| // Copyright 2018 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| module network.mojom; |
| |
| import "components/ip_protection/mojom/core.mojom"; |
| import "mojo/public/mojom/base/file_path.mojom"; |
| import "mojo/public/mojom/base/time.mojom"; |
| import "mojo/public/mojom/base/unguessable_token.mojom"; |
| import "mojo/public/mojom/base/values.mojom"; |
| import "sandbox/policy/mojom/context.mojom"; |
| import "services/network/public/mojom/address_list.mojom"; |
| import "services/network/public/mojom/cert_verifier_service.mojom"; |
| import "services/network/public/mojom/clear_data_filter.mojom"; |
| import "services/network/public/mojom/client_security_state.mojom"; |
| import "services/network/public/mojom/cookie_access_observer.mojom"; |
| import "services/network/public/mojom/cookie_encryption_provider.mojom"; |
| import "services/network/public/mojom/cookie_manager.mojom"; |
| import "services/network/public/mojom/cookie_setting_overrides.mojom"; |
| import "services/network/public/mojom/cors_origin_pattern.mojom"; |
| import "services/network/public/mojom/cross_origin_embedder_policy.mojom"; |
| import "services/network/public/mojom/default_credentials.mojom"; |
| import "services/network/public/mojom/device_bound_sessions.mojom"; |
| import "services/network/public/mojom/devtools_observer.mojom"; |
| import "services/network/public/mojom/document_isolation_policy.mojom"; |
| import "services/network/public/mojom/fetch_api.mojom"; |
| import "services/network/public/mojom/first_party_sets_access_delegate.mojom"; |
| import "services/network/public/mojom/hash_value.mojom"; |
| import "services/network/public/mojom/host_resolver.mojom"; |
| import "services/network/public/mojom/http_cache_backend_file_operations.mojom"; |
| import "services/network/public/mojom/http_request_headers.mojom"; |
| import "services/network/public/mojom/ip_address.mojom"; |
| import "services/network/public/mojom/ip_address_space.mojom"; |
| import "services/network/public/mojom/ip_endpoint.mojom"; |
| import "services/network/public/mojom/isolation_info.mojom"; |
| import "services/network/public/mojom/mdns_responder.mojom"; |
| import "services/network/public/mojom/mutable_network_traffic_annotation_tag.mojom"; |
| import "services/network/public/mojom/net_log.mojom"; |
| import "services/network/public/mojom/network_anonymization_key.mojom"; |
| import "services/network/public/mojom/network_context_client.mojom"; |
| import "services/network/public/mojom/network_isolation_key.mojom"; |
| import "services/network/public/mojom/network_param.mojom"; |
| import "services/network/public/mojom/oblivious_http_request.mojom"; |
| import "services/network/public/mojom/parsed_headers.mojom"; |
| import "services/network/public/mojom/proxy_config.mojom"; |
| import "services/network/public/mojom/proxy_config_with_annotation.mojom"; |
| import "services/network/public/mojom/proxy_lookup_client.mojom"; |
| import "services/network/public/mojom/proxy_resolving_socket.mojom"; |
| import "services/network/public/mojom/reporting_service.mojom"; |
| import "services/network/public/mojom/restricted_cookie_manager.mojom"; |
| import "services/network/public/mojom/restricted_udp_socket.mojom"; |
| import "services/network/public/mojom/shared_dictionary_access_observer.mojom"; |
| import "services/network/public/mojom/shared_dictionary_isolation_key.mojom"; |
| import "services/network/public/mojom/shared_dictionary_usage_info.mojom"; |
| import "services/network/public/mojom/site_for_cookies.mojom"; |
| import "services/network/public/mojom/socket_broker.mojom"; |
| import "services/network/public/mojom/ssl_config.mojom"; |
| import "services/network/public/mojom/storage_access_api.mojom"; |
| import "services/network/public/mojom/tcp_socket.mojom"; |
| import "services/network/public/mojom/transferable_directory.mojom"; |
| import "services/network/public/mojom/trust_token_access_observer.mojom"; |
| import "services/network/public/mojom/trust_tokens.mojom"; |
| import "services/network/public/mojom/udp_socket.mojom"; |
| import "services/network/public/mojom/url_loader.mojom"; |
| import "services/network/public/mojom/url_loader_factory.mojom"; |
| import "services/network/public/mojom/url_loader_network_service_observer.mojom"; |
| import "services/network/public/mojom/url_request.mojom"; |
| import "services/network/public/mojom/url_response_head.mojom"; |
| import "services/network/public/mojom/web_transport.mojom"; |
| import "services/network/public/mojom/websocket.mojom"; |
| import "services/proxy_resolver/public/mojom/proxy_resolver.mojom"; |
| import "url/mojom/origin.mojom"; |
| import "url/mojom/url.mojom"; |
| |
| [EnableIf=is_chromeos] |
| import "services/network/public/mojom/dhcp_wpad_url_client.mojom"; |
| |
| [EnableIf=is_p2p_enabled] |
| import "services/network/public/mojom/p2p.mojom"; |
| |
| [EnableIf=is_p2p_enabled] |
| import "services/network/public/mojom/p2p_trusted.mojom"; |
| |
| [EnableIf=is_win] |
| import "services/proxy_resolver_win/public/mojom/proxy_resolver_win.mojom"; |
| |
| const uint32 kWebSocketOptionNone = 0; |
| |
| // Disallow the request from sending cookies. Disallow the response from writing |
| // cookies. |
| const uint32 kWebSocketOptionBlockAllCookies = 1; |
| |
| // Similar to |kWebSocketOptionBlockAllCookies|, but only for third party |
| // cookies. |
| const uint32 kWebSocketOptionBlockThirdPartyCookies = 2; |
| |
| // The browser can provide a CustomProxyConfig to a CustomProxyConfigClient |
| // running in the network service. The network service will use the given proxy |
| // configuration if a request matches the proxy rules and all the other |
| // criteria contained within it. |
| struct CustomProxyConfig { |
| // The custom proxy rules to use. Note that ftp:// requests are not |
| // supported. |
| ProxyRules rules; |
| |
| // Whether the custom proxy config should override other sources of proxy |
| // configuration. If false, the custom config is ignored if a proxy is set in |
| // the operating system, for example. |
| bool should_override_existing_config = false; |
| |
| // Whether the custom proxy config should apply to requests using |
| // non-idempotent methods. Can be true if the proxy is known to handle this |
| // case properly. |
| bool allow_non_idempotent_methods = false; |
| |
| // For tunneled requests (https://, ws://, wss://), these headers are added |
| // to the CONNECT request. Headers here will overwrite matching headers on |
| // the CONNECT request if a custom proxy is used. |
| HttpRequestHeaders connect_tunnel_headers; |
| }; |
| |
| // Observer of custom proxy connections, especially for when errors occur. |
| interface CustomProxyConnectionObserver { |
| // Called when use of |bad_proxy| fails due to |net_error|. |net_error| is the |
| // network error encountered, if any, and OK if the fallback was for a reason |
| // other than a network error (e.g. the proxy service was explicitly directed |
| // to skip a proxy). |
| OnFallback(ProxyChain bad_chain, int32 net_error); |
| |
| // Called when the response headers for the proxy tunnel request have been |
| // received. |
| OnTunnelHeadersReceived(ProxyChain proxy_chain, |
| uint64 chain_index, |
| HttpResponseHeaders response_headers); |
| }; |
| |
| // Includes a pipe to a CertVerifierService for usage by the |
| // NetworkContext. |
| struct CertVerifierServiceRemoteParams { |
| // A pipe to the CertVerifierService. |
| pending_remote<cert_verifier.mojom.CertVerifierService>? |
| cert_verifier_service; |
| |
| // Receives notifications of changes to the CertVerifier. |
| pending_receiver<cert_verifier.mojom.CertVerifierServiceClient>? |
| cert_verifier_service_client_receiver; |
| }; |
| |
| // Client to update the custom proxy config. |
| interface CustomProxyConfigClient { |
| OnCustomProxyConfigUpdated(CustomProxyConfig proxy_config) => (); |
| }; |
| |
| // Sent by TrustedURLLoaderHeaderClient to perform modifications for a request. |
| interface TrustedHeaderClient { |
| // Allows modifying request headers before the request is sent. |
| OnBeforeSendHeaders(HttpRequestHeaders headers) |
| => (int32 result, HttpRequestHeaders? headers); |
| |
| // Allows modifying response headers, including sensitive headers such as |
| // set-cookie. This should only be used from a trusted process. |
| // If |preserve_fragment_on_redirect_url| is null, then when the headers |
| // indicate a redirect, URL fragments will be handled the standard way: the |
| // fragment of the original URL will be copied to the new URL, unless the |
| // new URL has a fragment, in which case the new URL's fragment will be |
| // used. If |preserve_fragment_on_redirect_url| is populated, and the |
| // request is redirected to exactly that URL, then the fragment of the |
| // original URL will not be copied to the redirect target URL. |
| OnHeadersReceived(string headers, IPEndPoint remote_endpoint) |
| => (int32 result, |
| string? headers, |
| url.mojom.Url? preserve_fragment_on_redirect_url); |
| }; |
| |
| // Interface to allow modifying the full request and response headers. This |
| // interface exposes sensitive headers such as set-cookie, so should only be |
| // sent to trusted processes. |
| interface TrustedURLLoaderHeaderClient { |
| // When a new URLLoader is created, this will be called to pass a |
| // corresponding |header_client|. |
| OnLoaderCreated( |
| int32 request_id, pending_receiver<TrustedHeaderClient> header_client); |
| |
| // When a new URLLoader is created for a CORS preflight request, this will |
| // be called to pass a corresponding |header_client|. |
| OnLoaderForCorsPreflightCreated( |
| URLRequest request, |
| pending_receiver<TrustedHeaderClient> header_client); |
| }; |
| |
| struct HttpAuthStaticNetworkContextParams { |
| // Whether authentication APIs that support fallback to the default account |
| // on the system can be used without specifying an account. |
| DefaultCredentials allow_default_credentials = |
| DefaultCredentials.ALLOW_DEFAULT_CREDENTIALS; |
| }; |
| |
| [EnableIf=is_ct_supported] |
| struct CTPolicy { |
| array<string> excluded_hosts; |
| array<string> excluded_spkis; |
| }; |
| |
| struct NetworkContextFilePaths { |
| // Points to the shared dictionary directory containing the sqlite database |
| // file named "db" for metadata and the disk cache directory named "cache". |
| // This field is used only when `shared_dictionary_enabled` field is set to |
| // true. If this field is empty, shared dictionaries will be stored in-memory |
| // only. |
| TransferableDirectory? shared_dictionary_directory; |
| |
| // Points to the HTTP cache directory. Ignored if the cache is disabled. |
| // If null and the cache is enabled, an in-memory database is used. |
