CINXE.COM

Web Security Checks in Gecko — Firefox Source Docs documentation

<!doctype html> <html class="writer-html5" lang="en" data-content_root="../"> <head> <base href="https://firefox-source-docs.mozilla.org/content-security/index.html"> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Web Security Checks in Gecko — Firefox Source Docs documentation</title> <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50"> <link rel="stylesheet" type="text/css" href="../_static/css/theme.css?v=19f00094"> <link rel="stylesheet" type="text/css" href="../_static/graphviz.css?v=fd3f3429"> <link rel="stylesheet" type="text/css" href="../_static/copybutton.css?v=76b2166b"> <link rel="stylesheet" type="text/css" href="../_static/custom_theme.css?v=a7d3e023"> <link rel="stylesheet" type="text/css" href="../_static/design-style.1e8bd061cd6da7fc9cf755528e8ffc24.min.css?v=0a3b3ea7"> <link rel="shortcut icon" href="../_static/firefox.ico"><!--[if lt IE 9]> <script src="../_static/js/html5shiv.min.js"></script> <![endif]--> <script src="../_static/jquery.js?v=5d32c60e"></script> <script src="../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script> <script src="../_static/documentation_options.js?v=5929fcd5"></script> <script src="../_static/doctools.js?v=9a2dae69"></script> <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> <script src="../_static/clipboard.min.js?v=a7894cd8"></script> <script src="../_static/copybutton.js?v=30646c52"></script> <script src="../_static/design-tabs.js?v=36754332"></script> <script src="../_static/js/theme.js"></script> <link rel="index" title="Index" href="../genindex.html"> <link rel="search" title="Search" href="../search.html"> <link rel="next" title="Mach" href="../mach/index.html"> <link rel="prev" title="Community" href="../security/nss/community.html"> <meta http-equiv="X-Translated-By" content="Google"> <meta http-equiv="X-Translated-To" content="tr"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.1hbgkFx4Qn8.O/am=DgY/d=1/rs=AN8SPfqlmAPxwfG457BPbRXwNq39oSMGHg/m=corsproxy" data-sourceurl="https://firefox-source-docs.mozilla.org/content-security/index.html"></script> <link href="https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200" rel="stylesheet"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.1hbgkFx4Qn8.O/am=DgY/d=1/exm=corsproxy/ed=1/rs=AN8SPfqlmAPxwfG457BPbRXwNq39oSMGHg/m=phishing_protection" data-phishing-protection-enabled="false" data-forms-warning-enabled="true" data-source-url="https://firefox-source-docs.mozilla.org/content-security/index.html"></script> <meta name="robots" content="none"> </head> <body class="wy-body-for-nav"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.1hbgkFx4Qn8.O/am=DgY/d=1/exm=corsproxy,phishing_protection/ed=1/rs=AN8SPfqlmAPxwfG457BPbRXwNq39oSMGHg/m=navigationui" data-environment="prod" data-proxy-url="https://firefox--source--docs-mozilla-org.translate.goog" data-proxy-full-url="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB" data-source-url="https://firefox-source-docs.mozilla.org/content-security/index.html" data-source-language="pl" data-target-language="tr" data-display-language="en-GB" data-detected-source-language="" data-is-source-untranslated="false" data-source-untranslated-url="https://translate.google.com/website?sl=pl&amp;tl=tr&amp;hl=en-GB&amp;u=https://firefox-source-docs.mozilla.org/content-security/index.html&amp;anno=2" data-client="tr"></script> <div class="wy-grid-for-nav"> <nav data-toggle="wy-nav-shift" class="wy-nav-side"> <div class="wy-side-scroll"> <div class="wy-side-nav-search"><a href="https://firefox--source--docs-mozilla-org.translate.goog/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB" class="icon icon-home"> Firefox Source Docs <img src="../_static/firefox-wordmark.svg" class="logo" alt="Logo"> </a><!-- -- This code is governed by the BSD license ----> <div> <h3>Quick search</h3> <script> (function () { var cx = "dd12886298f75dbef"; var gcse = document.createElement("script"); gcse.async = true; gcse.src = "https://cse.google.com/cse.js?cx=" + cx; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(gcse, s); })(); </script><gcse:search></gcse:search> </div> </div> <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu"> <p class="caption" role="heading"><span class="caption-text">Overview</span></p> <ul> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/glossary/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">A Glossary of Common Terms</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/overview/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">A Quick Guide to Mozilla Applications</a></li> </ul> <p class="caption" role="heading"><span class="caption-text">Getting Started</span></p> <ul> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/setup/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Getting Set Up To Work On The Firefox Codebase</a></li> </ul> <p class="caption" role="heading"><span class="caption-text">Working On Firefox</span></p> <ul> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/contributing/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Working on Firefox</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/bug-mgmt/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Bug Handling</a></li> </ul> <p class="caption" role="heading"><span class="caption-text">Firefox User Guide</span></p> <ul> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/devtools-user/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Firefox DevTools User Docs</a></li> </ul> <p class="caption" role="heading"><span class="caption-text">Source Code Documentation</span></p> <ul class="current"> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/mots/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Governance</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/browser/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Firefox Front-end</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/dom/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">DOM</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/editor/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Editor</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/layout/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Style