Value data);
// Queues a report via the Reporting API. |type| describes the type of report
// (as well as what data will contained in |body|). |group| specifies the
// endpoint group that the report will be delivered to. |url| indicates the
// URL of the resource that the report describes; |user_agent| may be
// provided, or will be automatically generated if omitted; |body| holds the
// contents of the report.
//
// Note that this queued report will never be delivered if no reporting
// endpoint is registered for this |url|.
//
// Spec: https://w3c.github.io/reporting/#concept-reports
QueueReport(string type,
string group,
url.mojom.Url url,
string? user_agent,
mojo_base.mojom.DictionaryValue body);
// Queues a signed exchange report.
QueueSignedExchangeReport(SignedExchangeReport report);
// Closes all open connections within this context.
CloseAllConnections() => ();
// Close all idle connections for the HTTP network session used by
// this context.
CloseIdleConnections() => ();
// Configures network conditions for the specified throttling profile.
// The throttling will be applied only to requests that have matching
// throttling_profile_id.
// Passing null NetworkConditions disables the throttling.
SetNetworkConditions(mojo_base.mojom.UnguessableToken throttling_profile_id,
NetworkConditions? conditions);
// Updates the Accept-Language header to be used for requests.
SetAcceptLanguage(string new_accept_language);
// If false, the referrer of requests is never populated.
SetEnableReferrers(bool enable_referrers);
// Updates the additional trust anchors for certificate verification.
[EnableIf=is_chromeos]
UpdateAdditionalCertificates(AdditionalCertificates? additional_certificates);
// Updates the CT policy to be used for requests. Only applies if the
// NetworkContextParams set enforce_chrome_ct_policy to true.
// TODO(rsleevi): Remove this once Chrome-specific policies are moved out
// of the network service.
[EnableIf=is_ct_supported]
SetCTPolicy(array<string> required_hosts,
array<string> excluded_hosts,
array<string> excluded_spkis,
array<string> excluded_legacy_spkis);
// Adds explicitly-specified data as if it was processed from an Expect-CT
// header.
[EnableIf=is_ct_supported]
AddExpectCT(string host, mojo_base.mojom.Time expiry,
bool enforce, url.mojom.Url report_uri) => (bool success);
// Send a test CT report with dummy data for test purposes.
[EnableIf=is_ct_supported]
SetExpectCTTestReport(url.mojom.Url report_uri) => (bool success);
// Retrieves the expect CT state from the associated network context
// transport security state.
[EnableIf=is_ct_supported]
GetExpectCTState(string domain) => (mojo_base.mojom.DictionaryValue state);
// Creates a UDP socket. Caller can supply a |listener| interface pointer
// to listen for incoming datagrams. A null |listener| is acceptable if caller
// is not interested in incoming data.
// Any sockets that are created but are yet to be destroyed will be destroyed
// when NetworkContext goes away.
CreateUDPSocket(UDPSocket& request, UDPSocketListener? listener);
// Creates a TCP server socket that listens on |local_addr|. The socket
// created can only be used for the purpose specified in |traffic_annotation|,
// and cannot be re-used for other purposes. Caller must specify an address
// family in |local_addr| to be either IPv4 or IPv6. If port in |local_addr|
// is 0, the OS will pick an available port. If address bytes are 0, the OS
// will pick a local address of the specified address family. |backlog| will
// be passed to the OS to set the size of accept queue.
// On success, the resulting local address will be written to |local_addr_out|
// and |result| is net::OK. On failure, |result| is a network error code.
//
// Any sockets that are created but are yet to be destroyed will be destroyed
// when NetworkContext goes away.
CreateTCPServerSocket(IPEndPoint local_addr,
uint32 backlog,
MutableNetworkTrafficAnnotationTag traffic_annotation,
TCPServerSocket& socket)
=> (int32 result, IPEndPoint? local_addr_out);
// Creates a TCP socket connected to |remote_addr|. |observer| if non-null
// will be used to listen for any network connection error on the newly
// established connection. The socket created can only be used for the purpose
// specified in |traffic_annotation|, and cannot be re-used for other
// purposes. |local_addr| should be set to null unless the caller wants to
// bind the socket to a specific address and port. On success, |result| is
// net::OK. Caller is to use |send_stream| to send data and |receive_stream|
// to receive data over the connection. On failure, |result| is a network
// error code.
//
// If the client closes |socket| before this completes, the callback will be
// invoked with net::ERR_ABORTED.
//
// Any sockets that are created but are yet to be destroyed will be destroyed
// when NetworkContext goes away.