| TransferableDirectory? http_cache_directory; |
| |
| // Points to a path that contains all the network service files and databases |
| // as listed below. If this network context is running inside a sandboxed |
| // network service, then this path should contain no other sensitive data |
| // since the sandboxed network service will have full access to this path. |
| // This should be a different path for each different network context running |
| // inside the network service. |
| TransferableDirectory data_directory; |
| |
| // Points to a path that might contain existing network service data files and |
| // databases from network contexts created with the same `data_directory`. |
| // This parameter must be specified if `trigger_migration` is set to true. |
| // Once migration has been successful (see below), data is no longer read from |
| // this path. Data could continue to be read from this path if migration |
| // fails, or if `trigger_migration` has never been set to true. |
| // If this parameter is specified then the sandbox will be granted access to |
| // the `data_directory` specified above. |
| // This parameter, along with `trigger_migration` parameter below will be |
| // removed in the future, once migration of network context data to the new |
| // `data_directory` has been completed. At this point the sandbox will be |
| // granted access to `data_directory` unconditionally. |
| mojo_base.mojom.FilePath? unsandboxed_data_path; |
| |
| // Points to the cookie database file name inside `data_directory`. An |
| // in-memory cookie store is used if it's empty, or if `data_directory` is |
| // empty. |
| mojo_base.mojom.FilePath? cookie_database_name; |
| |
| // Points to the device bound sessions database file name inside |
| // `data_directory`. An in-memory store is used if it's empty, or if |
| // `data_directory` is empty. |
| mojo_base.mojom.FilePath? device_bound_sessions_database_name; |
| |
| // Points to the Trust Token database file name inside `data_directory`. An |
| // in-memory trust token store is used if it's empty, or if `data_directory` |
| // is empty, or (through a fallback in the initialization logic; see |
| // SQLiteTrustTokenPersister's comments) if initialization fails. |
| // |
| // Initializing the on-disk database takes place asynchronously, so requests |
| // near startup may not support Trust Tokens protocol operations. |
| mojo_base.mojom.FilePath? trust_token_database_name; |
| |
| // The name of the file to store cached server properties (Like HTTP2 and QUIC |
| // support) inside `data_directory`. This information is used as a performance |
| // optimization in connection logic. If empty, or if `data_directory` is |
| // empty, an in-memory cache will be used instead. |
| mojo_base.mojom.FilePath? http_server_properties_file_name; |
| |
| // The name of the file to store cached transport security properties (like |
| // HSTS) inside `data_directory`. If empty, or `data_directory` is empty, or |
| // the file can't be opened, an in-memory store will be used instead. |
| mojo_base.mojom.FilePath? transport_security_persister_file_name; |
| |
| // Points to a sqlite database contained within `data_directory` containing |
| // persisted Reporting clients and NEL policies. If Reporting and NEL |
| // persistence is disabled, then this field is ignored. If this field is |
| // empty, or `data_directory` is empty, then persistence will be disabled |
| // regardless. This field should not be used if the ENABLE_REPORTING build |
| // flag is false. |
| mojo_base.mojom.FilePath? reporting_and_nel_store_database_name; |
| |
| // The name of the file to store pending SCT auditing reports inside |
| // `data_directory`. If empty, or `data_directory` is empty, or the file can't |
| // be opened, pending reports will instead be stored in-memory only. |
| mojo_base.mojom.FilePath? sct_auditing_pending_reports_file_name; |
| |
| // Specifies whether or not a migration of existing data should occur from |
| // `unsandboxed_data_path` to `data_directory`. It is not valid to set this |
| // to true if an `unsandboxed_data_path` is not specified. |
| // If the migration is successful then network context data will operate from |
| // `data_directory`, and the old data will be removed from |
| // `unsandboxed_data_path`. |
| // If migration is unsuccessful then data will continue to operate from |
| // `unsandboxed_data_path` and migration will be re-attempted the next time |
| // `trigger_migration` is set to true. |
| // Since migration is a one-way operation, setting `trigger_migration` to |
| // false does not move the data back to `unsandboxed_data_path`. The network |
| // context data will be read from `data_directory` or `unsandboxed_data_path` |
| // depending on whether a migration has successfully occurred previously. |
| // This parameter, along with `unsandboxed_data_path` parameter above will be |
| // removed in the future, once migration of network context data to the new |
| // `data_directory` has been completed. At this point the sandbox will be |
| // granted access to `data_directory` unconditionally. |
| bool trigger_migration = false; |
| }; |
| |
| // Socket brokers used by the ClientSocketFactory for client sockets and |
| // SocketFactory for server sockets. |
| [EnableIf=is_win] |
| struct SocketBrokerRemotes { |
| pending_remote<SocketBroker> client; |
| pending_remote<SocketBroker> server; |
| }; |
| |
| // Parameters for constructing a network context. |
| struct NetworkContextParams { |
| // The user agent string. |
| string user_agent; |
| |
| // String to send as the Accept-Language header. This can be changed later |
| // by calling SetAcceptLanguage on the NetworkContext. If empty, the header |
| // will not be added. |
| string accept_language; |
| |
| // Whether Brotli content-encoding should be enabled for HTTPS responses. |
| bool enable_brotli = true; |
| |
| // Whether Zstd content-encoding should be enabled for HTTPS responses. |
| bool enable_zstd = false; |
| |
| // If false, the referrer of requests is never populated. |
| bool enable_referrers = true; |
| |
| // If true, requests initiated with referrers that don't match their referrer |
| // policy will fail. |
| bool validate_referrer_policy_on_initial_request = true; |
| |
| // Handles PAC script execution. If not populated, will attempt to use |
| // platform implementation to execute PAC scripts, if available (Only |
| // available on Windows and Mac). |
| pending_remote<proxy_resolver.mojom.ProxyResolverFactory>? |
| proxy_resolver_factory; |
| |
| // Handles all proxy resolution logic if the current proxy config comes from |
| // the operating system. Otherwise, or if this is not populated, proxy |
| // resolution is handled by Chrome as normal. |
| [EnableIf=is_win] |
| pending_remote<proxy_resolver_win.mojom.WindowsSystemProxyResolver>? |
| windows_system_proxy_resolver; |
| |
| // Retrieves the PAC script URL set via DHCP from the browser process. Only |
| // used if |proxy_resolver_factory| is set. Note: optional because some tests |
| // build their own NetworkContextParams and don't need a DHCP WPAD client. |
| [EnableIf=is_chromeos] |
| pending_remote<DhcpWpadUrlClient>? dhcp_wpad_url_client; |
| |
| // If true, cookies will be stored encrypted. |
| bool enable_encrypted_cookies = true; |
| |
| // If the cookie file is given, this controls whether previously written |
| // session cookies are restored. Otherwise it should be false. |
| bool restore_old_session_cookies = false; |
| |
| // If the cookie file is given, this controls whether to persist session |
| // cookies. Otherwise it should be false. |
| bool persist_session_cookies = false; |
| |
| // True if an HTTP cache should be used. |
| bool http_cache_enabled = true; |
| // Maximum size of the HTTP cache. 0 means to use the default size. |
| // Ignored if the cache is disabled. |
| int32 http_cache_max_size = 0; |
| |
| // A factory to broker file operations needed for the HTTP cache on some |
| // platforms (depending on the sandboxing mechanism the platform provides). |
| pending_remote<HttpCacheBackendFileOperationsFactory>? |
| http_cache_file_operations_factory; |
| |
| // Enabled protocols. Note that these apply to all fetches, including those |
| // used to fetch PAC scripts. Note that currently data URLs are always enabled |
| // and file URLs are always disabled. |
| |
| // Whether or not to check the Android platform's cleartext policy for |
| // requests. Under some conditions, Android may advise us to block cleartext |
| // traffic. |
| [EnableIf=is_android] |
| bool check_clear_text_permitted = false; |
| |
| // If true, idle sockets won't be closed when memory pressure happens. |
| bool disable_idle_sockets_close_on_memory_pressure = false; |
| |
| // SSL configuration. |initial_proxy_config| is the initial SSL configuration |
| // to use. If nullptr, uses the default configuration. Updated SSL |
| // configurations can be passed in via |ssl_config_client_receiver|. |
| SSLConfig? initial_ssl_config; |
| pending_receiver<SSLConfigClient>? ssl_config_client_receiver; |
| |
| // Proxy configuration. If |initial_proxy_config| is set, it's the initial |
| // proxy configuration. Updated proxy configuration can be passed in via |
| // |proxy_config_client_request|. If |initial_proxy_config| is not set, |
| // proxy lookups will be deferred until a configuration is received via |
| // |proxy_config_client_request|. |
| // |
| // If both are null, the NetworkContext will not use a proxy. |
| ProxyConfigWithAnnotation? initial_proxy_config; |
| pending_receiver<ProxyConfigClient>? proxy_config_client_receiver; |
| |
| // If |custom_proxy_config_client_receiver| is set, this context will listen |
| // for updates to the custom proxy config, and use it if applicable for URL |
| // requests. |
| // |initial_custom_proxy_config| is the initial config settings. |
| CustomProxyConfig? initial_custom_proxy_config; |
| pending_receiver<CustomProxyConfigClient>? |
| custom_proxy_config_client_receiver; |
| |
| // If |initial_custom_proxy_config| or |custom_proxy_config_client_receiver| |
| // is set, information about custom proxy connections will be reported to this |
| // observer. |
| pending_remote<CustomProxyConnectionObserver>? |
| custom_proxy_connection_observer_remote; |
| |
| // If |proxy_config_client_request| is non-null, this is called during |
| // periods of network activity, and can be used as a signal for polling-based |
| // logic to determine the proxy config. |
| // |
| // TODO(mmenke): Can the consumer piggy back on other network events through |
| // other channels (navigation, issuing requests, etc)? Or can |
| // ProxyConfigServices be modified not to need this notification? |
