Bug 1212904 P1 Add a LoadTainting enumeration. r=jduell
authorBen Kelly <ben@wanderview.com>
Thu, 22 Oct 2015 11:07:32 -0700
changeset 304260 342a49e40ecfc244126f323fb300693f819e127a
parent 304259 6b7feb3ce23042d551b7110a34ec90433e5ac391
child 304261 51686c6d9cf4edac9e3592012a13bc43cb4f8400
push id1001
push userraliiev@mozilla.com
push dateMon, 18 Jan 2016 19:06:03 +0000
treeherdermozilla-release@8b89261f3ac4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjduell
bugs1212904
milestone44.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1212904 P1 Add a LoadTainting enumeration. r=jduell
netwerk/base/LoadTainting.h
netwerk/base/moz.build
new file mode 100644
--- /dev/null
+++ b/netwerk/base/LoadTainting.h
@@ -0,0 +1,43 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_LoadTainting_h
+#define mozilla_LoadTainting_h
+
+namespace mozilla {
+
+// Define an enumeration to reflect the concept of response tainting from the
+// the fetch spec:
+//
+//  https://fetch.spec.whatwg.org/#concept-request-response-tainting
+//
+// Roughly the tainting means:
+//
+//  * Basic: the request resulted in a same-origin or non-http load
+//  * CORS: the request resulted in a cross-origin load with CORS headers
+//  * Opaque: the request resulted in a cross-origin load without CORS headers
+//
+// The enumeration is purposefully designed such that more restrictive tainting
+// corresponds to a higher integral value.
+//
+// NOTE: Checking the tainting is not currently adequate.  You *must* still
+//       check the final URL and CORS mode on the channel.
+//
+// These values are currently only set on the channel LoadInfo when the request
+// was initiated through fetch() or when a service worker interception occurs.
+// In the future we should set the tainting value within necko so that it is
+// consistently applied.  Once that is done consumers can replace checks against
+// the final URL and CORS mode with checks against tainting.
+enum class LoadTainting : uint8_t
+{
+  Basic = 0,
+  CORS = 1,
+  Opaque = 2
+};
+
+} // namespace mozilla
+
+#endif // mozilla_LoadTainting_h
--- a/netwerk/base/moz.build
+++ b/netwerk/base/moz.build
@@ -163,16 +163,17 @@ EXPORTS += [
     'nsTemporaryFileInputStream.h',
     'nsURIHashKey.h',
     'nsURLHelper.h',
     'nsURLParsers.h',
 ]
 
 EXPORTS.mozilla += [
     'LoadInfo.h',
+    'LoadTainting.h',
 ]
 
 EXPORTS.mozilla.net += [
     'CaptivePortalService.h',
     'ChannelDiverterChild.h',
     'ChannelDiverterParent.h',
     'Dashboard.h',
     'DashboardTypes.h',