blob: 1bffa98f92954270ff0c17a536570efbfacbfb0f [file] [log] [blame]
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module network.mojom;
// A policy to decide if CORS-preflight fetch should be performed.
enum CorsPreflightPolicy {
kConsiderPreflight,
kPreventPreflight,
};
// Error conditions of the CORS check.
// These values are used for UMA. Entries should not be renumbered. Please keep
// in sync with "CorsAccessCheckError" in
// src/tools/metrics/histograms/enums.xml.
enum CorsError {
// Access control
kDisallowedByMode,
kInvalidResponse,
// Not allowed wildcard origin was found in Access-Control-Allow-Origin
// response header when the credentials mode is 'include'.
kWildcardOriginNotAllowed,
// Access-Control-Allow-Origin response header was not found.
kMissingAllowOriginHeader,
// Not allowed multiple origin values was found in Access-Control-Allow-Origin
// response header.
kMultipleAllowOriginValues,
// Invalid origin was found in Access-Control-Allow-Origin response header.
kInvalidAllowOriginValue,
// Not allowed by Access-Control-Allow-Origin response header.
kAllowOriginMismatch,
// Invalid value was found in Access-Control-Allow-Credentials response
// header.
kInvalidAllowCredentials,
// The scheme is not for CORS.
kCorsDisabledScheme,
// Preflight:
// Failed to check HTTP response ok status in a CORS-preflight response.
kPreflightInvalidStatus,
// Redirect is requested in CORS-preflight response, but not allowed.
kPreflightDisallowedRedirect,
// Not allowed wildcard origin was found in Access-Control-Allow-Origin
// CORS-preflight response header when the credentials mode is 'include'.
kPreflightWildcardOriginNotAllowed,
// Access-Control-Allow-Origin response header was not found in a
// CORS-preflight response.
kPreflightMissingAllowOriginHeader,
// Not allowed multiple origin values was found in Access-Control-Allow-Origin
// CORS-preflight response header.
kPreflightMultipleAllowOriginValues,
// Invalid origin was found in Access-Control-Allow-Origin CORS-preflight
// response header.
kPreflightInvalidAllowOriginValue,
// Not allowed by Access-Control-Allow-Origin CORS-preflight response header.
kPreflightAllowOriginMismatch,
// Invalid value was found in Access-Control-Allow-Credentials CORS-preflight
// response header.
kPreflightInvalidAllowCredentials,
// "Access-Control-Allow-External:"
// ( https://wicg.github.io/cors-rfc1918/#headers ) specific error
// conditions:
kPreflightMissingAllowExternal,
kPreflightInvalidAllowExternal,
// Failed to parse Access-Control-Allow-Methods response header field in
// CORS-preflight response.
kInvalidAllowMethodsPreflightResponse,
// Failed to parse Access-Control-Allow-Headers response header field in
// CORS-preflight response.
kInvalidAllowHeadersPreflightResponse,
// Not allowed by Access-Control-Allow-Methods in CORS-preflight response.
kMethodDisallowedByPreflightResponse,
// Not allowed by Access-Control-Allow-Headers in CORS-preflight response.
kHeaderDisallowedByPreflightResponse,
// Cross origin redirect location contains credentials such as 'user:pass'.
kRedirectContainsCredentials,
// Request client is not secure and less private than the request target.
// See: https://wicg.github.io/cors-rfc1918.
kInsecurePrivateNetwork,
};