2012-05-21 04:12:37 -07:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2010-06-03 14:03:17 -07:00
|
|
|
|
|
|
|
#include "nsISupports.idl"
|
|
|
|
|
|
|
|
interface nsIURI;
|
2010-10-06 10:07:39 -07:00
|
|
|
interface nsIObserver;
|
2010-06-03 14:03:17 -07:00
|
|
|
interface nsIHttpChannel;
|
|
|
|
|
2012-11-16 07:06:13 -08:00
|
|
|
[scriptable, uuid(aee925d1-2bc9-469e-9582-b27b1d6b5192)]
|
2010-06-03 14:03:17 -07:00
|
|
|
interface nsIStrictTransportSecurityService : nsISupports
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* Parses a given HTTP header and records the results internally.
|
|
|
|
* The format of the STS header is defined by the STS specification:
|
|
|
|
* http://tools.ietf.org/html/draft-hodges-strict-transport-sec
|
|
|
|
* and allows a host to specify that future requests on port 80 should be
|
|
|
|
* upgraded to HTTPS.
|
|
|
|
*
|
|
|
|
* @param aSourceURI the URI of the resource with the HTTP header.
|
|
|
|
* @param aHeader the HTTP response header specifying STS data.
|
2012-10-15 14:43:57 -07:00
|
|
|
* @param aMaxAge the parsed max-age directive of the header.
|
|
|
|
* @param aIncludeSubdomains the parsed includeSubdomains directive.
|
2010-06-03 14:03:17 -07:00
|
|
|
* @return NS_OK if it succeeds
|
|
|
|
* NS_ERROR_FAILURE if it can't be parsed
|
|
|
|
* NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
|
|
|
|
* if there are unrecognized tokens in the header.
|
|
|
|
*/
|
|
|
|
void processStsHeader(in nsIURI aSourceURI,
|
2012-10-15 14:43:57 -07:00
|
|
|
in string aHeader,
|
|
|
|
[optional] out unsigned long long aMaxAge,
|
|
|
|
[optional] out boolean aIncludeSubdomains);
|
2010-06-03 14:03:17 -07:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Removes the STS state of a host, including the includeSubdomains state
|
|
|
|
* that would affect subdomains. This essentially removes STS state for
|
|
|
|
* the domain tree rooted at this host.
|
|
|
|
*/
|
2012-11-16 07:06:13 -08:00
|
|
|
void removeStsState(in nsIURI aURI);
|
2010-06-03 14:03:17 -07:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Checks if the given security info is for an STS host with a broken
|
|
|
|
* transport layer (certificate errors like invalid CN).
|
|
|
|
*/
|
2011-08-06 22:03:32 -07:00
|
|
|
boolean shouldIgnoreStsHeader(in nsISupports aSecurityInfo);
|
2010-06-03 14:03:17 -07:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Checks whether or not the given hostname has STS state set.
|
|
|
|
* The host is an STS host if either it has the STS permission, or one of
|
|
|
|
* its super-domains has an STS "includeSubdomains" permission set.
|
|
|
|
*
|
|
|
|
* @param aHost the hostname (punycode) to query for STS state.
|
|
|
|
*/
|
2012-11-16 07:06:13 -08:00
|
|
|
boolean isStsHost(in string aHost);
|
2010-06-03 14:03:17 -07:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Checks whether or not the URI's hostname has STS state set.
|
|
|
|
* The URI is an STS URI if either the host has the STS permission, or one
|
|
|
|
* of its super-domains has an STS "includeSubdomains" permission set.
|
|
|
|
* NOTE: this function makes decisions based only on the scheme and
|
|
|
|
* host contained in the URI, and disregards other portions of the URI
|
|
|
|
* such as path and port.
|
|
|
|
*
|
|
|
|
* @param aURI the URI to query for STS state.
|
|
|
|
*/
|
2012-11-16 07:06:13 -08:00
|
|
|
boolean isStsURI(in nsIURI aURI);
|
2010-06-03 14:03:17 -07:00
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
%{C++
|
|
|
|
#define NS_STSSERVICE_CONTRACTID "@mozilla.org/stsservice;1"
|
|
|
|
#define NS_STSSERVICE_CLASSNAME "stsservice"
|
|
|
|
|
|
|
|
#define STS_PERMISSION "sts/use"
|
|
|
|
#define STS_SUBDOMAIN_PERMISSION "sts/subd"
|
|
|
|
%}
|