CreateTCPConnectedSocket(
IPEndPoint? local_addr,
AddressList remote_addr_list,
TCPConnectedSocketOptions? tcp_connected_socket_options,
MutableNetworkTrafficAnnotationTag traffic_annotation,
TCPConnectedSocket& socket,
SocketObserver? observer)
=> (int32 result,
IPEndPoint? local_addr,
IPEndPoint? peer_addr,
handle<data_pipe_consumer>? receive_stream,
handle<data_pipe_producer>? send_stream);
// Creates a TCPSocket bound to |local_addr|. The socket created can only be
// used for the purpose specified in |traffic_annotation|, and cannot be
// re-used for other purposes. |local_addr| is treated the same as in
// CreateTCPServerSocket().
//
// On success, the resulting local address will be written to |local_addr_out|
// and |result| is net::OK. On failure, |result| is a network error code.
//
// It's recommended consumers use CreateTCPServerSocket() or
// CreateTCPConnectedSocket(). This method is just provided so legacy
// consumers can mimic Berkeley sockets semantics.
CreateTCPBoundSocket(IPEndPoint local_addr,
MutableNetworkTrafficAnnotationTag traffic_annotation,
TCPBoundSocket& socket)
=> (int32 result, IPEndPoint? local_addr);
// Creates a ProxyResolvingSocketFactory that shares some configuration params
// with this NetworkContext, but uses separate socket pools.
//
// Any sockets that are created but are yet to be destroyed will be destroyed
// when NetworkContext goes away.
CreateProxyResolvingSocketFactory(ProxyResolvingSocketFactory& factory);
// Looks up what proxy to use for a particular URL.
LookUpProxyForURL(url.mojom.Url url,
ProxyLookupClient proxy_lookup_client);
// Forces refetching the proxy configuration, and applying it.
ForceReloadProxyConfig() => ();
// Clears the list of bad proxy servers that has been cached.
ClearBadProxiesCache() => ();
// Creates a WebSocket connection to |url|. |requested_protocols| is a
// list of tokens identifying sub-protocols the renderer would like to use,
// as described in RFC6455 "Subprotocols Using the WebSocket Protocol".
// |additional_headers| are miscellaneous HTTP headers to be added to the
// request. Headers semantically relevant to the WebSocket handshake such
// as "sec-websocket-protocol" and "origin" are handled separately, (e.g.,
// "sec-websocket-protocol" is constructed from |requested_protocols| in
// this message). |site_for_cookies| represents the first-party origin for
// the request. |options| may be a combination of the kWebSocketOption* flags.
//
// If |header_client| is set, requests with the kURLLoadOptionUseHeaderClient
// option will callback to the |header_client|, allowing the Cookie/Referrer
// request headers and Cookie response headers to be modified. This has a
// performance impact because of the extra process hops, so use should be
// minimized.
//
// Detect mojo connection errors on |handshake_client| until the connection
// is established.
// Do *NOT* interpret mojo connection errors on |auth_handler| and
// |header_client| as WebSocket connection errors. They are disconnected when
// the connection is established, and due to message ordering uncertainty we
// cannot know what happened.
CreateWebSocket(
url.mojom.Url url,
array<string> requested_protocols,
url.mojom.Url site_for_cookies,
array<HttpHeader> additional_headers,
int32 process_id,
int32 render_frame_id,
url.mojom.Origin origin,
uint32 options,
pending_remote<WebSocketHandshakeClient> handshake_client,
pending_remote<AuthenticationHandler>? auth_handler,
pending_remote<TrustedHeaderClient>? header_client);
// Create a NetLogExporter, which helps export NetLog to an existing file.
// Note that the log is generally global, including all NetworkContexts
// managed by the same NetworkService. The particular NetworkContext this is
// called on will determine which NetworkContext gets its information and
// configuration summary written out at the end of the log.
CreateNetLogExporter(NetLogExporter& exporter);
// Tries to preconnect to |url|. |num_streams| may be used to request more
// than one connection be established in parallel.
// |allow_credentials| is true if the connection is to be pooled with
// credentialed requests and false otherwise.
// |network_isolation_key| specifies the NetworkIsolationKey to associate
// with the preconnected sockets. The sockets will only be used for requests
// associated with the same key.
PreconnectSockets(uint32 num_streams,
url.mojom.Url url,
bool allow_credentials,
NetworkIsolationKey network_isolation_key);
// Creates a P2PSocketManager instance, used for WebRTC.
CreateP2PSocketManager(P2PTrustedSocketManagerClient client,
P2PTrustedSocketManager& trusted_socket_manager,
P2PSocketManager& socket_manager);
// Creates an MdnsResponder instance.
CreateMdnsResponder(MdnsResponder& responder_request);
// Resolves the given hostname (or IP address literal). See documentation at
// HostResolver::ResolveHost.
//
// All outstanding requests are cancelled if the NetworkContext is destroyed.
// Such requests will receive ERR_FAILED via |response_client|.
ResolveHost(HostPortPair host,
ResolveHostParameters? optional_parameters,
ResolveHostClient response_client);
// Creates a HostResolver interface that can be passed to code/processes
// without direct access to NetworkContext to make ResolveHost requests.
