/* ***** BEGIN LICENSE BLOCK ***** * Version: MPL 1.1/GPL 2.0/LGPL 2.1 * * The contents of this file are subject to the Mozilla Public License Version * 1.1 (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" basis, * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License * for the specific language governing rights and limitations under the * License. * * The Original Code is Strict-Transport-Security. * * The Initial Developer of the Original Code is * Mozilla Foundation. * Portions created by the Initial Developer are Copyright (C) 2010 * the Initial Developer. All Rights Reserved. * * Contributor(s): * Sid Stamm * * Alternatively, the contents of this file may be used under the terms of * either the GNU General Public License Version 2 or later (the "GPL"), or * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), * in which case the provisions of the GPL or the LGPL are applicable instead * of those above. If you wish to allow use of your version of this file only * under the terms of either the GPL or the LGPL, and not to allow others to * use your version of this file under the terms of the MPL, indicate your * decision by deleting the provisions above and replace them with the notice * and other provisions required by the GPL or the LGPL. If you do not delete * the provisions above, a recipient may use your version of this file under * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ #include "nsISupports.idl" interface nsIURI; interface nsIObserver; interface nsIHttpChannel; [scriptable, uuid(16955eee-6c48-4152-9309-c42a465138a1)] interface nsIStrictTransportSecurityService : nsISupports { /** * Parses a given HTTP header and records the results internally. * The format of the STS header is defined by the STS specification: * http://tools.ietf.org/html/draft-hodges-strict-transport-sec * and allows a host to specify that future requests on port 80 should be * upgraded to HTTPS. * * @param aSourceURI the URI of the resource with the HTTP header. * @param aHeader the HTTP response header specifying STS data. * @return NS_OK if it succeeds * NS_ERROR_FAILURE if it can't be parsed * NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA * if there are unrecognized tokens in the header. */ void processStsHeader(in nsIURI aSourceURI, in string aHeader); /** * Removes the STS state of a host, including the includeSubdomains state * that would affect subdomains. This essentially removes STS state for * the domain tree rooted at this host. */ void removeStsState(in nsIURI aURI); /** * Checks if the given security info is for an STS host with a broken * transport layer (certificate errors like invalid CN). */ PRBool shouldIgnoreStsHeader(in nsISupports aSecurityInfo); /** * Checks whether or not the given hostname has STS state set. * The host is an STS host if either it has the STS permission, or one of * its super-domains has an STS "includeSubdomains" permission set. * * @param aHost the hostname (punycode) to query for STS state. */ PRBool isStsHost(in string aHost); /** * Checks whether or not the URI's hostname has STS state set. * The URI is an STS URI if either the host has the STS permission, or one * of its super-domains has an STS "includeSubdomains" permission set. * NOTE: this function makes decisions based only on the scheme and * host contained in the URI, and disregards other portions of the URI * such as path and port. * * @param aURI the URI to query for STS state. */ PRBool isStsURI(in nsIURI aURI); }; %{C++ #define NS_STSSERVICE_CONTRACTID "@mozilla.org/stsservice;1" #define NS_STSSERVICE_CLASSNAME "stsservice" #define STS_PERMISSION "sts/use" #define STS_SUBDOMAIN_PERMISSION "sts/subd" %}