| // Copyright 2018 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| module network.mojom; |
| |
| import "mojo/public/mojom/base/big_buffer.mojom"; |
| import "mojo/public/mojom/base/file.mojom"; |
| import "mojo/public/mojom/base/file_path.mojom"; |
| import "mojo/public/mojom/base/time.mojom"; |
| import "mojo/public/mojom/base/unguessable_token.mojom"; |
| import "mojo/public/mojom/base/values.mojom"; |
| import "services/network/public/mojom/address_list.mojom"; |
| import "services/network/public/mojom/cookie_manager.mojom"; |
| import "services/network/public/mojom/default_credentials.mojom"; |
| import "services/network/public/mojom/cors_origin_pattern.mojom"; |
| import "services/network/public/mojom/host_resolver.mojom"; |
| import "services/network/public/mojom/http_request_headers.mojom"; |
| import "services/network/public/mojom/ip_address.mojom"; |
| import "services/network/public/mojom/ip_endpoint.mojom"; |
| import "services/network/public/mojom/mdns_responder.mojom"; |
| import "services/network/public/mojom/mutable_network_traffic_annotation_tag.mojom"; |
| import "services/network/public/mojom/net_log.mojom"; |
| import "services/network/public/mojom/network_isolation_key.mojom"; |
| import "services/network/public/mojom/network_param.mojom"; |
| import "services/network/public/mojom/origin_policy_manager.mojom"; |
| import "services/network/public/mojom/p2p.mojom"; |
| import "services/network/public/mojom/p2p_trusted.mojom"; |
| import "services/network/public/mojom/proxy_config.mojom"; |
| import "services/network/public/mojom/proxy_config_with_annotation.mojom"; |
| import "services/network/public/mojom/proxy_lookup_client.mojom"; |
| import "services/network/public/mojom/proxy_resolving_socket.mojom"; |
| import "services/network/public/mojom/restricted_cookie_manager.mojom"; |
| import "services/network/public/mojom/ssl_config.mojom"; |
| import "services/network/public/mojom/tcp_socket.mojom"; |
| import "services/network/public/mojom/udp_socket.mojom"; |
| import "services/network/public/mojom/url_loader.mojom"; |
| import "services/network/public/mojom/url_loader_factory.mojom"; |
| import "services/network/public/mojom/url_response_head.mojom"; |
| import "services/network/public/mojom/websocket.mojom"; |
| import "services/proxy_resolver/public/mojom/proxy_resolver.mojom"; |
| import "url/mojom/origin.mojom"; |
| import "url/mojom/url.mojom"; |
| |
| [EnableIf=is_ct_supported] |
| import "services/network/public/mojom/ct_log_info.mojom"; |
| |
| [EnableIf=is_trial_comparison_cert_verifier_supported] |
| import "services/network/public/mojom/trial_comparison_cert_verifier.mojom"; |
| |
| const uint32 kWebSocketOptionNone = 0; |
| // Disallow the request from sending cookies. Disallow the response from writing |
| // cookies. |
| const uint32 kWebSocketOptionBlockAllCookies = 1; |
| // Similar to |kWebSocketOptionBlockAllCookies|, but only for third party |
| // cookies. |
| const uint32 kWebSocketOptionBlockThirdPartyCookies = 2; |
| |
| // Indicates that execution is blocking on the completion of the request. |
| // The browser can provide a CustomProxyConfig to a CustomProxyConfigClient |
| // running in the network service. The network service will use the given proxy |
| // configuration if a request matches the proxy rules and all the other |
| // criteria contained within it. This configuration allows the browser to |
| // direct the network service to set headers on requests to the given proxies |
| // before and/or after the caching layer. |
| struct CustomProxyConfig { |
| // The custom proxy rules to use. Note that ftp:// requests are not |
| // supported. |
| ProxyRules rules; |
| |
| // Whether the custom proxy config should override other sources of proxy |
| // configuration. If false, the custom config is ignored if a proxy is set in |
| // the operating system, for example. |
| bool should_override_existing_config = false; |
| |
| // Whether the custom proxy config should apply to requests using |
| // non-idempotent methods. Can be true if the proxy is known to handle this |
| // case properly. |
| bool allow_non_idempotent_methods = false; |
| |
| // Whether every HTTPS proxy in the custom proxy config can be assumed to |
| // also support QUIC. If this is true, the network service will try to |
| // establish an alternative QUIC stream to the proxy in parallel to the HTTPS |
| // stream in an attempt to use QUIC if possible. |
| bool assume_https_proxies_support_quic = false; |
| |
| // Whether the custom proxy config can be used on HTTP URLs whose fetching |
| // causes redirect cycles. If set to false, network service will try to |
| // bypass custom proxies on HTTP requests whose fetching causes redirect |
| // cycles. In such cases, the request will be fetched directly once the |
| // redirect cycle is detected. |
| // TODO(https://crbug.com/945892): Remove this boolean once Network |
| // Servicification is fully launched. |
| bool can_use_proxy_on_http_url_redirect_cycles = true; |
| |
| // The custom proxy can set these headers in this config which will be added |
| // to all requests using the proxy. This allows setting headers that may be |
| // privacy/security sensitive which we don't want to send to the renderer. |
| // Headers that require per-request logic can be added through the |
| // |custom_proxy_pre_cache_headers| and |custom_proxy_post_cache_headers| |
| // fields in ResourceRequest. |
| // |
| // Headers that will be set before the cache for http:// requests. If the |
| // request does not use a custom proxy, these headers will be removed before |
| // sending to the network. If a request already has one of these headers set, |
| // it may be overwritten if a custom proxy is used, or removed if a custom |
| // proxy is not used. |
| HttpRequestHeaders pre_cache_headers; |
| |
| // Headers that will be set after the cache for http:// requests that are |
| // issued through a custom proxy. Headers here will overwrite matching |
| // headers on the request if a custom proxy is used. |
| HttpRequestHeaders post_cache_headers; |
| |
| // For tunneled requests (https://, ws://, wss://), these headers are added |
| // to the CONNECT request. Headers here will overwrite matching headers on |
| // the CONNECT request if a custom proxy is used. |
| HttpRequestHeaders connect_tunnel_headers; |
| }; |
| |
| // Client to update the custom proxy config. |
| interface CustomProxyConfigClient { |
| OnCustomProxyConfigUpdated(CustomProxyConfig proxy_config); |
| |
| // Marks the custom proxies in |bad_proxies| as temporarily bad, so they are |
| // not layered onto the proxy resolution results for subsequent requests. |
| MarkProxiesAsBad(mojo_base.mojom.TimeDelta bypass_duration, |
| ProxyList bad_proxies) => (); |
| |
| // Clears the list of bad proxy servers that has been cached in the proxy |