| pending_remote<ProxyConfigPollerClient>? proxy_config_poller_client; |
| |
| // Optional client that will be notified of errors related to the proxy |
| // settings. |
| pending_remote<ProxyErrorClient>? proxy_error_client; |
| |
| // Broker used by the network service sandbox to create sockets in |
| // the browser. Set when the sandbox is enabled on Windows. |
| [EnableIf=is_win] |
| SocketBrokerRemotes? socket_brokers; |
| |
| // A service to fetch blind-signed auth tokens and proxy configuration info |
| // for IP protection. If this is not set, then either this NetworkContext |
| // doesn't have its traffic proxied by IP Protection or the feature has been |
| // disabled (and can't be re-enabled until the browser is restarted). |
| pending_remote<ip_protection.mojom.CoreHost>? ip_protection_core_host; |
| |
| // A receiver for sending notifications from the browser process to the IP |
| // Protection business logic in the network service. This is set in the same |
| // cases as `ip_protection_core_host`. |
| pending_receiver<ip_protection.mojom.CoreControl>? ip_protection_control; |
| |
| // Whether the IP Protection feature is enabled at the time the NetworkContext |
| // is created. This setting can change via the |
| // `SetIpProtectionEnabled` method of the `IpProtectionControl` interface. |
| bool enable_ip_protection = false; |
| |
| // When PAC quick checking is enabled, DNS lookups for PAC script's host are |
| // timed out aggressively. This prevents hanging all network request on DNS |
| // lookups that are slow or are blockholed, at the cost of making it more |
| // likely that the network service erroneously fails to fetch a PAC file. |
| bool pac_quick_check_enabled = true; |
| |
| // Enables reporting certain SSL errors, such as HTTP Public Key Pinning, to |
| // servers, so they can discover misconfigurations. |
| bool enable_certificate_reporting = false; |
| |
| // True if the "Certificate Transparency in Chrome" policy (see |
| // https://github.com/chromium/ct-policy/blob/master/ct_policy.md) should |
| // be enforced for certificates and connections. |
| // |
| // See //net/docs/certificate-transparency.md before setting this flag to |
| // true. |
| [EnableIf=is_ct_supported] |
| bool enforce_chrome_ct_policy = false; |
| |
| // The SCT auditing mode. SCT auditing sends reports for SCTs found in |
| // connections made by this network context. Can also be dynamically |
| // configured via NetworkContext::SetSCTAuditingMode(). |
| [EnableIf=is_ct_supported] |
| SCTAuditingMode sct_auditing_mode = SCTAuditingMode.kDisabled; |
| |
| // The initial CT policy to be used for requests. See |
| // NetworkContext.SetCTPolicy() for more. |
| [EnableIf=is_ct_supported] |
| CTPolicy? ct_policy; |
| |
| // Contains a pipe to a CertVerifierService. |
| CertVerifierServiceRemoteParams cert_verifier_params; |
| |
| // Parameters for constructing the cookie manager. |
| CookieManagerParams? cookie_manager_params; |
| |
| // Binds to the cookie manager associated with this network context, which |
| // should only be handed out to trusted processes. |
| [EnableIf=is_android] |
| pending_receiver<CookieManager>? cookie_manager; |
| |
| // Whether to enable Domain Reliability. |
| bool enable_domain_reliability = false; |
| |
| // The uploader reporter name to use for Domain Reliability uploads. |
| string domain_reliability_upload_reporter; |
| |
| // Whether to discard Domain Reliability uploads. |
| bool discard_domain_reliablity_uploads = false; |
| |
| // When reporting is enabled, this sets the delay between sending reports. |
| // When omitted a default value is used. |
| mojo_base.mojom.TimeDelta? reporting_delivery_interval; |
| |
| // Whether to bypass the ordinary permission checks for sending reports, |
| // rather than calling NetworkContextClient.OnCanSendReportingReports() to |
| // decide. This should only be used by tests. |
| bool skip_reporting_send_permission_check = false; |
| |
| // Specifies the initial set of allowed and blocked origins for the |
| // URLLoaderFactory consumers to access beyond the same-origin-policy. |
| array<CorsOriginAccessPatterns> cors_origin_access_list; |
| |
| // Specifies header keys that are allowed to be used in |
| // network::url_request.cors_exempt_headers. |
| array<string> cors_exempt_header_list; |
| |
| // If true, no checking of cors exempt headers (from the browser) are done. |
| // If false, cors_exempt_headers are checked against |
| // |cors_exempt_header_list|. |
| bool allow_any_cors_exempt_header_for_browser = false; |
| |
| // List of single-label hostnames that are exempted from the HSTS upgrade |
| // policy. |
| array<string> hsts_policy_bypass_list; |
| |
| // The params are network context specific which will be merged with |
| // the dynamic preference from NetworkService side, to populate |
| // HttpAuthPreference. |
| HttpAuthStaticNetworkContextParams? http_auth_static_network_context_params; |
| |
| // Indicates that the HttpCache back-end should be reset (e.g. when a Finch |
| // experiment changes the cache key representation via NetworkIsolationKey). |
| // A reset throws out all existing cache content when loading the cache, |
| // effectively starting with an empty cache. |
| bool reset_http_cache_backend = false; |
| |
| // See comments on NetworkContext.SetSplitAuthCacheByNetworkAnonymizationKey. |
| bool split_auth_cache_by_network_anonymization_key = false; |
| |
| // If true, all requests that can take a NetworkAnonymizationKey |
| // or IsolationInfo must be given a non-empty one. |
| bool require_network_anonymization_key = false; |
| |
| // If true, then the correct permissions have been set on the network service |
| // files and sandbox can be enabled for this network context. |
| [EnableIf=win_permissions_validation] |
| bool win_permissions_set = false; |
| |
| // The paths to data files used by this network context, except for the disk |
| // cache which is specified by the `http_cache_directory` parameter. |
| // If empty then persistent storage for all of the files within this |
| // parameter will be disabled for the network context and some data may be |
| // stored in memory or disabled. See the above definition of each inner field |
| // for details of these behaviors. |
| NetworkContextFilePaths? file_paths; |
| |
| // Is true, Trust Token operations should be blocked. |
| bool block_trust_tokens; |
| |
| // Whether "Compression dictionary transport" feature should be enabled. |
| bool shared_dictionary_enabled = false; |
| |
| // Maximum size of the shared dictionary cache. If this value is 0, the max |
| // size will be propagated via SetSharedDictionaryCacheMaxSize message. |
| // Ignored if `shared_dictionary_enabled` field is false. |
| uint64 shared_dictionary_cache_max_size = 0; |
| |
| // Parameters for constructing the FirstPartySetsAccessDelegate. |
| // |first_party_sets_access_delegate_params| is the initial configuration to |
| // use. If nullptr, uses the default configuration. Updated configurations |
| // can be passed in via |first_party_sets_access_delegate_receiver|. |
| FirstPartySetsAccessDelegateParams? first_party_sets_access_delegate_params; |
| pending_receiver<FirstPartySetsAccessDelegate>? |
| first_party_sets_access_delegate_receiver; |
| |
| // TODO(crbug.com/40777535): This flag is intended to be temporary and to be |
| // removed (always enabled) in the future. |
| bool acam_preflight_spec_conformant = true; |
| |
| // To support 3PCD experimentation, a per-partition `cookie_deprecation_label` |
| // will be sent to developers who opt-in to receiving it. This enables server |
| // side opt-in to testing without cookies. See: |
| // https://developer.chrome.com/en/docs/privacy-sandbox/chrome-testing/#mode-a |
| // A non defined value indicates that the 3PCD experimentation feature is |
| // disabled for this client or that the profile is guest or incognito. |
| // A defined and non-empty value indicates that the 3PCD experiment feature is |
| // enabled, the client is eligible to it and the profile is not guest or |
| // incognito. |
| // A defined but empty value indicates that the 3PCD experimentation feature |
| // is enabled for the client but the client is not eligible for it or the |
| // label value defined by the experiment is empty. |
| string? cookie_deprecation_label; |
| |
| // Sets the cookie encryption provider to be used by this network context if |
| // `enable_encrypted_cookies` is also enabled. |
| // If both are set then the `GetEncryptor` method on the supplied |
| // `cookie_encryption_provider` is called to obtain a valid set of keys for |
| // cookie encryption. |
| pending_remote<CookieEncryptionProvider>? cookie_encryption_provider; |
| |
| // Enables Device Bound Session Credential for this network context. |
| bool device_bound_sessions_enabled = false; |
| |
| // Represents a net::handles::NetworkHandle. |
| // If != net::handles::kInvalidNetworkHandle (== -1), then the NetworkContext |
| // built out of this will own a URLRequestContext bound to that network (refer |
| // to net::UrlRequestContextBuilder::bindToNetwork documentation). This |
| // effectively means that URLLoaderFactories, returned by the NetworkContext |
| // created out of this, will perform all network request using only |
| // |bound_network|. |
| int64 bound_network = -1; |
| |
| // Stores mapping of endpoint name to endpoint url from initial reporting |
| // endpoints set by the ReportingEndpoints enterprise policy. |
| map<string, url.mojom.Url>? enterprise_reporting_endpoints; |
| }; |
| |
| struct NetworkConditions { |
| // If set, the offline state is simulated and other fields are ignored. |
| bool offline; |
| |
| // Channel round-trip latency, i.e. minimum time between request sent and |
| // response received. |
| mojo_base.mojom.TimeDelta latency; |
| |
| // Maximal aggregated download throughput (bytes/sec). <=0 disables download |
| // throttling. |
| double download_throughput; |
| |
| // Maximal aggregated upload throughput (bytes/sec). <=0 disables upload |
| // throttling. |
| double upload_throughput; |
| |
| // Packet loss for WebRTC connections (percent, 0 to 100).<= 0 disables |
| // packet loss. |
| double packet_loss; |
| |
| // Packet queue length for WebRTC connections (packet count). <=0 allows for |
| // an infinite queue. |
| int32 packet_queue_length; |
| |
| // Allow packet reordering for WebRTC connections. |
| bool packet_reordering; |
| }; |
| |
| // Represents a shared dictionary. |
| // Spec: |
| // https://datatracker.ietf.org/doc/draft-ietf-httpbis-compression-dictionary/ |
| struct SharedDictionaryInfo { |
| // The "match" value of the Use-As-Dictionary header. |
| string match; |
