2 * Copyright (C) 2011 Google Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above
11 * copyright notice, this list of conditions and the following disclaimer
12 * in the documentation and/or other materials provided with the
14 * * Neither the name of Google Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived from
16 * this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 #ifndef ResourceLoaderOptions_h
32 #define ResourceLoaderOptions_h
34 #include "core/fetch/FetchInitiatorInfo.h"
35 #include "platform/weborigin/SecurityOrigin.h"
39 enum ContentSniffingPolicy {
44 enum DataBufferingPolicy {
49 enum ContentSecurityPolicyCheck {
50 CheckContentSecurityPolicy,
51 DoNotCheckContentSecurityPolicy
54 enum RequestInitiatorContext {
59 enum StoredCredentials {
60 AllowStoredCredentials,
61 DoNotAllowStoredCredentials
64 // APIs like XMLHttpRequest and EventSource let the user decide
65 // whether to send credentials, but they're always sent for
66 // same-origin requests. Additional information is needed to handle
67 // cross-origin redirects correctly.
68 enum CredentialRequest {
69 ClientRequestedCredentials,
70 ClientDidNotRequestCredentials
73 enum MixedContentBlockingTreatment {
74 TreatAsDefaultForType,
75 TreatAsPassiveContent,
77 TreatAsAlwaysAllowedContent
80 enum SynchronousPolicy {
85 // A resource fetch can be marked as being CORS enabled. The loader
86 // must perform an access check upon seeing the response.
92 struct ResourceLoaderOptions {
93 ResourceLoaderOptions()
94 : sniffContent(DoNotSniffContent)
95 , dataBufferingPolicy(BufferData)
96 , allowCredentials(DoNotAllowStoredCredentials)
97 , credentialsRequested(ClientDidNotRequestCredentials)
98 , contentSecurityPolicyOption(CheckContentSecurityPolicy)
99 , requestInitiatorContext(DocumentContext)
100 , mixedContentBlockingTreatment(TreatAsDefaultForType)
101 , synchronousPolicy(RequestAsynchronously)
102 , corsEnabled(NotCORSEnabled)
106 ResourceLoaderOptions(
107 ContentSniffingPolicy sniffContent,
108 DataBufferingPolicy dataBufferingPolicy,
109 StoredCredentials allowCredentials,
110 CredentialRequest credentialsRequested,
111 ContentSecurityPolicyCheck contentSecurityPolicyOption,
112 RequestInitiatorContext requestInitiatorContext)
113 : sniffContent(sniffContent)
114 , dataBufferingPolicy(dataBufferingPolicy)
115 , allowCredentials(allowCredentials)
116 , credentialsRequested(credentialsRequested)
117 , contentSecurityPolicyOption(contentSecurityPolicyOption)
118 , requestInitiatorContext(requestInitiatorContext)
119 , mixedContentBlockingTreatment(TreatAsDefaultForType)
120 , synchronousPolicy(RequestAsynchronously)
121 , corsEnabled(NotCORSEnabled)
125 ContentSniffingPolicy sniffContent;
126 DataBufferingPolicy dataBufferingPolicy;
127 StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request.
128 CredentialRequest credentialsRequested; // Whether the client (e.g. XHR) wanted credentials in the first place.
129 ContentSecurityPolicyCheck contentSecurityPolicyOption;
130 FetchInitiatorInfo initiatorInfo;
131 RequestInitiatorContext requestInitiatorContext;
132 MixedContentBlockingTreatment mixedContentBlockingTreatment;
133 SynchronousPolicy synchronousPolicy;
134 CORSEnabled corsEnabled; // If the resource is loaded out-of-origin, whether or not to use CORS.
135 RefPtr<SecurityOrigin> securityOrigin;
138 } // namespace WebCore
140 #endif // ResourceLoaderOptions_h