| // resolution service. |
| ClearBadProxiesCache(); |
| }; |
| |
| [EnableIf=is_chromeos] |
| struct AdditionalCertificates { |
| // List of all additional certificates. |
| array<X509Certificate> all_certificates; |
| |
| // List of additional trust anchors. |
| array<X509Certificate> trust_anchors; |
| }; |
| |
| // Sent by TrustedURLLoaderHeaderClient to perform modifications for a request. |
| interface TrustedHeaderClient { |
| // Allows modifying request headers before the request is sent. |
| OnBeforeSendHeaders(HttpRequestHeaders headers) => |
| (int32 result, HttpRequestHeaders? headers); |
| |
| // Allows modifying response headers, including sensitive headers such as |
| // set-cookie. This should only be used from a trusted process. |
| OnHeadersReceived(string headers) => |
| (int32 result, |
| string? headers, |
| url.mojom.Url allowed_unsafe_redirect_url); |
| }; |
| |
| // Interface to allow modifying the full request and response headers. This |
| // interface exposes sensitive headers such as set-cookie, so should only be |
| // sent to trusted processes. |
| interface TrustedURLLoaderHeaderClient { |
| // When a new URLLoader is created, this will be called to pass a |
| // corresponding |header_client|. |
| OnLoaderCreated(int32 request_id, |
| pending_receiver<TrustedHeaderClient> header_client); |
| }; |
| |
| // Parameters for constructing a network context. |
| struct NetworkContextParams { |
| // Name used by memory tools to identify the context. |
| string? context_name; |
| |
| // The user agent string. |
| string user_agent; |
| |
| // String to send as the Accept-Language header. This can be changed later |
| // by calling SetAcceptLanguage on the NetworkContext. If empty, the header |
| // will not be added. |
| string accept_language; |
| |
| // Whether Brotli content-encoding should be enabled for HTTPS responses. |
| bool enable_brotli = true; |
| |
| // QUIC user agent. |
| string quic_user_agent_id; |
| |
| // If false, the referrer of requests is never populated. |
| bool enable_referrers = true; |
| |
| // If true, requests initiated with referrers that don't match their referrer |
| // policy will fail. |
| bool validate_referrer_policy_on_initial_request = true; |
| |
| // Handles PAC script execution. If not populated, will attempt to use |
| // platform implementation to execute PAC scripts, if available (Only |
| // available on Windows and Mac). |
| proxy_resolver.mojom.ProxyResolverFactory? proxy_resolver_factory; |
| |
| // Points to the cookie file. An in-memory cookie store is used if it's empty. |
| mojo_base.mojom.FilePath? cookie_path; |
| |
| // If true, cookies will be stored encrypted. |
| bool enable_encrypted_cookies = true; |
| |
| // If the cookie file is given, this controls whether previously written |
| // session cookies are restored. Otherwise it should be false. |
| bool restore_old_session_cookies = false; |
| |
| // If the cookie file is given, this controls whether to persist session |
| // cookies. Otherwise it should be false. |
| bool persist_session_cookies = false; |
| |
| // True if an HTTP cache should be used. |
| bool http_cache_enabled = true; |
| // Maximum size of the HTTP cache. 0 means to use the default size. |
| // Ignored if the cache is disabled. |
| int32 http_cache_max_size = 0; |
| // Points to the HTTP cache directory. Ignored if the cache is disabled. |
| // If null and the cache is enabled, an in-memory database is used. |
| mojo_base.mojom.FilePath? http_cache_path; |
| |
| // The file to store cached server properties (Like HTTP2 and QUIC support). |
| // This information is used as a performance optimization in connection |
| // logic. If null, an in-memory cache will be used instead. |
| mojo_base.mojom.FilePath? http_server_properties_path; |
| |
| // The directory in which to store cached transport security properties (like |
| // HSTS). The file itself will be called "TransportSecurity". If null, or the |
| // file can't be opened, an in-memory store will be used instead. |
| mojo_base.mojom.FilePath? transport_security_persister_path; |
| |
| // Enabled protocols. Note that these apply to all fetches, including those |
| // used to fetch PAC scripts. Note that currently data URLs are always enabled |
| // and file URLs are always disabled. |
| |
| // True if ftp URLs should be supported. |
| // Must be false if built without FTP support. |
| bool enable_ftp_url_support = false; |
| |
| // Whether or not to check the Android platform's cleartext policy for |
| // requests. Under some conditions, Android may advise us to block cleartext |
| // traffic. |
| [EnableIf=is_android] |
| bool check_clear_text_permitted = false; |
| |
| // Enables HTTP/0.9 on ports other than 80 for HTTP and 443 for HTTPS. |
| bool http_09_on_non_default_ports_enabled = false; |
| |
| // If true, idle sockets won't be closed when memory pressure happens. |
| bool disable_idle_sockets_close_on_memory_pressure = false; |
| |
| // Whether authentication APIs that support fallback to the default account |
| // on the system can be used without specifying an account. |
| DefaultCredentials allow_default_credentials = |
| DefaultCredentials.ALLOW_DEFAULT_CREDENTIALS; |
| |
| // SSL configuration. |initial_proxy_config| is the initial SSL configuration |
| // to use. If nullptr, uses the default configuration. Updated SSL |
| // configurations can be passed in via |ssl_config_client_request|. |
| SSLConfig? initial_ssl_config; |
| SSLConfigClient&? ssl_config_client_request; |
| |
| // Proxy configuration. If |initial_proxy_config| is set, it's the initial |
| // proxy configuration. Updated proxy configuration can be passed in via |
| // |proxy_config_client_request|. If |initial_proxy_config| is not set, |
| // proxy lookups will be deferred until a configuration is received via |
| // |proxy_config_client_request|. |
| // |
| // If both are null, the NetworkContext will not use a proxy. |
| ProxyConfigWithAnnotation? initial_proxy_config; |
| ProxyConfigClient&? proxy_config_client_request; |
| |
| // If |custom_proxy_config_client_receiver| is set, this context will listen |
| // for updates to the custom proxy config, and use it if applicable for |
| // requests which would otherwise be made direct. |
| // |initial_custom_proxy_config| is the initial config settings. |
| CustomProxyConfig? initial_custom_proxy_config; |
| pending_receiver<CustomProxyConfigClient>? |
| custom_proxy_config_client_receiver; |
| |
| // If |proxy_config_client_request| is non-null, this is called during |
| // periods of network activity, and can be used as a signal for polling-based |
| // logic to determine the proxy config. |
| // |
| // TODO(mmenke): Can the consumer piggy back on other network events through |
| // other channels (navigation, issuing requests, etc)? Or can |