| // The "match-dest" value of the Use-As-Dictionary header. |
| array<RequestDestination> match_dest; |
| // The "id" value of the Use-As-Dictionary header. |
| string id; |
| // The URL of the dictionary. |
| url.mojom.Url dictionary_url; |
| // The time when Chrome fetched the dictionary. |
| mojo_base.mojom.Time last_fetch_time; |
| // The time when Chrome received the dictionary. |
| mojo_base.mojom.Time response_time; |
| // The time when this dictionary will be unusable. |
| mojo_base.mojom.TimeDelta expiration; |
| // The time when this dictionary was used in the last time. |
| mojo_base.mojom.Time last_used_time; |
| // The size of the dictionary binary. |
| uint64 size; |
| // The SHA256 hash of the dictionary binary. |
| SHA256HashValue hash; |
| }; |
| |
| // An opaque handle that keeps preloaded the preloaded shared dictionaries. |
| interface PreloadedSharedDictionaryInfoHandle {}; |
| |
| // Represents a signed exchange report. |
| // Spec: https://wicg.github.io/webpackage/loading.html#queue-report |
| struct SignedExchangeReport { |
| bool success; |
| string type; |
| url.mojom.Url outer_url; |
| url.mojom.Url inner_url; |
| url.mojom.Url cert_url; |
| string referrer; |
| IPAddress server_ip_address; |
| string protocol; |
| string method; |
| int32 status_code; |
| mojo_base.mojom.TimeDelta elapsed_time; |
| }; |
| |
| const int32 kBrowserProcessId = 0; |
| |
| const int32 kInvalidProcessId = -1; |
| |
| // URLLoaderFactory made by the network service consists of two layers of |
| // factories, the "internal" one that directly talks to the //net layer, and |
| // the "outer" one (which is also called CorsURLLoader) that enforces necessary |
| // security features such as CORS. |
| // |
| // This struct can be used to specify an alternative "internal" |
| // URLLoaderFactory so that the requests can still go through the "outer" one |
| // for security features, but then they are routed to the alternative |
| // |overriding_factory| rather than the one that talks to //net, which is also |
| // exposed to the consumer as |overridden_factory_receiver|. |
| // |
| // |overridden_factory_receiver| is useful when the receiver of |
| // |overriding_factory|| wants to decide which (of the "internal", or the |
| // "alternative" one) URLLoaderFactory to use on a per-request basis. |
| struct URLLoaderFactoryOverride { |
| // This factory replaces the "internal" factory. |
| pending_remote<URLLoaderFactory> overriding_factory; |
| |
| // A receiver for the replaced "internal" URLLoaderFactory. |
| pending_receiver<URLLoaderFactory>? overridden_factory_receiver; |
| |
| // Specifies if we should accept unknown schemes for CORS-enabled requests |
| // so that the |overriding_factory| can provide content for custom schemes. |
| bool skip_cors_enabled_scheme_check = false; |
| }; |
| |
| // Type for verdict on whether to forbid a Trust Tokens operation, based on |
| // permissions policy of the relevant context. |
| // (https://github.com/wicg/trust-token-api). |
| // |
| // kForbid is for requests from subframes with the underlying operation's |
| // Permissions Policy feature disabled by (1) policies inherited from their |
| // parents, or (2) the frames' iframe tag attributes. |
| // |
| // Note: Response headers can also disable a Trust Token operation Permissions |
| // Policy feature. This will not necessarily be reflected in the the enum's |
| // value. The response headers' value is only available from an untrusted |
| // source. |
| // - If the renderer behaves correctly, renderer-side checks guarantee that |
| // these operations will not be executed in frames with the policy disabled |
| // via response headers. |
| // - If the renderer doesn't behave correctly, there's no point in |
| // propagating the renderer's untrusted report about the response headers' |
| // value. |
| enum TrustTokenOperationPolicyVerdict { |
| kForbid, |
| kPotentiallyPermit, |
| }; |
| |
| [EnableIf=is_ct_supported] |
| enum SCTAuditingMode { |
| // SCT auditing is completely disabled. |
| kDisabled, |
| |
| // The user has opted-in to ESBR, so sampled SCTs are sent to Google. |
| kEnhancedSafeBrowsingReporting, |
| |
| // The user is not opted-in to ESBR, and hashdance auditing is enabled. |
| // Perform a k-anonymous prefix query for sampled SCTs, and upload only if the |
| // SCT is not present in a log. |
| kHashdance, |
| }; |
| |
| struct URLLoaderFactoryParams { |
| // Process that will be using the URLLoaderFactory to initiate HTTP requests. |
| // (This is *not* necessarily the same process that creates the factory, |
| // since only the Browser process should be able to call |
| // NetworkContext::CreateURLLoaderFactory.) |
| // |
| // Set to kBrowserProcessId to indicate the browser process. |
| // SECURITY NOTE: Factories with kBrowserProcessId should not be sent |
| // to untrustworthy processes. |
| // |
| // Set to RenderProcessHost::GetDeprecatedID() to indicate a renderer |
| // process. |
| // SECURITY NOTE: Factories should not be shared among multiple renderer |
| // processes (e.g. |request_initiator_origin_lock| is specific to a single |
| // renderer process). |
| int32 process_id = kInvalidProcessId; |
| |
| // If specified, then |request_initiator_origin_lock| locks |
| // |ResourceRequest::request_initiator| to the specified origin. |
| // |
| // SECURITY NOTE: |request_initiator_origin_lock| should be present in all |
| // factories that may be vended to a Renderer process. |
| // |request_initiator_origin_lock| may be missing only in factories used by |
| // the Browser process. |
| url.mojom.Origin? request_initiator_origin_lock; |
| |
| // Opaque Response Blocking (ORB) configuration. |
| bool is_orb_enabled = true; |
| |
| // Whether |isolated_world_origin| from network::ResourceRequest should be |
| // ignored. Set |ignore_isolated_world_origin| to |false| to allow isolated |
| // worlds to bypass CORS security checks via OriginAccessList. |
| // |
| // TODO(crbug.com/40137011): Remove the `ignore_isolated_world_origin` |
| // field once Chrome Platform Apps are gone. |
| bool ignore_isolated_world_origin = true; |
| |
| // Indicate whether a request is not from web page ( probably from chrome |
| // extension background page ). |
| bool unsafe_non_webby_initiator = false; |
| |
| // If `true`, this factory is being created for a context that isn't |
| // considered to be of the web. "Site"-based features, like Fetch |
| // Metadata's `Sec-Fetch-Site` header will treat all requests from |
| // this factory as initiated by the user agent itself, not from any |
| // particular page. |
| bool disable_web_security = false; |
| |
| // If this is set, requests with the kURLLoadOptionUseHeaderClient option will |
| // callback to the |header_client|, allowing the Cookie/Referrer request |
| // headers and Cookie response headers to be modified. This has a performance |
| // impact because of the extra process hops, so use should be minimized. |
| pending_remote<TrustedURLLoaderHeaderClient>? header_client; |
| |
| // Information used restrict access to identity information (like SameSite |
| // cookies) and to shard network resources, like the cache. If set, takes |
| // precedence over ResourceRequest::TrustedParams::IsolationInfo field |
| // of individual requests. |
| IsolationInfo isolation_info; |
| |
| // Whether secure DNS should be disabled for requests. |
| bool disable_secure_dns = false; |
| |
| // True if this is for exclusive use by a trusted consumer. Only trusted |
| // consumers can issue requests with ResourceRequest::trusted_params |
| // populated. |
| bool is_trusted = false; |
| |
| // If true, a cookie-less IsolationInfo is automatically assigned to |
| // URLLoaders based on the URL being requested. The IsolaitonInfo will |
| // have an empty SiteForCookies. If this is true, |isolation_info| must be |
| // null. ResourceRequest::TrustedParams::IsolationInfo, if non-empty, will |
| // take precedence over automatically assigning an IsolationInfo. |
| bool automatically_assign_isolation_info = false; |
| |
| // An identifier for toplevel frame. This is used for resource accounting |
| // for keepalive requests. When this factory is for a dedicated worker, |
| // the identifier for the toplevel frame of the ancestor's frame is given. |
| // When this factory is for a shared/service worker, null is given. |
| mojo_base.mojom.UnguessableToken? top_frame_id; |
| |
| // Replaces the "internal" factory used by security features such as CORS. |
| URLLoaderFactoryOverride? factory_override; |
| |
| // Used to enforce security properties on the requests loaded by the |
| // URLLoader based on the Fetch client state. |
| ClientSecurityState? client_security_state; |
| |
| // Used to report CORP violations caused by COEP. |
| pending_remote<CrossOriginEmbedderPolicyReporter>? coep_reporter; |
| |
| // Used to report CORP violations caused by DocumentIsolationPolicy. |
| pending_remote<DocumentIsolationPolicyReporter>? dip_reporter; |
| |
| // Used to notify clients about cookie reads or writes. |
| pending_remote<CookieAccessObserver>? cookie_observer; |
| |
| // Used to notify clients about Trust Token accesses. |
| pending_remote<TrustTokenAccessObserver>? trust_token_observer; |
| |
| // Used to notify clients about shared dictionary reads or writes. |
| pending_remote<SharedDictionaryAccessObserver>? shared_dictionary_observer; |
| |
| // Used to notify clients about authentication and certificate events. |
| pending_remote<URLLoaderNetworkServiceObserver>? url_loader_network_observer; |
| |
| // Used to notify devtools about events. |
| pending_remote<DevToolsObserver>? devtools_observer; |
| |
| // Used to notify about usages of device bound sessions. |
| pending_remote<DeviceBoundSessionAccessObserver>? |
| device_bound_session_observer; |
| |
| // If this equals kForbid, the context to which this loader is bound does not |
| // allow Trust Tokens (https://github.com/wicg/trust-token-api) issuance |
| // operation. |
| // |
| // TODO(crbug.com/40126948): Once Permissions Policy headers are available |
| // from a trusted source, it would be good to set this depending on the |
| // headers' values, too. |
| TrustTokenOperationPolicyVerdict trust_token_issuance_policy = |
| kPotentiallyPermit; |
| |
| // If this equals kForbid, the context to which this loader is bound does not |
| // allow any Trust Tokens (https://github.com/wicg/trust-token-api) |
| // redemption or signing operations. |
| // |
| // TODO(crbug.com/40126948): Once Permissions Policy headers are available |
| // from a trusted source, it would be good to set this depending on the |
| // headers' values, too. |
| TrustTokenOperationPolicyVerdict trust_token_redemption_policy = |
| kPotentiallyPermit; |
