Codebase Browser
chromium
Go to App

chromium/services/network/public/mojom/cross_origin_embedder_policy.mojom 

// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

module network.mojom;

import "url/mojom/url.mojom";
import "services/network/public/mojom/fetch_api.mojom";

// [spec]: https://html.spec.whatwg.org/C/#coep
// An embedder policy value is one of three strings that controls the fetching
// of cross-origin resources without explicit permission from resource owners.
enum CrossOriginEmbedderPolicyValue {
  // [spec]: This is the default value. When this value is used, cross-origin
  // resources can be fetched without giving explicit permission through the
  // CORS protocol or the `Cross-Origin-Resource-Policy` header.
  kNone,

  // [spec]: When this value is used, fetching cross-origin resources requires
  // the server's explicit permission through the CORS protocol or the
  // `Cross-Origin-Resource-Policy` header.
  kRequireCorp,

  // [spec]: When this value is used, fetching cross-origin no-CORS resources
  // omits credentials. In exchange, an explicit `Cross-Origin-Resource-Policy`
  // header is not required. Other requests sent with credentials require the
  // server's explicit permission through the CORS protocol or the
  // `Cross-Origin-Resource-Policy` header.
  kCredentialless,
};

// Reports potential COEP violations. This is mainly used by the CORP check
// in the network service. Implemented in the browser process.
interface CrossOriginEmbedderPolicyReporter {
  // Queues a report of a CORP violation caused by COEP.
  QueueCorpViolationReport(url.mojom.Url blocked_url,
                           network.mojom.RequestDestination destination,
                           bool report_only);

  // Connects a new pipe to this instance.
  Clone(pending_receiver<CrossOriginEmbedderPolicyReporter> receiver);
};

// [spec]: https://html.spec.whatwg.org/C/#embedder-policy
// An embedder policy consists of:
struct CrossOriginEmbedderPolicy {
  // [spec]: A `value`, which is an embedder policy value, initially
  // "unsafe-none".
  CrossOriginEmbedderPolicyValue value = CrossOriginEmbedderPolicyValue.kNone;
  // [spec]: A `reporting endpoint` string, initially the empty string.
  string? reporting_endpoint;
  // [spec]: A `report only value`, which is an embedder policy value, initially
  // "unsafe-none".
  CrossOriginEmbedderPolicyValue report_only_value =
      CrossOriginEmbedderPolicyValue.kNone;
  // [spec]: A `report only reporting endpoint` string, initially the empty
  // string.
  string? report_only_reporting_endpoint;
};