FramingChecker.h (1576B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef mozilla_dom_FramingChecker_h 8 #define mozilla_dom_FramingChecker_h 9 10 #include "nsStringFwd.h" 11 12 class nsIDocShell; 13 class nsIChannel; 14 class nsIHttpChannel; 15 class nsIDocShellTreeItem; 16 class nsIURI; 17 class nsIContentSecurityPolicy; 18 19 namespace mozilla::dom { 20 class BrowsingContext; 21 } // namespace mozilla::dom 22 23 class FramingChecker { 24 public: 25 // Determine if X-Frame-Options allows content to be framed 26 // as a subdocument 27 static bool CheckFrameOptions(nsIChannel* aChannel, 28 nsIContentSecurityPolicy* aCSP, 29 bool& outIsFrameCheckingSkipped); 30 31 protected: 32 struct XFOHeader { 33 bool ALLOWALL = false; 34 bool SAMEORIGIN = false; 35 bool DENY = false; 36 bool INVALID = false; 37 }; 38 39 /** 40 * Logs to the window about a X-Frame-Options error. 41 * 42 * @param aMessageTag the error message identifier to log 43 * @param aChannel the HTTP Channel 44 * @param aURI the URI of the frame attempting to load 45 * @param aPolicy the header value string from the frame to the console. 46 */ 47 static void ReportError(const char* aMessageTag, nsIHttpChannel* aChannel, 48 nsIURI* aURI, const nsAString& aPolicy); 49 }; 50 51 #endif /* mozilla_dom_FramingChecker_h */