services/network/public/mojom/cross_origin_embedder_policy.mojom - chromium/src - Git at Google

 // Copyright 2019 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 module network.mojom;

 import "url/mojom/url.mojom";
 import "services/network/public/mojom/fetch_api.mojom";

 // [spec]: https://html.spec.whatwg.org/C/#coep
 // An embedder policy value is one of three strings that controls the fetching
 // of cross-origin resources without explicit permission from resource owners.
 enum CrossOriginEmbedderPolicyValue {
   // [spec]: This is the default value. When this value is used, cross-origin
   // resources can be fetched without giving explicit permission through the
   // CORS protocol or the `Cross-Origin-Resource-Policy` header.
   kNone,

   // [spec]: When this value is used, fetching cross-origin resources requires
   // the server's explicit permission through the CORS protocol or the
   // `Cross-Origin-Resource-Policy` header.
   kRequireCorp,

   // [spec]: When this value is used, fetching cross-origin no-CORS resources
   // omits credentials. In exchange, an explicit `Cross-Origin-Resource-Policy`
   // header is not required. Other requests sent with credentials require the
   // server's explicit permission through the CORS protocol or the
   // `Cross-Origin-Resource-Policy` header.
   kCredentialless,
 };

 // Reports potential COEP violations. This is mainly used by the CORP check
 // in the network service. Implemented in the browser process.
 interface CrossOriginEmbedderPolicyReporter {
   // Queues a report of a CORP violation caused by COEP.
   QueueCorpViolationReport(url.mojom.Url blocked_url,
                            network.mojom.RequestDestination destination,
                            bool report_only);

   // Connects a new pipe to this instance.
   Clone(pending_receiver<CrossOriginEmbedderPolicyReporter> receiver);
 };

 // [spec]: https://html.spec.whatwg.org/C/#embedder-policy
 // An embedder policy consists of:
 struct CrossOriginEmbedderPolicy {
   // [spec]: A `value`, which is an embedder policy value, initially
   // "unsafe-none".
   CrossOriginEmbedderPolicyValue value = CrossOriginEmbedderPolicyValue.kNone;
   // [spec]: A `reporting endpoint` string, initially the empty string.
   string? reporting_endpoint;
   // [spec]: A `report only value`, which is an embedder policy value, initially
   // "unsafe-none".
   CrossOriginEmbedderPolicyValue report_only_value =
       CrossOriginEmbedderPolicyValue.kNone;
   // [spec]: A `report only reporting endpoint` string, initially the empty
   // string.
   string? report_only_reporting_endpoint;
 };
	// Copyright 2019 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	module network.mojom;

	import "url/mojom/url.mojom";
	import "services/network/public/mojom/fetch_api.mojom";

	// [spec]: https://html.spec.whatwg.org/C/#coep
	// An embedder policy value is one of three strings that controls the fetching
	// of cross-origin resources without explicit permission from resource owners.
	enum CrossOriginEmbedderPolicyValue {
	// [spec]: This is the default value. When this value is used, cross-origin
	// resources can be fetched without giving explicit permission through the
	// CORS protocol or the `Cross-Origin-Resource-Policy` header.
	kNone,

	// [spec]: When this value is used, fetching cross-origin resources requires
	// the server's explicit permission through the CORS protocol or the
	// `Cross-Origin-Resource-Policy` header.
	kRequireCorp,

	// [spec]: When this value is used, fetching cross-origin no-CORS resources
	// omits credentials. In exchange, an explicit `Cross-Origin-Resource-Policy`
	// header is not required. Other requests sent with credentials require the
	// server's explicit permission through the CORS protocol or the
	// `Cross-Origin-Resource-Policy` header.
	kCredentialless,
	};

	// Reports potential COEP violations. This is mainly used by the CORP check
	// in the network service. Implemented in the browser process.
	interface CrossOriginEmbedderPolicyReporter {
	// Queues a report of a CORP violation caused by COEP.
	QueueCorpViolationReport(url.mojom.Url blocked_url,
	network.mojom.RequestDestination destination,
	bool report_only);

	// Connects a new pipe to this instance.
	Clone(pending_receiver<CrossOriginEmbedderPolicyReporter> receiver);
	};

	// [spec]: https://html.spec.whatwg.org/C/#embedder-policy
	// An embedder policy consists of:
	struct CrossOriginEmbedderPolicy {
	// [spec]: A `value`, which is an embedder policy value, initially
	// "unsafe-none".
	CrossOriginEmbedderPolicyValue value = CrossOriginEmbedderPolicyValue.kNone;
	// [spec]: A `reporting endpoint` string, initially the empty string.
	string? reporting_endpoint;
	// [spec]: A `report only value`, which is an embedder policy value, initially
	// "unsafe-none".
	CrossOriginEmbedderPolicyValue report_only_value =
	CrossOriginEmbedderPolicyValue.kNone;
	// [spec]: A `report only reporting endpoint` string, initially the empty
	// string.
	string? report_only_reporting_endpoint;
	};