//
// If set, |config_overrides| will override configuration read from the system
// DNS configuration when resolution is performed using the built-in resolver
// (which can be forced using ResolveHostParameters::source = Source.DNS).
//
// If this NetworkContext is destroyed, all outstanding requests from child
// HostResolvers will be cancelled. Such requests will receive ERR_FAILED via
// |response_client|.
//
// TODO(crbug.com/821021): If necessary as usage and functionality is added to
// the contained ResolveHost method, consider adding the ability for this to
// be a restricted resolver with some functionality disabled (eg maybe MDNS).
CreateHostResolver(DnsConfigOverrides? config_overrides,
HostResolver& host_resolver);
// Checks the given certificate against the CertVerifier and CTVerifier. This
// implementation is currently specific for use by Signed Exchange.
VerifyCertForSignedExchange(X509Certificate certificate,
url.mojom.Url url,
string ocsp_response,
string sct_list) => (int32 error_code,
CertVerifyResult cv_result,
CTVerifyResult ct_result);
// Adds explicitly-specified data as if it was processed from an
// HSTS header. Used by tests and implementation of chrome://net-internals.
AddHSTS(string host, mojo_base.mojom.Time expiry,
bool include_subdomains) => ();
// Returns true if it is known that |host| has requested to always be
// accessed via HTTPS.
IsHSTSActiveForHost(string host) => (bool result);
// Retrieve values from the HSTS state from the associated contexts
// transport security state.
GetHSTSState(string domain) => (mojo_base.mojom.DictionaryValue state);
// Sets allowed and blocked origins respectively for the URLLoaderFactory
// consumers to access beyond the same-origin policy. The list is managed per
// each |source_origin|, and each call will flash old set lists for the
// |source_origin|. The passed |patterns| will be set instead. If an empty
// array is given for |allow_patterns| and/or |block_patterns|, the
// |source_origin|'s origin list for each is set to empty respectively.
// TODO(crbug.com/936310): Eventually, we want to stop using per-context
// access lists, and use only per-factory access lists, or stop managing the
// list in the NetworkService completely.
SetCorsOriginAccessListsForOrigin(
url.mojom.Origin source_origin, array<CorsOriginPattern> allow_patterns,
array<CorsOriginPattern> block_patterns) => ();
// Deletes any dynamic data stored for |host| from the transport
// security state. Returns true iff an entry was deleted.
// See net::TransportSecurityState::DeleteDynamicDataForHost for more detail.
DeleteDynamicDataForHost(string host) => (bool result);
// Copies the contents of this NetworkContext's HttpAuthCache and returns a
// key that can be used by LoadHttpAuthCache to restore the contents.
// The data referenced by the returned key is not associated with this
// NetworkContext, and can be loaded by any NetworkContext.
// If there is no corresponding LoadHttpAuthCache call, the saved
// HttpAuthCache data will leak.
//
// TODO(crbug.com/914082): Return a scoped handle that can automatically free
// the cache when it goes out of scope.
SaveHttpAuthCache() => (mojo_base.mojom.UnguessableToken cache_key);
// Loads an HttpAuthCache previously saved by SaveHttpAuthCache, and
// copies its contents into this NetworkContext's HttpAuthCache.
LoadHttpAuthCache(mojo_base.mojom.UnguessableToken cache_key) => ();
// Adds an entry to the HttpAuthCache or FtpAuthCache (determined by whether
// the |challenger| field within |challenge| is an ftp:// URL). |challenge|
// may not necessarily contain a stateful challenge that requires a persistent
// connection, allowing the cache to be pre-populated.
AddAuthCacheEntry(AuthChallengeInfo challenge,
AuthCredentials credentials) => ();
// Looks up credentials in the HttpAuthCache using the origin and path from
// |url|. Only supports basic auth scheme.
LookupBasicAuthCredentials(url.mojom.Url url)
=> (AuthCredentials? credentials);
[Sync]
// Enables the checking of static PKP records.
EnableStaticKeyPinningForTesting() => ();
[Sync]
// Will force the transaction to fail with the given error code.
SetFailingHttpTransactionForTesting(int32 rv) => ();
[Sync]
// Verifies the given certificate using the context's CertVerifier.
VerifyCertificateForTesting(X509Certificate certificate,
string hostname,
string ocsp_response,
string sct_list) => (int32 error_code);
[Sync]
// Adds a Domain Reliability Context.
AddDomainReliabilityContextForTesting(
url.mojom.Url origin, url.mojom.Url upload_url) => ();
[Sync]
// Forces all pending Domain Reliability uploads to run now, even if their
// minimum delay has not yet passed.
ForceDomainReliabilityUploadsForTesting() => ();
// Gets the OriginPolicyManager associated with this network context.
GetOriginPolicyManager(OriginPolicyManager& origin_policy_manager);
};