| // ProxyConfigServices be modified not to need this notification? |
| ProxyConfigPollerClient? proxy_config_poller_client; |
| |
| // Optional client that will be notified of errors related to the proxy |
| // settings. |
| ProxyErrorClient? proxy_error_client; |
| |
| // When PAC quick checking is enabled, DNS lookups for PAC script's host are |
| // timed out aggressively. This prevents hanging all network request on DNS |
| // lookups that are slow or are blockholed, at the cost of making it more |
| // likely that the network service erroneously fails to fetch a PAC file. |
| bool pac_quick_check_enabled = true; |
| |
| // Enables reporting certain SSL errors, such as HTTP Public Key Pinning, to |
| // servers, so they can discover misconfigurations. |
| bool enable_certificate_reporting = false; |
| |
| // True if the "Certificate Transparency in Chrome" policy (see |
| // https://github.com/chromium/ct-policy/blob/master/ct_policy.md) should |
| // be enforced for certificates and connections. |
| // |
| // See //net/docs/certificate-transparency.md before setting this flag to |
| // true. |
| [EnableIf=is_ct_supported] |
| bool enforce_chrome_ct_policy = false; |
| |
| // Enables Expect CT reporting, which sends reports for opted-in sites that |
| // don't serve sufficient Certificate Transparency information. |
| [EnableIf=is_ct_supported] |
| bool enable_expect_ct_reporting = false; |
| |
| // The Certificate Transparency logs that are known to the client. SCTs from |
| // these logs will be extracted and verified; other SCTs will be treated as |
| // unrecognized. |
| [EnableIf=is_ct_supported] |
| array<CTLogInfo> ct_logs; |
| |
| // When the Certificate Transparency logs in |ct_logs| were last updated. If |
| // |enforce_chrome_ct_policy| is set, and |ct_log_update_time| is not |
| // sufficiently recent, enforcement of the "Certificate Transparency in |
| // Chrome" policy will be disabled. |
| [EnableIf=is_ct_supported] |
| mojo_base.mojom.Time ct_log_update_time; |
| |
| // Specifies the path to the directory where NSS will store its database. |
| [EnableIf=is_chromeos] |
| mojo_base.mojom.FilePath? nss_path; |
| |
| // This is used in combination with nss_path, to ensure that the NSS database |
| // isn't opened multiple times for NetworkContexts in the same profie. |
| [EnableIf=is_chromeos] |
| string username_hash; |
| |
| // Initial additional certificates that will be used for certificate |
| // validation. |
| [EnableIf=is_chromeos] |
| AdditionalCertificates? initial_additional_certificates; |
| |
| // If true, the built-in cert verifier will be used. If false, the platform |
| // cert verifier will be used. |
| [EnableIf=is_chromeos] |
| bool use_builtin_cert_verifier = false; |
| |
| // Parameters for the cert verifier comparison trial. This is a temporary |
| // interface and embedders should not use it. |
| // See https://crbug.com/649026 |
| [EnableIf=is_trial_comparison_cert_verifier_supported] |
| TrialComparisonCertVerifierParams? trial_comparison_cert_verifier_params; |
| |
| // Parameters for constructing the cookie manager. |
| CookieManagerParams? cookie_manager_params; |
| |
| // Whether to enable Domain Reliability. |
| bool enable_domain_reliability = false; |
| |
| // The uploader reporter name to use for Domain Reliability uploads. |
| string domain_reliability_upload_reporter; |
| |
| // Whether to discard Domain Reliability uploads. |
| bool discard_domain_reliablity_uploads = false; |
| |
| // When reporting is enabled, this sets the delay between sending reports. |
| // When omitted a default value is used. |
| mojo_base.mojom.TimeDelta? reporting_delivery_interval; |
| |
| // Whether to bypass the ordinary permission checks for sending reports, |
| // rather than calling NetworkContextClient.OnCanSendReportingReports() to |
| // decide. This should only be used by tests. |
| bool skip_reporting_send_permission_check = false; |
| |
| // Sets whether the NetworkContext should be used for globally scoped tasks |
| // that need to make network requests. Currently this includes DNS over HTTPS |
| // requests and certain cert validation requests (OCSP, AIA, etc) on some |
| // platforms. May only be set to true the first NetworkContext created using |
| // the NetworkService. Destroying a NetworkContext created with this set to |
| // true will destroy all other NetworkContexts. |
| // |
| // A failure to mark a NetworkContext as being used by certificate |
| // verification may result in incorrect certificate validation behaviors, |
| // such as the inability to verify EV certificates, to build paths when |
| // intermediates are missing, and to enforce revocation checking when it was |
| // requested via policy. |
| // |
| // TODO(mmenke): Once NSS is not used on any platform for certificate |
| // verification, we should consider using each URLRequestContext to do its own |
| // validation. |
| bool primary_network_context = false; |
| |
| // Specifies the initial set of allowed and blocked origins for the |
| // URLLoaderFactory consumers to access beyond the same-origin-policy. |
| array<CorsOriginAccessPatterns> cors_origin_access_list; |
| |
| // Specifies header keys that are allowed to be used in |
| // network::url_request.cors_exempt_headers. |
| array<string> cors_exempt_header_list; |
| |
| // List of single-label hostnames that are exempted from the HSTS upgrade |
| // policy. |
| array<string> hsts_policy_bypass_list; |
| }; |
| |
| struct NetworkConditions { |
| // If set, the offline state is simulated and other fields are ignored. |
| bool offline; |
| |
| // Channel round-trip latency, i.e. minimum time between request sent and |
| // response received. |
| mojo_base.mojom.TimeDelta latency; |
| |
| // Maximal aggregated download throughput (bytes/sec). 0 disables download |
| // throttling. |
| double download_throughput; |
| |
| // Maximal aggregated upload throughput (bytes/sec). 0 disables upload |
| // throttling. |
| double upload_throughput; |
| }; |
| |
| // Used in some clearing methods of URL-keyed data to specify the resources to |
| // keep/delete. |
| struct ClearDataFilter { |
| enum Type {DELETE_MATCHES, KEEP_MATCHES}; |
| |
| Type type; |
| |
| // A list of registrable domains (e.g. google.com), internal hostnames |
| // (e.g. localhost), or IP addresses (e.g. 127.0.0.1). Other domains, such as |
| // third and lower level domains (e.g. www.google.com) are not accepted. |
| // Formally, it must hold that GetDomainAndRegistry(|domain|, _) is |domain| |
| // itself or an empty string. |
| array<string> domains; |
| |
| // List of URL origins. |
| array<url.mojom.Origin> origins; |
| }; |
| |
| // Represents the accumulated network usage for a consumer. |
| struct NetworkUsage { |
| // |process_id| is 0 for the browser process, otherwise it's the child process |