| |
| // TODO(lukasza): https://crbug.com/1151008: Consider removing this |
| // diagnostic aid once the bug is understood. |
| string debug_tag = ""; |
| |
| // Lists all the cookie setting overrides that should be specified on |
| // each URLRequest. |
| CookieSettingOverrides cookie_setting_overrides; |
| |
| // The cookie setting overrides from devtools, only conditionally applied |
| // on requests from devtools enabled context, i.e. when |
| // `ResourceRequest::devtools_request_id` is present. |
| CookieSettingOverrides devtools_cookie_setting_overrides; |
| |
| // If `require_cross_site_request_for_cookies` is specified, then all |
| // loaded requests must have an empty site_for_cookies to ensure only |
| // SameSite=None cookies can be attached to the request. |
| // For context on usage see: |
| // https://privacycg.github.io/saa-non-cookie-storage/shared-workers.html |
| bool require_cross_site_request_for_cookies = false; |
| }; |
| |
| // Represents a distinct context for making network requests, with its own |
| // storage (e.g. cookies and cache). |
| // |
| // NetworkContext is implemented by the network service. It is a trusted |
| // interface that must not be sent to an untrusted process like a renderer |
| // process. Only the browser process or privileged utilities should have access |
| // to it. |
| // |
| // WARNING: When adding a new entry point function in the NetworkContext to |
| // send a network request, if it is passed the IsolationInfo, either directly |
| // or via one of its resultant keys like NetworkIsolationKey, |
| // NetworkAnonymizationKey etc., or via its container like |
| // `URLRequest.trusted_params`, make sure to check that the nonce in the key is |
| // not revoked via NetworkContext::IsNetworkForNonceAndUrlAllowed() (See |
| // example check in NetworkContext::ResolveHost). If it is, the request should |
| // most likely be abandoned unless it is considered privacy safe, since the |
| // initiating context has revoked access to the network. If the request is |
| // allowed to access the network, please add a comment in the function as to |
| // why network revocation doesn’t apply to that request. More context on |
| // network revocation is in the comment for `RevokeNetworkForNonces()` below. |
| [RequireContext=sandbox.mojom.Context.kPrivilegedUtility] |
| interface NetworkContext { |
| // Sets a client for this network context. |
| SetClient(pending_remote<NetworkContextClient> client); |
| |
| // Creates a new URLLoaderFactory with the given |params|. |
| CreateURLLoaderFactory( |
| pending_receiver<URLLoaderFactory> url_loader_factory, |
| URLLoaderFactoryParams params); |
| |
| // Destroys all URLLoaderFactory bindings, which should then be regenerated. |
| // This should be called if there is a change to the proxies which should be |
| // used on URLLoaders. |
| ResetURLLoaderFactories(); |
| |
| // Uses Oblivious HTTP to indirectly perform the request. Specification at |
| // https://ietf-wg-ohai.github.io/oblivious-http/draft-ietf-ohai-ohttp.html |
| GetViaObliviousHttp(ObliviousHttpRequest request, |
| pending_remote<ObliviousHttpClient> client); |
| |
| // Gets the CookieManager associated with this network context. |
| // |
| // The CookieManager must only be passed to trusted processes. Whenever |
| // possible, a RestrictedCookieManager should be handed out instead. |
| [AllowedContext=sandbox.mojom.Context.kBrowser] |
| GetCookieManager(pending_receiver<CookieManager> cookie_manager); |
| |
| // Gets a RestrictedCookieManager scoped to a given origin, and applying |
| // settings configured on the CookieManager associated with this domain. |
| // |
| // |origin| represents the domain for which the RestrictedCookieManager can |
| // access cookies. It could either be a frame origin when |role| is |
| // RestrictedCookieManagerRole::SCRIPT (a script scoped to a particular |
| // document's frame), or a request origin when |role| is |
| // RestrictedCookieManagerRole::NETWORK (a network request). |
| // |
| // |isolation_info| contains info for SameSite cookie queries. |
| // Must be fully populated. |
| // |
| // If |role| == SCRIPT, this interface can be safely handed out to a process |
| // that is known to represent the given origin, such as a renderer process. |
| GetRestrictedCookieManager( |
| pending_receiver<RestrictedCookieManager> restricted_cookie_manager, |
| RestrictedCookieManagerRole role, |
| url.mojom.Origin origin, |
| IsolationInfo isolation_info, |
| CookieSettingOverrides cookie_setting_overrides, |
| CookieSettingOverrides devtools_cookie_setting_overrides, |
| pending_remote<CookieAccessObserver>? cookie_observer); |
| |
| // Provides a TrustTokenQueryAnswerer scoped to the given top-frame origin |
| // (subsequent calls to its HasTrustTokens(issuer) and |
| // HasRedemptionRecord(issuer) methods will attempt to |
| // associate |issuer| with |top_frame_origin|, in the sense of |
| // TrustTokenStore::SetAssociation, and reject if |top_frame_origin| is |
| // already at its number-of-associated-issuers limit). |
| // |
| // The caller must ensure (enforced by ReportBadMessage) that |
| // |top_frame_origin| is both |
| // (1) potentially trustworthy and |
| // (2) either HTTP or HTTPS. |
| // |
| // The first is a general security requirement; the second is in order to |
| // ensure that the origin has a unique serialization (and, consequently, is |
| // suitable for keying persistent Trust Tokens state). |
| GetTrustTokenQueryAnswerer( |
| pending_receiver<TrustTokenQueryAnswerer> trust_token_query_answerer, |
| url.mojom.Origin top_frame_origin); |
| |
| // Clears persistent Trust Tokens data keyed by the origins in |filter|, and |
| // by origins corresponding to the domains in |filter|. |
| // |
| // A null |filter| indicates that all Trust Tokens data should be cleared. |
| ClearTrustTokenData(ClearDataFilter? filter) => (); |
| |
| // Clears session only Trust Tokens data. Depends on CookieSettings |
| // at determining which data is session only. |
| ClearTrustTokenSessionOnlyData() => (bool any_data_deleted); |
| |
| // Returns the number of signed-but-not-spent Trust Tokens. |
| GetStoredTrustTokenCounts() => (array<StoredTrustTokensForIssuer> tokens); |
| |
| // Returns map of issuer to list of toplevel/last redemption pairs. |
| GetPrivateStateTokenRedemptionRecords() |
| => (map<url.mojom.Origin, array<ToplevelRedemptionRecord>> |
| issuer_redemption_record_map); |
| |
| // Deletes all Trust Tokens issued by |issuer|. |
| // |
| // This method is narrower as ClearTrustTokenData. ClearTrustTokenData |
| // also clears out Redemption Records. |
| DeleteStoredTrustTokens(url.mojom.Origin issuer) |
| => (DeleteStoredTrustTokensStatus status); |
| |
| // Set Trust Token blocking to |block|. |
| SetBlockTrustTokens(bool block); |
| |
| // Clears network objects with implicit URL history information. Data related |
| // to events that happened prior to |start_time| and after |end_time| may be |
| // retained. Only applies to network objects without more specific methods |
| // (Cookies, and the cache have, or will have, their own clearing APIs). This |
| // currently only covers server properties and transport security state. |
| // |
| // The callback will be invoked once the data has been deleted. |
| ClearNetworkingHistoryBetween( |
| mojo_base.mojom.Time start_time, mojo_base.mojom.Time end_time) => (); |
| |
| // Clears content from the HTTP cache. A specific range of time can be |
| // specified with `start_time` and `end_time`. This supports unbounded deletes |
| // in either direction by using null Time values for either argument. |
| // If a non-null |filter| is specified, will clear only entries matching the |
| // filter. |
| ClearHttpCache(mojo_base.mojom.Time start_time, |
| mojo_base.mojom.Time end_time, |
| ClearDataFilter? filter) => (); |
| |
| // Computes the size of cache objects last accessed between |start_time| and |
| // |end_time|. |
| // |
| // If you don't want a lower bound, pass base::Time() for |start_time|. |
| // If you don't want an upper bound, pass base::Time::Max() |
| // |
| // |upper_bound| will be returned as true if the implementation had to |
| // overestimate; this may be as bad as giving the size of the entire cache. |
| // |
| // |size_or_error|, if non-negative, is the result in bytes; and a net error |
| // code if negative. |
| ComputeHttpCacheSize( |
| mojo_base.mojom.Time start_time, mojo_base.mojom.Time end_time) |
| => (bool is_upper_bound, int64 size_or_error); |
| |
| // Notifies the HttpCache of a renderer-level cache hit with `url` |
| // and `http_method`, with the network isolation key `key` and |
| // `include_credentials` used when calculating the corresponding cache |
| // partition. Note that this assumes that the cache hits being recorded are |
| // for resources and not for navigations. |
| // |
| // This is being proxied by the browser because the renderer is unable to |
| // directly interact with NetworkContext. |
| NotifyExternalCacheHit(url.mojom.Url url, |
| string http_method, |
| NetworkIsolationKey key, |
| bool include_credentials); |
| |
| // Clears the host cache. This will affect all NetworkContexts that share the |
| // same HostResolved as the NetworkContext this is called on. |
| // |
| // If a non-null |filter| is specified, will clear only entries for domains |
| // matching the filter. Filtering by origins is not supported. If |filter| is |
| // non-null, |filter.origins| must be empty. |
| ClearHostCache(ClearDataFilter? filter) => (); |
| |
| // Clears all entries from the HTTP Auth cache that were between |start_time| |
| // and |end_time|, with |start_time| being inclusive and |end_time| exclusive. |
| // |
| // If a non-null |filter| is specified, ClearHttpAuthCache will clear only |
| // AuthCache entries for URLs matching the filter. Filtering by both origins |
| // and domains is supported. If |filter| is non-null, you must provide either |
| // |filter.origins| or |filter.domains|, or both to define the filtering. |
| ClearHttpAuthCache(mojo_base.mojom.Time start_time, |
| mojo_base.mojom.Time end_time, |
| ClearDataFilter? filter) => (); |
| |
| // Clears entries from the Preflight Cache according to the specified filter. |
| // Clear browsing history supports time ranges for the last 1hr, 24hr, 7d, 4w, |
| // and all time. |
| // Chrome caps the Access-Control-Max-Age header value for CORS-preflight |
| // responses to 2hrs. |
| // We opted for not to implement time range removal of entries from the |
| // PreflightCache, as it will just serve the 1hr. period. Instead, we always |
| // perform an "all-time" removal. |
| // Clears all entries if |filter| isn't specified |
| ClearCorsPreflightCache(ClearDataFilter? filter) => (); |
