Readonly aboutIf aboutBlankInherits is true, then about:blank should inherit the principal.
Readonly allowIf allowChrome is true, then use nsIScriptSecurityManager::ALLOW_CHROME when calling CheckLoadURIWithPrincipal().
We disallow the SystemPrincipal to initiate requests to the public web. This flag is to allow exceptions.
If true, insecure redirects to a data: URI are allowed.
During a top-level document channel redirect from tracking to non-tracking resources, our anti-tracking heuristic, grants the storage access permission for a short amount of seconds (See privacy.restrict3rdpartystorage.expiration_redirect pref). We use this flag to remember this decision even if this channel is part of a chain of redirects.
Readonly blockReturns true if document or any of the documents ancestors up to the toplevel document make use of the CSP directive 'block-all-mixed-content'.
Warning: If the loadingDocument is null, then the blockAllMixedContent is false.
Returns true if the display content was or will get upgraded from http to https. Requires 'security.mixed_content.upgrade_display_content' pref to be true. Flag is set purely to collect telemetry.
Readonly browserReturns true if the the page is https and the content is upgradable from http requires 'security.mixed_content.upgrade_display_content' pref to be true. Currently this only upgrades display content but might be expanded to other loads. This is very similar in implementation to upgradeInsecureRequests but browser set.
Readonly browserReturns true if the the page is https and the content is upgradable from http requires 'security.mixed_content.upgrade_display_content' pref to be false. See browserUpgradeInsecureRequests for more details, this only happens when not upgrading purely for telemetry.
Readonly browsingReadonly browsingThe BrowsingContext performing the load for this nsILoadInfo object.
This is the URI used to create the most recent channel in the load's
redirect chain, if it's different from channel's originalURI.
This is always null for loads not handled by DocumentLoadListener. If
non-null, channelCreationOriginalURI will be used instead of channel's
originalURI to re-create the channel in the final content process selected
to perform the load.
The cookie jar settings inherited from the top-level document's loadInfo. It cannot be null.
Readonly cookieSee the SEC_COOKIES_* flags above. This attribute will never return SEC_COOKIES_DEFAULT, but will instead return what the policy resolves to. I.e. SEC_COOKIES_SAME_ORIGIN for CORS mode, and SEC_COOKIES_INCLUDE otherwise.
The object in charged to receive CSP violation events. It can be null. This attribute will be merged into the CSP object eventually. See bug 1500908.
A snapshot of the nonce at load start time which is used for CSP checks and only set for:
Readonly disallowIf disallowScript is true, then use nsIScriptSecurityManager::DISALLOW_SCRIPT when calling CheckLoadURIWithPrincipal().
The top-level document has been user-interacted.
Readonly dontReturns true if SEC_DONT_FOLLOW_REDIRECTS is set.
Readonly externalThe external contentPolicyType of the channel, used for security checks like Mixed Content Blocking and Content Security Policy.
Specifically, content policy types with INTERNAL in their name will never get returned from this attribute.
If true, toplevel data: URI navigation is allowed
Readonly forceIf forceInheritPrincipal is true, the data coming from the channel should inherit its principal, even when the data is loaded over http:// or another protocol that would normally use a URI-based principal.
See the documentation for principalToInherit, which describes exactly what principal is inherited.
This attribute will never be true when loadingSandboxed is true.
Readonly forceThe SEC_FORCE_INHERIT_PRINCIPAL flag may be dropped when a load info object is created. Specifically, it will be dropped if the SANDBOXED_ORIGIN sandbox flag is also present. This flag is set if SEC_FORCE_INHERIT_PRINCIPAL was dropped.
Readonly forceIf forceInheritPrincipalOverruleOwner is true, the data coming from the channel should inherit the principal, even when the data is loaded over http:// or another protocol that would normally use a URI-based principal and even if the channel's .owner is not null. This last is the difference between forceInheritPrincipalOverruleOwner and forceInheritPrincipal: the latter does not overrule the .owner setting.
See the documentation for principalToInherit, which describes exactly what principal is inherited.
Readonly forceReturns value set through setCorsPreflightInfo.
Readonly frameReadonly frameOnly when the element being loaded is (or, more generally, if the element QIs to nsFrameLoaderOwner), the frameBrowsingContext is the browsing context containing the foo.html document.
