// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module network.mojom;
import "services/network/public/mojom/content_security_policy.mojom";
import "services/network/public/mojom/cross_origin_embedder_policy.mojom";
import "services/network/public/mojom/cross_origin_opener_policy.mojom";
import "services/network/public/mojom/document_isolation_policy.mojom";
import "services/network/public/mojom/link_header.mojom";
import "services/network/public/mojom/no_vary_search.mojom";
import "services/network/public/mojom/supports_loading_mode.mojom";
import "services/network/public/mojom/timing_allow_origin.mojom";
import "services/network/public/mojom/web_client_hints_types.mojom";
import "services/network/public/mojom/x_frame_options.mojom";
enum OriginAgentClusterValue {
kAbsent, // No Origin-Agent-Cluster header specified.
kTrue, // Origin-Agent-Cluster: ?1.
kFalse // Origin-Agent-Cluster: ?0.
};
// Holds the parsed representation of several security related HTTP headers.
// This struct should only be populated by network::PopulateParsedHeaders().
// ParsedHeaders are used only for navigational requests and for worker and
// serviceworker main requests. They are ignored for subresources.
struct ParsedHeaders {
// The parsed Content-Security-Policy from the response headers.
array<ContentSecurityPolicy> content_security_policy;
// The parsed value of the Allow-CSP-From response header.
AllowCSPFromHeaderValue? allow_csp_from;
// The parsed representation of Cross-Origin-Embedder-Policy and
// Cross-Origin-Embedder-Policy-Report-Only headers.
CrossOriginEmbedderPolicy cross_origin_embedder_policy;
// The parsed value of the Cross-Origin-Opener-Policy (COOP) and
// Cross-Origin-Opener-Policy-Report-Only headers.
CrossOriginOpenerPolicy cross_origin_opener_policy;
// The parsed value of the Document-Isolation-Policy (DIP) and
// Document-Isolation-Policy-Report-Only headers.
DocumentIsolationPolicy document_isolation_policy;
// The parsed value of the Origin-Agent-Cluster header.
OriginAgentClusterValue origin_agent_cluster;
// The parsed Accept-CH from response headers.
//
// If this is missing, there is no valid accept-ch header, so client hints
// handling should not change.
//
// If this is present and an empty array, this means that client hints should
// be disabled (if updating client hint preference is valid in this context).
array<WebClientHintsType>? accept_ch;
// The parsed Critical-CH response header.
//
// Should be parsed in the same way (i.e. same tokens and grammar) as the
// Accept-CH header.
//
// Indicates that if these headers are missing from the Client Hint
// preference storage but not otherwise blocked from being sent, the
// appropriate preferences should be stored and the request should be
// restarted (with the new client hint preferences taken into account).
//
// All hints present in the Critical-CH header SHOULD also be present in the
// Accept-CH header.
//
// An empty list means the headers value was empty (i.e. 'Critical-CH:'). A
// null value means the header was not present in the response. These are
// both functionally a no-op.
//
// For more information, see:
// https://tools.ietf.org/html/draft-davidben-http-client-hint-reliability#section-3
array<WebClientHintsType>? critical_ch;
// If the client hint headers should be ignored due to a Clear-Site-Data
// header this is true so that when re-parsing the headers from cache we know
// to keep them cleared. If this field is true but accept_ch or critical_ch
// contain values, accept_ch and critical_ch should take precedence.
bool client_hints_ignored_due_to_clear_site_data_header;
// The parsed value of the X-Frame-Options header.
XFrameOptionsValue xfo = XFrameOptionsValue.kNone;
// The parsed Link headers.
array<LinkHeader> link_headers;
TimingAllowOrigin? timing_allow_origin;
// The parsed Supports-Loading-Mode header.
// For more information, see:
// https://wicg.github.io/nav-speculation/prerendering.html#supports-loading-mode
array<LoadingMode> supports_loading_mode;
// Parsed mapping of endpoint names to URLs from the Reporting-Endpoints
// header. Will be null if that header was not present in the response.
// URLs are represented here as strings, and have not been validated.
map<string,string>? reporting_endpoints;
// The parsed Cookie-Indices response header.
//
// Lists cookie names which might affect whether this content is cacheable.
// Responses should not be cached if one of the named cookies has a changed
// value.
//
// This field is populated even if `Vary: Cookie` is not specified (and it
// would therefore be ineffective).
//
// https://mnot.github.io/I-D/draft-nottingham-http-availability-hints.html#name-cookie
array<string>? cookie_indices;
// The parsed Avail-Language response header.
//
// The Avail-Language response header field is the availability hint for
// content negotiation using the Accept-Language request header field defined
// in https://www.rfc-editor.org/rfc/rfc9110#section-12.5.4. The default
// language, if provided, will be put in the first language.
//
// If Structured Header parsing fails or a member's value does have the
// structure outlined as defined, the client MUST treat the representation as
// having no Avail-Language header field.
//
// It will only be populated when the kReduceAcceptLanguage feature is
// enabled.
//
// For more information, see:
// https://mnot.github.io/I-D/draft-nottingham-http-availability-hints.html#section-5.3.
array<string>? avail_language;
// The parsed value of the Content-Language header.
array<string>? content_language;
// The parsed value of the No-Vary-Search header including parse error
// indicator. Null if not present or if No-Vary-Search header represents
// the default URL search variance.
// For more information, see:
// https://wicg.github.io/nav-speculation/no-vary-search.html#model
NoVarySearchWithParseError? no_vary_search_with_parse_error;
// The parsed value of the Observe-Browsing-Topics header. See:
// https://patcg-individual-drafts.github.io/topics/#the-observe-browsing-topics-http-response-header-header
bool observe_browsing_topics;
// The parsed value of the Allow-Cross-Origin-Event-Reporting header. See:
// https://wicg.github.io/fenced-frame/#fenced-frame-config-cross-origin-reporting-allowed
bool allow_cross_origin_event_reporting;
// Please update `CheckParsedHeadersEquals` after adding new fields.
};
Codebase Browser
chromium