1 /* 2 * Copyright (C) 2011 Google Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * * Neither the name of Google Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived from 16 * this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #ifndef ResourceLoaderOptions_h 32 #define ResourceLoaderOptions_h 33 34 #include "core/fetch/FetchInitiatorInfo.h" 35 #include "platform/weborigin/SecurityOrigin.h" 36 37 namespace WebCore { 38 39 enum ContentSniffingPolicy { 40 SniffContent, 41 DoNotSniffContent 42 }; 43 44 enum DataBufferingPolicy { 45 BufferData, 46 DoNotBufferData 47 }; 48 49 enum ContentSecurityPolicyCheck { 50 CheckContentSecurityPolicy, 51 DoNotCheckContentSecurityPolicy 52 }; 53 54 enum RequestInitiatorContext { 55 DocumentContext, 56 WorkerContext, 57 }; 58 59 enum StoredCredentials { 60 AllowStoredCredentials, 61 DoNotAllowStoredCredentials 62 }; 63 64 // APIs like XMLHttpRequest and EventSource let the user decide 65 // whether to send credentials, but they're always sent for 66 // same-origin requests. Additional information is needed to handle 67 // cross-origin redirects correctly. 68 enum CredentialRequest { 69 ClientRequestedCredentials, 70 ClientDidNotRequestCredentials 71 }; 72 73 enum MixedContentBlockingTreatment { 74 TreatAsDefaultForType, 75 TreatAsPassiveContent, 76 TreatAsActiveContent, 77 TreatAsAlwaysAllowedContent 78 }; 79 80 enum SynchronousPolicy { 81 RequestSynchronously, 82 RequestAsynchronously 83 }; 84 85 // A resource fetch can be marked as being CORS enabled. The loader 86 // must perform an access check upon seeing the response. 87 enum CORSEnabled { 88 NotCORSEnabled, 89 IsCORSEnabled 90 }; 91 92 struct ResourceLoaderOptions { ResourceLoaderOptionsResourceLoaderOptions93 ResourceLoaderOptions() 94 : sniffContent(DoNotSniffContent) 95 , dataBufferingPolicy(BufferData) 96 , allowCredentials(DoNotAllowStoredCredentials) 97 , credentialsRequested(ClientDidNotRequestCredentials) 98 , contentSecurityPolicyOption(CheckContentSecurityPolicy) 99 , requestInitiatorContext(DocumentContext) 100 , mixedContentBlockingTreatment(TreatAsDefaultForType) 101 , synchronousPolicy(RequestAsynchronously) 102 , corsEnabled(NotCORSEnabled) 103 { 104 } 105 ResourceLoaderOptionsResourceLoaderOptions106 ResourceLoaderOptions( 107 ContentSniffingPolicy sniffContent, 108 DataBufferingPolicy dataBufferingPolicy, 109 StoredCredentials allowCredentials, 110 CredentialRequest credentialsRequested, 111 ContentSecurityPolicyCheck contentSecurityPolicyOption, 112 RequestInitiatorContext requestInitiatorContext) 113 : sniffContent(sniffContent) 114 , dataBufferingPolicy(dataBufferingPolicy) 115 , allowCredentials(allowCredentials) 116 , credentialsRequested(credentialsRequested) 117 , contentSecurityPolicyOption(contentSecurityPolicyOption) 118 , requestInitiatorContext(requestInitiatorContext) 119 , mixedContentBlockingTreatment(TreatAsDefaultForType) 120 , synchronousPolicy(RequestAsynchronously) 121 , corsEnabled(NotCORSEnabled) 122 { 123 } 124 125 ContentSniffingPolicy sniffContent; 126 DataBufferingPolicy dataBufferingPolicy; 127 StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request. 128 CredentialRequest credentialsRequested; // Whether the client (e.g. XHR) wanted credentials in the first place. 129 ContentSecurityPolicyCheck contentSecurityPolicyOption; 130 FetchInitiatorInfo initiatorInfo; 131 RequestInitiatorContext requestInitiatorContext; 132 MixedContentBlockingTreatment mixedContentBlockingTreatment; 133 SynchronousPolicy synchronousPolicy; 134 CORSEnabled corsEnabled; // If the resource is loaded out-of-origin, whether or not to use CORS. 135 RefPtr<SecurityOrigin> securityOrigin; 136 }; 137 138 } // namespace WebCore 139 140 #endif // ResourceLoaderOptions_h 141