| |
| // Clears all report entries from the reporting cache. This has no effect if |
| // the ENABLE_REPORTING build flag is false. |
| // |
| // If a non-null |filter| is specified, will clear only entries matching the |
| // filter. |
| ClearReportingCacheReports(ClearDataFilter? filter) => (); |
| |
| // Clears all client entries from the reporting cache. This has no effect if |
| // the ENABLE_REPORTING build flag is false. |
| // |
| // If a non-null |filter| is specified, will clear only entries matching the |
| // filter. |
| ClearReportingCacheClients(ClearDataFilter? filter) => (); |
| |
| // Clears policy entries from the NetworkErrorLoggingService. This has no |
| // effect if the ENABLE_REPORTING build flag is false. |
| // |
| // If a non-null |filter| is specified, will clear only entries matching the |
| // filter. |
| ClearNetworkErrorLogging(ClearDataFilter? filter) => (); |
| |
| // Mirror of domain_reliability::DomainReliabilityClearMode. |
| enum DomainReliabilityClearMode { |
| CLEAR_CONTEXTS, |
| CLEAR_BEACONS, |
| }; |
| |
| // Clears Domain Reliability entries, specified by |mode|. |
| ClearDomainReliability( |
| ClearDataFilter? filter, DomainReliabilityClearMode mode) => (); |
| |
| // Clears dictionaries from the shared dictionary cache. A specific range of |
| // time can be specified with `start_time` and `end_time`. This supports |
| // unbounded deletes in either direction by using null Time values for either |
| // argument. If a non-null |filter| is specified, will clear only entries |
| // matching the filter. |
| ClearSharedDictionaryCache(mojo_base.mojom.Time start_time, |
| mojo_base.mojom.Time end_time, |
| ClearDataFilter? filter) => (); |
| |
| // Clears dictionaries registered for `isolation_key` from the shared |
| // dictionary cache. |
| ClearSharedDictionaryCacheForIsolationKey( |
| SharedDictionaryIsolationKey isolation_key) => (); |
| |
| // Configures per-resource reporting endpoints set with the |
| // Reporting-Endpoints header. |
| // |reporting_source| is a token which identifies the document or worker with |
| // which the header was received. The endpoints configured by this method are |
| // only used to deliver reports which are queued by that same source. |
| // |isolation_info| is used when creating the endpoints in the ReportingCache |
| // and when determining which credentials to send with uploaded reports. Its |
| // network isolation key will need to match the key sent when reports are |
| // queued, in order for these reporting endpoints to be considered for |
| // delivery, although this should always be the case when reports are queued |
| // by the same source which configured the endpoints. |
| // |endpoints| is a mapping of endpoint name to URL (URLs here are represented |
| // as strings, and will be rejected if they fail to parse or are not secure). |
| // |
| // Spec: https://w3c.github.io/reporting/#header |
| SetDocumentReportingEndpoints( |
| mojo_base.mojom.UnguessableToken reporting_source, |
| url.mojom.Origin origin, |
| IsolationInfo isolation_info, |
| map<string, string> endpoints); |
| |
| // Configures reporting endpoints set by the ReportingEndpoints enterprise |
| // policy. |
| // `endpoints` is a mapping of endpoint name to URL (URLs will be rejected if |
| // they fail to parse or are not secure). |
| SetEnterpriseReportingEndpoints(map<string, url.mojom.Url> endpoints); |
| |
| // Queues any outstanding reports for a single |reporting_source| (which |
| // must not be empty), and removes the reporting endpoint configuration for |
| // that source. This is called when the reporting source (document or worker) |
| // is destroyed. |
| SendReportsAndRemoveSource( |
| mojo_base.mojom.UnguessableToken reporting_source); |
| |
| // Queues a report via the Reporting API. `type` describes the type of report |
| // (as well as what data will contained in `body`). |group| specifies the |
| // endpoint group that the report will be delivered to. `url` indicates the |
| // URL of the resource that the report describes. `body` holds the contents |
| // of the report. |
| // |
| // `reporting_source` and `network_anonymization_key` are used both for |
| // looking up the appropriately scoped reporting information and for sending |
| // the report. `network_anonymization_key` indicates the |
| // NetworkAnonymizationKey associated with the request, while |
| // `reporting_source`, if not empty, identifies the specific document or |
| // worker instance causing the report to be queued. If `reporting_source` is |
| // not empty, then it will be used to look up reporting endpoints set with |
| // the SetDocumentReportingEndpoints method first, and if no matching |
| // endpoint is found, it will fall back to looking up a matching endpoint |
| // group configured for the origin and `network_anonymization_key`. |
| // |
| // Note that this queued report will never be delivered if no reporting |
| // endpoint is registered for this `url` or `reporting_source` with the |
| // provided `network_anonymization_key`. |
| // |
| // Spec: https://w3c.github.io/reporting/#concept-reports |
| QueueReport(string type, |
| string group, |
| url.mojom.Url url, |
| mojo_base.mojom.UnguessableToken? reporting_source, |
| NetworkAnonymizationKey network_anonymization_key, |
| mojo_base.mojom.DictionaryValue body); |
| |
| QueueEnterpriseReport(string type, |
| string group, |
| url.mojom.Url url, |
| mojo_base.mojom.DictionaryValue body); |
| |
| // Queues a signed exchange report. |
| // |
| // Note that this queued report will never be delivered if no reporting |
| // endpoint matching is registered for with the provided |
| // `network_anonymization_key`. |
| QueueSignedExchangeReport(SignedExchangeReport report, |
| NetworkAnonymizationKey network_anonymization_key); |
| |
| // Closes all open connections within this context. |
| CloseAllConnections() => (); |
| |
| // Close all idle connections for the HTTP network session used by |
| // this context. |
| CloseIdleConnections() => (); |
| |
| // Configures network conditions for the specified throttling profile. |
| // The throttling will be applied only to requests that have matching |
| // throttling_profile_id. |
| // Passing null NetworkConditions disables the throttling. |
| SetNetworkConditions(mojo_base.mojom.UnguessableToken throttling_profile_id, |
| NetworkConditions? conditions); |
| |
| // Updates the Accept-Language header to be used for requests. |
| SetAcceptLanguage(string new_accept_language); |
| |
| // If false, the referrer of requests is never populated. |
| SetEnableReferrers(bool enable_referrers); |
| |
| // Updates the CT policy to be used for requests. Only applies if the |
| // NetworkContextParams set enforce_chrome_ct_policy to true. |
| // TODO(rsleevi): Remove this once Chrome-specific policies are moved out |
| // of the network service. |
| [EnableIf=is_ct_supported] |
| SetCTPolicy(CTPolicy ct_policy); |
| |
| // Creates a UDP socket. Caller can supply a |listener| interface pointer |
| // to listen for incoming datagrams. A null |listener| is acceptable if caller |
| // is not interested in incoming data. |
| // Any sockets that are created but are yet to be destroyed will be destroyed |
| // when NetworkContext goes away. |
| CreateUDPSocket(pending_receiver<UDPSocket> receiver, |
| pending_remote<UDPSocketListener>? listener); |
| |
| // Creates a Restricted UDP socket that wraps an internal UDP Socket connected |
| // or bound to |addr| with |params| depending on the provided |mode|. |
| // |
| // The socket created can only be used for the purpose specified in |
| // |traffic_annotation|, and cannot be re-used for other purposes. |
| // |
| // Caller can supply a |listener| interface pointer to listen for incoming |
| // datagrams. A null |listener| is acceptable if caller is not interested in |
| // incoming data. |
| // |
| // On success, the resulting local address will be written to |local_addr_out| |
| // and |result| is net::OK. On failure, |result| is a network error code. |
| // |
| // Any sockets that are created but are yet to be destroyed will be destroyed |
| // when NetworkContext goes away. |
| CreateRestrictedUDPSocket( |
| IPEndPoint addr, |
| RestrictedUDPSocketMode mode, |
| MutableNetworkTrafficAnnotationTag traffic_annotation, |
| RestrictedUDPSocketParams? params, |
| pending_receiver<RestrictedUDPSocket> receiver, |
| pending_remote<UDPSocketListener>? listener) |
| => (int32 result, IPEndPoint? local_addr_out); |
| |
| // Creates a TCP server socket that listens on |local_addr|. The socket |
| // created can only be used for the purpose specified in |traffic_annotation|, |
| // and cannot be re-used for other purposes. Caller must specify an address |
| // family in |local_addr| to be either IPv4 or IPv6. If port in |local_addr| |
| // is 0, the OS will pick an available port. If address bytes are 0, the OS |
| // will pick a local address of the specified address family. |
| // On success, the resulting local address will be written to |local_addr_out| |
| // and |result| is net::OK. On failure, |result| is a network error code. |
| // |
| // Any sockets that are created but are yet to be destroyed will be destroyed |
| // when NetworkContext goes away. |
| CreateTCPServerSocket(IPEndPoint local_addr, |
| TCPServerSocketOptions options, |
| MutableNetworkTrafficAnnotationTag traffic_annotation, |
| pending_receiver<TCPServerSocket> socket) |
| => (int32 result, IPEndPoint? local_addr_out); |
| |
| // Creates a TCP socket connected to |remote_addr|. |observer| if non-null |
| // will be used to listen for any network connection error on the newly |
| // established connection. The socket created can only be used for the purpose |
| // specified in |traffic_annotation|, and cannot be re-used for other |
| // purposes. |local_addr| should be set to null unless the caller wants to |
| // bind the socket to a specific address and port. On success, |result| is |
| // net::OK. Caller is to use |send_stream| to send data and |receive_stream| |
| // to receive data over the connection. On failure, |result| is a network |
| // error code. |
| // |
| // If the client closes |socket| before this completes, the callback will be |
| // invoked with net::ERR_ABORTED. |
| // |
| // Any sockets that are created but are yet to be destroyed will be destroyed |
| // when NetworkContext goes away. |
| CreateTCPConnectedSocket( |
| IPEndPoint? local_addr, |
| AddressList remote_addr_list, |
| TCPConnectedSocketOptions? tcp_connected_socket_options, |
| MutableNetworkTrafficAnnotationTag traffic_annotation, |
| pending_receiver<TCPConnectedSocket> socket, |
| pending_remote<SocketObserver>? observer) |
| => (int32 result, |
