// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module network.mojom;
import "services/network/public/mojom/source_location.mojom";
enum CoopAccessReportType {
kAccessFromCoopPageToOpener,
kAccessFromCoopPageToOpenee,
kAccessFromCoopPageToOther,
kAccessToCoopPageFromOpener,
kAccessToCoopPageFromOpenee,
kAccessToCoopPageFromOther,
};
// Reports potential COOP violations. Implemented in the browser process.
interface CrossOriginOpenerPolicyReporter {
// Sends a report when two browsing contexts from different virtual browsing
// context groups tries to access each other.
// - |property| is the name of the access property (postMessage, open, ...).
// - |source_location| represents the line of code that triggered the access.
// - |reported_window_url| the sanitized URL of the second window. Empty when
// cross-origin with the reporting window.
QueueAccessReport(CoopAccessReportType report_type, string property,
SourceLocation source_location,
string reported_window_url);
};
// Used to configure AccessMonitors in the renderer process that will report
// accesses to a CrossOriginOpenerPolicyReporter.
struct CrossOriginOpenerPolicyReporterParams {
// The type of report generated by the reporter.
network.mojom.CoopAccessReportType report_type;
// The interface used to queue reports.
pending_remote<network.mojom.CrossOriginOpenerPolicyReporter> reporter;
// Whether the COOP header has at least defines one endpoint defined. When
// there are none, no ReportingObserver event will be emitted since the
// developer of the document is likely not interested in receiving them.
bool endpoint_defined;
// The reported window's sanitized URL. This corresponds to openerURL,
// openeeURL or otherDocumentURL depending on the |report_type|.
string reported_window_url;
};
// Cross-Origin-Opener-Policy enum representing parsed values.
enum CrossOriginOpenerPolicyValue {
// No restriction is applied, the relationship is kept with openers and
// opened documents.
kUnsafeNone,
// Severs the opener relationship with openers that are not same-origin while
// keeping the relationship with opened documents, provided they don't have a
// Cross-Origin-Opener-Policy themselves.
kSameOriginAllowPopups,
// Severs the opener relationship with openers/opened documents that are not
// same-origin.
kSameOrigin,
// COOP: same-origin with a COEP value compatible with crossOriginIsolation.
kSameOriginPlusCoep,
// Restrict which window properties other pages can interact with and vice
// versa. Access of "closed" and "postMessage" remains possible across
// openers.
kRestrictProperties,
// COOP: restrict-properties with a COEP value compatible with
// crossOriginIsolation.
kRestrictPropertiesPlusCoep,
// COOP: noopener-allow-popups severs the opener relationship with any opener.
kNoopenerAllowPopups,
};
// Cross-Origin-Opener-Policy enum representing parsed values.
// Following spec draft:
// https://gist.github.com/annevk/6f2dd8c79c77123f39797f6bdac43f3e
struct CrossOriginOpenerPolicy {
// The value of the policy.
CrossOriginOpenerPolicyValue value =
CrossOriginOpenerPolicyValue.kUnsafeNone;
// The reporting endpoint for the policy.
string? reporting_endpoint;
// The value for the "report only" mode.
CrossOriginOpenerPolicyValue report_only_value =
CrossOriginOpenerPolicyValue.kUnsafeNone;
// The reporting endpoint for the "report only" mode.
string? report_only_reporting_endpoint;
// The value of the policy when the default value of COOP is
// same-origin-allow-popups.
CrossOriginOpenerPolicyValue soap_by_default_value =
CrossOriginOpenerPolicyValue.kUnsafeNone;
};
Codebase Browser
chromium