system (CSS) &amp; Layout</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/gfx/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Graphics</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/ipc/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Processes, Threads and IPC</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/devtools/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Firefox DevTools Contributor Docs</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/toolkit/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Toolkit</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/js/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">SpiderMonkey</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/mobile/android/geckoview/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">GeckoView</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/mobile/android/fenix/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Fenix</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/mobile/android/focus-android/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Focus for Android</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/dom/bindings/webidl/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">WebIDL</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/modules/libpref/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">libpref</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/networking/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Networking</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/remote/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Remote Protocols</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/services/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Services</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/uriloader/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">File Handling</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/widget/cocoa/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Firefox on macOS</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/widget/windows/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Firefox on Windows</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/toolkit/components/ml/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Firefox AI Platform</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/accessible/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Accessibility</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/code-quality/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Code quality</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/writing-rust-code/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Writing Rust Code</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/rust-components/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Rust Components</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/tools/profiler/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Gecko Profiler</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/performance/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Performance</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/storage/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Database bindings (SQLite, KV, …)</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/xpcom/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">XPCOM</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/nspr/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">NSPR</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/security/nss/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Network Security Services (NSS)</a></li> <li class="toctree-l1 current"><a class="current reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#">Web Security Checks in Gecko</a> <ul> <li class="toctree-l2"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#key-concepts-and-terminology">Key Concepts and Terminology</a> <ul> <li class="toctree-l3"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#security-principal-nsiprincipal">Security Principal (nsIPrincipal)</a></li> <li class="toctree-l3"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#originattributes">OriginAttributes</a></li> <li class="toctree-l3"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#attributes">Attributes</a></li> <li class="toctree-l3"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#load-info-object-nsiloadinfo">Load Info Object (nsILoadInfo)</a></li> <li class="toctree-l3"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#id1">Attributes:</a></li> </ul></li> <li class="toctree-l2"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#loading-lifecycle-in-firefox">Loading Lifecycle in Firefox</a> <ul> <li class="toctree-l3"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#from-request-to-response">From Request to Response</a></li> <li class="toctree-l3"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#role-of-nsichannel-and-nsiloadinfo">Role of nsIChannel and nsILoadInfo</a></li> </ul></li> <li class="toctree-l2"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#security-checks-during-loading">Security Checks During Loading</a> <ul> <li class="toctree-l3"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#pre-request-checks">Pre-Request Checks</a></li> <li class="toctree-l3"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#contentsecuritymanager-and-docontentsecuritycheck">ContentSecurityManager and doContentSecurityCheck()</a></li> <li class="toctree-l3"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#subsumes-concept">Subsumes Concept</a></li> <li class="toctree-l3"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#references">References</a></li> </ul></li> </ul></li> </ul> <p class="caption" role="heading"><span class="caption-text">The Firefox Build System</span></p> <ul> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/mach/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Mach</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/tools/try/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Pushing to