| // ID. |
| uint32 process_id; |
| |
| // The ID of the IPC route for the consumer, which identifies the RenderFrame |
| // or like-thing. |
| uint32 routing_id; |
| |
| // Raw bytes received from the network since the start/restart of the service. |
| int64 total_bytes_received; |
| |
| // Raw bytes sent to the network since the start/restart of the service. |
| int64 total_bytes_sent; |
| }; |
| |
| // Represents a signed exchange report. |
| // Spec: https://wicg.github.io/webpackage/loading.html#queue-report |
| struct SignedExchangeReport { |
| bool success; |
| string type; |
| url.mojom.Url outer_url; |
| url.mojom.Url inner_url; |
| url.mojom.Url cert_url; |
| string referrer; |
| IPAddress server_ip_address; |
| string protocol; |
| string method; |
| int32 status_code; |
| mojo_base.mojom.TimeDelta elapsed_time; |
| }; |
| |
| const uint32 kBrowserProcessId = 0; |
| const uint32 kInvalidProcessId = 0xffffffff; |
| |
| // https://mikewest.github.io/corpp/#integration-html |
| enum CrossOriginEmbedderPolicy { |
| kNone, |
| kRequireCorp, |
| }; |
| |
| struct URLLoaderFactoryParams { |
| // Process requesting the URLLoaderFactory. |
| // Set to kBrowserProcessId to indicate the browser process. |
| uint32 process_id = kInvalidProcessId; |
| |
| // If specified, then |request_initiator_site_lock| locks |
| // |ResourceRequest::request_initiator| to the specified origin. |
| // TODO(lukasza): https://crbug.com/891872: Make this non-optional. |
| // TODO(lukasza, nasko): https://crbug.com/888079: Make this an *origin* lock |
| // (rather than just a site lock). |
| url.mojom.Origin? request_initiator_site_lock; |
| |
| // Cross-origin read blocking (CORB) configuration. |
| bool is_corb_enabled = true; |
| |
| // True if web related security (e.g., CORS) should be disabled. This is |
| // mainly used by people testing their sites, via a command line switch. |
| bool disable_web_security = false; |
| |
| // https://mikewest.github.io/corpp/#integration-html |
| // https://mikewest.github.io/corpp/#initialize-embedder-policy-for-global |
| CrossOriginEmbedderPolicy cross_origin_embedder_policy = |
| CrossOriginEmbedderPolicy.kNone; |
| |
| // If this is set, requests with the kURLLoadOptionUseHeaderClient option will |
| // callback to the |header_client|, allowing the Cookie/Referrer request |
| // headers and Cookie response headers to be modified. This has a performance |
| // impact because of the extra process hops, so use should be minimized. |
| pending_remote<TrustedURLLoaderHeaderClient>? header_client; |
| |
| // If non-empty array is given, |factory_bound_allow_patterns| is used for |
| // CORS checks in addition to the per-context allow patterns that is managed |
| // via NetworkContext interface. This still respects the per-context block |
| // lists. To use this feature, caller should set |request_initiator_site_lock| |
| // in order to bind the allow patterns to the factory specific initiator |
| // origin. |
| array<CorsOriginPattern> factory_bound_allow_patterns; |
| |
| // Key used to isolate shared network resources like the cache. |
| NetworkIsolationKey? network_isolation_key; |
| |
| // True if this is for exclusive use by a trusted consumer. Only trusted |
| // consumers can issue requests with ResourceRequest::trusted_params |
| // populated. |
| bool is_trusted; |
| }; |
| |
| // The |credentials| output parameter is given to URLRequest::SetAuth() |
| // through this mojo interface. It is not set when URLRequest::CancelAuth() |
| // needs to be called. |
| interface AuthChallengeResponder { |
| OnAuthCredentials(AuthCredentials? credentials); |
| }; |
| |
| // This interface enables the UI to send client certificate selections back to |
| // the network service. |
| // |
| // Defining an interface for this purpose, rather than using a union in the |
| // response of OnCertificateRequested, enables the NetworkServiceClient to learn |
| // of the URLLoader destruction via the connection error handler. |
| interface ClientCertificateResponder { |
| // Use the selected certificate and continue the URLRequest. |
| // |
| // - |provider_name| corresponds to the return value of |
| // net::SSLPrivateKey::GetProviderName(). |
| // - |algorithm_preferences| corresponds to the return value of |
| // net::SSLPrivateKey::GetAlgorithmPreferences(). |
| ContinueWithCertificate(network.mojom.X509Certificate x509_certificate, |
| string provider_name, |
| array<uint16> algorithm_preferences, |
| pending_remote<SSLPrivateKey> ssl_private_key); |
| |
| // Affirmatively select no certificate (this is cached and can affect future |
| // URLRequests). Does not cancel the URLRequest. |
| // |
| // The connection is continued with no client cert. |
| // net::URLRequest::ContinueWithCertificate(nullptr, nullptr) needs to be |
| // called. |
| ContinueWithoutCertificate(); |
| |
| // Cancel the URLRequest. The request is aborted. |
| // net::URLRequest::CancelWithError() needs to be called. |
| CancelRequest(); |
| }; |
| |
| // The content/browser implementation of this SSLPrivateKey interface wraps the |
| // scoped_refptr<net::SSLPrivateKey> that is received from |
| // SSLClientAuthDelegate::ContinueWithCertificate(), and this mojo interface is |
| // sent from content/browser to services/network so that services/network can |
| // have its own net::SSLPrivateKey implementation that internally uses this mojo |
| // interface. |
| // The |algorithm| and |input| parameters correspond to the |algorithm| and |
| // |input| parameters in net::SSLPrivateKey::Sign(). |
| // The |net_error| and |signature| parameters correspond to the parameters in |
| // net::SSLPrivateKey::SignCallback. |
| interface SSLPrivateKey { |
| Sign(uint16 algorithm, |
| array<uint8> input) => (int32 net_error, array<uint8> signature); |
| }; |
| |
| // Callback interface for NetworkContext when routing identifiers aren't |
| // available. Otherwise generally callbacks from the network service go on |
| // NetworkServiceClient. |
| interface NetworkContextClient { |
| // Called when we receive an authentication failure. |
| // The |auth_challenge_responder| will respond to auth challenge with |
| // credentials. |head| can provide response headers for the response |
| // which has elicited this auth request, if applicable. |
| // |
| // |window_id| or else |process_id| and |routing_id| indicates |
| // the frame making the request, see |
| // network::ResourceRequest::fetch_window_id. |
| OnAuthRequired( |
| mojo_base.mojom.UnguessableToken? window_id, |
| uint32 process_id, |
| uint32 routing_id, |
| uint32 request_id, |
| url.mojom.Url url, |
| bool first_auth_attempt, |
| AuthChallengeInfo auth_info, |
| URLResponseHead? head, |
| pending_remote<AuthChallengeResponder> auth_challenge_responder); |
| |
| // Called when an SSL certificate requested message is received for client |
