| // Copyright 2017 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| module network.mojom; |
| |
| // TODO(crbug.com/875759): Rename to Cors* rather than CORS*. |
| |
| // A policy to decide if CORS-preflight fetch should be performed. |
| enum CORSPreflightPolicy { |
| kConsiderPreflight, |
| kPreventPreflight, |
| }; |
| |
| // Error conditions of the CORS check. |
| enum CORSError { |
| // Access control |
| kDisallowedByMode, |
| kInvalidResponse, |
| |
| // Not allowed wildcard origin was found in Access-Control-Allow-Origin |
| // response header when the credentials mode is 'include'. |
| kWildcardOriginNotAllowed, |
| |
| // Access-Control-Allow-Origin response header was not found. |
| kMissingAllowOriginHeader, |
| |
| // Not allowed multiple origin values was found in Access-Control-Allow-Origin |
| // response header. |
| kMultipleAllowOriginValues, |
| |
| // Invalid origin was found in Access-Control-Allow-Origin response header. |
| kInvalidAllowOriginValue, |
| |
| // Not allowed by Access-Control-Allow-Origin response header. |
| kAllowOriginMismatch, |
| |
| // Invalid value was found in Access-Control-Allow-Credentials response |
| // header. |
| kInvalidAllowCredentials, |
| |
| // The scheme is not for CORS. |
| kCORSDisabledScheme, |
| |
| // Preflight: |
| // Failed to check HTTP response ok status in a CORS-preflight response. |
| kPreflightInvalidStatus, |
| |
| // Redirect is requested in CORS-preflight response, but not allowed. |
| kPreflightDisallowedRedirect, |
| |
| // Not allowed wildcard origin was found in Access-Control-Allow-Origin |
| // CORS-preflight response header when the credentials mode is 'include'. |
| kPreflightWildcardOriginNotAllowed, |
| |
| // Access-Control-Allow-Origin response header was not found in a |
| // CORS-preflight response. |
| kPreflightMissingAllowOriginHeader, |
| |
| // Not allowed multiple origin values was found in Access-Control-Allow-Origin |
| // CORS-preflight response header. |
| kPreflightMultipleAllowOriginValues, |
| |
| // Invalid origin was found in Access-Control-Allow-Origin CORS-preflight |
| // response header. |
| kPreflightInvalidAllowOriginValue, |
| |
| // Not allowed by Access-Control-Allow-Origin CORS-preflight response header. |
| kPreflightAllowOriginMismatch, |
| |
| // Invalid value was found in Access-Control-Allow-Credentials CORS-preflight |
| // response header. |
| kPreflightInvalidAllowCredentials, |
| |
| // "Access-Control-Allow-External:" |
| // ( https://wicg.github.io/cors-rfc1918/#headers ) specific error |
| // conditions: |
| kPreflightMissingAllowExternal, |
| kPreflightInvalidAllowExternal, |
| |
| // Failed to parse Access-Control-Allow-Methods response header field in |
| // CORS-preflight response. |
| kInvalidAllowMethodsPreflightResponse, |
| |
| // Failed to parse Access-Control-Allow-Headers response header field in |
| // CORS-preflight response. |
| kInvalidAllowHeadersPreflightResponse, |
| |
| // Not allowed by Access-Control-Allow-Methods in CORS-preflight response. |
| kMethodDisallowedByPreflightResponse, |
| |
| // Not allowed by Access-Control-Allow-Headers in CORS-preflight response. |
| kHeaderDisallowedByPreflightResponse, |
| |
| // Cross origin redirect location contains credentials such as 'user:pass'. |
| kRedirectContainsCredentials, |
| }; |
| |
| // Determine which Cors exception takes precedence when multiple matches occur. |
| enum CORSOriginAccessMatchPriority { |
| kNoMatchingOrigin, |
| kDefaultPriority, |
| kLowPriority, |
| kMediumPriority, |
| kHighPriority, |
| kMaxPriority |
| }; |