| IPEndPoint? local_addr, |
| IPEndPoint? peer_addr, |
| handle<data_pipe_consumer>? receive_stream, |
| handle<data_pipe_producer>? send_stream); |
| |
| // Creates a TCPSocket bound to |local_addr|. The socket created can only be |
| // used for the purpose specified in |traffic_annotation|, and cannot be |
| // re-used for other purposes. |local_addr| is treated the same as in |
| // CreateTCPServerSocket(). |
| // |
| // On success, the resulting local address will be written to |local_addr_out| |
| // and |result| is net::OK. On failure, |result| is a network error code. |
| // |
| // It's recommended consumers use CreateTCPServerSocket() or |
| // CreateTCPConnectedSocket(). This method is just provided so legacy |
| // consumers can mimic Berkeley sockets semantics. |
| CreateTCPBoundSocket(IPEndPoint local_addr, |
| MutableNetworkTrafficAnnotationTag traffic_annotation, |
| pending_receiver<TCPBoundSocket> socket) |
| => (int32 result, IPEndPoint? local_addr); |
| |
| // Creates a ProxyResolvingSocketFactory that shares some configuration params |
| // with this NetworkContext, but uses separate socket pools. |
| // |
| // Any sockets that are created but are yet to be destroyed will be destroyed |
| // when NetworkContext goes away. |
| CreateProxyResolvingSocketFactory( |
| pending_receiver<ProxyResolvingSocketFactory> factory); |
| |
| // Looks up what proxy to use for a particular URL. |
| // `network_anonymization_key` is used to partition the DNS cache in the case |
| // a PAC script is used, and should match the NAK of the frame the lookup is |
| // for use with. |
| LookUpProxyForURL(url.mojom.Url url, |
| NetworkAnonymizationKey network_anonymization_key, |
| pending_remote<ProxyLookupClient> proxy_lookup_client); |
| |
| // Forces refetching the proxy configuration, and applying it. |
| ForceReloadProxyConfig() => (); |
| |
| // Clears the list of bad proxy servers that has been cached. |
| ClearBadProxiesCache() => (); |
| |
| // Creates a WebSocket connection to |url|. |requested_protocols| is a |
| // list of tokens identifying sub-protocols the renderer would like to use, |
| // as described in RFC6455 "Subprotocols Using the WebSocket Protocol". |
| // |additional_headers| are miscellaneous HTTP headers to be added to the |
| // request. Headers semantically relevant to the WebSocket handshake such |
| // as "sec-websocket-protocol" and "origin" are handled separately, (e.g., |
| // "sec-websocket-protocol" is constructed from |requested_protocols| in this |
| // message). |site_for_cookies| represents the first-party origin for the |
| // request. |storage_access_api_status| is used to opt into using a |
| // "storage-access" permission grant. |options| may be a combination of the |
| // kWebSocketOption* flags. |isolation_info| includes SiteForCookies, top |
| // frame origin, and current frame origin, and is used to isolate shared |
| // network stack resources based on the context. It must have |
| // RediredMode::kUpdateNothing. Currently, |isolation_info|'s SiteForCookies |
| // field is ignored, but it will eventually replace the |site_for_cookies| |
| // parameter. |
| // |
| // If |header_client| is set, requests with the kURLLoadOptionUseHeaderClient |
| // option will callback to the |header_client|, allowing the Cookie/Referrer |
| // request headers and Cookie response headers to be modified. This has a |
| // performance impact because of the extra process hops, so use should be |
| // minimized. |
| // |
| // Requests from a system context should set |process_id| to |
| // |kBrowserProcessId|. In that case |render_frame_id| MUST be zero. These |
| // values will still be passed to |OnSSLCertificateError| as needed but no |
| // throttling will be performed for such WebSockets. |
| // |
| // Detect mojo connection errors on |handshake_client| until the connection |
| // is established. |
| // Do *NOT* interpret mojo connection errors on |auth_handler| and |
| // |header_client| as WebSocket connection errors. They are disconnected when |
| // the connection is established, and due to message ordering uncertainty we |
| // cannot know what happened. |
| // |
| // |throttling_profile_id| can be provided to allow network conditions |
| // emulation for this web socket connection. Emulated network conditions |
| // can be set by calling SetNetworkConditions with a matching throttling |
| // profile id. |
| CreateWebSocket( |
| url.mojom.Url url, |
| array<string> requested_protocols, |
| SiteForCookies site_for_cookies, |
| StorageAccessApiStatus storage_access_api_status, |
| IsolationInfo isolation_info, |
| array<HttpHeader> additional_headers, |
| int32 process_id, |
| url.mojom.Origin origin, |
| uint32 options, |
| MutableNetworkTrafficAnnotationTag traffic_annotation, |
| pending_remote<WebSocketHandshakeClient> handshake_client, |
| pending_remote<URLLoaderNetworkServiceObserver>? |
| url_loader_network_observer, |
| pending_remote<WebSocketAuthenticationHandler>? auth_handler, |
| pending_remote<TrustedHeaderClient>? header_client, |
| mojo_base.mojom.UnguessableToken? throttling_profile_id); |
| |
| // Creates a WebTransport connection to |url|. |origin| is used for the |
| // client indication - see |
| // https://tools.ietf.org/html/draft-vvv-webtransport-quic-01#section-3.2 . |
| // When |fingerprints| is not empty, it is used to verify the certificate. |
| // https://wicg.github.io/web-transport/#dom-quictransportconfiguration-server_certificate_fingerprints |
| // |
| // It is recommended to detect mojo connection errors on |handshake_client|. |
| CreateWebTransport( |
| url.mojom.Url url, |
| url.mojom.Origin origin, |
| NetworkAnonymizationKey network_anonymization_key, |
| array<WebTransportCertificateFingerprint> fingerprints, |
| pending_remote<WebTransportHandshakeClient> handshake_client); |
| |
| // Create a NetLogExporter, which helps export NetLog to an existing file. |
| // Note that the log is generally global, including all NetworkContexts |
| // managed by the same NetworkService. The particular NetworkContext this is |
| // called on will determine which NetworkContext gets its information and |
| // configuration summary written out at the end of the log. |
| CreateNetLogExporter(pending_receiver<NetLogExporter> receiver); |
| |
| // Tries to preconnect to `url`. `num_streams` may be used to request more |
| // than one connection be established in parallel. |
| // The sockets will only be used for requests which share the same values for |
| // `credentials_mode` and `network_anonymization_key`. |
| // `traffic_annotation` will be used to distinguish where the preconnect was |
| // initiated from. |
| // The preconnect is aborted if network access is disabled for |
| // `network_anonymization_key->GetNonce()`. |
| PreconnectSockets(uint32 num_streams, |
| url.mojom.Url url, |
| network.mojom.CredentialsMode credentials_mode, |
| NetworkAnonymizationKey network_anonymization_key, |
| MutableNetworkTrafficAnnotationTag traffic_annotation); |
| |
| // Creates a P2PSocketManager instance, used for WebRTC. |
| // `network_anonymization_key` is the network cache shard to associate with |
| // the P2PSocketManager instance, and affects DNS cache shard used and proxy |
| // connection sharing. |
| [EnableIf=is_p2p_enabled] |
| CreateP2PSocketManager( |
| NetworkAnonymizationKey network_anonymization_key, |
| pending_remote<P2PTrustedSocketManagerClient> client, |
| pending_receiver<P2PTrustedSocketManager> trusted_socket_manager, |
| pending_receiver<P2PSocketManager> socket_manager); |
| |
| // Creates an MdnsResponder instance. |
| CreateMdnsResponder(pending_receiver<MdnsResponder> responder_receiver); |
| |
| // Resolves the given hostname (or IP address literal). See documentation at |
| // HostResolver::ResolveHost. |
| // |
| // All outstanding requests are cancelled if the NetworkContext is destroyed. |
| // Such requests will receive ERR_FAILED via `response_client`. |
| // |
| // The request is aborted if network access is disabled for |
| // `network_anonymization_key->GetNonce()`. |
| // |
| // When `host` is a SchemeHostPort, behaves under the assumption that the |
| // resolution is being done for the purpose of making a connection with the |
| // specified scheme to the specified host and port. This could result in |
| // scheme-specific DNS queries, e.g. for HTTPS resource records, and special |
| // errors if DNS indicates a connection should not be made using the |
| // specified scheme, e.g. ERR_DNS_NAME_HTTPS_ONLY indicates that a connection |
| // should not be made without first redirecting an http or ws request to an |
| // https or wss request. |
| ResolveHost(HostResolverHost host, |
| NetworkAnonymizationKey network_anonymization_key, |
| ResolveHostParameters? optional_parameters, |
| pending_remote<ResolveHostClient> response_client); |
| |
| // Creates a HostResolver interface that can be passed to code/processes |
| // without direct access to NetworkContext to make ResolveHost requests. |
| // |
| // If set, |config_overrides| will override configuration read from the system |
| // DNS configuration when resolution is performed using the built-in resolver |
| // (which can be forced using ResolveHostParameters::source = Source.DNS). |
| // |
| // If this NetworkContext is destroyed, all outstanding requests from child |
| // HostResolvers will be cancelled. Such requests will receive ERR_FAILED via |
| // |response_client|. |
| // |
| // TODO(crbug.com/41375980): If necessary as usage and functionality is added |
| // to the contained ResolveHost method, consider adding the ability for this |
| // to be a restricted resolver with some functionality disabled (eg maybe |
| // MDNS). |
| CreateHostResolver(DnsConfigOverrides? config_overrides, |
| pending_receiver<HostResolver> host_resolver); |
| |
| // Checks the given certificate against the CertVerifier and CTVerifier. This |
| // implementation is currently specific for use by Signed Exchange. |
| VerifyCertForSignedExchange(X509Certificate certificate, |
| url.mojom.Url url, |
| string ocsp_response, |
| string sct_list) |
| => (int32 error_code, CertVerifyResult cv_result, bool pkp_bypassed); |
| |
| // Adds explicitly-specified data as if it was processed from an |
| // HSTS header. Used by tests and implementation of chrome://net-internals. |
| AddHSTS(string host, mojo_base.mojom.Time expiry, bool include_subdomains) |
| => (); |
| |
| // Returns true if it is known that `host` has requested to always be |
| // accessed via HTTPS. `is_top_level_nav` indicates whether or not the query |
| // for the HSTS state is being made by a top-level/primary/outermost frame |
| // navigation request. |
| IsHSTSActiveForHost(string host, bool is_top_level_nav) => (bool result); |