| // authentication. |
| // |
| // Rather than using one response for multiple purposes, the caller expects |
| // exactly one response (or disconnect) to be sent back via |cert_responder|. |
| // |
| // |window_id| or else |process_id| and |routing_id| indicates the frame |
| // making the request, see network::ResourceRequest::fetch_window_id. |
| OnCertificateRequested( |
| mojo_base.mojom.UnguessableToken? window_id, |
| uint32 process_id, |
| uint32 routing_id, |
| uint32 request_id, |
| network.mojom.SSLCertRequestInfo cert_info, |
| pending_remote<ClientCertificateResponder> cert_responder); |
| |
| // Called when an SSL certificate is encountered. |
| // The callback argument is a net::ERROR value. If it's net::OK, then the |
| // request is resumed. Otherwise it's cancelled with the given error. |
| OnSSLCertificateError(uint32 process_id, |
| uint32 routing_id, |
| url.mojom.Url url, |
| int32 net_error, |
| SSLInfo ssl_info, |
| bool fatal) => (int32 net_error); |
| |
| // Called when file uploading was requested. |
| // If the process that requested the uploads has permission to read all of |
| // the files referenced by |file_paths|, the callback arguments will be |
| // net::OK, along with an array of open file handles. The array will contain |
| // exactly one handle for each path in |file_paths|, in the same order. |
| // If any files referenced by |file_paths| cannot be read, a net::ERROR will |
| // be returned, and |files| will be an empty list. If the |async| parameter |
| // is true, the files will be opened with FLAG_ASYNC. |
| OnFileUploadRequested(uint32 process_id, |
| bool async, |
| array<mojo_base.mojom.FilePath> file_paths) => |
| (int32 net_error, array<mojo_base.mojom.File> files); |
| |
| // Checks if network error reports could be sent for the given origins. |
| // Replies with the origins that are allowed. |
| OnCanSendReportingReports(array<url.mojom.Origin> origins) => |
| (array<url.mojom.Origin> origins); |
| |
| // Checks if a Domain Reliability report can be uploaded for the given origin. |
| OnCanSendDomainReliabilityUpload(url.mojom.Url origin) => (bool allowed); |
| |
| // Called when the Clear-Site-Data header has been received. The callback |
| // should be run after the data is deleted. |
| // https://www.w3.org/TR/clear-site-data/ |
| // TODO(crbug.com/876931): We might want to move header parsing work to |
| // Network Service for security concerns (e.g. |header_value| => booleans). |
| OnClearSiteData(uint32 process_id, |
| int32 routing_id, |
| url.mojom.Url url, |
| string header_value, |
| int32 load_flags) => (); |
| |
| // Called when an attempt has been made to set cookies |cookie_list|, with the |
| // status field indicating whether the cookies as set, or blocked, and for |
| // what reason. Currently blocked cookies are included if they are blocked by |
| // user preference, or if they warrant a console deprecation warning. |
| // |
| // If the set attempt is due to a network transfer, |url| is the URL being |
| // loaded; if it's set by a script it's the URL of window or service worker |
| // script making the change. |
| // |
| // |is_service_worker| is true if the cookie is directly set by a service |
| // worker action via cookie store API; this doesn't include those |
| // set as a side effect of passed through fetches. In that case, there is |
| // no frame associated with the action, so it should be attributed by |url|. |
| // |
| // If |is_service_worker| is false, |process_id| and |routing_id| identify |
| // the relevant frame. |
| OnCookiesChanged( |
| bool is_service_worker, int32 process_id, int32 routing_id, |
| url.mojom.Url url, url.mojom.Url site_for_cookies, |
| array<CookieWithStatus> cookie_list); |
| |
| // Called when an attempt has been made to read the cookies in |cookie_list|, |
| // with the status indicating whether the cookies were actually used or |
| // blocked, and if so, gives the reason. Currently blocked cookies are |
| // included if they are blocked by user preference, or if they warrant a |
| // console deprecation warning. |
| // |
| // If the cookies are accessed by a network transfer, |url| is the URL being |
| // loaded; if they're read by a script, it's the URL of window or service |
| // worker script looking them up. |
| // |
| // |is_service_worker| is true if the cookie is directly read by a service |
| // worker action via cookie store API; this doesn't include those |
| // read as a side effect of passed through fetches. In that case, there is |
| // no frame associated with the action, so it should be attributed by |url|. |
| // |
| // If |is_service_worker| is false, |process_id| and |routing_id| identify |
| // the relevant frame. |
| OnCookiesRead( |
| bool is_service_worker, int32 process_id, int32 routing_id, |
| url.mojom.Url url, url.mojom.Url site_for_cookies, |
| array<CookieWithStatus> cookie_list); |
| |
| // Called to generate an auth token for SPNEGO authentication on Android. |
| [EnableIf=is_android] |
| OnGenerateHttpNegotiateAuthToken(string server_auth_token, bool can_delegate, |
| string auth_negotiate_android_account_type, |
| string spn) => |
| (int32 result, string auth_token); |
| |
| // Notification that a trust anchor was used for the given user. |
| [EnableIf=is_chromeos] |
| OnTrustAnchorUsed(); |
| }; |
| |
| // Represents a distinct context for making network requests, with its own |
| // storage (e.g. cookies and cache). |
| interface NetworkContext { |
| // Sets a client for this network context. |
| SetClient(pending_remote<NetworkContextClient> client); |
| |
| // Creates a new URLLoaderFactory with the given |params|. |
| CreateURLLoaderFactory(URLLoaderFactory& url_loader_factory, |
| URLLoaderFactoryParams params); |
| |
| // Destroys all URLLoaderFactory bindings, which should then be regenerated. |
| // This should be called if there is a change to the proxies which should be |
| // used on URLLoaders. |
| ResetURLLoaderFactories(); |
| |
| // Gets the CookieManager associated with this network context. |
| // |
| // The CookieManager must only be passed to trusted processes. Whenever |
| // possible, a RestrictedCookieManager should be handed out instead. |
| GetCookieManager(pending_receiver<CookieManager> cookie_manager); |
| |
| // Gets a RestrictedCookieManager scoped to a given origin, and applying |
| // settings configured on the CookieManager associated with this domain. |
| // |
| // If role == SCRIPT, this interface can be safely handed out to a process |
| // that is known to represent the given origin, such as a renderer process. |
| // |
| // |is_service_worker|, |process_id| and |routing_id| will be passed to |
| // NetworkContextClient::OnCookieChange and OnCookiesRead. |
| GetRestrictedCookieManager( |
| pending_receiver<RestrictedCookieManager> restricted_cookie_manager, |