Try</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/build/buildsystem/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Build System</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/taskcluster/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Firefox CI and Taskgraph</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/tools/moztreedocs/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Managing Documentation</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/mozbuild/vendor/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Vendoring Third Party Components</a></li> </ul> <p class="caption" role="heading"><span class="caption-text">Testing &amp; Test Infrastructure</span></p> <ul> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/automated-testing/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Automated Testing</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/treeherder-try/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Understanding Treeherder Results</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/sheriffed-intermittents/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Sheriffed intermittent failures</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/tests-for-new-config/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Turning on Firefox tests for a new configuration</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/intermittent/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Avoiding intermittent tests</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/testing-policy/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Testing Policy</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/ci-configs/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Configuration Changes</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/browser-chrome/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Browser chrome mochitests</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/chrome-tests/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Chrome Tests</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/marionette/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Marionette</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/geckodriver/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">geckodriver</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/test-verification/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Test Verification</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/webrender/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">WebRender Tests</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/mochitest-plain/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Mochitest</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/xpcshell/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">XPCShell tests</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/tps/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">TPS</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/web-platform/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">web-platform-tests</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/gtest/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">GTest</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/tools/fuzzing/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Fuzzing</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/tools/sanitizer/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Sanitizer</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing/perfdocs/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Performance Testing</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/tools/code-coverage/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Code coverage</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/testing-rust-code/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Testing &amp; Debugging Rust Code</a></li> </ul> <p class="caption" role="heading"><span class="caption-text">Releases &amp; Updates</span></p> <ul> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/update-infrastructure/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Mozilla Update Infrastructure</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/update-infrastructure/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#watershed-updates">Watershed Updates</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/update-infrastructure/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#desupport-updates">Desupport Updates</a></li> </ul> <p class="caption" role="heading"><span class="caption-text">Localization &amp; Internationalization</span></p> <ul> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/intl/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Internationalization</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/l10n/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Localization</a></li> </ul> <p class="caption" role="heading"><span class="caption-text">Firefox and Python</span></p> <ul> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/mozbase/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">mozbase</a></li> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/python/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Using third-party Python packages</a></li> </ul> <p class="caption" role="heading"><span class="caption-text">Metrics Collected in Firefox</span></p> <ul> <li class="toctree-l1"><a class="reference internal" href="https://firefox--source--docs-mozilla-org.translate.goog/metrics/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Metrics</a></li> </ul> </div> </div> </nav> <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> <nav class="wy-nav-top" aria-label="Mobile navigation menu"><i data-toggle="wy-nav-top" class="fa fa-bars"></i> <a href="https://firefox--source--docs-mozilla-org.translate.goog/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">Firefox Source Docs</a> </nav> <div class="wy-nav-content"> <div class="rst-content"><!