nsIContentSecurityPolicy 编辑

content/base/public/nsIContentSecurityPolicy.idlScriptable Describes an XPCOM component used to model and enforce Content Security Policies. 1.0 66 Introduced Gecko 2.0 Inherits from: nsISupports Last changed in Gecko 2.0 (Firefox 4 / Thunderbird 3.3 / SeaMonkey 2.1)

Method overview

boolean permitsAncestry(in nsIDocShell docShell);
void refinePolicy(in AString policyString, in nsIURI selfURI);
void scanRequestData(in nsIHttpChannel aChannel);
void sendReports(in AString blockedURI, in AString violatedDirective);
short shouldLoad(in unsigned long aContentType, in nsIURI aContentLocation, in nsIURI aRequestOrigin, in nsISupports aContext, in ACString aMimeTypeGuess, in nsISupports aExtra);
short shouldProcess(in unsigned long aContentType, in nsIURI aContentLocation, in nsIURI aRequestOrigin, in nsISupports aContext, in ACString aMimeType, in nsISupports aExtra);

Attributes

AttributeTypeDescription
allowsEvalboolean

Whether this policy allows eval and eval-like functions such as setTimeout("code string", time).

Calls to this may trigger violation reports when queried, so this value should not be cached. Read only.
allowsInlineScriptboolean

Whether this policy allows in-page script.

Calls to this may trigger violation reports when queried, so this value should not be cached. Read only.
isInitializedbooleanSet to true when the Content Security Policy has been read in and parsed and is ready to enforce. This is a barrier for the nsDocument so it doesn't load any sub-content until either it knows that a Content Security Policy is ready or will not be used.
policyAStringA read-only string version of the policy for debugging. Read only.
reportOnlyModebooleanWhen set to true, content load-blocking and fail-closed are disabled: Content Security Policy will only send reports, and not modify behavior.

Methods

permitsAncestry()

Verifies ancestry as permitted by the policy.

Calls to this may trigger violation reports when queried, so this value should not be cached.

boolean permitsAncestry(
  in nsIDocShell docShell
);
Parameters
docShell
Containing the protected resource.
Return value

true if the frame's ancestors are all permitted by policy.

refinePolicy()

Updates the policy currently stored in the Content Security Policy to be "refined" or tightened by the one specified in the string policyString.

void refinePolicy(
  in AString policyString,
  in nsIURI selfURI
);
Parameters
policyString
selfURI

scanRequestData()

Called after the Content Security Policy object is created to fill in the appropriate request and request header information needed in case a report needs to be sent.

void scanRequestData(
  in nsIHttpChannel aChannel
);
Parameters
aChannel

sendReports()

Manually triggers violation report sending given a URI and reason. The URI may be null, in which case "self" is sent.

void sendReports(
  in AString blockedURI,
  in AString violatedDirective
);
Parameters
blockedURI
The URI that violated the policy.
violatedDirective
The directive that was violated.

shouldLoad()

Delegate method called by the service when sub-elements of the protected document are being loaded. Given a bit of information about the request, decides whether or not the policy is satisfied.

Calls to this may trigger violation reports when queried, so this value should not be cached.

short shouldLoad(
  in unsigned long aContentType,
  in nsIURI aContentLocation,
  in nsIURI aRequestOrigin,
  in nsISupports aContext,
  in ACString aMimeTypeGuess,
  in nsISupports aExtra
);
Parameters
aContentType
aContentLocation
aRequestOrigin
aContext
aMimeTypeGuess
aExtra
Return value

 

shouldProcess()

Delegate method called by the service when sub-elements of the protected document are being processed. Given a bit of information about the request, decides whether or not the policy is satisfied.

short shouldProcess(
  in unsigned long aContentType,
  in nsIURI aContentLocation,
  in nsIURI aRequestOrigin,
  in nsISupports aContext,
  in ACString aMimeType,
  in nsISupports aExtra
);
Parameters
aContentType
aContentLocation
aRequestOrigin
aContext
aMimeType
aExtra
Return value

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:63 次

字数:7993

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文