| RestrictedCookieManagerRole role, |
| url.mojom.Origin origin, |
| bool is_service_worker, |
| int32 process_id, int32 routing_id); |
| |
| // Clears network objects with implicit URL history information. Data related |
| // to events that happened prior to |start_time| may be retained. Only applies |
| // to network objects without more specific methods (Cookies, |
| // and the cache have, or will have, their own clearing APIs). This currently |
| // only covers server properties and transport security state. |
| // |
| // The callback will be invoked once the data has been deleted. |
| ClearNetworkingHistorySince(mojo_base.mojom.Time start_time) => (); |
| |
| // Clears content from the HTTP cache. A specific range of time can be |
| // specified with |start_time| and |end_time|. This supports unbounded deletes |
| // in either direction by using null Time values for either argument. |
| // If a non-null |filter| is specified, will clear only entries matching the |
| // filter. |
| ClearHttpCache(mojo_base.mojom.Time start_time, |
| mojo_base.mojom.Time end_time, |
| ClearDataFilter? filter) => (); |
| |
| // Computes the size of cache objects last accessed between |start_time| and |
| // |end_time|. |
| // |
| // If you don't want a lower bound, pass base::Time() for |start_time|. |
| // If you don't want an upper bound, pass base::Time::Max() |
| // |
| // |upper_bound| will be returned as true if the implementation had to |
| // overestimate; this may be as bad as giving the size of the entire cache. |
| // |
| // |size_or_error|, if non-negative, is the result in bytes; and a net error |
| // code if negative. |
| ComputeHttpCacheSize(mojo_base.mojom.Time start_time, |
| mojo_base.mojom.Time end_time) |
| => (bool is_upper_bound, int64 size_or_error); |
| |
| // Notifies the HttpCache of a renderer-level cache hit with |url| |
| // and |http_method|, with the top-level frame of the containing page |
| // being on origin |top_frame_origin|. |
| // |
| // This is being proxied by the browser because the renderer is unable to |
| // directly interact with NetworkContext. |
| NotifyExternalCacheHit(url.mojom.Url url, string http_method, |
| NetworkIsolationKey key); |
| |
| // Clears the host cache. This will affect all NetworkContexts that share the |
| // same HostResolved as the NetworkContext this is called on. |
| // |
| // If a non-null |filter| is specified, will clear only entries for domains |
| // matching the filter. Filtering by origins is not supported. If |filter| is |
| // non-null, |filter.origins| must be empty. |
| ClearHostCache(ClearDataFilter? filter) => (); |
| |
| // Clears all entries from the HTTP Auth cache that were added since |
| // |start_time|. Supports unbounded delete using null Time value. |
| ClearHttpAuthCache(mojo_base.mojom.Time start_time) => (); |
| |
| // Clears all report entries from the reporting cache. Should not be called if |
| // the ENABLE_REPORTING build flag is false. |
| // |
| // If a non-null |filter| is specified, will clear only entries matching the |
| // filter. |
| ClearReportingCacheReports(ClearDataFilter? filter) => (); |
| |
| // Clears all client entries from the reporting cache. Should not be called if |
| // the ENABLE_REPORTING build flag is false. |
| // |
| // If a non-null |filter| is specified, will clear only entries matching the |
| // filter. |
| ClearReportingCacheClients(ClearDataFilter? filter) => (); |
| |
| // Clears policy entries from the NetworkErrorLoggingService. Should not be |
| // called if the ENABLE_REPORTING build flag is false. |
| // |
| // If a non-null |filter| is specified, will clear only entries matching the |
| // filter. |
| ClearNetworkErrorLogging(ClearDataFilter? filter) => (); |
| |
| // Mirror of domain_reliability::DomainReliabilityClearMode. |
| enum DomainReliabilityClearMode {CLEAR_CONTEXTS, CLEAR_BEACONS}; |
| // Clears Domain Reliability entries, specified by |mode|. |
| ClearDomainReliability(ClearDataFilter? filter, |
| DomainReliabilityClearMode mode) => (); |
| |
| // Returns a JSON value containing data for displaying on a debugging page. |
| GetDomainReliabilityJSON() => (mojo_base.mojom.Value data); |
| |
| // Queues a report via the Reporting API. |type| describes the type of report |
| // (as well as what data will contained in |body|). |group| specifies the |
| // endpoint group that the report will be delivered to. |url| indicates the |
| // URL of the resource that the report describes; |user_agent| may be |
| // provided, or will be automatically generated if omitted; |body| holds the |
| // contents of the report. |
| // |
| // Note that this queued report will never be delivered if no reporting |
| // endpoint is registered for this |url|. |
| // |
| // Spec: https://w3c.github.io/reporting/#concept-reports |
| QueueReport(string type, |
| string group, |
| url.mojom.Url url, |
| string? user_agent, |
| mojo_base.mojom.DictionaryValue body); |
| |
| // Queues a signed exchange report. |
| QueueSignedExchangeReport(SignedExchangeReport report); |
| |
| // Closes all open connections within this context. |
| CloseAllConnections() => (); |
| |
| // Close all idle connections for the HTTP network session used by |
| // this context. |
| CloseIdleConnections() => (); |
| |
| // Configures network conditions for the specified throttling profile. |
| // The throttling will be applied only to requests that have matching |
| // throttling_profile_id. |
| // Passing null NetworkConditions disables the throttling. |
| SetNetworkConditions(mojo_base.mojom.UnguessableToken throttling_profile_id, |
| NetworkConditions? conditions); |
| |
| // Updates the Accept-Language header to be used for requests. |
| SetAcceptLanguage(string new_accept_language); |
| |
| // If false, the referrer of requests is never populated. |
| SetEnableReferrers(bool enable_referrers); |
| |
| // Updates the additional trust anchors for certificate verification. |
| [EnableIf=is_chromeos] |
| UpdateAdditionalCertificates(AdditionalCertificates? additional_certificates); |
| |
| // Updates the CT policy to be used for requests. Only applies if the |
| // NetworkContextParams set enforce_chrome_ct_policy to true. |
| // TODO(rsleevi): Remove this once Chrome-specific policies are moved out |
| // of the network service. |
| [EnableIf=is_ct_supported] |
| SetCTPolicy(array<string> required_hosts, |
| array<string> excluded_hosts, |
| array<string> excluded_spkis, |
| array<string> excluded_legacy_spkis); |
| |
| // Adds explicitly-specified data as if it was processed from an Expect-CT |
| // header. |
| [EnableIf=is_ct_supported] |
| AddExpectCT(string host, mojo_base.mojom.Time expiry, |
| bool enforce, url.mojom.Url report_uri) => (bool success); |
| |
| // Send a test CT report with dummy data for test purposes. |
