| // Copyright 2020 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| module network.mojom; |
| |
| import "services/network/public/mojom/connection_allowlist.mojom"; |
| import "services/network/public/mojom/content_security_policy.mojom"; |
| import "services/network/public/mojom/cross_origin_embedder_policy.mojom"; |
| import "services/network/public/mojom/cross_origin_opener_policy.mojom"; |
| import "services/network/public/mojom/integrity_policy.mojom"; |
| import "services/network/public/mojom/document_isolation_policy.mojom"; |
| import "services/network/public/mojom/link_header.mojom"; |
| import "services/network/public/mojom/no_vary_search.mojom"; |
| import "services/network/public/mojom/supports_loading_mode.mojom"; |
| import "services/network/public/mojom/timing_allow_origin.mojom"; |
| import "services/network/public/mojom/web_client_hints_types.mojom"; |
| import "services/network/public/mojom/x_frame_options.mojom"; |
| |
| enum OriginAgentClusterValue { |
| kAbsent, // No Origin-Agent-Cluster header specified. |
| kTrue, // Origin-Agent-Cluster: ?1. |
| kFalse // Origin-Agent-Cluster: ?0. |
| }; |
| |
| // Holds the parsed representation of several security related HTTP headers. |
| // This struct should only be populated by network::PopulateParsedHeaders(). |
| // ParsedHeaders are used only for navigational requests and for worker and |
| // serviceworker main requests. They are ignored for subresources. |
| struct ParsedHeaders { |
| // The parsed Content-Security-Policy from the response headers. |
| array<ContentSecurityPolicy> content_security_policy; |
| |
| // The parsed value of the Allow-CSP-From response header. |
| AllowCSPFromHeaderValue? allow_csp_from; |
| |
| // The parsed representation of `Connection-Allowlist` and |
| // `Connection-Allowlist-Report-Only` headers. |
| ConnectionAllowlists connection_allowlists; |
| |
| // The parsed representation of Cross-Origin-Embedder-Policy and |
| // Cross-Origin-Embedder-Policy-Report-Only headers. |
| CrossOriginEmbedderPolicy cross_origin_embedder_policy; |
| |
| // The parsed value of the Cross-Origin-Opener-Policy (COOP) and |
| // Cross-Origin-Opener-Policy-Report-Only headers. |
| CrossOriginOpenerPolicy cross_origin_opener_policy; |
| |
| // The parsed value of the Document-Isolation-Policy (DIP) and |
| // Document-Isolation-Policy-Report-Only headers. |
| DocumentIsolationPolicy document_isolation_policy; |
| |
| // The parsed value of the Integrity-Policy header. |
| IntegrityPolicy integrity_policy; |
| // The parsed value of the Integrity-Policy-Report-Only header. |
| IntegrityPolicy integrity_policy_report_only; |
| |
| // The parsed value of the Origin-Agent-Cluster header. |
| OriginAgentClusterValue origin_agent_cluster; |
| |
| // The parsed Accept-CH from response headers. |
| // |
| // If this is missing, there is no valid accept-ch header, so client hints |
| // handling should not change. |
| // |
| // If this is present and an empty array, this means that client hints should |
| // be disabled (if updating client hint preference is valid in this context). |
| array<WebClientHintsType>? accept_ch; |
| |
| // The parsed Critical-CH response header. |
| // |
| // Should be parsed in the same way (i.e. same tokens and grammar) as the |
| // Accept-CH header. |
| // |
| // Indicates that if these headers are missing from the Client Hint |
| // preference storage but not otherwise blocked from being sent, the |
| // appropriate preferences should be stored and the request should be |
| // restarted (with the new client hint preferences taken into account). |
| // |
| // All hints present in the Critical-CH header SHOULD also be present in the |
| // Accept-CH header. |
| // |
| // An empty list means the headers value was empty (i.e. 'Critical-CH:'). A |
| // null value means the header was not present in the response. These are |
| // both functionally a no-op. |
| // |
| // For more information, see: |
| // https://tools.ietf.org/html/draft-davidben-http-client-hint-reliability#section-3 |
| array<WebClientHintsType>? critical_ch; |
| |
| // If the client hint headers should be ignored due to a Clear-Site-Data |
| // header this is true so that when re-parsing the headers from cache we know |
| // to keep them cleared. If this field is true but accept_ch or critical_ch |
| // contain values, accept_ch and critical_ch should take precedence. |
| bool client_hints_ignored_due_to_clear_site_data_header; |
| |
| // The parsed value of the X-Frame-Options header. |
| XFrameOptionsValue xfo = XFrameOptionsValue.kNone; |
| |
| // The parsed Link headers. |
| array<LinkHeader> link_headers; |
| |
| TimingAllowOrigin? timing_allow_origin; |
| |
| // The parsed Supports-Loading-Mode header. |
| // For more information, see: |
| // https://wicg.github.io/nav-speculation/prerendering.html#supports-loading-mode |
| array<LoadingMode> supports_loading_mode; |
| |
| // Parsed mapping of endpoint names to URLs from the Reporting-Endpoints |
| // header. Will be null if that header was not present in the response. |
| // URLs are represented here as strings, and have not been validated. |
| map<string,string>? reporting_endpoints; |
| |
| // The parsed Cookie-Indices response header. |
| // |
| // Lists cookie names which might affect whether this content is cacheable. |
| // Responses should not be cached if one of the named cookies has a changed |
| // value. |
| // |
| // This field is populated even if `Vary: Cookie` is not specified (and it |
| // would therefore be ineffective). |
| // |
| // https://mnot.github.io/I-D/draft-nottingham-http-availability-hints.html#name-cookie |
| array<string>? cookie_indices; |
| |
| // The parsed Avail-Language response header. |
| // |
| // The Avail-Language response header field is the availability hint for |
| // content negotiation using the Accept-Language request header field defined |
| // in https://www.rfc-editor.org/rfc/rfc9110#section-12.5.4. The default |
| // language, if provided, will be put in the first language. |
| // |
| // If Structured Header parsing fails or a member's value does have the |
| // structure outlined as defined, the client MUST treat the representation as |
| // having no Avail-Language header field. |
| // |
| // It will only be populated when the kReduceAcceptLanguage feature is |
| // enabled. |
| // |
| // For more information, see: |
| // https://mnot.github.io/I-D/draft-nottingham-http-availability-hints.html#section-5.3. |
| array<string>? avail_language; |
| |
| // The parsed value of the Content-Language header. |
| array<string>? content_language; |
| |
| // The parsed value of the No-Vary-Search header including parse error |
| // indicator. Null if not present or if No-Vary-Search header represents |
| // the default URL search variance. |
| // For more information, see: |
| // https://wicg.github.io/nav-speculation/no-vary-search.html#model |
| NoVarySearchWithParseError? no_vary_search_with_parse_error; |
| |
| // The parsed value of the Observe-Browsing-Topics header. See: |
| // https://patcg-individual-drafts.github.io/topics/#the-observe-browsing-topics-http-response-header-header |
| bool observe_browsing_topics; |
| |
| // The parsed value of the Allow-Cross-Origin-Event-Reporting header. See: |
| // https://wicg.github.io/fenced-frame/#fenced-frame-config-cross-origin-reporting-allowed |
| bool allow_cross_origin_event_reporting; |
| |
| // Please update `CheckParsedHeadersEquals` after adding new fields. |
| }; |
