mozIThirdPartyUtil

Method overview

Methods

isThirdPartyChannel()


Determine whether the given channel and its content window hierarchy is third party. This is done as follows:

1. If aChannel is an nsIHttpChannel and has the 'forceAllowThirdPartyCookie' property set, then:
   1. If aURI is null, return false.
   2. Otherwise, find the URI of the channel, determine whether it is foreign with respect to aURI, and return.
2. Find the URI of the channel and determine whether it is third party with respect to the URI of the channel. If so, return.
3. Obtain the bottommost nsIDOMWindow, and its same-type parent if it exists, from the channel's notification callbacks. Then:
   1. If the parent is the same as the bottommost window, and the channel has the LOAD_DOCUMENT_URI flag set, return false. This represents the case where a toplevel load is occurring and the window's URI has not yet been updated. (We have already checked that aURI is not foreign with respect to the channel URI.)
   2. Otherwise, return the result of isThirdPartyWindow() with arguments of the channel's bottommost window and the channel URI, respectively.

Therefore, both the channel's URI and each level in the window hierarchy associated with the channel is tested.

For example, if aURI is "http://mail.google.com/", aChannel has a URI of "http://google.com/", and its parent is the topmost content window with a URI of "http://mozilla.com", the result will be true.

boolean isThirdPartyChannel(
  in nsIChannel aChannel,
  in nsIURI aURI Optional
);

Parameters

aChannel

The channel associated with the load.

aURI Optional

A URI to test against. If null, the URI of the channel will be used.

Return value

true if aURI is third party with respect to the channel URI or any of the URIs associated with the same-type window hierarchy of the channel.

isThirdPartyURI()


Determine whether two URIs are third party with respect to each other. This is determined by computing the base domain for both URIs. If they can be determined, and the base domains match, the request is defined as first party. If it cannot be determined because one or both URIs do not have a base domain (for instance, in the case of IP addresses, host aliases such as 'localhost', or a file:// URI), an exact string comparison on host is performed.

For example, the URI "http://mail.google.com/" is not third party with respect to "http://images.google.com/", but "http://mail.yahoo.com/" and "http://192.168.1.1/" are.

boolean isThirdPartyURI(
  in nsIURI aFirstURI,
  in nsIURI aSecondURI
);

Parameters

aFirstURI

Missing Description

aSecondURI

Missing Description

Return value

true if aFirstURI is third party with respect to aSecondURI.

isThirdPartyWindow()


Determine whether the given window hierarchy is third party. This is done as follows:

1. Obtain the URI of the principal associated with aWindow. Call this the 'bottom URI'.
2. If aURI is provided, determine if it is third party with respect to the bottom URI. If so, return.
3. Find the same-type parent window, if there is one, and its URI. Determine whether it is third party with respect to the bottom URI. If so, return.

Therefore, each level in the window hierarchy is tested. (This means that nested iframes with different base domains, even though the bottommost and topmost URIs might be equal, will be considered third party.)

For example, if aURI is "http://mail.google.com/", 'aWindow' has a URI of "http://google.com/", and its parent is the topmost content window with a URI of "http://mozilla.com", the result will be true.

boolean isThirdPartyWindow(
  in nsIDOMWindow aWindow,
  in nsIURI aURI Optional
);

Parameters

aWindow

The bottommost window in the hierarchy.

aURI Optional

A URI to test against. If null, the URI of the principal associated with aWindow will be used.

Return value

true if aURI is third party with respect to any of the URIs associated with aWindow and its same-type parents.