| [EnableIf=is_ct_supported] |
| SetExpectCTTestReport(url.mojom.Url report_uri) => (bool success); |
| |
| // Retrieves the expect CT state from the associated network context |
| // transport security state. |
| [EnableIf=is_ct_supported] |
| GetExpectCTState(string domain) => (mojo_base.mojom.DictionaryValue state); |
| |
| // Creates a UDP socket. Caller can supply a |listener| interface pointer |
| // to listen for incoming datagrams. A null |listener| is acceptable if caller |
| // is not interested in incoming data. |
| // Any sockets that are created but are yet to be destroyed will be destroyed |
| // when NetworkContext goes away. |
| CreateUDPSocket(UDPSocket& request, UDPSocketListener? listener); |
| |
| // Creates a TCP server socket that listens on |local_addr|. The socket |
| // created can only be used for the purpose specified in |traffic_annotation|, |
| // and cannot be re-used for other purposes. Caller must specify an address |
| // family in |local_addr| to be either IPv4 or IPv6. If port in |local_addr| |
| // is 0, the OS will pick an available port. If address bytes are 0, the OS |
| // will pick a local address of the specified address family. |backlog| will |
| // be passed to the OS to set the size of accept queue. |
| // On success, the resulting local address will be written to |local_addr_out| |
| // and |result| is net::OK. On failure, |result| is a network error code. |
| // |
| // Any sockets that are created but are yet to be destroyed will be destroyed |
| // when NetworkContext goes away. |
| CreateTCPServerSocket(IPEndPoint local_addr, |
| uint32 backlog, |
| MutableNetworkTrafficAnnotationTag traffic_annotation, |
| TCPServerSocket& socket) |
| => (int32 result, IPEndPoint? local_addr_out); |
| |
| // Creates a TCP socket connected to |remote_addr|. |observer| if non-null |
| // will be used to listen for any network connection error on the newly |
| // established connection. The socket created can only be used for the purpose |
| // specified in |traffic_annotation|, and cannot be re-used for other |
| // purposes. |local_addr| should be set to null unless the caller wants to |
| // bind the socket to a specific address and port. On success, |result| is |
| // net::OK. Caller is to use |send_stream| to send data and |receive_stream| |
| // to receive data over the connection. On failure, |result| is a network |
| // error code. |
| // |
| // If the client closes |socket| before this completes, the callback will be |
| // invoked with net::ERR_ABORTED. |
| // |
| // Any sockets that are created but are yet to be destroyed will be destroyed |
| // when NetworkContext goes away. |
| CreateTCPConnectedSocket( |
| IPEndPoint? local_addr, |
| AddressList remote_addr_list, |
| TCPConnectedSocketOptions? tcp_connected_socket_options, |
| MutableNetworkTrafficAnnotationTag traffic_annotation, |
| TCPConnectedSocket& socket, |
| SocketObserver? observer) |
| => (int32 result, |
| IPEndPoint? local_addr, |
| IPEndPoint? peer_addr, |
| handle<data_pipe_consumer>? receive_stream, |
| handle<data_pipe_producer>? send_stream); |
| |
| // Creates a TCPSocket bound to |local_addr|. The socket created can only be |
| // used for the purpose specified in |traffic_annotation|, and cannot be |
| // re-used for other purposes. |local_addr| is treated the same as in |
| // CreateTCPServerSocket(). |
| // |
| // On success, the resulting local address will be written to |local_addr_out| |
| // and |result| is net::OK. On failure, |result| is a network error code. |
| // |
| // It's recommended consumers use CreateTCPServerSocket() or |
| // CreateTCPConnectedSocket(). This method is just provided so legacy |
| // consumers can mimic Berkeley sockets semantics. |
| CreateTCPBoundSocket(IPEndPoint local_addr, |
| MutableNetworkTrafficAnnotationTag traffic_annotation, |
| TCPBoundSocket& socket) |
| => (int32 result, IPEndPoint? local_addr); |
| |
| // Creates a ProxyResolvingSocketFactory that shares some configuration params |
| // with this NetworkContext, but uses separate socket pools. |
| // |
| // Any sockets that are created but are yet to be destroyed will be destroyed |
| // when NetworkContext goes away. |
| CreateProxyResolvingSocketFactory(ProxyResolvingSocketFactory& factory); |
| |
| // Looks up what proxy to use for a particular URL. |
| LookUpProxyForURL(url.mojom.Url url, |
| ProxyLookupClient proxy_lookup_client); |
| |
| // Forces refetching the proxy configuration, and applying it. |
| ForceReloadProxyConfig() => (); |
| |
| // Clears the list of bad proxy servers that has been cached. |
| ClearBadProxiesCache() => (); |
| |
| // Creates a WebSocket connection to |url|. |requested_protocols| is a |
| // list of tokens identifying sub-protocols the renderer would like to use, |
| // as described in RFC6455 "Subprotocols Using the WebSocket Protocol". |
| // |additional_headers| are miscellaneous HTTP headers to be added to the |
| // request. Headers semantically relevant to the WebSocket handshake such |
| // as "sec-websocket-protocol" and "origin" are handled separately, (e.g., |
| // "sec-websocket-protocol" is constructed from |requested_protocols| in |
| // this message). |site_for_cookies| represents the first-party origin for |
| // the request. |options| may be a combination of the kWebSocketOption* flags. |
| // |
| // If |header_client| is set, requests with the kURLLoadOptionUseHeaderClient |
| // option will callback to the |header_client|, allowing the Cookie/Referrer |
| // request headers and Cookie response headers to be modified. This has a |
| // performance impact because of the extra process hops, so use should be |
| // minimized. |
| // |
| // Detect mojo connection errors on |handshake_client| until the connection |
| // is established. |
| // Do *NOT* interpret mojo connection errors on |auth_handler| and |
| // |header_client| as WebSocket connection errors. They are disconnected when |
| // the connection is established, and due to message ordering uncertainty we |
| // cannot know what happened. |
| CreateWebSocket( |
| url.mojom.Url url, |
| array<string> requested_protocols, |
| url.mojom.Url site_for_cookies, |
| array<HttpHeader> additional_headers, |
| int32 process_id, |
| int32 render_frame_id, |
| url.mojom.Origin origin, |
| uint32 options, |
| pending_remote<WebSocketHandshakeClient> handshake_client, |
| pending_remote<AuthenticationHandler>? auth_handler, |
| pending_remote<TrustedHeaderClient>? header_client); |
| |
| // Create a NetLogExporter, which helps export NetLog to an existing file. |
| // Note that the log is generally global, including all NetworkContexts |
| // managed by the same NetworkService. The particular NetworkContext this is |
| // called on will determine which NetworkContext gets its information and |
| // configuration summary written out at the end of the log. |