-- This Source Code Form is subject to the terms of the Mozilla Public - License, v. 2.0. If a copy of the MPL was not distributed with this file, - You can obtain one at http://mozilla.org/MPL/2.0/. --> <div role="navigation" aria-label="Page navigation"> <ul class="wy-breadcrumbs"> <li><a href="https://firefox--source--docs-mozilla-org.translate.goog/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB" class="icon icon-home" aria-label="Home"></a></li> <li class="breadcrumb-item active">Web Security Checks in Gecko</li> <li class="wy-breadcrumbs-aside"><a href="https://translate.google.com/website?sl=pl&amp;tl=tr&amp;hl=en-GB&amp;u=https://bugzilla.mozilla.org/enter_bug.cgi?product%3DDeveloper%2BInfrastructure%26component%3DFirefox%2BSource%2BDocs%253A%2BContent%26short_desc%3DDocumentation%2Bissue%2Bon%2Bcontent-security/index%26comment%3DURL%2B%3D%2Bhttps://firefox-source-docs.mozilla.org/content-security/index.html%26bug_file_loc%3Dhttps://firefox-source-docs.mozilla.org/content-security/index.html" rel="nofollow">Report an issue</a> / <a href="https://firefox--source--docs-mozilla-org.translate.goog/_sources/content-security/index.rst.txt?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB" rel="nofollow"> View page source</a></li> </ul> <hr> </div> <div role="main" class="document" itemscope itemtype="http://schema.org/Article"> <div itemprop="articleBody"> <section id="web-security-checks-in-gecko"> <h1>Web Security Checks in Gecko<a class="headerlink" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#web-security-checks-in-gecko" title="Link to this heading">¶</a></h1> <section id="key-concepts-and-terminology"> <h2>Key Concepts and Terminology<a class="headerlink" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#key-concepts-and-terminology" title="Link to this heading">¶</a></h2> <section id="security-principal-nsiprincipal"> <h3>Security Principal (nsIPrincipal)<a class="headerlink" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#security-principal-nsiprincipal" title="Link to this heading">¶</a></h3> <p>A Security Principal represents the security context for a piece of code or data. Firefox uses four types of principals:</p> <ul class="simple"> <li><p><strong>ContentPrincipal</strong>: Used for typical web pages and can be serialized to an origin URL, e.g., <a class="reference external" href="https://translate.google.com/website?sl=pl&amp;tl=tr&amp;hl=en-GB&amp;u=https://example.com/">https://example.com/</a>.</p></li> <li><p><strong>NullPrincipal</strong>: Used for pages that are never same-origin with anything else, such as iframes with the sandbox attribute or documents loaded with a data: URI. This is also known as an opaque origin.</p></li> <li><p><strong>SystemPrincipal</strong>: Used for the browser’s user interface, commonly referred to as “browser chrome”, and various other background services (OCSP requests, fetching favicons). Pages like <a class="reference external" href="about:preferences?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB">about:preferences</a> use the SystemPrincipal.</p></li> <li><p><strong>ExpandedPrincipal</strong>: Used by browser extensions that need to assume the security context of a website. An ExpandedPrincipal is best understood as a list of principals.</p></li> </ul> </section> <section id="originattributes"> <h3>OriginAttributes<a class="headerlink" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#originattributes" title="Link to this heading">¶</a></h3> <p><cite>OriginAttributes</cite> help in managing and enforcing security policies by distinguishing different security contexts that might otherwise be considered the same based on their Principal. They are used to:</p> <ul class="simple"> <li><p>Isolate data and resources in private browsing mode.</p></li> <li><p>Implement cache isolation.</p></li> <li><p>Manage user context identifiers for container tabs.</p></li> <li><p>Enforce first-party isolation.</p></li> </ul> </section> <section id="attributes"> <h3>Attributes<a class="headerlink" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#attributes" title="Link to this heading">¶</a></h3> <p>The <cite>OriginAttributes</cite> class extends the functionality of <cite>dom::OriginAttributesDictionary</cite> and includes additional methods for setting and managing various attributes.</p> <p>Key attributes include:</p> <ul class="simple"> <li><p><strong>FirstPartyDomain</strong>: Used to isolate data based on the domain.</p></li> <li><p><strong>UserContextId</strong>: Identifies different user contexts, such as container tabs.</p></li> <li><p><strong>PrivateBrowsingId</strong>: Indicates whether a request is made in private browsing mode.</p></li> <li><p><strong>PartitionKey</strong>: Used to implement cache isolation.</p></li> </ul> </section> <section id="load-info-object-nsiloadinfo"> <h3>Load Info Object (nsILoadInfo)<a class="headerlink" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#load-info-object-nsiloadinfo" title="Link to this heading">¶</a></h3> <p>The <cite>nsILoadInfo</cite> object is crucial for security checks. It holds all security-relevant attributes, including security flags indicating what checks need to be performed and the associated Principal.</p> </section> <section id="id1"> <h3>Attributes:<a class="headerlink" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#id1" title="Link to this heading">¶</a></h3> <ul class="simple"> <li><p><cite>loadingPrincipal</cite>: The principal of the document where the result of the load will be used.</p></li> <li><p><cite>triggeringPrincipal</cite>: The principal that triggered the URL to load.</p></li> <li><p><cite>securityFlags</cite>: Indicate the type of security checks required.</p></li> <li><p><cite>contentPolicyType</cite>: Specifies the type of content being loaded, used for security checks like Content Security Policy.</p></li> </ul> </section> </section> <section id="loading-lifecycle-in-firefox"> <h2>Loading Lifecycle in Firefox<a class="headerlink" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#loading-lifecycle-in-firefox" title="Link to this heading">¶</a></h2> <section id="from-request-to-response"> <h3>From Request to Response<a class="headerlink" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#from-request-to-response" title="Link to this heading">¶</a></h3> <ol class="arabic simple"> <li><p><strong>Request Initiation</strong>: A web page initiates a request.