Note: For other cases, frameBrowsingContextID is 0.
Whether nsICookieInjector has injected a cookie for this request to handle a cookie banner. This is only done for top-level requests.
Returns true if at the time of the loadinfo construction the document that triggered this load has the bit hasValidTransientUserGestureActivation set or the load was triggered from External. (Mostly this bool is used in the context of Sec-Fetch-User.)
Upgrade state of HTTPS-Only Mode. The flag HTTPS_ONLY_EXEMPT can get set on requests that should be excempt from an upgrade.
Whenever a channel is evaluated by the ContentSecurityManager the first time, we set this flag to true to indicate that subsequent calls of AsyncOpen() do not have to enforce all security checks again. E.g., after a redirect there is no need to set up CORS again. We need this separate flag because the redirectChain might also contain internal redirects which might pollute the redirectChain so we can't rely on the size of the redirectChain-array to query whether a channel got redirected or not.
Please note, once the flag is set to true it must remain true throughout the lifetime of the channel. Trying to set it to anything else than true will be discarded.
Readonly innerThis is the inner window ID of the window in which the element being loaded lives.
Note that this window ID can be 0 if the window is not available.
Readonly internalTrue if the load was initiated by a form request. This is important to know to handle the CSP directive navigate-to.
This attribute will be true if the fetch request is from object or embed elements
Readonly isThis attribute will be true if this is a load triggered by https://html.spec.whatwg.org/multipage/iframe-embed-object.html#process-the-iframe-attributes or https://html.spec.whatwg.org/multipage/obsolete.html#process-the-frame-attributes
True if this request is from DevTools.
True if this request is embedded in a context that can't be third-party (i.e. an iframe embedded in a cross-origin parent window). If this is false, then this request may be third-party if it's a third-party to loadingPrincipal.
This attribute will be true if this is a load triggered by a media element and it's an initial request.
This attribute will be true if this is a load triggered by a media element.
True if the load was triggered by a meta refresh.
This attribute will be true if the top level document has COEP: credentialless enabled in Origin Trial.
Readonly isA C++ friendly getter for the forcePreflight flag.
True if this request is a third party in respect to the top-level window.
Note that this doesn't consider the parent window. I.e. It will still return false even in the case that the parent is cross-origin but the top-level is same-origin.
This value would be set during opening the channel in parent and propagate to the channel in the content.
Readonly isReturns true if this load is for top level document. Note that the load for a sub-frame's document will return false here.
True if this request is known to have been triggered by a user manually requesting the URI to be saved.
Readonly loadReturns true if SEC_LOAD_ERROR_PAGE is set.
Returns true if the load was triggered from an external application (e.g. Thunderbird). Please note that this flag will only ever be true if the load is of TYPE_DOCUMENT.
Readonly loadingFor all loads except loads of TYPE_DOCUMENT, the loadingContext simply returns the loadingNode. For loads of TYPE_DOCUMENT this will return the context available for top-level loads which do not have a loadingNode.
Readonly loadingThis is the ownerDocument of the LoadingNode. Unless the LoadingNode is a Document, in which case the LoadingDocument is the same as the LoadingNode.
For top-level loads, and for loads originating from workers, the LoadingDocument is null. When the LoadingDocument is not null, the LoadingPrincipal is set to the principal of the LoadingDocument.
This attribute is the loading context's cross origin embedder policy. The value is initialized with corresponding WindowContext which get by innerWindowIID in the nsILoadInfo. It also could be set by workers when fetch is called under the workers' scope.
Readonly loadingThis is the principal of the network request's caller/requester where the resulting resource will be used. I.e. it is the principal which will get access to the result of the request. (Where "get access to" might simply mean "embed" depending on the type of resource that is loaded).
For example for an image, it is the principal of the document where the image is rendered. For a stylesheet it is the principal of the document where the stylesheet will be applied.
So if document at http://a.com/page.html loads an image from http://b.com/pic.jpg, then loadingPrincipal will be http://a.com/page.html.
For
The LoadInfo object contains information about a network load, why it was started, and how we plan on using the resulting response. If a network request is redirected, the new channel will receive a new LoadInfo object. The new object will contain mostly the same information as the pre-redirect one, but updated as appropriate. For detailed information about what parts of LoadInfo are updated on redirect, see documentation on individual properties.