| |
| // Retrieve values from the HSTS state from the associated contexts |
| // transport security state. |
| GetHSTSState(string domain) => (mojo_base.mojom.DictionaryValue state); |
| |
| // Sets allowed and blocked origins respectively for the URLLoaderFactory |
| // consumers to access beyond the same-origin policy. The list is managed per |
| // each |source_origin|, and each call will flash old set lists for the |
| // |source_origin|. The passed |patterns| will be set instead. If an empty |
| // array is given for |allow_patterns| and/or |block_patterns|, the |
| // |source_origin|'s origin list for each is set to empty respectively. |
| // TODO(crbug.com/40094155): Eventually, we want to stop using per-context |
| // access lists, and use only per-factory access lists, or stop managing the |
| // list in the NetworkService completely. |
| SetCorsOriginAccessListsForOrigin(url.mojom.Origin source_origin, |
| array<CorsOriginPattern> allow_patterns, |
| array<CorsOriginPattern> block_patterns) |
| => (); |
| |
| // Deletes any dynamic data stored for |host| from the transport |
| // security state. Returns true iff an entry was deleted. |
| // See net::TransportSecurityState::DeleteDynamicDataForHost for more detail. |
| DeleteDynamicDataForHost(string host) => (bool result); |
| |
| // Sets whether the HTTP auth cache will be split the NetworkAnonymizationKey. |
| // Only affects server (not proxy) credentials. Whenever the effective value |
| // is changed, all cached server auth credentials will be cleared. |
| SetSplitAuthCacheByNetworkAnonymizationKey( |
| bool split_auth_cache_by_network_anonymization_key); |
| |
| // Copies the proxy entries of this NetworkContext's auth cache and |
| // returns a key that can be used by LoadHttpAuthCache to load them into |
| // another NetworkContext's auth cache. The data referenced by the |
| // returned key is not associated with this NetworkContext, so will outlast |
| // its destruction. If there is no corresponding LoadHttpAuthCache call, the |
| // saved HttpAuthCache data will leak. |
| // |
| // TODO(crbug.com/40606065): Return a scoped handle that can automatically |
| // free the cache when it goes out of scope. |
| SaveHttpAuthCacheProxyEntries() |
| => (mojo_base.mojom.UnguessableToken cache_key); |
| |
| // Loads auth cache entries previously saved by SaveHttpAuthCacheProxyEntries, |
| // and copies them into this NetworkContext's HttpAuthCache. This may only be |
| // called once for each token returned by SaveHttpAuthCacheProxyEntries(). |
| LoadHttpAuthCacheProxyEntries(mojo_base.mojom.UnguessableToken cache_key) |
| => (); |
| |
| // Adds an entry to the HttpAuthCache. `network_anonymization_key` is the |
| // NetworkAnonymizationKey to restrict the credentials to, and is only |
| // respected for server (not proxy) HTTP auth and only when the NetworkService |
| // was configured to split the auth cache by NetworkAnonymizationKey. |
| // `challenge` may not necessarily contain a stateful challenge that requires |
| // a persistent connection, allowing the cache to be pre-populated. |
| AddAuthCacheEntry(AuthChallengeInfo challenge, |
| NetworkAnonymizationKey network_anonymization_key, |
| AuthCredentials credentials) => (); |
| |
| // Sets whether |
| // https://fetch.spec.whatwg.org/#cors-non-wildcard-request-header-name is |
| // supported in this network context. |
| SetCorsNonWildcardRequestHeadersSupport(bool value); |
| |
| // Looks up credentials in the HttpAuthCache using the origin and path from |
| // |url|. Only supports basic auth scheme. Only looks up server (not proxy) |
| // auth credentials, and only those that are usable in the scope of |
| // |network_anonymization_key|. |
| LookupServerBasicAuthCredentials( |
| url.mojom.Url url, NetworkAnonymizationKey network_anonymization_key) |
| => (AuthCredentials? credentials); |
| |
| // Looks up the proxy authentication credentials associated with |
| // |proxy_server|, |auth_scheme| and |realm| in the HttpAuthCache. |
| // |auth_scheme| is the authentication scheme of the challenge and it's |
| // specified as a case-insensitive string. Unlike server credentials, proxy |
| // credentials are not keyed on NetworkAnonymizationKey. |
| [EnableIf=is_chromeos] |
| LookupProxyAuthCredentials( |
| ProxyServer proxy_server, string auth_scheme, string realm) |
| => (AuthCredentials? credentials); |
| |
| // Enables the checking of static PKP records. |
| [Sync] |
| EnableStaticKeyPinningForTesting() => (); |
| |
| // Verifies the given certificate using the context's CertVerifier. |
| VerifyCertificateForTesting(X509Certificate certificate, |
| string hostname, |
| string ocsp_response, |
| string sct_list) => (int32 error_code); |
| |
| // Adds a Domain Reliability Context. |
| [Sync] |
| AddDomainReliabilityContextForTesting( |
| url.mojom.Origin origin, url.mojom.Url upload_url) => (); |
| |
| // Forces all pending Domain Reliability uploads to run now, even if their |
| // minimum delay has not yet passed. |
| [Sync] |
| ForceDomainReliabilityUploadsForTesting() => (); |
| |
| // Set the SCT auditing mode for this NetworkContext. |
| [EnableIf=is_ct_supported] |
| SetSCTAuditingMode(SCTAuditingMode mode); |
| |
| // Adds an observer that will receive Reporting Service callbacks. Generates |
| // events for Reporting API reports currently stored in the reporting service. |
| [EnableIf=enable_reporting] |
| AddReportingApiObserver(pending_remote<ReportingApiObserver> observer); |
| |
| // Get the usage information of shared dictionaries. |
| GetSharedDictionaryUsageInfo() |
| => (array<SharedDictionaryUsageInfo> usage_info); |
| |
| // Get shared dictionaries information for `isolation_key`. |
| GetSharedDictionaryInfo(SharedDictionaryIsolationKey isolation_key) |
| => (array<SharedDictionaryInfo> dictionaries); |
| |
| // Get a list of origins where shared dictionaries are registered. A specific |
| // range of time can be specified with `start_time` and `end_time`. |
| GetSharedDictionaryOriginsBetween( |
| mojo_base.mojom.Time start_time, mojo_base.mojom.Time end_time) |
| => (array<url.mojom.Origin> origins); |
| |
| // Sets maximum size of the shared dictionary cache. |
| SetSharedDictionaryCacheMaxSize(uint64 cache_max_size); |
| |
| // Preloads matching dictionaries for loading documents of the `urls`. |
| PreloadSharedDictionaryInfoForDocument( |
| array<url.mojom.Url> urls, |
| pending_receiver<PreloadedSharedDictionaryInfoHandle> preload_handle); |
| |
| // Check if there is a preloaded shared dictionary info. |
| HasPreloadedSharedDictionaryInfoForTesting() => (bool value); |
| |
| // Called when visibility of ResourceSchedulerClient has changed. |
| // `client_token` identifies which client has changed its visibility. |
| ResourceSchedulerClientVisibilityChanged( |
| mojo_base.mojom.UnguessableToken client_token, bool visible); |
| |
| // Will flush cached client certificate for `host` if `certificate` |
| // doesn't match the corresponding cached certificate. |
| FlushCachedClientCertIfNeeded( |
| HostPortPair host, X509Certificate certificate); |
| |
| // Flushes a cached client certificate preference if `certificate` matches |
| // the cached certificate. |
| FlushMatchingCachedClientCert(X509Certificate certificate); |
| |
| // Sets cookie deprecation label. |
| SetCookieDeprecationLabel(string? label); |
| |
| // Clients should revoke network access for nonces using |
| // `StoragePartitionImpl::RevokeNetworkForNoncesInNetworkContext` instead of |
| // this function. This is because `RevokeNetworkForNoncesInNetworkContext` |
| // replicates the nonces so that they can be restored in case of a |
| // `NetworkService` crash. |
| // Register that all network requests with nonces in `nonces` as their |
| // partition nonce should be blocked. Used for fenced frames network |
| // revocation: |
| // https://github.com/WICG/fenced-frame/blob/master/explainer/fenced_frames_with_local_unpartitioned_data_access.md#revoking-network-access |
| // Each fenced frame tree primarily uses one "fenced frame nonce" for |
| // requests that originate from it, but requests from credentialless iframes |
| // within the fenced frame tree use a different "credentialless iframes |
| // nonce". Currently these are the two nonces passed in `nonces`. |
| RevokeNetworkForNonces(array<mojo_base.mojom.UnguessableToken> nonces) => (); |
| |
| // Clients should clear nonces tagged for network revocation using |
| // `StoragePartitionImpl::ClearNoncesInNetworkContextAfterDelay` instead of |
| // this function. This is because `StoragePartitionImpl` also handles clearing |
| // the nonces in the browser-side replication data structure, which will |
| // ensure that stale nonces aren't re-added to the `NetworkContext` after a |
| // `NetworkService` crash. Note that this will only clear nonces specified |
| // previously in `RevokeNetworkForNonces`, and should only be called when |
| // those nonces are no longer relevant (for instance, after the corresponding |
| // fenced frame is destroyed). |
| ClearNonces(array<mojo_base.mojom.UnguessableToken> nonces); |
| |
| // Register that network requests operating under the nonce `nonce` whose url |
| // without filename is `exempted_url` should be exempt from network |
| // revocation. This can be called before network is revoked for `nonce` with |
| // `RevokeNetworkForNonce`, and it will store the exemption so that it can |
| // take effect afterwards. |
| ExemptUrlFromNetworkRevocationForNonce( |
| url.mojom.Url exempted_url, mojo_base.mojom.UnguessableToken nonce) => (); |
| |
| // Request that `request` be performed and cached as a prefetch. If a matching |
| // request is subseqently received from a render process, the prefetch will |
| // be consumed. `request_id`, `options` and `traffic_annotation` will be |
| // passed to the CreateLoaderAndStart() method of CorsURLLoaderFactory when |
| // the request is started. |
| Prefetch(int32 request_id, |
| uint32 options, |
| URLRequest request, |
| MutableNetworkTrafficAnnotationTag traffic_annotation); |
| |
| // Returns whether this NetworkContext was bound to a network. |
| // `bound_network` represents a net::handles::NetworkHandle, |
| // `bound_network` == -1 means that this NetworkContext is not bound to any |
| // network. Refer to NetworkContextParams::bound_network for more info. |
| GetBoundNetworkForTesting() => (int64 bound_network); |
| |
| // Gets the DeviceBoundSessionManager associated with this network context. |
| // |
| // This must only be passed to trusted processes. |
| [AllowedContext=sandbox.mojom.Context.kBrowser] |
| GetDeviceBoundSessionManager( |
| pending_receiver<DeviceBoundSessionManager> device_bound_session_manager); |
| }; |