| CreateNetLogExporter(NetLogExporter& exporter); |
| |
| // Tries to preconnect to |url|. |num_streams| may be used to request more |
| // than one connection be established in parallel. |
| // |allow_credentials| is true if the connection is to be pooled with |
| // credentialed requests and false otherwise. |
| // |network_isolation_key| specifies the NetworkIsolationKey to associate |
| // with the preconnected sockets. The sockets will only be used for requests |
| // associated with the same key. |
| PreconnectSockets(uint32 num_streams, |
| url.mojom.Url url, |
| bool allow_credentials, |
| NetworkIsolationKey network_isolation_key); |
| |
| // Creates a P2PSocketManager instance, used for WebRTC. |
| CreateP2PSocketManager(P2PTrustedSocketManagerClient client, |
| P2PTrustedSocketManager& trusted_socket_manager, |
| P2PSocketManager& socket_manager); |
| |
| // Creates an MdnsResponder instance. |
| CreateMdnsResponder(MdnsResponder& responder_request); |
| |
| // Resolves the given hostname (or IP address literal). See documentation at |
| // HostResolver::ResolveHost. |
| // |
| // All outstanding requests are cancelled if the NetworkContext is destroyed. |
| // Such requests will receive ERR_FAILED via |response_client|. |
| ResolveHost(HostPortPair host, |
| ResolveHostParameters? optional_parameters, |
| ResolveHostClient response_client); |
| |
| // Creates a HostResolver interface that can be passed to code/processes |
| // without direct access to NetworkContext to make ResolveHost requests. |
| // |
| // If set, |config_overrides| will override configuration read from the system |
| // DNS configuration when resolution is performed using the built-in resolver |
| // (which can be forced using ResolveHostParameters::source = Source.DNS). |
| // |
| // If this NetworkContext is destroyed, all outstanding requests from child |
| // HostResolvers will be cancelled. Such requests will receive ERR_FAILED via |
| // |response_client|. |
| // |
| // TODO(crbug.com/821021): If necessary as usage and functionality is added to |
| // the contained ResolveHost method, consider adding the ability for this to |
| // be a restricted resolver with some functionality disabled (eg maybe MDNS). |
| CreateHostResolver(DnsConfigOverrides? config_overrides, |
| HostResolver& host_resolver); |
| |
| // Checks the given certificate against the CertVerifier and CTVerifier. This |
| // implementation is currently specific for use by Signed Exchange. |
| VerifyCertForSignedExchange(X509Certificate certificate, |
| url.mojom.Url url, |
| string ocsp_response, |
| string sct_list) => (int32 error_code, |
| CertVerifyResult cv_result, |
| CTVerifyResult ct_result); |
| |
| // Adds explicitly-specified data as if it was processed from an |
| // HSTS header. Used by tests and implementation of chrome://net-internals. |
| AddHSTS(string host, mojo_base.mojom.Time expiry, |
| bool include_subdomains) => (); |
| |
| // Returns true if it is known that |host| has requested to always be |
| // accessed via HTTPS. |
| IsHSTSActiveForHost(string host) => (bool result); |
| |
| // Retrieve values from the HSTS state from the associated contexts |
| // transport security state. |
| GetHSTSState(string domain) => (mojo_base.mojom.DictionaryValue state); |
| |
| // Sets allowed and blocked origins respectively for the URLLoaderFactory |
| // consumers to access beyond the same-origin policy. The list is managed per |
| // each |source_origin|, and each call will flash old set lists for the |
| // |source_origin|. The passed |patterns| will be set instead. If an empty |
| // array is given for |allow_patterns| and/or |block_patterns|, the |
| // |source_origin|'s origin list for each is set to empty respectively. |
| // TODO(crbug.com/936310): Eventually, we want to stop using per-context |
| // access lists, and use only per-factory access lists, or stop managing the |
| // list in the NetworkService completely. |
| SetCorsOriginAccessListsForOrigin( |
| url.mojom.Origin source_origin, array<CorsOriginPattern> allow_patterns, |
| array<CorsOriginPattern> block_patterns) => (); |
| |
| // Deletes any dynamic data stored for |host| from the transport |
| // security state. Returns true iff an entry was deleted. |
| // See net::TransportSecurityState::DeleteDynamicDataForHost for more detail. |
| DeleteDynamicDataForHost(string host) => (bool result); |
| |
| // Copies the contents of this NetworkContext's HttpAuthCache and returns a |
| // key that can be used by LoadHttpAuthCache to restore the contents. |
| // The data referenced by the returned key is not associated with this |
| // NetworkContext, and can be loaded by any NetworkContext. |
| // If there is no corresponding LoadHttpAuthCache call, the saved |
| // HttpAuthCache data will leak. |
| // |
| // TODO(crbug.com/914082): Return a scoped handle that can automatically free |
| // the cache when it goes out of scope. |
| SaveHttpAuthCache() => (mojo_base.mojom.UnguessableToken cache_key); |
| |
| // Loads an HttpAuthCache previously saved by SaveHttpAuthCache, and |
| // copies its contents into this NetworkContext's HttpAuthCache. |
| LoadHttpAuthCache(mojo_base.mojom.UnguessableToken cache_key) => (); |
| |
| // Adds an entry to the HttpAuthCache or FtpAuthCache (determined by whether |
| // the |challenger| field within |challenge| is an ftp:// URL). |challenge| |
| // may not necessarily contain a stateful challenge that requires a persistent |
| // connection, allowing the cache to be pre-populated. |
| AddAuthCacheEntry(AuthChallengeInfo challenge, |
| AuthCredentials credentials) => (); |
| |
| // Looks up credentials in the HttpAuthCache using the origin and path from |
| // |url|. Only supports basic auth scheme. |
| LookupBasicAuthCredentials(url.mojom.Url url) |
| => (AuthCredentials? credentials); |
| |
| [Sync] |
| // Enables the checking of static PKP records. |
| EnableStaticKeyPinningForTesting() => (); |
| |
| [Sync] |
| // Will force the transaction to fail with the given error code. |
| SetFailingHttpTransactionForTesting(int32 rv) => (); |
| |
| [Sync] |
| // Verifies the given certificate using the context's CertVerifier. |
| VerifyCertificateForTesting(X509Certificate certificate, |
| string hostname, |
| string ocsp_response, |
| string sct_list) => (int32 error_code); |
| |
| [Sync] |
| // Adds a Domain Reliability Context. |
| AddDomainReliabilityContextForTesting( |
| url.mojom.Url origin, url.mojom.Url upload_url) => (); |
| |
| [Sync] |
| // Forces all pending Domain Reliability uploads to run now, even if their |
| // minimum delay has not yet passed. |
| ForceDomainReliabilityUploadsForTesting() => (); |
| |
| // Gets the OriginPolicyManager associated with this network context. |
| GetOriginPolicyManager(OriginPolicyManager& origin_policy_manager); |
| }; |