</p></li> <li><p><strong>nsIChannel Creation</strong>: Firefox creates an <cite>nsIChannel</cite> object, representing the request.</p></li> <li><p><strong>nsILoadInfo Attachment</strong>: An <cite>nsILoadInfo</cite> object is required for the creation of an <cite>nsIChannel</cite> and holds security-related information.</p></li> <li><p><strong>Security Checks</strong>: Security checks are performed using the <cite>ContentSecurityManager</cite>.</p></li> <li><p><strong>Request Execution</strong>: If all checks pass, the request proceeds.</p></li> </ol> </section> <section id="role-of-nsichannel-and-nsiloadinfo"> <h3>Role of nsIChannel and nsILoadInfo<a class="headerlink" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#role-of-nsichannel-and-nsiloadinfo" title="Link to this heading">¶</a></h3> <ul class="simple"> <li><p><strong>nsIChannel</strong>: Manages the transport algorithm (e.g., HTTP, WebSocket).</p></li> <li><p><strong>nsILoadInfo</strong>: Holds security relevant meta information of a network load and determines what security checks need to be enforced.</p></li> </ul> </section> </section> <section id="security-checks-during-loading"> <h2>Security Checks During Loading<a class="headerlink" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#security-checks-during-loading" title="Link to this heading">¶</a></h2> <section id="pre-request-checks"> <h3>Pre-Request Checks<a class="headerlink" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#pre-request-checks" title="Link to this heading">¶</a></h3> <ul class="simple"> <li><p><strong>Same-Origin Policy</strong>: Ensures resources are only accessed if they share the same origin.</p></li> <li><p><strong>Content Security Policy</strong>: Enforces content restrictions based on policies defined by the site.</p></li> <li><p><strong>Mixed Content Blocking</strong>: Implements the Mixed Content standard, including blocking and upgrading of insecure (HTTP) content on secure (HTTPS) pages.</p></li> </ul> </section> <section id="contentsecuritymanager-and-docontentsecuritycheck"> <h3>ContentSecurityManager and doContentSecurityCheck()<a class="headerlink" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#contentsecuritymanager-and-docontentsecuritycheck" title="Link to this heading">¶</a></h3> <ul class="simple"> <li><p><strong>ContentSecurityManager</strong>: Centralized manager for performing security checks.</p></li> <li><p><strong>PerformSecurityCheck()</strong>: Key function that is invoked to perform all relevant security checks before a request is executed.</p></li> </ul> </section> <section id="subsumes-concept"> <h3>Subsumes Concept<a class="headerlink" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#subsumes-concept" title="Link to this heading">¶</a></h3> <ul class="simple"> <li><p><strong>Definition</strong>: A principal subsumes another if it has access to the same resources.</p></li> <li><p><strong>Implementation</strong>: <cite>aPrincipal-&gt;Subsumes(aOtherPrincipal)</cite> is used to check access permissions.</p></li> </ul> <p>Code example:</p> <div class="highlight-default notranslate"> <div class="highlight"> <pre><span></span><span class="nb">bool</span> <span class="n">subsumes</span> <span class="o">=</span> <span class="n">principal1</span><span class="o">-&gt;</span><span class="n">Subsumes</span><span class="p">(</span><span class="n">principal2</span><span class="p">);</span> </pre> </div> </div> <p>Subsumption is asymmetrical. One principal subsuming the other does not imply the inverse. A typical example is the <cite>SystemPrincipal</cite>, which subsumes all other principals.</p> </section> <section id="references"> <h3>References<a class="headerlink" href="https://firefox--source--docs-mozilla-org.translate.goog/content-security/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB#references" title="Link to this heading">¶</a></h3> <p>The interface definition in source code have a lot of detailed comments:</p> <ul class="simple"> <li><p>The <a class="reference external" href="https://translate.google.com/website?sl=pl&amp;tl=tr&amp;hl=en-GB&amp;u=https://searchfox.org/mozilla-central/source/caps/nsIPrincipal.idl">nsIPrincipal</a> interface definition.</p></li> <li><p>The <a class="reference external" href="https://translate.google.com/website?sl=pl&amp;tl=tr&amp;hl=en-GB&amp;u=https://searchfox.org/mozilla-central/source/netwerk/base/nsILoadInfo.idl">nsILoadInfo</a> interface definition.</p></li> <li><p>The <a class="reference external" href="https://translate.google.com/website?sl=pl&amp;tl=tr&amp;hl=en-GB&amp;u=https://searchfox.org/mozilla-central/source/dom/interfaces/security/nsIContentSecurityManager.idl">nsIContentSecurityManager</a> interface definition</p></li> </ul> </section> </section> </section> </div> </div> <footer> <div class="rst-footer-buttons" role="navigation" aria-label="Footer"><a href="https://firefox--source--docs-mozilla-org.translate.goog/security/nss/community.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB" class="btn btn-neutral float-left" title="Community" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a> <a href="https://firefox--source--docs-mozilla-org.translate.goog/mach/index.html?_x_tr_sl=pl&amp;_x_tr_tl=tr&amp;_x_tr_hl=en-GB" class="btn btn-neutral float-right" title="Mach" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a> </div> <hr> <div role="contentinfo"> <p></p> </div> Built with <a href="https://translate.google.com/website?sl=pl&amp;tl=tr&amp;hl=en-GB&amp;u=https://www.sphinx-doc.org/">Sphinx</a> using a <a href="https://translate.google.com/website?sl=pl&amp;tl=tr&amp;hl=en-GB&amp;u=https://github.com/readthedocs/sphinx_rtd_theme">theme</a> provided by <a href="https://translate.google.com/website?sl=pl&amp;tl=tr&amp;hl=en-GB&amp;u=https://readthedocs.org">Read the Docs</a>. </footer> </div> </div> </section> </div> <script> jQuery(function () { SphinxRtdTheme.Navigation.enable(true); }); </script> <script>function gtElInit() {var lib = new google.translate.TranslateService();lib.translatePage('pl', 'tr', function () {});}</script> <script src="https://translate.google.com/translate_a/element.js?cb=gtElInit&amp;hl=en-GB&amp;client=wt" type="text/javascript"></script> </body> </html>

Pages： 1 2 3 4 5 6 7 8 9 10